@civic/auth 0.3.8-beta.0 → 0.3.8-beta.1

package/dist/cjs/nextjs/routeHandler.js

@@ -1,325 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.handler = void 0;
-exports.handleLogout = handleLogout;
-exports.handleLogoutCallback = handleLogoutCallback;
-const constants_js_1 = require("../constants.js");
-const logger_js_1 = require("../lib/logger.js");
-const oauth_js_1 = require("../lib/oauth.js");
-const config_js_1 = require("../nextjs/config.js");
-const cookies_js_1 = require("../nextjs/cookies.js");
-const index_js_1 = require("../nextjs/index.js");
-const utils_js_1 = require("../nextjs/utils.js");
-const login_js_1 = require("../server/login.js");
-const PKCE_js_1 = require("../services/PKCE.js");
-const types_js_1 = require("../shared/lib/types.js");
-const UserSession_js_1 = require("../shared/lib/UserSession.js");
-const util_js_1 = require("../shared/lib/util.js");
-const cache_js_1 = require("next/cache.js");
-const server_js_1 = require("next/server.js");
-const NextServerAuthenticationRefresherImpl_js_1 = require("./NextServerAuthenticationRefresherImpl.js");
-const logger = logger_js_1.loggers.nextjs.handlers.auth;
-class AuthError extends Error {
-    status;
-    constructor(message, status = 401) {
-        super(message);
-        this.status = status;
-        this.name = "AuthError";
-    }
-}
-const getAppUrl = (request) => request.cookies.get(types_js_1.CodeVerifier.APP_URL)?.value ||
-    request.nextUrl.searchParams.get("appUrl");
-const getIdToken = async (config) => {
-    const cookieStorage = new cookies_js_1.NextjsCookieStorage(config.cookies?.tokens ?? {});
-    return cookieStorage.get(types_js_1.OAuthTokens.ID_TOKEN);
-};
-/**
- * create a code verifier and challenge for PKCE
- * saving the verifier in a cookie for later use
- * @returns {Promise<NextResponse>}
- */
-async function handleChallenge(request, config) {
-    const cookieStorage = new cookies_js_1.NextjsCookieStorage(config.cookies?.tokens ?? {});
-    const pkceProducer = new PKCE_js_1.GenericPublicClientPKCEProducer(cookieStorage);
-    const challenge = await pkceProducer.getCodeChallenge();
-    const appUrl = request.nextUrl.searchParams.get("appUrl");
-    if (appUrl) {
-        cookieStorage.set(types_js_1.CodeVerifier.APP_URL, appUrl);
-    }
-    return server_js_1.NextResponse.json({ status: "success", challenge });
-}
-async function performTokenExchangeAndSetCookies(config, code, state, appUrl) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    // TODO This is messy, better would be to fix the config.cookies type to always be <name: settings>
-    // rather than nesting the tokens-related ones *and* code-verifier inside "tokens"
-    // (despite code-verifier not relating directly to tokens)
-    const cookieStorage = new cookies_js_1.NextjsCookieStorage({
-        ...resolvedConfigs.cookies.tokens,
-        user: resolvedConfigs.cookies.user,
-    });
-    const callbackUrl = (0, utils_js_1.resolveCallbackUrl)(resolvedConfigs, appUrl);
-    try {
-        await (0, login_js_1.resolveOAuthAccessCode)(code, state, cookieStorage, {
-            ...resolvedConfigs,
-            redirectUrl: callbackUrl,
-        });
-    }
-    catch (error) {
-        logger.error("Token exchange failed:", error);
-        throw new AuthError("Failed to authenticate user", 401);
-    }
-    const user = await (0, index_js_1.getUser)();
-    if (!user) {
-        throw new AuthError("Failed to get user info", 401);
-    }
-    const userSession = new UserSession_js_1.GenericUserSession(cookieStorage);
-    await userSession.set(user);
-}
-async function handleRefresh(_request, config) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    const cookieStorage = new cookies_js_1.NextjsCookieStorage(config.cookies?.tokens ?? {});
-    try {
-        const onError = (error) => {
-            logger.error("handleRefresh: Token refresh failed:", error);
-            throw new AuthError("Failed to refresh tokens", 500);
-        };
-        const refresher = await NextServerAuthenticationRefresherImpl_js_1.NextServerAuthenticationRefresherImpl.build({
-            clientId: resolvedConfigs.clientId,
-            oauthServer: resolvedConfigs.oauthServer,
-            redirectUrl: resolvedConfigs.callbackUrl,
-            refreshUrl: resolvedConfigs.refreshUrl,
-        }, cookieStorage, onError);
-        const tokens = await refresher.refreshAccessToken();
-        return server_js_1.NextResponse.json({ status: "success", tokens });
-    }
-    catch (error) {
-        logger.error("handleRefresh: Token refresh failed:", error);
-        throw new AuthError("Failed to refresh tokens", 500);
-    }
-}
-const generateHtmlResponseWithCallback = (request, callbackUrl) => {
-    // we need to replace the URL with resolved config in case the server is hosted
-    // behind a reverse proxy or load balancer
-    const requestUrl = new URL(request.url);
-    const fetchUrl = `${callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainCallback=true`;
-    return new server_js_1.NextResponse(`<html lang="en">
-         <body>
-             <span style="display:none">
-                 <script>
-                     window.onload = function () {
-                         const appUrl = globalThis.window?.location?.origin;
-                         fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {
-                             response.json().then((jsonResponse) => {
-                                 if (jsonResponse.redirectUrl) {
-                                     window.location.href = jsonResponse.redirectUrl;
-                                 }
-                             });
-                         });
-                     };
-                 </script>
-             </span>
-         </body>
-     </html>
-    `);
-};
-async function handleCallback(request, config) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    const code = request.nextUrl.searchParams.get("code");
-    const state = request.nextUrl.searchParams.get("state");
-    if (!code || !state)
-        throw new AuthError("Bad parameters", 400);
-    // appUrl is passed from the client to the server in the query string
-    // this is necessary because the server does not have access to the client's window.location.origin
-    // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)
-    const appUrl = getAppUrl(request);
-    // If we have a code_verifier cookie and the appUrl, we can do a token exchange.
-    // Otherwise, just render an empty page.
-    // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.
-    // The client will make an additional call to this route with cookies included, at which point we do the token exchange.
-    const codeVerifier = request.cookies.get(types_js_1.CodeVerifier.COOKIE_NAME);
-    if (!codeVerifier || !appUrl) {
-        logger.debug("handleCallback no code_verifier found", {
-            state,
-            serverTokenExchange: (0, oauth_js_1.serverTokenExchangeFromState)(`${state}`),
-        });
-        let response = new server_js_1.NextResponse(`<html lang="en"><body><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`);
-        // in server-side token exchange mode we need to launch a page that will trigger the token exchange
-        // from the same domain, allowing it access to the code_verifier cookie
-        // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange
-        // if no code-verifier cookie is found
-        if (state && (0, oauth_js_1.serverTokenExchangeFromState)(state)) {
-            logger.debug("handleCallback serverTokenExchangeFromState, launching redirect page...", {
-                requestUrl: request.url,
-                configCallbackUrl: resolvedConfigs.callbackUrl,
-            });
-            // generate a page that will callback to the same domain, allowing access
