@civic/auth 0.2.5-alpha.3 → 0.2.5

package/dist/src/lib/oauth.js

@@ -0,0 +1,61 @@
+import { v4 as uuid } from "uuid";
+const getIssuerVariations = (issuer) => {
+    const issuerWithoutSlash = issuer.endsWith("/")
+        ? issuer.slice(0, issuer.length - 1)
+        : issuer;
+    const issuerWithSlash = `${issuerWithoutSlash}/`;
+    return [issuerWithoutSlash, issuerWithSlash];
+};
+const addSlashIfNeeded = (url) => url.endsWith("/") ? url : `${url}/`;
+const getOauthEndpoints = async (oauthServer) => {
+    const openIdConfigResponse = await fetch(`${addSlashIfNeeded(oauthServer)}.well-known/openid-configuration`);
+    const openIdConfig = (await openIdConfigResponse.json());
+    return {
+        jwks: openIdConfig.jwks_uri,
+        auth: openIdConfig.authorization_endpoint,
+        token: openIdConfig.token_endpoint,
+        userinfo: openIdConfig.userinfo_endpoint,
+        endsession: openIdConfig.end_session_endpoint,
+    };
+};
+/**
+ * creates a state string for the OAuth2 flow, encoding the display mode too for future use
+ * @param {DisplayMode} displayMode
+ * @returns {string}
+ */
+const generateState = (displayMode, serverTokenExchange) => {
+    const jsonString = JSON.stringify({
+        uuid: uuid(),
+        displayMode,
+        ...(serverTokenExchange ? { serverTokenExchange } : {}),
+    });
+    return btoa(jsonString);
+};
+/**
+ * parses the state string from the OAuth2 flow, decoding the display mode too
+ * @param state
+ * @param sessionDisplayMode
+ * @returns { uuid: string, displayMode: DisplayMode }
+ */
+const displayModeFromState = (state, sessionDisplayMode) => {
+    try {
+        const jsonString = atob(state);
+        return JSON.parse(jsonString).displayMode;
+    }
+    catch (e) {
+        console.error("Failed to parse displayMode from state:", state, e);
+        return sessionDisplayMode;
+    }
+};
+const serverTokenExchangeFromState = (state) => {
+    try {
+        const jsonString = atob(state);
+        return JSON.parse(jsonString).serverTokenExchange;
+    }
+    catch {
+        console.error("Failed to parse serverTokenExchange from state:", state);
+        return undefined;
+    }
+};
+export { serverTokenExchangeFromState, getIssuerVariations, getOauthEndpoints, displayModeFromState, generateState, };
+//# sourceMappingURL=oauth.js.map

