@inai-dev/nextjs 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +80 -0
- package/dist/index.cjs +65 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +3 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.js +44 -0
- package/dist/index.js.map +1 -0
- package/dist/middleware.cjs +198 -0
- package/dist/middleware.cjs.map +1 -0
- package/dist/middleware.d.cts +14 -0
- package/dist/middleware.d.ts +14 -0
- package/dist/middleware.js +177 -0
- package/dist/middleware.js.map +1 -0
- package/dist/server.cjs +528 -0
- package/dist/server.cjs.map +1 -0
- package/dist/server.d.cts +81 -0
- package/dist/server.d.ts +81 -0
- package/dist/server.js +511 -0
- package/dist/server.js.map +1 -0
- package/package.json +63 -0
package/dist/server.d.ts
ADDED
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { InAIAuthConfig, UserResource, PlatformUserResource, InAIAuthSDKConfig, ServerAuthObject } from '@inai-dev/types';
|
|
2
|
+
import { NextRequest, NextResponse } from 'next/server';
|
|
3
|
+
|
|
4
|
+
declare function createAuthRoutes(config: InAIAuthConfig): {
|
|
5
|
+
GET: (req: NextRequest, context: {
|
|
6
|
+
params: Promise<{
|
|
7
|
+
inai: string[];
|
|
8
|
+
}>;
|
|
9
|
+
}) => Promise<NextResponse<{
|
|
10
|
+
mfa_required: boolean;
|
|
11
|
+
mfa_token: string | undefined;
|
|
12
|
+
}> | NextResponse<{
|
|
13
|
+
user: UserResource;
|
|
14
|
+
}> | NextResponse<{
|
|
15
|
+
error: string;
|
|
16
|
+
}> | NextResponse<{
|
|
17
|
+
needs_email_verification: boolean;
|
|
18
|
+
user: UserResource | undefined;
|
|
19
|
+
}> | NextResponse<{
|
|
20
|
+
success: boolean;
|
|
21
|
+
}>>;
|
|
22
|
+
POST: (req: NextRequest, context: {
|
|
23
|
+
params: Promise<{
|
|
24
|
+
inai: string[];
|
|
25
|
+
}>;
|
|
26
|
+
}) => Promise<NextResponse<{
|
|
27
|
+
mfa_required: boolean;
|
|
28
|
+
mfa_token: string | undefined;
|
|
29
|
+
}> | NextResponse<{
|
|
30
|
+
user: UserResource;
|
|
31
|
+
}> | NextResponse<{
|
|
32
|
+
error: string;
|
|
33
|
+
}> | NextResponse<{
|
|
34
|
+
needs_email_verification: boolean;
|
|
35
|
+
user: UserResource | undefined;
|
|
36
|
+
}> | NextResponse<{
|
|
37
|
+
success: boolean;
|
|
38
|
+
}>>;
|
|
39
|
+
};
|
|
40
|
+
|
|
41
|
+
declare function createPlatformAuthRoutes(config: InAIAuthConfig): {
|
|
42
|
+
GET: (req: NextRequest, context: {
|
|
43
|
+
params: Promise<{
|
|
44
|
+
inai: string[];
|
|
45
|
+
}>;
|
|
46
|
+
}) => Promise<NextResponse<{
|
|
47
|
+
mfa_required: boolean;
|
|
48
|
+
mfa_token: string | undefined;
|
|
49
|
+
}> | NextResponse<{
|
|
50
|
+
user: PlatformUserResource | undefined;
|
|
51
|
+
}> | NextResponse<{
|
|
52
|
+
error: string;
|
|
53
|
+
}> | NextResponse<{
|
|
54
|
+
success: boolean;
|
|
55
|
+
}>>;
|
|
56
|
+
POST: (req: NextRequest, context: {
|
|
57
|
+
params: Promise<{
|
|
58
|
+
inai: string[];
|
|
59
|
+
}>;
|
|
60
|
+
}) => Promise<NextResponse<{
|
|
61
|
+
mfa_required: boolean;
|
|
62
|
+
mfa_token: string | undefined;
|
|
63
|
+
}> | NextResponse<{
|
|
64
|
+
user: PlatformUserResource | undefined;
|
|
65
|
+
}> | NextResponse<{
|
|
66
|
+
error: string;
|
|
67
|
+
}> | NextResponse<{
|
|
68
|
+
success: boolean;
|
|
69
|
+
}>>;
|
|
70
|
+
};
|
|
71
|
+
|
|
72
|
+
type ResolvedConfig = Required<InAIAuthSDKConfig>;
|
|
73
|
+
declare function configureAuth(config: InAIAuthSDKConfig): void;
|
|
74
|
+
declare function getAuthConfig(): ResolvedConfig;
|
|
75
|
+
|
|
76
|
+
declare function auth(): Promise<ServerAuthObject>;
|
|
77
|
+
declare function currentUser(opts?: {
|
|
78
|
+
fresh?: boolean;
|
|
79
|
+
}): Promise<UserResource | null>;
|
|
80
|
+
|
|
81
|
+
export { auth, configureAuth, createAuthRoutes, createPlatformAuthRoutes, currentUser, getAuthConfig };
|
package/dist/server.js
ADDED
|
@@ -0,0 +1,511 @@
|
|
|
1
|
+
// src/server.ts
|
|
2
|
+
import { cookies as cookies3 } from "next/headers";
|
|
3
|
+
import { redirect } from "next/navigation";
|
|
4
|
+
import { InAIAuthClient as InAIAuthClient3 } from "@inai-dev/backend";
|
|
5
|
+
import { isTokenExpired as isTokenExpired2, getClaimsFromToken as getClaimsFromToken2 } from "@inai-dev/shared";
|
|
6
|
+
|
|
7
|
+
// src/cookies.ts
|
|
8
|
+
import {
|
|
9
|
+
COOKIE_AUTH_TOKEN,
|
|
10
|
+
COOKIE_REFRESH_TOKEN,
|
|
11
|
+
COOKIE_AUTH_SESSION,
|
|
12
|
+
decodeJWTPayload
|
|
13
|
+
} from "@inai-dev/shared";
|
|
14
|
+
import {
|
|
15
|
+
COOKIE_AUTH_TOKEN as COOKIE_AUTH_TOKEN2,
|
|
16
|
+
COOKIE_REFRESH_TOKEN as COOKIE_REFRESH_TOKEN2,
|
|
17
|
+
COOKIE_AUTH_SESSION as COOKIE_AUTH_SESSION2
|
|
18
|
+
} from "@inai-dev/shared";
|
|
19
|
+
import { isTokenExpired, getClaimsFromToken } from "@inai-dev/shared";
|
|
20
|
+
function setAuthCookies(cookieStore, tokens, user) {
|
|
21
|
+
const isProduction = process.env.NODE_ENV === "production";
|
|
22
|
+
const claims = decodeJWTPayload(tokens.access_token);
|
|
23
|
+
const expiresAt = claims ? new Date(claims.exp * 1e3).toISOString() : new Date(Date.now() + tokens.expires_in * 1e3).toISOString();
|
|
24
|
+
cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {
|
|
25
|
+
httpOnly: true,
|
|
26
|
+
secure: isProduction,
|
|
27
|
+
sameSite: "lax",
|
|
28
|
+
path: "/",
|
|
29
|
+
maxAge: tokens.expires_in
|
|
30
|
+
});
|
|
31
|
+
cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {
|
|
32
|
+
httpOnly: true,
|
|
33
|
+
secure: isProduction,
|
|
34
|
+
sameSite: "strict",
|
|
35
|
+
path: "/api/auth",
|
|
36
|
+
maxAge: 7 * 24 * 60 * 60
|
|
37
|
+
});
|
|
38
|
+
const sessionData = {
|
|
39
|
+
user,
|
|
40
|
+
expiresAt,
|
|
41
|
+
permissions: claims?.permissions ?? [],
|
|
42
|
+
orgId: claims?.org_id,
|
|
43
|
+
orgRole: claims?.org_role,
|
|
44
|
+
appId: claims?.app_id,