-            // to the code_verifier cookie and passing the appUrl.
-            response = generateHtmlResponseWithCallback(request, resolvedConfigs.callbackUrl);
-        }
-        response.headers.set("Content-Type", "text/html; charset=utf-8");
-        logger.debug(`handleCallback no code_verifier found, returning ${constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT}`);
-        return response;
-    }
-    await performTokenExchangeAndSetCookies(resolvedConfigs, code, state, appUrl);
-    if (request.url.includes("sameDomainCallback=true")) {
-        logger.debug("handleCallback sameDomainCallback = true, returning redirectUrl", appUrl);
-        return server_js_1.NextResponse.json({
-            status: "success",
-            redirectUrl: appUrl,
-        });
-    }
-    // this is the case where a 'normal' redirect is happening
-    if ((0, oauth_js_1.serverTokenExchangeFromState)(state)) {
-        logger.debug("handleCallback serverTokenExchangeFromState, redirect to appUrl", appUrl);
-        if (!appUrl) {
-            throw new Error("appUrl undefined. Cannot redirect.");
-        }
-        return server_js_1.NextResponse.redirect(`${appUrl}`);
-    }
-    // return an empty HTML response so the iframe doesn't show any response
-    // in the short moment between the redirect and the parent window
-    // acknowledging the redirect and closing the iframe
-    const response = new server_js_1.NextResponse(`<html lang="en"><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`);
-    response.headers.set("Content-Type", "text/html; charset=utf-8");
-    return response;
-}
-/**
- * If redirectPath is an absolute path, return it as-is.
- * Otherwise for relative paths, append it to the current domain.
- * @param redirectPath
- * @param currentBasePath
- * @returns
- */
-const getAbsoluteRedirectPath = (redirectPath, currentBasePath) => new URL(redirectPath, currentBasePath).href;
-const getPostLogoutRedirectUrl = (request, config) => {
-    const { loginUrl } = (0, config_js_1.resolveAuthConfig)(config);
-    const redirectTarget = loginUrl ?? "/";
-    // if the optional loginUrl is provided and it is an absolute URL,
-    // use it as the redirect target
-    const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
-    if (isAbsoluteRedirect) {
-        return redirectTarget;
-    }
-    // if loginUrl is not defined, the appUrl is passed from the client to the server
-    // in the query string or cookies. This is necessary because the server does not
-    // have access to the client's window.location and can not accurately determine
-    // the appUrl (specially if the app is behind a reverse proxy).
-    const appUrl = getAppUrl(request);
-    if (appUrl)
-        return getAbsoluteRedirectPath(redirectTarget, appUrl);
-    return null;
-};
-const revalidateUrlPath = async (url) => {
-    try {
-        const path = new URL(url).pathname;
-        (0, cache_js_1.revalidatePath)(path);
-    }
-    catch (error) {
-        logger.warn("Failed to revalidate path after logout:", error);
-    }
-};
-async function handleLogout(request, config) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    const postLogoutUrl = new URL(resolvedConfigs.logoutCallbackUrl, getAppUrl(request) || request.url);
-    // read the id_token from the cookies
-    const idToken = await getIdToken(resolvedConfigs);
-    // read the state from the query parameters
-    const state = request.nextUrl.searchParams.get("state");
-    if (!state || !idToken) {
-        logger.error("handleLogout: missing state or idToken", { state, idToken });
-        // if token or state is missing, the logout call to the server will fail,
-        // (token has potentially expired already) so go straight to the postLogoutUrl
-        //  so the user can be signed out.
-        return server_js_1.NextResponse.redirect(`${postLogoutUrl}${state ? "?state=" + state : ""}`);
-    }
-    const logoutUrl = await (0, util_js_1.generateOauthLogoutUrl)({
-        clientId: resolvedConfigs.clientId,
-        idToken,
-        state,
-        redirectUrl: postLogoutUrl.href,
-        oauthServer: resolvedConfigs.oauthServer,
-    });
-    return server_js_1.NextResponse.redirect(`${logoutUrl.href}`);
-}
-async function handleLogoutCallback(request, config) {
-    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
-    const state = request.nextUrl.searchParams.get("state") || "";
-    const displayMode = (0, oauth_js_1.displayModeFromState)(state, "iframe");
-    const canAccessCookies = !!(await getIdToken(resolvedConfigs));
-    const isSameDomainCallback = request.url.includes("sameDomainCallback=true");
-    if (canAccessCookies || isSameDomainCallback) {
-        await (0, cookies_js_1.clearAuthCookies)();
-    }
-    let response;
-    // handle logout for iframe display mode
-    if (displayMode === "iframe") {
-        // try to read the token from cookies. If cookies cant be read/written
-        // because the request cames from a cross-origin redirect,
-        // we need to show a page that will trigger the logout from the same domain
-        if (canAccessCookies || isSameDomainCallback) {
-            // just return success
-            return server_js_1.NextResponse.json({ status: "success" });
-        }
-        // return a page that will trigger the logout from the same domain
-        response = generateHtmlResponseWithCallback(request, resolvedConfigs.logoutCallbackUrl);
-        response.headers.set("Content-Type", "text/html; charset=utf-8");
-        return response;
-    }
-    // handle logout for non-iframe display mode
-    const redirectUrl = getPostLogoutRedirectUrl(request, resolvedConfigs);
-    if (redirectUrl && (canAccessCookies || isSameDomainCallback)) {
-        // just redirect to the app url
-        response = server_js_1.NextResponse.redirect(`${redirectUrl}`);
-        revalidateUrlPath(redirectUrl);
-    }
-    else {
-        logger.debug("handleLogout no redirectUrl found", { state });
-        response = generateHtmlResponseWithCallback(request, resolvedConfigs.logoutCallbackUrl);
-        response.headers.set("Content-Type", "text/html; charset=utf-8");
-    }
-    return response;
-}
-/**
- * Creates an authentication handler for Next.js API routes
- *
- * Usage:
- * ```ts
- * // app/api/auth/[...civicauth]/route.ts
- * import { handler } from '@civic/auth/nextjs'
- * export const GET = handler({
- *   // optional config overrides
- * })
- * ```
- */
-const handler = (authConfig = {}) => async (request) => {
-    const config = (0, config_js_1.resolveAuthConfig)(authConfig);
-    try {
-        const pathname = request.nextUrl.pathname;
-        const pathSegments = pathname.split("/");
-        const lastSegment = pathSegments[pathSegments.length - 1];
-        switch (lastSegment) {
-            case "challenge":
-                return await handleChallenge(request, config);
-            case "callback":
-                return await handleCallback(request, config);
-            case "refresh":
-                return await handleRefresh(request, config);
-            case "logout":
-                return await handleLogout(request, config);
-            case "logoutcallback":
-                return await handleLogoutCallback(request, config);
-            default:
-                throw new AuthError(`Invalid auth route: ${pathname}`, 404);
-        }
-    }
-    catch (error) {
-        logger.error("Auth handler error:", error);
-        const status = error instanceof AuthError ? error.status : 500;
-        const message = error instanceof Error ? error.message : "Authentication failed";
-        const response = server_js_1.NextResponse.json({ error: message }, { status });
-        await (0, cookies_js_1.clearAuthCookies)();
-        return response;
-    }
-};
-exports.handler = handler;
-//# sourceMappingURL=routeHandler.js.map

