@infuro/cms-core 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/auth.cjs +2 -7
  2. package/dist/auth.cjs.map +1 -1
  3. package/dist/auth.js +2 -7
  4. package/dist/auth.js.map +1 -1
  5. package/dist/index.cjs +2 -7
  6. package/dist/index.cjs.map +1 -1
  7. package/dist/index.js +2 -7
  8. package/dist/index.js.map +1 -1
  9. package/package.json +1 -1
package/dist/auth.cjs CHANGED
@@ -174,14 +174,9 @@ function getNextAuthOptions(config) {
174
174
  ],
175
175
  session: { strategy: "jwt" },
176
176
  pages: { signIn: signInPage },
177
- cookies: process.env.NODE_ENV === "production" ? {
177
+ cookies: {
178
178
  sessionToken: {
179
- name: "__Secure-next-auth.session-token",
180
- options: { httpOnly: true, sameSite: "lax", path: "/", secure: true }
181
- }
182
- } : {
183
- sessionToken: {
184
- name: "next-auth.session-token",
179
+ name: process.env.NEXTAUTH_URL?.startsWith("https") ? "__Secure-next-auth.session-token" : "next-auth.session-token",
185
180
  options: {
186
181
  httpOnly: true,
187
182
  sameSite: "lax",
package/dist/auth.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/auth/index.ts","../src/auth/helpers.ts","../src/auth/middleware.ts","../src/auth/nextauth-options.ts"],"sourcesContent":["export {\n createAuthHelpers,\n OPEN_ENDPOINTS,\n PERMISSION_REQUIRED_ENDPOINTS,\n isOpenEndpoint,\n isPublicMethod,\n getRequiredPermission,\n} from './helpers';\nexport type { SessionUser, GetSession, AuthHelpers } from './helpers';\nexport { createCmsMiddleware, defaultPublicApiMethods } from './middleware';\nexport type { CmsMiddlewareConfig } from './middleware';\nexport { getNextAuthOptions } from './nextauth-options';\nexport type { NextAuthOptionsConfig, NextAuthUser } from './nextauth-options';\n","export interface SessionUser {\n id?: string;\n email?: string | null;\n name?: string | null;\n groupId?: number;\n permissions?: string[];\n}\n\nexport type GetSession = () => Promise<{ user?: SessionUser } | null>;\n\nexport const OPEN_ENDPOINTS: Array<Record<string, string[]>> = [\n { '/api/contacts': ['POST'] },\n { '/api/form-submissions': ['POST'] },\n { '/api/blogs': ['GET'] },\n];\n\nexport const PERMISSION_REQUIRED_ENDPOINTS: Record<string, string[]> = {};\n\nexport function isOpenEndpoint(pathname: string): boolean {\n return OPEN_ENDPOINTS.some((endpoint) => pathname.startsWith(Object.keys(endpoint)[0]));\n}\n\nexport function getRequiredPermission(pathname: string): string[] | null {\n return null;\n}\n\nexport function isPublicMethod(pathname: string, method: string): boolean {\n for (const endpoint of OPEN_ENDPOINTS) {\n const key = Object.keys(endpoint)[0];\n if (pathname.startsWith(key) && endpoint[key].includes(method)) return true;\n }\n return false;\n}\n\nexport interface AuthHelpers {\n requireAuth(req: Request): Promise<Response | null>;\n requirePermission(req: Request, permission: string): Promise<Response | null>;\n getAuthenticatedUser(): Promise<SessionUser | null>;\n}\n\nexport function createAuthHelpers(getSession: GetSession, NextResponse: { json: (body: unknown, init?: { status?: number }) => Response }): AuthHelpers {\n return {\n async requireAuth() {\n const session = await getSession();\n if (!session?.user?.email) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\n }\n return null;\n },\n async requirePermission() {\n const session = await getSession();\n if (!session?.user?.email) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\n }\n return null;\n },\n async getAuthenticatedUser() {\n const session = await getSession();\n return session?.user ?? null;\n },\n };\n}\n","export interface CmsMiddlewareConfig {\n publicAdminPaths?: string[];\n publicApiPaths?: string[];\n /** path -> allowed methods */\n publicApiMethods?: Record<string, string[]>;\n signInPath?: string;\n getSessionToken?: (request: { cookies: { get: (name: string) => { value?: string } | undefined } }) => string | undefined;\n}\n\n/** Default public API paths (no auth). Sites should extend this with their own routes. */\nexport const defaultPublicApiMethods: Record<string, string[]> = {\n '/api/contacts': ['POST'],\n '/api/form-submissions': ['POST'],\n '/api/blogs': ['GET'],\n '/api/forms': ['GET'],\n '/api/auth': ['GET', 'POST'],\n '/api/health': ['GET'],\n '/api/users/forgot-password': ['POST'],\n '/api/users/set-password': ['POST'],\n '/api/users/invite': ['POST'],\n};\n\nfunction defaultGetSessionToken(request: { cookies: { get: (name: string) => { value?: string } | undefined } }): string | undefined {\n return (\n request.cookies.get('__Secure-next-auth.session-token')?.value ??\n request.cookies.get('next-auth.session-token')?.value\n );\n}\n\nfunction isPublicMethod(pathname: string, method: string, publicApiMethods: Record<string, string[]>): boolean {\n for (const [endpoint, methods] of Object.entries(publicApiMethods)) {\n if (pathname.startsWith(endpoint) && methods.includes(method)) return true;\n }\n return false;\n}\n\n/**\n * Returns middleware logic. Use from Next.js middleware:\n * import { createCmsMiddleware } from '@infuro/cms-core';\n * export const middleware = createCmsMiddleware({ ... });\n * export const config = { matcher: ['/admin/:path*', '/api/:path*'] };\n */\nexport function createCmsMiddleware(config: CmsMiddlewareConfig = {}) {\n const {\n publicAdminPaths = ['/admin/signin', '/admin/forgot-password', '/admin/reset-password', '/admin/invite'],\n publicApiMethods = defaultPublicApiMethods,\n signInPath = '/admin/signin',\n getSessionToken = defaultGetSessionToken,\n } = config;\n\n return function cmsMiddleware(request: {\n nextUrl: { pathname: string };\n url: string;\n method: string;\n cookies: { get: (name: string) => { value?: string } | undefined };\n }): { type: 'next' } | { type: 'redirect'; url: string } | { type: 'json'; status: number; body: unknown } {\n const pathname = request.nextUrl.pathname;\n const method = request.method;\n\n if (publicAdminPaths.some((p) => pathname === p || pathname.startsWith(p + '/'))) {\n return { type: 'next' };\n }\n\n if (pathname.startsWith('/admin')) {\n const token = getSessionToken(request);\n if (!token) {\n return { type: 'redirect', url: new URL(signInPath, request.url).toString() };\n }\n }\n\n if (pathname.startsWith('/api')) {\n if (isPublicMethod(pathname, method, publicApiMethods)) {\n return { type: 'next' };\n }\n const token = getSessionToken(request);\n if (!token) {\n return { type: 'json', status: 401, body: { error: 'Unauthorized' } };\n }\n }\n\n return { type: 'next' };\n };\n}\n","/**\n * Build NextAuth options for credentials auth. App can extend/override via extend().