npm - @inai-dev/nextjs - Versions diffs - 0.1.0 - Mend

@inai-dev/nextjs 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,80 @@
+# @inai-dev/nextjs
+Full Next.js integration for InAI Auth. Includes middleware, server-side helpers, API route handlers, and re-exports all React hooks/components.
+## Installation
+```bash
+npm install @inai-dev/nextjs
+```
+## Setup
+### 1. Environment Variables
+```env
+NEXT_PUBLIC_INAI_PUBLISHABLE_KEY=pk_live_...
+INAI_SECRET_KEY=sk_live_...
+```
+### 2. Middleware
+```ts
+// middleware.ts
+import { authMiddleware } from "@inai-dev/nextjs/middleware";
+export default authMiddleware({
+  publishableKey: process.env.NEXT_PUBLIC_INAI_PUBLISHABLE_KEY!,
+  publicRoutes: ["/", "/about", "/sign-in"],
+});
+export const config = { matcher: ["/((?!_next|static|favicon.ico).*)"] };
+```
+### 3. Provider
+```tsx
+// app/layout.tsx
+import { InAIProvider } from "@inai-dev/nextjs";
+export default function RootLayout({ children }) {
+  return <InAIProvider>{children}</InAIProvider>;
+}
+```
+### 4. Server-Side Auth
+```ts
+// app/dashboard/page.tsx
+import { auth } from "@inai-dev/nextjs/server";
+export default async function Dashboard() {
+  const session = await auth();
+  if (!session) redirect("/sign-in");
+  return <p>Welcome {session.user.email}</p>;
+}
+```
+### 5. API Route Handlers
+```ts
+// app/api/auth/[...inai]/route.ts
+import { handleAuthRoutes } from "@inai-dev/nextjs";
+export const { GET, POST } = handleAuthRoutes();
+```
+## Exports
+- `@inai-dev/nextjs` — Provider, React hooks, API route handler
+- `@inai-dev/nextjs/server` — `auth()`, `currentUser()`, server-side helpers
+- `@inai-dev/nextjs/middleware` — `authMiddleware()`
+## Documentation
+- [Getting Started](https://github.com/inai-dev/sdk/blob/main/docs/getting-started.md)
+- [Next.js Integration](https://github.com/inai-dev/sdk/blob/main/docs/nextjs-integration.md)
+- [API Reference](https://github.com/inai-dev/sdk/blob/main/docs/api-reference.md)
+## License
+[MIT](../../LICENSE)

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,65 @@
+"use client";
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  COOKIE_AUTH_SESSION: () => import_shared.COOKIE_AUTH_SESSION,
+  COOKIE_AUTH_TOKEN: () => import_shared.COOKIE_AUTH_TOKEN,
+  COOKIE_REFRESH_TOKEN: () => import_shared.COOKIE_REFRESH_TOKEN,
+  InAIAuthProvider: () => import_react.InAIAuthProvider,
+  OrganizationSwitcher: () => import_react.OrganizationSwitcher,
+  PermissionGate: () => import_react.PermissionGate,
+  Protect: () => import_react.Protect,
+  SignIn: () => import_react.SignIn,
+  SignedIn: () => import_react.SignedIn,
+  SignedOut: () => import_react.SignedOut,
+  UserButton: () => import_react.UserButton,
+  useAuth: () => import_react.useAuth,
+  useOrganization: () => import_react.useOrganization,
+  useSession: () => import_react.useSession,
+  useSignIn: () => import_react.useSignIn,
+  useSignUp: () => import_react.useSignUp,
+  useUser: () => import_react.useUser
+});
+module.exports = __toCommonJS(src_exports);
+var import_react = require("@inai-dev/react");
+var import_shared = require("@inai-dev/shared");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  COOKIE_AUTH_SESSION,
+  COOKIE_AUTH_TOKEN,
+  COOKIE_REFRESH_TOKEN,
+  InAIAuthProvider,
+  OrganizationSwitcher,
+  PermissionGate,
+  Protect,
+  SignIn,
+  SignedIn,
+  SignedOut,
+  UserButton,
+  useAuth,
+  useOrganization,
+  useSession,
+  useSignIn,
+  useSignUp,
+  useUser
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["// Re-export all React hooks, components, and providers\nexport {\n InAIAuthProvider,\n useAuth,\n useUser,\n useSession,\n useOrganization,\n useSignIn,\n useSignUp,\n Protect,\n SignedIn,\n SignedOut,\n PermissionGate,\n UserButton,\n SignIn,\n OrganizationSwitcher,\n} from \"@inai-dev/react\";\n\n// Cookie constants\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\n// Re-export types\nexport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n SessionResource,\n OrganizationResource,\n InAIAuthConfig,\n InAIAuthErrorBody,\n SignInResult,\n SignUpResult,\n} from \"@inai-dev/types\";\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,mBAeO;AAGP,oBAIO;","names":[]}

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,3 @@
+export { InAIAuthProvider, OrganizationSwitcher, PermissionGate, Protect, SignIn, SignedIn, SignedOut, UserButton, useAuth, useOrganization, useSession, useSignIn, useSignUp, useUser } from '@inai-dev/react';
+export { COOKIE_AUTH_SESSION, COOKIE_AUTH_TOKEN, COOKIE_REFRESH_TOKEN } from '@inai-dev/shared';
+export { AuthObject, InAIAuthConfig, InAIAuthErrorBody, OrganizationResource, ProtectedAuthObject, ServerAuthObject, SessionResource, SignInResult, SignUpResult, UserResource } from '@inai-dev/types';