package/dist/src/lib/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../../src/lib/oauth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,EAAE,IAAI,IAAI,EAAE,MAAM,MAAM,CAAC;AAElC,MAAM,mBAAmB,GAAG,CAAC,MAAc,EAAY,EAAE;IACvD,MAAM,kBAAkB,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC7C,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;QACpC,CAAC,CAAC,MAAM,CAAC;IAEX,MAAM,eAAe,GAAG,GAAG,kBAAkB,GAAG,CAAC;IAEjD,OAAO,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;AAC/C,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,GAAW,EAAU,EAAE,CAC/C,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAEtC,MAAM,iBAAiB,GAAG,KAAK,EAAE,WAAmB,EAAsB,EAAE;IAC1E,MAAM,oBAAoB,GAAG,MAAM,KAAK,CACtC,GAAG,gBAAgB,CAAC,WAAW,CAAC,kCAAkC,CACnE,CAAC;IACF,MAAM,YAAY,GAChB,CAAC,MAAM,oBAAoB,CAAC,IAAI,EAAE,CAAwB,CAAC;IAC7D,OAAO;QACL,IAAI,EAAE,YAAY,CAAC,QAAQ;QAC3B,IAAI,EAAE,YAAY,CAAC,sBAAsB;QACzC,KAAK,EAAE,YAAY,CAAC,cAAc;QAClC,QAAQ,EAAE,YAAY,CAAC,iBAAiB;QACxC,UAAU,EAAE,YAAY,CAAC,oBAAoB;KAC9C,CAAC;AACJ,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,aAAa,GAAG,CACpB,WAAwB,EACxB,mBAA6B,EACrB,EAAE;IACV,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;QAChC,IAAI,EAAE,IAAI,EAAE;QACZ,WAAW;QACX,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxD,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC;AAC1B,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,oBAAoB,GAAG,CAC3B,KAAa,EACb,kBAA2C,EAClB,EAAE;IAC3B,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,WAAW,CAAC;IAC5C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QACnE,OAAO,kBAAkB,CAAC;IAC5B,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,4BAA4B,GAAG,CAAC,KAAa,EAAuB,EAAE;IAC1E,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,mBAAmB,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,KAAK,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF,OAAO,EACL,4BAA4B,EAC5B,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,GACd,CAAC","sourcesContent":["import type { DisplayMode, Endpoints, OpenIdConfiguration } from \"@/types.js\";\nimport { v4 as uuid } from \"uuid\";\n\nconst getIssuerVariations = (issuer: string): string[] => {\n  const issuerWithoutSlash = issuer.endsWith(\"/\")\n    ? issuer.slice(0, issuer.length - 1)\n    : issuer;\n\n  const issuerWithSlash = `${issuerWithoutSlash}/`;\n\n  return [issuerWithoutSlash, issuerWithSlash];\n};\n\nconst addSlashIfNeeded = (url: string): string =>\n  url.endsWith(\"/\") ? url : `${url}/`;\n\nconst getOauthEndpoints = async (oauthServer: string): Promise<Endpoints> => {\n  const openIdConfigResponse = await fetch(\n    `${addSlashIfNeeded(oauthServer)}.well-known/openid-configuration`,\n  );\n  const openIdConfig =\n    (await openIdConfigResponse.json()) as OpenIdConfiguration;\n  return {\n    jwks: openIdConfig.jwks_uri,\n    auth: openIdConfig.authorization_endpoint,\n    token: openIdConfig.token_endpoint,\n    userinfo: openIdConfig.userinfo_endpoint,\n    endsession: openIdConfig.end_session_endpoint,\n  };\n};\n\n/**\n * creates a state string for the OAuth2 flow, encoding the display mode too for future use\n * @param {DisplayMode} displayMode\n * @returns {string}\n */\nconst generateState = (\n  displayMode: DisplayMode,\n  serverTokenExchange?: boolean,\n): string => {\n  const jsonString = JSON.stringify({\n    uuid: uuid(),\n    displayMode,\n    ...(serverTokenExchange ? { serverTokenExchange } : {}),\n  });\n  return btoa(jsonString);\n};\n\n/**\n * parses the state string from the OAuth2 flow, decoding the display mode too\n * @param state\n * @param sessionDisplayMode\n * @returns { uuid: string, displayMode: DisplayMode }\n */\nconst displayModeFromState = (\n  state: string,\n  sessionDisplayMode: DisplayMode | undefined,\n): DisplayMode | undefined => {\n  try {\n    const jsonString = atob(state);\n    return JSON.parse(jsonString).displayMode;\n  } catch (e) {\n    console.error(\"Failed to parse displayMode from state:\", state, e);\n    return sessionDisplayMode;\n  }\n};\n\nconst serverTokenExchangeFromState = (state: string): boolean | undefined => {\n  try {\n    const jsonString = atob(state);\n    return JSON.parse(jsonString).serverTokenExchange;\n  } catch {\n    console.error(\"Failed to parse serverTokenExchange from state:\", state);\n    return undefined;\n  }\n};\n\nexport {\n  serverTokenExchangeFromState,\n  getIssuerVariations,\n  getOauthEndpoints,\n  displayModeFromState,\n  generateState,\n};\n"]}

package/dist/src/lib/obj.d.ts

@@ -0,0 +1,3 @@
+declare const objectsAreEqual: (obj1: Record<string, unknown> | null | undefined, obj2: Record<string, unknown> | null | undefined) => boolean;
+export { objectsAreEqual };
+//# sourceMappingURL=obj.d.ts.map

package/dist/src/lib/obj.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"obj.d.ts","sourceRoot":"","sources":["../../../src/lib/obj.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,eAAe,SACb,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,QAC1C,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,KAC/C,OAiBF,CAAC;AACF,OAAO,EAAE,eAAe,EAAE,CAAC"}

package/dist/src/lib/obj.js

@@ -0,0 +1,18 @@
+const objectsAreEqual = (obj1, obj2) => {
+    if (obj1 === obj2)
+        return true;
+    if ((obj1 && !obj2) || (obj2 && !obj1)) {
+        return false;
+    }
+    const keys1 = obj1 ? Object.keys(obj1) : [];
+    const keys2 = obj2 ? Object.keys(obj2) : [];
+    if (keys1.length !== keys2.length)
+        return false;
+    for (const key of keys1) {
+        if ((obj1 || {})[key] !== (obj2 || {})[key])
+            return false;
+    }
+    return true;
+};
+export { objectsAreEqual };
+//# sourceMappingURL=obj.js.map

package/dist/src/lib/obj.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"obj.js","sourceRoot":"","sources":["../../../src/lib/obj.ts"],"names":[],"mappings":"AAAA,MAAM,eAAe,GAAG,CACtB,IAAgD,EAChD,IAAgD,EACvC,EAAE;IACX,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAE/B,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE5C,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAEhD,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;IAC5D,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AACF,OAAO,EAAE,eAAe,EAAE,CAAC","sourcesContent":["const objectsAreEqual = (\n  obj1: Record<string, unknown> | null | undefined,\n  obj2: Record<string, unknown> | null | undefined,\n): boolean => {\n  if (obj1 === obj2) return true;\n\n  if ((obj1 && !obj2) || (obj2 && !obj1)) {\n    return false;\n  }\n\n  const keys1 = obj1 ? Object.keys(obj1) : [];\n  const keys2 = obj2 ? Object.keys(obj2) : [];\n\n  if (keys1.length !== keys2.length) return false;\n\n  for (const key of keys1) {\n    if ((obj1 || {})[key] !== (obj2 || {})[key]) return false;\n  }\n\n  return true;\n};\nexport { objectsAreEqual };\n"]}

