@inai-dev/nextjs 0.1.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/index.cjs.map +1 -1
  2. package/dist/index.d.cts +1 -1
  3. package/dist/index.d.ts +1 -1
  4. package/dist/index.js.map +1 -1
  5. package/dist/middleware.cjs +63 -16
  6. package/dist/middleware.cjs.map +1 -1
  7. package/dist/middleware.d.cts +1 -0
  8. package/dist/middleware.d.ts +1 -0
  9. package/dist/middleware.js +64 -16
  10. package/dist/middleware.js.map +1 -1
  11. package/dist/server.cjs +12 -4
  12. package/dist/server.cjs.map +1 -1
  13. package/dist/server.d.cts +16 -5
  14. package/dist/server.d.ts +16 -5
  15. package/dist/server.js +7 -3
  16. package/dist/server.js.map +1 -1
  17. package/package.json +17 -7
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["// Re-export all React hooks, components, and providers\nexport {\n InAIAuthProvider,\n useAuth,\n useUser,\n useSession,\n useOrganization,\n useSignIn,\n useSignUp,\n Protect,\n SignedIn,\n SignedOut,\n PermissionGate,\n UserButton,\n SignIn,\n OrganizationSwitcher,\n} from \"@inai-dev/react\";\n\n// Cookie constants\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\n// Re-export types\nexport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n SessionResource,\n OrganizationResource,\n InAIAuthConfig,\n InAIAuthErrorBody,\n SignInResult,\n SignUpResult,\n} from \"@inai-dev/types\";\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,mBAeO;AAGP,oBAIO;","names":[]}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["// Re-export all React hooks, components, and providers\nexport {\n InAIAuthProvider,\n useAuth,\n useUser,\n useSession,\n useOrganization,\n useSignIn,\n useSignUp,\n Protect,\n SignedIn,\n SignedOut,\n PermissionGate,\n UserButton,\n SignIn,\n OrganizationSwitcher,\n} from \"@inai-dev/react\";\n\n// Cookie constants\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\n// Re-export types\nexport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n PlatformUserResource,\n SessionResource,\n OrganizationResource,\n InAIAuthConfig,\n InAIAuthErrorBody,\n SignInResult,\n SignUpResult,\n} from \"@inai-dev/types\";\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,mBAeO;AAGP,oBAIO;","names":[]}
package/dist/index.d.cts CHANGED
@@ -1,3 +1,3 @@
1
1
  export { InAIAuthProvider, OrganizationSwitcher, PermissionGate, Protect, SignIn, SignedIn, SignedOut, UserButton, useAuth, useOrganization, useSession, useSignIn, useSignUp, useUser } from '@inai-dev/react';
2
2
  export { COOKIE_AUTH_SESSION, COOKIE_AUTH_TOKEN, COOKIE_REFRESH_TOKEN } from '@inai-dev/shared';
3
- export { AuthObject, InAIAuthConfig, InAIAuthErrorBody, OrganizationResource, ProtectedAuthObject, ServerAuthObject, SessionResource, SignInResult, SignUpResult, UserResource } from '@inai-dev/types';
3
+ export { AuthObject, InAIAuthConfig, InAIAuthErrorBody, OrganizationResource, PlatformUserResource, ProtectedAuthObject, ServerAuthObject, SessionResource, SignInResult, SignUpResult, UserResource } from '@inai-dev/types';
package/dist/index.d.ts CHANGED
@@ -1,3 +1,3 @@
1
1
  export { InAIAuthProvider, OrganizationSwitcher, PermissionGate, Protect, SignIn, SignedIn, SignedOut, UserButton, useAuth, useOrganization, useSession, useSignIn, useSignUp, useUser } from '@inai-dev/react';
2
2
  export { COOKIE_AUTH_SESSION, COOKIE_AUTH_TOKEN, COOKIE_REFRESH_TOKEN } from '@inai-dev/shared';
3
- export { AuthObject, InAIAuthConfig, InAIAuthErrorBody, OrganizationResource, ProtectedAuthObject, ServerAuthObject, SessionResource, SignInResult, SignUpResult, UserResource } from '@inai-dev/types';
3
+ export { AuthObject, InAIAuthConfig, InAIAuthErrorBody, OrganizationResource, PlatformUserResource, ProtectedAuthObject, ServerAuthObject, SessionResource, SignInResult, SignUpResult, UserResource } from '@inai-dev/types';
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["// Re-export all React hooks, components, and providers\nexport {\n InAIAuthProvider,\n useAuth,\n useUser,\n useSession,\n useOrganization,\n useSignIn,\n useSignUp,\n Protect,\n SignedIn,\n SignedOut,\n PermissionGate,\n UserButton,\n SignIn,\n OrganizationSwitcher,\n} from \"@inai-dev/react\";\n\n// Cookie constants\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\n// Re-export types\nexport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n SessionResource,\n OrganizationResource,\n InAIAuthConfig,\n InAIAuthErrorBody,\n SignInResult,\n SignUpResult,\n} from \"@inai-dev/types\";\n"],"mappings":";;;AACA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;","names":[]}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["// Re-export all React hooks, components, and providers\nexport {\n InAIAuthProvider,\n useAuth,\n useUser,\n useSession,\n useOrganization,\n useSignIn,\n useSignUp,\n Protect,\n SignedIn,\n SignedOut,\n PermissionGate,\n UserButton,\n SignIn,\n OrganizationSwitcher,\n} from \"@inai-dev/react\";\n\n// Cookie constants\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\n// Re-export types\nexport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n PlatformUserResource,\n SessionResource,\n OrganizationResource,\n InAIAuthConfig,\n InAIAuthErrorBody,\n SignInResult,\n SignUpResult,\n} from \"@inai-dev/types\";\n"],"mappings":";;;AACA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;","names":[]}
package/dist/middleware.cjs CHANGED
@@ -75,28 +75,73 @@ function buildAuthObject(token, claims) {
75
75
  }
76
76
  };
77
77
  }
78
- async function runAuthCheck(req, signInUrl) {
78
+ async function runAuthCheck(req, signInUrl, apiUrl) {
79
79
  const { pathname } = req.nextUrl;
80
80
  const token = req.cookies.get(import_shared.COOKIE_AUTH_TOKEN)?.value;
81
81
  if (!token || (0, import_shared.isTokenExpired)(token)) {
82
82
  const refreshToken = req.cookies.get(import_shared.COOKIE_REFRESH_TOKEN)?.value;
83
83
  if (refreshToken) {
84
84
  try {
85
- const refreshUrl = new URL("/api/auth/refresh", req.url);
86
- const refreshRes = await fetch(refreshUrl.toString(), {
87
- method: "POST",
88
- headers: {
89
- "Content-Type": "application/json",
90
- Cookie: req.headers.get("cookie") ?? ""
85
+ if (apiUrl) {
86
+ const refreshRes = await fetch(`${apiUrl}/api/platform/auth/refresh`, {
87
+ method: "POST",
88
+ headers: { "Content-Type": "application/json" },
89
+ body: JSON.stringify({ refresh_token: refreshToken })
90
+ });
91
+ if (refreshRes.ok) {
92
+ const newTokens = await refreshRes.json();
93
+ const meRes = await fetch(`${apiUrl}/api/platform/auth/me`, {
94
+ headers: { Authorization: `Bearer ${newTokens.access_token}` }
95
+ });
96
+ if (meRes.ok) {
97
+ const meData = await meRes.json();
98
+ const newUser = meData.data ?? meData;
99
+ const isProduction = process.env.NODE_ENV === "production";
100
+ const response2 = import_server.NextResponse.next();
101
+ response2.cookies.set(import_shared.COOKIE_AUTH_TOKEN, newTokens.access_token, {
102
+ httpOnly: true,
103
+ secure: isProduction,
104
+ sameSite: "lax",
105
+ path: "/",
106
+ maxAge: newTokens.expires_in
107
+ });
108
+ response2.cookies.set(import_shared.COOKIE_REFRESH_TOKEN, newTokens.refresh_token, {
109
+ httpOnly: true,
110
+ secure: isProduction,
111
+ sameSite: "strict",
112
+ path: "/api/auth",
113
+ maxAge: 7 * 24 * 60 * 60
114
+ });
115
+ response2.cookies.set(import_shared.COOKIE_AUTH_SESSION, JSON.stringify({
116
+ user: newUser,
117
+ expiresAt: new Date(Date.now() + newTokens.expires_in * 1e3).toISOString()
118
+ }), {
119
+ httpOnly: false,
120
+ secure: isProduction,
121
+ sameSite: "lax",
122
+ path: "/",
123
+ maxAge: newTokens.expires_in
124
+ });
125
+ return { authObj: null, response: response2 };
126
+ }
91
127
  }
92
- });
93
- if (refreshRes.ok) {
94
- const response2 = import_server.NextResponse.next();
95
- const setCookies = refreshRes.headers.getSetCookie?.() ?? [];
96
- for (const cookie of setCookies) {
97
- response2.headers.append("Set-Cookie", cookie);
128
+ } else {
129
+ const refreshUrl = new URL("/api/auth/refresh", req.url);
130
+ const refreshRes = await fetch(refreshUrl.toString(), {
131
+ method: "POST",
132
+ headers: {
133
+ "Content-Type": "application/json",
134
+ Cookie: req.headers.get("cookie") ?? ""
135
+ }
136
+ });
137
+ if (refreshRes.ok) {
138
+ const response2 = import_server.NextResponse.next();
139
+ const setCookies = refreshRes.headers.getSetCookie?.() ?? [];
140
+ for (const cookie of setCookies) {
141
+ response2.headers.append("Set-Cookie", cookie);
142
+ }
143
+ return { authObj: null, response: response2 };
98
144
  }
99
- return { authObj: null, response: response2 };
100
145
  }
101
146
  } catch {
102
147
  }
@@ -126,6 +171,7 @@ async function runAuthCheck(req, signInUrl) {
126
171
  }
127
172
  function inaiAuthMiddleware(config = {}) {
128
173
  const {
174
+ apiUrl = import_shared.DEFAULT_API_URL,
129
175
  publicRoutes = [],
130
176
  signInUrl = "/login",
131
177
  beforeAuth,
@@ -140,7 +186,7 @@ function inaiAuthMiddleware(config = {}) {
140
186
  if (isPublicRoute(req, publicRoutes, builtinPublic)) {
141
187
  return import_server.NextResponse.next();
142
188
  }
143
- const { authObj, response } = await runAuthCheck(req, signInUrl);
189
+ const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);
144
190
  if (response) return response;
145
191
  if (!authObj)
146
192
  return import_server.NextResponse.redirect(new URL(signInUrl, req.url));
@@ -153,6 +199,7 @@ function inaiAuthMiddleware(config = {}) {
153
199
  }
154
200
  function withInAIAuth(wrappedMiddleware, config = {}) {
155
201
  const {
202
+ apiUrl = import_shared.DEFAULT_API_URL,
156
203
  publicRoutes = [],
157
204
  signInUrl = "/login",
158
205
  beforeAuth,
@@ -166,7 +213,7 @@ function withInAIAuth(wrappedMiddleware, config = {}) {
166
213
  }
167
214
  const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);
168
215
  if (!isPublic) {
169
- const { authObj, response } = await runAuthCheck(req, signInUrl);
216
+ const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);
170
217
  if (response) return response;
171
218
  if (!authObj)
172
219
  return import_server.NextResponse.redirect(new URL(signInUrl, req.url));
package/dist/middleware.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/middleware.ts"],"sourcesContent":["import { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport type { AuthObject } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n getClaimsFromToken,\n isTokenExpired,\n} from \"@inai-dev/shared\";\n\nexport interface InAIMiddlewareConfig {\n publicRoutes?: string[] | ((req: NextRequest) => boolean);\n signInUrl?: string;\n beforeAuth?: (req: NextRequest) => NextResponse | void;\n afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;\n}\n\nexport function createRouteMatcher(\n patterns: (string | RegExp)[],\n): (req: NextRequest) => boolean {\n const matchers = patterns.map((pattern) => {\n if (pattern instanceof RegExp) return pattern;\n let regexStr = pattern;\n if (regexStr.endsWith(\"*\") && !regexStr.includes(\"(\")) {\n regexStr = regexStr.slice(0, -1) + \".*\";\n }\n return new RegExp(`^${regexStr}$`);\n });\n\n return (req: NextRequest) => {\n const pathname = req.nextUrl.pathname;\n return matchers.some((m) => m.test(pathname));\n };\n}\n\nfunction matchesRoute(pathname: string, patterns: string[]): boolean {\n return patterns.some((pattern) => {\n if (pattern.endsWith(\"*\")) {\n return pathname.startsWith(pattern.slice(0, -1));\n }\n return pathname === pattern;\n });\n}\n\nfunction isPublicRoute(\n req: NextRequest,\n publicRoutes: string[] | ((req: NextRequest) => boolean),\n builtinPublic: string[],\n): boolean {\n const pathname = req.nextUrl.pathname;\n if (matchesRoute(pathname, builtinPublic)) return true;\n if (typeof publicRoutes === \"function\") return publicRoutes(req);\n return matchesRoute(pathname, publicRoutes);\n}\n\nfunction buildAuthObject(\n token: string,\n claims: NonNullable<ReturnType<typeof getClaimsFromToken>>,\n): AuthObject {\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has: (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n },\n };\n}\n\nasync function runAuthCheck(\n req: NextRequest,\n signInUrl: string,\n): Promise<{ authObj: AuthObject | null; response?: NextResponse }> {\n const { pathname } = req.nextUrl;\n const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;\n\n if (!token || isTokenExpired(token)) {\n const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n try {\n const refreshUrl = new URL(\"/api/auth/refresh\", req.url);\n const refreshRes = await fetch(refreshUrl.toString(), {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Cookie: req.headers.get(\"cookie\") ?? \"\",\n },\n });\n if (refreshRes.ok) {\n const response = NextResponse.next();\n const setCookies = refreshRes.headers.getSetCookie?.() ?? [];\n for (const cookie of setCookies) {\n response.headers.append(\"Set-Cookie\", cookie);\n }\n return { authObj: null, response };\n }\n } catch {\n // Refresh failed, fall through to redirect\n }\n }\n\n const response = NextResponse.redirect(\n new URL(\n `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,\n req.url,\n ),\n );\n response.cookies.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n response.cookies.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n return { authObj: null, response };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n authObj: null,\n response: NextResponse.redirect(new URL(signInUrl, req.url)),\n };\n }\n\n return { authObj: buildAuthObject(token, claims) };\n}\n\nexport function inaiAuthMiddleware(config: InAIMiddlewareConfig = {}) {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n if (isPublicRoute(req, publicRoutes, builtinPublic)) {\n return NextResponse.next();\n }\n\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n return NextResponse.next();\n };\n}\n\nexport function withInAIAuth(\n wrappedMiddleware: (\n req: NextRequest,\n ) => NextResponse | Response | Promise<NextResponse | Response>,\n config: InAIMiddlewareConfig = {},\n): (req: NextRequest) => Promise<NextResponse> {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);\n\n if (!isPublic) {\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n const authHeader = JSON.stringify({\n userId: authObj.userId,\n tenantId: authObj.tenantId,\n appId: authObj.appId,\n envId: authObj.envId,\n orgId: authObj.orgId,\n orgRole: authObj.orgRole,\n });\n req.headers.set(\"x-inai-auth\", authHeader);\n }\n\n const wrappedResponse = await wrappedMiddleware(req);\n if (wrappedResponse instanceof NextResponse) return wrappedResponse;\n return new NextResponse(wrappedResponse.body, wrappedResponse);\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA6B;AAG7B,oBAMO;AASA,SAAS,mBACd,UAC+B;AAC/B,QAAM,WAAW,SAAS,IAAI,CAAC,YAAY;AACzC,QAAI,mBAAmB,OAAQ,QAAO;AACtC,QAAI,WAAW;AACf,QAAI,SAAS,SAAS,GAAG,KAAK,CAAC,SAAS,SAAS,GAAG,GAAG;AACrD,iBAAW,SAAS,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC;AACA,WAAO,IAAI,OAAO,IAAI,QAAQ,GAAG;AAAA,EACnC,CAAC;AAED,SAAO,CAAC,QAAqB;AAC3B,UAAM,WAAW,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,MAAM,EAAE,KAAK,QAAQ,CAAC;AAAA,EAC9C;AACF;AAEA,SAAS,aAAa,UAAkB,UAA6B;AACnE,SAAO,SAAS,KAAK,CAAC,YAAY;AAChC,QAAI,QAAQ,SAAS,GAAG,GAAG;AACzB,aAAO,SAAS,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,IACjD;AACA,WAAO,aAAa;AAAA,EACtB,CAAC;AACH;AAEA,SAAS,cACP,KACA,cACA,eACS;AACT,QAAM,WAAW,IAAI,QAAQ;AAC7B,MAAI,aAAa,UAAU,aAAa,EAAG,QAAO;AAClD,MAAI,OAAO,iBAAiB,WAAY,QAAO,aAAa,GAAG;AAC/D,SAAO,aAAa,UAAU,YAAY;AAC5C;AAEA,SAAS,gBACP,OACA,QACY;AACZ,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAC3C,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB,KAAK,CAAC,WAAmD;AACvD,UAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,UAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,eAAO;AACT,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAe,aACb,KACA,WACkE;AAClE,QAAM,EAAE,SAAS,IAAI,IAAI;AACzB,QAAM,QAAQ,IAAI,QAAQ,IAAI,+BAAiB,GAAG;AAElD,MAAI,CAAC,aAAS,8BAAe,KAAK,GAAG;AACnC,UAAM,eAAe,IAAI,QAAQ,IAAI,kCAAoB,GAAG;AAC5D,QAAI,cAAc;AAChB,UAAI;AACF,cAAM,aAAa,IAAI,IAAI,qBAAqB,IAAI,GAAG;AACvD,cAAM,aAAa,MAAM,MAAM,WAAW,SAAS,GAAG;AAAA,UACpD,QAAQ;AAAA,UACR,SAAS;AAAA,YACP,gBAAgB;AAAA,YAChB,QAAQ,IAAI,QAAQ,IAAI,QAAQ,KAAK;AAAA,UACvC;AAAA,QACF,CAAC;AACD,YAAI,WAAW,IAAI;AACjB,gBAAMA,YAAW,2BAAa,KAAK;AACnC,gBAAM,aAAa,WAAW,QAAQ,eAAe,KAAK,CAAC;AAC3D,qBAAW,UAAU,YAAY;AAC/B,YAAAA,UAAS,QAAQ,OAAO,cAAc,MAAM;AAAA,UAC9C;AACA,iBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,QACnC;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,WAAW,2BAAa;AAAA,MAC5B,IAAI;AAAA,QACF,GAAG,SAAS,aAAa,mBAAmB,QAAQ,CAAC;AAAA,QACrD,IAAI;AAAA,MACN;AAAA,IACF;AACA,aAAS,QAAQ,IAAI,iCAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACpE,aAAS,QAAQ,IAAI,oCAAsB,IAAI;AAAA,MAC7C,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,aAAS,QAAQ,IAAI,mCAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACtE,WAAO,EAAE,SAAS,MAAM,SAAS;AAAA,EACnC;AAEA,QAAM,aAAS,kCAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,2BAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,gBAAgB,OAAO,MAAM,EAAE;AACnD;AAEO,SAAS,mBAAmB,SAA+B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,QAAI,cAAc,KAAK,cAAc,aAAa,GAAG;AACnD,aAAO,2BAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,QAAI,SAAU,QAAO;AACrB,QAAI,CAAC;AACH,aAAO,2BAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,QAAI,WAAW;AACb,YAAM,SAAS,UAAU,SAAS,GAAG;AACrC,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,WAAO,2BAAa,KAAK;AAAA,EAC3B;AACF;AAEO,SAAS,aACd,mBAGA,SAA+B,CAAC,GACa;AAC7C,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,UAAM,WAAW,cAAc,KAAK,cAAc,aAAa;AAE/D,QAAI,CAAC,UAAU;AACb,YAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,UAAI,SAAU,QAAO;AACrB,UAAI,CAAC;AACH,eAAO,2BAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,UAAI,WAAW;AACb,cAAM,SAAS,UAAU,SAAS,GAAG;AACrC,YAAI,OAAQ,QAAO;AAAA,MACrB;AAEA,YAAM,aAAa,KAAK,UAAU;AAAA,QAChC,QAAQ,QAAQ;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,SAAS,QAAQ;AAAA,MACnB,CAAC;AACD,UAAI,QAAQ,IAAI,eAAe,UAAU;AAAA,IAC3C;AAEA,UAAM,kBAAkB,MAAM,kBAAkB,GAAG;AACnD,QAAI,2BAA2B,2BAAc,QAAO;AACpD,WAAO,IAAI,2BAAa,gBAAgB,MAAM,eAAe;AAAA,EAC/D;AACF;","names":["response"]}