\n */\nimport type { NextAuthOptions } from 'next-auth';\nimport _CredentialsProvider from 'next-auth/providers/credentials';\nconst CredentialsProvider = (_CredentialsProvider as unknown as { default: typeof _CredentialsProvider }).default ?? _CredentialsProvider;\n\nexport interface NextAuthUser {\n id: number;\n email: string;\n name: string | null;\n password: string | null;\n blocked?: boolean;\n deleted?: boolean;\n groupId?: number | null;\n group?: { permissions?: unknown[] };\n}\n\nexport interface NextAuthOptionsConfig {\n /** Resolve user by email (e.g. from TypeORM). Return null if not found. */\n getUserByEmail: (email: string) => Promise<NextAuthUser | null>;\n comparePassword: (plain: string, hash: string) => Promise<boolean>;\n signInPage?: string;\n secret?: string;\n extend?: (options: NextAuthOptions) => NextAuthOptions;\n}\n\nexport function getNextAuthOptions(config: NextAuthOptionsConfig): NextAuthOptions {\n const { getUserByEmail, comparePassword, signInPage = '/admin/signin', secret, extend } = config;\n\n const options: NextAuthOptions = {\n secret: secret ?? process.env.NEXTAUTH_SECRET,\n providers: [\n CredentialsProvider({\n name: 'credentials',\n credentials: {\n email: { label: 'Email', type: 'email' },\n password: { label: 'Password', type: 'password' },\n },\n async authorize(credentials) {\n if (!credentials?.email || !credentials?.password) return null;\n try {\n const user = await getUserByEmail(credentials.email);\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted || !user.password) return null;\n const valid = await comparePassword(credentials.password, user.password);\n if (!valid) return null;\n return {\n id: user.id.toString(),\n email: user.email,\n name: user.name,\n groupId: user.groupId ?? undefined,\n permissions: ['admin'],\n };\n } catch {\n return null;\n }\n },\n }),\n ],\n session: { strategy: 'jwt' },\n pages: { signIn: signInPage },\n cookies:\n process.env.NODE_ENV === 'production'\n ? {\n sessionToken: {\n name: '__Secure-next-auth.session-token',\n options: { httpOnly: true, sameSite: 'lax', path: '/', secure: true },\n },\n }\n : {\n sessionToken: {\n name: 'next-auth.session-token',\n options: {\n httpOnly: true,\n sameSite: 'lax',\n path: '/',\n secure: process.env.NEXTAUTH_URL?.startsWith('https') ?? false,\n },\n },\n },\n callbacks: {\n async jwt({ token, user }) {\n if (user) {\n (token as Record<string, unknown>).id = user.id;\n (token as Record<string, unknown>).groupId = (user as { groupId?: number }).groupId;\n (token as Record<string, unknown>).permissions = (user as { permissions?: string[] }).permissions;\n }\n return token;\n },\n async session({ session, token }) {\n if (session.user) {\n (session.user as Record<string, unknown>).id = (token as Record<string, unknown>).id;\n (session.user as Record<string, unknown>).groupId = (token as Record<string, unknown>).groupId;\n (session.user