package/dist/src/lib/postMessage.d.ts

@@ -0,0 +1,4 @@
+import type { LoginPostMessage } from "@/types.js";
+declare const validateLoginAppPostMessage: (event: LoginPostMessage, clientId: string) => boolean;
+export { validateLoginAppPostMessage };
+//# sourceMappingURL=postMessage.d.ts.map

package/dist/src/lib/postMessage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"postMessage.d.ts","sourceRoot":"","sources":["../../../src/lib/postMessage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD,QAAA,MAAM,2BAA2B,UACxB,gBAAgB,YACb,MAAM,KACf,OAcF,CAAC;AAEF,OAAO,EAAE,2BAA2B,EAAE,CAAC"}

package/dist/src/lib/postMessage.js

@@ -0,0 +1,15 @@
+const validateLoginAppPostMessage = (event, clientId) => {
+    const caseEvent = event;
+    // console.log("caseEvent", caseEvent);
+    if (!caseEvent.clientId ||
+        !caseEvent.data.url ||
+        !caseEvent.source ||
+        !caseEvent.type ||
+        caseEvent.clientId !== clientId ||
+        caseEvent.source !== "civicloginApp") {
+        return false;
+    }
+    return true;
+};
+export { validateLoginAppPostMessage };
+//# sourceMappingURL=postMessage.js.map

package/dist/src/lib/postMessage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"postMessage.js","sourceRoot":"","sources":["../../../src/lib/postMessage.ts"],"names":[],"mappings":"AAEA,MAAM,2BAA2B,GAAG,CAClC,KAAuB,EACvB,QAAgB,EACP,EAAE;IACX,MAAM,SAAS,GAAG,KAAyB,CAAC;IAC5C,uCAAuC;IACvC,IACE,CAAC,SAAS,CAAC,QAAQ;QACnB,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG;QACnB,CAAC,SAAS,CAAC,MAAM;QACjB,CAAC,SAAS,CAAC,IAAI;QACf,SAAS,CAAC,QAAQ,KAAK,QAAQ;QAC/B,SAAS,CAAC,MAAM,KAAK,eAAe,EACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,OAAO,EAAE,2BAA2B,EAAE,CAAC","sourcesContent":["import type { LoginPostMessage } from \"@/types.js\";\n\nconst validateLoginAppPostMessage = (\n  event: LoginPostMessage,\n  clientId: string,\n): boolean => {\n  const caseEvent = event as LoginPostMessage;\n  // console.log(\"caseEvent\", caseEvent);\n  if (\n    !caseEvent.clientId ||\n    !caseEvent.data.url ||\n    !caseEvent.source ||\n    !caseEvent.type ||\n    caseEvent.clientId !== clientId ||\n    caseEvent.source !== \"civicloginApp\"\n  ) {\n    return false;\n  }\n  return true;\n};\n\nexport { validateLoginAppPostMessage };\n"]}

package/dist/src/lib/windowUtil.d.ts

@@ -0,0 +1,4 @@
+declare const isWindowInIframe: (window: Window) => boolean;
+declare const removeParamsWithoutReload: (paramsToRemove: string[]) => void;
+export { isWindowInIframe, removeParamsWithoutReload };
+//# sourceMappingURL=windowUtil.d.ts.map

package/dist/src/lib/windowUtil.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"windowUtil.d.ts","sourceRoot":"","sources":["../../../src/lib/windowUtil.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,gBAAgB,WAAY,MAAM,KAAG,OAc1C,CAAC;AAEF,QAAA,MAAM,yBAAyB,mBAAoB,MAAM,EAAE,SAW1D,CAAC;AAEF,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,CAAC"}

package/dist/src/lib/windowUtil.js

@@ -0,0 +1,31 @@
+const isWindowInIframe = (window) => {
+    if (typeof window !== "undefined") {
+        // use the window width to determine if we're in an iframe or not
+        try {
+            if (window?.frameElement?.id === "civic-auth-iframe") {
+                return true;
+            }
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        }
+        catch (_e) {
+            // If we get an error, we're not in an iframe
+            return false;
+        }
+    }
+    return false;
+};
+const removeParamsWithoutReload = (paramsToRemove) => {
+    const url = new URL(window.location.href);
+    paramsToRemove.forEach((param) => {
+        url.searchParams.delete(param);
+    });
+    try {
+        window.history.replaceState({}, "", url);
+        window.dispatchEvent(new Event("popstate"));
+    }
+    catch (error) {
+        console.warn("window.history.replaceState failed", error);
+    }
+};
+export { isWindowInIframe, removeParamsWithoutReload };
+//# sourceMappingURL=windowUtil.js.map

