npm - @civic/auth - Versions diffs - 0.3.5 → 0.3.6-beta.1 - Mend

@civic/auth 0.3.5 → 0.3.6-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (951) hide show

package/dist/cjs/nextjs/index.js DELETED Viewed

@@ -1,27 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CivicAuthProvider = exports.NextjsCookieStorage = exports.handler = exports.getTokens = exports.getUser = exports.defaultAuthConfig = exports.createCivicAuthPlugin = void 0;
-const cookies_js_1 = require("../nextjs/cookies.js");
-const index_js_1 = require("../shared/index.js");
-(0, index_js_1.printVersion)();
-const session_js_1 = require("../shared/lib/session.js");
-var config_js_1 = require("../nextjs/config.js");
-Object.defineProperty(exports, "createCivicAuthPlugin", { enumerable: true, get: function () { return config_js_1.createCivicAuthPlugin; } });
-Object.defineProperty(exports, "defaultAuthConfig", { enumerable: true, get: function () { return config_js_1.defaultAuthConfig; } });
-const getUser = async () => {
-    const clientStorage = new cookies_js_1.NextjsCookieStorage();
-    return (0, session_js_1.getUser)(clientStorage);
-};
-exports.getUser = getUser;
-const getTokens = async () => {
-    const clientStorage = new cookies_js_1.NextjsCookieStorage();
-    return (0, session_js_1.getTokens)(clientStorage);
-};
-exports.getTokens = getTokens;
-var routeHandler_js_1 = require("../nextjs/routeHandler.js");
-Object.defineProperty(exports, "handler", { enumerable: true, get: function () { return routeHandler_js_1.handler; } });
-var cookies_js_2 = require("../nextjs/cookies.js");
-Object.defineProperty(exports, "NextjsCookieStorage", { enumerable: true, get: function () { return cookies_js_2.NextjsCookieStorage; } });
-var NextAuthProvider_js_1 = require("../nextjs/providers/NextAuthProvider.js");
-Object.defineProperty(exports, "CivicAuthProvider", { enumerable: true, get: function () { return NextAuthProvider_js_1.CivicNextAuthProvider; } });
-//# sourceMappingURL=index.js.map

package/dist/cjs/nextjs/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/nextjs/index.ts"],"names":[],"mappings":";;;AAAA,oDAA0D;AAC1D,gDAAiD;AACjD,IAAA,uBAAY,GAAE,CAAC;AACf,wDAGiC;AAGjC,gDAA8E;AAArE,kHAAA,qBAAqB,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAE1C,MAAM,OAAO,GAAG,KAAK,IAEC,EAAE;IAC7B,MAAM,aAAa,GAAG,IAAI,gCAAmB,EAAE,CAAC;IAChD,OAAO,IAAA,oBAAc,EAAI,aAAa,CAAC,CAAC;AAC1C,CAAC,CAAC;AALW,QAAA,OAAO,WAKlB;AACK,MAAM,SAAS,GAAG,KAAK,IAAiC,EAAE;IAC/D,MAAM,aAAa,GAAG,IAAI,gCAAmB,EAAE,CAAC;IAChD,OAAO,IAAA,sBAAgB,EAAC,aAAa,CAAC,CAAC;AACzC,CAAC,CAAC;AAHW,QAAA,SAAS,aAGpB;AACF,4DAAmD;AAA1C,0GAAA,OAAO,OAAA;AAChB,kDAA0D;AAAjD,iHAAA,mBAAmB,OAAA;AAM5B,8EAGgD;AAF9C,wHAAA,qBAAqB,OAAqB","sourcesContent":["import { NextjsCookieStorage } from \"@/nextjs/cookies.js\";\nimport { printVersion } from \"@/shared/index.js\";\nprintVersion();\nimport {\n getTokens as getSessionTokens,\n getUser as getSessionUser,\n} from \"@/shared/lib/session.js\";\nimport type { EmptyObject, OAuthTokens, UnknownObject, User } from \"@/types.js\";\n\nexport { createCivicAuthPlugin, defaultAuthConfig } from \"@/nextjs/config.js\";\n\nexport const getUser = async <\n T extends UnknownObject = EmptyObject,\n>(): Promise<User<T> | null> => {\n const clientStorage = new NextjsCookieStorage();\n return getSessionUser<T>(clientStorage);\n};\nexport const getTokens = async (): Promise<OAuthTokens | null> => {\n const clientStorage = new NextjsCookieStorage();\n return getSessionTokens(clientStorage);\n};\nexport { handler } from \"@/nextjs/routeHandler.js\";\nexport { NextjsCookieStorage } from \"@/nextjs/cookies.js\";\nexport type {\n AuthConfig,\n CookiesConfigObject,\n AuthConfigWithDefaults,\n} from \"@/nextjs/config.js\";\nexport {\n CivicNextAuthProvider as CivicAuthProvider,\n type NextCivicAuthProviderProps as AuthProviderProps,\n} from \"@/nextjs/providers/NextAuthProvider.js\";\n"]}

package/dist/cjs/nextjs/middleware/index.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/middleware/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/cjs/nextjs/middleware/index.js DELETED Viewed