|
|
45
|
+
envId: claims?.env_id
|
|
46
|
+
};
|
|
47
|
+
cookieStore.set(COOKIE_AUTH_SESSION, JSON.stringify(sessionData), {
|
|
48
|
+
httpOnly: false,
|
|
49
|
+
secure: isProduction,
|
|
50
|
+
sameSite: "lax",
|
|
51
|
+
path: "/",
|
|
52
|
+
maxAge: tokens.expires_in
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
function clearAuthCookies(cookieStore) {
|
|
56
|
+
const opts = { path: "/", maxAge: 0 };
|
|
57
|
+
cookieStore.set(COOKIE_AUTH_TOKEN, "", opts);
|
|
58
|
+
cookieStore.set(COOKIE_REFRESH_TOKEN, "", { ...opts, path: "/api/auth" });
|
|
59
|
+
cookieStore.set(COOKIE_AUTH_SESSION, "", opts);
|
|
60
|
+
}
|
|
61
|
+
function getAuthTokenFromCookies(cookieStore) {
|
|
62
|
+
return cookieStore.get(COOKIE_AUTH_TOKEN)?.value ?? null;
|
|
63
|
+
}
|
|
64
|
+
function getRefreshTokenFromCookies(cookieStore) {
|
|
65
|
+
return cookieStore.get(COOKIE_REFRESH_TOKEN)?.value ?? null;
|
|
66
|
+
}
|
|
67
|
+
function getSessionFromCookies(cookieStore) {
|
|
68
|
+
const raw = cookieStore.get(COOKIE_AUTH_SESSION)?.value;
|
|
69
|
+
if (!raw) return null;
|
|
70
|
+
try {
|
|
71
|
+
return JSON.parse(raw);
|
|
72
|
+
} catch {
|
|
73
|
+
return null;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
// src/config.ts
|
|
78
|
+
var defaults = {
|
|
79
|
+
signInUrl: "/login",
|
|
80
|
+
signUpUrl: "/register",
|
|
81
|
+
afterSignInUrl: "/",
|
|
82
|
+
afterSignOutUrl: "/login",
|
|
83
|
+
apiUrl: "",
|
|
84
|
+
publishableKey: ""
|
|
85
|
+
};
|
|
86
|
+
var userConfig = {};
|
|
87
|
+
function configureAuth(config) {
|
|
88
|
+
userConfig = config;
|
|
89
|
+
}
|
|
90
|
+
function getAuthConfig() {
|
|
91
|
+
return {
|
|
92
|
+
signInUrl: userConfig.signInUrl ?? defaults.signInUrl,
|
|
93
|
+
signUpUrl: userConfig.signUpUrl ?? defaults.signUpUrl,
|
|
94
|
+
afterSignInUrl: userConfig.afterSignInUrl ?? defaults.afterSignInUrl,
|
|
95
|
+
afterSignOutUrl: userConfig.afterSignOutUrl ?? defaults.afterSignOutUrl,
|
|
96
|
+
apiUrl: userConfig.apiUrl ?? process.env.INAI_API_URL ?? process.env.NEXT_PUBLIC_INAI_API_URL ?? defaults.apiUrl,
|
|
97
|
+
publishableKey: userConfig.publishableKey ?? process.env.NEXT_PUBLIC_INAI_PUBLISHABLE_KEY ?? defaults.publishableKey
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
// src/api-routes.ts
|
|
102
|
+
import { cookies } from "next/headers";
|
|
103
|
+
import { NextResponse } from "next/server";
|
|
104
|
+
import { InAIAuthClient } from "@inai-dev/backend";
|
|
105
|
+
function createAuthRoutes(config) {
|
|
106
|
+
const client = new InAIAuthClient(config);
|
|
107
|
+
async function handleLogin(req) {
|
|
108
|
+
try {
|
|
109
|
+
const body = await req.json();
|
|
110
|
+
const result = await client.login({
|
|
111
|
+
email: body.email,
|
|
112
|
+
password: body.password
|
|
113
|
+
});
|
|
114
|
+
if (result.mfa_required) {
|
|
115
|
+
return NextResponse.json({
|
|
116
|
+
mfa_required: true,
|
|
117
|
+
mfa_token: result.mfa_token
|
|
118
|
+
});
|
|
119
|
+
}
|
|
120
|
+
const tokens = result;
|
|
121
|
+
const loginUser = result.user;
|
|
122
|
+
const user = loginUser ?? (await client.getMe(tokens.access_token)).data;
|
|
123
|
+
const cookieStore = await cookies();
|
|
124
|
+
setAuthCookies(cookieStore, tokens, user);
|
|
125
|
+
return NextResponse.json({ user });
|
|
126
|
+
} catch (err) {
|
|
127
|
+
const message = err instanceof Error ? err.message : "Login failed";
|
|
128
|
+
return NextResponse.json({ error: message }, { status: 401 });
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
async function handleMFAChallenge(req) {
|
|
132
|
+
try {
|
|
133
|
+
const body = await req.json();
|
|
134
|
+
const tokens = await client.mfaChallenge({
|
|
135
|
+
mfa_token: body.mfa_token,
|
|
136
|
+
code: body.code
|
|
137
|
+
});
|
|
138
|
+
const { data: user } = await client.getMe(tokens.access_token);
|
|
139
|
+
const cookieStore = await cookies();
|
|
140
|
+
setAuthCookies(cookieStore, tokens, user);
|
|
141
|
+
return NextResponse.json({ user });
|
|
142
|
+
} catch (err) {
|
|
143
|
+
const message = err instanceof Error ? err.message : "MFA verification failed";
|
|
144
|
+
return NextResponse.json({ error: message }, { status: 401 });
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
async function handleRefresh() {
|
|
148
|
+
try {
|
|
149
|
+
const cookieStore = await cookies();
|
|
150
|
+
const refreshToken = getRefreshTokenFromCookies(cookieStore);
|
|
151
|
+
if (!refreshToken) {
|
|
152
|
+
clearAuthCookies(cookieStore);
|
|
153
|
+
return NextResponse.json(
|
|
154
|
+
{ error: "No refresh token" },
|
|
155
|
+
{ status: 401 }
|
|
156
|
+
);
|
|
157
|
+
}
|
|
158
|
+
const tokens = await client.refresh(refreshToken);
|
|
159
|
+
const { data: user } = await client.getMe(tokens.access_token);
|
|
160
|
+
setAuthCookies(cookieStore, tokens, user);
|
|
161
|
+
return NextResponse.json({ user });
|
|
162
|
+
} catch {
|
|
163
|
+
const cookieStore = await cookies();
|
|
164
|
+
clearAuthCookies(cookieStore);
|
|
165
|
+
return NextResponse.json(
|
|
166
|
+
{ error: "Refresh failed" },
|
|
167
|
+
{ status: 401 }
|
|
168
|
+
);
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
async function handleRegister(req) {
|
|
172
|
+
try {
|
|
173
|
+
const body = await req.json();
|
|
174
|
+
const result = await client.register({
|
|
175
|
+
email: body.email,
|
|
176
|
+
password: body.password,
|
|
177
|
+
firstName: body.firstName,
|
|
178
|
+
lastName: body.lastName
|
|
179
|
+
});
|
|
180
|
+
if (!result.access_token) {
|
|
181
|
+
return NextResponse.json({
|
|
182
|
+
needs_email_verification: true,
|
|
183
|
+
user: result.user
|
|
184
|
+
});
|
|
185
|
+
}
|
|
186
|
+