package/dist/src/lib/windowUtil.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"windowUtil.js","sourceRoot":"","sources":["../../../src/lib/windowUtil.ts"],"names":[],"mappings":"AAAA,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAW,EAAE;IACnD,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,iEAAiE;QACjE,IAAI,CAAC;YACH,IAAI,MAAM,EAAE,YAAY,EAAE,EAAE,KAAK,mBAAmB,EAAE,CAAC;gBACrD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,6DAA6D;QAC/D,CAAC;QAAC,OAAO,EAAE,EAAE,CAAC;YACZ,6CAA6C;YAC7C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAAC,cAAwB,EAAE,EAAE;IAC7D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC1C,cAAc,CAAC,OAAO,CAAC,CAAC,KAAa,EAAE,EAAE;QACvC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QACzC,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC,CAAC;AAEF,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,CAAC","sourcesContent":["const isWindowInIframe = (window: Window): boolean => {\n  if (typeof window !== \"undefined\") {\n    // use the window width to determine if we're in an iframe or not\n    try {\n      if (window?.frameElement?.id === \"civic-auth-iframe\") {\n        return true;\n      }\n      // eslint-disable-next-line @typescript-eslint/no-unused-vars\n    } catch (_e) {\n      // If we get an error, we're not in an iframe\n      return false;\n    }\n  }\n  return false;\n};\n\nconst removeParamsWithoutReload = (paramsToRemove: string[]) => {\n  const url = new URL(window.location.href);\n  paramsToRemove.forEach((param: string) => {\n    url.searchParams.delete(param);\n  });\n  try {\n    window.history.replaceState({}, \"\", url);\n    window.dispatchEvent(new Event(\"popstate\"));\n  } catch (error) {\n    console.warn(\"window.history.replaceState failed\", error);\n  }\n};\n\nexport { isWindowInIframe, removeParamsWithoutReload };\n"]}

package/dist/src/nextjs/GetUser.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Used on the server-side to get the user object from the cookie
+ */
+import type { User } from "@/types.js";
+export declare const getUser: () => Promise<User | null>;
+//# sourceMappingURL=GetUser.d.ts.map

package/dist/src/nextjs/GetUser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GetUser.d.ts","sourceRoot":"","sources":["../../../src/nextjs/GetUser.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAIvC,eAAO,MAAM,OAAO,QAAa,OAAO,CAAC,IAAI,GAAG,IAAI,CAGnD,CAAC"}

package/dist/src/nextjs/GetUser.js

@@ -0,0 +1,7 @@
+import { NextjsClientStorage } from "@/nextjs/cookies.js";
+import { getUser as getSessionUser } from "@/shared/lib/session.js";
+export const getUser = async () => {
+    const clientStorage = new NextjsClientStorage();
+    return getSessionUser(clientStorage);
+};
+//# sourceMappingURL=GetUser.js.map

package/dist/src/nextjs/GetUser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GetUser.js","sourceRoot":"","sources":["../../../src/nextjs/GetUser.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAEpE,MAAM,CAAC,MAAM,OAAO,GAAG,KAAK,IAA0B,EAAE;IACtD,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAChD,OAAO,cAAc,CAAC,aAAa,CAAC,CAAC;AACvC,CAAC,CAAC","sourcesContent":["/**\n * Used on the server-side to get the user object from the cookie\n */\nimport type { User } from \"@/types.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies.js\";\nimport { getUser as getSessionUser } from \"@/shared/lib/session.js\";\n\nexport const getUser = async (): Promise<User | null> => {\n  const clientStorage = new NextjsClientStorage();\n  return getSessionUser(clientStorage);\n};\n"]}