@@ -1,10 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.withAuth = exports.auth = exports.authMiddleware = void 0;
-const index_js_1 = require("../../shared/index.js");
-(0, index_js_1.printVersion)();
-var middleware_js_1 = require("../../nextjs/middleware.js");
-Object.defineProperty(exports, "authMiddleware", { enumerable: true, get: function () { return middleware_js_1.authMiddleware; } });
-Object.defineProperty(exports, "auth", { enumerable: true, get: function () { return middleware_js_1.auth; } });
-Object.defineProperty(exports, "withAuth", { enumerable: true, get: function () { return middleware_js_1.withAuth; } });
-//# sourceMappingURL=index.js.map

package/dist/cjs/nextjs/middleware/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/nextjs/middleware/index.ts"],"names":[],"mappings":";;;AAAA,gDAAiD;AACjD,IAAA,uBAAY,GAAE,CAAC;AAEf,wDAAwE;AAA/D,+GAAA,cAAc,OAAA;AAAE,qGAAA,IAAI,OAAA;AAAE,yGAAA,QAAQ,OAAA","sourcesContent":["import { printVersion } from \"@/shared/index.js\";\nprintVersion();\n\nexport { authMiddleware, auth, withAuth } from \"@/nextjs/middleware.js\";\n"]}

package/dist/cjs/nextjs/middleware.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG7D,KAAK,UAAU,GAAG,CAChB,OAAO,EAAE,WAAW,KACjB,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAkE1C;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,gBACZ,kBAAkB,eACf,WAAW,KAAG,OAAO,CAAC,YAAY,CAOjD,CAAC;AAEJ;;;;;;;GAOG;AAEH,wBAAgB,QAAQ,CACtB,UAAU,EAAE,UAAU,GACrB,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAEjD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,IAAI,CAAC,UAAU,GAAE,kBAAuB,gBAExC,UAAU,KACrB,CAAC,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC,CAQrD"}

package/dist/cjs/nextjs/middleware.js DELETED Viewed

@@ -1,110 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.authMiddleware = void 0;
-exports.withAuth = withAuth;
-exports.auth = auth;
-const server_js_1 = require("next/server.js");
-const picomatch_1 = __importDefault(require("picomatch"));
-const config_js_1 = require("../nextjs/config.js");
-// Matches globs:
-// Examples:
-// /user
-// /user/*
-// /user/**/info
-const matchGlob = (pathname, globPattern) => {
-    const matches = (0, picomatch_1.default)(globPattern);
-    return matches(pathname);
-};
-// Matches globs:
-// Examples:
-// /user
-// /user/*
-// /user/**/info
-const matchesGlobs = (pathname, patterns) => patterns.some((pattern) => {
-    if (!pattern)
-        return false;
-    return matchGlob(pathname, pattern);
-});
-// internal - used by all exported functions
-const applyAuth = async (authConfig, request) => {
-    const authConfigWithDefaults = (0, config_js_1.resolveAuthConfig)(authConfig);
-    // Check for any valid auth token
-    const isAuthenticated = !!request.cookies.get("id_token");
-    // skip auth check for redirect to login url
-    if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&
-        request.method === "GET") {
-        console.log("→ Skipping auth check - this is the login URL");
-        return undefined;
-    }
-    if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {
-        console.log("→ Skipping auth check - path not in include patterns");
-        return undefined;
-    }
-    if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {
-        console.log("→ Skipping auth check - path in exclude patterns");
-        return undefined;
-    }
-    // Check for either token type
-    if (!isAuthenticated) {
-        const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.nextUrl.origin);
-        const redirectUrl = `${loginUrl.toString()}`;
-        console.log(`→ No valid token found - redirecting to "${redirectUrl}"`);
-        return server_js_1.NextResponse.redirect(redirectUrl);
-    }
-    console.log("→ Auth check passed");
-    return undefined;
-};
-/**
- *
- * Use this when auth is the only middleware you need.
- * Usage:
- *
- * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();
- *
- */
-const authMiddleware = (authConfig = {}) => async (request) => {
-    const response = await applyAuth(authConfig, request);
-    if (response)
-        return response;
-    // NextJS doesn't do middleware chaining yet, so this does not mean
-    // "call the next middleware" - it means "continue to the route handler"
-    return server_js_1.NextResponse.next();
-};
-exports.authMiddleware = authMiddleware;
-/**
- * Usage:
- *
- * export default withAuth(async (request) => {
- *    console.log('my middleware');
- *    return NextResponse.next();
- *  })
- */
-// use this when you have your own middleware to chain
-function withAuth(middleware) {
-    return auth()(middleware);
-}
-/**
- * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)
- *
- * Usage:
- *
- * export default auth(authConfig: AuthConfig ) => {
- *    console.log('my middleware');
- *    return NextResponse.next();
- *  })
- *
- */
-function auth(authConfig = {}) {
-    return (middleware) => {
-        return async (request) => {
-            const response = await applyAuth(authConfig, request);
-            if (response)
-                return response;
-            return middleware(request);
-        };
-    };
-}
-//# sourceMappingURL=middleware.js.map

package/dist/cjs/nextjs/middleware.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/nextjs/middleware.ts"],"names":[],"mappings":";;;;;;AA2HA,4BAIC;AAaD,oBAWC;AAjID,8CAA8C;AAC9C,0DAAkC;AAElC,kDAAuD;AAMvD,iBAAiB;AACjB,YAAY;AACZ,QAAQ;AACR,UAAU;AACV,gBAAgB;AAChB,MAAM,SAAS,GAAG,CAAC,QAAgB,EAAE,WAAmB,EAAE,EAAE;IAC1D,MAAM,OAAO,GAAG,IAAA,mBAAS,EAAC,WAAW,CAAC,CAAC;IACvC,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC,CAAC;AAEF,iBAAiB;AACjB,YAAY;AACZ,QAAQ;AACR,UAAU;AACV,gBAAgB;AAChB,MAAM,YAAY,GAAG,CAAC,QAAgB,EAAE,QAAkB,EAAE,EAAE,CAC5D,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AACtC,CAAC,CAAC,CAAC;AAEL,4CAA4C;AAC5C,MAAM,SAAS,GAAG,KAAK,EACrB,UAA8B,EAC9B,OAAoB,EACe,EAAE;IACrC,MAAM,sBAAsB,GAAG,IAAA,6BAAiB,EAAC,UAAU,CAAC,CAAC;IAC7D,iCAAiC;IACjC,MAAM,eAAe,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE1D,4CAA4C;IAC5C,IACE,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,sBAAsB,CAAC,QAAQ;QAC5D,OAAO,CAAC,MAAM,KAAK,KAAK,EACxB,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACpE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,sBAAsB,CAAC,QAAQ,EAC/B,OAAO,CAAC,OAAO,CAAC,MAAM,CACvB,CAAC;QACF,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,4CAA4C,WAAW,GAAG,CAAC,CAAC;QACxE,OAAO,wBAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF;;;;;;;GAOG;AACI,MAAM,cAAc,GACzB,CAAC,aAAiC,EAAE,EAAE,EAAE,CACxC,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACtD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,mEAAmE;IACnE,wEAAwE;IACxE,OAAO,wBAAY,CAAC,IAAI,EAAE,CAAC;AAC7B,CAAC,CAAC;AATS,QAAA,cAAc,kBASvB;AAEJ;;;;;;;GAOG;AACH,sDAAsD;AACtD,SAAgB,QAAQ,CACtB,UAAsB;IAEtB,OAAO,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,IAAI,CAAC,aAAiC,EAAE;IACtD,OAAO,CACL,UAAsB,EAC6B,EAAE;QACrD,OAAO,KAAK,EAAE,OAAoB,EAAyB,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACtD,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YAE9B,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport type { OptionalAuthConfig } from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: OptionalAuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for redirect to login url\n if (\n request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&\n request.method === \"GET\"\n ) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n const loginUrl = new URL(\n authConfigWithDefaults.loginUrl,\n request.nextUrl.origin,\n );\n const redirectUrl = `${loginUrl.toString()}`;\n console.log(`→ No valid token found - redirecting to \"${redirectUrl}\"`);\n return NextResponse.redirect(redirectUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig: OptionalAuthConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return auth()(middleware);\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * export default auth(authConfig: AuthConfig ) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: OptionalAuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n return middleware(request);\n };\n };\n}\n"]}