1
+ {"version":3,"sources":["../src/middleware.ts"],"sourcesContent":["import { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport type { AuthObject } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n DEFAULT_API_URL,\n getClaimsFromToken,\n isTokenExpired,\n} from \"@inai-dev/shared\";\n\nexport interface InAIMiddlewareConfig {\n apiUrl?: string;\n publicRoutes?: string[] | ((req: NextRequest) => boolean);\n signInUrl?: string;\n beforeAuth?: (req: NextRequest) => NextResponse | void;\n afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;\n}\n\nexport function createRouteMatcher(\n patterns: (string | RegExp)[],\n): (req: NextRequest) => boolean {\n const matchers = patterns.map((pattern) => {\n if (pattern instanceof RegExp) return pattern;\n let regexStr = pattern;\n if (regexStr.endsWith(\"*\") && !regexStr.includes(\"(\")) {\n regexStr = regexStr.slice(0, -1) + \".*\";\n }\n return new RegExp(`^${regexStr}$`);\n });\n\n return (req: NextRequest) => {\n const pathname = req.nextUrl.pathname;\n return matchers.some((m) => m.test(pathname));\n };\n}\n\nfunction matchesRoute(pathname: string, patterns: string[]): boolean {\n return patterns.some((pattern) => {\n if (pattern.endsWith(\"*\")) {\n return pathname.startsWith(pattern.slice(0, -1));\n }\n return pathname === pattern;\n });\n}\n\nfunction isPublicRoute(\n req: NextRequest,\n publicRoutes: string[] | ((req: NextRequest) => boolean),\n builtinPublic: string[],\n): boolean {\n const pathname = req.nextUrl.pathname;\n if (matchesRoute(pathname, builtinPublic)) return true;\n if (typeof publicRoutes === \"function\") return publicRoutes(req);\n return matchesRoute(pathname, publicRoutes);\n}\n\nfunction buildAuthObject(\n token: string,\n claims: NonNullable<ReturnType<typeof getClaimsFromToken>>,\n): AuthObject {\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has: (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n },\n };\n}\n\nasync function runAuthCheck(\n req: NextRequest,\n signInUrl: string,\n apiUrl?: string,\n): Promise<{ authObj: AuthObject | null; response?: NextResponse }> {\n const { pathname } = req.nextUrl;\n const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;\n\n if (!token || isTokenExpired(token)) {\n const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n try {\n if (apiUrl) {\n const refreshRes = await fetch(`${apiUrl}/api/platform/auth/refresh`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ refresh_token: refreshToken }),\n });\n if (refreshRes.ok) {\n const newTokens = await refreshRes.json() as {\n access_token: string;\n refresh_token: string;\n expires_in: number;\n };\n const meRes = await fetch(`${apiUrl}/api/platform/auth/me`, {\n headers: { Authorization: `Bearer ${newTokens.access_token}` },\n });\n if (meRes.ok) {\n const meData = await meRes.json();\n const newUser = meData.data ?? meData;\n const isProduction = process.env.NODE_ENV === \"production\";\n const response = NextResponse.next();\n response.cookies.set(COOKIE_AUTH_TOKEN, newTokens.access_token, {\n httpOnly: true, secure: isProduction, sameSite: \"lax\",\n path: \"/\", maxAge: newTokens.expires_in,\n });\n response.cookies.set(COOKIE_REFRESH_TOKEN, newTokens.refresh_token, {\n httpOnly: true, secure: isProduction, sameSite: \"strict\",\n path: \"/api/auth\", maxAge: 7 * 24 * 60 * 60,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, JSON.stringify({\n user: newUser,\n expiresAt: new Date(Date.now() + newTokens.expires_in * 1000).toISOString(),\n }), {\n httpOnly: false, secure: isProduction, sameSite: \"lax\",\n path: \"/\", maxAge: newTokens.expires_in,\n });\n return { authObj: null, response };\n }\n }\n } else {\n const refreshUrl = new URL(\"/api/auth/refresh\", req.url);\n const refreshRes = await fetch(refreshUrl.toString(), {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Cookie: req.headers.get(\"cookie\") ?? \"\",\n },\n });\n if (refreshRes.ok) {\n const response = NextResponse.next();\n const setCookies = refreshRes.headers.getSetCookie?.() ?? [];\n for (const cookie of setCookies) {\n response.headers.append(\"Set-Cookie\", cookie);\n }\n return { authObj: null, response };\n }\n }\n } catch {\n // Refresh failed, fall through to redirect\n }\n }\n\n const response = NextResponse.redirect(\n new URL(\n `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,\n req.url,\n ),\n );\n response.cookies.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n response.cookies.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n return { authObj: null, response };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n authObj: null,\n response: NextResponse.redirect(new URL(signInUrl, req.url)),\n };\n }\n\n return { authObj: buildAuthObject(token, claims) };\n}\n\nexport function inaiAuthMiddleware(config: InAIMiddlewareConfig = {}) {\n const {\n apiUrl = DEFAULT_API_URL,\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n if (isPublicRoute(req, publicRoutes, builtinPublic)) {\n return NextResponse.next();\n }\n\n const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n return NextResponse.next();\n };\n}\n\nexport function withInAIAuth(\n wrappedMiddleware: (\n req: NextRequest,\n ) => NextResponse | Response | Promise<NextResponse | Response>,\n config: InAIMiddlewareConfig = {},\n): (req: NextRequest) => Promise<NextResponse> {\n const {\n apiUrl = DEFAULT_API_URL,\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);\n\n if (!isPublic) {\n const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n const authHeader = JSON.stringify({\n userId: authObj.userId,\n tenantId: authObj.tenantId,\n appId: authObj.appId,\n envId: authObj.envId,\n orgId: authObj.orgId,\n orgRole: authObj.orgRole,\n });\n req.headers.set(\"x-inai-auth\", authHeader);\n }\n\n const wrappedResponse = await wrappedMiddleware(req);\n if (wrappedResponse instanceof NextResponse) return wrappedResponse;\n return new NextResponse(wrappedResponse.body, wrappedResponse);\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA6B;AAG7B,oBAOO;AAUA,SAAS,mBACd,UAC+B;AAC/B,QAAM,WAAW,SAAS,IAAI,CAAC,YAAY;AACzC,QAAI,mBAAmB,OAAQ,QAAO;AACtC,QAAI,WAAW;AACf,QAAI,SAAS,SAAS,GAAG,KAAK,CAAC,SAAS,SAAS,GAAG,GAAG;AACrD,iBAAW,SAAS,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC;AACA,WAAO,IAAI,OAAO,IAAI,QAAQ,GAAG;AAAA,EACnC,CAAC;AAED,SAAO,CAAC,QAAqB;AAC3B,UAAM,WAAW,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,MAAM,EAAE,KAAK,QAAQ,CAAC;AAAA,EAC9C;AACF;AAEA,SAAS,aAAa,UAAkB,UAA6B;AACnE,SAAO,SAAS,KAAK,CAAC,YAAY;AAChC,QAAI,QAAQ,SAAS,GAAG,GAAG;AACzB,aAAO,SAAS,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,IACjD;AACA,WAAO,aAAa;AAAA,EACtB,CAAC;AACH;AAEA,SAAS,cACP,KACA,cACA,eACS;AACT,QAAM,WAAW,IAAI,QAAQ;AAC7B,MAAI,aAAa,UAAU,aAAa,EAAG,QAAO;AAClD,MAAI,OAAO,iBAAiB,WAAY,QAAO,aAAa,GAAG;AAC/D,SAAO,aAAa,UAAU,YAAY;AAC5C;AAEA,SAAS,gBACP,OACA,QACY;AACZ,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAC3C,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB,KAAK,CAAC,WAAmD;AACvD,UAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,UAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,eAAO;AACT,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAe,aACb,KACA,WACA,QACkE;AAClE,QAAM,EAAE,SAAS,IAAI,IAAI;AACzB,QAAM,QAAQ,IAAI,QAAQ,IAAI,+BAAiB,GAAG;AAElD,MAAI,CAAC,aAAS,8BAAe,KAAK,GAAG;AACnC,UAAM,eAAe,IAAI,QAAQ,IAAI,kCAAoB,GAAG;AAC5D,QAAI,cAAc;AAChB,UAAI;AACF,YAAI,QAAQ;AACV,gBAAM,aAAa,MAAM,MAAM,GAAG,MAAM,8BAA8B;AAAA,YACpE,QAAQ;AAAA,YACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,YAC9C,MAAM,KAAK,UAAU,EAAE,eAAe,aAAa,CAAC;AAAA,UACtD,CAAC;AACD,cAAI,WAAW,IAAI;AACjB,kBAAM,YAAY,MAAM,WAAW,KAAK;AAKxC,kBAAM,QAAQ,MAAM,MAAM,GAAG,MAAM,yBAAyB;AAAA,cAC1D,SAAS,EAAE,eAAe,UAAU,UAAU,YAAY,GAAG;AAAA,YAC/D,CAAC;AACD,gBAAI,MAAM,IAAI;AACZ,oBAAM,SAAS,MAAM,MAAM,KAAK;AAChC,oBAAM,UAAU,OAAO,QAAQ;AAC/B,oBAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,oBAAMA,YAAW,2BAAa,KAAK;AACnC,cAAAA,UAAS,QAAQ,IAAI,iCAAmB,UAAU,cAAc;AAAA,gBAC9D,UAAU;AAAA,gBAAM,QAAQ;AAAA,gBAAc,UAAU;AAAA,gBAChD,MAAM;AAAA,gBAAK,QAAQ,UAAU;AAAA,cAC/B,CAAC;AACD,cAAAA,UAAS,QAAQ,IAAI,oCAAsB,UAAU,eAAe;AAAA,gBAClE,UAAU;AAAA,gBAAM,QAAQ;AAAA,gBAAc,UAAU;AAAA,gBAChD,MAAM;AAAA,gBAAa,QAAQ,IAAI,KAAK,KAAK;AAAA,cAC3C,CAAC;AACD,cAAAA,UAAS,QAAQ,IAAI,mCAAqB,KAAK,UAAU;AAAA,gBACvD,MAAM;AAAA,gBACN,WAAW,IAAI,KAAK,KAAK,IAAI,IAAI,UAAU,aAAa,GAAI,EAAE,YAAY;AAAA,cAC5E,CAAC,GAAG;AAAA,gBACF,UAAU;AAAA,gBAAO,QAAQ;AAAA,gBAAc,UAAU;AAAA,gBACjD,MAAM;AAAA,gBAAK,QAAQ,UAAU;AAAA,cAC/B,CAAC;AACD,qBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,YACnC;AAAA,UACF;AAAA,QACF,OAAO;AACL,gBAAM,aAAa,IAAI,IAAI,qBAAqB,IAAI,GAAG;AACvD,gBAAM,aAAa,MAAM,MAAM,WAAW,SAAS,GAAG;AAAA,YACpD,QAAQ;AAAA,YACR,SAAS;AAAA,cACP,gBAAgB;AAAA,cAChB,QAAQ,IAAI,QAAQ,IAAI,QAAQ,KAAK;AAAA,YACvC;AAAA,UACF,CAAC;AACD,cAAI,WAAW,IAAI;AACjB,kBAAMA,YAAW,2BAAa,KAAK;AACnC,kBAAM,aAAa,WAAW,QAAQ,eAAe,KAAK,CAAC;AAC3D,uBAAW,UAAU,YAAY;AAC/B,cAAAA,UAAS,QAAQ,OAAO,cAAc,MAAM;AAAA,YAC9C;AACA,mBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,UACnC;AAAA,QACF;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,WAAW,2BAAa;AAAA,MAC5B,IAAI;AAAA,QACF,GAAG,SAAS,aAAa,mBAAmB,QAAQ,CAAC;AAAA,QACrD,IAAI;AAAA,MACN;AAAA,IACF;AACA,aAAS,QAAQ,IAAI,iCAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACpE,aAAS,QAAQ,IAAI,oCAAsB,IAAI;AAAA,MAC7C,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,aAAS,QAAQ,IAAI,mCAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACtE,WAAO,EAAE,SAAS,MAAM,SAAS;AAAA,EACnC;AAEA,QAAM,aAAS,kCAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,2BAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,gBAAgB,OAAO,MAAM,EAAE;AACnD;AAEO,SAAS,mBAAmB,SAA+B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,SAAS;AAAA,IACT,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,QAAI,cAAc,KAAK,cAAc,aAAa,GAAG;AACnD,aAAO,2BAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,WAAW,MAAM;AACvE,QAAI,SAAU,QAAO;AACrB,QAAI,CAAC;AACH,aAAO,2BAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,QAAI,WAAW;AACb,YAAM,SAAS,UAAU,SAAS,GAAG;AACrC,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,WAAO,2BAAa,KAAK;AAAA,EAC3B;AACF;AAEO,SAAS,aACd,mBAGA,SAA+B,CAAC,GACa;AAC7C,QAAM;AAAA,IACJ,SAAS;AAAA,IACT,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,UAAM,WAAW,cAAc,KAAK,cAAc,aAAa;AAE/D,QAAI,CAAC,UAAU;AACb,YAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,WAAW,MAAM;AACvE,UAAI,SAAU,QAAO;AACrB,UAAI,CAAC;AACH,eAAO,2BAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,UAAI,WAAW;AACb,cAAM,SAAS,UAAU,SAAS,GAAG;AACrC,YAAI,OAAQ,QAAO;AAAA,MACrB;AAEA,YAAM,aAAa,KAAK,UAAU;AAAA,QAChC,QAAQ,QAAQ;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,SAAS,QAAQ;AAAA,MACnB,CAAC;AACD,UAAI,QAAQ,IAAI,eAAe,UAAU;AAAA,IAC3C;AAEA,UAAM,kBAAkB,MAAM,kBAAkB,GAAG;AACnD,QAAI,2BAA2B,2BAAc,QAAO;AACpD,WAAO,IAAI,2BAAa,gBAAgB,MAAM,eAAe;AAAA,EAC/D;AACF;","names":["response"]}
package/dist/middleware.d.cts CHANGED
@@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
2
2
  import { AuthObject } from '@inai-dev/types';
3
3
 
4
4
  interface InAIMiddlewareConfig {
5
+ apiUrl?: string;
5
6
  publicRoutes?: string[] | ((req: NextRequest) => boolean);
6
7
  signInUrl?: string;
7
8
  beforeAuth?: (req: NextRequest) => NextResponse | void;
package/dist/middleware.d.ts CHANGED
@@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
2
2
  import { AuthObject } from '@inai-dev/types';
3
3
 
4
4
  interface InAIMiddlewareConfig {
5
+ apiUrl?: string;
5
6
  publicRoutes?: string[] | ((req: NextRequest) => boolean);
6
7
  signInUrl?: string;
7
8
  beforeAuth?: (req: NextRequest) => NextResponse | void;
package/dist/middleware.js CHANGED
@@ -4,6 +4,7 @@ import {
4
4
  COOKIE_AUTH_TOKEN,
5
5
  COOKIE_AUTH_SESSION,
6
6
  COOKIE_REFRESH_TOKEN,
7
+ DEFAULT_API_URL,
7
8
  getClaimsFromToken,
8
9
  isTokenExpired
9
10
  } from "@inai-dev/shared";
@@ -55,28 +56,73 @@ function buildAuthObject(token, claims) {
55
56
  }
56
57
  };
57
58
  }
58
- async function runAuthCheck(req, signInUrl) {
59
+ async function runAuthCheck(req, signInUrl, apiUrl) {
59
60
  const { pathname } = req.nextUrl;
60
61
  const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;
61
62
  if (!token || isTokenExpired(token)) {
62
63
  const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;
63
64
  if (refreshToken) {
64
65
  try {
65
- const refreshUrl = new URL("/api/auth/refresh", req.url);
66
- const refreshRes = await fetch(refreshUrl.toString(), {
67
- method: "POST",
68
- headers: {
69
- "Content-Type": "application/json",
70
- Cookie: req.headers.get("cookie") ?? ""
66
+ if (apiUrl) {
67
+ const refreshRes = await fetch(`${apiUrl}/api/platform/auth/refresh`, {
68
+ method: "POST",
69
+ headers: { "Content-Type": "application/json" },
70
+ body: JSON.stringify({ refresh_token: refreshToken })
71
+ });
72
+ if (refreshRes.ok) {
73
+ const newTokens = await refreshRes.json();
74
+ const meRes = await fetch(`${apiUrl}/api/platform/auth/me`, {
75
+ headers: { Authorization: `Bearer ${newTokens.access_token}` }
76
+ });
77
+ if (meRes.ok) {
78
+ const meData = await meRes.json();
79
+ const newUser = meData.data ?? meData;
80
+ const isProduction = process.env.NODE_ENV === "production";
81
+ const response2 = NextResponse.next();
82
+ response2.cookies.set(COOKIE_AUTH_TOKEN, newTokens.access_token, {
83
+ httpOnly: true,
84
+ secure: isProduction,
85
+ sameSite: "lax",
86
+ path: "/",
87
+ maxAge: newTokens.expires_in
88
+ });
89
+ response2.cookies.set(COOKIE_REFRESH_TOKEN, newTokens.refresh_token, {
90
+ httpOnly: true,
91
+ secure: isProduction,
92
+ sameSite: "strict",
93
+ path: "/api/auth",
94
+ maxAge: 7 * 24 * 60 * 60
95
+ });
96
+ response2.cookies.set(COOKIE_AUTH_SESSION, JSON.stringify({
97
+ user: newUser,
98
+ expiresAt: new Date(Date.now() + newTokens.expires_in * 1e3).toISOString()
99
+ }), {
100
+ httpOnly: false,
101
+ secure: isProduction,
102
+ sameSite: "lax",
103
+ path: "/",
104
+ maxAge: newTokens.expires_in
105
+ });
106
+ return { authObj: null, response: response2 };
107
+ }
71
108
  }
72
- });
73
- if (refreshRes.ok) {
74
- const response2 = NextResponse.next();
75
- const setCookies = refreshRes.headers.getSetCookie?.() ?? [];
76
- for (const cookie of setCookies) {
77
- response2.headers.append("Set-Cookie", cookie);
109