package/dist/src/nextjs/config.d.ts

@@ -0,0 +1,181 @@
+import type { NextConfig } from "next";
+import { type CookieConfig, type TokensCookieConfig } from "@/shared/lib/types.js";
+export type CookiesConfigObject = {
+    tokens: TokensCookieConfig;
+    user: CookieConfig;
+};
+export type AuthConfigWithDefaults = {
+    clientId: string;
+    oauthServer: string;
+    callbackUrl: string;
+    loginUrl: string;
+    logoutUrl: string;
+    logoutCallbackUrl: string;
+    challengeUrl: string;
+    include: string[];
+    exclude: string[];
+    cookies: CookiesConfigObject;
+};
+export type AuthConfig = Partial<AuthConfigWithDefaults>;
+export type DefinedAuthConfig = AuthConfigWithDefaults;
+/**
+ * Default configuration values that will be used if not overridden
+ */
+export declare const defaultAuthConfig: Omit<AuthConfigWithDefaults, "clientId">;
+/**
+ * Resolves the authentication configuration by combining:
+ * 1. Default values
+ * 2. Environment variables (set internally by the plugin)
+ * 3. Explicitly passed configuration
+ *
+ * Note: Developers should not set _civic_auth_* environment variables directly.
+ * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   callbackUrl: '/custom/callback',
+ * })
+ * ```
+ */
+export declare const resolveAuthConfig: (config?: AuthConfig) => AuthConfigWithDefaults;
+/**
+ * Creates a Next.js plugin that handles auth configuration.
+ *
+ * This is the main configuration point for the auth system.
+ * Do not set _civic_auth_* environment variables directly - instead,
+ * pass your configuration here:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   clientId: 'my-client-id',
+ *   callbackUrl: '/custom/callback',
+ *   loginUrl: '/custom/login',
+ *   logoutUrl: '/custom/logout',
+ *   logoutCallbackUrl: '/custom/logoutcallback',
+ *   include: ['/protected/*'],
+ *   exclude: ['/public/*']
+ * })
+ * ```
+ *
+ * The plugin sets internal environment variables that are used by
+ * the auth system. These variables should not be set manually.
+ */
+export declare const createCivicAuthPlugin: (authConfig: AuthConfig & Pick<Required<AuthConfig>, "clientId">) => (nextConfig?: NextConfig) => {
+    env: {
+        _civic_auth_client_id: string;
+        _civic_oauth_server: string;
+        _civic_auth_callback_url: string;
+        _civic_auth_challenge_url: string;
+        _civic_auth_login_url: string;
+        _civic_auth_logout_url: string;
+        _civic_auth_logout_callback_url: string;
+        _civic_auth_includes: string;
+        _civic_auth_excludes: string;
+        _civic_auth_cookie_config: string;
+    };
+    exportPathMap?: (defaultMap: import("next/dist/server/config-shared.js").ExportPathMap, ctx: {
+        dev: boolean;
+        dir: string;
+        outDir: string | null;
+        distDir: string;
+        buildId: string;
+    }) => Promise<import("next/dist/server/config-shared.js").ExportPathMap> | import("next/dist/server/config-shared.js").ExportPathMap;
+    i18n?: import("next/dist/server/config-shared.js").I18NConfig | null;
+    eslint?: import("next/dist/server/config-shared.js").ESLintConfig;
+    typescript?: import("next/dist/server/config-shared.js").TypeScriptConfig;
+    headers?: () => Promise<import("next/dist/lib/load-custom-routes.js").Header[]>;
+    rewrites?: () => Promise<import("next/dist/lib/load-custom-routes.js").Rewrite[] | {
+        beforeFiles: import("next/dist/lib/load-custom-routes.js").Rewrite[];
+        afterFiles: import("next/dist/lib/load-custom-routes.js").Rewrite[];
+        fallback: import("next/dist/lib/load-custom-routes.js").Rewrite[];
+    }>;
+    redirects?: () => Promise<import("next/dist/lib/load-custom-routes.js").Redirect[]>;
+    excludeDefaultMomentLocales?: boolean;
+    webpack?: import("next/dist/server/config-shared.js").NextJsWebpackConfig | null;
+    trailingSlash?: boolean;
+    distDir?: string;
+    cleanDistDir?: boolean;
+    assetPrefix?: string;
+    cacheHandler?: string | undefined;
+    cacheMaxMemorySize?: number;
+    useFileSystemPublicRoutes?: boolean;
+    generateBuildId?: () => string | null | Promise<string | null>;
+    generateEtags?: boolean;
+    pageExtensions?: string[];
+    compress?: boolean;
+    analyticsId?: string;
+    poweredByHeader?: boolean;
+    images?: import("next/dist/shared/lib/image-config.js").ImageConfig;
+    devIndicators?: {
+        buildActivity?: boolean;
+        buildActivityPosition?: "bottom-right" | "bottom-left" | "top-right" | "top-left";
+    };
+    onDemandEntries?: {
+        maxInactiveAge?: number;
+        pagesBufferLength?: number;
+    };
+    amp?: {
+        canonicalBase?: string;
+    };
+    deploymentId?: string;
+    basePath?: string;
+    sassOptions?: {
+        [key: string]: any;
+    };
+    productionBrowserSourceMaps?: boolean;
+    optimizeFonts?: boolean;
+    reactProductionProfiling?: boolean;
+    reactStrictMode?: boolean | null;
+    publicRuntimeConfig?: {
+        [key: string]: any;
+    };
+    serverRuntimeConfig?: {
+        [key: string]: any;
+    };
+    httpAgentOptions?: {
+        keepAlive?: boolean;
+    };
+    outputFileTracing?: boolean;
+    staticPageGenerationTimeout?: number;
+    crossOrigin?: "anonymous" | "use-credentials";
+    swcMinify?: boolean;
+    compiler?: {
+        reactRemoveProperties?: boolean | {
+            properties?: string[];
+        };
+        relay?: {
+            src: string;
+            artifactDirectory?: string;
+            language?: "typescript" | "javascript" | "flow";
+            eagerEsModules?: boolean;
+        };
+        removeConsole?: boolean | {
+            exclude?: string[];
+        };
+        styledComponents?: boolean | import("next/dist/server/config-shared.js").StyledComponentsConfig;
+        emotion?: boolean | import("next/dist/server/config-shared.js").EmotionConfig;
+        styledJsx?: boolean | {
+            useLightningcss?: boolean;
+        };
+    };
+    output?: "standalone" | "export";
+    transpilePackages?: string[];
+    skipMiddlewareUrlNormalize?: boolean;
+    skipTrailingSlashRedirect?: boolean;
+    modularizeImports?: Record<string, {
+        transform: string | Record<string, string>;
+        preventFullImport?: boolean;
+        skipDefaultConversion?: boolean;
+    }>;
+    logging?: {
+        fetches?: {
+            fullUrl?: boolean;
+        };
+    };
+    experimental?: import("next/dist/server/config-shared.js").ExperimentalConfig;
+};
+//# sourceMappingURL=config.d.ts.map