const tokens = result;
|
|
187
|
+
const loginUser = result.user;
|
|
188
|
+
const user = loginUser ?? (await client.getMe(tokens.access_token)).data;
|
|
189
|
+
const cookieStore = await cookies();
|
|
190
|
+
setAuthCookies(cookieStore, tokens, user);
|
|
191
|
+
return NextResponse.json({ user });
|
|
192
|
+
} catch (err) {
|
|
193
|
+
const message = err instanceof Error ? err.message : "Registration failed";
|
|
194
|
+
return NextResponse.json({ error: message }, { status: 400 });
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
async function handleLogout() {
|
|
198
|
+
try {
|
|
199
|
+
const cookieStore = await cookies();
|
|
200
|
+
const refreshToken = getRefreshTokenFromCookies(cookieStore);
|
|
201
|
+
if (refreshToken) {
|
|
202
|
+
await client.logout(refreshToken).catch(() => {
|
|
203
|
+
});
|
|
204
|
+
}
|
|
205
|
+
clearAuthCookies(cookieStore);
|
|
206
|
+
return NextResponse.json({ success: true });
|
|
207
|
+
} catch {
|
|
208
|
+
const cookieStore = await cookies();
|
|
209
|
+
clearAuthCookies(cookieStore);
|
|
210
|
+
return NextResponse.json({ success: true });
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
async function handler(req, context) {
|
|
214
|
+
const params = await context.params;
|
|
215
|
+
const path = params.inai?.join("/") ?? "";
|
|
216
|
+
if (req.method === "POST") {
|
|
217
|
+
switch (path) {
|
|
218
|
+
case "login":
|
|
219
|
+
return handleLogin(req);
|
|
220
|
+
case "register":
|
|
221
|
+
return handleRegister(req);
|
|
222
|
+
case "mfa-challenge":
|
|
223
|
+
return handleMFAChallenge(req);
|
|
224
|
+
case "refresh":
|
|
225
|
+
return handleRefresh();
|
|
226
|
+
case "logout":
|
|
227
|
+
return handleLogout();
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
|
231
|
+
}
|
|
232
|
+
return {
|
|
233
|
+
GET: handler,
|
|
234
|
+
POST: handler
|
|
235
|
+
};
|
|
236
|
+
}
|
|
237
|
+
|
|
238
|
+
// src/platform-api-routes.ts
|
|
239
|
+
import { cookies as cookies2 } from "next/headers";
|
|
240
|
+
import { NextResponse as NextResponse2 } from "next/server";
|
|
241
|
+
import { InAIAuthClient as InAIAuthClient2 } from "@inai-dev/backend";
|
|
242
|
+
import {
|
|
243
|
+
COOKIE_AUTH_TOKEN as COOKIE_AUTH_TOKEN3,
|
|
244
|
+
COOKIE_AUTH_SESSION as COOKIE_AUTH_SESSION3,
|
|
245
|
+
COOKIE_REFRESH_TOKEN as COOKIE_REFRESH_TOKEN3
|
|
246
|
+
} from "@inai-dev/shared";
|
|
247
|
+
function createPlatformAuthRoutes(config) {
|
|
248
|
+
const client = new InAIAuthClient2(config);
|
|
249
|
+
const isProduction = process.env.NODE_ENV === "production";
|
|
250
|
+
function setPlatformCookies(cookieStore, tokens, user) {
|
|
251
|
+
cookieStore.set(COOKIE_AUTH_TOKEN3, tokens.access_token, {
|
|
252
|
+
httpOnly: true,
|
|
253
|
+
secure: isProduction,
|
|
254
|
+
sameSite: "lax",
|
|
255
|
+
path: "/",
|
|
256
|
+
maxAge: tokens.expires_in
|
|
257
|
+
});
|
|
258
|
+
cookieStore.set(COOKIE_REFRESH_TOKEN3, tokens.refresh_token, {
|
|
259
|
+
httpOnly: true,
|
|
260
|
+
secure: isProduction,
|
|
261
|
+
sameSite: "strict",
|
|
262
|
+
path: "/api/auth",
|
|
263
|
+
maxAge: 7 * 24 * 60 * 60
|
|
264
|
+
});
|
|
265
|
+
if (user) {
|
|
266
|
+
const expiresAt = Date.now() + tokens.expires_in * 1e3;
|
|
267
|
+
cookieStore.set(
|
|
268
|
+
COOKIE_AUTH_SESSION3,
|
|
269
|
+
JSON.stringify({ user, expiresAt }),
|
|
270
|
+
{
|
|
271
|
+
httpOnly: false,
|
|
272
|
+
secure: isProduction,
|
|
273
|
+
sameSite: "lax",
|
|
274
|
+
path: "/",
|
|
275
|
+
maxAge: tokens.expires_in
|
|
276
|
+
}
|
|
277
|
+
);
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
function clearPlatformCookies(cookieStore) {
|
|
281
|
+
cookieStore.set(COOKIE_AUTH_TOKEN3, "", { path: "/", maxAge: 0 });
|
|
282
|
+
cookieStore.set(COOKIE_REFRESH_TOKEN3, "", {
|
|
283
|
+
path: "/api/auth",
|
|
284
|
+
maxAge: 0
|
|
285
|
+
});
|
|
286
|
+
cookieStore.set(COOKIE_AUTH_SESSION3, "", { path: "/", maxAge: 0 });
|
|
287
|
+
}
|
|
288
|
+
async function handleLogin(req) {
|
|
289
|
+
try {
|
|
290
|
+
const body = await req.json();
|
|
291
|
+
const result = await client.platformLogin({
|
|
292
|
+
email: body.email,
|
|
293
|
+
password: body.password
|
|
294
|
+
});
|
|
295
|
+
if (result.mfa_required) {
|
|
296
|
+
return NextResponse2.json({
|
|
297
|
+
mfa_required: true,
|
|
298
|
+
mfa_token: result.mfa_token
|
|
299
|
+
});
|
|
300
|
+
}
|
|
301
|
+
const tokens = result;
|
|
302
|
+
const user = result.user;
|
|
303
|
+
const cookieStore = await cookies2();
|
|
304
|
+
setPlatformCookies(cookieStore, tokens, user);
|
|
305
|
+
return NextResponse2.json({ user });
|
|
306
|
+
} catch (err) {
|
|
307
|
+
const message = err instanceof Error ? err.message : "Login failed";
|
|
308
|
+
return NextResponse2.json({ error: message }, { status: 401 });
|
|
309
|
+
}
|
|
310
|
+
}
|
|
311
|
+
async function handleMFAChallenge(req) {
|
|
312
|
+
try {
|
|
313
|
+
const body = await req.json();
|
|
314
|
+
const result = await client.platformMfaChallenge({
|
|
315
|
+
mfa_token: body.mfa_token,
|
|
316
|
+
code: body.code
|
|
317
|
+
});
|
|
318
|
+
const tokens = result;
|
|
319
|
+
const user = result.user;
|
|
320
|
+
const cookieStore = await cookies2();
|
|
321
|
+
setPlatformCookies(cookieStore, tokens, user);
|
|
322
|
+
return NextResponse2.json({ user });
|
|
323
|
+
} catch (err) {
|
|
324
|
+
const message = err instanceof Error ? err.message : "MFA verification failed";
|
|
325
|
+
return NextResponse2.json({ error: message }, { status: 401 });
|
|
326
|
+
}
|
|
327
|
+
}
|
|
328
|
+
async function handleRefresh() {
|
|
329
|
+
try {
|
|
330
|
+
const cookieStore = await cookies2();
|
|
331
|
+
const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN3)?.value;