package/dist/cjs/nextjs/providers/NextAuthProvider.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAKA,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,oBAAoB,CAAC;AAe5B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAcrE,KAAK,kCAAkC,GAAG,IAAI,CAC5C,iBAAiB,EACjB,UAAU,CACX,GAAG;IACF,cAAc,EAAE,sBAAsB,CAAC;CACxC,CAAC;AACF,KAAK,0BAA0B,GAAG,IAAI,CACpC,kCAAkC,EAClC,UAAU,GAAG,gBAAgB,GAAG,aAAa,CAC9C,CAAC;AAoHF,QAAA,MAAM,qBAAqB,2BAGxB,0BAA0B,qDA0C5B,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAE,KAAK,0BAA0B,EAAE,CAAC"}

package/dist/cjs/nextjs/providers/NextAuthProvider.js DELETED Viewed

@@ -1,102 +0,0 @@
-"use strict";
-"use client";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CivicNextAuthProvider = void 0;
-const jsx_runtime_1 = require("@emotion/react/jsx-runtime");
-/**
- * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.
- */
-const react_1 = require("react");
-const config_js_1 = require("../../nextjs/config.js");
-const utils_js_1 = require("../../nextjs/utils.js");
-const PKCE_js_1 = require("../../services/PKCE.js");
-const UserProvider_js_1 = require("../../shared/providers/UserProvider.js");
-const useUserCookie_js_1 = require("../../nextjs/hooks/useUserCookie.js");
-const CivicAuthConfigContext_js_1 = require("../../shared/providers/CivicAuthConfigContext.js");
-const SessionProvider_js_1 = require("../../shared/providers/SessionProvider.js");
-const IframeProvider_js_1 = require("../../shared/providers/IframeProvider.js");
-const TokenProvider_js_1 = require("../../shared/providers/TokenProvider.js");
-const useSignIn_js_1 = require("../../shared/hooks/useSignIn.js");
-const useCivicAuthConfig_js_1 = require("../../shared/hooks/useCivicAuthConfig.js");
-const IFrameAndLoading_js_1 = require("../../shared/components/IFrameAndLoading.js");
-const BlockDisplay_js_1 = require("../../shared/components/BlockDisplay.js");
-const LoadingIcon_js_1 = require("../../shared/components/LoadingIcon.js");
-const useIframe_js_1 = require("../../shared/hooks/useIframe.js");
-const useIsInIframe_js_1 = require("../../shared/hooks/useIsInIframe.js");
-const types_js_1 = require("../../types.js");
-const useRefresh_js_1 = require("../../nextjs/hooks/useRefresh.js");
-const index_js_1 = require("../../shared/hooks/index.js");
-const index_js_2 = require("../../shared/index.js");
-const CivicNextAuthTokenProviderInternal = ({ children, isLoading, displayMode = "iframe", user, fetchUser, ...props }) => {
-    const { iframeMode, resolvedConfig } = props;
-    const { iframeRef, setIframeIsVisible } = (0, useIframe_js_1.useIframe)();
-    const civicAuthConfig = (0, useCivicAuthConfig_js_1.useCivicAuthConfig)();
-    const { challengeUrl } = resolvedConfig;
-    const pkceConsumer = new PKCE_js_1.ConfidentialClientPKCEConsumer(challengeUrl);
-    const { data: session } = (0, index_js_1.useSession)();
-    const currentUrl = (0, index_js_1.useCurrentUrl)();
-    (0, react_1.useEffect)(() => {
-        if (session?.authenticated) {
-            // the session is authenticated, so don't show the login iframe
-            setIframeIsVisible(false);
-            return;
-        }
-    }, [session?.authenticated, setIframeIsVisible]);
-    const postSignOut = (0, react_1.useCallback)(async () => {
-        // user is signed out, manually update the user from cookies to not wait for polling
-        await fetchUser();
-        await props?.onSignOut?.();
-    }, [fetchUser, props]);
-    const { signIn, startSignIn, signOut, authStatus } = (0, useSignIn_js_1.useSignIn)({
-        postSignOut,
-        pkceConsumer,
-        displayMode,
-    });
-    (0, react_1.useEffect)(() => {
-        if (civicAuthConfig &&
-            !session?.authenticated &&
-            iframeRef?.current &&
-            authStatus === types_js_1.AuthStatus.UNAUTHENTICATED &&
-            displayMode === "iframe" &&
-            !currentUrl?.includes("code=")) {
-            startSignIn();
-        }
-        // eslint-disable-next-line react-hooks/exhaustive-deps
-    }, [
-        currentUrl,
-        iframeMode,
-        iframeRef,
-        civicAuthConfig,
-        session?.authenticated,
-        authStatus,
-        startSignIn,
-        displayMode,
-    ]);
-    return ((0, jsx_runtime_1.jsx)(TokenProvider_js_1.TokenProvider, { children: (0, jsx_runtime_1.jsxs)(UserProvider_js_1.UserProvider, { storage: new index_js_2.BrowserCookieStorage(), user: user, signOut: signOut, signIn: signIn, displayMode: displayMode, authStatus: authStatus, children: [(0, jsx_runtime_1.jsx)(IFrameAndLoading_js_1.IFrameAndLoading, { error: null, isLoading: isLoading }), isLoading && ((0, jsx_runtime_1.jsx)(BlockDisplay_js_1.BlockDisplay, { children: (0, jsx_runtime_1.jsx)(LoadingIcon_js_1.LoadingIcon, {}) })), children] }) }));
-};
-const CivicNextAuthProviderInternal = ({ children, ...props }) => {
-    // if the SDK loads in an iframe, we show the loading spinner as the iframe
-    // will be waiting to be minimized
-    const isLoading = (0, useIsInIframe_js_1.useIsInIframe)();
-    const { user, idToken, fetchUser } = (0, useUserCookie_js_1.useUserCookie)();
-    const session = {
-        authenticated: !!user,
-        idToken,
-    };
-    (0, useRefresh_js_1.useRefresh)(session);
-    return ((0, jsx_runtime_1.jsx)(SessionProvider_js_1.SessionProvider, { data: session, isLoading: isLoading, children: (0, jsx_runtime_1.jsx)(CivicNextAuthTokenProviderInternal, { ...props, user: user, idToken: idToken, fetchUser: fetchUser, isLoading: isLoading, children: children }) }));
-};
-const CivicNextAuthProvider = ({ children, ...props }) => {
-    const resolvedConfig = (0, config_js_1.resolveAuthConfig)();
-    const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl, refreshUrl, logoutCallbackUrl, } = resolvedConfig;
-    const [redirectUrl, setRedirectUrl] = (0, react_1.useState)("");
-    (0, react_1.useEffect)(() => {
-        if (typeof globalThis.window !== "undefined") {
-            const appUrl = globalThis.window.location.origin;
-            setRedirectUrl((0, utils_js_1.resolveCallbackUrl)(resolvedConfig, appUrl));
-        }
-    }, [callbackUrl, resolvedConfig]);
-    return ((0, jsx_runtime_1.jsx)(CivicAuthConfigContext_js_1.CivicAuthConfigProvider, { oauthServer: oauthServer, clientId: clientId, redirectUrl: redirectUrl, logoutRedirectUrl: logoutCallbackUrl, nonce: props?.nonce, challengeUrl: challengeUrl, refreshUrl: refreshUrl, logoutUrl: logoutUrl, logoutCallbackUrl: logoutCallbackUrl, children: (0, jsx_runtime_1.jsx)(IframeProvider_js_1.IframeProvider, { iframeMode: props.iframeMode, children: (0, jsx_runtime_1.jsx)(CivicNextAuthProviderInternal, { ...props, resolvedConfig: resolvedConfig, children: children }) }) }));
-};
-exports.CivicNextAuthProvider = CivicNextAuthProvider;
-//# sourceMappingURL=NextAuthProvider.js.map