package/dist/cjs/nextjs/routeHandler.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"routeHandler.js","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":";;;AAsSA,oCAoCC;AAED,oDAsDC;AAlYD,iDAGwB;AACxB,+CAA0C;AAC1C,6CAGwB;AAExB,kDAAuD;AACvD,oDAA4E;AAC5E,gDAA4C;AAC5C,gDAAuD;AACvD,gDAA2D;AAC3D,gDAAqE;AACrE,oDAAkE;AAClE,gEAAiE;AACjE,kDAA8D;AAC9D,4CAA+C;AAE/C,8CAA8C;AAC9C,yGAAmG;AAEnG,MAAM,MAAM,GAAG,mBAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAE5C,MAAM,SAAU,SAAQ,KAAK;IAGT;IAFlB,YACE,OAAe,EACC,SAAiB,GAAG;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,WAAM,GAAN,MAAM,CAAc;QAGpC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,SAAS,GAAG,CAAC,OAAoB,EAAiB,EAAE,CACxD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAY,CAAC,OAAO,CAAC,EAAE,KAAK;IAChD,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAE7C,MAAM,UAAU,GAAG,KAAK,EAAE,MAAkB,EAA0B,EAAE;IACtE,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5E,OAAO,aAAa,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;AACjD,CAAC,CAAC;AAEF;;;;GAIG;AACH,KAAK,UAAU,eAAe,CAC5B,OAAoB,EACpB,MAAkB;IAElB,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,aAAa,CAAC,CAAC;IAExE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,gBAAgB,EAAE,CAAC;IACxD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,MAAM,EAAE,CAAC;QACX,aAAa,CAAC,GAAG,CAAC,uBAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,KAAK,UAAU,iCAAiC,CAC9C,MAAkB,EAClB,IAAY,EACZ,KAAa,EACb,MAAc;IAEd,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,mGAAmG;IACnG,kFAAkF;IAClF,0DAA0D;IAC1D,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC;QAC5C,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM;QACjC,IAAI,EAAE,eAAe,CAAC,OAAO,CAAC,IAAI;KACnC,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,IAAA,6BAAkB,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,IAAA,iCAAsB,EAAC,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE;YACvD,GAAG,eAAe;YAClB,WAAW,EAAE,WAAW;SACzB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,IAAI,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAA,kBAAO,GAAE,CAAC;IAC7B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,SAAS,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,aAAa,CAAC,CAAC;IAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AACD,KAAK,UAAU,aAAa,CAC1B,QAAqB,EACrB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5E,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,CAAC,KAAY,EAAE,EAAE;YAC/B,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YAC5D,MAAM,IAAI,SAAS,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,gFAAqC,CAAC,KAAK,CACjE;YACE,QAAQ,EAAE,eAAe,CAAC,QAAQ;YAClC,WAAW,EAAE,eAAe,CAAC,WAAW;YACxC,WAAW,EAAE,eAAe,CAAC,WAAW;YACxC,UAAU,EAAE,eAAe,CAAC,UAAU;SACvC,EACD,aAAa,EACb,OAAO,CACR,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,kBAAkB,EAAE,CAAC;QACpD,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;QAC5D,MAAM,IAAI,SAAS,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;IACvD,CAAC;AACH,CAAC;AAED,MAAM,gCAAgC,GAAG,CACvC,OAAoB,EACpB,WAAmB,EACnB,EAAE;IACF,+EAA+E;IAC/E,0CAA0C;IAC1C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,GAAG,WAAW,IAAI,UAAU,CAAC,YAAY,CAAC,QAAQ,EAAE,0BAA0B,CAAC;IAChG,OAAO,IAAI,wBAAY,CACrB;;;;;;kCAM8B,QAAQ;;;;;;;;;;;;KAYrC,CACF,CAAC;AACJ,CAAC,CAAC;AAEF,KAAK,UAAU,cAAc,CAC3B,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACxD,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAEhE,qEAAqE;IACrE,mGAAmG;IACnG,+FAA+F;IAC/F,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAElC,gFAAgF;IAChF,wCAAwC;IACxC,yHAAyH;IACzH,wHAAwH;IACxH,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAY,CAAC,WAAW,CAAC,CAAC;IAEnE,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;YACpD,KAAK;YACL,mBAAmB,EAAE,IAAA,uCAA4B,EAAC,GAAG,KAAK,EAAE,CAAC;SAC9D,CAAC,CAAC;QACH,IAAI,QAAQ,GAAG,IAAI,wBAAY,CAC7B,oDAAoD,0CAA2B,uBAAuB,CACvG,CAAC;QAEF,mGAAmG;QACnG,uEAAuE;QACvE,wGAAwG;QACxG,sCAAsC;QACtC,IAAI,KAAK,IAAI,IAAA,uCAA4B,EAAC,KAAK,CAAC,EAAE,CAAC;YACjD,MAAM,CAAC,KAAK,CACV,yEAAyE,EACzE;gBACE,UAAU,EAAE,OAAO,CAAC,GAAG;gBACvB,iBAAiB,EAAE,eAAe,CAAC,WAAW;aAC/C,CACF,CAAC;YACF,yEAAyE;YACzE,sDAAsD;YACtD,QAAQ,GAAG,gCAAgC,CACzC,OAAO,EACP,eAAe,CAAC,WAAW,CAC5B,CAAC;QACJ,CAAC;QAED,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;QACjE,MAAM,CAAC,KAAK,CACV,oDAAoD,0CAA2B,EAAE,CAClF,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,iCAAiC,CAAC,eAAe,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAE9E,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,KAAK,CACV,iEAAiE,EACjE,MAAM,CACP,CAAC;QACF,OAAO,wBAAY,CAAC,IAAI,CAAC;YACvB,MAAM,EAAE,SAAS;YACjB,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAC1D,IAAI,IAAA,uCAA4B,EAAC,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,CAAC,KAAK,CACV,iEAAiE,EACjE,MAAM,CACP,CAAC;QACF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,wBAAY,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,wEAAwE;IACxE,iEAAiE;IACjE,oDAAoD;IACpD,MAAM,QAAQ,GAAG,IAAI,wBAAY,CAC/B,8CAA8C,0CAA2B,gBAAgB,CAC1F,CAAC;IACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;IACjE,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,uBAAuB,GAAG,CAC9B,YAAoB,EACpB,eAAuB,EACvB,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC,IAAI,CAAC;AAEjD,MAAM,wBAAwB,GAAG,CAC/B,OAAoB,EACpB,MAAkB,EACH,EAAE;IACjB,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,QAAQ,IAAI,GAAG,CAAC;IAEvC,kEAAkE;IAClE,gCAAgC;IAChC,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1E,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,iFAAiF;IACjF,gFAAgF;IAChF,+EAA+E;IAC/E,+DAA+D;IAC/D,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,MAAM;QAAE,OAAO,uBAAuB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAEnE,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,KAAK,EAAE,GAAW,EAAE,EAAE;IAC9C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;QACnC,IAAA,yBAAc,EAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;IAChE,CAAC;AACH,CAAC,CAAC;AAEK,KAAK,UAAU,YAAY,CAChC,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAElD,MAAM,aAAa,GAAG,IAAI,GAAG,CAC3B,eAAe,CAAC,iBAAiB,EACjC,SAAS,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,GAAG,CAClC,CAAC;IAEF,qCAAqC;IACrC,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC;IAElD,2CAA2C;IAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAExD,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;QACvB,MAAM,CAAC,KAAK,CAAC,wCAAwC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3E,yEAAyE;QACzE,8EAA8E;QAC9E,kCAAkC;QAClC,OAAO,wBAAY,CAAC,QAAQ,CAC1B,GAAG,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAsB,EAAC;QAC7C,QAAQ,EAAE,eAAe,CAAC,QAAQ;QAClC,OAAO;QACP,KAAK;QACL,WAAW,EAAE,aAAa,CAAC,IAAI;QAC/B,WAAW,EAAE,eAAe,CAAC,WAAW;KACzC,CAAC,CAAC;IAEH,OAAO,wBAAY,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;AACpD,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAElD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAC9D,MAAM,WAAW,GAAG,IAAA,+BAAoB,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAE1D,MAAM,gBAAgB,GAAG,CAAC,CAAC,CAAC,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;IAC/D,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC;IAE7E,IAAI,gBAAgB,IAAI,oBAAoB,EAAE,CAAC;QAC7C,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC3B,CAAC;IAED,IAAI,QAAQ,CAAC;IAEb,wCAAwC;IACxC,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC7B,sEAAsE;QACtE,0DAA0D;QAC1D,2EAA2E;QAC3E,IAAI,gBAAgB,IAAI,oBAAoB,EAAE,CAAC;YAC7C,sBAAsB;YACtB,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAClD,CAAC;QAED,kEAAkE;QAClE,QAAQ,GAAG,gCAAgC,CACzC,OAAO,EACP,eAAe,CAAC,iBAAiB,CAClC,CAAC;QACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;QACjE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,4CAA4C;IAC5C,MAAM,WAAW,GAAG,wBAAwB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAEvE,IAAI,WAAW,IAAI,CAAC,gBAAgB,IAAI,oBAAoB,CAAC,EAAE,CAAC;QAC9D,+BAA+B;QAC/B,QAAQ,GAAG,wBAAY,CAAC,QAAQ,CAAC,GAAG,WAAW,EAAE,CAAC,CAAC;QACnD,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7D,QAAQ,