+ } else {
110
+ const refreshUrl = new URL("/api/auth/refresh", req.url);
111
+ const refreshRes = await fetch(refreshUrl.toString(), {
112
+ method: "POST",
113
+ headers: {
114
+ "Content-Type": "application/json",
115
+ Cookie: req.headers.get("cookie") ?? ""
116
+ }
117
+ });
118
+ if (refreshRes.ok) {
119
+ const response2 = NextResponse.next();
120
+ const setCookies = refreshRes.headers.getSetCookie?.() ?? [];
121
+ for (const cookie of setCookies) {
122
+ response2.headers.append("Set-Cookie", cookie);
123
+ }
124
+ return { authObj: null, response: response2 };
78
125
  }
79
- return { authObj: null, response: response2 };
80
126
  }
81
127
  } catch {
82
128
  }
@@ -106,6 +152,7 @@ async function runAuthCheck(req, signInUrl) {
106
152
  }
107
153
  function inaiAuthMiddleware(config = {}) {
108
154
  const {
155
+ apiUrl = DEFAULT_API_URL,
109
156
  publicRoutes = [],
110
157
  signInUrl = "/login",
111
158
  beforeAuth,
@@ -120,7 +167,7 @@ function inaiAuthMiddleware(config = {}) {
120
167
  if (isPublicRoute(req, publicRoutes, builtinPublic)) {
121
168
  return NextResponse.next();
122
169
  }
123
- const { authObj, response } = await runAuthCheck(req, signInUrl);
170
+ const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);
124
171
  if (response) return response;
125
172
  if (!authObj)
126
173
  return NextResponse.redirect(new URL(signInUrl, req.url));
@@ -133,6 +180,7 @@ function inaiAuthMiddleware(config = {}) {
133
180
  }
134
181
  function withInAIAuth(wrappedMiddleware, config = {}) {
135
182
  const {
183
+ apiUrl = DEFAULT_API_URL,
136
184
  publicRoutes = [],
137
185
  signInUrl = "/login",
138
186
  beforeAuth,
@@ -146,7 +194,7 @@ function withInAIAuth(wrappedMiddleware, config = {}) {
146
194
  }
147
195
  const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);
148
196
  if (!isPublic) {
149
- const { authObj, response } = await runAuthCheck(req, signInUrl);
197
+ const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);
150
198
  if (response) return response;
151
199
  if (!authObj)
152
200
  return NextResponse.redirect(new URL(signInUrl, req.url));
package/dist/middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/middleware.ts"],"sourcesContent":["import { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport type { AuthObject } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n getClaimsFromToken,\n isTokenExpired,\n} from \"@inai-dev/shared\";\n\nexport interface InAIMiddlewareConfig {\n publicRoutes?: string[] | ((req: NextRequest) => boolean);\n signInUrl?: string;\n beforeAuth?: (req: NextRequest) => NextResponse | void;\n afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;\n}\n\nexport function createRouteMatcher(\n patterns: (string | RegExp)[],\n): (req: NextRequest) => boolean {\n const matchers = patterns.map((pattern) => {\n if (pattern instanceof RegExp) return pattern;\n let regexStr = pattern;\n if (regexStr.endsWith(\"*\") && !regexStr.includes(\"(\")) {\n regexStr = regexStr.slice(0, -1) + \".*\";\n }\n return new RegExp(`^${regexStr}$`);\n });\n\n return (req: NextRequest) => {\n const pathname = req.nextUrl.pathname;\n return matchers.some((m) => m.test(pathname));\n };\n}\n\nfunction matchesRoute(pathname: string, patterns: string[]): boolean {\n return patterns.some((pattern) => {\n if (pattern.endsWith(\"*\")) {\n return pathname.startsWith(pattern.slice(0, -1));\n }\n return pathname === pattern;\n });\n}\n\nfunction isPublicRoute(\n req: NextRequest,\n publicRoutes: string[] | ((req: NextRequest) => boolean),\n builtinPublic: string[],\n): boolean {\n const pathname = req.nextUrl.pathname;\n if (matchesRoute(pathname, builtinPublic)) return true;\n if (typeof publicRoutes === \"function\") return publicRoutes(req);\n return matchesRoute(pathname, publicRoutes);\n}\n\nfunction buildAuthObject(\n token: string,\n claims: NonNullable<ReturnType<typeof getClaimsFromToken>>,\n): AuthObject {\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has: (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n },\n };\n}\n\nasync function runAuthCheck(\n req: NextRequest,\n signInUrl: string,\n): Promise<{ authObj: AuthObject | null; response?: NextResponse }> {\n const { pathname } = req.nextUrl;\n const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;\n\n if (!token || isTokenExpired(token)) {\n const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n try {\n const refreshUrl = new URL(\"/api/auth/refresh\", req.url);\n const refreshRes = await fetch(refreshUrl.toString(), {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Cookie: req.headers.get(\"cookie\") ?? \"\",\n },\n });\n if (refreshRes.ok) {\n const response = NextResponse.next();\n const setCookies = refreshRes.headers.getSetCookie?.() ?? [];\n for (const cookie of setCookies) {\n response.headers.append(\"Set-Cookie\", cookie);\n }\n return { authObj: null, response };\n }\n } catch {\n // Refresh failed, fall through to redirect\n }\n }\n\n const response = NextResponse.redirect(\n new URL(\n `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,\n req.url,\n ),\n );\n response.cookies.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n response.cookies.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n return { authObj: null, response };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n authObj: null,\n response: NextResponse.redirect(new URL(signInUrl, req.url)),\n };\n }\n\n return { authObj: buildAuthObject(token, claims) };\n}\n\nexport function inaiAuthMiddleware(config: InAIMiddlewareConfig = {}) {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n if (isPublicRoute(req, publicRoutes, builtinPublic)) {\n return NextResponse.next();\n }\n\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n return NextResponse.next();\n };\n}\n\nexport function withInAIAuth(\n wrappedMiddleware: (\n req: NextRequest,\n ) => NextResponse | Response | Promise<NextResponse | Response>,\n config: InAIMiddlewareConfig = {},\n): (req: NextRequest) => Promise<NextResponse> {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);\n\n if (!isPublic) {\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n const authHeader = JSON.stringify({\n userId: authObj.userId,\n tenantId: authObj.tenantId,\n appId: authObj.appId,\n envId: authObj.envId,\n orgId: authObj.orgId,\n orgRole: authObj.orgRole,\n });\n req.headers.set(\"x-inai-auth\", authHeader);\n }\n\n const wrappedResponse = await wrappedMiddleware(req);\n if (wrappedResponse instanceof NextResponse) return wrappedResponse;\n return new NextResponse(wrappedResponse.body, wrappedResponse);\n };\n}\n"],"mappings":";AAAA,SAAS,oBAAoB;AAG7B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASA,SAAS,mBACd,UAC+B;AAC/B,QAAM,WAAW,SAAS,IAAI,CAAC,YAAY;AACzC,QAAI,mBAAmB,OAAQ,QAAO;AACtC,QAAI,WAAW;AACf,QAAI,SAAS,SAAS,GAAG,KAAK,CAAC,SAAS,SAAS,GAAG,GAAG;AACrD,iBAAW,SAAS,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC;AACA,WAAO,IAAI,OAAO,IAAI,QAAQ,GAAG;AAAA,EACnC,CAAC;AAED,SAAO,CAAC,QAAqB;AAC3B,UAAM,WAAW,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,MAAM,EAAE,KAAK,QAAQ,CAAC;AAAA,EAC9C;AACF;AAEA,SAAS,aAAa,UAAkB,UAA6B;AACnE,SAAO,SAAS,KAAK,CAAC,YAAY;AAChC,QAAI,QAAQ,SAAS,GAAG,GAAG;AACzB,aAAO,SAAS,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,IACjD;AACA,WAAO,aAAa;AAAA,EACtB,CAAC;AACH;AAEA,SAAS,cACP,KACA,cACA,eACS;AACT,QAAM,WAAW,IAAI,QAAQ;AAC7B,MAAI,aAAa,UAAU,aAAa,EAAG,QAAO;AAClD,MAAI,OAAO,iBAAiB,WAAY,QAAO,aAAa,GAAG;AAC/D,SAAO,aAAa,UAAU,YAAY;AAC5C;AAEA,SAAS,gBACP,OACA,QACY;AACZ,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAC3C,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB,KAAK,CAAC,WAAmD;AACvD,UAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,UAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,eAAO;AACT,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAe,aACb,KACA,WACkE;AAClE,QAAM,EAAE,SAAS,IAAI,IAAI;AACzB,QAAM,QAAQ,IAAI,QAAQ,IAAI,iBAAiB,GAAG;AAElD,MAAI,CAAC,SAAS,eAAe,KAAK,GAAG;AACnC,UAAM,eAAe,IAAI,QAAQ,IAAI,oBAAoB,GAAG;AAC5D,QAAI,cAAc;AAChB,UAAI;AACF,cAAM,aAAa,IAAI,IAAI,qBAAqB,IAAI,GAAG;AACvD,cAAM,aAAa,MAAM,MAAM,WAAW,SAAS,GAAG;AAAA,UACpD,QAAQ;AAAA,UACR,SAAS;AAAA,YACP,gBAAgB;AAAA,YAChB,QAAQ,IAAI,QAAQ,IAAI,QAAQ,KAAK;AAAA,UACvC;AAAA,QACF,CAAC;AACD,YAAI,WAAW,IAAI;AACjB,gBAAMA,YAAW,aAAa,KAAK;AACnC,gBAAM,aAAa,WAAW,QAAQ,eAAe,KAAK,CAAC;AAC3D,qBAAW,UAAU,YAAY;AAC/B,YAAAA,UAAS,QAAQ,OAAO,cAAc,MAAM;AAAA,UAC9C;AACA,iBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,QACnC;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,WAAW,aAAa;AAAA,MAC5B,IAAI;AAAA,QACF,GAAG,SAAS,aAAa,mBAAmB,QAAQ,CAAC;AAAA,QACrD,IAAI;AAAA,MACN;AAAA,IACF;AACA,aAAS,QAAQ,IAAI,mBAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACpE,aAAS,QAAQ,IAAI,sBAAsB,IAAI;AAAA,MAC7C,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,aAAS,QAAQ,IAAI,qBAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACtE,WAAO,EAAE,SAAS,MAAM,SAAS;AAAA,EACnC;AAEA,QAAM,SAAS,mBAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,gBAAgB,OAAO,MAAM,EAAE;AACnD;AAEO,SAAS,mBAAmB,SAA+B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,QAAI,cAAc,KAAK,cAAc,aAAa,GAAG;AACnD,aAAO,aAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,QAAI,SAAU,QAAO;AACrB,QAAI,CAAC;AACH,aAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,QAAI,WAAW;AACb,YAAM,SAAS,UAAU,SAAS,GAAG;AACrC,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAEO,SAAS,aACd,mBAGA,SAA+B,CAAC,GACa;AAC7C,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,UAAM,WAAW,cAAc,KAAK,cAAc,aAAa;AAE/D,QAAI,CAAC,UAAU;AACb,YAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,UAAI,SAAU,QAAO;AACrB,UAAI,CAAC;AACH,eAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,UAAI,WAAW;AACb,cAAM,SAAS,UAAU,SAAS,GAAG;AACrC,YAAI,OAAQ,QAAO;AAAA,MACrB;AAEA,YAAM,aAAa,KAAK,UAAU;AAAA,QAChC,QAAQ,QAAQ;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,SAAS,QAAQ;AAAA,MACnB,CAAC;AACD,UAAI,QAAQ,IAAI,eAAe,UAAU;AAAA,IAC3C;AAEA,UAAM,kBAAkB,MAAM,kBAAkB,GAAG;AACnD,QAAI,2BAA2B,aAAc,QAAO;AACpD,WAAO,IAAI,aAAa,gBAAgB,MAAM,eAAe;AAAA,EAC/D;AACF;","names":["response"]}
1
+ {"version":3,"sources":["../src/middleware.ts"],"sourcesContent":["import { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport type { AuthObject } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n DEFAULT_API_URL,\n getClaimsFromToken,\n isTokenExpired,\n} from \"@inai-dev/shared\";\n\nexport interface InAIMiddlewareConfig {\n apiUrl?: string;\n publicRoutes?: string[] | ((req: NextRequest) => boolean);\n signInUrl?: string;\n beforeAuth?: (req: NextRequest) => NextResponse | void;\n afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;\n}\n\nexport function createRouteMatcher(\n patterns: (string | RegExp)[],\n): (req: NextRequest) => boolean {\n const matchers = patterns.map((pattern) => {\n if (pattern instanceof RegExp) return pattern;\n let regexStr = pattern;\n if (regexStr.endsWith(\"*\") && !regexStr.includes(\"(\")) {\n regexStr = regexStr.slice(0, -1) + \".*\";\n }\n return new RegExp(`^${regexStr}$`);\n });\n\n return (req: NextRequest) => {\n const pathname = req.nextUrl.pathname;\n return matchers.some((m) => m.test(pathname));\n };\n}\n\nfunction matchesRoute(pathname: string, patterns: string[]): boolean {\n return patterns.some((pattern) => {\n if (pattern.endsWith(\"*\")) {\n return pathname.startsWith(pattern.slice(0, -1));\n }\n return pathname === pattern;\n });\n}\n\nfunction isPublicRoute(\n req: NextRequest,\n publicRoutes: string[] | ((req: NextRequest) => boolean),\n builtinPublic: string[],\n): boolean {\n const pathname = req.nextUrl.pathname;\n if (matchesRoute(pathname, builtinPublic)) return true;\n if (typeof publicRoutes === \"function\") return publicRoutes(req);\n return matchesRoute(pathname, publicRoutes);\n}\n\nfunction buildAuthObject(\n token: string,\n claims: NonNullable<ReturnType<typeof getClaimsFromToken>>,\n): AuthObject {\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has: (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n },\n };\n}\n\nasync function runAuthCheck(\n req: NextRequest,\n signInUrl: string,\n apiUrl?: string,\n): Promise<{ authObj: AuthObject | null; response?: NextResponse }> {\n const { pathname } = req.nextUrl;\n const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;\n\n if (!token || isTokenExpired(token)) {\n const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n try {\n if (apiUrl) {\n const refreshRes = await fetch(`${apiUrl}/api/platform/auth/refresh`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ refresh_token: refreshToken }),\n });\n if (refreshRes.ok) {\n const newTokens = await refreshRes.json() as {\n access_token: string;\n refresh_token: string;\n expires_in: number;\n };\n const meRes = await fetch(`${apiUrl}/api/platform/auth/me`, {\n headers: { Authorization: `Bearer ${newTokens.access_token}` },\n });\n if (meRes.ok) {\n const meData = await meRes.json();\n const newUser = meData.data ?? meData;\n const isProduction = process.env.NODE_ENV === \"production\";\n const response = NextResponse.next();\n response.cookies.set(COOKIE_AUTH_TOKEN, newTokens.access_token, {\n httpOnly: true, secure: isProduction, sameSite: \"lax\",\n path: \"/\", maxAge: newTokens.expires_in,\n });\n response.cookies.set(COOKIE_REFRESH_TOKEN, newTokens.refresh_token, {\n httpOnly: true, secure: isProduction, sameSite: \"strict\",\n path: \"/api/auth\", maxAge: 7 * 24 * 60 * 60,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, JSON.stringify({\n user: newUser,\n expiresAt: new Date(Date.now() + newTokens.expires_in * 1000).toISOString(),\n }), {\n httpOnly: false, secure: isProduction, sameSite: \"lax\",\n path: \"/\", maxAge: newTokens.expires_in,\n });\n return { authObj: null, response };\n }\n }\n } else {\n const refreshUrl = new URL(\"/api/auth/refresh\", req.url);\n const refreshRes = await fetch(refreshUrl.toString(), {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Cookie: req.headers.get(\"cookie\") ?? \"\",\n },\n });\n if (refreshRes.ok) {\n const response = NextResponse.next();\n const setCookies = refreshRes.headers.getSetCookie?.() ?? [];\n for (const cookie of setCookies) {\n response.headers.append(\"Set-Cookie\", cookie);\n }\n return { authObj: null, response };\n }\n }\n } catch {\n // Refresh failed, fall through to redirect\n }\n }\n\n const response = NextResponse.redirect(\n new URL(\n `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,\n req.url,\n ),\n );\n response.cookies.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n response.cookies.