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { InAIAuthProvider, OrganizationSwitcher, PermissionGate, Protect, SignIn, SignedIn, SignedOut, UserButton, useAuth, useOrganization, useSession, useSignIn, useSignUp, useUser } from '@inai-dev/react';
+export { COOKIE_AUTH_SESSION, COOKIE_AUTH_TOKEN, COOKIE_REFRESH_TOKEN } from '@inai-dev/shared';
+export { AuthObject, InAIAuthConfig, InAIAuthErrorBody, OrganizationResource, ProtectedAuthObject, ServerAuthObject, SessionResource, SignInResult, SignUpResult, UserResource } from '@inai-dev/types';

package/dist/index.js ADDED Viewed

@@ -0,0 +1,44 @@
+"use client";
+// src/index.ts
+import {
+  InAIAuthProvider,
+  useAuth,
+  useUser,
+  useSession,
+  useOrganization,
+  useSignIn,
+  useSignUp,
+  Protect,
+  SignedIn,
+  SignedOut,
+  PermissionGate,
+  UserButton,
+  SignIn,
+  OrganizationSwitcher
+} from "@inai-dev/react";
+import {
+  COOKIE_AUTH_TOKEN,
+  COOKIE_REFRESH_TOKEN,
+  COOKIE_AUTH_SESSION
+} from "@inai-dev/shared";
+export {
+  COOKIE_AUTH_SESSION,
+  COOKIE_AUTH_TOKEN,
+  COOKIE_REFRESH_TOKEN,
+  InAIAuthProvider,
+  OrganizationSwitcher,
+  PermissionGate,
+  Protect,
+  SignIn,
+  SignedIn,
+  SignedOut,
+  UserButton,
+  useAuth,
+  useOrganization,
+  useSession,
+  useSignIn,
+  useSignUp,
+  useUser
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["// Re-export all React hooks, components, and providers\nexport {\n InAIAuthProvider,\n useAuth,\n useUser,\n useSession,\n useOrganization,\n useSignIn,\n useSignUp,\n Protect,\n SignedIn,\n SignedOut,\n PermissionGate,\n UserButton,\n SignIn,\n OrganizationSwitcher,\n} from \"@inai-dev/react\";\n\n// Cookie constants\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\n// Re-export types\nexport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n SessionResource,\n OrganizationResource,\n InAIAuthConfig,\n InAIAuthErrorBody,\n SignInResult,\n SignUpResult,\n} from \"@inai-dev/types\";\n"],"mappings":";;;AACA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;","names":[]}

