@inai-dev/nextjs 0.1.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +369 -31
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware.cjs +63 -16
- package/dist/middleware.cjs.map +1 -1
- package/dist/middleware.d.cts +1 -0
- package/dist/middleware.d.ts +1 -0
- package/dist/middleware.js +64 -16
- package/dist/middleware.js.map +1 -1
- package/dist/server.cjs +27 -18
- package/dist/server.cjs.map +1 -1
- package/dist/server.d.cts +16 -5
- package/dist/server.d.ts +16 -5
- package/dist/server.js +9 -4
- package/dist/server.js.map +1 -1
- package/package.json +17 -7
package/dist/middleware.js
CHANGED
|
@@ -4,6 +4,7 @@ import {
|
|
|
4
4
|
COOKIE_AUTH_TOKEN,
|
|
5
5
|
COOKIE_AUTH_SESSION,
|
|
6
6
|
COOKIE_REFRESH_TOKEN,
|
|
7
|
+
DEFAULT_API_URL,
|
|
7
8
|
getClaimsFromToken,
|
|
8
9
|
isTokenExpired
|
|
9
10
|
} from "@inai-dev/shared";
|
|
@@ -55,28 +56,73 @@ function buildAuthObject(token, claims) {
|
|
|
55
56
|
}
|
|
56
57
|
};
|
|
57
58
|
}
|
|
58
|
-
async function runAuthCheck(req, signInUrl) {
|
|
59
|
+
async function runAuthCheck(req, signInUrl, apiUrl) {
|
|
59
60
|
const { pathname } = req.nextUrl;
|
|
60
61
|
const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;
|
|
61
62
|
if (!token || isTokenExpired(token)) {
|
|
62
63
|
const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;
|
|
63
64
|
if (refreshToken) {
|
|
64
65
|
try {
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
66
|
+
if (apiUrl) {
|
|
67
|
+
const refreshRes = await fetch(`${apiUrl}/api/platform/auth/refresh`, {
|
|
68
|
+
method: "POST",
|
|
69
|
+
headers: { "Content-Type": "application/json" },
|
|
70
|
+
body: JSON.stringify({ refresh_token: refreshToken })
|
|
71
|
+
});
|
|
72
|
+
if (refreshRes.ok) {
|
|
73
|
+
const newTokens = await refreshRes.json();
|
|
74
|
+
const meRes = await fetch(`${apiUrl}/api/platform/auth/me`, {
|
|
75
|
+
headers: { Authorization: `Bearer ${newTokens.access_token}` }
|
|
76
|
+
});
|
|
77
|
+
if (meRes.ok) {
|
|
78
|
+
const meData = await meRes.json();
|
|
79
|
+
const newUser = meData.data ?? meData;
|
|
80
|
+
const isProduction = process.env.NODE_ENV === "production";
|
|
81
|
+
const response2 = NextResponse.next();
|
|
82
|
+
response2.cookies.set(COOKIE_AUTH_TOKEN, newTokens.access_token, {
|
|
83
|
+
httpOnly: true,
|
|
84
|
+
secure: isProduction,
|
|
85
|
+
sameSite: "lax",
|
|
86
|
+
path: "/",
|
|
87
|
+
maxAge: newTokens.expires_in
|
|
88
|
+
});
|
|
89
|
+
response2.cookies.set(COOKIE_REFRESH_TOKEN, newTokens.refresh_token, {
|
|
90
|
+
httpOnly: true,
|
|
91
|
+
secure: isProduction,
|
|
92
|
+
sameSite: "strict",
|
|
93
|
+
path: "/api/auth",
|
|
94
|
+
maxAge: 7 * 24 * 60 * 60
|
|
95
|
+
});
|
|
96
|
+
response2.cookies.set(COOKIE_AUTH_SESSION, JSON.stringify({
|
|
97
|
+
user: newUser,
|
|
98
|
+
expiresAt: new Date(Date.now() + newTokens.expires_in * 1e3).toISOString()
|
|
99
|
+
}), {
|
|
100
|
+
httpOnly: false,
|
|
101
|
+
secure: isProduction,
|
|
102
|
+
sameSite: "lax",
|
|
103
|
+
path: "/",
|
|
104
|
+
maxAge: newTokens.expires_in
|
|
105
|
+
});
|
|
106
|
+
return { authObj: null, response: response2 };
|
|
107
|
+
}
|
|
71
108
|
}
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
const
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
109
|
+
} else {
|
|
110
|
+
const refreshUrl = new URL("/api/auth/refresh", req.url);
|
|
111
|
+
const refreshRes = await fetch(refreshUrl.toString(), {
|
|
112
|
+
method: "POST",
|
|
113
|
+
headers: {
|
|
114
|
+
"Content-Type": "application/json",
|
|
115
|
+
Cookie: req.headers.get("cookie") ?? ""
|
|
116
|
+
}
|
|
117
|
+
});
|
|
118
|
+
if (refreshRes.ok) {
|
|
119
|
+
const response2 = NextResponse.next();
|
|
120
|
+
const setCookies = refreshRes.headers.getSetCookie?.() ?? [];
|
|
121
|
+
for (const cookie of setCookies) {
|
|
122
|
+
response2.headers.append("Set-Cookie", cookie);
|
|
123
|
+
}
|
|
124
|
+
return { authObj: null, response: response2 };
|
|
78
125
|
}
|
|
79
|
-
return { authObj: null, response: response2 };
|
|
80
126
|
}
|
|
81
127
|
} catch {
|
|
82
128
|
}
|
|
@@ -106,6 +152,7 @@ async function runAuthCheck(req, signInUrl) {
|
|
|
106
152
|
}
|
|
107
153
|
function inaiAuthMiddleware(config = {}) {
|
|
108
154
|
const {
|
|
155
|
+
apiUrl = DEFAULT_API_URL,
|
|
109
156
|
publicRoutes = [],
|
|
110
157
|
signInUrl = "/login",
|
|
111
158
|
beforeAuth,
|
|
@@ -120,7 +167,7 @@ function inaiAuthMiddleware(config = {}) {
|
|
|
120
167
|
if (isPublicRoute(req, publicRoutes, builtinPublic)) {
|
|
121
168
|
return NextResponse.next();
|
|
122
169
|
}
|
|
123
|
-
const { authObj, response } = await runAuthCheck(req, signInUrl);
|
|
170
|
+
const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);
|
|
124
171
|
if (response) return response;
|
|
125
172
|
if (!authObj)
|
|
126
173
|
return NextResponse.redirect(new URL(signInUrl, req.url));
|
|
@@ -133,6 +180,7 @@ function inaiAuthMiddleware(config = {}) {
|
|
|
133
180
|
}
|
|
134
181
|
function withInAIAuth(wrappedMiddleware, config = {}) {
|
|
135
182
|
const {
|
|
183
|
+
apiUrl = DEFAULT_API_URL,
|
|
136
184
|
publicRoutes = [],
|
|
137
185
|
signInUrl = "/login",
|
|
138
186
|
beforeAuth,
|
|
@@ -146,7 +194,7 @@ function withInAIAuth(wrappedMiddleware, config = {}) {
|
|
|
146
194
|
}
|
|
147
195
|
const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);
|
|
148
196
|
if (!isPublic) {
|
|
149
|
-
const { authObj, response } = await runAuthCheck(req, signInUrl);
|
|
197
|
+
const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);
|
|
150
198
|
if (response) return response;
|
|
151
199
|
if (!authObj)
|
|
152
200
|
return NextResponse.redirect(new URL(signInUrl, req.url));
|
package/dist/middleware.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/middleware.ts"],"sourcesContent":["import { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport type { AuthObject } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n getClaimsFromToken,\n isTokenExpired,\n} from \"@inai-dev/shared\";\n\nexport interface InAIMiddlewareConfig {\n publicRoutes?: string[] | ((req: NextRequest) => boolean);\n signInUrl?: string;\n beforeAuth?: (req: NextRequest) => NextResponse | void;\n afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;\n}\n\nexport function createRouteMatcher(\n patterns: (string | RegExp)[],\n): (req: NextRequest) => boolean {\n const matchers = patterns.map((pattern) => {\n if (pattern instanceof RegExp) return pattern;\n let regexStr = pattern;\n if (regexStr.endsWith(\"*\") && !regexStr.includes(\"(\")) {\n regexStr = regexStr.slice(0, -1) + \".*\";\n }\n return new RegExp(`^${regexStr}$`);\n });\n\n return (req: NextRequest) => {\n const pathname = req.nextUrl.pathname;\n return matchers.some((m) => m.test(pathname));\n };\n}\n\nfunction matchesRoute(pathname: string, patterns: string[]): boolean {\n return patterns.some((pattern) => {\n if (pattern.endsWith(\"*\")) {\n return pathname.startsWith(pattern.slice(0, -1));\n }\n return pathname === pattern;\n });\n}\n\nfunction isPublicRoute(\n req: NextRequest,\n publicRoutes: string[] | ((req: NextRequest) => boolean),\n builtinPublic: string[],\n): boolean {\n const pathname = req.nextUrl.pathname;\n if (matchesRoute(pathname, builtinPublic)) return true;\n if (typeof publicRoutes === \"function\") return publicRoutes(req);\n return matchesRoute(pathname, publicRoutes);\n}\n\nfunction buildAuthObject(\n token: string,\n claims: NonNullable<ReturnType<typeof getClaimsFromToken>>,\n): AuthObject {\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has: (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n },\n };\n}\n\nasync function runAuthCheck(\n req: NextRequest,\n signInUrl: string,\n): Promise<{ authObj: AuthObject | null; response?: NextResponse }> {\n const { pathname } = req.nextUrl;\n const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;\n\n if (!token || isTokenExpired(token)) {\n const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n try {\n const refreshUrl = new URL(\"/api/auth/refresh\", req.url);\n const refreshRes = await fetch(refreshUrl.toString(), {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Cookie: req.headers.get(\"cookie\") ?? \"\",\n },\n });\n if (refreshRes.ok) {\n const response = NextResponse.next();\n const setCookies = refreshRes.headers.getSetCookie?.() ?? [];\n for (const cookie of setCookies) {\n response.headers.append(\"Set-Cookie\", cookie);\n }\n return { authObj: null, response };\n }\n } catch {\n // Refresh failed, fall through to redirect\n }\n }\n\n const response = NextResponse.redirect(\n new URL(\n `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,\n req.url,\n ),\n );\n response.cookies.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n response.cookies.