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n return { authObj: null, response };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n authObj: null,\n response: NextResponse.redirect(new URL(signInUrl, req.url)),\n };\n }\n\n return { authObj: buildAuthObject(token, claims) };\n}\n\nexport function inaiAuthMiddleware(config: InAIMiddlewareConfig = {}) {\n const {\n apiUrl = DEFAULT_API_URL,\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n if (isPublicRoute(req, publicRoutes, builtinPublic)) {\n return NextResponse.next();\n }\n\n const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n return NextResponse.next();\n };\n}\n\nexport function withInAIAuth(\n wrappedMiddleware: (\n req: NextRequest,\n ) => NextResponse | Response | Promise<NextResponse | Response>,\n config: InAIMiddlewareConfig = {},\n): (req: NextRequest) => Promise<NextResponse> {\n const {\n apiUrl = DEFAULT_API_URL,\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);\n\n if (!isPublic) {\n const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n const authHeader = JSON.stringify({\n userId: authObj.userId,\n tenantId: authObj.tenantId,\n appId: authObj.appId,\n envId: authObj.envId,\n orgId: authObj.orgId,\n orgRole: authObj.orgRole,\n });\n req.headers.set(\"x-inai-auth\", authHeader);\n }\n\n const wrappedResponse = await wrappedMiddleware(req);\n if (wrappedResponse instanceof NextResponse) return wrappedResponse;\n return new NextResponse(wrappedResponse.body, wrappedResponse);\n };\n}\n"],"mappings":";AAAA,SAAS,oBAAoB;AAG7B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAUA,SAAS,mBACd,UAC+B;AAC/B,QAAM,WAAW,SAAS,IAAI,CAAC,YAAY;AACzC,QAAI,mBAAmB,OAAQ,QAAO;AACtC,QAAI,WAAW;AACf,QAAI,SAAS,SAAS,GAAG,KAAK,CAAC,SAAS,SAAS,GAAG,GAAG;AACrD,iBAAW,SAAS,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC;AACA,WAAO,IAAI,OAAO,IAAI,QAAQ,GAAG;AAAA,EACnC,CAAC;AAED,SAAO,CAAC,QAAqB;AAC3B,UAAM,WAAW,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,MAAM,EAAE,KAAK,QAAQ,CAAC;AAAA,EAC9C;AACF;AAEA,SAAS,aAAa,UAAkB,UAA6B;AACnE,SAAO,SAAS,KAAK,CAAC,YAAY;AAChC,QAAI,QAAQ,SAAS,GAAG,GAAG;AACzB,aAAO,SAAS,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,IACjD;AACA,WAAO,aAAa;AAAA,EACtB,CAAC;AACH;AAEA,SAAS,cACP,KACA,cACA,eACS;AACT,QAAM,WAAW,IAAI,QAAQ;AAC7B,MAAI,aAAa,UAAU,aAAa,EAAG,QAAO;AAClD,MAAI,OAAO,iBAAiB,WAAY,QAAO,aAAa,GAAG;AAC/D,SAAO,aAAa,UAAU,YAAY;AAC5C;AAEA,SAAS,gBACP,OACA,QACY;AACZ,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAC3C,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB,KAAK,CAAC,WAAmD;AACvD,UAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,UAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,eAAO;AACT,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAe,aACb,KACA,WACA,QACkE;AAClE,QAAM,EAAE,SAAS,IAAI,IAAI;AACzB,QAAM,QAAQ,IAAI,QAAQ,IAAI,iBAAiB,GAAG;AAElD,MAAI,CAAC,SAAS,eAAe,KAAK,GAAG;AACnC,UAAM,eAAe,IAAI,QAAQ,IAAI,oBAAoB,GAAG;AAC5D,QAAI,cAAc;AAChB,UAAI;AACF,YAAI,QAAQ;AACV,gBAAM,aAAa,MAAM,MAAM,GAAG,MAAM,8BAA8B;AAAA,YACpE,QAAQ;AAAA,YACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,YAC9C,MAAM,KAAK,UAAU,EAAE,eAAe,aAAa,CAAC;AAAA,UACtD,CAAC;AACD,cAAI,WAAW,IAAI;AACjB,kBAAM,YAAY,MAAM,WAAW,KAAK;AAKxC,kBAAM,QAAQ,MAAM,MAAM,GAAG,MAAM,yBAAyB;AAAA,cAC1D,SAAS,EAAE,eAAe,UAAU,UAAU,YAAY,GAAG;AAAA,YAC/D,CAAC;AACD,gBAAI,MAAM,IAAI;AACZ,oBAAM,SAAS,MAAM,MAAM,KAAK;AAChC,oBAAM,UAAU,OAAO,QAAQ;AAC/B,oBAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,oBAAMA,YAAW,aAAa,KAAK;AACnC,cAAAA,UAAS,QAAQ,IAAI,mBAAmB,UAAU,cAAc;AAAA,gBAC9D,UAAU;AAAA,gBAAM,QAAQ;AAAA,gBAAc,UAAU;AAAA,gBAChD,MAAM;AAAA,gBAAK,QAAQ,UAAU;AAAA,cAC/B,CAAC;AACD,cAAAA,UAAS,QAAQ,IAAI,sBAAsB,UAAU,eAAe;AAAA,gBAClE,UAAU;AAAA,gBAAM,QAAQ;AAAA,gBAAc,UAAU;AAAA,gBAChD,MAAM;AAAA,gBAAa,QAAQ,IAAI,KAAK,KAAK;AAAA,cAC3C,CAAC;AACD,cAAAA,UAAS,QAAQ,IAAI,qBAAqB,KAAK,UAAU;AAAA,gBACvD,MAAM;AAAA,gBACN,WAAW,IAAI,KAAK,KAAK,IAAI,IAAI,UAAU,aAAa,GAAI,EAAE,YAAY;AAAA,cAC5E,CAAC,GAAG;AAAA,gBACF,UAAU;AAAA,gBAAO,QAAQ;AAAA,gBAAc,UAAU;AAAA,gBACjD,MAAM;AAAA,gBAAK,QAAQ,UAAU;AAAA,cAC/B,CAAC;AACD,qBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,YACnC;AAAA,UACF;AAAA,QACF,OAAO;AACL,gBAAM,aAAa,IAAI,IAAI,qBAAqB,IAAI,GAAG;AACvD,gBAAM,aAAa,MAAM,MAAM,WAAW,SAAS,GAAG;AAAA,YACpD,QAAQ;AAAA,YACR,SAAS;AAAA,cACP,gBAAgB;AAAA,cAChB,QAAQ,IAAI,QAAQ,IAAI,QAAQ,KAAK;AAAA,YACvC;AAAA,UACF,CAAC;AACD,cAAI,WAAW,IAAI;AACjB,kBAAMA,YAAW,aAAa,KAAK;AACnC,kBAAM,aAAa,WAAW,QAAQ,eAAe,KAAK,CAAC;AAC3D,uBAAW,UAAU,YAAY;AAC/B,cAAAA,UAAS,QAAQ,OAAO,cAAc,MAAM;AAAA,YAC9C;AACA,mBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,UACnC;AAAA,QACF;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,WAAW,aAAa;AAAA,MAC5B,IAAI;AAAA,QACF,GAAG,SAAS,aAAa,mBAAmB,QAAQ,CAAC;AAAA,QACrD,IAAI;AAAA,MACN;AAAA,IACF;AACA,aAAS,QAAQ,IAAI,mBAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACpE,aAAS,QAAQ,IAAI,sBAAsB,IAAI;AAAA,MAC7C,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,aAAS,QAAQ,IAAI,qBAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACtE,WAAO,EAAE,SAAS,MAAM,SAAS;AAAA,EACnC;AAEA,QAAM,SAAS,mBAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,gBAAgB,OAAO,MAAM,EAAE;AACnD;AAEO,SAAS,mBAAmB,SAA+B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,SAAS;AAAA,IACT,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,QAAI,cAAc,KAAK,cAAc,aAAa,GAAG;AACnD,aAAO,aAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,WAAW,MAAM;AACvE,QAAI,SAAU,QAAO;AACrB,QAAI,CAAC;AACH,aAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,QAAI,WAAW;AACb,YAAM,SAAS,UAAU,SAAS,GAAG;AACrC,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAEO,SAAS,aACd,mBAGA,SAA+B,CAAC,GACa;AAC7C,QAAM;AAAA,IACJ,SAAS;AAAA,IACT,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,UAAM,WAAW,cAAc,KAAK,cAAc,aAAa;AAE/D,QAAI,CAAC,UAAU;AACb,YAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,WAAW,MAAM;AACvE,UAAI,SAAU,QAAO;AACrB,UAAI,CAAC;AACH,eAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,UAAI,WAAW;AACb,cAAM,SAAS,UAAU,SAAS,GAAG;AACrC,YAAI,OAAQ,QAAO;AAAA,MACrB;AAEA,YAAM,aAAa,KAAK,UAAU;AAAA,QAChC,QAAQ,QAAQ;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,SAAS,QAAQ;AAAA,MACnB,CAAC;AACD,UAAI,QAAQ,IAAI,eAAe,UAAU;AAAA,IAC3C;AAEA,UAAM,kBAAkB,MAAM,kBAAkB,GAAG;AACnD,QAAI,2BAA2B,aAAc,QAAO;AACpD,WAAO,IAAI,aAAa,gBAAgB,MAAM,eAAe;AAAA,EAC/D;AACF;","names":["response"]}
package/dist/server.cjs CHANGED
@@ -21,11 +21,15 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
21
21
  var server_exports = {};
22
22
  __export(server_exports, {
23
23
  auth: () => auth,
24
+ clearAuthCookies: () => clearAuthCookies,
24
25
  configureAuth: () => configureAuth,
25
26
  createAuthRoutes: () => createAuthRoutes,
26
27
  createPlatformAuthRoutes: () => createPlatformAuthRoutes,
27
28
  currentUser: () => currentUser,
28
- getAuthConfig: () => getAuthConfig
29
+ getAuthConfig: () => getAuthConfig,
30
+ getAuthTokenFromCookies: () => getAuthTokenFromCookies,
31
+ getRefreshTokenFromCookies: () => getRefreshTokenFromCookies,
32
+ setAuthCookies: () => setAuthCookies
29
33
  });
30
34
  module.exports = __toCommonJS(server_exports);
31
35
  var import_headers3 = require("next/headers");
@@ -122,7 +126,7 @@ function getAuthConfig() {
122
126
  var import_headers = require("next/headers");
123
127
  var import_server = require("next/server");
124
128
  var import_backend = require("@inai-dev/backend");
125
- function createAuthRoutes(config) {
129
+ function createAuthRoutes(config = {}) {
126
130
  const client = new import_backend.InAIAuthClient(config);
127
131
  async function handleLogin(req) {
128
132
  try {
@@ -260,7 +264,7 @@ var import_headers2 = require("next/headers");
260
264
  var import_server2 = require("next/server");
261
265
  var import_backend2 = require("@inai-dev/backend");
262
266
  var import_shared4 = require("@inai-dev/shared");
263
- function createPlatformAuthRoutes(config) {
267
+ function createPlatformAuthRoutes(config = {}) {
264
268
  const client = new import_backend2.InAIAuthClient(config);
265
269
  const isProduction = process.env.NODE_ENV === "production";
266
270
  function setPlatformCookies(cookieStore, tokens, user) {
@@ -519,10 +523,14 @@ async function currentUser(opts) {
519
523
  // Annotate the CommonJS export names for ESM import in node:
520
524
  0 && (module.exports = {
521
525
  auth,
526
+ clearAuthCookies,
522
527
  configureAuth,
523
528
  createAuthRoutes,
524
529
  createPlatformAuthRoutes,
525
530
  currentUser,
526
- getAuthConfig
531
+ getAuthConfig,
532
+ getAuthTokenFromCookies,
533
+ getRefreshTokenFromCookies,
534
+ setAuthCookies
527
535
  });
528
536
  //# sourceMappingURL=server.cjs.map
package/dist/server.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server.ts","../src/cookies.ts","../src/config.ts","../src/api-routes.ts","../src/platform-api-routes.ts"],"sourcesContent":["import { cookies } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n} from \"@inai-dev/types\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\nimport {\n getAuthTokenFromCookies,\n getSessionFromCookies,\n} from \"./cookies\";\nimport { getAuthConfig } from \"./config\";\n\nexport { createAuthRoutes } from \"./api-routes\";\nexport { createPlatformAuthRoutes } from \"./platform-api-routes\";\nexport { configureAuth, getAuthConfig } from \"./config\";\n\nexport async function auth(): Promise<ServerAuthObject> {\n const cookieStore = await cookies();\n const token = getAuthTokenFromCookies(cookieStore);\n const config = getAuthConfig();\n\n function redirectToSignIn(opts?: { returnTo?: string }): never {\n const returnTo = opts?.returnTo;\n const url = returnTo\n ? `${config.signInUrl}?returnTo=${encodeURIComponent(returnTo)}`\n : config.signInUrl;\n redirect(url);\n }\n\n if (!token || isTokenExpired(token)) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n\n const has = (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n };\n\n const protectedObj: ProtectedAuthObject = {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n isSignedIn: true,\n getToken: async () => token,\n has,\n };\n\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has,\n protect: (params?: {\n role?: string;\n permission?: string;\n redirectTo?: string;\n }) => {\n if (params?.role || params?.permission) {\n if (!has({ role: params.role, permission: params.permission })) {\n redirect(params.redirectTo ?? \"/unauthorized\");\n }\n }\n return protectedObj;\n },\n redirectToSignIn,\n };\n}\n\nexport async function currentUser(\n opts?: { fresh?: boolean },\n): Promise<UserResource | null> {\n const cookieStore = await cookies();\n\n if (opts?.fresh) {\n const token = getAuthTokenFromCookies(cookieStore);\n if (!token || isTokenExpired(token)) return null;\n\n const config = getAuthConfig();\n if (!config.apiUrl || !config.publishableKey) {\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n }\n\n const client = new InAIAuthClient({\n apiUrl: config.apiUrl,\n publishableKey: config.publishableKey,\n });\n try {\n const { data } = await client.getMe(token);\n return data;\n } catch {\n return null;\n }\n }\n\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n}\n","import type { UserResource, JWTClaims, TokenPair } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n decodeJWTPayload,\n} from \"@inai-dev/shared\";\n\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\nexport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\n\ninterface CookieStore {\n get(name: string): { value: string } | undefined;\n set(name: string, value: string, options?: Record<string, unknown>): void;\n}\n\ninterface SessionData {\n user: UserResource;\n expiresAt: string;\n permissions?: string[];\n orgId?: string;\n orgRole?: string;\n appId?: string;\n envId?: string;\n}\n\nexport function setAuthCookies(\n cookieStore: CookieStore,\n tokens: TokenPair,\n user: UserResource,\n): void {\n const isProduction = process.env.NODE_ENV === \"production\";\n const claims = decodeJWTPayload(tokens.access_token);\n const expiresAt = claims\n ? new Date(claims.exp * 1000).toISOString()\n : new Date(Date.now() + tokens.expires_in * 1000).toISOString();\n\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n\n const sessionData: SessionData = {\n user,\n expiresAt,\n permissions: claims?.permissions ?? [],\n orgId: claims?.org_id,\n orgRole: claims?.org_role,\n appId: claims?.app_id,\n envId: claims?.env_id,\n };\n cookieStore.set(COOKIE_AUTH_SESSION, JSON.stringify(sessionData), {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n}\n\nexport function clearAuthCookies(\n cookieStore: CookieStore,\n): void {\n const opts = { path: \"/\", maxAge: 0 };\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", opts);\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", { ...opts, path: \"/api/auth\" });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", opts);\n}\n\nexport function getAuthTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_AUTH_TOKEN)?.value ?? null;\n}\n\nexport function getRefreshTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_REFRESH_TOKEN)?.value ?? null;\n}\n\nexport function getSessionFromCookies(\n cookieStore: CookieStore,\n): SessionData | null {\n const raw = cookieStore.get(COOKIE_AUTH_SESSION)?.value;\n if (!raw) return null;\n try {\n return JSON.parse(raw) as SessionData;\n } catch {\n return null;\n }\n}\n","import type { InAIAuthSDKConfig } from \"@inai-dev/types\";\n\ntype ResolvedConfig = Required<InAIAuthSDKConfig>;\n\nconst defaults: ResolvedConfig = {\n signInUrl: \"/login\",\n signUpUrl: \"/register\",\n afterSignInUrl: \"/\",\n afterSignOutUrl: \"/login\",\n apiUrl: \"\",\n publishableKey: \"\",\n};\n\nlet userConfig: Partial<InAIAuthSDKConfig> = {};\n\nexport function configureAuth(config: InAIAuthSDKConfig): void {\n userConfig = config;\n}\n\nexport function getAuthConfig(): ResolvedConfig {\n return {\n signInUrl: userConfig.signInUrl ?? defaults.signInUrl,\n signUpUrl: userConfig.signUpUrl ?? defaults.signUpUrl,\n afterSignInUrl: userConfig.afterSignInUrl ?? defaults.afterSignInUrl,\n afterSignOutUrl: userConfig.afterSignOutUrl ?? defaults.afterSignOutUrl,\n apiUrl:\n userConfig.apiUrl ??\n process.env.INAI_API_URL ??\n process.env.NEXT_PUBLIC_INAI_API_URL ??\n defaults.apiUrl,\n publishableKey:\n userConfig.publishableKey ??\n process.env.NEXT_PUBLIC_INAI_PUBLISHABLE_KEY ??\n defaults.publishableKey,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type {\n InAIAuthConfig,\n TokenPair,\n UserResource,\n LoginResult,\n} from \"@inai-dev/types\";\nimport {\n setAuthCookies,\n clearAuthCookies,\n getRefreshTokenFromCookies,\n} from \"./cookies\";\n\nexport function createAuthRoutes(config: InAIAuthConfig) {\n const client = new InAIAuthClient(config);\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = (await client.login({\n email: body.email,\n password: body.password,\n })) as LoginResult & { user?: UserResource };\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = (result as { user?: UserResource }).user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const tokens = await client.mfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const { data: user } = await client.getMe(tokens.access_token);\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n\n if (!refreshToken) {\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.refresh(refreshToken);\n const { data: user } = await client.getMe(tokens.access_token);\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleRegister(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.register({\n email: body.email,\n password: body.password,\n firstName: body.firstName,\n lastName: body.lastName,\n });\n\n if (!result.access_token) {\n return NextResponse.json({\n needs_email_verification: true,\n user: result.user,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = result.user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"Registration failed\";\n return NextResponse.json({ error: message }, { status: 400 });\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n if (refreshToken) {\n await client.logout(refreshToken).catch(() => {});\n }\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"register\":\n return handleRegister(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type { InAIAuthConfig, TokenPair, PlatformUserResource } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n} from \"@inai-dev/shared\";\n\nexport function createPlatformAuthRoutes(config: InAIAuthConfig) {\n const client = new InAIAuthClient(config);\n const isProduction = process.env.NODE_ENV === \"production\";\n\n function setPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n tokens: TokenPair,\n user?: PlatformUserResource,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n if (user) {\n const expiresAt = Date.now() + tokens.expires_in * 1000;\n cookieStore.set(\n COOKIE_AUTH_SESSION,\n JSON.stringify({ user, expiresAt }),\n {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n },\n );\n }\n }\n\n function clearPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n }\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformLogin({\n email: body.email,\n password: body.password,\n });\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformMfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n\n if (!refreshToken) {\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.platformRefresh(refreshToken);\n const { data: user } = await client.platformGetMe(\n tokens.access_token,\n );\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n await client.platformLogout(refreshToken).catch(() => {});\n }\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAAAA,kBAAwB;AACxB,wBAAyB;AAOzB,IAAAC,kBAA+B;AAC/B,IAAAC,iBAAmD;;;ACRnD,oBAKO;AAEP,IAAAC,iBAIO;AAEP,IAAAA,iBAAmD;AAiB5C,SAAS,eACd,aACA,QACA,MACM;AACN,QAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,QAAM,aAAS,gCAAiB,OAAO,YAAY;AACnD,QAAM,YAAY,SACd,IAAI,KAAK,OAAO,MAAM,GAAI,EAAE,YAAY,IACxC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,aAAa,GAAI,EAAE,YAAY;AAEhE,cAAY,IAAI,iCAAmB,OAAO,cAAc;AAAA,IACtD,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AAED,cAAY,IAAI,oCAAsB,OAAO,eAAe;AAAA,IAC1D,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,IAAI,KAAK,KAAK;AAAA,EACxB,CAAC;AAED,QAAM,cAA2B;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,OAAO,QAAQ;AAAA,IACf,SAAS,QAAQ;AAAA,IACjB,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,EACjB;AACA,cAAY,IAAI,mCAAqB,KAAK,UAAU,WAAW,GAAG;AAAA,IAChE,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AACH;AAEO,SAAS,iBACd,aACM;AACN,QAAM,OAAO,EAAE,MAAM,KAAK,QAAQ,EAAE;AACpC,cAAY,IAAI,iCAAmB,IAAI,IAAI;AAC3C,cAAY,IAAI,oCAAsB,IAAI,EAAE,GAAG,MAAM,MAAM,YAAY,CAAC;AACxE,cAAY,IAAI,mCAAqB,IAAI,IAAI;AAC/C;AAEO,SAAS,wBACd,aACe;AACf,SAAO,YAAY,IAAI,+BAAiB,GAAG,SAAS;AACtD;AAEO,SAAS,2BACd,aACe;AACf,SAAO,YAAY,IAAI,kCAAoB,GAAG,SAAS;AACzD;AAEO,SAAS,sBACd,aACoB;AACpB,QAAM,MAAM,YAAY,IAAI,iCAAmB,GAAG;AAClD,MAAI,CAAC,IAAK,QAAO;AACjB,MAAI;AACF,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACvGA,IAAM,WAA2B;AAAA,EAC/B,WAAW;AAAA,EACX,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,iBAAiB;AAAA,EACjB,QAAQ;AAAA,EACR,gBAAgB;AAClB;AAEA,IAAI,aAAyC,CAAC;AAEvC,SAAS,cAAc,QAAiC;AAC7D,eAAa;AACf;AAEO,SAAS,gBAAgC;AAC9C,SAAO;AAAA,IACL,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,gBAAgB,WAAW,kBAAkB,SAAS;AAAA,IACtD,iBAAiB,WAAW,mBAAmB,SAAS;AAAA,IACxD,QACE,WAAW,UACX,QAAQ,IAAI,gBACZ,QAAQ,IAAI,4BACZ,SAAS;AAAA,IACX,gBACE,WAAW,kBACX,QAAQ,IAAI,oCACZ,SAAS;AAAA,EACb;AACF;;;ACnCA,qBAAwB;AACxB,oBAA6B;AAE7B,qBAA+B;AAaxB,SAAS,iBAAiB,QAAwB;AACvD,QAAM,SAAS,IAAI,8BAAe,MAAM;AAExC,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAU,MAAM,OAAO,MAAM;AAAA,QACjC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,2BAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAa,OAAmC;AACtD,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,aAAa;AAAA,QACvC,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAE3D,UAAI,CAAC,cAAc;AACjB,yBAAiB,WAAW;AAC5B,eAAO,2BAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,QAAQ,YAAY;AAChD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,UAAM,wBAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,2BAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe,KAAkB;AAC9C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,SAAS;AAAA,QACnC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,CAAC,OAAO,cAAc;AACxB,eAAO,2BAAa,KAAK;AAAA,UACvB,0BAA0B;AAAA,UAC1B,MAAM,OAAO;AAAA,QACf,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAY,OAAO;AACzB,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAC3D,UAAI,cAAc;AAChB,cAAM,OAAO,OAAO,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAClD;AACA,uBAAiB,WAAW;AAC5B,aAAO,2BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,UAAM,wBAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,2BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,eAAe,GAAG;AAAA,QAC3B,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,2BAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AC7KA,IAAAC,kBAAwB;AACxB,IAAAC,iBAA6B;AAE7B,IAAAC,kBAA+B;AAE/B,IAAAC,iBAIO;AAEA,SAAS,yBAAyB,QAAwB;AAC/D,QAAM,SAAS,IAAI,+BAAe,MAAM;AACxC,QAAM,eAAe,QAAQ,IAAI,aAAa;AAE9C,WAAS,mBACP,aACA,QACA,MACA;AACA,gBAAY,IAAI,kCAAmB,OAAO,cAAc;AAAA,MACtD,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,OAAO;AAAA,IACjB,CAAC;AACD,gBAAY,IAAI,qCAAsB,OAAO,eAAe;AAAA,MAC1D,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,IAAI,KAAK,KAAK;AAAA,IACxB,CAAC;AACD,QAAI,MAAM;AACR,YAAM,YAAY,KAAK,IAAI,IAAI,OAAO,aAAa;AACnD,kBAAY;AAAA,QACV;AAAA,QACA,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAAA,QAClC;AAAA,UACE,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,OAAO;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,WAAS,qBACP,aACA;AACA,gBAAY,IAAI,kCAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAC/D,gBAAY,IAAI,qCAAsB,IAAI;AAAA,MACxC,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,gBAAY,IAAI,oCAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAAA,EACnE;AAEA,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,4BAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,UAAM,yBAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,4BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,qBAAqB;AAAA,QAC/C,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,UAAM,yBAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,4BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,UAAM,yBAAQ;AAClC,YAAM,eAAe,YAAY,IAAI,mCAAoB,GAAG;AAE5D,UAAI,CAAC,cAAc;AACjB,6BAAqB,WAAW;AAChC,eAAO,4BAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,gBAAgB,YAAY;AACxD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO;AAAA,QAClC,OAAO;AAAA,MACT;AACA,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,UAAM,yBAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAO,4BAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,UAAM,yBAAQ;AAClC,YAAM,eAAe,YAAY,IAAI,mCAAoB,GAAG;AAC5D,UAAI,cAAc;AAChB,cAAM,OAAO,eAAe,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAC1D;AACA,2BAAqB,WAAW;AAChC,aAAO,4BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,UAAM,yBAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAO,4BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,4BAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AJlKA,eAAsB,OAAkC;AACtD,QAAM,cAAc,UAAM,yBAAQ;AAClC,QAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAM,SAAS,cAAc;AAE7B,WAAS,iBAAiB,MAAqC;AAC7D,UAAM,WAAW,MAAM;AACvB,UAAM,MAAM,WACR,GAAG,OAAO,SAAS,aAAa,mBAAmB,QAAQ,CAAC,KAC5D,OAAO;AACX,oCAAS,GAAG;AAAA,EACd;AAEA,MAAI,CAAC,aAAS,+BAAe,KAAK,GAAG;AACnC,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,aAAS,mCAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAE3C,QAAM,MAAM,CAAC,WAAmD;AAC9D,QAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,QAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,aAAO;AACT,WAAO;AAAA,EACT;AAEA,QAAM,eAAoC;AAAA,IACxC,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,YAAY;AAAA,IACZ,UAAU,YAAY;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB;AAAA,IACA,SAAS,CAAC,WAIJ;AACJ,UAAI,QAAQ,QAAQ,QAAQ,YAAY;AACtC,YAAI,CAAC,IAAI,EAAE,MAAM,OAAO,MAAM,YAAY,OAAO,WAAW,CAAC,GAAG;AAC9D,0CAAS,OAAO,cAAc,eAAe;AAAA,QAC/C;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,YACpB,MAC8B;AAC9B,QAAM,cAAc,UAAM,yBAAQ;AAElC,MAAI,MAAM,OAAO;AACf,UAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAI,CAAC,aAAS,+BAAe,KAAK,EAAG,QAAO;AAE5C,UAAM,SAAS,cAAc;AAC7B,QAAI,CAAC,OAAO,UAAU,CAAC,OAAO,gBAAgB;AAC5C,YAAMC,WAAU,sBAAsB,WAAW;AACjD,aAAOA,UAAS,QAAQ;AAAA,IAC1B;AAEA,UAAM,SAAS,IAAI,+BAAe;AAAA,MAChC,QAAQ,OAAO;AAAA,MACf,gBAAgB,OAAO;AAAA,IACzB,CAAC;AACD,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,OAAO,MAAM,KAAK;AACzC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,UAAU,sBAAsB,WAAW;AACjD,SAAO,SAAS,QAAQ;AAC1B;","names":["import_headers","import_backend","import_shared","import_shared","import_headers","import_server","import_backend","import_shared","session"]}
1
+ {"version":3,"sources":["../src/server.ts","../src/cookies.ts","../src/config.ts","../src/api-routes.ts","../src/platform-api-routes.ts"],"sourcesContent":["import { cookies } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n PlatformUserResource,\n} from \"@inai-dev/types\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\nimport {\n getAuthTokenFromCookies,\n getSessionFromCookies,\n} from \"./cookies\";\nimport { getAuthConfig } from \"./config\";\n\nexport { createAuthRoutes } from \"./api-routes\";\nexport { createPlatformAuthRoutes } from \"./platform-api-routes\";\nexport { configureAuth, getAuthConfig } from \"./config\";\nexport { setAuthCookies, clearAuthCookies, getRefreshTokenFromCookies, getAuthTokenFromCookies } from \"./cookies\";\n\nexport async function auth(): Promise<ServerAuthObject> {\n const cookieStore = await cookies();\n const token = getAuthTokenFromCookies(cookieStore);\n const config = getAuthConfig();\n\n function redirectToSignIn(opts?: { returnTo?: string }): never {\n const returnTo = opts?.returnTo;\n const url = returnTo\n ? `${config.signInUrl}?returnTo=${encodeURIComponent(returnTo)}`\n : config.signInUrl;\n redirect(url);\n }\n\n if (!token || isTokenExpired(token)) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n\n const has = (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n };\n\n const protectedObj: ProtectedAuthObject = {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n isSignedIn: true,\n getToken: async () => token,\n has,\n };\n\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has,\n protect: (params?: {\n role?: string;\n permission?: string;\n redirectTo?: string;\n }) => {\n if (params?.role || params?.permission) {\n if (!has({ role: params.role, permission: params.permission })) {\n redirect(params.redirectTo ?? \"/unauthorized\");\n }\n }\n return protectedObj;\n },\n redirectToSignIn,\n };\n}\n\nexport async function currentUser(\n opts?: { fresh?: boolean },\n): Promise<UserResource | PlatformUserResource | null> {\n const cookieStore = await cookies();\n\n if (opts?.fresh) {\n const token = getAuthTokenFromCookies(cookieStore);\n if (!token || isTokenExpired(token)) return null;\n\n const config = getAuthConfig();\n if (!config.apiUrl || !config.publishableKey) {\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n }\n\n const client = new InAIAuthClient({\n apiUrl: config.apiUrl,\n publishableKey: config.publishableKey,\n });\n try {\n const { data } = await client.getMe(token);\n return data;\n } catch {\n return null;\n }\n }\n\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n}\n","import type { UserResource, PlatformUserResource, JWTClaims, TokenPair } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n decodeJWTPayload,\n} from \"@inai-dev/shared\";\n\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\nexport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\n\ninterface CookieStore {\n get(name: string): { value: string } | undefined;\n set(name: string, value: string, options?: Record<string, unknown>): void;\n}\n\ninterface SessionData {\n user: UserResource | PlatformUserResource;\n expiresAt: string;\n permissions?: string[];\n orgId?: string;\n orgRole?: string;\n appId?: string;\n envId?: string;\n}\n\nexport function setAuthCookies(\n cookieStore: CookieStore,\n tokens: TokenPair,\n user: UserResource | PlatformUserResource,\n): void {\n const isProduction = process.env.NODE_ENV === \"production\";\n const claims = decodeJWTPayload(tokens.access_token);\n const expiresAt = claims\n ? new Date(claims.exp * 1000).toISOString()\n : new Date(Date.now() + tokens.expires_in * 1000).toISOString();\n\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n\n const sessionData: SessionData = {\n user,\n expiresAt,\n permissions: claims?.permissions ?? [],\n orgId: claims?.org_id,\n orgRole: claims?.org_role,\n appId: claims?.app_id,\n envId: claims?.env_id,\n };\n cookieStore.set(COOKIE_AUTH_SESSION, JSON.stringify(sessionData), {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n}\n\nexport function clearAuthCookies(\n cookieStore: CookieStore,\n): void {\n const opts = { path: \"/\", maxAge: 0 };\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", opts);\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", { ...opts, path: \"/api/auth\" });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", opts);\n}\n\nexport function getAuthTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_AUTH_TOKEN)?.value ?? null;\n}\n\nexport function getRefreshTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_REFRESH_TOKEN)?.value ?? null;\n}\n\nexport function getSessionFromCookies(\n cookieStore: CookieStore,\n): SessionData | null {\n const raw = cookieStore.get(COOKIE_AUTH_SESSION)?.value;\n if (!raw) return null;\n try {\n return JSON.parse(raw) as SessionData;\n } catch {\n return null;\n }\n}\n","import type { InAIAuthSDKConfig } from \"@inai-dev/types\";\n\ntype ResolvedConfig = Required<InAIAuthSDKConfig>;\n\nconst defaults: ResolvedConfig = {\n signInUrl: \"/login\",\n signUpUrl: \"/register\",\n afterSignInUrl: \"/\",\n afterSignOutUrl: \"/login\",\n apiUrl: \"\",\n publishableKey: \"\",\n};\n\nlet userConfig: Partial<InAIAuthSDKConfig> = {};\n\nexport function configureAuth(config: InAIAuthSDKConfig): void {\n userConfig = config;\n}\n\nexport function getAuthConfig(): ResolvedConfig {\n return {\n signInUrl: userConfig.signInUrl ?? defaults.signInUrl,\n signUpUrl: userConfig.signUpUrl ?? defaults.signUpUrl,\n afterSignInUrl: userConfig.afterSignInUrl ?? defaults.afterSignInUrl,\n afterSignOutUrl: userConfig.afterSignOutUrl ?? defaults.afterSignOutUrl,\n apiUrl:\n userConfig.apiUrl ??\n process.env.INAI_API_URL ??\n process.env.NEXT_PUBLIC_INAI_API_URL ??\n defaults.apiUrl,\n publishableKey:\n userConfig.publishableKey ??\n process.env.NEXT_PUBLIC_INAI_PUBLISHABLE_KEY ??\n defaults.publishableKey,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type {\n InAIAuthConfig,\n TokenPair,\n UserResource,\n LoginResult,\n} from \"@inai-dev/types\";\nimport {\n setAuthCookies,\n clearAuthCookies,\n getRefreshTokenFromCookies,\n} from \"./cookies\";\n\nexport function createAuthRoutes(config: InAIAuthConfig = {}) {\n const client = new InAIAuthClient(config);\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = (await client.login({\n email: body.email,\n password: body.password,\n })) as LoginResult & { user?: UserResource };\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = (result as { user?: UserResource }).user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const tokens = await client.mfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const { data: user } = await client.getMe(tokens.access_token);\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n\n if (!refreshToken) {\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.refresh(refreshToken);\n const { data: user } = await client.getMe(tokens.access_token);\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleRegister(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.register({\n email: body.email,\n password: body.password,\n firstName: body.firstName,\n lastName: body.lastName,\n });\n\n if (!result.access_token) {\n return NextResponse.json({\n needs_email_verification: true,\n user: result.user,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = result.user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"Registration failed\";\n return NextResponse.json({ error: message }, { status: 400 });\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n if (refreshToken) {\n await client.logout(refreshToken).catch(() => {});\n }\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"register\":\n return handleRegister(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type { InAIAuthConfig, TokenPair, PlatformUserResource } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n} from \"@inai-dev/shared\";\n\nexport function createPlatformAuthRoutes(config: InAIAuthConfig = {}) {\n const client = new InAIAuthClient(config);\n const isProduction = process.env.NODE_ENV === \"production\";\n\n function setPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n tokens: TokenPair,\n user?: PlatformUserResource,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n if (user) {\n const expiresAt = Date.now() + tokens.expires_in * 1000;\n cookieStore.set(\n COOKIE_AUTH_SESSION,\n JSON.stringify({ user, expiresAt }),\n {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n },\n );\n }\n }\n\n function clearPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n }\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformLogin({\n email: body.email,\n password: body.password,\n });\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformMfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n\n if (!refreshToken) {\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.platformRefresh(refreshToken);\n const { data: user } = await client.platformGetMe(\n tokens.access_token,\n );\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n await client.platformLogout(refreshToken).catch(() => {});\n }\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAAAA,kBAAwB;AACxB,wBAAyB;AAQzB,IAAAC,kBAA+B;AAC/B,IAAAC,iBAAmD;;;ACTnD,oBAKO;AAEP,IAAAC,iBAIO;AAEP,IAAAA,iBAAmD;AAiB5C,SAAS,eACd,aACA,QACA,MACM;AACN,QAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,QAAM,aAAS,gCAAiB,OAAO,YAAY;AACnD,QAAM,YAAY,SACd,IAAI,KAAK,OAAO,MAAM,GAAI,EAAE,YAAY,IACxC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,aAAa,GAAI,EAAE,YAAY;AAEhE,cAAY,IAAI,iCAAmB,OAAO,cAAc;AAAA,IACtD,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AAED,cAAY,IAAI,oCAAsB,OAAO,eAAe;AAAA,IAC1D,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,IAAI,KAAK,KAAK;AAAA,EACxB,CAAC;AAED,QAAM,cAA2B;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,OAAO,QAAQ;AAAA,IACf,SAAS,QAAQ;AAAA,IACjB,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,EACjB;AACA,cAAY,IAAI,mCAAqB,KAAK,UAAU,WAAW,GAAG;AAAA,IAChE,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AACH;AAEO,SAAS,iBACd,aACM;AACN,QAAM,OAAO,EAAE,MAAM,KAAK,QAAQ,EAAE;AACpC,cAAY,IAAI,iCAAmB,IAAI,IAAI;AAC3C,cAAY,IAAI,oCAAsB,IAAI,EAAE,GAAG,MAAM,MAAM,YAAY,CAAC;AACxE,cAAY,IAAI,mCAAqB,IAAI,IAAI;AAC/C;AAEO,SAAS,wBACd,aACe;AACf,SAAO,YAAY,IAAI,+BAAiB,GAAG,SAAS;AACtD;AAEO,SAAS,2BACd,aACe;AACf,SAAO,YAAY,IAAI,kCAAoB,GAAG,SAAS;AACzD;AAEO,SAAS,sBACd,aACoB;AACpB,QAAM,MAAM,YAAY,IAAI,iCAAmB,GAAG;AAClD,MAAI,CAAC,IAAK,QAAO;AACjB,MAAI;AACF,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACvGA,IAAM,WAA2B;AAAA,EAC/B,WAAW;AAAA,EACX,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,iBAAiB;AAAA,EACjB,QAAQ;AAAA,EACR,gBAAgB;AAClB;AAEA,IAAI,aAAyC,CAAC;AAEvC,SAAS,cAAc,QAAiC;AAC7D,eAAa;AACf;AAEO,SAAS,gBAAgC;AAC9C,SAAO;AAAA,IACL,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,gBAAgB,WAAW,kBAAkB,SAAS;AAAA,IACtD,iBAAiB,WAAW,mBAAmB,SAAS;AAAA,IACxD,QACE,WAAW,UACX,QAAQ,IAAI,gBACZ,QAAQ,IAAI,4BACZ,SAAS;AAAA,IACX,gBACE,WAAW,kBACX,QAAQ,IAAI,oCACZ,SAAS;AAAA,EACb;AACF;;;ACnCA,qBAAwB;AACxB,oBAA6B;AAE7B,qBAA+B;AAaxB,SAAS,iBAAiB,SAAyB,CAAC,GAAG;AAC5D,QAAM,SAAS,IAAI,8BAAe,MAAM;AAExC,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAU,MAAM,OAAO,MAAM;AAAA,QACjC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,2BAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAa,OAAmC;AACtD,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,aAAa;AAAA,QACvC,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAE3D,UAAI,CAAC,cAAc;AACjB,yBAAiB,WAAW;AAC5B,eAAO,2BAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,QAAQ,YAAY;AAChD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,UAAM,wBAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,2BAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe,KAAkB;AAC9C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,SAAS;AAAA,QACnC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,CAAC,OAAO,cAAc;AACxB,eAAO,2BAAa,KAAK;AAAA,UACvB,0BAA0B;AAAA,UAC1B,MAAM,OAAO;AAAA,QACf,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAY,OAAO;AACzB,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAC3D,UAAI,cAAc;AAChB,cAAM,OAAO,OAAO,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAClD;AACA,uBAAiB,WAAW;AAC5B,aAAO,2BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,UAAM,wBAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,2BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,eAAe,GAAG;AAAA,QAC3B,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,2BAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AC7KA,IAAAC,kBAAwB;AACxB,IAAAC,iBAA6B;AAE7B,IAAAC,kBAA+B;AAE/B,IAAAC,iBAIO;AAEA,SAAS,yBAAyB,SAAyB,CAAC,GAAG;AACpE,QAAM,SAAS,IAAI,+BAAe,MAAM;AACxC,QAAM,eAAe,QAAQ,IAAI,aAAa;AAE9C,WAAS,mBACP,aACA,QACA,MACA;AACA,gBAAY,IAAI,kCAAmB,OAAO,cAAc;AAAA,MACtD,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,OAAO;AAAA,IACjB,CAAC;AACD,gBAAY,IAAI,qCAAsB,OAAO,eAAe;AAAA,MAC1D,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,IAAI,KAAK,KAAK;AAAA,IACxB,CAAC;AACD,QAAI,MAAM;AACR,YAAM,YAAY,KAAK,IAAI,IAAI,OAAO,aAAa;AACnD,kBAAY;AAAA,QACV;AAAA,QACA,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAAA,QAClC;AAAA,UACE,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,OAAO;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,WAAS,qBACP,aACA;AACA,gBAAY,IAAI,kCAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAC/D,gBAAY,IAAI,qCAAsB,IAAI;AAAA,MACxC,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,gBAAY,IAAI,oCAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAAA,EACnE;AAEA,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,4BAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,UAAM,yBAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,4BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,qBAAqB;AAAA,QAC/C,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,UAAM,yBAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,4BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,UAAM,yBAAQ;AAClC,YAAM,eAAe,YAAY,IAAI,mCAAoB,GAAG;AAE5D,UAAI,CAAC,cAAc;AACjB,6BAAqB,WAAW;AAChC,eAAO,4BAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,gBAAgB,YAAY;AACxD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO;AAAA,QAClC,OAAO;AAAA,MACT;AACA,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,UAAM,yBAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAO,4BAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,UAAM,yBAAQ;AAClC,YAAM,eAAe,YAAY,IAAI,mCAAoB,GAAG;AAC5D,UAAI,cAAc;AAChB,cAAM,OAAO,eAAe,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAC1D;AACA,2BAAqB,WAAW;AAChC,aAAO,4BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,UAAM,yBAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAO,4BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,4BAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AJhKA,eAAsB,OAAkC;AACtD,QAAM,cAAc,UAAM,yBAAQ;AAClC,QAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAM,SAAS,cAAc;AAE7B,WAAS,iBAAiB,MAAqC;AAC7D,UAAM,WAAW,MAAM;AACvB,UAAM,MAAM,WACR,GAAG,OAAO,SAAS,aAAa,mBAAmB,QAAQ,CAAC,KAC5D,OAAO;AACX,oCAAS,GAAG;AAAA,EACd;AAEA,MAAI,CAAC,aAAS,+BAAe,KAAK,GAAG;AACnC,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,aAAS,mCAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAE3C,QAAM,MAAM,CAAC,WAAmD;AAC9D,QAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,QAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,aAAO;AACT,WAAO;AAAA,EACT;AAEA,QAAM,eAAoC;AAAA,IACxC,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,YAAY;AAAA,IACZ,UAAU,YAAY;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB;AAAA,IACA,SAAS,CAAC,WAIJ;AACJ,UAAI,QAAQ,QAAQ,QAAQ,YAAY;AACtC,YAAI,CAAC,IAAI,EAAE,MAAM,OAAO,MAAM,YAAY,OAAO,WAAW,CAAC,GAAG;AAC9D,0CAAS,OAAO,cAAc,eAAe;AAAA,QAC/C;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,YACpB,MACqD;AACrD,QAAM,cAAc,UAAM,yBAAQ;AAElC,MAAI,MAAM,OAAO;AACf,UAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAI,CAAC,aAAS,+BAAe,KAAK,EAAG,QAAO;AAE5C,UAAM,SAAS,cAAc;AAC7B,QAAI,CAAC,OAAO,UAAU,CAAC,OAAO,gBAAgB;AAC5C,YAAMC,WAAU,sBAAsB,WAAW;AACjD,aAAOA,UAAS,QAAQ;AAAA,IAC1B;AAEA,UAAM,SAAS,IAAI,+BAAe;AAAA,MAChC,QAAQ,OAAO;AAAA,MACf,gBAAgB,OAAO;AAAA,IACzB,CAAC;AACD,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,OAAO,MAAM,KAAK;AACzC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,UAAU,sBAAsB,WAAW;AACjD,SAAO,SAAS,QAAQ;AAC1B;","names":["import_headers","import_backend","import_shared","import_shared","import_headers","import_server","import_backend","import_shared","session"]}
package/dist/server.d.cts CHANGED
@@ -1,7 +1,7 @@
1
- import { InAIAuthConfig, UserResource, PlatformUserResource, InAIAuthSDKConfig, ServerAuthObject } from '@inai-dev/types';
1
+ import { InAIAuthConfig, UserResource, PlatformUserResource, InAIAuthSDKConfig, TokenPair, ServerAuthObject } from '@inai-dev/types';
2
2
  import { NextRequest, NextResponse } from 'next/server';
3
3
 
4
- declare function createAuthRoutes(config: InAIAuthConfig): {
4
+ declare function createAuthRoutes(config?: InAIAuthConfig): {
5
5
  GET: (req: NextRequest, context: {
6
6
  params: Promise<{
7
7
  inai: string[];
@@ -38,7 +38,7 @@ declare function createAuthRoutes(config: InAIAuthConfig): {
38
38
  }>>;
39
39
  };
40
40
 
41
- declare function createPlatformAuthRoutes(config: InAIAuthConfig): {
41
+ declare function createPlatformAuthRoutes(config?: InAIAuthConfig): {
42
42
  GET: (req: NextRequest, context: {
43
43
  params: Promise<{
44
44
  inai: string[];
@@ -73,9 +73,20 @@ type ResolvedConfig = Required<InAIAuthSDKConfig>;
73
73
  declare function configureAuth(config: InAIAuthSDKConfig): void;
74
74
  declare function getAuthConfig(): ResolvedConfig;
75
75
 
76
+ interface CookieStore {
77
+ get(name: string): {
78
+ value: string;
79
+ } | undefined;
80
+ set(name: string, value: string, options?: Record<string, unknown>): void;
81
+ }
82
+ declare function setAuthCookies(cookieStore: CookieStore, tokens: TokenPair, user: UserResource | PlatformUserResource): void;
83
+ declare function clearAuthCookies(cookieStore: CookieStore): void;
84
+ declare function getAuthTokenFromCookies(cookieStore: CookieStore): string | null;
85
+ declare function getRefreshTokenFromCookies(cookieStore: CookieStore): string | null;
86
+
76
87
  declare function auth(): Promise<ServerAuthObject>;
77
88
  declare function currentUser(opts?: {
78
89
  fresh?: boolean;
79
- }): Promise<UserResource | null>;
90
+ }): Promise<UserResource | PlatformUserResource | null>;
80
91
 
81
- export { auth, configureAuth, createAuthRoutes, createPlatformAuthRoutes, currentUser, getAuthConfig };
92
+ export { auth, clearAuthCookies, configureAuth, createAuthRoutes, createPlatformAuthRoutes, currentUser, getAuthConfig, getAuthTokenFromCookies, getRefreshTokenFromCookies, setAuthCookies };
package/dist/server.d.ts CHANGED
@@ -1,7 +1,7 @@
1
- import { InAIAuthConfig, UserResource, PlatformUserResource, InAIAuthSDKConfig, ServerAuthObject } from '@inai-dev/types';
1
+ import { InAIAuthConfig, UserResource, PlatformUserResource, InAIAuthSDKConfig, TokenPair, ServerAuthObject } from '@inai-dev/types';
2
2
  import { NextRequest, NextResponse } from 'next/server';
3
3
 
4
- declare function createAuthRoutes(config: InAIAuthConfig): {
4
+ declare function createAuthRoutes(config?: InAIAuthConfig): {
5
5
  GET: (req: NextRequest, context: {
6
6
  params: Promise<{
7
7
  inai: string[];
@@ -38,7 +38,7 @@ declare function createAuthRoutes(config: InAIAuthConfig): {
38
38
  }>>;
39
39
  };
40
40
 
41
- declare function createPlatformAuthRoutes(config: InAIAuthConfig): {
41
+ declare function createPlatformAuthRoutes(config?: InAIAuthConfig): {
42
42
  GET: (req: NextRequest, context: {
43
43
  params: Promise<{
44
44
  inai: string[];
@@ -73,9 +73,20 @@ type ResolvedConfig = Required<InAIAuthSDKConfig>;
73
73
  declare function configureAuth(config: InAIAuthSDKConfig): void;
74
74
  declare function getAuthConfig(): ResolvedConfig;
75
75
 
76
+ interface CookieStore {
77
+ get(name: string): {
78
+ value: string;
79
+ } | undefined;
80
+ set(name: string, value: string, options?: Record<string, unknown>): void;
81
+ }
82
+ declare function setAuthCookies(cookieStore: CookieStore, tokens: TokenPair, user: UserResource | PlatformUserResource): void;
83
+ declare function clearAuthCookies(cookieStore: CookieStore): void;
84
+ declare function getAuthTokenFromCookies(cookieStore: CookieStore): string | null;
85
+ declare function getRefreshTokenFromCookies(cookieStore: CookieStore): string | null;
86
+
76
87
  declare function auth(): Promise<ServerAuthObject>;
77
88
  declare function currentUser(opts?: {
78
89
  fresh?: boolean;
79
- }): Promise<UserResource | null>;
90
+ }): Promise<UserResource | PlatformUserResource | null>;
80
91
 
81
- export { auth, configureAuth, createAuthRoutes, createPlatformAuthRoutes, currentUser, getAuthConfig };
92
+ export { auth, clearAuthCookies, configureAuth, createAuthRoutes, createPlatformAuthRoutes, currentUser, getAuthConfig, getAuthTokenFromCookies, getRefreshTokenFromCookies, setAuthCookies };
package/dist/server.js CHANGED
@@ -102,7 +102,7 @@ function getAuthConfig() {
102
102
  import { cookies } from "next/headers";
103
103
  import { NextResponse } from "next/server";
104
104
  import { InAIAuthClient } from "@inai-dev/backend";
105
- function createAuthRoutes(config) {
105
+ function createAuthRoutes(config = {}) {
106
106
  const client = new InAIAuthClient(config);
107
107
  async function handleLogin(req) {
108
108
  try {
@@ -244,7 +244,7 @@ import {
244
244
  COOKIE_AUTH_SESSION as COOKIE_AUTH_SESSION3,
245
245
  COOKIE_REFRESH_TOKEN as COOKIE_REFRESH_TOKEN3
246
246
  } from "@inai-dev/shared";
247
- function createPlatformAuthRoutes(config) {
247
+ function createPlatformAuthRoutes(config = {}) {
248
248
  const client = new InAIAuthClient2(config);
249
249
  const isProduction = process.env.NODE_ENV === "production";
250
250
  function setPlatformCookies(cookieStore, tokens, user) {
@@ -502,10 +502,14 @@ async function currentUser(opts) {
502
502
  }
503
503
  export {
504
504
  auth,
505
+ clearAuthCookies,
505
506
  configureAuth,
506
507
  createAuthRoutes,
507
508
  createPlatformAuthRoutes,
508
509
  currentUser,
509
- getAuthConfig
510
+ getAuthConfig,
511
+ getAuthTokenFromCookies,
512
+ getRefreshTokenFromCookies,
513
+ setAuthCookies
510
514
  };
511
515
  //# sourceMappingURL=server.js.map
package/dist/server.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server.ts","../src/cookies.ts","../src/config.ts","../src/api-routes.ts","../src/platform-api-routes.ts"],"sourcesContent":["import { cookies } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n} from \"@inai-dev/types\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\nimport {\n getAuthTokenFromCookies,\n getSessionFromCookies,\n} from \"./cookies\";\nimport { getAuthConfig } from \"./config\";\n\nexport { createAuthRoutes } from \"./api-routes\";\nexport { createPlatformAuthRoutes } from \"./platform-api-routes\";\nexport { configureAuth, getAuthConfig } from \"./config\";\n\nexport async function auth(): Promise<ServerAuthObject> {\n const cookieStore = await cookies();\n const token = getAuthTokenFromCookies(cookieStore);\n const config = getAuthConfig();\n\n function redirectToSignIn(opts?: { returnTo?: string }): never {\n const returnTo = opts?.returnTo;\n const url = returnTo\n ? `${config.signInUrl}?returnTo=${encodeURIComponent(returnTo)}`\n : config.signInUrl;\n redirect(url);\n }\n\n if (!token || isTokenExpired(token)) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n\n const has = (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n };\n\n const protectedObj: ProtectedAuthObject = {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n isSignedIn: true,\n getToken: async () => token,\n has,\n };\n\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has,\n protect: (params?: {\n role?: string;\n permission?: string;\n redirectTo?: string;\n }) => {\n if (params?.role || params?.permission) {\n if (!has({ role: params.role, permission: params.permission })) {\n redirect(params.redirectTo ?? \"/unauthorized\");\n }\n }\n return protectedObj;\n },\n redirectToSignIn,\n };\n}\n\nexport async function currentUser(\n opts?: { fresh?: boolean },\n): Promise<UserResource | null> {\n const cookieStore = await cookies();\n\n if (opts?.fresh) {\n const token = getAuthTokenFromCookies(cookieStore);\n if (!token || isTokenExpired(token)) return null;\n\n const config = getAuthConfig();\n if (!config.apiUrl || !config.publishableKey) {\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n }\n\n const client = new InAIAuthClient({\n apiUrl: config.apiUrl,\n publishableKey: config.publishableKey,\n });\n try {\n const { data } = await client.getMe(token);\n return data;\n } catch {\n return null;\n }\n }\n\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n}\n","import type { UserResource, JWTClaims, TokenPair } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n decodeJWTPayload,\n} from \"@inai-dev/shared\";\n\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\nexport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\n\ninterface CookieStore {\n get(name: string): { value: string } | undefined;\n set(name: string, value: string, options?: Record<string, unknown>): void;\n}\n\ninterface SessionData {\n user: UserResource;\n expiresAt: string;\n permissions?: string[];\n orgId?: string;\n