GAAG,gCAAgC,CACzC,OAAO,EACP,eAAe,CAAC,iBAAiB,CAClC,CAAC;QACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;GAWG;AACI,MAAM,OAAO,GAClB,CAAC,UAAU,GAAG,EAAE,EAAE,EAAE,CACpB,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,MAAM,GAAG,IAAA,6BAAiB,EAAC,UAAU,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAC1C,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,MAAM,WAAW,GAAG,YAAY,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAE1D,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,WAAW;gBACd,OAAO,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAChD,KAAK,UAAU;gBACb,OAAO,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC/C,KAAK,SAAS;gBACZ,OAAO,MAAM,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,KAAK,QAAQ;gBACX,OAAO,MAAM,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC7C,KAAK,gBAAgB;gBACnB,OAAO,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACrD;gBACE,MAAM,IAAI,SAAS,CAAC,uBAAuB,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAE3C,MAAM,MAAM,GAAG,KAAK,YAAY,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC;QAC/D,MAAM,OAAO,GACX,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;QAEnE,MAAM,QAAQ,GAAG,wBAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAEnE,MAAM,IAAA,6BAAgB,GAAE,CAAC;QACzB,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC,CAAC;AApCS,QAAA,OAAO,WAoChB","sourcesContent":["import {\n  TOKEN_EXCHANGE_SUCCESS_TEXT,\n  TOKEN_EXCHANGE_TRIGGER_TEXT,\n} from \"@/constants.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n  displayModeFromState,\n  serverTokenExchangeFromState,\n} from \"@/lib/oauth.js\";\nimport type { AuthConfig } from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { clearAuthCookies, NextjsCookieStorage } from \"@/nextjs/cookies.js\";\nimport { getUser } from \"@/nextjs/index.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { CodeVerifier, OAuthTokens } from \"@/shared/lib/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { generateOauthLogoutUrl } from \"@/shared/lib/util.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\nimport { NextServerAuthenticationRefresherImpl } from \"./NextServerAuthenticationRefresherImpl.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n  constructor(\n    message: string,\n    public readonly status: number = 401,\n  ) {\n    super(message);\n    this.name = \"AuthError\";\n  }\n}\n\nconst getAppUrl = (request: NextRequest): string | null =>\n  request.cookies.get(CodeVerifier.APP_URL)?.value ||\n  request.nextUrl.searchParams.get(\"appUrl\");\n\nconst getIdToken = async (config: AuthConfig): Promise<string | null> => {\n  const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n  return cookieStorage.get(OAuthTokens.ID_TOKEN);\n};\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n  const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n  const challenge = await pkceProducer.getCodeChallenge();\n  const appUrl = request.nextUrl.searchParams.get(\"appUrl\");\n  if (appUrl) {\n    cookieStorage.set(CodeVerifier.APP_URL, appUrl);\n  }\n  return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function performTokenExchangeAndSetCookies(\n  config: AuthConfig,\n  code: string,\n  state: string,\n  appUrl: string,\n) {\n  const resolvedConfigs = resolveAuthConfig(config);\n  // TODO This is messy, better would be to fix the config.cookies type to always be <name: settings>\n  // rather than nesting the tokens-related ones *and* code-verifier inside \"tokens\"\n  // (despite code-verifier not relating directly to tokens)\n  const cookieStorage = new NextjsCookieStorage({\n    ...resolvedConfigs.cookies.tokens,\n    user: resolvedConfigs.cookies.user,\n  });\n\n  const callbackUrl = resolveCallbackUrl(resolvedConfigs, appUrl);\n  try {\n    await resolveOAuthAccessCode(code, state, cookieStorage, {\n      ...resolvedConfigs,\n      redirectUrl: callbackUrl,\n    });\n  } catch (error) {\n    logger.error(\"Token exchange failed:\", error);\n    throw new AuthError(\"Failed to authenticate user\", 401);\n  }\n\n  const user = await getUser();\n  if (!user) {\n    throw new AuthError(\"Failed to get user info\", 401);\n  }\n  const userSession = new GenericUserSession(cookieStorage);\n  await userSession.set(user);\n}\nasync function handleRefresh(\n  _request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const resolvedConfigs = resolveAuthConfig(config);\n  const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n  try {\n    const onError = (error: Error) => {\n      logger.error(\"handleRefresh: Token refresh failed:\", error);\n      throw new AuthError(\"Failed to refresh tokens\", 500);\n    };\n    const refresher = await NextServerAuthenticationRefresherImpl.build(\n      {\n        clientId: resolvedConfigs.clientId,\n        oauthServer: resolvedConfigs.oauthServer,\n        redirectUrl: resolvedConfigs.callbackUrl,\n        refreshUrl: resolvedConfigs.refreshUrl,\n      },\n      cookieStorage,\n      onError,\n    );\n\n    const tokens = await refresher.refreshAccessToken();\n    return NextResponse.json({ status: \"success\", tokens });\n  } catch (error) {\n    logger.error(\"handleRefresh: Token refresh failed:\", error);\n    throw new AuthError(\"Failed to refresh tokens\", 500);\n  }\n}\n\nconst generateHtmlResponseWithCallback = (\n  request: NextRequest,\n  callbackUrl: string,\n) => {\n  // we need to replace the URL with resolved config in case the server is hosted\n  // behind a reverse proxy or load balancer\n  const requestUrl = new URL(request.url);\n  const fetchUrl = `${callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainCallback=true`;\n  return new NextResponse(\n    `<html lang=\"en\">\n         <body>\n             <span style=\"display:none\">\n                 <script>\n                     window.onload = function () {\n                         const appUrl = globalThis.window?.location?.origin;\n                         fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {\n                             response.json().then((jsonResponse) => {\n                                 if (jsonResponse.redirectUrl) {\n                                     window.location.href = jsonResponse.redirectUrl;\n                                 }\n                             });\n                         });\n                     };\n                 </script>\n             </span>\n         </body>\n     </html>\n    `,\n  );\n};\n\nasync function handleCallback(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const resolvedConfigs = resolveAuthConfig(config);\n  const code = request.nextUrl.searchParams.get(\"code\");\n  const state = request.nextUrl.searchParams.get(\"state\");\n  if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n  // appUrl is passed from the client to the server in the query string\n  // this is necessary because the server does not have access to the client's window.location.origin\n  // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)\n  const appUrl = getAppUrl(request);\n\n  // If we have a code_verifier cookie and the appUrl, we can do a token exchange.\n  // Otherwise, just render an empty page.\n  // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.\n  // The client will make an additional call to this route with cookies included, at which point we do the token exchange.\n  const codeVerifier = request.cookies.get(CodeVerifier.COOKIE_NAME);\n\n  if (!codeVerifier || !appUrl) {\n    logger.debug(\"handleCallback no code_verifier found\", {\n      state,\n      serverTokenExchange: serverTokenExchangeFromState(`${state}`),\n    });\n    let response = new NextResponse(\n      `<html lang=\"en\"><body><span style=\"display:none\">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`,\n    );\n\n    // in server-side token exchange mode we need to launch a page that will trigger the token exchange\n    // from the same domain, allowing it access to the code_verifier cookie\n    // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange\n    // if no code-verifier cookie is found\n    if (state && serverTokenExchangeFromState(state)) {\n      logger.debug(\n        \"handleCallback serverTokenExchangeFromState, launching redirect page...