package/dist/middleware.cjs ADDED Viewed

@@ -0,0 +1,198 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/middleware.ts
+var middleware_exports = {};
+__export(middleware_exports, {
+  createRouteMatcher: () => createRouteMatcher,
+  inaiAuthMiddleware: () => inaiAuthMiddleware,
+  withInAIAuth: () => withInAIAuth
+});
+module.exports = __toCommonJS(middleware_exports);
+var import_server = require("next/server");
+var import_shared = require("@inai-dev/shared");
+function createRouteMatcher(patterns) {
+  const matchers = patterns.map((pattern) => {
+    if (pattern instanceof RegExp) return pattern;
+    let regexStr = pattern;
+    if (regexStr.endsWith("*") && !regexStr.includes("(")) {
+      regexStr = regexStr.slice(0, -1) + ".*";
+    }
+    return new RegExp(`^${regexStr}$`);
+  });
+  return (req) => {
+    const pathname = req.nextUrl.pathname;
+    return matchers.some((m) => m.test(pathname));
+  };
+}
+function matchesRoute(pathname, patterns) {
+  return patterns.some((pattern) => {
+    if (pattern.endsWith("*")) {
+      return pathname.startsWith(pattern.slice(0, -1));
+    }
+    return pathname === pattern;
+  });
+}
+function isPublicRoute(req, publicRoutes, builtinPublic) {
+  const pathname = req.nextUrl.pathname;
+  if (matchesRoute(pathname, builtinPublic)) return true;
+  if (typeof publicRoutes === "function") return publicRoutes(req);
+  return matchesRoute(pathname, publicRoutes);
+}
+function buildAuthObject(token, claims) {
+  const roles = claims.roles ?? [];
+  const permissions = claims.permissions ?? [];
+  return {
+    userId: claims.sub,
+    tenantId: claims.tenant_id,
+    appId: claims.app_id ?? null,
+    envId: claims.env_id ?? null,
+    orgId: claims.org_id ?? null,
+    orgRole: claims.org_role ?? null,
+    sessionId: null,
+    getToken: async () => token,
+    has: (params) => {
+      if (params.role && roles.includes(params.role)) return true;
+      if (params.permission && permissions.includes(params.permission))
+        return true;
+      return false;
+    }
+  };
+}
+async function runAuthCheck(req, signInUrl) {
+  const { pathname } = req.nextUrl;
+  const token = req.cookies.get(import_shared.COOKIE_AUTH_TOKEN)?.value;
+  if (!token || (0, import_shared.isTokenExpired)(token)) {
+    const refreshToken = req.cookies.get(import_shared.COOKIE_REFRESH_TOKEN)?.value;
+    if (refreshToken) {
+      try {
+        const refreshUrl = new URL("/api/auth/refresh", req.url);
+        const refreshRes = await fetch(refreshUrl.toString(), {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: req.headers.get("cookie") ?? ""
+          }
+        });
+        if (refreshRes.ok) {
+          const response2 = import_server.NextResponse.next();
+          const setCookies = refreshRes.headers.getSetCookie?.() ?? [];
+          for (const cookie of setCookies) {
+            response2.headers.append("Set-Cookie", cookie);
+          }
+          return { authObj: null, response: response2 };
+        }
+      } catch {
+      }
+    }
+    const response = import_server.NextResponse.redirect(
+      new URL(
+        `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,
+        req.url
+      )
+    );
+    response.cookies.set(import_shared.COOKIE_AUTH_TOKEN, "", { path: "/", maxAge: 0 });
+    response.cookies.set(import_shared.COOKIE_REFRESH_TOKEN, "", {
+      path: "/api/auth",
+      maxAge: 0
+    });
+    response.cookies.set(import_shared.COOKIE_AUTH_SESSION, "", { path: "/", maxAge: 0 });
+    return { authObj: null, response };
+  }
+  const claims = (0, import_shared.getClaimsFromToken)(token);
+  if (!claims) {
+    return {
+      authObj: null,
+      response: import_server.NextResponse.redirect(new URL(signInUrl, req.url))
+    };
+  }
+  return { authObj: buildAuthObject(token, claims) };
+}
+function inaiAuthMiddleware(config = {}) {
+  const {
+    publicRoutes = [],
+    signInUrl = "/login",
+    beforeAuth,
+    afterAuth
+  } = config;
+  const builtinPublic = ["/_next/*", "/favicon.ico", "/api/*", signInUrl];
+  return async function middleware(req) {
+    if (beforeAuth) {
+      const result = beforeAuth(req);
+      if (result) return result;
+    }
+    if (isPublicRoute(req, publicRoutes, builtinPublic)) {
+      return import_server.NextResponse.next();
+    }
+    const { authObj, response } = await runAuthCheck(req, signInUrl);
+    if (response) return response;
+    if (!authObj)
+      return import_server.NextResponse.redirect(new URL(signInUrl, req.url));
+    if (afterAuth) {
+      const result = afterAuth(authObj, req);
+      if (result) return result;
+    }
+    return import_server.NextResponse.next();
+  };
+}
+function withInAIAuth(wrappedMiddleware, config = {}) {
+  const {
+    publicRoutes = [],
+    signInUrl = "/login",
+    beforeAuth,
+    afterAuth
+  } = config;
+  const builtinPublic = ["/_next/*", "/favicon.ico", "/api/*", signInUrl];
+  return async function middleware(req) {
+    if (beforeAuth) {
+      const result = beforeAuth(req);
+      if (result) return result;
+    }
+    const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);
+    if (!isPublic) {
+      const { authObj, response } = await runAuthCheck(req, signInUrl);
+      if (response) return response;
+      if (!authObj)
+        return import_server.NextResponse.redirect(new URL(signInUrl, req.url));
+      if (afterAuth) {
+        const result = afterAuth(authObj, req);
+        if (result) return result;
+      }
+      const authHeader = JSON.stringify({
+        userId: authObj.userId,
+        tenantId: authObj.tenantId,
+        appId: authObj.appId,
+        envId: authObj.envId,
+        orgId: authObj.orgId,
+        orgRole: authObj.orgRole
+      });
+      req.headers.set("x-inai-auth", authHeader);
+    }
+    const wrappedResponse = await wrappedMiddleware(req);
+    if (wrappedResponse instanceof import_server.NextResponse) return wrappedResponse;
+    return new import_server.NextResponse(wrappedResponse.body, wrappedResponse);
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createRouteMatcher,
+  inaiAuthMiddleware,
+  withInAIAuth
+});
+//# sourceMappingURL=middleware.cjs.map