orgRole?: string;\n appId?: string;\n envId?: string;\n}\n\nexport function setAuthCookies(\n cookieStore: CookieStore,\n tokens: TokenPair,\n user: UserResource,\n): void {\n const isProduction = process.env.NODE_ENV === \"production\";\n const claims = decodeJWTPayload(tokens.access_token);\n const expiresAt = claims\n ? new Date(claims.exp * 1000).toISOString()\n : new Date(Date.now() + tokens.expires_in * 1000).toISOString();\n\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n\n const sessionData: SessionData = {\n user,\n expiresAt,\n permissions: claims?.permissions ?? [],\n orgId: claims?.org_id,\n orgRole: claims?.org_role,\n appId: claims?.app_id,\n envId: claims?.env_id,\n };\n cookieStore.set(COOKIE_AUTH_SESSION, JSON.stringify(sessionData), {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n}\n\nexport function clearAuthCookies(\n cookieStore: CookieStore,\n): void {\n const opts = { path: \"/\", maxAge: 0 };\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", opts);\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", { ...opts, path: \"/api/auth\" });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", opts);\n}\n\nexport function getAuthTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_AUTH_TOKEN)?.value ?? null;\n}\n\nexport function getRefreshTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_REFRESH_TOKEN)?.value ?? null;\n}\n\nexport function getSessionFromCookies(\n cookieStore: CookieStore,\n): SessionData | null {\n const raw = cookieStore.get(COOKIE_AUTH_SESSION)?.value;\n if (!raw) return null;\n try {\n return JSON.parse(raw) as SessionData;\n } catch {\n return null;\n }\n}\n","import type { InAIAuthSDKConfig } from \"@inai-dev/types\";\n\ntype ResolvedConfig = Required<InAIAuthSDKConfig>;\n\nconst defaults: ResolvedConfig = {\n signInUrl: \"/login\",\n signUpUrl: \"/register\",\n afterSignInUrl: \"/\",\n afterSignOutUrl: \"/login\",\n apiUrl: \"\",\n publishableKey: \"\",\n};\n\nlet userConfig: Partial<InAIAuthSDKConfig> = {};\n\nexport function configureAuth(config: InAIAuthSDKConfig): void {\n userConfig = config;\n}\n\nexport function getAuthConfig(): ResolvedConfig {\n return {\n signInUrl: userConfig.signInUrl ?? defaults.signInUrl,\n signUpUrl: userConfig.signUpUrl ?? defaults.signUpUrl,\n afterSignInUrl: userConfig.afterSignInUrl ?? defaults.afterSignInUrl,\n afterSignOutUrl: userConfig.afterSignOutUrl ?? defaults.afterSignOutUrl,\n apiUrl:\n userConfig.apiUrl ??\n process.env.INAI_API_URL ??\n process.env.NEXT_PUBLIC_INAI_API_URL ??\n defaults.apiUrl,\n publishableKey:\n userConfig.publishableKey ??\n process.env.NEXT_PUBLIC_INAI_PUBLISHABLE_KEY ??\n defaults.publishableKey,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type {\n InAIAuthConfig,\n TokenPair,\n UserResource,\n LoginResult,\n} from \"@inai-dev/types\";\nimport {\n setAuthCookies,\n clearAuthCookies,\n getRefreshTokenFromCookies,\n} from \"./cookies\";\n\nexport function createAuthRoutes(config: InAIAuthConfig) {\n const client = new InAIAuthClient(config);\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = (await client.login({\n email: body.email,\n password: body.password,\n })) as LoginResult & { user?: UserResource };\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = (result as { user?: UserResource }).user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const tokens = await client.mfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const { data: user } = await client.getMe(tokens.access_token);\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n\n if (!refreshToken) {\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.refresh(refreshToken);\n const { data: user } = await client.getMe(tokens.access_token);\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleRegister(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.register({\n email: body.email,\n password: body.password,\n firstName: body.firstName,\n lastName: body.lastName,\n });\n\n if (!result.access_token) {\n return NextResponse.json({\n needs_email_verification: true,\n user: result.user,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = result.user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"Registration failed\";\n return NextResponse.json({ error: message }, { status: 400 });\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n if (refreshToken) {\n await client.logout(refreshToken).catch(() => {});\n }\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"register\":\n return handleRegister(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type { InAIAuthConfig, TokenPair, PlatformUserResource } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n} from \"@inai-dev/shared\";\n\nexport function createPlatformAuthRoutes(config: InAIAuthConfig) {\n const client = new InAIAuthClient(config);\n const isProduction = process.env.NODE_ENV === \"production\";\n\n function setPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n tokens: TokenPair,\n user?: PlatformUserResource,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n if (user) {\n const expiresAt = Date.now() + tokens.expires_in * 1000;\n cookieStore.set(\n COOKIE_AUTH_SESSION,\n JSON.stringify({ user, expiresAt }),\n {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n },\n );\n }\n }\n\n function clearPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n }\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformLogin({\n email: body.email,\n password: body.password,\n });\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformMfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n\n if (!refreshToken) {\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.platformRefresh(refreshToken);\n const { data: user } = await client.platformGetMe(\n tokens.access_token,\n );\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n await client.platformLogout(refreshToken).catch(() => {});\n }\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n"],"mappings":";AAAA,SAAS,WAAAA,gBAAe;AACxB,SAAS,gBAAgB;AAOzB,SAAS,kBAAAC,uBAAsB;AAC/B,SAAS,kBAAAC,iBAAgB,sBAAAC,2BAA0B;;;ACRnD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE,qBAAAC;AAAA,EACA,wBAAAC;AAAA,EACA,uBAAAC;AAAA,OACK;AAEP,SAAS,gBAAgB,0BAA0B;AAiB5C,SAAS,eACd,aACA,QACA,MACM;AACN,QAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,QAAM,SAAS,iBAAiB,OAAO,YAAY;AACnD,QAAM,YAAY,SACd,IAAI,KAAK,OAAO,MAAM,GAAI,EAAE,YAAY,IACxC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,aAAa,GAAI,EAAE,YAAY;AAEhE,cAAY,IAAI,mBAAmB,OAAO,cAAc;AAAA,IACtD,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AAED,cAAY,IAAI,sBAAsB,OAAO,eAAe;AAAA,IAC1D,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,IAAI,KAAK,KAAK;AAAA,EACxB,CAAC;AAED,QAAM,cAA2B;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,OAAO,QAAQ;AAAA,IACf,SAAS,QAAQ;AAAA,IACjB,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,EACjB;AACA,cAAY,IAAI,qBAAqB,KAAK,UAAU,WAAW,GAAG;AAAA,IAChE,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AACH;AAEO,SAAS,iBACd,aACM;AACN,QAAM,OAAO,EAAE,MAAM,KAAK,QAAQ,EAAE;AACpC,cAAY,IAAI,mBAAmB,IAAI,IAAI;AAC3C,cAAY,IAAI,sBAAsB,IAAI,EAAE,GAAG,MAAM,MAAM,YAAY,CAAC;AACxE,cAAY,IAAI,qBAAqB,IAAI,IAAI;AAC/C;AAEO,SAAS,wBACd,aACe;AACf,SAAO,YAAY,IAAI,iBAAiB,GAAG,SAAS;AACtD;AAEO,SAAS,2BACd,aACe;AACf,SAAO,YAAY,IAAI,oBAAoB,GAAG,SAAS;AACzD;AAEO,SAAS,sBACd,aACoB;AACpB,QAAM,MAAM,YAAY,IAAI,mBAAmB,GAAG;AAClD,MAAI,CAAC,IAAK,QAAO;AACjB,MAAI;AACF,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACvGA,IAAM,WAA2B;AAAA,EAC/B,WAAW;AAAA,EACX,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,iBAAiB;AAAA,EACjB,QAAQ;AAAA,EACR,gBAAgB;AAClB;AAEA,IAAI,aAAyC,CAAC;AAEvC,SAAS,cAAc,QAAiC;AAC7D,eAAa;AACf;AAEO,SAAS,gBAAgC;AAC9C,SAAO;AAAA,IACL,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,gBAAgB,WAAW,kBAAkB,SAAS;AAAA,IACtD,iBAAiB,WAAW,mBAAmB,SAAS;AAAA,IACxD,QACE,WAAW,UACX,QAAQ,IAAI,gBACZ,QAAQ,IAAI,4BACZ,SAAS;AAAA,IACX,gBACE,WAAW,kBACX,QAAQ,IAAI,oCACZ,SAAS;AAAA,EACb;AACF;;;ACnCA,SAAS,eAAe;AACxB,SAAS,oBAAoB;AAE7B,SAAS,sBAAsB;AAaxB,SAAS,iBAAiB,QAAwB;AACvD,QAAM,SAAS,IAAI,eAAe,MAAM;AAExC,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAU,MAAM,OAAO,MAAM;AAAA,QACjC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,aAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAa,OAAmC;AACtD,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,MAAM,QAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,aAAa;AAAA,QACvC,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,YAAM,cAAc,MAAM,QAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAE3D,UAAI,CAAC,cAAc;AACjB,yBAAiB,WAAW;AAC5B,eAAO,aAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,QAAQ,YAAY;AAChD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,MAAM,QAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,aAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe,KAAkB;AAC9C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,SAAS;AAAA,QACnC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,CAAC,OAAO,cAAc;AACxB,eAAO,aAAa,KAAK;AAAA,UACvB,0BAA0B;AAAA,UAC1B,MAAM,OAAO;AAAA,QACf,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAY,OAAO;AACzB,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,MAAM,QAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAC3D,UAAI,cAAc;AAChB,cAAM,OAAO,OAAO,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAClD;AACA,uBAAiB,WAAW;AAC5B,aAAO,aAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,MAAM,QAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,aAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,eAAe,GAAG;AAAA,QAC3B,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AC7KA,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAE7B,SAAS,kBAAAC,uBAAsB;AAE/B;AAAA,EACE,qBAAAC;AAAA,EACA,uBAAAC;AAAA,EACA,wBAAAC;AAAA,OACK;AAEA,SAAS,yBAAyB,QAAwB;AAC/D,QAAM,SAAS,IAAIH,gBAAe,MAAM;AACxC,QAAM,eAAe,QAAQ,IAAI,aAAa;AAE9C,WAAS,mBACP,aACA,QACA,MACA;AACA,gBAAY,IAAIC,oBAAmB,OAAO,cAAc;AAAA,MACtD,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,OAAO;AAAA,IACjB,CAAC;AACD,gBAAY,IAAIE,uBAAsB,OAAO,eAAe;AAAA,MAC1D,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,IAAI,KAAK,KAAK;AAAA,IACxB,CAAC;AACD,QAAI,MAAM;AACR,YAAM,YAAY,KAAK,IAAI,IAAI,OAAO,aAAa;AACnD,kBAAY;AAAA,QACVD;AAAA,QACA,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAAA,QAClC;AAAA,UACE,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,OAAO;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,WAAS,qBACP,aACA;AACA,gBAAY,IAAID,oBAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAC/D,gBAAY,IAAIE,uBAAsB,IAAI;AAAA,MACxC,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,gBAAY,IAAID,sBAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAAA,EACnE;AAEA,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAOH,cAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,MAAMD,SAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAOC,cAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAOA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,qBAAqB;AAAA,QAC/C,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,MAAMD,SAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAOC,cAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAOA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,MAAMD,SAAQ;AAClC,YAAM,eAAe,YAAY,IAAIK,qBAAoB,GAAG;AAE5D,UAAI,CAAC,cAAc;AACjB,6BAAqB,WAAW;AAChC,eAAOJ,cAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,gBAAgB,YAAY;AACxD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO;AAAA,QAClC,OAAO;AAAA,MACT;AACA,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAOA,cAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,MAAMD,SAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAOC,cAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,MAAMD,SAAQ;AAClC,YAAM,eAAe,YAAY,IAAIK,qBAAoB,GAAG;AAC5D,UAAI,cAAc;AAChB,cAAM,OAAO,eAAe,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAC1D;AACA,2BAAqB,WAAW;AAChC,aAAOJ,cAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,MAAMD,SAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAOC,cAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAOA,cAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AJlKA,eAAsB,OAAkC;AACtD,QAAM,cAAc,MAAMK,SAAQ;AAClC,QAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAM,SAAS,cAAc;AAE7B,WAAS,iBAAiB,MAAqC;AAC7D,UAAM,WAAW,MAAM;AACvB,UAAM,MAAM,WACR,GAAG,OAAO,SAAS,aAAa,mBAAmB,QAAQ,CAAC,KAC5D,OAAO;AACX,aAAS,GAAG;AAAA,EACd;AAEA,MAAI,CAAC,SAASC,gBAAe,KAAK,GAAG;AACnC,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAASC,oBAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAE3C,QAAM,MAAM,CAAC,WAAmD;AAC9D,QAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,QAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,aAAO;AACT,WAAO;AAAA,EACT;AAEA,QAAM,eAAoC;AAAA,IACxC,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,YAAY;AAAA,IACZ,UAAU,YAAY;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB;AAAA,IACA,SAAS,CAAC,WAIJ;AACJ,UAAI,QAAQ,QAAQ,QAAQ,YAAY;AACtC,YAAI,CAAC,IAAI,EAAE,MAAM,OAAO,MAAM,YAAY,OAAO,WAAW,CAAC,GAAG;AAC9D,mBAAS,OAAO,cAAc,eAAe;AAAA,QAC/C;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,YACpB,MAC8B;AAC9B,QAAM,cAAc,MAAMF,SAAQ;AAElC,MAAI,MAAM,OAAO;AACf,UAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAI,CAAC,SAASC,gBAAe,KAAK,EAAG,QAAO;AAE5C,UAAM,SAAS,cAAc;AAC7B,QAAI,CAAC,OAAO,UAAU,CAAC,OAAO,gBAAgB;AAC5C,YAAME,WAAU,sBAAsB,WAAW;AACjD,aAAOA,UAAS,QAAQ;AAAA,IAC1B;AAEA,UAAM,SAAS,IAAIC,gBAAe;AAAA,MAChC,QAAQ,OAAO;AAAA,MACf,gBAAgB,OAAO;AAAA,IACzB,CAAC;AACD,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,OAAO,MAAM,KAAK;AACzC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,UAAU,sBAAsB,WAAW;AACjD,SAAO,SAAS,QAAQ;AAC1B;","names":["cookies","InAIAuthClient","isTokenExpired","getClaimsFromToken","COOKIE_AUTH_TOKEN","COOKIE_REFRESH_TOKEN","COOKIE_AUTH_SESSION","cookies","NextResponse","InAIAuthClient","COOKIE_AUTH_TOKEN","COOKIE_AUTH_SESSION","COOKIE_REFRESH_TOKEN","cookies","isTokenExpired","getClaimsFromToken","session","InAIAuthClient"]}
1