package/dist/src/nextjs/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EAEL,KAAK,YAAY,EAEjB,KAAK,kBAAkB,EACxB,MAAM,uBAAuB,CAAC;AAK/B,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,kBAAkB,CAAC;IAC3B,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAAC;AAEzD,MAAM,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AAGvD;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,sBAAsB,EAAE,UAAU,CA8DtE,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,iBAAiB,YACpB,UAAU,KACjB,sBA2CF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,qBAAqB,eACpB,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,mBAE1C,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAyBk9a,CAAC;6BAAsG,CAAC;;;sBAAke,CAAC;yBAA4H,CAAC;;;qBAA+H,CAAC;;;;;;;;;;;;;;;;;;iBAA8pE,CAAC;;;;;;;6BAAg6C,CAAC;sBAAoC,CAAC;;aAAoC,CAAC;;6BAA0D,CAAC;oBAA8B,CAAC;0BAAkE,CAAC;;qBAA2C,CAAC;mBAAiC,CAAC;;wBAA+C,CAAC;eAAmD,CAAC;iBAA4C,CAAC;2BAAyC,CAAC;;;;;;;;;yBAA4zC,CAAC;6BAAwC,CAAC;;;eAAkD,CAAC;mBAAuB,CAAC;;;;CAD3xnB,CAAC"}

package/dist/src/nextjs/config.js

@@ -0,0 +1,177 @@
+import { loggers } from "@/lib/logger.js";
+import { withoutUndefined } from "@/utils.js";
+import { CodeVerifier, OAuthTokens, } from "@/shared/lib/types.js";
+import { DEFAULT_AUTH_SERVER } from "@/constants.js";
+const logger = loggers.nextjs.handlers.auth;
+const defaultServerSecure = !(process.env.NODE_ENV === "development");
+/**
+ * Default configuration values that will be used if not overridden
+ */
+export const defaultAuthConfig = {
+    oauthServer: DEFAULT_AUTH_SERVER,
+    callbackUrl: "/api/auth/callback",
+    challengeUrl: "/api/auth/challenge",
+    logoutUrl: "/api/auth/logout",
+    logoutCallbackUrl: "/api/auth/logoutcallback",
+    loginUrl: "/",
+    include: ["/*"],
+    exclude: [],
+    cookies: {
+        tokens: {
+            [OAuthTokens.ID_TOKEN]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [OAuthTokens.ACCESS_TOKEN]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [OAuthTokens.REFRESH_TOKEN]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [OAuthTokens.EXPIRES_IN]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [OAuthTokens.TIMESTAMP]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [CodeVerifier.COOKIE_NAME]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [CodeVerifier.APP_URL]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+        },
+        user: {
+            secure: defaultServerSecure,
+            httpOnly: false,
+            sameSite: "strict",
+            path: "/",
+            maxAge: 60 * 60, // 1 hour
+        },
+    },
+};
+/**
+ * Resolves the authentication configuration by combining:
+ * 1. Default values
+ * 2. Environment variables (set internally by the plugin)
+ * 3. Explicitly passed configuration
+ *
+ * Note: Developers should not set _civic_auth_* environment variables directly.
+ * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   callbackUrl: '/custom/callback',
+ * })
+ * ```
+ */
+export const resolveAuthConfig = (config = {}) => {
+    // Read configuration that was set by the plugin via environment variables
+    const configFromEnv = withoutUndefined({
+        clientId: process.env._civic_auth_client_id,
+        oauthServer: process.env._civic_oauth_server,
+        callbackUrl: process.env._civic_auth_callback_url,
+        challengeUrl: process.env._civic_auth_challenge_url,
+        loginUrl: process.env._civic_auth_login_url,
+        logoutUrl: process.env._civic_auth_logout_url,
+        logoutCallbackUrl: process.env._civic_auth_logout_callback_url,
+        include: process.env._civic_auth_includes?.split(","),
+        exclude: process.env._civic_auth_excludes?.split(","),
+        cookies: process.env._civic_auth_cookie_config
+            ? JSON.parse(process.env._civic_auth_cookie_config)
+            : undefined,
+    });
+    const mergedConfig = {
+        ...defaultAuthConfig,
+        ...configFromEnv, // Apply plugin-set config
+        ...config, // Override with directly passed config
+        cookies: {
+            tokens: {
+                ...defaultAuthConfig.cookies.tokens,
+                ...(configFromEnv?.cookies?.tokens || {}),
+                ...(config.cookies?.tokens || {}),
+            },
+            user: {
+                ...defaultAuthConfig.cookies.user,
+                ...(configFromEnv?.cookies?.user || {}),
+                ...(config.cookies?.user || {}),
+            },
+        },
+    };
+    logger.debug("Config from environment:", JSON.stringify(configFromEnv, null, 2));
+    logger.debug("Resolved config:", JSON.stringify(mergedConfig, null, 2));
+    if (mergedConfig.clientId === undefined) {
+        throw new Error("Civic Auth client ID is required");
+    }
+    return mergedConfig;
+};
+/**
+ * Creates a Next.js plugin that handles auth configuration.
+ *
+ * This is the main configuration point for the auth system.
+ * Do not set _civic_auth_* environment variables directly - instead,
+ * pass your configuration here:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   clientId: 'my-client-id',
+ *   callbackUrl: '/custom/callback',
+ *   loginUrl: '/custom/login',
+ *   logoutUrl: '/custom/logout',
+ *   logoutCallbackUrl: '/custom/logoutcallback',
+ *   include: ['/protected/*'],
+ *   exclude: ['/public/*']
+ * })
+ * ```
+ *
+ * The plugin sets internal environment variables that are used by
+ * the auth system. These variables should not be set manually.
+ */
+export const createCivicAuthPlugin = (authConfig) => {
+    return (nextConfig) => {
+        logger.debug("createCivicAuthPlugin nextConfig", JSON.stringify(nextConfig, null, 2));
+        const resolvedConfig = resolveAuthConfig({ ...authConfig });
+        return {
+            ...nextConfig,
+            env: {
+                ...nextConfig?.env,
+                // Internal environment variables - do not set these manually
+                _civic_auth_client_id: resolvedConfig.clientId,
+                _civic_oauth_server: resolvedConfig.oauthServer,
+                _civic_auth_callback_url: resolvedConfig.callbackUrl,
+                _civic_auth_challenge_url: resolvedConfig.challengeUrl,
+                _civic_auth_login_url: resolvedConfig.loginUrl,
+                _civic_auth_logout_url: resolvedConfig.logoutUrl,
+                _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,
+                _civic_auth_includes: resolvedConfig.include.join(","),
+                _civic_auth_excludes: resolvedConfig.exclude.join(","),
+                _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),
+            },
+        };
+    };
+};
+//# sourceMappingURL=config.js.map