package/dist/cjs/nextjs/providers/NextAuthProvider.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"NextAuthProvider.js","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;AACb;;GAEG;AACH,iCAAgE;AAChE,kDAG4B;AAC5B,gDAAuD;AACvD,gDAAoE;AACpE,wEAAkE;AAClE,sEAAgE;AAChE,4FAAuF;AACvF,8EAAwE;AACxE,4EAAsE;AACtE,0EAAoE;AACpE,8DAAwD;AACxD,gFAA0E;AAC1E,iFAA2E;AAC3E,yEAAmE;AACnE,uEAAiE;AACjE,8DAAwD;AAExD,sEAAgE;AAChE,yCAAuE;AACvE,gEAA0D;AAC1D,sDAAoE;AACpE,gDAAyD;AAoBzD,MAAM,kCAAkC,GAAG,CAEzC,EACA,QAAQ,EACR,SAAS,EACT,WAAW,GAAG,QAAQ,EACtB,IAAI,EACJ,SAAS,EACT,GAAG,KAAK,EACuC,EAAE,EAAE;IACnD,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IAC7C,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,IAAA,wBAAS,GAAE,CAAC;IACtD,MAAM,eAAe,GAAG,IAAA,0CAAkB,GAAE,CAAC;IAC7C,MAAM,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IACxC,MAAM,YAAY,GAAG,IAAI,wCAA8B,CAAC,YAAY,CAAC,CAAC;IACtE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAA,qBAAU,GAAE,CAAC;IACvC,MAAM,UAAU,GAAG,IAAA,wBAAa,GAAE,CAAC;IAEnC,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,+DAA+D;YAC/D,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO;QACT,CAAC;IACH,CAAC,EAAE,CAAC,OAAO,EAAE,aAAa,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAEjD,MAAM,WAAW,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACzC,oFAAoF;QACpF,MAAM,SAAS,EAAE,CAAC;QAClB,MAAM,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC;IAC7B,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;IAEvB,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,IAAA,wBAAS,EAAC;QAC7D,WAAW;QACX,YAAY;QACZ,WAAW;KACZ,CAAC,CAAC;IAEH,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IACE,eAAe;YACf,CAAC,OAAO,EAAE,aAAa;YACvB,SAAS,EAAE,OAAO;YAClB,UAAU,KAAK,qBAAU,CAAC,eAAe;YACzC,WAAW,KAAK,QAAQ;YACxB,CAAC,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,EAC9B,CAAC;YACD,WAAW,EAAE,CAAC;QAChB,CAAC;QACD,uDAAuD;IACzD,CAAC,EAAE;QACD,UAAU;QACV,UAAU;QACV,SAAS;QACT,eAAe;QACf,OAAO,EAAE,aAAa;QACtB,UAAU;QACV,WAAW;QACX,WAAW;KACZ,CAAC,CAAC;IAEH,OAAO,CACL,uBAAC,gCAAa,cACZ,wBAAC,8BAAY,IACX,OAAO,EAAE,IAAI,+BAAoB,EAAE,EACnC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW,EACxB,UAAU,EAAE,UAAU,aAEtB,uBAAC,sCAAgB,IAAC,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,GAAI,EACtD,SAAS,IAAI,CACZ,uBAAC,8BAAY,cACX,uBAAC,4BAAW,KAAG,GACF,CAChB,EACA,QAAQ,IACI,GACD,CACjB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,6BAA6B,GAAG,CAAC,EACrC,QAAQ,EACR,GAAG,KAAK,EAC2B,EAAE,EAAE;IACvC,2EAA2E;IAC3E,kCAAkC;IAClC,MAAM,SAAS,GAAG,IAAA,gCAAa,GAAE,CAAC;IAClC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,gCAAa,GAAE,CAAC;IAErD,MAAM,OAAO,GAAG;QACd,aAAa,EAAE,CAAC,CAAC,IAAI;QACrB,OAAO;KACR,CAAC;IAEF,IAAA,0BAAU,EAAC,OAAO,CAAC,CAAC;IAEpB,OAAO,CACL,uBAAC,oCAAe,IAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,YAClD,uBAAC,kCAAkC,OAC7B,KAAK,EACT,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,SAAS,YAEnB,QAAQ,GAC0B,GACrB,CACnB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,EAC7B,QAAQ,EACR,GAAG,KAAK,EACmB,EAAE,EAAE;IAC/B,MAAM,cAAc,GAAG,IAAA,6BAAiB,GAAE,CAAC;IAC3C,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,UAAU,EACV,iBAAiB,GAClB,GAAG,cAAc,CAAC;IACnB,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,IAAA,gBAAQ,EAAS,EAAE,CAAC,CAAC;IAE3D,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YACjD,cAAc,CAAC,IAAA,6BAAkB,EAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;IAElC,OAAO,CACL,uBAAC,mDAAuB,IACtB,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,EACxB,iBAAiB,EAAE,iBAAiB,EACpC,KAAK,EAAE,KAAK,EAAE,KAAK,EACnB,YAAY,EAAE,YAAY,EAC1B,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,SAAS,EACpB,iBAAiB,EAAE,iBAAiB,YAEpC,uBAAC,kCAAc,IAAC,UAAU,EAAE,KAAK,CAAC,UAAU,YAC1C,uBAAC,6BAA6B,OACxB,KAAK,EACT,cAAc,EAAE,cAAc,YAE7B,QAAQ,GACqB,GACjB,GACO,CAC3B,CAAC;AACJ,CAAC,CAAC;AAEO,sDAAqB","sourcesContent":["\"use client\";\n/**\n * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport React, { useCallback, useEffect, useState } from \"react\";\nimport {\n resolveAuthConfig,\n type AuthConfigWithDefaults,\n} from \"@/nextjs/config.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { UserProvider } from \"@/shared/providers/UserProvider.js\";\nimport { useUserCookie } from \"@/nextjs/hooks/useUserCookie.js\";\nimport { CivicAuthConfigProvider } from \"@/shared/providers/CivicAuthConfigContext.js\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider.js\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider.js\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider.js\";\nimport { useSignIn } from \"@/shared/hooks/useSignIn.