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n return { authObj: null, response };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n authObj: null,\n response: NextResponse.redirect(new URL(signInUrl, req.url)),\n };\n }\n\n return { authObj: buildAuthObject(token, claims) };\n}\n\nexport function inaiAuthMiddleware(config: InAIMiddlewareConfig = {}) {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n if (isPublicRoute(req, publicRoutes, builtinPublic)) {\n return NextResponse.next();\n }\n\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n return NextResponse.next();\n };\n}\n\nexport function withInAIAuth(\n wrappedMiddleware: (\n req: NextRequest,\n ) => NextResponse | Response | Promise<NextResponse | Response>,\n config: InAIMiddlewareConfig = {},\n): (req: NextRequest) => Promise<NextResponse> {\n const {\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);\n\n if (!isPublic) {\n const { authObj, response } = await runAuthCheck(req, signInUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n const authHeader = JSON.stringify({\n userId: authObj.userId,\n tenantId: authObj.tenantId,\n appId: authObj.appId,\n envId: authObj.envId,\n orgId: authObj.orgId,\n orgRole: authObj.orgRole,\n });\n req.headers.set(\"x-inai-auth\", authHeader);\n }\n\n const wrappedResponse = await wrappedMiddleware(req);\n if (wrappedResponse instanceof NextResponse) return wrappedResponse;\n return new NextResponse(wrappedResponse.body, wrappedResponse);\n };\n}\n"],"mappings":";AAAA,SAAS,oBAAoB;AAG7B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASA,SAAS,mBACd,UAC+B;AAC/B,QAAM,WAAW,SAAS,IAAI,CAAC,YAAY;AACzC,QAAI,mBAAmB,OAAQ,QAAO;AACtC,QAAI,WAAW;AACf,QAAI,SAAS,SAAS,GAAG,KAAK,CAAC,SAAS,SAAS,GAAG,GAAG;AACrD,iBAAW,SAAS,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC;AACA,WAAO,IAAI,OAAO,IAAI,QAAQ,GAAG;AAAA,EACnC,CAAC;AAED,SAAO,CAAC,QAAqB;AAC3B,UAAM,WAAW,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,MAAM,EAAE,KAAK,QAAQ,CAAC;AAAA,EAC9C;AACF;AAEA,SAAS,aAAa,UAAkB,UAA6B;AACnE,SAAO,SAAS,KAAK,CAAC,YAAY;AAChC,QAAI,QAAQ,SAAS,GAAG,GAAG;AACzB,aAAO,SAAS,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,IACjD;AACA,WAAO,aAAa;AAAA,EACtB,CAAC;AACH;AAEA,SAAS,cACP,KACA,cACA,eACS;AACT,QAAM,WAAW,IAAI,QAAQ;AAC7B,MAAI,aAAa,UAAU,aAAa,EAAG,QAAO;AAClD,MAAI,OAAO,iBAAiB,WAAY,QAAO,aAAa,GAAG;AAC/D,SAAO,aAAa,UAAU,YAAY;AAC5C;AAEA,SAAS,gBACP,OACA,QACY;AACZ,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAC3C,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB,KAAK,CAAC,WAAmD;AACvD,UAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,UAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,eAAO;AACT,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAe,aACb,KACA,WACkE;AAClE,QAAM,EAAE,SAAS,IAAI,IAAI;AACzB,QAAM,QAAQ,IAAI,QAAQ,IAAI,iBAAiB,GAAG;AAElD,MAAI,CAAC,SAAS,eAAe,KAAK,GAAG;AACnC,UAAM,eAAe,IAAI,QAAQ,IAAI,oBAAoB,GAAG;AAC5D,QAAI,cAAc;AAChB,UAAI;AACF,cAAM,aAAa,IAAI,IAAI,qBAAqB,IAAI,GAAG;AACvD,cAAM,aAAa,MAAM,MAAM,WAAW,SAAS,GAAG;AAAA,UACpD,QAAQ;AAAA,UACR,SAAS;AAAA,YACP,gBAAgB;AAAA,YAChB,QAAQ,IAAI,QAAQ,IAAI,QAAQ,KAAK;AAAA,UACvC;AAAA,QACF,CAAC;AACD,YAAI,WAAW,IAAI;AACjB,gBAAMA,YAAW,aAAa,KAAK;AACnC,gBAAM,aAAa,WAAW,QAAQ,eAAe,KAAK,CAAC;AAC3D,qBAAW,UAAU,YAAY;AAC/B,YAAAA,UAAS,QAAQ,OAAO,cAAc,MAAM;AAAA,UAC9C;AACA,iBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,QACnC;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,WAAW,aAAa;AAAA,MAC5B,IAAI;AAAA,QACF,GAAG,SAAS,aAAa,mBAAmB,QAAQ,CAAC;AAAA,QACrD,IAAI;AAAA,MACN;AAAA,IACF;AACA,aAAS,QAAQ,IAAI,mBAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACpE,aAAS,QAAQ,IAAI,sBAAsB,IAAI;AAAA,MAC7C,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,aAAS,QAAQ,IAAI,qBAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACtE,WAAO,EAAE,SAAS,MAAM,SAAS;AAAA,EACnC;AAEA,QAAM,SAAS,mBAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,gBAAgB,OAAO,MAAM,EAAE;AACnD;AAEO,SAAS,mBAAmB,SAA+B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,QAAI,cAAc,KAAK,cAAc,aAAa,GAAG;AACnD,aAAO,aAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,QAAI,SAAU,QAAO;AACrB,QAAI,CAAC;AACH,aAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,QAAI,WAAW;AACb,YAAM,SAAS,UAAU,SAAS,GAAG;AACrC,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAEO,SAAS,aACd,mBAGA,SAA+B,CAAC,GACa;AAC7C,QAAM;AAAA,IACJ,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,UAAM,WAAW,cAAc,KAAK,cAAc,aAAa;AAE/D,QAAI,CAAC,UAAU;AACb,YAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,SAAS;AAC/D,UAAI,SAAU,QAAO;AACrB,UAAI,CAAC;AACH,eAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,UAAI,WAAW;AACb,cAAM,SAAS,UAAU,SAAS,GAAG;AACrC,YAAI,OAAQ,QAAO;AAAA,MACrB;AAEA,YAAM,aAAa,KAAK,UAAU;AAAA,QAChC,QAAQ,QAAQ;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,SAAS,QAAQ;AAAA,MACnB,CAAC;AACD,UAAI,QAAQ,IAAI,eAAe,UAAU;AAAA,IAC3C;AAEA,UAAM,kBAAkB,MAAM,kBAAkB,GAAG;AACnD,QAAI,2BAA2B,aAAc,QAAO;AACpD,WAAO,IAAI,aAAa,gBAAgB,MAAM,eAAe;AAAA,EAC/D;AACF;","names":["response"]}
|
|
1
|
+
{"version":3,"sources":["../src/middleware.ts"],"sourcesContent":["import { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport type { AuthObject } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n DEFAULT_API_URL,\n getClaimsFromToken,\n isTokenExpired,\n} from \"@inai-dev/shared\";\n\nexport interface InAIMiddlewareConfig {\n apiUrl?: string;\n publicRoutes?: string[] | ((req: NextRequest) => boolean);\n signInUrl?: string;\n beforeAuth?: (req: NextRequest) => NextResponse | void;\n afterAuth?: (auth: AuthObject, req: NextRequest) => NextResponse | void;\n}\n\nexport function createRouteMatcher(\n patterns: (string | RegExp)[],\n): (req: NextRequest) => boolean {\n const matchers = patterns.map((pattern) => {\n if (pattern instanceof RegExp) return pattern;\n let regexStr = pattern;\n if (regexStr.endsWith(\"*\") && !regexStr.includes(\"(\")) {\n regexStr = regexStr.slice(0, -1) + \".*\";\n }\n return new RegExp(`^${regexStr}$`);\n });\n\n return (req: NextRequest) => {\n const pathname = req.nextUrl.pathname;\n return matchers.some((m) => m.test(pathname));\n };\n}\n\nfunction matchesRoute(pathname: string, patterns: string[]): boolean {\n return patterns.some((pattern) => {\n if (pattern.endsWith(\"*\")) {\n return pathname.startsWith(pattern.slice(0, -1));\n }\n return pathname === pattern;\n });\n}\n\nfunction isPublicRoute(\n req: NextRequest,\n publicRoutes: string[] | ((req: NextRequest) => boolean),\n builtinPublic: string[],\n): boolean {\n const pathname = req.nextUrl.pathname;\n if (matchesRoute(pathname, builtinPublic)) return true;\n if (typeof publicRoutes === \"function\") return publicRoutes(req);\n return matchesRoute(pathname, publicRoutes);\n}\n\nfunction buildAuthObject(\n token: string,\n claims: NonNullable<ReturnType<typeof getClaimsFromToken>>,\n): AuthObject {\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has: (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n },\n };\n}\n\nasync function runAuthCheck(\n req: NextRequest,\n signInUrl: string,\n apiUrl?: string,\n): Promise<{ authObj: AuthObject | null; response?: NextResponse }> {\n const { pathname } = req.nextUrl;\n const token = req.cookies.get(COOKIE_AUTH_TOKEN)?.value;\n\n if (!token || isTokenExpired(token)) {\n const refreshToken = req.cookies.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n try {\n if (apiUrl) {\n const refreshRes = await fetch(`${apiUrl}/api/platform/auth/refresh`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ refresh_token: refreshToken }),\n });\n if (refreshRes.ok) {\n const newTokens = await refreshRes.json() as {\n access_token: string;\n refresh_token: string;\n expires_in: number;\n };\n const meRes = await fetch(`${apiUrl}/api/platform/auth/me`, {\n headers: { Authorization: `Bearer ${newTokens.access_token}` },\n });\n if (meRes.ok) {\n const meData = await meRes.json();\n const newUser = meData.data ?? meData;\n const isProduction = process.env.NODE_ENV === \"production\";\n const response = NextResponse.next();\n response.cookies.set(COOKIE_AUTH_TOKEN, newTokens.access_token, {\n httpOnly: true, secure: isProduction, sameSite: \"lax\",\n path: \"/\", maxAge: newTokens.expires_in,\n });\n response.cookies.set(COOKIE_REFRESH_TOKEN, newTokens.refresh_token, {\n httpOnly: true, secure: isProduction, sameSite: \"strict\",\n path: \"/api/auth\", maxAge: 7 * 24 * 60 * 60,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, JSON.stringify({\n user: newUser,\n expiresAt: new Date(Date.now() + newTokens.expires_in * 1000).toISOString(),\n }), {\n httpOnly: false, secure: isProduction, sameSite: \"lax\",\n path: \"/\", maxAge: newTokens.expires_in,\n });\n return { authObj: null, response };\n }\n }\n } else {\n const refreshUrl = new URL(\"/api/auth/refresh\", req.url);\n const refreshRes = await fetch(refreshUrl.toString(), {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Cookie: req.headers.get(\"cookie\") ?? \"\",\n },\n });\n if (refreshRes.ok) {\n const response = NextResponse.next();\n const setCookies = refreshRes.headers.getSetCookie?.() ?? [];\n for (const cookie of setCookies) {\n response.headers.append(\"Set-Cookie\", cookie);\n }\n return { authObj: null, response };\n }\n }\n } catch {\n // Refresh failed, fall through to redirect\n }\n }\n\n const response = NextResponse.redirect(\n new URL(\n `${signInUrl}?returnTo=${encodeURIComponent(pathname)}`,\n req.url,\n ),\n );\n response.cookies.