|
|
332
|
+
if (!refreshToken) {
|
|
333
|
+
clearPlatformCookies(cookieStore);
|
|
334
|
+
return NextResponse2.json(
|
|
335
|
+
{ error: "No refresh token" },
|
|
336
|
+
{ status: 401 }
|
|
337
|
+
);
|
|
338
|
+
}
|
|
339
|
+
const tokens = await client.platformRefresh(refreshToken);
|
|
340
|
+
const { data: user } = await client.platformGetMe(
|
|
341
|
+
tokens.access_token
|
|
342
|
+
);
|
|
343
|
+
setPlatformCookies(cookieStore, tokens, user);
|
|
344
|
+
return NextResponse2.json({ user });
|
|
345
|
+
} catch {
|
|
346
|
+
const cookieStore = await cookies2();
|
|
347
|
+
clearPlatformCookies(cookieStore);
|
|
348
|
+
return NextResponse2.json(
|
|
349
|
+
{ error: "Refresh failed" },
|
|
350
|
+
{ status: 401 }
|
|
351
|
+
);
|
|
352
|
+
}
|
|
353
|
+
}
|
|
354
|
+
async function handleLogout() {
|
|
355
|
+
try {
|
|
356
|
+
const cookieStore = await cookies2();
|
|
357
|
+
const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN3)?.value;
|
|
358
|
+
if (refreshToken) {
|
|
359
|
+
await client.platformLogout(refreshToken).catch(() => {
|
|
360
|
+
});
|
|
361
|
+
}
|
|
362
|
+
clearPlatformCookies(cookieStore);
|
|
363
|
+
return NextResponse2.json({ success: true });
|
|
364
|
+
} catch {
|
|
365
|
+
const cookieStore = await cookies2();
|
|
366
|
+
clearPlatformCookies(cookieStore);
|
|
367
|
+
return NextResponse2.json({ success: true });
|
|
368
|
+
}
|
|
369
|
+
}
|
|
370
|
+
async function handler(req, context) {
|
|
371
|
+
const params = await context.params;
|
|
372
|
+
const path = params.inai?.join("/") ?? "";
|
|
373
|
+
if (req.method === "POST") {
|
|
374
|
+
switch (path) {
|
|
375
|
+
case "login":
|
|
376
|
+
return handleLogin(req);
|
|
377
|
+
case "mfa-challenge":
|
|
378
|
+
return handleMFAChallenge(req);
|
|
379
|
+
case "refresh":
|
|
380
|
+
return handleRefresh();
|
|
381
|
+
case "logout":
|
|
382
|
+
return handleLogout();
|
|
383
|
+
}
|
|
384
|
+
}
|
|
385
|
+
return NextResponse2.json({ error: "Not found" }, { status: 404 });
|
|
386
|
+
}
|
|
387
|
+
return {
|
|
388
|
+
GET: handler,
|
|
389
|
+
POST: handler
|
|
390
|
+
};
|
|
391
|
+
}
|
|
392
|
+
|
|
393
|
+
// src/server.ts
|
|
394
|
+
async function auth() {
|
|
395
|
+
const cookieStore = await cookies3();
|
|
396
|
+
const token = getAuthTokenFromCookies(cookieStore);
|
|
397
|
+
const config = getAuthConfig();
|
|
398
|
+
function redirectToSignIn(opts) {
|
|
399
|
+
const returnTo = opts?.returnTo;
|
|
400
|
+
const url = returnTo ? `${config.signInUrl}?returnTo=${encodeURIComponent(returnTo)}` : config.signInUrl;
|
|
401
|
+
redirect(url);
|
|
402
|
+
}
|
|
403
|
+
if (!token || isTokenExpired2(token)) {
|
|
404
|
+
return {
|
|
405
|
+
userId: null,
|
|
406
|
+
tenantId: null,
|
|
407
|
+
appId: null,
|
|
408
|
+
envId: null,
|
|
409
|
+
orgId: null,
|
|
410
|
+
orgRole: null,
|
|
411
|
+
sessionId: null,
|
|
412
|
+
getToken: async () => null,
|
|
413
|
+
has: () => false,
|
|
414
|
+
protect: () => {
|
|
415
|
+
redirectToSignIn();
|
|
416
|
+
},
|
|
417
|
+
redirectToSignIn
|
|
418
|
+
};
|
|
419
|
+
}
|
|
420
|
+
const claims = getClaimsFromToken2(token);
|
|
421
|
+
if (!claims) {
|
|
422
|
+
return {
|
|
423
|
+
userId: null,
|
|
424
|
+
tenantId: null,
|
|
425
|
+
appId: null,
|
|
426
|
+
envId: null,
|
|
427
|
+
orgId: null,
|
|
428
|
+
orgRole: null,
|
|
429
|
+
sessionId: null,
|
|
430
|
+
getToken: async () => null,
|
|
431
|
+
has: () => false,
|
|
432
|
+
protect: () => {
|
|
433
|
+
redirectToSignIn();
|
|
434
|
+
},
|
|
435
|
+
redirectToSignIn
|
|
436
|
+
};
|
|
437
|
+
}
|
|
438
|
+
const roles = claims.roles ?? [];
|
|
439
|
+
const permissions = claims.permissions ?? [];
|
|
440
|
+
const has = (params) => {
|
|
441
|
+
if (params.role && roles.includes(params.role)) return true;
|
|
442
|
+
if (params.permission && permissions.includes(params.permission))
|
|
443
|
+
return true;
|
|
444
|
+
return false;
|
|
445
|
+
};
|
|
446
|
+
const protectedObj = {
|
|
447
|
+
userId: claims.sub,
|
|
448
|
+
tenantId: claims.tenant_id,
|
|
449
|
+
appId: claims.app_id ?? null,
|
|
450
|
+
envId: claims.env_id ?? null,
|
|
451
|
+
orgId: claims.org_id ?? null,
|
|
452
|
+
orgRole: claims.org_role ?? null,
|
|
453
|
+
sessionId: null,
|
|
454
|
+
isSignedIn: true,
|
|
455
|
+
getToken: async () => token,
|
|
456
|
+
has
|
|
457
|
+
};
|
|
458
|
+
return {
|
|
459
|
+
userId: claims.sub,
|
|
460
|
+
tenantId: claims.tenant_id,
|
|
461
|
+
appId: claims.app_id ?? null,
|
|
462
|
+
envId: claims.env_id ?? null,
|
|
463
|
+
orgId: claims.org_id ?? null,
|
|
464
|
+
orgRole: claims.org_role ?? null,
|
|
465
|
+
sessionId: null,
|
|
466
|
+
getToken: async () => token,
|
|
467
|
+
has,
|
|
468
|
+
protect: (params) => {
|
|
469
|
+
if (params?.role || params?.permission) {
|
|
470
|
+
if (!has({ role: params.role, permission: params.permission })) {
|
|
471
|
+
redirect(params.redirectTo ?? "/unauthorized");
|
|
472
|
+
}
|
|
473
|
+
}
|
|
474
|
+
return protectedObj;
|
|
475
|
+
},
|
|
476
|
+
redirectToSignIn
|
|
477
|
+
};
|
|
478
|
+
}
|
|
479
|
+
async function currentUser(opts) {
|
|
480
|
+
const cookieStore = await cookies3();
|
|
481
|
+
if (opts?.fresh) {
|
|
482
|
+
const token = getAuthTokenFromCookies(cookieStore);
|
|
483
|
+
if (!token || isTokenExpired2(token)) return null;
|
|
484
|
+
const config = getAuthConfig();
|
|
485
|
+
if (!config.apiUrl || !config.publishableKey) {
|
|
486
|
+
const session2 = getSessionFromCookies(cookieStore);
|
|
487
|
+
return session2?.user ?? null;
|
|
488
|
+
}
|
|
489
|
+
const client = new InAIAuthClient3({
|
|
490
|
+
apiUrl: config.apiUrl,
|
|
491
|
+