package/dist/middleware.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/middleware.ts"],"sourcesContent":["import { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport type { AuthObject } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n getClaimsFromToken,\n isTokenExpired,\n} from \"@inai-dev/shared\";\n\nexport interface InAIMiddlewareConfig {\n publicRoutes?: string[] | ((req: NextRequest) => boolean);\n signInUrl?: string;\n beforeAuth?: (req: NextRequest) => NextResponse | void;\n afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;\n}\n\nexport function createRouteMatcher(\n patterns: (string | RegExp)[],\n): (req: NextRequest) => boolean {\n const matchers = patterns.map((pattern) => {\n if (pattern instanceof RegExp) return pattern;\n let regexStr = pattern;\n if (regexStr.endsWith(\"*\") && !regexStr.includes(\"(\")) {\n regexStr = regexStr.slice(0, -1) + \".*\";\n }\n return new RegExp(`^${regexStr}$`);\n });\n\n return (req: NextRequest) => {\n const pathname = req.nextUrl.pathname;\n return matchers.some((m) => m.test(pathname));\n };\n}\n\nfunction matchesRoute(pathname: string, patterns: string[]): boolean {\n return patterns.some((pattern) => {\n if (pattern.endsWith(\"*\")) {\n return pathname.startsWith(pattern.slice(0, -1));\n }\n return pathname === pattern;\n });\n}\n\nfunction isPublicRoute(\n req: NextRequest,\n publicRoutes: string[] | ((req: NextRequest) => boolean),\n builtinPublic: string[],\n): boolean {\n const pathname = req.nextUrl.pathname;\n if (matchesRoute(pathname, builtinPublic)) return true;\n if (typeof publicRoutes === \"function\") return publicRoutes(req);\n return matchesRoute(pathname, publicRoutes);\n}\n\nfunction buildAuthObject(\n token: string,\n claims: NonNullable<ReturnType<typeof getClaimsFromToken>>,\n): AuthObject {\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has: (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n },\n };\n}\n\nasync function runAuthCheck(\n req: NextRequest,\n signInUrl: string,\n): Promise<{ authObj: AuthObject | null; response?: NextResponse }> {\n const { pathname } = req.nextUrl;\n const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;\n\n if (!token || isTokenExpired(token)) {\n const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n try {\n const refreshUrl = new URL(\"/api/auth/refresh\", req.url);\n const refreshRes = await fetch(refreshUrl.toString(), {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Cookie: req.headers.get(\"cookie\") ?? \"\",\n },\n });\n if (refreshRes.ok) {\n const response = NextResponse.next();\n const setCookies = refreshRes.headers.getSetCookie?.() ?? [];\n for (const cookie of setCookies) {\n response.headers.append(\"Set-Cookie\", cookie);\n }\n return { authObj: null, response };\n }\n } catch {\n // Refresh failed, fall through to redirect\n }\n }\n\n const response = NextResponse.redirect(\n new URL(\n `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,\n req.url,\n ),\n );\n response.cookies.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n response.cookies.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n return { authObj: null, response };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n authObj: null,\n response: NextResponse.redirect(new URL(signInUrl, req.url)),\n };\n }\n\n return { authObj: buildAuthObject(token, claims) };\n}\n\nexport function inaiAuthMiddleware(config: InAIMiddlewareConfig = {}) {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n if (isPublicRoute(req, publicRoutes, builtinPublic)) {\n return NextResponse.next();\n }\n\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n return NextResponse.next();\n };\n}\n\nexport function withInAIAuth(\n wrappedMiddleware: (\n req: NextRequest,\n ) => NextResponse | Response | Promise<NextResponse | Response>,\n config: InAIMiddlewareConfig = {},\n): (req: NextRequest) => Promise<NextResponse> {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);\n\n if (!isPublic) {\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n const authHeader = JSON.stringify({\n userId: authObj.userId,\n tenantId: authObj.tenantId,\n appId: authObj.appId,\n envId: authObj.envId,\n orgId: authObj.orgId,\n orgRole: authObj.orgRole,\n });\n req.headers.set(\"x-inai-auth\", authHeader);\n }\n\n const wrappedResponse = await wrappedMiddleware(req);\n if (wrappedResponse instanceof NextResponse) return wrappedResponse;\n return new NextResponse(wrappedResponse.body, wrappedResponse);\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA6B;AAG7B,oBAMO;AASA,SAAS,mBACd,UAC+B;AAC/B,QAAM,WAAW,SAAS,IAAI,CAAC,YAAY;AACzC,QAAI,mBAAmB,OAAQ,QAAO;AACtC,QAAI,WAAW;AACf,QAAI,SAAS,SAAS,GAAG,KAAK,CAAC,SAAS,SAAS,GAAG,GAAG;AACrD,iBAAW,SAAS,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC;AACA,WAAO,IAAI,OAAO,IAAI,QAAQ,GAAG;AAAA,EACnC,CAAC;AAED,SAAO,CAAC,QAAqB;AAC3B,UAAM,WAAW,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,MAAM,EAAE,KAAK,QAAQ,CAAC;AAAA,EAC9C;AACF;AAEA,SAAS,aAAa,UAAkB,UAA6B;AACnE,SAAO,SAAS,KAAK,CAAC,YAAY;AAChC,QAAI,QAAQ,SAAS,GAAG,GAAG;AACzB,aAAO,SAAS,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,IACjD;AACA,WAAO,aAAa;AAAA,EACtB,CAAC;AACH;AAEA,SAAS,cACP,KACA,cACA,eACS;AACT,QAAM,WAAW,IAAI,QAAQ;AAC7B,MAAI,aAAa,UAAU,aAAa,EAAG,QAAO;AAClD,MAAI,OAAO,iBAAiB,WAAY,QAAO,aAAa,GAAG;AAC/D,SAAO,aAAa,UAAU,YAAY;AAC5C;AAEA,SAAS,gBACP,OACA,QACY;AACZ,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAC3C,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB,KAAK,CAAC,WAAmD;AACvD,UAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,UAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,eAAO;AACT,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAe,aACb,KACA,WACkE;AAClE,QAAM,EAAE,SAAS,IAAI,IAAI;AACzB,QAAM,QAAQ,IAAI,QAAQ,IAAI,+BAAiB,GAAG;AAElD,MAAI,CAAC,aAAS,8BAAe,KAAK,GAAG;AACnC,UAAM,eAAe,IAAI,QAAQ,IAAI,kCAAoB,GAAG;AAC5D,QAAI,cAAc;AAChB,UAAI;AACF,cAAM,aAAa,IAAI,IAAI,qBAAqB,IAAI,GAAG;AACvD,cAAM,aAAa,MAAM,MAAM,WAAW,SAAS,GAAG;AAAA,UACpD,QAAQ;AAAA,UACR,SAAS;AAAA,YACP,gBAAgB;AAAA,YAChB,QAAQ,IAAI,QAAQ,IAAI,QAAQ,KAAK;AAAA,UACvC;AAAA,QACF,CAAC;AACD,YAAI,WAAW,IAAI;AACjB,gBAAMA,YAAW,2BAAa,KAAK;AACnC,gBAAM,aAAa,WAAW,QAAQ,eAAe,KAAK,CAAC;AAC3D,qBAAW,UAAU,YAAY;AAC/B,YAAAA,UAAS,QAAQ,OAAO,cAAc,MAAM;AAAA,UAC9C;AACA,iBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,QACnC;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,WAAW,2BAAa;AAAA,MAC5B,IAAI;AAAA,QACF,GAAG,SAAS,aAAa,mBAAmB,QAAQ,CAAC;AAAA,QACrD,IAAI;AAAA,MACN;AAAA,IACF;AACA,aAAS,QAAQ,IAAI,iCAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACpE,aAAS,QAAQ,IAAI,oCAAsB,IAAI;AAAA,MAC7C,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,aAAS,QAAQ,IAAI,mCAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACtE,WAAO,EAAE,SAAS,MAAM,SAAS;AAAA,EACnC;AAEA,QAAM,aAAS,kCAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,2BAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,gBAAgB,OAAO,MAAM,EAAE;AACnD;AAEO,SAAS,mBAAmB,SAA+B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,QAAI,cAAc,KAAK,cAAc,aAAa,GAAG;AACnD,aAAO,2BAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,QAAI,SAAU,QAAO;AACrB,QAAI,CAAC;AACH,aAAO,2BAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,QAAI,WAAW;AACb,YAAM,SAAS,UAAU,SAAS,GAAG;AACrC,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,WAAO,2BAAa,KAAK;AAAA,EAC3B;AACF;AAEO,SAAS,aACd,mBAGA,SAA+B,CAAC,GACa;AAC7C,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,UAAM,WAAW,cAAc,KAAK,cAAc,aAAa;AAE/D,QAAI,CAAC,UAAU;AACb,YAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,UAAI,SAAU,QAAO;AACrB,UAAI,CAAC;AACH,eAAO,2BAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,UAAI,WAAW;AACb,cAAM,SAAS,UAAU,SAAS,GAAG;AACrC,YAAI,OAAQ,QAAO;AAAA,MACrB;AAEA,YAAM,aAAa,KAAK,UAAU;AAAA,QAChC,QAAQ,QAAQ;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,SAAS,QAAQ;AAAA,MACnB,CAAC;AACD,UAAI,QAAQ,IAAI,eAAe,UAAU;AAAA,IAC3C;AAEA,UAAM,kBAAkB,MAAM,kBAAkB,GAAG;AACnD,QAAI,2BAA2B,2BAAc,QAAO;AACpD,WAAO,IAAI,2BAAa,gBAAgB,MAAM,eAAe;AAAA,EAC/D;AACF;","names":["response"]}