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n response.cookies.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n response.cookies.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n return { authObj: null, response };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n authObj: null,\n response: NextResponse.redirect(new URL(signInUrl, req.url)),\n };\n }\n\n return { authObj: buildAuthObject(token, claims) };\n}\n\nexport function inaiAuthMiddleware(config: InAIMiddlewareConfig = {}) {\n const {\n apiUrl = DEFAULT_API_URL,\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n if (isPublicRoute(req, publicRoutes, builtinPublic)) {\n return NextResponse.next();\n }\n\n const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n return NextResponse.next();\n };\n}\n\nexport function withInAIAuth(\n wrappedMiddleware: (\n req: NextRequest,\n ) => NextResponse | Response | Promise<NextResponse | Response>,\n config: InAIMiddlewareConfig = {},\n): (req: NextRequest) => Promise<NextResponse> {\n const {\n apiUrl = DEFAULT_API_URL,\n publicRoutes = [],\n signInUrl = \"/login\",\n beforeAuth,\n afterAuth,\n } = config;\n\n const builtinPublic = [\"/_next/*\", \"/favicon.ico\", \"/api/*\", signInUrl];\n\n return async function middleware(\n req: NextRequest,\n ): Promise<NextResponse> {\n if (beforeAuth) {\n const result = beforeAuth(req);\n if (result) return result;\n }\n\n const isPublic = isPublicRoute(req, publicRoutes, builtinPublic);\n\n if (!isPublic) {\n const { authObj, response } = await runAuthCheck(req, signInUrl, apiUrl);\n if (response) return response;\n if (!authObj)\n return NextResponse.redirect(new URL(signInUrl, req.url));\n\n if (afterAuth) {\n const result = afterAuth(authObj, req);\n if (result) return result;\n }\n\n const authHeader = JSON.stringify({\n userId: authObj.userId,\n tenantId: authObj.tenantId,\n appId: authObj.appId,\n envId: authObj.envId,\n orgId: authObj.orgId,\n orgRole: authObj.orgRole,\n });\n req.headers.set(\"x-inai-auth\", authHeader);\n }\n\n const wrappedResponse = await wrappedMiddleware(req);\n if (wrappedResponse instanceof NextResponse) return wrappedResponse;\n return new NextResponse(wrappedResponse.body, wrappedResponse);\n };\n}\n"],"mappings":";AAAA,SAAS,oBAAoB;AAG7B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAUA,SAAS,mBACd,UAC+B;AAC/B,QAAM,WAAW,SAAS,IAAI,CAAC,YAAY;AACzC,QAAI,mBAAmB,OAAQ,QAAO;AACtC,QAAI,WAAW;AACf,QAAI,SAAS,SAAS,GAAG,KAAK,CAAC,SAAS,SAAS,GAAG,GAAG;AACrD,iBAAW,SAAS,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC;AACA,WAAO,IAAI,OAAO,IAAI,QAAQ,GAAG;AAAA,EACnC,CAAC;AAED,SAAO,CAAC,QAAqB;AAC3B,UAAM,WAAW,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,MAAM,EAAE,KAAK,QAAQ,CAAC;AAAA,EAC9C;AACF;AAEA,SAAS,aAAa,UAAkB,UAA6B;AACnE,SAAO,SAAS,KAAK,CAAC,YAAY;AAChC,QAAI,QAAQ,SAAS,GAAG,GAAG;AACzB,aAAO,SAAS,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,IACjD;AACA,WAAO,aAAa;AAAA,EACtB,CAAC;AACH;AAEA,SAAS,cACP,KACA,cACA,eACS;AACT,QAAM,WAAW,IAAI,QAAQ;AAC7B,MAAI,aAAa,UAAU,aAAa,EAAG,QAAO;AAClD,MAAI,OAAO,iBAAiB,WAAY,QAAO,aAAa,GAAG;AAC/D,SAAO,aAAa,UAAU,YAAY;AAC5C;AAEA,SAAS,gBACP,OACA,QACY;AACZ,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAC3C,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB,KAAK,CAAC,WAAmD;AACvD,UAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,UAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,eAAO;AACT,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAe,aACb,KACA,WACA,QACkE;AAClE,QAAM,EAAE,SAAS,IAAI,IAAI;AACzB,QAAM,QAAQ,IAAI,QAAQ,IAAI,iBAAiB,GAAG;AAElD,MAAI,CAAC,SAAS,eAAe,KAAK,GAAG;AACnC,UAAM,eAAe,IAAI,QAAQ,IAAI,oBAAoB,GAAG;AAC5D,QAAI,cAAc;AAChB,UAAI;AACF,YAAI,QAAQ;AACV,gBAAM,aAAa,MAAM,MAAM,GAAG,MAAM,8BAA8B;AAAA,YACpE,QAAQ;AAAA,YACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,YAC9C,MAAM,KAAK,UAAU,EAAE,eAAe,aAAa,CAAC;AAAA,UACtD,CAAC;AACD,cAAI,WAAW,IAAI;AACjB,kBAAM,YAAY,MAAM,WAAW,KAAK;AAKxC,kBAAM,QAAQ,MAAM,MAAM,GAAG,MAAM,yBAAyB;AAAA,cAC1D,SAAS,EAAE,eAAe,UAAU,UAAU,YAAY,GAAG;AAAA,YAC/D,CAAC;AACD,gBAAI,MAAM,IAAI;AACZ,oBAAM,SAAS,MAAM,MAAM,KAAK;AAChC,oBAAM,UAAU,OAAO,QAAQ;AAC/B,oBAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,oBAAMA,YAAW,aAAa,KAAK;AACnC,cAAAA,UAAS,QAAQ,IAAI,mBAAmB,UAAU,cAAc;AAAA,gBAC9D,UAAU;AAAA,gBAAM,QAAQ;AAAA,gBAAc,UAAU;AAAA,gBAChD,MAAM;AAAA,gBAAK,QAAQ,UAAU;AAAA,cAC/B,CAAC;AACD,cAAAA,UAAS,QAAQ,IAAI,sBAAsB,UAAU,eAAe;AAAA,gBAClE,UAAU;AAAA,gBAAM,QAAQ;AAAA,gBAAc,UAAU;AAAA,gBAChD,MAAM;AAAA,gBAAa,QAAQ,IAAI,KAAK,KAAK;AAAA,cAC3C,CAAC;AACD,cAAAA,UAAS,QAAQ,IAAI,qBAAqB,KAAK,UAAU;AAAA,gBACvD,MAAM;AAAA,gBACN,WAAW,IAAI,KAAK,KAAK,IAAI,IAAI,UAAU,aAAa,GAAI,EAAE,YAAY;AAAA,cAC5E,CAAC,GAAG;AAAA,gBACF,UAAU;AAAA,gBAAO,QAAQ;AAAA,gBAAc,UAAU;AAAA,gBACjD,MAAM;AAAA,gBAAK,QAAQ,UAAU;AAAA,cAC/B,CAAC;AACD,qBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,YACnC;AAAA,UACF;AAAA,QACF,OAAO;AACL,gBAAM,aAAa,IAAI,IAAI,qBAAqB,IAAI,GAAG;AACvD,gBAAM,aAAa,MAAM,MAAM,WAAW,SAAS,GAAG;AAAA,YACpD,QAAQ;AAAA,YACR,SAAS;AAAA,cACP,gBAAgB;AAAA,cAChB,QAAQ,IAAI,QAAQ,IAAI,QAAQ,KAAK;AAAA,YACvC;AAAA,UACF,CAAC;AACD,cAAI,WAAW,IAAI;AACjB,kBAAMA,YAAW,aAAa,KAAK;AACnC,kBAAM,aAAa,WAAW,QAAQ,eAAe,KAAK,CAAC;AAC3D,uBAAW,UAAU,YAAY;AAC/B,cAAAA,UAAS,QAAQ,OAAO,cAAc,MAAM;AAAA,YAC9C;AACA,mBAAO,EAAE,SAAS,MAAM,UAAAA,UAAS;AAAA,UACnC;AAAA,QACF;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,UAAM,WAAW,aAAa;AAAA,MAC5B,IAAI;AAAA,QACF,GAAG,SAAS,aAAa,mBAAmB,QAAQ,CAAC;AAAA,QACrD,IAAI;AAAA,MACN;AAAA,IACF;AACA,aAAS,QAAQ,IAAI,mBAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACpE,aAAS,QAAQ,IAAI,sBAAsB,IAAI;AAAA,MAC7C,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,aAAS,QAAQ,IAAI,qBAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AACtE,WAAO,EAAE,SAAS,MAAM,SAAS;AAAA,EACnC;AAEA,QAAM,SAAS,mBAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAAA,IAC7D;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,gBAAgB,OAAO,MAAM,EAAE;AACnD;AAEO,SAAS,mBAAmB,SAA+B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,SAAS;AAAA,IACT,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,QAAI,cAAc,KAAK,cAAc,aAAa,GAAG;AACnD,aAAO,aAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,WAAW,MAAM;AACvE,QAAI,SAAU,QAAO;AACrB,QAAI,CAAC;AACH,aAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,QAAI,WAAW;AACb,YAAM,SAAS,UAAU,SAAS,GAAG;AACrC,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAEO,SAAS,aACd,mBAGA,SAA+B,CAAC,GACa;AAC7C,QAAM;AAAA,IACJ,SAAS;AAAA,IACT,eAAe,CAAC;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,gBAAgB,CAAC,YAAY,gBAAgB,UAAU,SAAS;AAEtE,SAAO,eAAe,WACpB,KACuB;AACvB,QAAI,YAAY;AACd,YAAM,SAAS,WAAW,GAAG;AAC7B,UAAI,OAAQ,QAAO;AAAA,IACrB;AAEA,UAAM,WAAW,cAAc,KAAK,cAAc,aAAa;AAE/D,QAAI,CAAC,UAAU;AACb,YAAM,EAAE,SAAS,SAAS,IAAI,MAAM,aAAa,KAAK,WAAW,MAAM;AACvE,UAAI,SAAU,QAAO;AACrB,UAAI,CAAC;AACH,eAAO,aAAa,SAAS,IAAI,IAAI,WAAW,IAAI,GAAG,CAAC;AAE1D,UAAI,WAAW;AACb,cAAM,SAAS,UAAU,SAAS,GAAG;AACrC,YAAI,OAAQ,QAAO;AAAA,MACrB;AAEA,YAAM,aAAa,KAAK,UAAU;AAAA,QAChC,QAAQ,QAAQ;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,QACf,SAAS,QAAQ;AAAA,MACnB,CAAC;AACD,UAAI,QAAQ,IAAI,eAAe,UAAU;AAAA,IAC3C;AAEA,UAAM,kBAAkB,MAAM,kBAAkB,GAAG;AACnD,QAAI,2BAA2B,aAAc,QAAO;AACpD,WAAO,IAAI,aAAa,gBAAgB,MAAM,eAAe;AAAA,EAC/D;AACF;","names":["response"]}
|
package/dist/server.cjs
CHANGED
|
@@ -21,17 +21,21 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
21
21
|
var server_exports = {};
|
|
22
22
|
__export(server_exports, {
|
|
23
23
|
auth: () => auth,
|
|
24
|
+
clearAuthCookies: () => clearAuthCookies,
|
|
24
25
|
configureAuth: () => configureAuth,
|
|
25
26
|
createAuthRoutes: () => createAuthRoutes,
|
|
26
27
|
createPlatformAuthRoutes: () => createPlatformAuthRoutes,
|
|
27
28
|
currentUser: () => currentUser,
|
|
28
|
-
getAuthConfig: () => getAuthConfig
|
|
29
|
+
getAuthConfig: () => getAuthConfig,
|
|
30
|
+
getAuthTokenFromCookies: () => getAuthTokenFromCookies,
|
|
31
|
+
getRefreshTokenFromCookies: () => getRefreshTokenFromCookies,
|
|
32
|
+
setAuthCookies: () => setAuthCookies
|
|
29
33
|
});
|
|
30
34
|
module.exports = __toCommonJS(server_exports);
|
|
31
35
|
var import_headers3 = require("next/headers");
|
|
32
36
|
var import_navigation = require("next/navigation");
|
|
33
37
|
var import_backend3 = require("@inai-dev/backend");
|
|
34
|
-
var
|
|
38
|
+
var import_shared6 = require("@inai-dev/shared");
|
|
35
39
|
|
|
36
40
|
// src/cookies.ts
|
|
37
41
|
var import_shared = require("@inai-dev/shared");
|
|
@@ -95,12 +99,13 @@ function getSessionFromCookies(cookieStore) {
|
|
|
95
99
|
}
|
|
96
100
|
|
|
97
101
|
// src/config.ts
|
|
102
|
+
var import_shared4 = require("@inai-dev/shared");
|
|
98
103
|
var defaults = {
|
|
99
104
|
signInUrl: "/login",
|
|
100
105
|
signUpUrl: "/register",
|
|
101
106
|
afterSignInUrl: "/",
|
|
102
107
|
afterSignOutUrl: "/login",
|
|
103
|
-
apiUrl:
|
|
108
|
+
apiUrl: import_shared4.DEFAULT_API_URL,
|
|
104
109
|
publishableKey: ""
|
|
105
110
|
};
|
|
106
111
|
var userConfig = {};
|
|
@@ -122,7 +127,7 @@ function getAuthConfig() {
|
|
|
122
127
|
var import_headers = require("next/headers");
|
|
123
128
|