publishableKey: config.publishableKey
|
|
492
|
+
});
|
|
493
|
+
try {
|
|
494
|
+
const { data } = await client.getMe(token);
|
|
495
|
+
return data;
|
|
496
|
+
} catch {
|
|
497
|
+
return null;
|
|
498
|
+
}
|
|
499
|
+
}
|
|
500
|
+
const session = getSessionFromCookies(cookieStore);
|
|
501
|
+
return session?.user ?? null;
|
|
502
|
+
}
|
|
503
|
+
export {
|
|
504
|
+
auth,
|
|
505
|
+
configureAuth,
|
|
506
|
+
createAuthRoutes,
|
|
507
|
+
createPlatformAuthRoutes,
|
|
508
|
+
currentUser,
|
|
509
|
+
getAuthConfig
|
|
510
|
+
};
|
|
511
|
+
//# sourceMappingURL=server.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/server.ts","../src/cookies.ts","../src/config.ts","../src/api-routes.ts","../src/platform-api-routes.ts"],"sourcesContent":["import { cookies } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport type {\n AuthObject,\n ServerAuthObject,\n ProtectedAuthObject,\n UserResource,\n} from \"@inai-dev/types\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\nimport {\n getAuthTokenFromCookies,\n getSessionFromCookies,\n} from \"./cookies\";\nimport { getAuthConfig } from \"./config\";\n\nexport { createAuthRoutes } from \"./api-routes\";\nexport { createPlatformAuthRoutes } from \"./platform-api-routes\";\nexport { configureAuth, getAuthConfig } from \"./config\";\n\nexport async function auth(): Promise<ServerAuthObject> {\n const cookieStore = await cookies();\n const token = getAuthTokenFromCookies(cookieStore);\n const config = getAuthConfig();\n\n function redirectToSignIn(opts?: { returnTo?: string }): never {\n const returnTo = opts?.returnTo;\n const url = returnTo\n ? `${config.signInUrl}?returnTo=${encodeURIComponent(returnTo)}`\n : config.signInUrl;\n redirect(url);\n }\n\n if (!token || isTokenExpired(token)) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const claims = getClaimsFromToken(token);\n if (!claims) {\n return {\n userId: null,\n tenantId: null,\n appId: null,\n envId: null,\n orgId: null,\n orgRole: null,\n sessionId: null,\n getToken: async () => null,\n has: () => false,\n protect: () => {\n redirectToSignIn();\n },\n redirectToSignIn,\n };\n }\n\n const roles = claims.roles ?? [];\n const permissions = claims.permissions ?? [];\n\n const has = (params: { role?: string; permission?: string }) => {\n if (params.role && roles.includes(params.role)) return true;\n if (params.permission && permissions.includes(params.permission))\n return true;\n return false;\n };\n\n const protectedObj: ProtectedAuthObject = {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n isSignedIn: true,\n getToken: async () => token,\n has,\n };\n\n return {\n userId: claims.sub,\n tenantId: claims.tenant_id,\n appId: claims.app_id ?? null,\n envId: claims.env_id ?? null,\n orgId: claims.org_id ?? null,\n orgRole: claims.org_role ?? null,\n sessionId: null,\n getToken: async () => token,\n has,\n protect: (params?: {\n role?: string;\n permission?: string;\n redirectTo?: string;\n }) => {\n if (params?.role || params?.permission) {\n if (!has({ role: params.role, permission: params.permission })) {\n redirect(params.redirectTo ?? \"/unauthorized\");\n }\n }\n return protectedObj;\n },\n redirectToSignIn,\n };\n}\n\nexport async function currentUser(\n opts?: { fresh?: boolean },\n): Promise<UserResource | null> {\n const cookieStore = await cookies();\n\n if (opts?.fresh) {\n const token = getAuthTokenFromCookies(cookieStore);\n if (!token || isTokenExpired(token)) return null;\n\n const config = getAuthConfig();\n if (!config.apiUrl || !config.publishableKey) {\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n }\n\n const client = new InAIAuthClient({\n apiUrl: config.apiUrl,\n publishableKey: config.publishableKey,\n });\n try {\n const { data } = await client.getMe(token);\n return data;\n } catch {\n return null;\n }\n }\n\n const session = getSessionFromCookies(cookieStore);\n return session?.user ?? null;\n}\n","import type { UserResource, JWTClaims, TokenPair } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n decodeJWTPayload,\n} from \"@inai-dev/shared\";\n\nexport {\n COOKIE_AUTH_TOKEN,\n COOKIE_REFRESH_TOKEN,\n COOKIE_AUTH_SESSION,\n} from \"@inai-dev/shared\";\n\nexport { isTokenExpired, getClaimsFromToken } from \"@inai-dev/shared\";\n\ninterface CookieStore {\n get(name: string): { value: string } | undefined;\n set(name: string, value: string, options?: Record<string, unknown>): void;\n}\n\ninterface SessionData {\n user: UserResource;\n expiresAt: string;\n permissions?: string[];\n orgId?: string;\n orgRole?: string;\n appId?: string;\n envId?: string;\n}\n\nexport function setAuthCookies(\n cookieStore: CookieStore,\n tokens: TokenPair,\n user: UserResource,\n): void {\n const isProduction = process.env.NODE_ENV === \"production\";\n const claims = decodeJWTPayload(tokens.access_token);\n const expiresAt = claims\n ? new Date(claims.exp * 1000).toISOString()\n : new Date(Date.now() + tokens.expires_in * 1000).toISOString();\n\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n\n const sessionData: SessionData = {\n user,\n expiresAt,\n permissions: claims?.permissions ?? [],\n orgId: claims?.org_id,\n orgRole: claims?.org_role,\n appId: claims?.app_id,\n envId: claims?.env_id,\n };\n cookieStore.set(COOKIE_AUTH_SESSION, JSON.stringify(sessionData), {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n}\n\nexport function clearAuthCookies(\n cookieStore: CookieStore,\n): void {\n const opts = { path: \"/\", maxAge: 0 };\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", opts);\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", { ...opts, path: \"/api/auth\" });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", opts);\n}\n\nexport function getAuthTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_AUTH_TOKEN)?.value ?? null;\n}\n\nexport function getRefreshTokenFromCookies(\n cookieStore: CookieStore,\n): string | null {\n return cookieStore.get(COOKIE_REFRESH_TOKEN)?.value ?? null;\n}\n\nexport function getSessionFromCookies(\n cookieStore: CookieStore,\n): SessionData | null {\n const raw = cookieStore.get(COOKIE_AUTH_SESSION)?.value;\n if (!raw) return null;\n try {\n return JSON.parse(raw) as SessionData;\n } catch {\n return null;\n }\n}\n","import type { InAIAuthSDKConfig } from \"@inai-dev/types\";\n\ntype ResolvedConfig = Required<InAIAuthSDKConfig>;\n\nconst defaults: ResolvedConfig = {\n signInUrl: \"/login\",\n signUpUrl: \"/register\",\n afterSignInUrl: \"/\",\n afterSignOutUrl: \"/login\",\n apiUrl: \"\",\n publishableKey: \"\",\n};\n\nlet userConfig: Partial<InAIAuthSDKConfig> = {};\n\nexport function configureAuth(config: InAIAuthSDKConfig): void {\n userConfig = config;\n}\n\nexport function getAuthConfig(): ResolvedConfig {\n return {\n signInUrl: userConfig.signInUrl ?? defaults.signInUrl,\n signUpUrl: userConfig.signUpUrl ?? defaults.signUpUrl,\n afterSignInUrl: userConfig.afterSignInUrl ?? defaults.afterSignInUrl,\n afterSignOutUrl: userConfig.afterSignOutUrl ?? defaults.afterSignOutUrl,\n apiUrl:\n userConfig.apiUrl ??\n process.env.INAI_API_URL ??\n process.env.NEXT_PUBLIC_INAI_API_URL ??\n defaults.apiUrl,\n publishableKey:\n userConfig.publishableKey ??\n process.env.NEXT_PUBLIC_INAI_PUBLISHABLE_KEY ??\n defaults.publishableKey,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type {\n InAIAuthConfig,\n TokenPair,\n UserResource,\n LoginResult,\n} from \"@inai-dev/types\";\nimport {\n setAuthCookies,\n clearAuthCookies,\n getRefreshTokenFromCookies,\n} from \"./cookies\";\n\nexport function createAuthRoutes(config: InAIAuthConfig) {\n const client = new InAIAuthClient(config);\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = (await client.login({\n email: body.email,\n password: body.password,\n })) as LoginResult & { user?: UserResource };\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = (result as { user?: UserResource }).user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const tokens = await client.mfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const { data: user } = await client.getMe(tokens.access_token);\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n\n if (!refreshToken) {\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.refresh(refreshToken);\n const { data: user } = await client.getMe(tokens.access_token);\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleRegister(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.register({\n email: body.email,\n password: body.password,\n firstName: body.firstName,\n lastName: body.lastName,\n });\n\n if (!result.access_token) {\n return NextResponse.json({\n needs_email_verification: true,\n user: result.user,\n });\n }\n\n const tokens = result as TokenPair;\n const loginUser = result.user;\n const user =\n loginUser ?? (await client.getMe(tokens.access_token)).data;\n const cookieStore = await cookies();\n setAuthCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"Registration failed\";\n return NextResponse.json({ error: message }, { status: 400 });\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = getRefreshTokenFromCookies(cookieStore);\n if (refreshToken) {\n await client.logout(refreshToken).catch(() => {});\n }\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearAuthCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"register\":\n return handleRegister(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n","import { cookies } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\nimport { InAIAuthClient } from \"@inai-dev/backend\";\nimport type { InAIAuthConfig, TokenPair, PlatformUserResource } from \"@inai-dev/types\";\nimport {\n COOKIE_AUTH_TOKEN,\n COOKIE_AUTH_SESSION,\n COOKIE_REFRESH_TOKEN,\n} from \"@inai-dev/shared\";\n\nexport function createPlatformAuthRoutes(config: InAIAuthConfig) {\n const client = new InAIAuthClient(config);\n const isProduction = process.env.NODE_ENV === \"production\";\n\n function setPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n tokens: TokenPair,\n user?: PlatformUserResource,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, tokens.access_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n });\n cookieStore.set(COOKIE_REFRESH_TOKEN, tokens.refresh_token, {\n httpOnly: true,\n secure: isProduction,\n sameSite: \"strict\",\n path: \"/api/auth\",\n maxAge: 7 * 24 * 60 * 60,\n });\n if (user) {\n const expiresAt = Date.now() + tokens.expires_in * 1000;\n cookieStore.set(\n COOKIE_AUTH_SESSION,\n JSON.stringify({ user, expiresAt }),\n {\n httpOnly: false,\n secure: isProduction,\n sameSite: \"lax\",\n path: \"/\",\n maxAge: tokens.expires_in,\n },\n );\n }\n }\n\n function clearPlatformCookies(\n cookieStore: Awaited<ReturnType<typeof cookies>>,\n ) {\n cookieStore.set(COOKIE_AUTH_TOKEN, \"\", { path: \"/\", maxAge: 0 });\n cookieStore.set(COOKIE_REFRESH_TOKEN, \"\", {\n path: \"/api/auth\",\n maxAge: 0,\n });\n cookieStore.set(COOKIE_AUTH_SESSION, \"\", { path: \"/\", maxAge: 0 });\n }\n\n async function handleLogin(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformLogin({\n email: body.email,\n password: body.password,\n });\n\n if (result.mfa_required) {\n return NextResponse.json({\n mfa_required: true,\n mfa_token: result.mfa_token,\n });\n }\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message = err instanceof Error ? err.message : \"Login failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleMFAChallenge(req: NextRequest) {\n try {\n const body = (await req.json()) as Record<string, string>;\n const result = await client.platformMfaChallenge({\n mfa_token: body.mfa_token,\n code: body.code,\n });\n\n const tokens = result as TokenPair;\n const user = result.user;\n const cookieStore = await cookies();\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch (err) {\n const message =\n err instanceof Error ? err.message : \"MFA verification failed\";\n return NextResponse.json({ error: message }, { status: 401 });\n }\n }\n\n async function handleRefresh() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n\n if (!refreshToken) {\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"No refresh token\" },\n { status: 401 },\n );\n }\n\n const tokens = await client.platformRefresh(refreshToken);\n const { data: user } = await client.platformGetMe(\n tokens.access_token,\n );\n setPlatformCookies(cookieStore, tokens, user);\n\n return NextResponse.json({ user });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json(\n { error: \"Refresh failed\" },\n { status: 401 },\n );\n }\n }\n\n async function handleLogout() {\n try {\n const cookieStore = await cookies();\n const refreshToken = cookieStore.get(COOKIE_REFRESH_TOKEN)?.value;\n if (refreshToken) {\n await client.platformLogout(refreshToken).catch(() => {});\n }\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n } catch {\n const cookieStore = await cookies();\n clearPlatformCookies(cookieStore);\n return NextResponse.json({ success: true });\n }\n }\n\n async function handler(\n req: NextRequest,\n context: { params: Promise<{ inai: string[] }> },\n ) {\n const params = await context.params;\n const path = params.inai?.join(\"/\") ?? \"\";\n\n if (req.method === \"POST\") {\n switch (path) {\n case \"login\":\n return handleLogin(req);\n case \"mfa-challenge\":\n return handleMFAChallenge(req);\n case \"refresh\":\n return handleRefresh();\n case \"logout\":\n return handleLogout();\n }\n }\n\n return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n }\n\n return {\n GET: handler,\n POST: handler,\n };\n}\n"],"mappings":";AAAA,SAAS,WAAAA,gBAAe;AACxB,SAAS,gBAAgB;AAOzB,SAAS,kBAAAC,uBAAsB;AAC/B,SAAS,kBAAAC,iBAAgB,sBAAAC,2BAA0B;;;ACRnD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE,qBAAAC;AAAA,EACA,wBAAAC;AAAA,EACA,uBAAAC;AAAA,OACK;AAEP,SAAS,gBAAgB,0BAA0B;AAiB5C,SAAS,eACd,aACA,QACA,MACM;AACN,QAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,QAAM,SAAS,iBAAiB,OAAO,YAAY;AACnD,QAAM,YAAY,SACd,IAAI,KAAK,OAAO,MAAM,GAAI,EAAE,YAAY,IACxC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,aAAa,GAAI,EAAE,YAAY;AAEhE,cAAY,IAAI,mBAAmB,OAAO,cAAc;AAAA,IACtD,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AAED,cAAY,IAAI,sBAAsB,OAAO,eAAe;AAAA,IAC1D,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,IAAI,KAAK,KAAK;AAAA,EACxB,CAAC;AAED,QAAM,cAA2B;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,OAAO,QAAQ;AAAA,IACf,SAAS,QAAQ;AAAA,IACjB,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ;AAAA,EACjB;AACA,cAAY,IAAI,qBAAqB,KAAK,UAAU,WAAW,GAAG;AAAA,IAChE,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,EACjB,CAAC;AACH;AAEO,SAAS,iBACd,aACM;AACN,QAAM,OAAO,EAAE,MAAM,KAAK,QAAQ,EAAE;AACpC,cAAY,IAAI,mBAAmB,IAAI,IAAI;AAC3C,cAAY,IAAI,sBAAsB,IAAI,EAAE,GAAG,MAAM,MAAM,YAAY,CAAC;AACxE,cAAY,IAAI,qBAAqB,IAAI,IAAI;AAC/C;AAEO,SAAS,wBACd,aACe;AACf,SAAO,YAAY,IAAI,iBAAiB,GAAG,SAAS;AACtD;AAEO,SAAS,2BACd,aACe;AACf,SAAO,YAAY,IAAI,oBAAoB,GAAG,SAAS;AACzD;AAEO,SAAS,sBACd,aACoB;AACpB,QAAM,MAAM,YAAY,IAAI,mBAAmB,GAAG;AAClD,MAAI,CAAC,IAAK,QAAO;AACjB,MAAI;AACF,WAAO,KAAK,MAAM,GAAG;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACvGA,IAAM,WAA2B;AAAA,EAC/B,WAAW;AAAA,EACX,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,iBAAiB;AAAA,EACjB,QAAQ;AAAA,EACR,gBAAgB;AAClB;AAEA,IAAI,aAAyC,CAAC;AAEvC,SAAS,cAAc,QAAiC;AAC7D,eAAa;AACf;AAEO,SAAS,gBAAgC;AAC9C,SAAO;AAAA,IACL,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,WAAW,WAAW,aAAa,SAAS;AAAA,IAC5C,gBAAgB,WAAW,kBAAkB,SAAS;AAAA,IACtD,iBAAiB,WAAW,mBAAmB,SAAS;AAAA,IACxD,QACE,WAAW,UACX,QAAQ,IAAI,gBACZ,QAAQ,IAAI,4BACZ,SAAS;AAAA,IACX,gBACE,WAAW,kBACX,QAAQ,IAAI,oCACZ,SAAS;AAAA,EACb;AACF;;;ACnCA,SAAS,eAAe;AACxB,SAAS,oBAAoB;AAE7B,SAAS,sBAAsB;AAaxB,SAAS,iBAAiB,QAAwB;AACvD,QAAM,SAAS,IAAI,eAAe,MAAM;AAExC,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAU,MAAM,OAAO,MAAM;AAAA,QACjC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAO,aAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAa,OAAmC;AACtD,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,MAAM,QAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,aAAa;AAAA,QACvC,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,YAAM,cAAc,MAAM,QAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAE3D,UAAI,CAAC,cAAc;AACjB,yBAAiB,WAAW;AAC5B,eAAO,aAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,QAAQ,YAAY;AAChD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM,OAAO,YAAY;AAC7D,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,MAAM,QAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,aAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe,KAAkB;AAC9C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,SAAS;AAAA,QACnC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,CAAC,OAAO,cAAc;AACxB,eAAO,aAAa,KAAK;AAAA,UACvB,0BAA0B;AAAA,UAC1B,MAAM,OAAO;AAAA,QACf,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,YAAY,OAAO;AACzB,YAAM,OACJ,cAAc,MAAM,OAAO,MAAM,OAAO,YAAY,GAAG;AACzD,YAAM,cAAc,MAAM,QAAQ;AAClC,qBAAe,aAAa,QAAQ,IAAI;AAExC,aAAO,aAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ;AAClC,YAAM,eAAe,2BAA2B,WAAW;AAC3D,UAAI,cAAc;AAChB,cAAM,OAAO,OAAO,