\",\n        {\n          requestUrl: request.url,\n          configCallbackUrl: resolvedConfigs.callbackUrl,\n        },\n      );\n      // generate a page that will callback to the same domain, allowing access\n      // to the code_verifier cookie and passing the appUrl.\n      response = generateHtmlResponseWithCallback(\n        request,\n        resolvedConfigs.callbackUrl,\n      );\n    }\n\n    response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n    logger.debug(\n      `handleCallback no code_verifier found, returning ${TOKEN_EXCHANGE_TRIGGER_TEXT}`,\n    );\n    return response;\n  }\n\n  await performTokenExchangeAndSetCookies(resolvedConfigs, code, state, appUrl);\n\n  if (request.url.includes(\"sameDomainCallback=true\")) {\n    logger.debug(\n      \"handleCallback sameDomainCallback = true, returning redirectUrl\",\n      appUrl,\n    );\n    return NextResponse.json({\n      status: \"success\",\n      redirectUrl: appUrl,\n    });\n  }\n\n  // this is the case where a 'normal' redirect is happening\n  if (serverTokenExchangeFromState(state)) {\n    logger.debug(\n      \"handleCallback serverTokenExchangeFromState, redirect to appUrl\",\n      appUrl,\n    );\n    if (!appUrl) {\n      throw new Error(\"appUrl undefined. Cannot redirect.\");\n    }\n    return NextResponse.redirect(`${appUrl}`);\n  }\n  // return an empty HTML response so the iframe doesn't show any response\n  // in the short moment between the redirect and the parent window\n  // acknowledging the redirect and closing the iframe\n  const response = new NextResponse(\n    `<html lang=\"en\"><span style=\"display:none\">${TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`,\n  );\n  response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n  return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @param currentBasePath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n  redirectPath: string,\n  currentBasePath: string,\n) => new URL(redirectPath, currentBasePath).href;\n\nconst getPostLogoutRedirectUrl = (\n  request: NextRequest,\n  config: AuthConfig,\n): string | null => {\n  const { loginUrl } = resolveAuthConfig(config);\n  const redirectTarget = loginUrl ?? \"/\";\n\n  // if the optional loginUrl is provided and it is an absolute URL,\n  // use it as the redirect target\n  const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n  if (isAbsoluteRedirect) {\n    return redirectTarget;\n  }\n\n  // if loginUrl is not defined, the appUrl is passed from the client to the server\n  // in the query string or cookies. This is necessary because the server does not\n  // have access to the client's window.location and can not accurately determine\n  // the appUrl (specially if the app is behind a reverse proxy).\n  const appUrl = getAppUrl(request);\n  if (appUrl) return getAbsoluteRedirectPath(redirectTarget, appUrl);\n\n  return null;\n};\n\nconst revalidateUrlPath = async (url: string) => {\n  try {\n    const path = new URL(url).pathname;\n    revalidatePath(path);\n  } catch (error) {\n    logger.warn(\"Failed to revalidate path after logout:\", error);\n  }\n};\n\nexport async function handleLogout(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const resolvedConfigs = resolveAuthConfig(config);\n\n  const postLogoutUrl = new URL(\n    resolvedConfigs.logoutCallbackUrl,\n    getAppUrl(request) || request.url,\n  );\n\n  // read the id_token from the cookies\n  const idToken = await getIdToken(resolvedConfigs);\n\n  // read the state from the query parameters\n  const state = request.nextUrl.searchParams.get(\"state\");\n\n  if (!state || !idToken) {\n    logger.error(\"handleLogout: missing state or idToken\", { state, idToken });\n    // if token or state is missing, the logout call to the server will fail,\n    // (token has potentially expired already) so go straight to the postLogoutUrl\n    //  so the user can be signed out.\n    return NextResponse.redirect(\n      `${postLogoutUrl}${state ? \"?state=\" + state : \"\"}`,\n    );\n  }\n\n  const logoutUrl = await generateOauthLogoutUrl({\n    clientId: resolvedConfigs.clientId,\n    idToken,\n    state,\n    redirectUrl: postLogoutUrl.href,\n    oauthServer: resolvedConfigs.oauthServer,\n  });\n\n  return NextResponse.redirect(`${logoutUrl.href}`);\n}\n\nexport async function handleLogoutCallback(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const resolvedConfigs = resolveAuthConfig(config);\n\n  const state = request.nextUrl.searchParams.get(\"state\") || \"\";\n  const displayMode = displayModeFromState(state, \"iframe\");\n\n  const canAccessCookies = !!(await getIdToken(resolvedConfigs));\n  const isSameDomainCallback = request.url.includes(\"sameDomainCallback=true\");\n\n  if (canAccessCookies || isSameDomainCallback) {\n    await clearAuthCookies();\n  }\n\n  let response;\n\n  // handle logout for iframe display mode\n  if (displayMode === \"iframe\") {\n    // try to read the token from cookies. If cookies cant be read/written\n    // because the request cames from a cross-origin redirect,\n    // we need to show a page that will trigger the logout from the same domain\n    if (canAccessCookies || isSameDomainCallback) {\n      // just return success\n      return NextResponse.json({ status: \"success\" });\n    }\n\n    // return a page that will trigger the logout from the same domain\n    response = generateHtmlResponseWithCallback(\n      request,\n      resolvedConfigs.logoutCallbackUrl,\n    );\n    response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n    return response;\n  }\n\n  // handle logout for non-iframe display mode\n  const redirectUrl = getPostLogoutRedirectUrl(request, resolvedConfigs);\n\n  if (redirectUrl && (canAccessCookies || isSameDomainCallback)) {\n    // just redirect to the app url\n    response = NextResponse.redirect(`${redirectUrl}`);\n    revalidateUrlPath(redirectUrl);\n  } else {\n    logger.debug(\"handleLogout no redirectUrl found\", { state });\n    response = generateHtmlResponseWithCallback(\n      request,\n      resolvedConfigs.logoutCallbackUrl,\n    );\n    response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n  }\n\n  return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n *   // optional config overrides\n * })\n * ```\n */\nexport const handler =\n  (authConfig = {}) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const config = resolveAuthConfig(authConfig);\n\n    try {\n      const pathname = request.nextUrl.pathname;\n      const pathSegments = pathname.split(\"/\");\n      const lastSegment = pathSegments[pathSegments.length - 1];\n\n      switch (lastSegment) {\n        case \"challenge\":\n          return await handleChallenge(request, config);\n        case \"callback\":\n          return await handleCallback(request, config);\n        case \"refresh\":\n          return await handleRefresh(request, config);\n        case \"logout\":\n          return await handleLogout(request, config);\n        case \"logoutcallback\":\n          return await handleLogoutCallback(request, config);\n        default:\n          throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n      }\n    } catch (error) {\n      logger.error(\"Auth handler error:\", error);\n\n      const status = error instanceof AuthError ? error.status : 500;\n      const message =\n        error instanceof Error ? error.message : \"Authentication failed\";\n\n      const response = NextResponse.json({ error: message }, { status });\n\n      await clearAuthCookies();\n      return response;\n    }\n  };\n"]}