var import_server = require("next/server");
|
|
124
129
|
var import_backend = require("@inai-dev/backend");
|
|
125
|
-
function createAuthRoutes(config) {
|
|
130
|
+
function createAuthRoutes(config = {}) {
|
|
126
131
|
const client = new import_backend.InAIAuthClient(config);
|
|
127
132
|
async function handleLogin(req) {
|
|
128
133
|
try {
|
|
@@ -259,19 +264,19 @@ function createAuthRoutes(config) {
|
|
|
259
264
|
var import_headers2 = require("next/headers");
|
|
260
265
|
var import_server2 = require("next/server");
|
|
261
266
|
var import_backend2 = require("@inai-dev/backend");
|
|
262
|
-
var
|
|
263
|
-
function createPlatformAuthRoutes(config) {
|
|
267
|
+
var import_shared5 = require("@inai-dev/shared");
|
|
268
|
+
function createPlatformAuthRoutes(config = {}) {
|
|
264
269
|
const client = new import_backend2.InAIAuthClient(config);
|
|
265
270
|
const isProduction = process.env.NODE_ENV === "production";
|
|
266
271
|
function setPlatformCookies(cookieStore, tokens, user) {
|
|
267
|
-
cookieStore.set(
|
|
272
|
+
cookieStore.set(import_shared5.COOKIE_AUTH_TOKEN, tokens.access_token, {
|
|
268
273
|
httpOnly: true,
|
|
269
274
|
secure: isProduction,
|
|
270
275
|
sameSite: "lax",
|
|
271
276
|
path: "/",
|
|
272
277
|
maxAge: tokens.expires_in
|
|
273
278
|
});
|
|
274
|
-
cookieStore.set(
|
|
279
|
+
cookieStore.set(import_shared5.COOKIE_REFRESH_TOKEN, tokens.refresh_token, {
|
|
275
280
|
httpOnly: true,
|
|
276
281
|
secure: isProduction,
|
|
277
282
|
sameSite: "strict",
|
|
@@ -281,7 +286,7 @@ function createPlatformAuthRoutes(config) {
|
|
|
281
286
|
if (user) {
|
|
282
287
|
const expiresAt = Date.now() + tokens.expires_in * 1e3;
|
|
283
288
|
cookieStore.set(
|
|
284
|
-
|
|
289
|
+
import_shared5.COOKIE_AUTH_SESSION,
|
|
285
290
|
JSON.stringify({ user, expiresAt }),
|
|
286
291
|
{
|
|
287
292
|
httpOnly: false,
|
|
@@ -294,12 +299,12 @@ function createPlatformAuthRoutes(config) {
|
|
|
294
299
|
}
|
|
295
300
|
}
|
|
296
301
|
function clearPlatformCookies(cookieStore) {
|
|
297
|
-
cookieStore.set(
|
|
298
|
-
cookieStore.set(
|
|
302
|
+
cookieStore.set(import_shared5.COOKIE_AUTH_TOKEN, "", { path: "/", maxAge: 0 });
|
|
303
|
+
cookieStore.set(import_shared5.COOKIE_REFRESH_TOKEN, "", {
|
|
299
304
|
path: "/api/auth",
|
|
300
305
|
maxAge: 0
|
|
301
306
|
});
|
|
302
|
-
cookieStore.set(
|
|
307
|
+
cookieStore.set(import_shared5.COOKIE_AUTH_SESSION, "", { path: "/", maxAge: 0 });
|
|
303
308
|
}
|
|
304
309
|
async function handleLogin(req) {
|
|
305
310
|
try {
|
|
@@ -344,7 +349,7 @@ function createPlatformAuthRoutes(config) {
|
|
|
344
349
|
async function handleRefresh() {
|
|
345
350
|
try {
|
|
346
351
|
const cookieStore = await (0, import_headers2.cookies)();
|
|
347
|
-
const refreshToken = cookieStore.get(
|
|
352
|
+
const refreshToken = cookieStore.get(import_shared5.COOKIE_REFRESH_TOKEN)?.value;
|
|
348
353
|
if (!refreshToken) {
|
|
349
354
|
clearPlatformCookies(cookieStore);
|
|
350
355
|
return import_server2.NextResponse.json(
|
|
@@ -370,7 +375,7 @@ function createPlatformAuthRoutes(config) {
|
|
|
370
375
|
async function handleLogout() {
|
|
371
376
|
try {
|
|
372
377
|
const cookieStore = await (0, import_headers2.cookies)();
|
|
373
|
-
const refreshToken = cookieStore.get(
|
|
378
|
+
const refreshToken = cookieStore.get(import_shared5.COOKIE_REFRESH_TOKEN)?.value;
|
|
374
379
|
if (refreshToken) {
|
|
375
380
|
await client.platformLogout(refreshToken).catch(() => {
|
|
376
381
|
});
|
|
@@ -416,7 +421,7 @@ async function auth() {
|
|
|
416
421
|
const url = returnTo ? `${config.signInUrl}?returnTo=${encodeURIComponent(returnTo)}` : config.signInUrl;
|
|
417
422
|
(0, import_navigation.redirect)(url);
|
|
418
423
|
}
|
|
419
|
-
if (!token || (0,
|
|
424
|
+
if (!token || (0, import_shared6.isTokenExpired)(token)) {
|
|
420
425
|
return {
|
|
421
426
|
userId: null,
|
|
422
427
|
tenantId: null,
|
|
@@ -433,7 +438,7 @@ async function auth() {
|
|
|
433
438
|
redirectToSignIn
|
|
434
439
|
};
|
|
435
440
|
}
|
|
436
|
-
const claims = (0,
|
|
441
|
+
const claims = (0, import_shared6.getClaimsFromToken)(token);
|
|
437
442
|
if (!claims) {
|
|
438
443
|
return {
|
|
439
444
|
userId: null,
|
|
@@ -496,7 +501,7 @@ async function currentUser(opts) {
|
|
|
496
501
|
const cookieStore = await (0, import_headers3.cookies)();
|
|
497
502
|
if (opts?.fresh) {
|
|
498
503
|
const token = getAuthTokenFromCookies(cookieStore);
|
|
499
|
-
if (!token || (0,
|
|
504
|
+
if (!token || (0, import_shared6.isTokenExpired)(token)) return null;
|
|
500
505
|
const config = getAuthConfig();
|
|
501
506
|
if (!config.apiUrl || !config.publishableKey) {
|
|
502
507
|
const session2 = getSessionFromCookies(cookieStore);
|
|
@@ -519,10 +524,14 @@ async function currentUser(opts) {
|
|
|
519
524
|
// Annotate the CommonJS export names for ESM import in node:
|
|
520
525
|
0 && (module.exports = {
|
|
521
526
|
auth,
|
|
527
|
+
clearAuthCookies,
|
|
522
528
|
configureAuth,
|
|
523
529
|
createAuthRoutes,
|
|
524
530
|
createPlatformAuthRoutes,
|
|
525
531
|
currentUser,
|
|
526
|
-
getAuthConfig
|
|
532
|
+
getAuthConfig,
|
|
533
|
+
getAuthTokenFromCookies,
|
|
534
|
+
getRefreshTokenFromCookies,
|
|
535
|
+
setAuthCookies
|
|
527
536
|
});
|
|
528
537
|
//# sourceMappingURL=server.cjs.map
|
package/dist/server.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/server.ts","../src/cookies.ts","../src/config.ts","../src/api-routes.ts","../src/platform-api-routes.ts"],"sourcesContent":["import { cookies } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n} from \"@inai-dev/types\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\nimport {\n getAuthTokenFromCookies,\n getSessionFromCookies,\n} from \"./cookies\";\nimport { getAuthConfig } from \"./config\";\n\nexport { createAuthRoutes } from \"./api-routes\";\nexport { createPlatformAuthRoutes } from \"./platform-api-routes\";\nexport { configureAuth, getAuthConfig } from \"./config\";\n\nexport async function auth(): Promise<ServerAuthObject> {\n const cookieStore = await cookies();\n const token = getAuthTokenFromCookies(cookieStore);\n const config = getAuthConfig();\n\n function redirectToSignIn(opts?: { returnTo?: string }): never {\n const returnTo = opts?.returnTo;\n const url = returnTo\n ? `${config.signInUrl}?returnTo=${encodeURIComponent(returnTo)}`\n : config.signInUrl;\n redirect(url);\n }\n\n if (!token || isTokenExpired(token)) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n\n const has = (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n };\n\n const protectedObj: ProtectedAuthObject = {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n isSignedIn: true,\n getToken: async () => token,\n has,\n };\n\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has,\n protect: (params?: {\n role?: string;\n permission?: string;\n redirectTo?: string;\n }) => {\n if (params?.role || params?.permission) {\n if (!has({ role: params.role, permission: params.permission })) {\n redirect(params.redirectTo ?? \"/unauthorized\");\n }\n }\n return protectedObj;\n },\n redirectToSignIn,\n };\n}\n\nexport async function currentUser(\n opts?: { fresh?: boolean },\n): Promise<UserResource | null> {\n const cookieStore = await cookies();\n\n if (opts?.fresh) {\n const token = getAuthTokenFromCookies(cookieStore);\n if (!token || isTokenExpired(token)) return null;\n\n const config = getAuthConfig();\n if (!config.apiUrl || !config.publishableKey) {\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n }\n\n const client = new InAIAuthClient({\n apiUrl: config.apiUrl,\n publishableKey: config.publishableKey,\n });\n try {\n const { data } = await client.getMe(token);\n return data;\n } catch {\n return null;\n }\n }\n\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n}\n","import type { UserResource, JWTClaims, TokenPair } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n decodeJWTPayload,\n} from \"@inai-dev/shared\";\n\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\nexport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\n\ninterface CookieStore {\n get(name: string): { value: string } | undefined;\n set(name: string, value: string, options?: Record<string, unknown>): void;\n}\n\ninterface SessionData {\n user: UserResource;\n expiresAt: string;\n permissions?: string[];\n orgId?: string;\n orgRole?: string;\n appId?: string;\n envId?: string;\n}\n\nexport function setAuthCookies(\n cookieStore: CookieStore,\n tokens: TokenPair,\n user: UserResource,\n): void {\n const isProduction = process.env.NODE_ENV === \"production\";\n const claims = decodeJWTPayload(tokens.access_token);\n const expiresAt = claims\n ? new Date(claims.exp * 1000).toISOString()\n : new Date(Date.now() + tokens.expires_in * 1000).toISOString();\n\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n\n const sessionData: SessionData = {\n user,\n expiresAt,\n permissions: claims?.permissions ?? [],\n orgId: claims?.org_id,\n orgRole: claims?.org_role,\n appId: claims?.app_id,\n envId: claims?.env_id,\n };\n cookieStore.set(COOKIE_AUTH_SESSION, JSON.stringify(sessionData), {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n}\n\nexport function clearAuthCookies(\n cookieStore: CookieStore,\n): void {\n const opts = { path: \"/\", maxAge: 0 };\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", opts);\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", { ...opts, path: \"/api/auth\" });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", opts);\n}\n\nexport function getAuthTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_AUTH_TOKEN)?.value ?? null;\n}\n\nexport function getRefreshTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_REFRESH_TOKEN)?.value ?? null;\n}\n\nexport function getSessionFromCookies(\n cookieStore: CookieStore,\n): SessionData | null {\n const raw = cookieStore.get(COOKIE_AUTH_SESSION)?.value;\n if (!raw) return null;\n try {\n return JSON.parse(raw) as SessionData;\n } catch {\n return null;\n }\n}\n","import type { InAIAuthSDKConfig } from \"@inai-dev/types\";\n\ntype ResolvedConfig = Required<InAIAuthSDKConfig>;\n\nconst defaults: ResolvedConfig = {\n signInUrl: \"/login\",\n signUpUrl: \"/register\",\n afterSignInUrl: \"/\",\n afterSignOutUrl: \"/login\",\n apiUrl: \"\",\n publishableKey: \"\",\n};\n\nlet userConfig: Partial<InAIAuthSDKConfig> = {};\n\nexport function configureAuth(config: InAIAuthSDKConfig): void {\n userConfig = config;\n}\n\nexport function getAuthConfig(): ResolvedConfig {\n return {\n signInUrl: userConfig.signInUrl ?? defaults.signInUrl,\n signUpUrl: userConfig.signUpUrl ?? defaults.signUpUrl,\n afterSignInUrl: userConfig.afterSignInUrl ?? defaults.afterSignInUrl,\n afterSignOutUrl: userConfig.afterSignOutUrl ?? defaults.afterSignOutUrl,\n apiUrl:\n userConfig.apiUrl ??\n process.env.INAI_API_URL ??\n process.env.NEXT_PUBLIC_INAI_API_URL ??\n defaults.apiUrl,\n publishableKey:\n userConfig.publishableKey ??\n process.env.NEXT_PUBLIC_INAI_PUBLISHABLE_KEY ??\n defaults.publishableKey,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type {\n InAIAuthConfig,\n TokenPair,\n UserResource,\n LoginResult,\n} from \"@inai-dev/types\";\nimport {\n setAuthCookies,\n clearAuthCookies,\n getRefreshTokenFromCookies,\n} from \"./cookies\";\n\nexport function createAuthRoutes(config: InAIAuthConfig) {\n const client = new InAIAuthClient(config);\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = (await client.login({\n email: body.email,\n password: body.password,\n })) as LoginResult & { user?: UserResource };\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = (result as { user?: UserResource }).user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const tokens = await client.mfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const { data: user } = await client.getMe(tokens.access_token);\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n\n if (!refreshToken) {\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.refresh(refreshToken);\n const { data: user } = await client.getMe(tokens.access_token);\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleRegister(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.register({\n email: body.email,\n password: body.password,\n firstName: body.firstName,\n lastName: body.lastName,\n });\n\n if (!result.access_token) {\n return NextResponse.json({\n needs_email_verification: true,\n user: result.user,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = result.user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"Registration failed\";\n return NextResponse.json({ error: message }, { status: 400 });\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n if (refreshToken) {\n await client.logout(refreshToken).catch(() => {});\n }\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"register\":\n return handleRegister(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type { InAIAuthConfig, TokenPair, PlatformUserResource } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n} from \"@inai-dev/shared\";\n\nexport function createPlatformAuthRoutes(config: InAIAuthConfig) {\n const client = new InAIAuthClient(config);\n const isProduction = process.env.NODE_ENV === \"production\";\n\n function setPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n tokens: TokenPair,\n user?: PlatformUserResource,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n if (user) {\n const expiresAt = Date.now() + tokens.expires_in * 1000;\n cookieStore.set(\n COOKIE_AUTH_SESSION,\n JSON.stringify({ user, expiresAt }),\n {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n },\n );\n }\n }\n\n function clearPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n }\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformLogin({\n email: body.email,\n password: body.password,\n });\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformMfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n\n if (!refreshToken) {\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.platformRefresh(refreshToken);\n const { data: user } = await client.platformGetMe(\n tokens.access_token,\n );\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n await client.platformLogout(refreshToken).catch(() => {});\n }\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAAAA,kBAAwB;AACxB,wBAAyB;AAOzB,IAAAC,kBAA+B;AAC/B,IAAAC,iBAAmD;;;ACRnD,oBAKO;AAEP,IAAAC,iBAIO;AAEP,IAAAA,iBAAmD;AAiB5C,SAAS,eACd,aACA,QACA,MACM;AACN,QAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,QAAM,aAAS,gCAAiB,OAAO,YAAY;AACnD,QAAM,YAAY,SACd,IAAI,KAAK,OAAO,MAAM,GAAI,EAAE,YAAY,IACxC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,aAAa,GAAI,EAAE,YAAY;AAEhE,cAAY,IAAI,iCAAmB,OAAO,cAAc;AAAA,IACtD,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AAED,cAAY,IAAI,oCAAsB,OAAO,eAAe;AAAA,IAC1D,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,IAAI,KAAK,KAAK;AAAA,EACxB,CAAC;AAED,QAAM,cAA2B;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,OAAO,QAAQ;AAAA,IACf,SAAS,QAAQ;AAAA,IACjB,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,EACjB;AACA,cAAY,IAAI,mCAAqB,KAAK,UAAU,WAAW,GAAG;AAAA,IAChE,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AACH;AAEO,SAAS,iBACd,aACM;AACN,QAAM,OAAO,EAAE,MAAM,KAAK,QAAQ,EAAE;AACpC,cAAY,IAAI,iCAAmB,IAAI,IAAI;AAC3C,cAAY,IAAI,oCAAsB,IAAI,EAAE,GAAG,MAAM,MAAM,YAAY,CAAC;AACxE,cAAY,IAAI,mCAAqB,IAAI,IAAI;AAC/C;AAEO,SAAS,wBACd,aACe;AACf,SAAO,YAAY,IAAI,+BAAiB,GAAG,SAAS;AACtD;AAEO,SAAS,2BACd,aACe;AACf,SAAO,YAAY,IAAI,kCAAoB,GAAG,SAAS;AACzD;AAEO,SAAS,sBACd,aACoB;AACpB,QAAM,MAAM,YAAY,IAAI,iCAAmB,GAAG;AAClD,MAAI,CAAC,IAAK,QAAO;AACjB,MAAI;AACF,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACvGA,IAAM,WAA2B;AAAA,EAC/B,WAAW;AAAA,EACX,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,iBAAiB;AAAA,EACjB,QAAQ;AAAA,EACR,gBAAgB;AAClB;AAEA,IAAI,aAAyC,CAAC;AAEvC,SAAS,cAAc,QAAiC;AAC7D,eAAa;AACf;AAEO,SAAS,gBAAgC;AAC9C,SAAO;AAAA,IACL,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,gBAAgB,WAAW,kBAAkB,SAAS;AAAA,IACtD,iBAAiB,WAAW,mBAAmB,SAAS;AAAA,IACxD,QACE,WAAW,UACX,QAAQ,IAAI,gBACZ,QAAQ,IAAI,4BACZ,SAAS;AAAA,IACX,gBACE,WAAW,kBACX,QAAQ,IAAI,oCACZ,SAAS;AAAA,EACb;AACF;;;ACnCA,qBAAwB;AACxB,oBAA6B;AAE7B,qBAA+B;AAaxB,SAAS,iBAAiB,QAAwB;AACvD,QAAM,SAAS,IAAI,8BAAe,MAAM;AAExC,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAU,MAAM,OAAO,MAAM;AAAA,QACjC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,2BAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAa,OAAmC;AACtD,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,aAAa;AAAA,QACvC,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAE3D,UAAI,CAAC,cAAc;AACjB,yBAAiB,WAAW;AAC5B,eAAO,2BAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,QAAQ,YAAY;AAChD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,UAAM,wBAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,2BAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe,KAAkB;AAC9C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,SAAS;AAAA,QACnC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,CAAC,OAAO,cAAc;AACxB,eAAO,2BAAa,KAAK;AAAA,UACvB,0BAA0B;AAAA,UAC1B,MAAM,OAAO;AAAA,QACf,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAY,OAAO;AACzB,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAC3D,UAAI,cAAc;AAChB,cAAM,OAAO,OAAO,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAClD;AACA,uBAAiB,WAAW;AAC5B,aAAO,2BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,UAAM,wBAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,2BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,eAAe,GAAG;AAAA,QAC3B,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,2BAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AC7KA,IAAAC,kBAAwB;AACxB,IAAAC,iBAA6B;AAE7B,IAAAC,kBAA+B;AAE/B,IAAAC,iBAIO;AAEA,SAAS,yBAAyB,QAAwB;AAC/D,QAAM,SAAS,IAAI,+BAAe,MAAM;AACxC,QAAM,eAAe,QAAQ,IAAI,aAAa;AAE9C,WAAS,mBACP,aACA,QACA,MACA;AACA,gBAAY,IAAI,kCAAmB,OAAO,cAAc;AAAA,MACtD,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,OAAO;AAAA,IACjB,CAAC;AACD,gBAAY,IAAI,qCAAsB,OAAO,eAAe;AAAA,MAC1D,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,IAAI,KAAK,KAAK;AAAA,IACxB,CAAC;AACD,QAAI,MAAM;AACR,YAAM,YAAY,KAAK,IAAI,IAAI,OAAO,aAAa;AACnD,kBAAY;AAAA,QACV;AAAA,QACA,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAAA,QAClC;AAAA,UACE,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,OAAO;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,WAAS,qBACP,aACA;AACA,gBAAY,IAAI,kCAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAC/D,gBAAY,IAAI,qCAAsB,IAAI;AAAA,MACxC,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,gBAAY,IAAI,oCAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAAA,EACnE;AAEA,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,4BAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,UAAM,yBAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,4BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,qBAAqB;AAAA,QAC/C,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,UAAM,yBAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,4BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,UAAM,yBAAQ;AAClC,YAAM,eAAe,YAAY,IAAI,mCAAoB,GAAG;AAE5D,UAAI,CAAC,cAAc;AACjB,6BAAqB,WAAW;AAChC,eAAO,4BAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,gBAAgB,YAAY;AACxD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO;AAAA,QAClC,OAAO;AAAA,MACT;AACA,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,UAAM,yBAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAO,4BAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,UAAM,yBAAQ;AAClC,YAAM,eAAe,YAAY,IAAI,mCAAoB,GAAG;AAC5D,UAAI,cAAc;AAChB,cAAM,OAAO,eAAe,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAC1D;AACA,2BAAqB,WAAW;AAChC,aAAO,4BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,UAAM,yBAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAO,4BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,4BAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AJlKA,eAAsB,OAAkC;AACtD,QAAM,cAAc,UAAM,yBAAQ;AAClC,QAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAM,SAAS,cAAc;AAE7B,WAAS,iBAAiB,MAAqC;AAC7D,UAAM,WAAW,MAAM;AACvB,UAAM,MAAM,WACR,GAAG,OAAO,SAAS,aAAa,mBAAmB,QAAQ,CAAC,KAC5D,OAAO;AACX,oCAAS,GAAG;AAAA,EACd;AAEA,MAAI,CAAC,aAAS,+BAAe,KAAK,GAAG;AACnC,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,aAAS,mCAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAE3C,QAAM,MAAM,CAAC,WAAmD;AAC9D,QAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,QAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,aAAO;AACT,WAAO;AAAA,EACT;AAEA,QAAM,eAAoC;AAAA,IACxC,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,YAAY;AAAA,IACZ,UAAU,YAAY;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB;AAAA,IACA,SAAS,CAAC,WAIJ;AACJ,UAAI,QAAQ,QAAQ,QAAQ,YAAY;AACtC,YAAI,CAAC,IAAI,EAAE,MAAM,OAAO,MAAM,YAAY,OAAO,WAAW,CAAC,GAAG;AAC9D,0CAAS,OAAO,cAAc,eAAe;AAAA,QAC/C;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,YACpB,MAC8B;AAC9B,QAAM,cAAc,UAAM,yBAAQ;AAElC,MAAI,MAAM,OAAO;AACf,UAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAI,CAAC,aAAS,+BAAe,KAAK,EAAG,QAAO;AAE5C,UAAM,SAAS,cAAc;AAC7B,QAAI,CAAC,OAAO,UAAU,CAAC,OAAO,gBAAgB;AAC5C,YAAMC,WAAU,sBAAsB,WAAW;AACjD,aAAOA,UAAS,QAAQ;AAAA,IAC1B;AAEA,UAAM,SAAS,IAAI,+BAAe;AAAA,MAChC,QAAQ,OAAO;AAAA,MACf,gBAAgB,OAAO;AAAA,IACzB,CAAC;AACD,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,OAAO,MAAM,KAAK;AACzC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,UAAU,sBAAsB,WAAW;AACjD,SAAO,SAAS,QAAQ;AAC1B;","names":["import_headers","import_backend","import_shared","import_shared","import_headers","import_server","import_backend","import_shared","session"]}
|
|
1
|
+
{"version":3,"sources":["../src/server.ts","../src/cookies.ts","../src/config.ts","../src/api-routes.ts","../src/platform-api-routes.ts"],"sourcesContent":["import { cookies } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n PlatformUserResource,\n} from \"@inai-dev/types\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\nimport {\n getAuthTokenFromCookies,\n getSessionFromCookies,\n} from \"./cookies\";\nimport { getAuthConfig } from \"./config\";\n\nexport { createAuthRoutes } from \"./api-routes\";\nexport { createPlatformAuthRoutes } from \"./platform-api-routes\";\nexport { configureAuth, getAuthConfig } from \"./config\";\nexport { setAuthCookies, clearAuthCookies, getRefreshTokenFromCookies, getAuthTokenFromCookies } from \"./cookies\";\n\nexport async function auth(): Promise<ServerAuthObject> {\n const cookieStore = await cookies();\n const token = getAuthTokenFromCookies(cookieStore);\n const config = getAuthConfig();\n\n function redirectToSignIn(opts?: { returnTo?: string }): never {\n const returnTo = opts?.returnTo;\n const url = returnTo\n ? `${config.signInUrl}?returnTo=${encodeURIComponent(returnTo)}`\n : config.signInUrl;\n redirect(url);\n }\n\n if (!token || isTokenExpired(token)) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n\n const has = (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n };\n\n const protectedObj: ProtectedAuthObject = {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n isSignedIn: true,\n getToken: async () => token,\n has,\n };\n\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has,\n protect: (params?: {\n role?: string;\n permission?: string;\n redirectTo?: string;\n }) => {\n if (params?.role || params?.permission) {\n if (!has({ role: params.role, permission: params.permission })) {\n redirect(params.redirectTo ?? \"/unauthorized\");\n }\n }\n return protectedObj;\n },\n redirectToSignIn,\n };\n}\n\nexport async function currentUser(\n opts?: { fresh?: boolean },\n): Promise<UserResource | PlatformUserResource | null> {\n const cookieStore = await cookies();\n\n if (opts?.fresh) {\n const token = getAuthTokenFromCookies(cookieStore);\n if (!token || isTokenExpired(token)) return null;\n\n const config = getAuthConfig();\n if (!config.apiUrl || !config.publishableKey) {\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n }\n\n const client = new InAIAuthClient({\n apiUrl: config.apiUrl,\n publishableKey: config.publishableKey,\n });\n try {\n const { data } = await client.getMe(token);\n return data;\n } catch {\n return null;\n }\n }\n\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n}\n","import type { UserResource, PlatformUserResource, JWTClaims, TokenPair } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n decodeJWTPayload,\n} from \"@inai-dev/shared\";\n\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\nexport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\n\ninterface CookieStore {\n get(name: string): { value: string } | undefined;\n set(name: string, value: string, options?: Record<string, unknown>): void;\n}\n\ninterface SessionData {\n user: UserResource | PlatformUserResource;\n expiresAt: string;\n permissions?: string[];\n orgId?: string;\n orgRole?: string;\n appId?: string;\n envId?: string;\n}\n\nexport function setAuthCookies(\n cookieStore: CookieStore,\n tokens: TokenPair,\n user: UserResource | PlatformUserResource,\n): void {\n const isProduction = process.env.NODE_ENV === \"production\";\n const claims = decodeJWTPayload(tokens.access_token);\n const expiresAt = claims\n ? new Date(claims.exp * 1000).toISOString()\n : new Date(Date.now() + tokens.expires_in * 1000).toISOString();\n\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n\n const sessionData: SessionData = {\n user,\n expiresAt,\n permissions: claims?.permissions ?? [],\n orgId: claims?.org_id,\n orgRole: claims?.org_role,\n appId: claims?.app_id,\n envId: claims?.env_id,\n };\n cookieStore.set(COOKIE_AUTH_SESSION, JSON.stringify(sessionData), {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n}\n\nexport function clearAuthCookies(\n cookieStore: CookieStore,\n): void {\n const opts = { path: \"/\", maxAge: 0 };\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", opts);\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", { ...opts, path: \"/api/auth\" });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", opts);\n}\n\nexport function getAuthTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_AUTH_TOKEN)?.value ?? null;\n}\n\nexport function getRefreshTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_REFRESH_TOKEN)?.value ?? null;\n}\n\nexport function getSessionFromCookies(\n cookieStore: CookieStore,\n): SessionData | null {\n const raw = cookieStore.get(COOKIE_AUTH_SESSION)?.value;\n if (!raw) return null;\n try {\n return JSON.parse(raw) as SessionData;\n } catch {\n return null;\n }\n}\n","import type { InAIAuthSDKConfig } from \"@inai-dev/types\";\nimport { DEFAULT_API_URL } from \"@inai-dev/shared\";\n\ntype ResolvedConfig = Required<InAIAuthSDKConfig>;\n\nconst defaults: ResolvedConfig = {\n signInUrl: \"/login\",\n signUpUrl: \"/register\",\n afterSignInUrl: \"/\",\n afterSignOutUrl: \"/login\",\n apiUrl: DEFAULT_API_URL,\n publishableKey: \"\",\n};\n\nlet userConfig: Partial<InAIAuthSDKConfig> = {};\n\nexport function configureAuth(config: InAIAuthSDKConfig): void {\n userConfig = config;\n}\n\nexport function getAuthConfig(): ResolvedConfig {\n return {\n signInUrl: userConfig.signInUrl ?? defaults.signInUrl,\n signUpUrl: userConfig.signUpUrl ?? defaults.signUpUrl,\n afterSignInUrl: userConfig.afterSignInUrl ?? defaults.afterSignInUrl,\n afterSignOutUrl: userConfig.afterSignOutUrl ?? defaults.afterSignOutUrl,\n apiUrl:\n userConfig.apiUrl ??