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport { IFrameAndLoading } from \"@/shared/components/IFrameAndLoading.js\";\nimport { BlockDisplay } from \"@/shared/components/BlockDisplay.js\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\nimport type { AuthProviderProps } from \"@/shared/providers/types.js\";\nimport { useIsInIframe } from \"@/shared/hooks/useIsInIframe.js\";\nimport { AuthStatus, type UnknownObject, type User } from \"@/types.js\";\nimport { useRefresh } from \"@/nextjs/hooks/useRefresh.js\";\nimport { useCurrentUrl, useSession } from \"@/shared/hooks/index.js\";\nimport { BrowserCookieStorage } from \"@/shared/index.js\";\n\ntype CivicNextAuthTokenProviderInternalProps<TUser extends UnknownObject> =\n NextCivicAuthProviderInternalProps & {\n isLoading: boolean;\n idToken?: string;\n user: User<TUser> | null;\n fetchUser: () => Promise<void>;\n };\ntype NextCivicAuthProviderInternalProps = Omit<\n AuthProviderProps,\n \"clientId\"\n> & {\n resolvedConfig: AuthConfigWithDefaults;\n};\ntype NextCivicAuthProviderProps = Omit<\n NextCivicAuthProviderInternalProps,\n \"clientId\" | \"resolvedConfig\" | \"redirectUrl\"\n>;\n\nconst CivicNextAuthTokenProviderInternal = <\n TUser extends UnknownObject = UnknownObject,\n>({\n children,\n isLoading,\n displayMode = \"iframe\",\n user,\n fetchUser,\n ...props\n}: CivicNextAuthTokenProviderInternalProps<TUser>) => {\n const { iframeMode, resolvedConfig } = props;\n const { iframeRef, setIframeIsVisible } = useIframe();\n const civicAuthConfig = useCivicAuthConfig();\n const { challengeUrl } = resolvedConfig;\n const pkceConsumer = new ConfidentialClientPKCEConsumer(challengeUrl);\n const { data: session } = useSession();\n const currentUrl = useCurrentUrl();\n\n useEffect(() => {\n if (session?.authenticated) {\n // the session is authenticated, so don't show the login iframe\n setIframeIsVisible(false);\n return;\n }\n }, [session?.authenticated, setIframeIsVisible]);\n\n const postSignOut = useCallback(async () => {\n // user is signed out, manually update the user from cookies to not wait for polling\n await fetchUser();\n await props?.onSignOut?.();\n }, [fetchUser, props]);\n\n const { signIn, startSignIn, signOut, authStatus } = useSignIn({\n postSignOut,\n pkceConsumer,\n displayMode,\n });\n\n useEffect(() => {\n if (\n civicAuthConfig &&\n !session?.authenticated &&\n iframeRef?.current &&\n authStatus === AuthStatus.UNAUTHENTICATED &&\n displayMode === \"iframe\" &&\n !currentUrl?.includes(\"code=\")\n ) {\n startSignIn();\n }\n // eslint-disable-next-line react-hooks/exhaustive-deps\n }, [\n currentUrl,\n iframeMode,\n iframeRef,\n civicAuthConfig,\n session?.authenticated,\n authStatus,\n startSignIn,\n displayMode,\n ]);\n\n return (\n <TokenProvider>\n <UserProvider\n storage={new BrowserCookieStorage()}\n user={user}\n signOut={signOut}\n signIn={signIn}\n displayMode={displayMode}\n authStatus={authStatus}\n >\n <IFrameAndLoading error={null} isLoading={isLoading} />\n {isLoading && (\n <BlockDisplay>\n <LoadingIcon />\n </BlockDisplay>\n )}\n {children}\n </UserProvider>\n </TokenProvider>\n );\n};\n\nconst CivicNextAuthProviderInternal = ({\n children,\n ...props\n}: NextCivicAuthProviderInternalProps) => {\n // if the SDK loads in an iframe, we show the loading spinner as the iframe\n // will be waiting to be minimized\n const isLoading = useIsInIframe();\n const { user, idToken, fetchUser } = useUserCookie();\n\n const session = {\n authenticated: !!user,\n idToken,\n };\n\n useRefresh(session);\n\n return (\n <SessionProvider data={session} isLoading={isLoading}>\n <CivicNextAuthTokenProviderInternal\n {...props}\n user={user}\n idToken={idToken}\n fetchUser={fetchUser}\n isLoading={isLoading}\n >\n {children}\n </CivicNextAuthTokenProviderInternal>\n </SessionProvider>\n );\n};\n\nconst CivicNextAuthProvider = ({\n children,\n ...props\n}: NextCivicAuthProviderProps) => {\n const resolvedConfig = resolveAuthConfig();\n const {\n clientId,\n oauthServer,\n callbackUrl,\n challengeUrl,\n logoutUrl,\n refreshUrl,\n logoutCallbackUrl,\n } = resolvedConfig;\n const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n const appUrl = globalThis.window.location.origin;\n setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));\n }\n }, [callbackUrl, resolvedConfig]);\n\n return (\n <CivicAuthConfigProvider\n oauthServer={oauthServer}\n clientId={clientId}\n redirectUrl={redirectUrl}\n logoutRedirectUrl={logoutCallbackUrl}\n nonce={props?.nonce}\n challengeUrl={challengeUrl}\n refreshUrl={refreshUrl}\n logoutUrl={logoutUrl}\n logoutCallbackUrl={logoutCallbackUrl}\n >\n <IframeProvider iframeMode={props.iframeMode}>\n <CivicNextAuthProviderInternal\n {...props}\n resolvedConfig={resolvedConfig}\n >\n {children}\n </CivicNextAuthProviderInternal>\n </IframeProvider>\n </CivicAuthConfigProvider>\n );\n};\n\nexport { CivicNextAuthProvider, type NextCivicAuthProviderProps };\n"]}