package/dist/cjs/nextjs/utils.d.ts

@@ -1,3 +0,0 @@
-import type { AuthConfigWithDefaults } from "../nextjs/config.js";
-export declare const resolveCallbackUrl: (config: AuthConfigWithDefaults, baseUrl?: string) => string;
-//# sourceMappingURL=utils.d.ts.map

package/dist/cjs/nextjs/utils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/nextjs/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAEjE,eAAO,MAAM,kBAAkB,WACrB,sBAAsB,YACpB,MAAM,KACf,MAGF,CAAC"}

package/dist/cjs/nextjs/utils.js

@@ -1,9 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.resolveCallbackUrl = void 0;
-const resolveCallbackUrl = (config, baseUrl) => {
-    const callbackUrl = new URL(config?.callbackUrl, baseUrl).toString();
-    return callbackUrl.toString();
-};
-exports.resolveCallbackUrl = resolveCallbackUrl;
-//# sourceMappingURL=utils.js.map

package/dist/cjs/nextjs/utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/nextjs/utils.ts"],"names":[],"mappings":";;;AAEO,MAAM,kBAAkB,GAAG,CAChC,MAA8B,EAC9B,OAAgB,EACR,EAAE;IACV,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IACrE,OAAO,WAAW,CAAC,QAAQ,EAAE,CAAC;AAChC,CAAC,CAAC;AANW,QAAA,kBAAkB,sBAM7B","sourcesContent":["import type { AuthConfigWithDefaults } from \"@/nextjs/config.js\";\n\nexport const resolveCallbackUrl = (\n  config: AuthConfigWithDefaults,\n  baseUrl?: string,\n): string => {\n  const callbackUrl = new URL(config?.callbackUrl, baseUrl).toString();\n  return callbackUrl.toString();\n};\n"]}

package/dist/cjs/reactjs/components/ButtonContentOrLoader.d.ts

@@ -1,17 +0,0 @@
-import React from "react";
-import type { AuthStatus, DisplayMode } from "../../types.js";
-/**
- * show the loader if the user action has started and the iframe has not been aborted
- * @param {AuthStatus} options.authStatus
- * @param {DisplayMode} options.displayMode
- * @param {boolean} options.userActionStarted
- * @param options.children
- * @returns
- */
-export declare const ButtonContentOrLoader: ({ authStatus, displayMode, userActionStarted, children, }: {
-    authStatus: AuthStatus;
-    displayMode: DisplayMode;
-    userActionStarted?: boolean;
-    children: React.ReactNode;
-}) => import("@emotion/react/jsx-runtime").JSX.Element;
-//# sourceMappingURL=ButtonContentOrLoader.d.ts.map

package/dist/cjs/reactjs/components/ButtonContentOrLoader.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"ButtonContentOrLoader.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/components/ButtonContentOrLoader.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAI1D;;;;;;;GAOG;AACH,eAAO,MAAM,qBAAqB,8DAK/B;IACD,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,WAAW,CAAC;IACzB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B,qDA0CA,CAAC"}

package/dist/cjs/reactjs/components/ButtonContentOrLoader.js

@@ -1,40 +0,0 @@
-"use strict";
-"use client";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ButtonContentOrLoader = void 0;
-const jsx_runtime_1 = require("@emotion/react/jsx-runtime");
-const LoadingIcon_js_1 = require("../../shared/components/LoadingIcon.js");
-const utils_js_1 = require("./utils.js");
-const useIframe_js_1 = require("../../shared/hooks/useIframe.js");
-/**
- * show the loader if the user action has started and the iframe has not been aborted
- * @param {AuthStatus} options.authStatus
- * @param {DisplayMode} options.displayMode
- * @param {boolean} options.userActionStarted
- * @param options.children
- * @returns
- */
-const ButtonContentOrLoader = ({ authStatus, displayMode, userActionStarted, children, }) => {
-    const { iframeAborted } = (0, useIframe_js_1.useIframe)();
-    const showLoader = (0, utils_js_1.shouldShowLoader)(authStatus, displayMode, userActionStarted && !iframeAborted);
-    return ((0, jsx_runtime_1.jsxs)("div", { css: {
-            position: "relative",
-            display: "flex",
-            alignItems: "center",
-            justifyContent: "center",
-        }, children: [(0, jsx_runtime_1.jsx)("span", { css: {
-                    visibility: showLoader ? "hidden" : "visible",
-                    whiteSpace: "nowrap",
-                }, children: children }), showLoader ? ((0, jsx_runtime_1.jsx)("span", { css: {
-                    position: "absolute",
-                    display: "flex",
-                    justifyContent: "center",
-                    alignItems: "center",
-                    top: 0,
-                    left: 0,
-                    right: 0,
-                    bottom: 0,
-                }, children: (0, jsx_runtime_1.jsx)(LoadingIcon_js_1.LoadingIcon, { width: "1.5em", height: "1.5em" }) })) : null] }));
-};
-exports.ButtonContentOrLoader = ButtonContentOrLoader;
-//# sourceMappingURL=ButtonContentOrLoader.js.map

package/dist/cjs/reactjs/components/ButtonContentOrLoader.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"ButtonContentOrLoader.js","sourceRoot":"","sources":["../../../../src/reactjs/components/ButtonContentOrLoader.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;AAEb,uEAAiE;AAEjE,yCAA8C;AAC9C,8DAAwD;AAExD;;;;;;;GAOG;AACI,MAAM,qBAAqB,GAAG,CAAC,EACpC,UAAU,EACV,WAAW,EACX,iBAAiB,EACjB,QAAQ,GAMT,EAAE,EAAE;IACH,MAAM,EAAE,aAAa,EAAE,GAAG,IAAA,wBAAS,GAAE,CAAC;IACtC,MAAM,UAAU,GAAG,IAAA,2BAAgB,EACjC,UAAU,EACV,WAAW,EACX,iBAAiB,IAAI,CAAC,aAAa,CACpC,CAAC;IACF,OAAO,CACL,iCACE,GAAG,EAAE;YACH,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,MAAM;YACf,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;SACzB,aAED,iCACE,GAAG,EAAE;oBACH,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;oBAC7C,UAAU,EAAE,QAAQ;iBACrB,YAEA,QAAQ,GACJ,EACN,UAAU,CAAC,CAAC,CAAC,CACZ,iCACE,GAAG,EAAE;oBACH,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,MAAM;oBACf,cAAc,EAAE,QAAQ;oBACxB,UAAU,EAAE,QAAQ;oBACpB,GAAG,EAAE,CAAC;oBACN,IAAI,EAAE,CAAC;oBACP,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,CAAC;iBACV,YAED,uBAAC,4BAAW,IAAC,KAAK,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,GAAG,GACvC,CACR,CAAC,CAAC,CAAC,IAAI,IACJ,CACP,CAAC;AACJ,CAAC,CAAC;AApDW,QAAA,qBAAqB,yBAoDhC","sourcesContent":["\"use client\";\nimport React from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport type { AuthStatus, DisplayMode } from \"@/types.js\";\nimport { shouldShowLoader } from \"./utils.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\n\n/**\n * show the loader if the user action has started and the iframe has not been aborted\n * @param {AuthStatus} options.authStatus\n * @param {DisplayMode} options.displayMode\n * @param {boolean} options.userActionStarted\n * @param options.children\n * @returns\n */\nexport const ButtonContentOrLoader = ({\n  authStatus,\n  displayMode,\n  userActionStarted,\n  children,\n}: {\n  authStatus: AuthStatus;\n  displayMode: DisplayMode;\n  userActionStarted?: boolean;\n  children: React.ReactNode;\n}) => {\n  const { iframeAborted } = useIframe();\n  const showLoader = shouldShowLoader(\n    authStatus,\n    displayMode,\n    userActionStarted && !iframeAborted,\n  );\n  return (\n    <div\n      css={{\n        position: \"relative\",\n        display: \"flex\",\n        alignItems: \"center\",\n        justifyContent: \"center\",\n      }}\n    >\n      <span\n        css={{\n          visibility: showLoader ? \"hidden\" : \"visible\",\n          whiteSpace: \"nowrap\",\n        }}\n      >\n        {children}\n      </span>\n      {showLoader ? (\n        <span\n          css={{\n            position: \"absolute\",\n            display: \"flex\",\n            justifyContent: \"center\",\n            alignItems: \"center\",\n            top: 0,\n            left: 0,\n            right: 0,\n            bottom: 0,\n          }}\n        >\n          <LoadingIcon width=\"1.5em\" height=\"1.5em\" />\n        </span>\n      ) : null}\n    </div>\n  );\n};\n"]}