package/dist/src/nextjs/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,YAAY,EAEZ,WAAW,GAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAwB5C,MAAM,mBAAmB,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC;AACtE;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,oBAAoB;IACjC,YAAY,EAAE,qBAAqB;IACnC,SAAS,EAAE,kBAAkB;IAC7B,iBAAiB,EAAE,0BAA0B;IAC7C,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,CAAC,IAAI,CAAC;IACf,OAAO,EAAE,EAAE;IACX,OAAO,EAAE;QACP,MAAM,EAAE;YACN,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE;gBAC3B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;gBACxB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;gBACvB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;SACF;QACD,IAAI,EAAE;YACJ,MAAM,EAAE,mBAAmB;YAC3B,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,SAAS;SAC3B;KACF;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAAqB,EAAE,EACC,EAAE;IAC1B,0EAA0E;IAC1E,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B;QAC9D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACnD,CAAC,CAAC,SAAS;KACd,CAAe,CAAC;IACjB,MAAM,YAAY,GAAG;QACnB,GAAG,iBAAiB;QACpB,GAAG,aAAa,EAAE,0BAA0B;QAC5C,GAAG,MAAM,EAAE,uCAAuC;QAClD,OAAO,EAAE;YACP,MAAM,EAAE;gBACN,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM;gBACnC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;aAClC;YACD,IAAI,EAAE;gBACJ,GAAG,iBAAiB,CAAC,OAAO,CAAC,IAAI;gBACjC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;gBACvC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;aAChC;SACF;KACF,CAAC;IAEF,MAAM,CAAC,KAAK,CACV,0BAA0B,EAC1B,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CACvC,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,UAA+D,EAC/D,EAAE;IACF,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QACF,MAAM,cAAc,GAAG,iBAAiB,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;QAC5D,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,+BAA+B,EAAE,cAAc,CAAC,iBAAiB;gBACjE,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;aAClE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars */\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n  CodeVerifier,\n  type CookieConfig,\n  OAuthTokens,\n  type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type CookiesConfigObject = {\n  tokens: TokensCookieConfig;\n  user: CookieConfig;\n};\n\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string;\n  loginUrl: string;\n  logoutUrl: string;\n  logoutCallbackUrl: string;\n  challengeUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: CookiesConfigObject;\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\nconst defaultServerSecure = !(process.env.NODE_ENV === \"development\");\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: DEFAULT_AUTH_SERVER,\n  callbackUrl: \"/api/auth/callback\",\n  challengeUrl: \"/api/auth/challenge\",\n  logoutUrl: \"/api/auth/logout\",\n  logoutCallbackUrl: \"/api/auth/logoutcallback\",\n  loginUrl: \"/\",\n  include: [\"/*\"],\n  exclude: [],\n  cookies: {\n    tokens: {\n      [OAuthTokens.ID_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.ACCESS_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.REFRESH_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.EXPIRES_IN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.TIMESTAMP]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [CodeVerifier.COOKIE_NAME]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [CodeVerifier.APP_URL]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n    },\n    user: {\n      secure: defaultServerSecure,\n      httpOnly: false,\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n  },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: AuthConfig = {},\n): AuthConfigWithDefaults => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    logoutCallbackUrl: process.env._civic_auth_logout_callback_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n  }) as AuthConfig;\n  const mergedConfig = {\n    ...defaultAuthConfig,\n    ...configFromEnv, // Apply plugin-set config\n    ...config, // Override with directly passed config\n    cookies: {\n      tokens: {\n        ...defaultAuthConfig.cookies.tokens,\n        ...(configFromEnv?.cookies?.tokens || {}),\n        ...(config.cookies?.tokens || {}),\n      },\n      user: {\n        ...defaultAuthConfig.cookies.user,\n        ...(configFromEnv?.cookies?.user || {}),\n        ...(config.cookies?.user || {}),\n      },\n    },\n  };\n\n  logger.debug(\n    \"Config from environment:\",\n    JSON.stringify(configFromEnv, null, 2),\n  );\n  logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   logoutCallbackUrl: '/custom/logoutcallback',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n  authConfig: AuthConfig & Pick<Required<AuthConfig>, \"clientId\">,\n) => {\n  return (nextConfig?: NextConfig) => {\n    logger.debug(\n      \"createCivicAuthPlugin nextConfig\",\n      JSON.stringify(nextConfig, null, 2),\n    );\n    const resolvedConfig = resolveAuthConfig({ ...authConfig });\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: resolvedConfig.clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n      },\n    };\n  };\n};\n"]}