package/dist/middleware.d.cts ADDED Viewed

@@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { AuthObject } from '@inai-dev/types';
+interface InAIMiddlewareConfig {
+    publicRoutes?: string[] | ((req: NextRequest) => boolean);
+    signInUrl?: string;
+    beforeAuth?: (req: NextRequest) => NextResponse | void;
+    afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;
+}
+declare function createRouteMatcher(patterns: (string | RegExp)[]): (req: NextRequest) => boolean;
+declare function inaiAuthMiddleware(config?: InAIMiddlewareConfig): (req: NextRequest) => Promise<NextResponse>;
+declare function withInAIAuth(wrappedMiddleware: (req: NextRequest) => NextResponse | Response | Promise<NextResponse | Response>, config?: InAIMiddlewareConfig): (req: NextRequest) => Promise<NextResponse>;
+export { type InAIMiddlewareConfig, createRouteMatcher, inaiAuthMiddleware, withInAIAuth };

package/dist/middleware.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { AuthObject } from '@inai-dev/types';
+interface InAIMiddlewareConfig {
+    publicRoutes?: string[] | ((req: NextRequest) => boolean);
+    signInUrl?: string;
+    beforeAuth?: (req: NextRequest) => NextResponse | void;
+    afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;
+}
+declare function createRouteMatcher(patterns: (string | RegExp)[]): (req: NextRequest) => boolean;
+declare function inaiAuthMiddleware(config?: InAIMiddlewareConfig): (req: NextRequest) => Promise<NextResponse>;
+declare function withInAIAuth(wrappedMiddleware: (req: NextRequest) => NextResponse | Response | Promise<NextResponse | Response>, config?: InAIMiddlewareConfig): (req: NextRequest) => Promise<NextResponse>;
+export { type InAIMiddlewareConfig, createRouteMatcher, inaiAuthMiddleware, withInAIAuth };