as Record<string, unknown>).permissions = (token as Record<string, unknown>).permissions;\n }\n return session;\n },\n },\n };\n\n return extend ? extend(options) : options;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACUO,IAAM,iBAAkD;AAAA,EAC7D,EAAE,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B,EAAE,yBAAyB,CAAC,MAAM,EAAE;AAAA,EACpC,EAAE,cAAc,CAAC,KAAK,EAAE;AAC1B;AAEO,IAAM,gCAA0D,CAAC;AAEjE,SAAS,eAAe,UAA2B;AACxD,SAAO,eAAe,KAAK,CAAC,aAAa,SAAS,WAAW,OAAO,KAAK,QAAQ,EAAE,CAAC,CAAC,CAAC;AACxF;AAEO,SAAS,sBAAsB,UAAmC;AACvE,SAAO;AACT;AAEO,SAAS,eAAe,UAAkB,QAAyB;AACxE,aAAW,YAAY,gBAAgB;AACrC,UAAM,MAAM,OAAO,KAAK,QAAQ,EAAE,CAAC;AACnC,QAAI,SAAS,WAAW,GAAG,KAAK,SAAS,GAAG,EAAE,SAAS,MAAM,EAAG,QAAO;AAAA,EACzE;AACA,SAAO;AACT;AAQO,SAAS,kBAAkB,YAAwB,cAA8F;AACtJ,SAAO;AAAA,IACL,MAAM,cAAc;AAClB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,oBAAoB;AACxB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,uBAAuB;AAC3B,YAAM,UAAU,MAAM,WAAW;AACjC,aAAO,SAAS,QAAQ;AAAA,IAC1B;AAAA,EACF;AACF;;;ACnDO,IAAM,0BAAoD;AAAA,EAC/D,iBAAiB,CAAC,MAAM;AAAA,EACxB,yBAAyB,CAAC,MAAM;AAAA,EAChC,cAAc,CAAC,KAAK;AAAA,EACpB,cAAc,CAAC,KAAK;AAAA,EACpB,aAAa,CAAC,OAAO,MAAM;AAAA,EAC3B,eAAe,CAAC,KAAK;AAAA,EACrB,8BAA8B,CAAC,MAAM;AAAA,EACrC,2BAA2B,CAAC,MAAM;AAAA,EAClC,qBAAqB,CAAC,MAAM;AAC9B;AAEA,SAAS,uBAAuB,SAAqG;AACnI,SACE,QAAQ,QAAQ,IAAI,kCAAkC,GAAG,SACzD,QAAQ,QAAQ,IAAI,yBAAyB,GAAG;AAEpD;AAEA,SAASA,gBAAe,UAAkB,QAAgB,kBAAqD;AAC7G,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,gBAAgB,GAAG;AAClE,QAAI,SAAS,WAAW,QAAQ,KAAK,QAAQ,SAAS,MAAM,EAAG,QAAO;AAAA,EACxE;AACA,SAAO;AACT;AAQO,SAAS,oBAAoB,SAA8B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,mBAAmB,CAAC,iBAAiB,0BAA0B,yBAAyB,eAAe;AAAA,IACvG,mBAAmB;AAAA,IACnB,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,SAAS,cAAc,SAK6E;AACzG,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,SAAS,QAAQ;AAEvB,QAAI,iBAAiB,KAAK,CAAC,MAAM,aAAa,KAAK,SAAS,WAAW,IAAI,GAAG,CAAC,GAAG;AAChF,aAAO,EAAE,MAAM,OAAO;AAAA,IACxB;AAEA,QAAI,SAAS,WAAW,QAAQ,GAAG;AACjC,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,YAAY,KAAK,IAAI,IAAI,YAAY,QAAQ,GAAG,EAAE,SAAS,EAAE;AAAA,MAC9E;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,MAAM,GAAG;AAC/B,UAAIA,gBAAe,UAAU,QAAQ,gBAAgB,GAAG;AACtD,eAAO,EAAE,MAAM,OAAO;AAAA,MACxB;AACA,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,QAAQ,QAAQ,KAAK,MAAM,EAAE,OAAO,eAAe,EAAE;AAAA,MACtE;AAAA,IACF;AAEA,WAAO,EAAE,MAAM,OAAO;AAAA,EACxB;AACF;;;AC9EA,yBAAiC;AACjC,IAAM,sBAAuB,mBAAAC,QAA6E,WAAW,mBAAAA;AAsB9G,SAAS,mBAAmB,QAAgD;AACjF,QAAM,EAAE,gBAAgB,iBAAiB,aAAa,iBAAiB,QAAQ,OAAO,IAAI;AAE1F,QAAM,UAA2B;AAAA,IAC/B,QAAQ,UAAU,QAAQ,IAAI;AAAA,IAC9B,WAAW;AAAA,MACT,oBAAoB;AAAA,QAClB,MAAM;AAAA,QACN,aAAa;AAAA,UACX,OAAO,EAAE,OAAO,SAAS,MAAM,QAAQ;AAAA,UACvC,UAAU,EAAE,OAAO,YAAY,MAAM,WAAW;AAAA,QAClD;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,cAAI,CAAC,aAAa,SAAS,CAAC,aAAa,SAAU,QAAO;AAC1D,cAAI;AACF,kBAAM,OAAO,MAAM,eAAe,YAAY,KAAK;AACnD,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,WAAW,CAAC,KAAK,SAAU,QAAO;AAC/F,kBAAM,QAAQ,MAAM,gBAAgB,YAAY,UAAU,KAAK,QAAQ;AACvE,gBAAI,CAAC,MAAO,QAAO;AACnB,mBAAO;AAAA,cACL,IAAI,KAAK,GAAG,SAAS;AAAA,cACrB,OAAO,KAAK;AAAA,cACZ,MAAM,KAAK;AAAA,cACX,SAAS,KAAK,WAAW;AAAA,cACzB,aAAa,CAAC,OAAO;AAAA,YACvB;AAAA,UACF,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IACA,SAAS,EAAE,UAAU,MAAM;AAAA,IAC3B,OAAO,EAAE,QAAQ,WAAW;AAAA,IAC5B,SACE,QAAQ,IAAI,aAAa,eACrB;AAAA,MACE,cAAc;AAAA,QACZ,MAAM;AAAA,QACN,SAAS,EAAE,UAAU,MAAM,UAAU,OAAO,MAAM,KAAK,QAAQ,KAAK;AAAA,MACtE;AAAA,IACF,IACA;AAAA,MACE,cAAc;AAAA,QACZ,MAAM;AAAA,QACN,SAAS;AAAA,UACP,UAAU;AAAA,UACV,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,QAAQ,IAAI,cAAc,WAAW,OAAO,KAAK;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAAA,IACN,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,KAAK,GAAG;AACzB,YAAI,MAAM;AACR,UAAC,MAAkC,KAAK,KAAK;AAC7C,UAAC,MAAkC,UAAW,KAA8B;AAC5E,UAAC,MAAkC,cAAe,KAAoC;AAAA,QACxF;AACA,eAAO;AAAA,MACT;AAAA,MACA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAChC,YAAI,QAAQ,MAAM;AAChB,UAAC,QAAQ,KAAiC,KAAM,MAAkC;AAClF,UAAC,QAAQ,KAAiC,UAAW,MAAkC;AACvF,UAAC,QAAQ,KAAiC,cAAe,MAAkC;AAAA,QAC7F;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO,SAAS,OAAO,OAAO,IAAI;AACpC;","names":["isPublicMethod","_CredentialsProvider"]}
1
+ {"version":3,"sources":["../src/auth/index.ts","../src/auth/helpers.ts","../src/auth/middleware.ts","../src/auth/nextauth-options.ts"],"sourcesContent":["export {\n createAuthHelpers,\n OPEN_ENDPOINTS,\n PERMISSION_REQUIRED_ENDPOINTS,\n isOpenEndpoint,\n isPublicMethod,\n getRequiredPermission,\n} from './helpers';\nexport type { SessionUser, GetSession, AuthHelpers } from './helpers';\nexport { createCmsMiddleware, defaultPublicApiMethods } from './middleware';\nexport type { CmsMiddlewareConfig } from './middleware';\nexport { getNextAuthOptions } from './nextauth-options';\nexport type { NextAuthOptionsConfig, NextAuthUser } from './nextauth-options';\n","export interface SessionUser {\n id?: string;\n email?: string | null;\n name?: string | null;\n groupId?: number;\n permissions?: string[];\n}\n\nexport type GetSession = () => Promise<{ user?: SessionUser } | null>;\n\nexport const OPEN_ENDPOINTS: Array<Record<string, string[]>> = [\n { '/api/contacts': ['POST'] },\n { '/api/form-submissions': ['POST'] },\n { '/api/blogs': ['GET'] },\n];\n\nexport const PERMISSION_REQUIRED_ENDPOINTS: Record<string, string[]> = {};\n\nexport function isOpenEndpoint(pathname: string): boolean {\n return OPEN_ENDPOINTS.some((endpoint) => pathname.startsWith(Object.keys(endpoint)[0]));\n}\n\nexport function getRequiredPermission(pathname: string): string[] | null {\n return null;\n}\n\nexport function isPublicMethod(pathname: string, method: string): boolean {\n for (const endpoint of OPEN_ENDPOINTS) {\n const key = Object.keys(endpoint)[0];\n if (pathname.startsWith(key) && endpoint[key].includes(method)) return true;\n }\n return false;\n}\n\nexport interface AuthHelpers {\n requireAuth(req: Request): Promise<Response | null>;\n requirePermission(req: Request, permission: string): Promise<Response | null>;\n getAuthenticatedUser(): Promise<SessionUser | null>;\n}\n\nexport function createAuthHelpers(getSession: GetSession, NextResponse: { json: (body: unknown, init?: { status?: number }) => Response }): AuthHelpers {\n return {\n async requireAuth() {\n const session = await getSession();\n if (!session?.user?.email) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\n }\n return null;\n },\n async requirePermission() {\n const session = await getSession();\n if (!session?.user?.email) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\n }\n return null;\n },\n async getAuthenticatedUser() {\n const session = await getSession();\n return session?.user ?? null;\n },\n };\n}\n","export interface CmsMiddlewareConfig {\n publicAdminPaths?: string[];\n publicApiPaths?: string[];\n /** path -> allowed methods */\n publicApiMethods?: Record<string, string[]>;\n signInPath?: string;\n getSessionToken?: (request: { cookies: { get: (name: string) => { value?: string } | undefined } }) => string | undefined;\n}\n\n/** Default public API paths (no auth). Sites should extend this with their own routes. */\nexport const defaultPublicApiMethods: Record<string, string[]> = {\n '/api/contacts': ['POST'],\n '/api/form-submissions': ['POST'],\n '/api/blogs': ['GET'],\n '/api/forms': ['GET'],\n '/api/auth': ['GET', 'POST'],\n '/api/health': ['GET'],\n '/api/users/forgot-password': ['POST'],\n '/api/users/set-password': ['POST'],\n '/api/users/invite': ['POST'],\n};\n\nfunction defaultGetSessionToken(request: { cookies: { get: (name: string) => { value?: string } | undefined } }): string | undefined {\n return (\n request.cookies.get('__Secure-next-auth.session-token')?.value ??\n request.cookies.get('next-auth.session-token')?.value\n );\n}\n\nfunction isPublicMethod(pathname: string, method: string, publicApiMethods: Record<string, string[]>): boolean {\n for (const [endpoint, methods] of Object.entries(publicApiMethods)) {\n if (pathname.startsWith(endpoint) && methods.includes(method)) return true;\n }\n return false;\n}\n\n/**\n * Returns middleware logic. Use from Next.js middleware:\n * import { createCmsMiddleware } from '@infuro/cms-core';\n * export const middleware = createCmsMiddleware({ ... });\n * export const config = { matcher: ['/admin/:path*', '/api/:path*'] };\n */\nexport function createCmsMiddleware(config: CmsMiddlewareConfig = {}) {\n const {\n publicAdminPaths = ['/admin/signin', '/admin/forgot-password', '/admin/reset-password', '/admin/invite'],\n publicApiMethods = defaultPublicApiMethods,\n signInPath = '/admin/signin',\n getSessionToken = defaultGetSessionToken,\n } = config;\n\n return function cmsMiddleware(request: {\n nextUrl: { pathname: string };\n url: string;\n method: string;\n cookies: { get: (name: string) => { value?: string } | undefined };\n }): { type: 'next' } | { type: 'redirect'; url: string } | { type: 'json'; status: number; body: unknown } {\n const pathname = request.nextUrl.pathname;\n const method = request.method;\n\n if (publicAdminPaths.some((p) => pathname === p || pathname.startsWith(p + '/'))) {\n return { type: 'next' };\n }\n\n if (pathname.startsWith('/admin')) {\n const token = getSessionToken(request);\n if (!token) {\n return { type: 'redirect', url: new URL(signInPath, request.url).toString() };\n }\n }\n\n if (pathname.startsWith('/api')) {\n if (isPublicMethod(pathname, method, publicApiMethods)) {\n return { type: 'next' };\n }\n const token = getSessionToken(request);\n if (!token) {\n return { type: 'json', status: 401, body: { error: 'Unauthorized' } };\n }\n }\n\n return { type: 'next' };\n };\n}\n","/**\n * Build NextAuth options for credentials auth. App can extend/override via extend().