package/dist/src/nextjs/cookies.d.ts

@@ -0,0 +1,30 @@
+import type { SessionData, UnknownObject, User } from "@/types.js";
+import type { AuthConfig } from "@/nextjs/config.js";
+import type { CodeVerifier, OAuthTokens, TokensCookieConfig } from "@/shared/lib/types.js";
+import { CookieStorage, type CookieStorageSettings } from "@/shared/lib/storage.js";
+/**
+ * Creates HTTP-only cookies for authentication tokens
+ */
+declare const createTokenCookies: (response: Response, sessionData: SessionData, config: AuthConfig) => void;
+/**
+ * Creates a client-readable cookie with user info
+ */
+declare const createUserInfoCookie: (response: Response, user: User<UnknownObject> | null, sessionData: SessionData, config: AuthConfig) => void;
+/**
+ * Clears all authentication cookies
+ */
+declare const clearAuthCookies: (config: AuthConfig) => Promise<void>;
+type KeySetter = OAuthTokens | CodeVerifier;
+declare class NextjsCookieStorage extends CookieStorage {
+    readonly config: Partial<TokensCookieConfig>;
+    constructor(config?: Partial<TokensCookieConfig>);
+    get(key: string): Promise<string | null>;
+    set(key: KeySetter, value: string): Promise<void>;
+}
+declare class NextjsClientStorage extends CookieStorage {
+    constructor(config?: Partial<CookieStorageSettings>);
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<void>;
+}
+export { createTokenCookies, createUserInfoCookie, clearAuthCookies, NextjsCookieStorage, NextjsClientStorage, };
+//# sourceMappingURL=cookies.d.ts.map

package/dist/src/nextjs/cookies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAIrD,OAAO,KAAK,EACV,YAAY,EAEZ,WAAW,EACX,kBAAkB,EACnB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,aAAa,EACb,KAAK,qBAAqB,EAC3B,MAAM,yBAAyB,CAAC;AAEjC;;GAEG;AACH,QAAA,MAAM,kBAAkB,aACZ,QAAQ,eACL,WAAW,UAChB,UAAU,SA4BnB,CAAC;AAcF;;GAEG;AACH,QAAA,MAAM,oBAAoB,aACd,QAAQ,QACZ,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,eACnB,WAAW,UAChB,UAAU,SAyBnB,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,gBAAgB,WAAkB,UAAU,kBASjD,CAAC;AAEF,KAAK,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAC5C,cAAM,mBAAoB,SAAQ,aAAa;IACjC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,kBAAkB,CAAC;gBAAnC,MAAM,GAAE,OAAO,CAAC,kBAAkB,CAAM;IAOvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKxC,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAOxD;AAED,cAAM,mBAAoB,SAAQ,aAAa;gBACjC,MAAM,GAAE,OAAO,CAAC,qBAAqB,CAAM;IAQjD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAIrD;AAED,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,mBAAmB,GACpB,CAAC"}