\n process.env.INAI_API_URL ??\n process.env.NEXT_PUBLIC_INAI_API_URL ??\n defaults.apiUrl,\n publishableKey:\n userConfig.publishableKey ??\n process.env.NEXT_PUBLIC_INAI_PUBLISHABLE_KEY ??\n defaults.publishableKey,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type {\n InAIAuthConfig,\n TokenPair,\n UserResource,\n LoginResult,\n} from \"@inai-dev/types\";\nimport {\n setAuthCookies,\n clearAuthCookies,\n getRefreshTokenFromCookies,\n} from \"./cookies\";\n\nexport function createAuthRoutes(config: InAIAuthConfig = {}) {\n const client = new InAIAuthClient(config);\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = (await client.login({\n email: body.email,\n password: body.password,\n })) as LoginResult & { user?: UserResource };\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = (result as { user?: UserResource }).user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const tokens = await client.mfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const { data: user } = await client.getMe(tokens.access_token);\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n\n if (!refreshToken) {\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.refresh(refreshToken);\n const { data: user } = await client.getMe(tokens.access_token);\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleRegister(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.register({\n email: body.email,\n password: body.password,\n firstName: body.firstName,\n lastName: body.lastName,\n });\n\n if (!result.access_token) {\n return NextResponse.json({\n needs_email_verification: true,\n user: result.user,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = result.user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"Registration failed\";\n return NextResponse.json({ error: message }, { status: 400 });\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n if (refreshToken) {\n await client.logout(refreshToken).catch(() => {});\n }\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"register\":\n return handleRegister(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type { InAIAuthConfig, TokenPair, PlatformUserResource } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n} from \"@inai-dev/shared\";\n\nexport function createPlatformAuthRoutes(config: InAIAuthConfig = {}) {\n const client = new InAIAuthClient(config);\n const isProduction = process.env.NODE_ENV === \"production\";\n\n function setPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n tokens: TokenPair,\n user?: PlatformUserResource,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n if (user) {\n const expiresAt = Date.now() + tokens.expires_in * 1000;\n cookieStore.set(\n COOKIE_AUTH_SESSION,\n JSON.stringify({ user, expiresAt }),\n {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n },\n );\n }\n }\n\n function clearPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n }\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformLogin({\n email: body.email,\n password: body.password,\n });\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformMfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n\n if (!refreshToken) {\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.platformRefresh(refreshToken);\n const { data: user } = await client.platformGetMe(\n tokens.access_token,\n );\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n await client.platformLogout(refreshToken).catch(() => {});\n }\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAAAA,kBAAwB;AACxB,wBAAyB;AAQzB,IAAAC,kBAA+B;AAC/B,IAAAC,iBAAmD;;;ACTnD,oBAKO;AAEP,IAAAC,iBAIO;AAEP,IAAAA,iBAAmD;AAiB5C,SAAS,eACd,aACA,QACA,MACM;AACN,QAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,QAAM,aAAS,gCAAiB,OAAO,YAAY;AACnD,QAAM,YAAY,SACd,IAAI,KAAK,OAAO,MAAM,GAAI,EAAE,YAAY,IACxC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,aAAa,GAAI,EAAE,YAAY;AAEhE,cAAY,IAAI,iCAAmB,OAAO,cAAc;AAAA,IACtD,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AAED,cAAY,IAAI,oCAAsB,OAAO,eAAe;AAAA,IAC1D,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,IAAI,KAAK,KAAK;AAAA,EACxB,CAAC;AAED,QAAM,cAA2B;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,OAAO,QAAQ;AAAA,IACf,SAAS,QAAQ;AAAA,IACjB,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,EACjB;AACA,cAAY,IAAI,mCAAqB,KAAK,UAAU,WAAW,GAAG;AAAA,IAChE,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AACH;AAEO,SAAS,iBACd,aACM;AACN,QAAM,OAAO,EAAE,MAAM,KAAK,QAAQ,EAAE;AACpC,cAAY,IAAI,iCAAmB,IAAI,IAAI;AAC3C,cAAY,IAAI,oCAAsB,IAAI,EAAE,GAAG,MAAM,MAAM,YAAY,CAAC;AACxE,cAAY,IAAI,mCAAqB,IAAI,IAAI;AAC/C;AAEO,SAAS,wBACd,aACe;AACf,SAAO,YAAY,IAAI,+BAAiB,GAAG,SAAS;AACtD;AAEO,SAAS,2BACd,aACe;AACf,SAAO,YAAY,IAAI,kCAAoB,GAAG,SAAS;AACzD;AAEO,SAAS,sBACd,aACoB;AACpB,QAAM,MAAM,YAAY,IAAI,iCAAmB,GAAG;AAClD,MAAI,CAAC,IAAK,QAAO;AACjB,MAAI;AACF,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;AC1GA,IAAAC,iBAAgC;AAIhC,IAAM,WAA2B;AAAA,EAC/B,WAAW;AAAA,EACX,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,iBAAiB;AAAA,EACjB,QAAQ;AAAA,EACR,gBAAgB;AAClB;AAEA,IAAI,aAAyC,CAAC;AAEvC,SAAS,cAAc,QAAiC;AAC7D,eAAa;AACf;AAEO,SAAS,gBAAgC;AAC9C,SAAO;AAAA,IACL,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,gBAAgB,WAAW,kBAAkB,SAAS;AAAA,IACtD,iBAAiB,WAAW,mBAAmB,SAAS;AAAA,IACxD,QACE,WAAW,UACX,QAAQ,IAAI,gBACZ,QAAQ,IAAI,4BACZ,SAAS;AAAA,IACX,gBACE,WAAW,kBACX,QAAQ,IAAI,oCACZ,SAAS;AAAA,EACb;AACF;;;ACpCA,qBAAwB;AACxB,oBAA6B;AAE7B,qBAA+B;AAaxB,SAAS,iBAAiB,SAAyB,CAAC,GAAG;AAC5D,QAAM,SAAS,IAAI,8BAAe,MAAM;AAExC,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAU,MAAM,OAAO,MAAM;AAAA,QACjC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,2BAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAa,OAAmC;AACtD,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,aAAa;AAAA,QACvC,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAE3D,UAAI,CAAC,cAAc;AACjB,yBAAiB,WAAW;AAC5B,eAAO,2BAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,QAAQ,YAAY;AAChD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,UAAM,wBAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,2BAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe,KAAkB;AAC9C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,SAAS;AAAA,QACnC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,CAAC,OAAO,cAAc;AACxB,eAAO,2BAAa,KAAK;AAAA,UACvB,0BAA0B;AAAA,UAC1B,MAAM,OAAO;AAAA,QACf,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAY,OAAO;AACzB,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,UAAM,wBAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,2BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,2BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAC3D,UAAI,cAAc;AAChB,cAAM,OAAO,OAAO,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAClD;AACA,uBAAiB,WAAW;AAC5B,aAAO,2BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,UAAM,wBAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,2BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,eAAe,GAAG;AAAA,QAC3B,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,2BAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AC7KA,IAAAC,kBAAwB;AACxB,IAAAC,iBAA6B;AAE7B,IAAAC,kBAA+B;AAE/B,IAAAC,iBAIO;AAEA,SAAS,yBAAyB,SAAyB,CAAC,GAAG;AACpE,QAAM,SAAS,IAAI,+BAAe,MAAM;AACxC,QAAM,eAAe,QAAQ,IAAI,aAAa;AAE9C,WAAS,mBACP,aACA,QACA,MACA;AACA,gBAAY,IAAI,kCAAmB,OAAO,cAAc;AAAA,MACtD,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,OAAO;AAAA,IACjB,CAAC;AACD,gBAAY,IAAI,qCAAsB,OAAO,eAAe;AAAA,MAC1D,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,IAAI,KAAK,KAAK;AAAA,IACxB,CAAC;AACD,QAAI,MAAM;AACR,YAAM,YAAY,KAAK,IAAI,IAAI,OAAO,aAAa;AACnD,kBAAY;AAAA,QACV;AAAA,QACA,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAAA,QAClC;AAAA,UACE,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,OAAO;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,WAAS,qBACP,aACA;AACA,gBAAY,IAAI,kCAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAC/D,gBAAY,IAAI,qCAAsB,IAAI;AAAA,MACxC,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,gBAAY,IAAI,oCAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAAA,EACnE;AAEA,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,4BAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,UAAM,yBAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,4BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,qBAAqB;AAAA,QAC/C,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,UAAM,yBAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,4BAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,UAAM,yBAAQ;AAClC,YAAM,eAAe,YAAY,IAAI,mCAAoB,GAAG;AAE5D,UAAI,CAAC,cAAc;AACjB,6BAAqB,WAAW;AAChC,eAAO,4BAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,gBAAgB,YAAY;AACxD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO;AAAA,QAClC,OAAO;AAAA,MACT;AACA,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAO,4BAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,UAAM,yBAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAO,4BAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,UAAM,yBAAQ;AAClC,YAAM,eAAe,YAAY,IAAI,mCAAoB,GAAG;AAC5D,UAAI,cAAc;AAChB,cAAM,OAAO,eAAe,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAC1D;AACA,2BAAqB,WAAW;AAChC,aAAO,4BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,UAAM,yBAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAO,4BAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,4BAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AJhKA,eAAsB,OAAkC;AACtD,QAAM,cAAc,UAAM,yBAAQ;AAClC,QAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAM,SAAS,cAAc;AAE7B,WAAS,iBAAiB,MAAqC;AAC7D,UAAM,WAAW,MAAM;AACvB,UAAM,MAAM,WACR,GAAG,OAAO,SAAS,aAAa,mBAAmB,QAAQ,CAAC,KAC5D,OAAO;AACX,oCAAS,GAAG;AAAA,EACd;AAEA,MAAI,CAAC,aAAS,+BAAe,KAAK,GAAG;AACnC,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,aAAS,mCAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAE3C,QAAM,MAAM,CAAC,WAAmD;AAC9D,QAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,QAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,aAAO;AACT,WAAO;AAAA,EACT;AAEA,QAAM,eAAoC;AAAA,IACxC,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,YAAY;AAAA,IACZ,UAAU,YAAY;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB;AAAA,IACA,SAAS,CAAC,WAIJ;AACJ,UAAI,QAAQ,QAAQ,QAAQ,YAAY;AACtC,YAAI,CAAC,IAAI,EAAE,MAAM,OAAO,MAAM,YAAY,OAAO,WAAW,CAAC,GAAG;AAC9D,0CAAS,OAAO,cAAc,eAAe;AAAA,QAC/C;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,YACpB,MACqD;AACrD,QAAM,cAAc,UAAM,yBAAQ;AAElC,MAAI,MAAM,OAAO;AACf,UAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAI,CAAC,aAAS,+BAAe,KAAK,EAAG,QAAO;AAE5C,UAAM,SAAS,cAAc;AAC7B,QAAI,CAAC,OAAO,UAAU,CAAC,OAAO,gBAAgB;AAC5C,YAAMC,WAAU,sBAAsB,WAAW;AACjD,aAAOA,UAAS,QAAQ;AAAA,IAC1B;AAEA,UAAM,SAAS,IAAI,+BAAe;AAAA,MAChC,QAAQ,OAAO;AAAA,MACf,gBAAgB,OAAO;AAAA,IACzB,CAAC;AACD,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,OAAO,MAAM,KAAK;AACzC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,UAAU,sBAAsB,WAAW;AACjD,SAAO,SAAS,QAAQ;AAC1B;","names":["import_headers","import_backend","import_shared","import_shared","import_shared","import_headers","import_server","import_backend","import_shared","session"]}
|
package/dist/server.d.cts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { InAIAuthConfig, UserResource, PlatformUserResource, InAIAuthSDKConfig, ServerAuthObject } from '@inai-dev/types';
|
|
1
|
+
import { InAIAuthConfig, UserResource, PlatformUserResource, InAIAuthSDKConfig, TokenPair, ServerAuthObject } from '@inai-dev/types';
|
|
2
2
|
import { NextRequest, NextResponse } from 'next/server';
|
|
3
3
|
|
|
4
|
-
declare function createAuthRoutes(config
|
|
4
|
+
declare function createAuthRoutes(config?: InAIAuthConfig): {
|
|
5
5
|
GET: (req: NextRequest, context: {
|
|
6
6
|
params: Promise<{
|
|
7
7
|
inai: string[];
|
|
@@ -38,7 +38,7 @@ declare function createAuthRoutes(config: InAIAuthConfig): {
|
|
|
38
38
|
}>>;
|
|
39
39
|
};
|
|
40
40
|
|
|
41
|
-
declare function createPlatformAuthRoutes(config
|
|
41
|
+
declare function createPlatformAuthRoutes(config?: InAIAuthConfig): {
|
|
42
42
|
GET: (req: NextRequest, context: {
|
|
43
43
|
params: Promise<{
|
|
44
44
|
inai: string[];
|
|
@@ -73,9 +73,20 @@ type ResolvedConfig = Required<InAIAuthSDKConfig>;
|
|
|
73
73
|
declare function configureAuth(config: InAIAuthSDKConfig): void;
|
|
74
74
|
declare function getAuthConfig(): ResolvedConfig;
|
|
75
75
|
|
|
76
|
+
interface CookieStore {
|
|
77
|
+
get(name: string): {
|
|
78
|
+
value: string;
|
|
79
|
+
} | undefined;
|
|
80
|
+
set(name: string, value: string, options?: Record<string, unknown>): void;
|
|
81
|
+
}
|
|
82
|
+
declare function setAuthCookies(cookieStore: CookieStore, tokens: TokenPair, user: UserResource | PlatformUserResource): void;
|
|
83
|
+
declare function clearAuthCookies(cookieStore: CookieStore): void;
|
|
84
|
+
declare function getAuthTokenFromCookies(cookieStore: CookieStore): string | null;
|
|
85
|
+
declare function getRefreshTokenFromCookies(cookieStore: CookieStore): string | null;
|
|
86
|
+
|
|
76
87
|
declare function auth(): Promise<ServerAuthObject>;
|
|
77
88
|
declare function currentUser(opts?: {
|
|
78
89
|
fresh?: boolean;
|
|
79
|
-
}): Promise<UserResource | null>;
|
|
90
|
+
}): Promise<UserResource | PlatformUserResource | null>;
|
|
80
91
|
|
|
81
|
-
export { auth, configureAuth, createAuthRoutes, createPlatformAuthRoutes, currentUser, getAuthConfig };
|
|
92
|
+
export { auth, clearAuthCookies, configureAuth, createAuthRoutes, createPlatformAuthRoutes, currentUser, getAuthConfig, getAuthTokenFromCookies, getRefreshTokenFromCookies, setAuthCookies };
|
package/dist/server.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { InAIAuthConfig, UserResource, PlatformUserResource, InAIAuthSDKConfig, ServerAuthObject } from '@inai-dev/types';
|
|
1
|
+
import { InAIAuthConfig, UserResource, PlatformUserResource, InAIAuthSDKConfig, TokenPair, ServerAuthObject } from '@inai-dev/types';
|
|
2
2
|
import { NextRequest, NextResponse } from 'next/server';
|
|
3
3
|
|
|
4
|
-
declare function createAuthRoutes(config
|
|
4
|
+
declare function createAuthRoutes(config?: InAIAuthConfig): {
|
|
5
5
|
GET: (req: NextRequest, context: {
|
|
6
6
|
params: Promise<{
|
|
7
7
|
inai: string[];
|
|
@@ -38,7 +38,7 @@ declare function createAuthRoutes(config: InAIAuthConfig): {
|
|
|
38
38
|
}>>;
|
|
39
39
|
};
|
|
40
40
|
|
|
41
|
-
declare function createPlatformAuthRoutes(config
|
|
41
|
+
declare function createPlatformAuthRoutes(config?: InAIAuthConfig): {
|
|
42
42
|
GET: (req: NextRequest, context: {
|
|
43
43
|
params: Promise<{
|
|
44
44
|
inai: string[];
|
|
@@ -73,9 +73,20 @@ type ResolvedConfig = Required<InAIAuthSDKConfig>;
|
|
|
73
73
|
declare function configureAuth(config: InAIAuthSDKConfig): void;
|
|
74
74
|
declare function getAuthConfig(): ResolvedConfig;
|
|
75
75
|
|
|
76
|
+
interface CookieStore {
|
|
77
|
+
get(name: string): {
|
|
78
|
+
value: string;
|
|
79
|
+
} | undefined;
|
|
80
|
+
set(name: string, value: string, options?: Record<string, unknown>): void;
|
|
81
|
+
}
|
|
82
|
+
declare function setAuthCookies(cookieStore: CookieStore, tokens: TokenPair, user: UserResource | PlatformUserResource): void;
|
|
83
|
+
declare function clearAuthCookies(cookieStore: CookieStore): void;
|
|
84
|
+
declare function getAuthTokenFromCookies(cookieStore: CookieStore): string | null;
|
|
85
|
+
declare function getRefreshTokenFromCookies(cookieStore: CookieStore): string | null;
|
|
86
|
+
|
|
76
87
|
declare function auth(): Promise<ServerAuthObject>;
|
|
77
88
|
declare function currentUser(opts?: {
|
|
78
89
|
fresh?: boolean;
|
|
79
|
-
}): Promise<UserResource | null>;
|
|
90
|
+
}): Promise<UserResource | PlatformUserResource | null>;
|
|
80
91
|
|
|
81
|
-
export { auth, configureAuth, createAuthRoutes, createPlatformAuthRoutes, currentUser, getAuthConfig };
|
|
92
|
+
export { auth, clearAuthCookies, configureAuth, createAuthRoutes, createPlatformAuthRoutes, currentUser, getAuthConfig, getAuthTokenFromCookies, getRefreshTokenFromCookies, setAuthCookies };
|
package/dist/server.js
CHANGED
|
@@ -75,12 +75,13 @@ function getSessionFromCookies(cookieStore) {
|
|
|
75
75
|
}
|
|
76
76
|
|
|
77
77
|
// src/config.ts
|
|
78
|
+
import { DEFAULT_API_URL } from "@inai-dev/shared";
|
|
78
79
|
var defaults = {
|
|
79
80
|
signInUrl: "/login",
|
|
80
81
|
signUpUrl: "/register",
|
|
81
82
|
afterSignInUrl: "/",
|
|
82
83
|
afterSignOutUrl: "/login",
|
|
83
|
-
apiUrl:
|
|
84
|
+
apiUrl: DEFAULT_API_URL,
|
|
84
85
|
publishableKey: ""
|
|
85
86
|
};
|
|
86
87
|
var userConfig = {};
|
|
@@ -102,7 +103,7 @@ function getAuthConfig() {
|
|
|
102
103
|
import { cookies } from "next/headers";
|
|
103
104
|
import { NextResponse } from "next/server";
|
|
104
105
|
import { InAIAuthClient } from "@inai-dev/backend";
|
|
105
|
-
function createAuthRoutes(config) {
|
|
106
|
+
function createAuthRoutes(config = {}) {
|
|
106
107
|
const client = new InAIAuthClient(config);
|
|
107
108
|
async function handleLogin(req) {
|
|
108
109
|
try {
|
|
@@ -244,7 +245,7 @@ import {
|
|
|
244
245
|
COOKIE_AUTH_SESSION as COOKIE_AUTH_SESSION3,
|
|
245
246
|
COOKIE_REFRESH_TOKEN as COOKIE_REFRESH_TOKEN3
|
|
246
247
|
} from "@inai-dev/shared";
|
|
247
|
-
function createPlatformAuthRoutes(config) {
|
|
248
|
+
function createPlatformAuthRoutes(config = {}) {
|
|
248
249
|
const client = new InAIAuthClient2(config);
|
|
249
250
|
const isProduction = process.env.NODE_ENV === "production";
|
|
250
251
|
function setPlatformCookies(cookieStore, tokens, user) {
|
|
@@ -502,10 +503,14 @@ async function currentUser(opts) {
|
|
|
502
503
|
}
|
|
503
504
|
export {
|
|
504
505
|
auth,
|
|
506
|
+
clearAuthCookies,
|
|
505
507
|
configureAuth,
|
|
506
508
|
createAuthRoutes,
|
|
507
509
|
createPlatformAuthRoutes,
|
|
508
510
|
currentUser,
|
|
509
|
-
getAuthConfig
|
|
511
|
+
getAuthConfig,
|
|
512
|
+
getAuthTokenFromCookies,
|
|
513
|
+
getRefreshTokenFromCookies,
|
|
514
|
+
setAuthCookies
|
|
510
515
|
};
|
|
511
516
|
//# sourceMappingURL=server.js.map
|