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAClD;AACA,uBAAiB,WAAW;AAC5B,aAAO,aAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,MAAM,QAAQ;AAClC,uBAAiB,WAAW;AAC5B,aAAO,aAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,eAAe,GAAG;AAAA,QAC3B,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AC7KA,SAAS,WAAAC,gBAAe;AACxB,SAAS,gBAAAC,qBAAoB;AAE7B,SAAS,kBAAAC,uBAAsB;AAE/B;AAAA,EACE,qBAAAC;AAAA,EACA,uBAAAC;AAAA,EACA,wBAAAC;AAAA,OACK;AAEA,SAAS,yBAAyB,QAAwB;AAC/D,QAAM,SAAS,IAAIH,gBAAe,MAAM;AACxC,QAAM,eAAe,QAAQ,IAAI,aAAa;AAE9C,WAAS,mBACP,aACA,QACA,MACA;AACA,gBAAY,IAAIC,oBAAmB,OAAO,cAAc;AAAA,MACtD,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,OAAO;AAAA,IACjB,CAAC;AACD,gBAAY,IAAIE,uBAAsB,OAAO,eAAe;AAAA,MAC1D,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,IAAI,KAAK,KAAK;AAAA,IACxB,CAAC;AACD,QAAI,MAAM;AACR,YAAM,YAAY,KAAK,IAAI,IAAI,OAAO,aAAa;AACnD,kBAAY;AAAA,QACVD;AAAA,QACA,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAAA,QAClC;AAAA,UACE,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,OAAO;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,WAAS,qBACP,aACA;AACA,gBAAY,IAAID,oBAAmB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAC/D,gBAAY,IAAIE,uBAAsB,IAAI;AAAA,MACxC,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AACD,gBAAY,IAAID,sBAAqB,IAAI,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;AAAA,EACnE;AAEA,iBAAe,YAAY,KAAkB;AAC3C,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,KAAK;AAAA,MACjB,CAAC;AAED,UAAI,OAAO,cAAc;AACvB,eAAOH,cAAa,KAAK;AAAA,UACvB,cAAc;AAAA,UACd,WAAW,OAAO;AAAA,QACpB,CAAC;AAAA,MACH;AAEA,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,MAAMD,SAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAOC,cAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,aAAOA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,mBAAmB,KAAkB;AAClD,QAAI;AACF,YAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAM,SAAS,MAAM,OAAO,qBAAqB;AAAA,QAC/C,WAAW,KAAK;AAAA,QAChB,MAAM,KAAK;AAAA,MACb,CAAC;AAED,YAAM,SAAS;AACf,YAAM,OAAO,OAAO;AACpB,YAAM,cAAc,MAAMD,SAAQ;AAClC,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAOC,cAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,SAAS,KAAK;AACZ,YAAM,UACJ,eAAe,QAAQ,IAAI,UAAU;AACvC,aAAOA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AAEA,iBAAe,gBAAgB;AAC7B,QAAI;AACF,YAAM,cAAc,MAAMD,SAAQ;AAClC,YAAM,eAAe,YAAY,IAAIK,qBAAoB,GAAG;AAE5D,UAAI,CAAC,cAAc;AACjB,6BAAqB,WAAW;AAChC,eAAOJ,cAAa;AAAA,UAClB,EAAE,OAAO,mBAAmB;AAAA,UAC5B,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAEA,YAAM,SAAS,MAAM,OAAO,gBAAgB,YAAY;AACxD,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAAO;AAAA,QAClC,OAAO;AAAA,MACT;AACA,yBAAmB,aAAa,QAAQ,IAAI;AAE5C,aAAOA,cAAa,KAAK,EAAE,KAAK,CAAC;AAAA,IACnC,QAAQ;AACN,YAAM,cAAc,MAAMD,SAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAOC,cAAa;AAAA,QAClB,EAAE,OAAO,iBAAiB;AAAA,QAC1B,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,eAAe;AAC5B,QAAI;AACF,YAAM,cAAc,MAAMD,SAAQ;AAClC,YAAM,eAAe,YAAY,IAAIK,qBAAoB,GAAG;AAC5D,UAAI,cAAc;AAChB,cAAM,OAAO,eAAe,YAAY,EAAE,MAAM,MAAM;AAAA,QAAC,CAAC;AAAA,MAC1D;AACA,2BAAqB,WAAW;AAChC,aAAOJ,cAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C,QAAQ;AACN,YAAM,cAAc,MAAMD,SAAQ;AAClC,2BAAqB,WAAW;AAChC,aAAOC,cAAa,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,iBAAe,QACb,KACA,SACA;AACA,UAAM,SAAS,MAAM,QAAQ;AAC7B,UAAM,OAAO,OAAO,MAAM,KAAK,GAAG,KAAK;AAEvC,QAAI,IAAI,WAAW,QAAQ;AACzB,cAAQ,MAAM;AAAA,QACZ,KAAK;AACH,iBAAO,YAAY,GAAG;AAAA,QACxB,KAAK;AACH,iBAAO,mBAAmB,GAAG;AAAA,QAC/B,KAAK;AACH,iBAAO,cAAc;AAAA,QACvB,KAAK;AACH,iBAAO,aAAa;AAAA,MACxB;AAAA,IACF;AAEA,WAAOA,cAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;;;AJlKA,eAAsB,OAAkC;AACtD,QAAM,cAAc,MAAMK,SAAQ;AAClC,QAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAM,SAAS,cAAc;AAE7B,WAAS,iBAAiB,MAAqC;AAC7D,UAAM,WAAW,MAAM;AACvB,UAAM,MAAM,WACR,GAAG,OAAO,SAAS,aAAa,mBAAmB,QAAQ,CAAC,KAC5D,OAAO;AACX,aAAS,GAAG;AAAA,EACd;AAEA,MAAI,CAAC,SAASC,gBAAe,KAAK,GAAG;AACnC,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAASC,oBAAmB,KAAK;AACvC,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,SAAS;AAAA,MACT,WAAW;AAAA,MACX,UAAU,YAAY;AAAA,MACtB,KAAK,MAAM;AAAA,MACX,SAAS,MAAM;AACb,yBAAiB;AAAA,MACnB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAM,cAAc,OAAO,eAAe,CAAC;AAE3C,QAAM,MAAM,CAAC,WAAmD;AAC9D,QAAI,OAAO,QAAQ,MAAM,SAAS,OAAO,IAAI,EAAG,QAAO;AACvD,QAAI,OAAO,cAAc,YAAY,SAAS,OAAO,UAAU;AAC7D,aAAO;AACT,WAAO;AAAA,EACT;AAEA,QAAM,eAAoC;AAAA,IACxC,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,YAAY;AAAA,IACZ,UAAU,YAAY;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,OAAO,OAAO,UAAU;AAAA,IACxB,SAAS,OAAO,YAAY;AAAA,IAC5B,WAAW;AAAA,IACX,UAAU,YAAY;AAAA,IACtB;AAAA,IACA,SAAS,CAAC,WAIJ;AACJ,UAAI,QAAQ,QAAQ,QAAQ,YAAY;AACtC,YAAI,CAAC,IAAI,EAAE,MAAM,OAAO,MAAM,YAAY,OAAO,WAAW,CAAC,GAAG;AAC9D,mBAAS,OAAO,cAAc,eAAe;AAAA,QAC/C;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,YACpB,MAC8B;AAC9B,QAAM,cAAc,MAAMF,SAAQ;AAElC,MAAI,MAAM,OAAO;AACf,UAAM,QAAQ,wBAAwB,WAAW;AACjD,QAAI,CAAC,SAASC,gBAAe,KAAK,EAAG,QAAO;AAE5C,UAAM,SAAS,cAAc;AAC7B,QAAI,CAAC,OAAO,UAAU,CAAC,OAAO,gBAAgB;AAC5C,YAAME,WAAU,sBAAsB,WAAW;AACjD,aAAOA,UAAS,QAAQ;AAAA,IAC1B;AAEA,UAAM,SAAS,IAAIC,gBAAe;AAAA,MAChC,QAAQ,OAAO;AAAA,MACf,gBAAgB,OAAO;AAAA,IACzB,CAAC;AACD,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,OAAO,MAAM,KAAK;AACzC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,UAAU,sBAAsB,WAAW;AACjD,SAAO,SAAS,QAAQ;AAC1B;","names":["cookies","InAIAuthClient","isTokenExpired","getClaimsFromToken","COOKIE_AUTH_TOKEN","COOKIE_REFRESH_TOKEN","COOKIE_AUTH_SESSION","cookies","NextResponse","InAIAuthClient","COOKIE_AUTH_TOKEN","COOKIE_AUTH_SESSION","COOKIE_REFRESH_TOKEN","cookies","isTokenExpired","getClaimsFromToken","session","InAIAuthClient"]}
|