package/dist/cjs/nextjs/routeHandler.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAYrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA0Q9C,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CAiCvB;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CAmDvB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,OAAO,iCAEF,WAAW,KAAG,OAAO,CAAC,YAAY,CAkCjD,CAAC"}

package/dist/cjs/nextjs/routeHandler.js DELETED Viewed

@@ -1,318 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.handler = void 0;
-exports.handleLogout = handleLogout;
-exports.handleLogoutCallback = handleLogoutCallback;
-const constants_js_1 = require("../constants.js");
-const logger_js_1 = require("../lib/logger.js");
-const oauth_js_1 = require("../lib/oauth.js");
-const config_js_1 = require("../nextjs/config.js");
-const cookies_js_1 = require("../nextjs/cookies.js");
-const index_js_1 = require("../nextjs/index.js");
-const utils_js_1 = require("../nextjs/utils.js");
-const login_js_1 = require("../server/login.js");
-const PKCE_js_1 = require("../services/PKCE.js");
-const AuthenticationRefresherImpl_js_1 = require("../shared/lib/AuthenticationRefresherImpl.js");
-const types_js_1 = require("../shared/lib/types.js");
-const UserSession_js_1 = require("../shared/lib/UserSession.js");
-const util_js_1 = require("../shared/lib/util.js");
-const cache_js_1 = require("next/cache.js");
-const server_js_1 = require("next/server.js");
-const logger = logger_js_1.loggers.nextjs.handlers.auth;
-class AuthError extends Error {
-    status;
-    constructor(message, status = 401) {
-        super(message);
-        this.status = status;
-        this.name = "AuthError";
-    }
-}
-const getAppUrl = (request) => request.cookies.get(types_js_1.CodeVerifier.APP_URL)?.value ||
-    request.nextUrl.searchParams.get("appUrl");
-const getIdToken = async (config) => {
-    const cookieStorage = new cookies_js_1.NextjsCookieStorage(config.cookies?.tokens ?? {});
-    return cookieStorage.get(types_js_1.OAuthTokens.ID_TOKEN);
-};
-/**
- * create a code verifier and challenge for PKCE
- * saving the verifier in a cookie for later use
- * @returns {Promise<NextResponse>}
- */
-async function handleChallenge(request, config) {
-    const cookieStorage = new cookies_js_1.NextjsCookieStorage(config.cookies?.tokens ?? {});
-    const pkceProducer = new PKCE_js_1.GenericPublicClientPKCEProducer(cookieStorage);
-    const challenge = await pkceProducer.getCodeChallenge();
-    const appUrl = request.nextUrl.searchParams.get("appUrl");
-    if (appUrl) {
-        cookieStorage.set(types_js_1.CodeVerifier.APP_URL, appUrl);
-    }
-    return server_js_1.NextResponse.json({ status: "success", challenge });
-}
-async function performTokenExchangeAndSetCookies(config, code, state, appUrl) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    // TODO This is messy, better would be to fix the config.cookies type to always be <name: settings>
-    // rather than nesting the tokens-related ones *and* code-verifier inside "tokens"
-    // (despite code-verifier not relating directly to tokens)
-    const cookieStorage = new cookies_js_1.NextjsCookieStorage({
-        ...resolvedConfigs.cookies.tokens,
-        user: resolvedConfigs.cookies.user,
-    });
-    const callbackUrl = (0, utils_js_1.resolveCallbackUrl)(resolvedConfigs, appUrl);
-    try {
-        await (0, login_js_1.resolveOAuthAccessCode)(code, state, cookieStorage, {
-            ...resolvedConfigs,
-            redirectUrl: callbackUrl,
-        });
-    }
-    catch (error) {
-        logger.error("Token exchange failed:", error);
-        throw new AuthError("Failed to authenticate user", 401);
-    }
-    const user = await (0, index_js_1.getUser)();
-    if (!user) {
-        throw new AuthError("Failed to get user info", 401);
-    }
-    const userSession = new UserSession_js_1.GenericUserSession(cookieStorage);
-    await userSession.set(user);
-}
-async function handleRefresh(request, config) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    const cookieStorage = new cookies_js_1.NextjsCookieStorage(config.cookies?.tokens ?? {});
-    const refresher = await AuthenticationRefresherImpl_js_1.AuthenticationRefresherImpl.build({
-        clientId: resolvedConfigs.clientId,
-        oauthServer: resolvedConfigs.oauthServer,
-        redirectUrl: resolvedConfigs.callbackUrl,
-        refreshUrl: resolvedConfigs.refreshUrl,
-    }, cookieStorage);
-    const tokens = await refresher.refreshAccessToken();
-    // this will use the refresh token to get new tokens and, if successful
-    // the idToken, accessToken and user cookies will be updated
-    // await newRefresher.refreshTokens();
-    return server_js_1.NextResponse.json({ status: "success", tokens });
-}
-const generateHtmlResponseWithCallback = (request, callbackUrl) => {
-    // we need to replace the URL with resolved config in case the server is hosted
-    // behind a reverse proxy or load balancer
-    const requestUrl = new URL(request.url);
-    const fetchUrl = `${callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainCallback=true`;
-    return new server_js_1.NextResponse(`<html lang="en">
-         <body>
-             <span style="display:none">
-                 <script>