package/dist/cjs/reactjs/components/LoadingSpinner.d.ts

@@ -1,7 +0,0 @@
-import React from "react";
-export declare const ButtonContentOrSpinner: ({ isSigningOut, isSigningIn, children, }: {
-    isSigningOut: any;
-    isSigningIn: any;
-    children: any;
-}) => React.JSX.Element;
-//# sourceMappingURL=LoadingSpinner.d.ts.map

package/dist/cjs/reactjs/components/LoadingSpinner.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"LoadingSpinner.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/components/LoadingSpinner.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,eAAO,MAAM,sBAAsB;;;;uBAuClC,CAAC"}

package/dist/cjs/reactjs/components/LoadingSpinner.js

@@ -1,33 +0,0 @@
-"use strict";
-"use client";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ButtonContentOrSpinner = void 0;
-const react_1 = __importDefault(require("react"));
-const LoadingIcon_js_1 = require("../../shared/components/LoadingIcon.js");
-const ButtonContentOrSpinner = ({ isSigningOut, isSigningIn, children, }) => {
-    return (react_1.default.createElement("div", { style: {
-            position: "relative",
-            display: "flex",
-            alignItems: "center",
-        } },
-        react_1.default.createElement("span", { style: {
-                visibility: isSigningOut || isSigningIn ? "hidden" : "visible",
-                whiteSpace: "nowrap",
-            } }, children),
-        (isSigningOut || isSigningIn) && (react_1.default.createElement("span", { style: {
-                position: "absolute",
-                display: "flex",
-                justifyContent: "center",
-                alignItems: "center",
-                top: 0,
-                left: 0,
-                right: 0,
-                bottom: 0,
-            } },
-            react_1.default.createElement(LoadingIcon_js_1.LoadingIcon, { width: "1.5em", height: "1.5em" })))));
-};
-exports.ButtonContentOrSpinner = ButtonContentOrSpinner;
-//# sourceMappingURL=LoadingSpinner.js.map

package/dist/cjs/reactjs/components/LoadingSpinner.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"LoadingSpinner.js","sourceRoot":"","sources":["../../../../src/reactjs/components/LoadingSpinner.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;AACb,kDAA0B;AAC1B,uEAAiE;AAE1D,MAAM,sBAAsB,GAAG,CAAC,EACrC,YAAY,EACZ,WAAW,EACX,QAAQ,GACT,EAAE,EAAE;IACH,OAAO,CACL,uCACE,KAAK,EAAE;YACL,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,MAAM;YACf,UAAU,EAAE,QAAQ;SACrB;QAED,wCACE,KAAK,EAAE;gBACL,UAAU,EAAE,YAAY,IAAI,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;gBAC9D,UAAU,EAAE,QAAQ;aACrB,IAEA,QAAQ,CACJ;QACN,CAAC,YAAY,IAAI,WAAW,CAAC,IAAI,CAChC,wCACE,KAAK,EAAE;gBACL,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,MAAM;gBACf,cAAc,EAAE,QAAQ;gBACxB,UAAU,EAAE,QAAQ;gBACpB,GAAG,EAAE,CAAC;gBACN,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,CAAC;gBACR,MAAM,EAAE,CAAC;aACV;YAED,8BAAC,4BAAW,IAAC,KAAK,EAAC,OAAO,EAAC,MAAM,EAAC,OAAO,GAAG,CACvC,CACR,CACG,CACP,CAAC;AACJ,CAAC,CAAC;AAvCW,QAAA,sBAAsB,0BAuCjC","sourcesContent":["\"use client\";\nimport React from \"react\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\n\nexport const ButtonContentOrSpinner = ({\n  isSigningOut,\n  isSigningIn,\n  children,\n}) => {\n  return (\n    <div\n      style={{\n        position: \"relative\",\n        display: \"flex\",\n        alignItems: \"center\",\n      }}\n    >\n      <span\n        style={{\n          visibility: isSigningOut || isSigningIn ? \"hidden\" : \"visible\",\n          whiteSpace: \"nowrap\",\n        }}\n      >\n        {children}\n      </span>\n      {(isSigningOut || isSigningIn) && (\n        <span\n          style={{\n            position: \"absolute\",\n            display: \"flex\",\n            justifyContent: \"center\",\n            alignItems: \"center\",\n            top: 0,\n            left: 0,\n            right: 0,\n            bottom: 0,\n          }}\n        >\n          <LoadingIcon width=\"1.5em\" height=\"1.5em\" />\n        </span>\n      )}\n    </div>\n  );\n};\n"]}

package/dist/cjs/reactjs/components/SignInButton.d.ts

@@ -1,9 +0,0 @@
-import { type CSSProperties } from "react";
-import { type DisplayMode } from "../../types.js";
-declare const SignInButton: ({ displayMode, className, style, }: {
-    displayMode?: DisplayMode;
-    className?: string;
-    style?: CSSProperties;
-}) => import("@emotion/react/jsx-runtime").JSX.Element;
-export { SignInButton };
-//# sourceMappingURL=SignInButton.d.ts.map

package/dist/cjs/reactjs/components/SignInButton.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"SignInButton.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/components/SignInButton.tsx"],"names":[],"mappings":"AAEA,OAAO,EAAuB,KAAK,aAAa,EAAE,MAAM,OAAO,CAAC;AAChE,OAAO,EAAc,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AAI1D,QAAA,MAAM,YAAY,uCAIf;IACD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,aAAa,CAAC;CACvB,qDAwCA,CAAC;AAEF,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/cjs/reactjs/components/SignInButton.js