package/dist/middleware.js ADDED Viewed

@@ -0,0 +1,177 @@
+// src/middleware.ts
+import { NextResponse } from "next/server";
+import {
+  COOKIE_AUTH_TOKEN,
+  COOKIE_AUTH_SESSION,
+  COOKIE_REFRESH_TOKEN,
+  getClaimsFromToken,
+  isTokenExpired
+} from "@inai-dev/shared";
+function createRouteMatcher(patterns) {
+  const matchers = patterns.map((pattern) => {
+    if (pattern instanceof RegExp) return pattern;
+    let regexStr = pattern;
+    if (regexStr.endsWith("*") && !regexStr.includes("(")) {
+      regexStr = regexStr.slice(0, -1) + ".*";
+    }
+    return new RegExp(`^${regexStr}$`);
+  });
+  return (req) => {
+    const pathname = req.nextUrl.pathname;
+    return matchers.some((m) => m.test(pathname));
+  };
+}
+function matchesRoute(pathname, patterns) {
+  return patterns.some((pattern) => {
+    if (pattern.endsWith("*")) {
+      return pathname.startsWith(pattern.slice(0, -1));
+    }
+    return pathname === pattern;
+  });
+}
+function isPublicRoute(req, publicRoutes, builtinPublic) {
+  const pathname = req.nextUrl.pathname;
+  if (matchesRoute(pathname, builtinPublic)) return true;
+  if (typeof publicRoutes === "function") return publicRoutes(req);
+  return matchesRoute(pathname, publicRoutes);
+}
+function buildAuthObject(token, claims) {
+  const roles = claims.roles ?? [];
+  const permissions = claims.permissions ?? [];
+  return {
+    userId: claims.sub,
+    tenantId: claims.tenant_id,
+    appId: claims.app_id ?? null,
+    envId: claims.env_id ?? null,
+    orgId: claims.org_id ?? null,
+    orgRole: claims.org_role ?? null,
+    sessionId: null,
+    getToken: async () => token,
+    has: (params) => {
+      if (params.role && roles.includes(params.role)) return true;
+      if (params.permission && permissions.includes(params.permission))
+        return true;
+      return false;
+    }
+  };
+}
+async function runAuthCheck(req, signInUrl) {
+  const { pathname } = req.nextUrl;
+  const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;
+  if (!token || isTokenExpired(token)) {
+    const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;
+    if (refreshToken) {
+      try {
+        const refreshUrl = new URL("/api/auth/refresh", req.url);
+        const refreshRes = await fetch(refreshUrl.toString(), {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: req.headers.get("cookie") ?? ""
+          }
+        });
+        if (refreshRes.ok) {
+          const response2 = NextResponse.next();
+          const setCookies = refreshRes.headers.getSetCookie?.() ?? [];
+          for (const cookie of setCookies) {
+            response2.headers.append("Set-Cookie", cookie);
+          }
+          return { authObj: null, response: response2 };
+        }
+      } catch {
+      }
+    }
+    const response = NextResponse.redirect(
+      new URL(
+        `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,
+        req.url
+      )
+    );
+    response.cookies.set(COOKIE_AUTH_TOKEN, "", { path: "/", maxAge: 0 });
+    response.cookies.set(COOKIE_REFRESH_TOKEN, "", {
+      path: "/api/auth",
+      maxAge: 0
+    });
+    response.cookies.set(COOKIE_AUTH_SESSION, "", { path: "/", maxAge: 0 });
+    return { authObj: null, response };
+  }
+  const claims = getClaimsFromToken(token);
+  if (!claims) {
+    return {
+      authObj: null,
+      response: NextResponse.redirect(new URL(signInUrl, req.url))
+    };
+  }
+  return { authObj: buildAuthObject(token, claims) };
+}
+function inaiAuthMiddleware(config = {}) {
+  const {
+    publicRoutes = [],
+    signInUrl = "/login",
+    beforeAuth,
+    afterAuth
+  } = config;
+  const builtinPublic = ["/_next/*", "/favicon.ico", "/api/*", signInUrl];
+  return async function middleware(req) {
+    if (beforeAuth) {
+      const result = beforeAuth(req);
+      if (result) return result;
+    }
+    if (isPublicRoute(req, publicRoutes, builtinPublic)) {
+      return NextResponse.next();
+    }
+    const { authObj, response } = await runAuthCheck(req, signInUrl);
+    if (response) return response;
+    if (!authObj)
+      return NextResponse.redirect(new URL(signInUrl, req.url));
+    if (afterAuth) {
+      const result = afterAuth(authObj, req);
+      if (result) return result;
+    }
+    return NextResponse.next();
+  };
+}
+function withInAIAuth(wrappedMiddleware, config = {}) {
+  const {
+    publicRoutes = [],
+    signInUrl = "/login",
+    beforeAuth,
+    afterAuth
+  } = config;
+  const builtinPublic = ["/_next/*", "/favicon.ico", "/api/*", signInUrl];
+  return async function middleware(req) {
+    if (beforeAuth) {
+      const result = beforeAuth(req);
+      if (result) return result;
+    }
+    const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);
+    if (!isPublic) {
+      const { authObj, response } = await runAuthCheck(req, signInUrl);
+      if (response) return response;
+      if (!authObj)
+        return NextResponse.redirect(new URL(signInUrl, req.url));
+      if (afterAuth) {
+        const result = afterAuth(authObj, req);
+        if (result) return result;
+      }
+      const authHeader = JSON.stringify({
+        userId: authObj.userId,
+        tenantId: authObj.tenantId,
+        appId: authObj.appId,
+        envId: authObj.envId,
+        orgId: authObj.orgId,
+        orgRole: authObj.orgRole
+      });
+      req.headers.set("x-inai-auth", authHeader);
+    }
+    const wrappedResponse = await wrappedMiddleware(req);
+    if (wrappedResponse instanceof NextResponse) return wrappedResponse;
+    return new NextResponse(wrappedResponse.body, wrappedResponse);
+  };
+}
+export {
+  createRouteMatcher,
+  inaiAuthMiddleware,
+  withInAIAuth
+};
+//# sourceMappingURL=middleware.js.map