-                     window.onload = function () {
-                         const appUrl = globalThis.window?.location?.origin;
-                         fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {
-                             response.json().then((jsonResponse) => {
-                                 if (jsonResponse.redirectUrl) {
-                                     window.location.href = jsonResponse.redirectUrl;
-                                 }
-                             });
-                         });
-                     };
-                 </script>
-             </span>
-         </body>
-     </html>
-    `);
-};
-async function handleCallback(request, config) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    const code = request.nextUrl.searchParams.get("code");
-    const state = request.nextUrl.searchParams.get("state");
-    if (!code || !state)
-        throw new AuthError("Bad parameters", 400);
-    // appUrl is passed from the client to the server in the query string
-    // this is necessary because the server does not have access to the client's window.location.origin
-    // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)
-    const appUrl = getAppUrl(request);
-    // If we have a code_verifier cookie and the appUrl, we can do a token exchange.
-    // Otherwise, just render an empty page.
-    // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.
-    // The client will make an additional call to this route with cookies included, at which point we do the token exchange.
-    const codeVerifier = request.cookies.get(types_js_1.CodeVerifier.COOKIE_NAME);
-    if (!codeVerifier || !appUrl) {
-        logger.debug("handleCallback no code_verifier found", {
-            state,
-            serverTokenExchange: (0, oauth_js_1.serverTokenExchangeFromState)(`${state}`),
-        });
-        let response = new server_js_1.NextResponse(`<html lang="en"><body><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`);
-        // in server-side token exchange mode we need to launch a page that will trigger the token exchange
-        // from the same domain, allowing it access to the code_verifier cookie
-        // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange
-        // if no code-verifier cookie is found
-        if (state && (0, oauth_js_1.serverTokenExchangeFromState)(state)) {
-            logger.debug("handleCallback serverTokenExchangeFromState, launching redirect page...", {
-                requestUrl: request.url,
-                configCallbackUrl: resolvedConfigs.callbackUrl,
-            });
-            // generate a page that will callback to the same domain, allowing access
-            // to the code_verifier cookie and passing the appUrl.
-            response = generateHtmlResponseWithCallback(request, resolvedConfigs.callbackUrl);
-        }
-        response.headers.set("Content-Type", "text/html; charset=utf-8");
-        logger.debug(`handleCallback no code_verifier found, returning ${constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT}`);
-        return response;
-    }
-    await performTokenExchangeAndSetCookies(resolvedConfigs, code, state, appUrl);
-    if (request.url.includes("sameDomainCallback=true")) {
-        logger.debug("handleCallback sameDomainCallback = true, returning redirectUrl", appUrl);
-        return server_js_1.NextResponse.json({
-            status: "success",
-            redirectUrl: appUrl,
-        });
-    }
-    // this is the case where a 'normal' redirect is happening
-    if ((0, oauth_js_1.serverTokenExchangeFromState)(state)) {
-        logger.debug("handleCallback serverTokenExchangeFromState, redirect to appUrl", appUrl);
-        if (!appUrl) {
-            throw new Error("appUrl undefined. Cannot redirect.");
-        }
-        return server_js_1.NextResponse.redirect(`${appUrl}`);
-    }
-    // return an empty HTML response so the iframe doesn't show any response
-    // in the short moment between the redirect and the parent window
-    // acknowledging the redirect and closing the iframe
-    const response = new server_js_1.NextResponse(`<html lang="en"><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`);
-    response.headers.set("Content-Type", "text/html; charset=utf-8");
-    return response;
-}
-/**
- * If redirectPath is an absolute path, return it as-is.
- * Otherwise for relative paths, append it to the current domain.
- * @param redirectPath
- * @param currentBasePath
- * @returns
- */
-const getAbsoluteRedirectPath = (redirectPath, currentBasePath) => new URL(redirectPath, currentBasePath).href;
-const getPostLogoutRedirectUrl = (request, config) => {
-    const { loginUrl } = (0, config_js_1.resolveAuthConfig)(config);
-    const redirectTarget = loginUrl ?? "/";
-    // if the optional loginUrl is provided and it is an absolute URL,
-    // use it as the redirect target
-    const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
-    if (isAbsoluteRedirect) {
-        return redirectTarget;
-    }
-    // if loginUrl is not defined, the appUrl is passed from the client to the server
-    // in the query string or cookies. This is necessary because the server does not
-    // have access to the client's window.location and can not accurately determine