+ {"version":3,"sources":["../src/server.ts","../src/cookies.ts","../src/config.ts","../src/api-routes.ts","../src/platform-api-routes.ts"],"sourcesContent":["import { cookies } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n PlatformUserResource,\n} from \"@inai-dev/types\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\nimport {\n getAuthTokenFromCookies,\n getSessionFromCookies,\n} from \"./cookies\";\nimport { getAuthConfig } from \"./config\";\n\nexport { createAuthRoutes } from \"./api-routes\";\nexport { createPlatformAuthRoutes } from \"./platform-api-routes\";\nexport { configureAuth, getAuthConfig } from \"./config\";\nexport { setAuthCookies, clearAuthCookies, getRefreshTokenFromCookies, getAuthTokenFromCookies } from \"./cookies\";\n\nexport async function auth(): Promise<ServerAuthObject> {\n const cookieStore = await cookies();\n const token = getAuthTokenFromCookies(cookieStore);\n const config = getAuthConfig();\n\n function redirectToSignIn(opts?: { returnTo?: string }): never {\n const returnTo = opts?.returnTo;\n const url = returnTo\n ? `${config.signInUrl}?returnTo=${encodeURIComponent(returnTo)}`\n : config.signInUrl;\n redirect(url);\n }\n\n if (!token || isTokenExpired(token)) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n\n const has = (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n };\n\n const protectedObj: ProtectedAuthObject = {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n isSignedIn: true,\n getToken: async () => token,\n has,\n };\n\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has,\n protect: (params?: {\n role?: string;\n permission?: string;\n redirectTo?: string;\n }) => {\n if (params?.role || params?.permission) {\n if (!has({ role: params.role, permission: params.permission })) {\n redirect(params.redirectTo ?? \"/unauthorized\");\n }\n }\n return protectedObj;\n },\n redirectToSignIn,\n };\n}\n\nexport async function currentUser(\n opts?: { fresh?: boolean },\n): Promise<UserResource | PlatformUserResource | null> {\n const cookieStore = await cookies();\n\n if (opts?.fresh) {\n const token = getAuthTokenFromCookies(cookieStore);\n if (!token || isTokenExpired(token)) return null;\n\n const config = getAuthConfig();\n if (!config.apiUrl || !config.publishableKey) {\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n }\n\n const client = new InAIAuthClient({\n apiUrl: config.apiUrl,\n publishableKey: config.publishableKey,\n });\n try {\n const { data } = await client.getMe(token);\n return data;\n } catch {\n return null;\n }\n }\n\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n}\n","import type { UserResource, PlatformUserResource, JWTClaims, TokenPair } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n decodeJWTPayload,\n} from \"@inai-dev/shared\";\n\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\nexport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\n\ninterface CookieStore {\n get(name: string): { value: string } | undefined;\n set(name: string, value: string, options?: Record<string, unknown>): void;\n}\n\ninterface SessionData {\n user: UserResource | PlatformUserResource;\n expiresAt: string;\n permissions?: string[];\n orgId?: string;\n orgRole?: string;\n appId?: string;\n envId?: string;\n}\n\nexport function setAuthCookies(\n cookieStore: CookieStore,\n tokens: TokenPair,\n user: UserResource | PlatformUserResource,\n): void {\n const isProduction = process.env.NODE_ENV === \"production\";\n const claims = decodeJWTPayload(tokens.access_token);\n const expiresAt = claims\n ? new Date(claims.exp * 1000).toISOString()\n : new Date(Date.now() + tokens.expires_in * 1000).toISOString();\n\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n\n const sessionData: SessionData = {\n user,\n expiresAt,\n permissions: claims?.permissions ?? [],\n orgId: claims?.org_id,\n orgRole: claims?.org_role,\n appId: claims?.app_id,\n envId: claims?.env_id,\n };\n cookieStore.set(COOKIE_AUTH_SESSION, JSON.stringify(sessionData), {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n}\n\nexport function clearAuthCookies(\n cookieStore: CookieStore,\n): void {\n const opts = { path: \"/\", maxAge: 0 };\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", opts);\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", { ...opts, path: \"/api/auth\" });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", opts);\n}\n\nexport function getAuthTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_AUTH_TOKEN)?.value ?? null;\n}\n\nexport function getRefreshTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_REFRESH_TOKEN)?.value ?? null;\n}\n\nexport function getSessionFromCookies(\n cookieStore: CookieStore,\n): SessionData | null {\n const raw = cookieStore.get(COOKIE_AUTH_SESSION)?.value;\n if (!raw) return null;\n try {\n return JSON.parse(raw) as SessionData;\n } catch {\n return null;\n }\n}\n","import type { InAIAuthSDKConfig } from \"@inai-dev/types\";\n\ntype ResolvedConfig = Required<InAIAuthSDKConfig>;\n\nconst defaults: ResolvedConfig = {\n signInUrl: \"/login\",\n signUpUrl: \"/register\",\n afterSignInUrl: \"/\",\n afterSignOutUrl: \"/login\",\n apiUrl: \"\",\n publishableKey: \"\",\n};\n\nlet userConfig: Partial<InAIAuthSDKConfig> = {};\n\nexport function configureAuth(config: InAIAuthSDKConfig): void {\n userConfig = config;\n}\n\nexport function getAuthConfig(): ResolvedConfig {\n return {\n signInUrl: userConfig.signInUrl ?? defaults.signInUrl,\n signUpUrl: userConfig.signUpUrl ?? defaults.signUpUrl,\n afterSignInUrl: userConfig.afterSignInUrl ?? defaults.afterSignInUrl,\n afterSignOutUrl: userConfig.afterSignOutUrl ?? defaults.afterSignOutUrl,\n apiUrl:\n userConfig.apiUrl ??\n process.env.INAI_API_URL ??\n process.env.NEXT_PUBLIC_INAI_API_URL ??\n defaults.apiUrl,\n publishableKey:\n userConfig.publishableKey ??\n process.env.NEXT_PUBLIC_INAI_PUBLISHABLE_KEY ??\n defaults.publishableKey,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type {\n InAIAuthConfig,\n TokenPair,\n UserResource,\n LoginResult,\n} from \"@inai-dev/types\";\nimport {\n setAuthCookies,\n clearAuthCookies,\n getRefreshTokenFromCookies,\n} from \"./cookies\";\n\nexport function createAuthRoutes(config: InAIAuthConfig = {}) {\n const client = new InAIAuthClient(config);\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = (await client.login({\n email: body.email,\n password: body.password,\n })) as LoginResult & { user?: UserResource };\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = (result as { user?: UserResource }).user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const tokens = await client.mfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const { data: user } = await client.getMe(tokens.access_token);\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n\n if (!refreshToken) {\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.refresh(refreshToken);\n const { data: user } = await client.getMe(tokens.access_token);\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleRegister(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.register({\n email: body.email,\n password: body.password,\n firstName: body.firstName,\n lastName: body.lastName,\n });\n\n if (!result.access_token) {\n return NextResponse.json({\n needs_email_verification: true,\n user: result.user,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = result.user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"Registration failed\";\n return NextResponse.json({ error: message }, { status: 400 });\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n if (refreshToken) {\n await client.logout(refreshToken).catch(() => {});\n }\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"register\":\n return handleRegister(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type { InAIAuthConfig, TokenPair, PlatformUserResource } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n} from \"@inai-dev/shared\";\n\nexport function createPlatformAuthRoutes(config: InAIAuthConfig = {}) {\n const client = new InAIAuthClient(config);\n const isProduction = process.env.NODE_ENV === \"production\";\n\n function setPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n tokens: TokenPair,\n user?: PlatformUserResource,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n if (user) {\n const expiresAt = Date.now() + tokens.expires_in * 1000;\n cookieStore.set(\n COOKIE_AUTH_SESSION,\n JSON.stringify({ user, expiresAt }),\n {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n },\n );\n }\n }\n\n function clearPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n }\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformLogin({\n email: body.email,\n password: body.password,\n });\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformMfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n\n if (!refreshToken) {\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.platformRefresh(refreshToken);\n const { data: user } = await client.platformGetMe(\n tokens.access_token,\n );\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n await client.platformLogout(refreshToken).catch(() => {});\n }\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n"],"mappings":";AAAA,SAAS,WAAAA,gBAAe;AACxB,SAAS,gBAAgB;AAQzB,SAAS,kBAAAC,uBAAsB;AAC/B,SAAS,kBAAAC,iBAAgB,sBAAAC,2BAA0B;;;ACTnD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE,qBAAAC;AAAA,EACA,wBAAAC;AAAA,EACA,uBAAAC;AAAA,OACK;AAEP,SAAS,gBAAgB,0BAA0B;AAiB5C,SAAS,eACd,aACA,QACA,MACM;AACN,QAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,QAAM,SAAS,iBAAiB,OAAO,YAAY;AACnD,QAAM,YAAY,SACd,IAAI,KAAK,OAAO,MAAM,GAAI,EAAE,YAAY,IACxC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,aAAa,GAAI,EAAE,YAAY;AAEhE,cAAY,IAAI,mBAAmB,OAAO,cAAc;AAAA,IACtD,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AAED,cAAY,IAAI,sBAAsB,OAAO,eAAe;AAAA,IAC1D,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,IAAI,KAAK,KAAK;AAAA,EACxB,CAAC;AAED,QAAM,cAA2B;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,OAAO,QAAQ;AAAA,IACf,SAAS,QAAQ;AAAA,IACjB,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,EACjB;AACA,cAAY,IAAI,qBAAqB,KAAK,UAAU,WAAW,GAAG;AAAA,IAChE,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AACH;AAEO,SAAS,iBACd,aACM;AACN,QAAM,OAAO,EAAE,MAAM,KAAK,QAAQ,EAAE;AACpC,cAAY,IAAI,mBAAmB,IAAI,IAAI;AAC3C,cAAY,IAAI,sBAAsB,IAAI,EAAE,GAAG,MAAM,MAAM,YAAY,CAAC;AACxE,cAAY,IAAI,qBAAqB,IAAI,IAAI;AAC/C;AAEO,SAAS,wBACd,aACe;AACf,SAAO,YAAY,IAAI,iBAAiB,GAAG,SAAS;AACtD;AAEO,SAAS,2BACd,aACe;AACf,SAAO,YAAY,IAAI,oBAAoB,GAAG,SAAS;AACzD;AAEO,SAAS,sBACd,aACoB;AACpB,QAAM,MAAM,YAAY,IAAI,mBAAmB,GAAG;AAClD,MAAI,CAAC,IAAK,QAAO;AACjB,MAAI;AACF,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACvGA,IAAM,WAA2B;AAAA,EAC/B,WAAW;AAAA,EACX,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,iBAAiB;AAAA,EACjB,QAAQ;AAAA,EACR,gBAAgB;AAClB;AAEA,IAAI,aAAyC,CAAC;AAEvC,SAAS,cAAc,QAAiC;AAC7D,eAAa;AACf;AAEO,SAAS,gBAAgC;AAC9C,SAAO;AAAA,IACL,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,gBAAgB,WAAW,kBAAkB,SAAS;AAAA,IACtD,iBAAiB,WAAW,mBAAmB,SAAS;AAAA,IACxD,QACE,WAAW,UACX,QAAQ,IAAI,gBACZ,QAAQ,IAAI,4BACZ,SAAS;AAAA,IACX,gBACE,WAAW,kBACX,QAAQ,IAAI,oCACZ,SAAS;AAAA,EACb;AACF;;;ACnCA,SAAS,eAAe;AACxB,SAAS,oBAAoB;AAE7B,SAAS,sBAAsB;AAaxB,SAAS,iBAAiB,SAAyB,CAAC,GAAG;AAC5D,QAAM,SAAS,IAAI,eAAe,MAAM;AAExC,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAU,MAAM,OAAO,MAAM;AAAA,QACjC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,aAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAa,OAAmC;AACtD,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,MAAM,QAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,aAAa;AAAA,QACvC,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,YAAM,cAAc,MAAM,QAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAE3D,UAAI,CAAC,cAAc;AACjB,yBAAiB,WAAW;AAC5B,eAAO,aAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,QAAQ,YAAY;AAChD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,MAAM,QAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,aAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe,KAAkB;AAC9C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,SAAS;AAAA,QACnC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,CAAC,OAAO,cAAc;AACxB,eAAO,aAAa,KAAK;AAAA,UACvB,0BAA0B;AAAA,UAC1B,MAAM,OAAO;AAAA,QACf,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAY,OAAO;AACzB,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,MAAM,QAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAC3D,UAAI,cAAc;AAChB,cAAM,OAAO,OAAO,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAClD;AACA,uBAAiB,WAAW;AAC5B,aAAO,aAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,MAAM,QAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,aAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,eAAe,GAAG;AAAA,QAC3B,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AC7KA,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAE7B,SAAS,kBAAAC,uBAAsB;AAE/B;AAAA,EACE,qBAAAC;AAAA,EACA,uBAAAC;AAAA,EACA,wBAAAC;AAAA,OACK;AAEA,SAAS,yBAAyB,SAAyB,CAAC,GAAG;AACpE,QAAM,SAAS,IAAIH,gBAAe,MAAM;AACxC,QAAM,eAAe,QAAQ,IAAI,aAAa;AAE9C,WAAS,mBACP,aACA,QACA,MACA;AACA,gBAAY,IAAIC,oBAAmB,OAAO,cAAc;AAAA,MACtD,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,OAAO;AAAA,IACjB,CAAC;AACD,gBAAY,IAAIE,uBAAsB,OAAO,eAAe;AAAA,MAC1D,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,IAAI,KAAK,KAAK;AAAA,IACxB,CAAC;AACD,QAAI,MAAM;AACR,YAAM,YAAY,KAAK,IAAI,IAAI,OAAO,aAAa;AACnD,kBAAY;AAAA,QACVD;AAAA,QACA,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAAA,QAClC;AAAA,UACE,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,OAAO;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,WAAS,qBACP,aACA;AACA,gBAAY,IAAID,oBAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAC/D,gBAAY,IAAIE,uBAAsB,IAAI;AAAA,MACxC,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,gBAAY,IAAID,sBAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAAA,EACnE;AAEA,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAOH,cAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,MAAMD,SAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAOC,cAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAOA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,qBAAqB;AAAA,QAC/C,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,MAAMD,SAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAOC,cAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAOA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,MAAMD,SAAQ;AAClC,YAAM,eAAe,YAAY,IAAIK,qBAAoB,GAAG;AAE5D,UAAI,CAAC,cAAc;AACjB,6BAAqB,WAAW;AAChC,eAAOJ,cAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,gBAAgB,YAAY;AACxD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO;AAAA,QAClC,OAAO;AAAA,MACT;AACA,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAOA,cAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,MAAMD,SAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAOC,cAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,MAAMD,SAAQ;AAClC,YAAM,eAAe,YAAY,IAAIK,qBAAoB,GAAG;AAC5D,UAAI,cAAc;AAChB,cAAM,OAAO,eAAe,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAC1D;AACA,2BAAqB,WAAW;AAChC,aAAOJ,cAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,MAAMD,SAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAOC,cAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAOA,cAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AJhKA,eAAsB,OAAkC;AACtD,QAAM,cAAc,MAAMK,SAAQ;AAClC,QAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAM,SAAS,cAAc;AAE7B,WAAS,iBAAiB,MAAqC;AAC7D,UAAM,WAAW,MAAM;AACvB,UAAM,MAAM,WACR,GAAG,OAAO,SAAS,aAAa,mBAAmB,QAAQ,CAAC,KAC5D,OAAO;AACX,aAAS,GAAG;AAAA,EACd;AAEA,MAAI,CAAC,SAASC,gBAAe,KAAK,GAAG;AACnC,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAASC,oBAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAE3C,QAAM,MAAM,CAAC,WAAmD;AAC9D,QAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,QAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,aAAO;AACT,WAAO;AAAA,EACT;AAEA,QAAM,eAAoC;AAAA,IACxC,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,YAAY;AAAA,IACZ,UAAU,YAAY;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB;AAAA,IACA,SAAS,CAAC,WAIJ;AACJ,UAAI,QAAQ,QAAQ,QAAQ,YAAY;AACtC,YAAI,CAAC,IAAI,EAAE,MAAM,OAAO,MAAM,YAAY,OAAO,WAAW,CAAC,GAAG;AAC9D,mBAAS,OAAO,cAAc,eAAe;AAAA,QAC/C;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,YACpB,MACqD;AACrD,QAAM,cAAc,MAAMF,SAAQ;AAElC,MAAI,MAAM,OAAO;AACf,UAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAI,CAAC,SAASC,gBAAe,KAAK,EAAG,QAAO;AAE5C,UAAM,SAAS,cAAc;AAC7B,QAAI,CAAC,OAAO,UAAU,CAAC,OAAO,gBAAgB;AAC5C,YAAME,WAAU,sBAAsB,WAAW;AACjD,aAAOA,UAAS,QAAQ;AAAA,IAC1B;AAEA,UAAM,SAAS,IAAIC,gBAAe;AAAA,MAChC,QAAQ,OAAO;AAAA,MACf,gBAAgB,OAAO;AAAA,IACzB,CAAC;AACD,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,OAAO,MAAM,KAAK;AACzC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,UAAU,sBAAsB,WAAW;AACjD,SAAO,SAAS,QAAQ;AAC1B;","names":["cookies","InAIAuthClient","isTokenExpired","getClaimsFromToken","COOKIE_AUTH_TOKEN","COOKIE_REFRESH_TOKEN","COOKIE_AUTH_SESSION","cookies","NextResponse","InAIAuthClient","COOKIE_AUTH_TOKEN","COOKIE_AUTH_SESSION","COOKIE_REFRESH_TOKEN","cookies","isTokenExpired","getClaimsFromToken","session","InAIAuthClient"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@inai-dev/nextjs",
3
- "version": "0.1.0",
3
+ "version": "1.0.0",
4
4
  "description": "Next.js integration for InAI Auth SDK",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -22,7 +22,9 @@
22
22
  "require": "./dist/middleware.cjs"
23
23
  }
24
24
  },
25
- "files": ["dist"],
25
+ "files": [
26
+ "dist"
27
+ ],
26
28
  "scripts": {
27
29
  "build": "tsup",
28
30
  "dev": "tsup --watch",
@@ -32,10 +34,10 @@
32
34
  "prepublishOnly": "npm run build"
33
35
  },
34
36
  "dependencies": {
35
- "@inai-dev/types": "^0.1.0",
36
- "@inai-dev/shared": "^0.1.0",
37
- "@inai-dev/backend": "^0.1.0",
38
- "@inai-dev/react": "^0.1.0"
37
+ "@inai-dev/types": "^1.0.0",
38
+ "@inai-dev/shared": "^1.0.0",
39
+ "@inai-dev/backend": "^1.0.0",
40
+ "@inai-dev/react": "^0.1.1"
39
41
  },
40
42
  "peerDependencies": {
41
43
  "next": ">=14.0.0",
@@ -59,5 +61,13 @@
59
61
  },
60
62
  "homepage": "https://inai.dev/",
61
63
  "bugs": "https://github.com/InAI-Team/inai-auth-sdk/issues",
62
- "keywords": ["inai", "auth", "nextjs", "next", "middleware", "multi-tenant", "react"]
64
+ "keywords": [
65
+ "inai",
66
+ "auth",
67
+ "nextjs",
68
+ "next",
69
+ "middleware",
70
+ "multi-tenant",
71
+ "react"
72
+ ]
63
73
  }