package/dist/middleware.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/middleware.ts"],"sourcesContent":["import { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport type { AuthObject } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n getClaimsFromToken,\n isTokenExpired,\n} from \"@inai-dev/shared\";\n\nexport interface InAIMiddlewareConfig {\n publicRoutes?: string[] | ((req: NextRequest) => boolean);\n signInUrl?: string;\n beforeAuth?: (req: NextRequest) => NextResponse | void;\n afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;\n}\n\nexport function createRouteMatcher(\n patterns: (string | RegExp)[],\n): (req: NextRequest) => boolean {\n const matchers = patterns.map((pattern) => {\n if (pattern instanceof RegExp) return pattern;\n let regexStr = pattern;\n if (regexStr.endsWith(\"*\") && !regexStr.includes(\"(\")) {\n regexStr = regexStr.slice(0, -1) + \".*\";\n }\n return new RegExp(`^${regexStr}$`);\n });\n\n return (req: NextRequest) => {\n const pathname = req.nextUrl.pathname;\n return matchers.some((m) => m.test(pathname));\n };\n}\n\nfunction matchesRoute(pathname: string, patterns: string[]): boolean {\n return patterns.some((pattern) => {\n if (pattern.endsWith(\"*\")) {\n return pathname.startsWith(pattern.slice(0, -1));\n }\n return pathname === pattern;\n });\n}\n\nfunction isPublicRoute(\n req: NextRequest,\n publicRoutes: string[] | ((req: NextRequest) => boolean),\n builtinPublic: string[],\n): boolean {\n const pathname = req.nextUrl.pathname;\n if (matchesRoute(pathname, builtinPublic)) return true;\n if (typeof publicRoutes === \"function\") return publicRoutes(req);\n return matchesRoute(pathname, publicRoutes);\n}\n\nfunction buildAuthObject(\n token: string,\n claims: NonNullable<ReturnType<typeof getClaimsFromToken>>,\n): AuthObject {\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has: (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n },\n };\n}\n\nasync function runAuthCheck(\n req: NextRequest,\n signInUrl: string,\n): Promise<{ authObj: AuthObject | null; response?: NextResponse }> {\n const { pathname } = req.nextUrl;\n const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;\n\n if (!token || isTokenExpired(token)) {\n const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n try {\n const refreshUrl = new URL(\"/api/auth/refresh\", req.url);\n const refreshRes = await fetch(refreshUrl.toString(), {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Cookie: req.headers.get(\"cookie\") ?? \"\",\n },\n });\n if (refreshRes.ok) {\n const response = NextResponse.next();\n const setCookies = refreshRes.headers.getSetCookie?.() ?? [];\n for (const cookie of setCookies) {\n response.headers.append(\"Set-Cookie\", cookie);\n }\n return { authObj: null, response };\n }\n } catch {\n // Refresh failed, fall through to redirect\n }\n }\n\n const response = NextResponse.redirect(\n new URL(\n `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,\n req.url,\n ),\n );\n response.cookies.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n response.cookies.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n return { authObj: null, response };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n authObj: null,\n response: NextResponse.redirect(new URL(signInUrl, req.url)),\n };\n }\n\n return { authObj: buildAuthObject(token, claims) };\n}\n\nexport function inaiAuthMiddleware(config: InAIMiddlewareConfig = {}) {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n if (isPublicRoute(req, publicRoutes, builtinPublic)) {\n return NextResponse.next();\n }\n\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n return NextResponse.next();\n };\n}\n\nexport function withInAIAuth(\n wrappedMiddleware: (\n req: NextRequest,\n ) => NextResponse | Response | Promise<NextResponse | Response>,\n config: InAIMiddlewareConfig = {},\n): (req: NextRequest) => Promise<NextResponse> {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);\n\n if (!isPublic) {\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n const authHeader = JSON.stringify({\n userId: authObj.userId,\n tenantId: authObj.tenantId,\n appId: authObj.appId,\n envId: authObj.envId,\n orgId: authObj.orgId,\n orgRole: authObj.orgRole,\n });\n req.headers.set(\"x-inai-auth\", authHeader);\n }\n\n const wrappedResponse = await wrappedMiddleware(req);\n if (wrappedResponse instanceof NextResponse) return wrappedResponse;\n return new NextResponse(wrappedResponse.body, wrappedResponse);\n };\n}\n"],"mappings":";AAAA,SAAS,oBAAoB;AAG7B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASA,SAAS,mBACd,UAC+B;AAC/B,QAAM,WAAW,SAAS,IAAI,CAAC,YAAY;AACzC,QAAI,mBAAmB,OAAQ,QAAO;AACtC,QAAI,WAAW;AACf,QAAI,SAAS,SAAS,GAAG,KAAK,CAAC,SAAS,SAAS,GAAG,GAAG;AACrD,iBAAW,SAAS,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC;AACA,WAAO,IAAI,OAAO,IAAI,QAAQ,GAAG;AAAA,EACnC,CAAC;AAED,SAAO,CAAC,QAAqB;AAC3B,UAAM,WAAW,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,MAAM,EAAE,KAAK,QAAQ,CAAC;AAAA,EAC9C;AACF;AAEA,SAAS,aAAa,UAAkB,UAA6B;AACnE,SAAO,SAAS,KAAK,CAAC,YAAY;AAChC,QAAI,QAAQ,SAAS,GAAG,GAAG;AACzB,aAAO,SAAS,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,IACjD;AACA,WAAO,aAAa;AAAA,EACtB,CAAC;AACH;AAEA,SAAS,cACP,KACA,cACA,eACS;AACT,QAAM,WAAW,IAAI,QAAQ;AAC7B,MAAI,aAAa,UAAU,aAAa,EAAG,QAAO;AAClD,MAAI,OAAO,iBAAiB,WAAY,QAAO,aAAa,GAAG;AAC/D,SAAO,aAAa,UAAU,YAAY;AAC5C;AAEA,SAAS,gBACP,OACA,QACY;AACZ,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAC3C,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB,KAAK,CAAC,WAAmD;AACvD,UAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,UAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,eAAO;AACT,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAe,aACb,KACA,WACkE;AAClE,QAAM,EAAE,SAAS,IAAI,IAAI;AACzB,QAAM,QAAQ,IAAI,QAAQ,IAAI,iBAAiB,GAAG;AAElD,MAAI,CAAC,SAAS,eAAe,KAAK,GAAG;AACnC,UAAM,eAAe,IAAI,QAAQ,IAAI,oBAAoB,GAAG;AAC5D,QAAI,cAAc;AAChB,UAAI;AACF,cAAM,aAAa,IAAI,IAAI,qBAAqB,IAAI,GAAG;AACvD,cAAM,aAAa,MAAM,MAAM,WAAW,SAAS,GAAG;AAAA,UACpD,QAAQ;AAAA,UACR,SAAS;AAAA,YACP,gBAAgB;AAAA,YAChB,QAAQ,IAAI,QAAQ,IAAI,QAAQ,KAAK;AAAA,UACvC;AAAA,QACF,CAAC;AACD,YAAI,WAAW,IAAI;AACjB,gBAAMA,YAAW,aAAa,KAAK;AACnC,gBAAM,aAAa,WAAW,QAAQ,eAAe,KAAK,CAAC;AAC3D,qBAAW,UAAU,YAAY;AAC/B,YAAAA,UAAS,QAAQ,OAAO,cAAc,MAAM;AAAA,UAC9C;AACA,iBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,QACnC;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,WAAW,aAAa;AAAA,MAC5B,IAAI;AAAA,QACF,GAAG,SAAS,aAAa,mBAAmB,QAAQ,CAAC;AAAA,QACrD,IAAI;AAAA,MACN;AAAA,IACF;AACA,aAAS,QAAQ,IAAI,mBAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACpE,aAAS,QAAQ,IAAI,sBAAsB,IAAI;AAAA,MAC7C,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,aAAS,QAAQ,IAAI,qBAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACtE,WAAO,EAAE,SAAS,MAAM,SAAS;AAAA,EACnC;AAEA,QAAM,SAAS,mBAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,gBAAgB,OAAO,MAAM,EAAE;AACnD;AAEO,SAAS,mBAAmB,SAA+B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,QAAI,cAAc,KAAK,cAAc,aAAa,GAAG;AACnD,aAAO,aAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,QAAI,SAAU,QAAO;AACrB,QAAI,CAAC;AACH,aAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,QAAI,WAAW;AACb,YAAM,SAAS,UAAU,SAAS,GAAG;AACrC,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAEO,SAAS,aACd,mBAGA,SAA+B,CAAC,GACa;AAC7C,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,UAAM,WAAW,cAAc,KAAK,cAAc,aAAa;AAE/D,QAAI,CAAC,UAAU;AACb,YAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,UAAI,SAAU,QAAO;AACrB,UAAI,CAAC;AACH,eAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,UAAI,WAAW;AACb,cAAM,SAAS,UAAU,SAAS,GAAG;AACrC,YAAI,OAAQ,QAAO;AAAA,MACrB;AAEA,YAAM,aAAa,KAAK,UAAU;AAAA,QAChC,QAAQ,QAAQ;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,SAAS,QAAQ;AAAA,MACnB,CAAC;AACD,UAAI,QAAQ,IAAI,eAAe,UAAU;AAAA,IAC3C;AAEA,UAAM,kBAAkB,MAAM,kBAAkB,GAAG;AACnD,QAAI,2BAA2B,aAAc,QAAO;AACpD,WAAO,IAAI,aAAa,gBAAgB,MAAM,eAAe;AAAA,EAC/D;AACF;","names":["response"]}