@@ -1,31 +0,0 @@
-"use strict";
-"use client";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SignInButton = void 0;
-const jsx_runtime_1 = require("@emotion/react/jsx-runtime");
-const react_1 = require("react");
-const types_js_1 = require("../../types.js");
-const useUser_js_1 = require("../../reactjs/hooks/useUser.js");
-const ButtonContentOrLoader_js_1 = require("./ButtonContentOrLoader.js");
-const SignInButton = ({ displayMode, className, style, }) => {
-    const { signIn, authStatus, displayMode: userDisplayMode } = (0, useUser_js_1.useUser)();
-    const [userActionStarted, setUserActionStarted] = (0, react_1.useState)(false);
-    // reset the userActionStarted state if the user logs out or aborts
-    (0, react_1.useEffect)(() => {
-        if ([types_js_1.AuthStatus.AUTHENTICATED, types_js_1.AuthStatus.UNAUTHENTICATED].includes(authStatus)) {
-            setUserActionStarted(false);
-        }
-    }, [authStatus]);
-    return ((0, jsx_runtime_1.jsx)("button", { "data-testid": "sign-in-button", css: {
-            borderRadius: "9999px",
-            border: "1px solid #6b7280",
-            padding: "0.75rem 1rem",
-            transition: "background-color 0.2s",
-            minWidth: "9em", // this stops the button from going too small when in loading mode
-        }, className: className, style: style, onClick: () => {
-            setUserActionStarted(true);
-            signIn(displayMode);
-        }, children: (0, jsx_runtime_1.jsx)(ButtonContentOrLoader_js_1.ButtonContentOrLoader, { authStatus: authStatus, displayMode: displayMode || userDisplayMode, userActionStarted: userActionStarted, children: "Sign In" }) }));
-};
-exports.SignInButton = SignInButton;
-//# sourceMappingURL=SignInButton.js.map

package/dist/cjs/reactjs/components/SignInButton.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"SignInButton.js","sourceRoot":"","sources":["../../../../src/reactjs/components/SignInButton.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;AAEb,iCAAgE;AAChE,yCAA0D;AAC1D,2DAAqD;AACrD,yEAAmE;AAEnE,MAAM,YAAY,GAAG,CAAC,EACpB,WAAW,EACX,SAAS,EACT,KAAK,GAKN,EAAE,EAAE;IACH,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,GAAG,IAAA,oBAAO,GAAE,CAAC;IACvE,MAAM,CAAC,iBAAiB,EAAE,oBAAoB,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IAElE,mEAAmE;IACnE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IACE,CAAC,qBAAU,CAAC,aAAa,EAAE,qBAAU,CAAC,eAAe,CAAC,CAAC,QAAQ,CAC7D,UAAU,CACX,EACD,CAAC;YACD,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;IACjB,OAAO,CACL,kDACc,gBAAgB,EAC5B,GAAG,EAAE;YACH,YAAY,EAAE,QAAQ;YACtB,MAAM,EAAE,mBAAmB;YAC3B,OAAO,EAAE,cAAc;YACvB,UAAU,EAAE,uBAAuB;YACnC,QAAQ,EAAE,KAAK,EAAE,kEAAkE;SACpF,EACD,SAAS,EAAE,SAAS,EACpB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,GAAG,EAAE;YACZ,oBAAoB,CAAC,IAAI,CAAC,CAAC;YAC3B,MAAM,CAAC,WAAW,CAAC,CAAC;QACtB,CAAC,YAED,uBAAC,gDAAqB,IACpB,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,WAAW,IAAI,eAAe,EAC3C,iBAAiB,EAAE,iBAAiB,wBAGd,GACjB,CACV,CAAC;AACJ,CAAC,CAAC;AAEO,oCAAY","sourcesContent":["\"use client\";\n\nimport { useEffect, useState, type CSSProperties } from \"react\";\nimport { AuthStatus, type DisplayMode } from \"@/types.js\";\nimport { useUser } from \"@/reactjs/hooks/useUser.js\";\nimport { ButtonContentOrLoader } from \"./ButtonContentOrLoader.js\";\n\nconst SignInButton = ({\n  displayMode,\n  className,\n  style,\n}: {\n  displayMode?: DisplayMode;\n  className?: string;\n  style?: CSSProperties;\n}) => {\n  const { signIn, authStatus, displayMode: userDisplayMode } = useUser();\n  const [userActionStarted, setUserActionStarted] = useState(false);\n\n  // reset the userActionStarted state if the user logs out or aborts\n  useEffect(() => {\n    if (\n      [AuthStatus.AUTHENTICATED, AuthStatus.UNAUTHENTICATED].includes(\n        authStatus,\n      )\n    ) {\n      setUserActionStarted(false);\n    }\n  }, [authStatus]);\n  return (\n    <button\n      data-testid=\"sign-in-button\"\n      css={{\n        borderRadius: \"9999px\",\n        border: \"1px solid #6b7280\",\n        padding: \"0.75rem 1rem\",\n        transition: \"background-color 0.2s\",\n        minWidth: \"9em\", // this stops the button from going too small when in loading mode\n      }}\n      className={className}\n      style={style}\n      onClick={() => {\n        setUserActionStarted(true);\n        signIn(displayMode);\n      }}\n    >\n      <ButtonContentOrLoader\n        authStatus={authStatus}\n        displayMode={displayMode || userDisplayMode}\n        userActionStarted={userActionStarted}\n      >\n        Sign In\n      </ButtonContentOrLoader>\n    </button>\n  );\n};\n\nexport { SignInButton };\n"]}

package/dist/cjs/reactjs/components/SignOutButton.d.ts

@@ -1,7 +0,0 @@
-import { type CSSProperties } from "react";
-declare const SignOutButton: ({ className, style, }: {
-    className?: string;
-    style?: CSSProperties;
-}) => import("@emotion/react/jsx-runtime").JSX.Element;
-export { SignOutButton };
-//# sourceMappingURL=SignOutButton.d.ts.map

package/dist/cjs/reactjs/components/SignOutButton.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"SignOutButton.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/components/SignOutButton.tsx"],"names":[],"mappings":"AACA,OAAO,EAAuB,KAAK,aAAa,EAAE,MAAM,OAAO,CAAC;AAKhE,QAAA,MAAM,aAAa,0BAGhB;IACD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,aAAa,CAAC;CACvB,qDAmCA,CAAC;AAEF,OAAO,EAAE,aAAa,EAAE,CAAC"}

package/dist/cjs/reactjs/components/SignOutButton.js

@@ -1,27 +0,0 @@
-"use strict";
-"use client";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SignOutButton = void 0;
-const jsx_runtime_1 = require("@emotion/react/jsx-runtime");
-const react_1 = require("react");
-const useUser_js_1 = require("../../reactjs/hooks/useUser.js");
-const ButtonContentOrLoader_js_1 = require("./ButtonContentOrLoader.js");
-const types_js_1 = require("../../types.js");
-const SignOutButton = ({ className, style, }) => {
-    const { signOut, authStatus, displayMode } = (0, useUser_js_1.useUser)();
-    const [userActionStarted, setUserActionStarted] = (0, react_1.useState)(false);
-    // reset the userActionStarted state if the user logs out or aborts
-    (0, react_1.useEffect)(() => {
-        if ([types_js_1.AuthStatus.AUTHENTICATED, types_js_1.AuthStatus.UNAUTHENTICATED].includes(authStatus)) {
-            setUserActionStarted(false);
-        }
-    }, [authStatus]);
-    return ((0, jsx_runtime_1.jsx)("button", { css: {
-            borderRadius: "9999px",
-            border: "1px solid #6b7280",
-            padding: "0.75rem 1rem",
-            transition: "background-color 0.2s",
-        }, className: className, style: style, onClick: () => signOut(), children: (0, jsx_runtime_1.jsx)(ButtonContentOrLoader_js_1.ButtonContentOrLoader, { authStatus: authStatus, displayMode: displayMode, userActionStarted: userActionStarted, children: "Sign Out" }) }));
-};
-exports.SignOutButton = SignOutButton;
-//# sourceMappingURL=SignOutButton.js.map