-    // the appUrl (specially if the app is behind a reverse proxy).
-    const appUrl = getAppUrl(request);
-    if (appUrl)
-        return getAbsoluteRedirectPath(redirectTarget, appUrl);
-    return null;
-};
-const revalidateUrlPath = async (url) => {
-    try {
-        const path = new URL(url).pathname;
-        (0, cache_js_1.revalidatePath)(path);
-    }
-    catch (error) {
-        logger.warn("Failed to revalidate path after logout:", error);
-    }
-};
-async function handleLogout(request, config) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    const postLogoutUrl = new URL(resolvedConfigs.logoutCallbackUrl, getAppUrl(request) || request.url);
-    // read the id_token from the cookies
-    const idToken = await getIdToken(resolvedConfigs);
-    // read the state from the query parameters
-    const state = request.nextUrl.searchParams.get("state");
-    if (!state || !idToken) {
-        logger.error("handleLogout: missing state or idToken", { state, idToken });
-        // if token or state is missing, the logout call to the server will fail,
-        // (token has potentially expired already) so go straight to the postLogoutUrl
-        //  so the user can be signed out.
-        return server_js_1.NextResponse.redirect(`${postLogoutUrl}${state ? "?state=" + state : ""}`);
-    }
-    const logoutUrl = await (0, util_js_1.generateOauthLogoutUrl)({
-        clientId: resolvedConfigs.clientId,
-        idToken,
-        state,
-        redirectUrl: postLogoutUrl.href,
-        oauthServer: resolvedConfigs.oauthServer,
-    });
-    return server_js_1.NextResponse.redirect(`${logoutUrl.href}`);
-}
-async function handleLogoutCallback(request, config) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    const state = request.nextUrl.searchParams.get("state") || "";
-    const displayMode = (0, oauth_js_1.displayModeFromState)(state, "iframe");
-    const canAccessCookies = !!(await getIdToken(resolvedConfigs));
-    const isSameDomainCallback = request.url.includes("sameDomainCallback=true");
-    if (canAccessCookies || isSameDomainCallback) {
-        await (0, cookies_js_1.clearAuthCookies)();
-    }
-    let response;
-    // handle logout for iframe display mode
-    if (displayMode === "iframe") {
-        // try to read the token from cookies. If cookies cant be read/written
-        // because the request cames from a cross-origin redirect,
-        // we need to show a page that will trigger the logout from the same domain
-        if (canAccessCookies || isSameDomainCallback) {
-            // just return success
-            return server_js_1.NextResponse.json({ status: "success" });
-        }
-        // return a page that will trigger the logout from the same domain
-        response = generateHtmlResponseWithCallback(request, resolvedConfigs.logoutCallbackUrl);
-        response.headers.set("Content-Type", "text/html; charset=utf-8");
-        return response;
-    }
-    // handle logout for non-iframe display mode
-    const redirectUrl = getPostLogoutRedirectUrl(request, resolvedConfigs);
-    if (redirectUrl && (canAccessCookies || isSameDomainCallback)) {
-        // just redirect to the app url
-        response = server_js_1.NextResponse.redirect(`${redirectUrl}`);
-        revalidateUrlPath(redirectUrl);
-    }
-    else {
-        logger.debug("handleLogout no redirectUrl found", { state });
-        response = generateHtmlResponseWithCallback(request, resolvedConfigs.logoutCallbackUrl);
-        response.headers.set("Content-Type", "text/html; charset=utf-8");
-    }
-    return response;
-}
-/**
- * Creates an authentication handler for Next.js API routes
- *
- * Usage:
- * ```ts
- * // app/api/auth/[...civicauth]/route.ts
- * import { handler } from '@civic/auth/nextjs'
- * export const GET = handler({
- *   // optional config overrides
- * })
- * ```
- */
-const handler = (authConfig = {}) => async (request) => {
-    const config = (0, config_js_1.resolveAuthConfig)(authConfig);
-    try {
-        const pathname = request.nextUrl.pathname;
-        const pathSegments = pathname.split("/");
-        const lastSegment = pathSegments[pathSegments.length - 1];
-        switch (lastSegment) {
-            case "challenge":
-                return await handleChallenge(request, config);
-            case "callback":
-                return await handleCallback(request, config);
-            case "refresh":
-                return await handleRefresh(request, config);
-            case "logout":
-                return await handleLogout(request, config);
-            case "logoutcallback":
-                return await handleLogoutCallback(request, config);
-            default:
-                throw new AuthError(`Invalid auth route: ${pathname}`, 404);
-        }
-    }
-    catch (error) {
-        logger.error("Auth handler error:", error);
-        const status = error instanceof AuthError ? error.status : 500;
-        const message = error instanceof Error ? error.message : "Authentication failed";
-        const response = server_js_1.NextResponse.json({ error: message }, { status });
-        await (0, cookies_js_1.clearAuthCookies)();
-        return response;
-    }
-};
-exports.handler = handler;
-//# sourceMappingURL=routeHandler.js.map