\n */\nimport type { NextAuthOptions } from 'next-auth';\nimport _CredentialsProvider from 'next-auth/providers/credentials';\nconst CredentialsProvider = (_CredentialsProvider as unknown as { default: typeof _CredentialsProvider }).default ?? _CredentialsProvider;\n\nexport interface NextAuthUser {\n id: number;\n email: string;\n name: string | null;\n password: string | null;\n blocked?: boolean;\n deleted?: boolean;\n groupId?: number | null;\n group?: { permissions?: unknown[] };\n}\n\nexport interface NextAuthOptionsConfig {\n /** Resolve user by email (e.g. from TypeORM). Return null if not found. */\n getUserByEmail: (email: string) => Promise<NextAuthUser | null>;\n comparePassword: (plain: string, hash: string) => Promise<boolean>;\n signInPage?: string;\n secret?: string;\n extend?: (options: NextAuthOptions) => NextAuthOptions;\n}\n\nexport function getNextAuthOptions(config: NextAuthOptionsConfig): NextAuthOptions {\n const { getUserByEmail, comparePassword, signInPage = '/admin/signin', secret, extend } = config;\n\n const options: NextAuthOptions = {\n secret: secret ?? process.env.NEXTAUTH_SECRET,\n providers: [\n CredentialsProvider({\n name: 'credentials',\n credentials: {\n email: { label: 'Email', type: 'email' },\n password: { label: 'Password', type: 'password' },\n },\n async authorize(credentials) {\n if (!credentials?.email || !credentials?.password) return null;\n try {\n const user = await getUserByEmail(credentials.email);\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted || !user.password) return null;\n const valid = await comparePassword(credentials.password, user.password);\n if (!valid) return null;\n return {\n id: user.id.toString(),\n email: user.email,\n name: user.name,\n groupId: user.groupId ?? undefined,\n permissions: ['admin'],\n };\n } catch {\n return null;\n }\n },\n }),\n ],\n session: { strategy: 'jwt' },\n pages: { signIn: signInPage },\n cookies: {\n sessionToken: {\n name: process.env.NEXTAUTH_URL?.startsWith('https')\n ? '__Secure-next-auth.session-token'\n : 'next-auth.session-token',\n options: {\n httpOnly: true,\n sameSite: 'lax',\n path: '/',\n secure: process.env.NEXTAUTH_URL?.startsWith('https') ?? false,\n },\n },\n },\n callbacks: {\n async jwt({ token, user }) {\n if (user) {\n (token as Record<string, unknown>).id = user.id;\n (token as Record<string, unknown>).groupId = (user as { groupId?: number }).groupId;\n (token as Record<string, unknown>).permissions = (user as { permissions?: string[] }).permissions;\n }\n return token;\n },\n async session({ session, token }) {\n if (session.user) {\n (session.user as Record<string, unknown>).id = (token as Record<string, unknown>).id;\n (session.user as Record<string, unknown>).groupId = (token as Record<string, unknown>).groupId;\n (session.user as Record<string, unknown>).permissions = (token as Record<string, unknown>).permissions;\n }\n return session;\n },\n },\n };\n\n return extend ? extend(options) : options;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACUO,IAAM,iBAAkD;AAAA,EAC7D,EAAE,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B,EAAE,yBAAyB,CAAC,MAAM,EAAE;AAAA,EACpC,EAAE,cAAc,CAAC,KAAK,EAAE;AAC1B;AAEO,IAAM,gCAA0D,CAAC;AAEjE,SAAS,eAAe,UAA2B;AACxD,SAAO,eAAe,KAAK,CAAC,aAAa,SAAS,WAAW,OAAO,KAAK,QAAQ,EAAE,CAAC,CAAC,CAAC;AACxF;AAEO,SAAS,sBAAsB,UAAmC;AACvE,SAAO;AACT;AAEO,SAAS,eAAe,UAAkB,QAAyB;AACxE,aAAW,YAAY,gBAAgB;AACrC,UAAM,MAAM,OAAO,KAAK,QAAQ,EAAE,CAAC;AACnC,QAAI,SAAS,WAAW,GAAG,KAAK,SAAS,GAAG,EAAE,SAAS,MAAM,EAAG,QAAO;AAAA,EACzE;AACA,SAAO;AACT;AAQO,SAAS,kBAAkB,YAAwB,cAA8F;AACtJ,SAAO;AAAA,IACL,MAAM,cAAc;AAClB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,oBAAoB;AACxB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,uBAAuB;AAC3B,YAAM,UAAU,MAAM,WAAW;AACjC,aAAO,SAAS,QAAQ;AAAA,IAC1B;AAAA,EACF;AACF;;;ACnDO,IAAM,0BAAoD;AAAA,EAC/D,iBAAiB,CAAC,MAAM;AAAA,EACxB,yBAAyB,CAAC,MAAM;AAAA,EAChC,cAAc,CAAC,KAAK;AAAA,EACpB,cAAc,CAAC,KAAK;AAAA,EACpB,aAAa,CAAC,OAAO,MAAM;AAAA,EAC3B,eAAe,CAAC,KAAK;AAAA,EACrB,8BAA8B,CAAC,MAAM;AAAA,EACrC,2BAA2B,CAAC,MAAM;AAAA,EAClC,qBAAqB,CAAC,MAAM;AAC9B;AAEA,SAAS,uBAAuB,SAAqG;AACnI,SACE,QAAQ,QAAQ,IAAI,kCAAkC,GAAG,SACzD,QAAQ,QAAQ,IAAI,yBAAyB,GAAG;AAEpD;AAEA,SAASA,gBAAe,UAAkB,QAAgB,kBAAqD;AAC7G,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,gBAAgB,GAAG;AAClE,QAAI,SAAS,WAAW,QAAQ,KAAK,QAAQ,SAAS,MAAM,EAAG,QAAO;AAAA,EACxE;AACA,SAAO;AACT;AAQO,SAAS,oBAAoB,SAA8B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,mBAAmB,CAAC,iBAAiB,0BAA0B,yBAAyB,eAAe;AAAA,IACvG,mBAAmB;AAAA,IACnB,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,SAAS,cAAc,SAK6E;AACzG,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,SAAS,QAAQ;AAEvB,QAAI,iBAAiB,KAAK,CAAC,MAAM,aAAa,KAAK,SAAS,WAAW,IAAI,GAAG,CAAC,GAAG;AAChF,aAAO,EAAE,MAAM,OAAO;AAAA,IACxB;AAEA,QAAI,SAAS,WAAW,QAAQ,GAAG;AACjC,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,YAAY,KAAK,IAAI,IAAI,YAAY,QAAQ,GAAG,EAAE,SAAS,EAAE;AAAA,MAC9E;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,MAAM,GAAG;AAC/B,UAAIA,gBAAe,UAAU,QAAQ,gBAAgB,GAAG;AACtD,eAAO,EAAE,MAAM,OAAO;AAAA,MACxB;AACA,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,QAAQ,QAAQ,KAAK,MAAM,EAAE,OAAO,eAAe,EAAE;AAAA,MACtE;AAAA,IACF;AAEA,WAAO,EAAE,MAAM,OAAO;AAAA,EACxB;AACF;;;AC9EA,yBAAiC;AACjC,IAAM,sBAAuB,mBAAAC,QAA6E,WAAW,mBAAAA;AAsB9G,SAAS,mBAAmB,QAAgD;AACjF,QAAM,EAAE,gBAAgB,iBAAiB,aAAa,iBAAiB,QAAQ,OAAO,IAAI;AAE1F,QAAM,UAA2B;AAAA,IAC/B,QAAQ,UAAU,QAAQ,IAAI;AAAA,IAC9B,WAAW;AAAA,MACT,oBAAoB;AAAA,QAClB,MAAM;AAAA,QACN,aAAa;AAAA,UACX,OAAO,EAAE,OAAO,SAAS,MAAM,QAAQ;AAAA,UACvC,UAAU,EAAE,OAAO,YAAY,MAAM,WAAW;AAAA,QAClD;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,cAAI,CAAC,aAAa,SAAS,CAAC,aAAa,SAAU,QAAO;AAC1D,cAAI;AACF,kBAAM,OAAO,MAAM,eAAe,YAAY,KAAK;AACnD,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,WAAW,CAAC,KAAK,SAAU,QAAO;AAC/F,kBAAM,QAAQ,MAAM,gBAAgB,YAAY,UAAU,KAAK,QAAQ;AACvE,gBAAI,CAAC,MAAO,QAAO;AACnB,mBAAO;AAAA,cACL,IAAI,KAAK,GAAG,SAAS;AAAA,cACrB,OAAO,KAAK;AAAA,cACZ,MAAM,KAAK;AAAA,cACX,SAAS,KAAK,WAAW;AAAA,cACzB,aAAa,CAAC,OAAO;AAAA,YACvB;AAAA,UACF,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IACA,SAAS,EAAE,UAAU,MAAM;AAAA,IAC3B,OAAO,EAAE,QAAQ,WAAW;AAAA,IAC5B,SAAS;AAAA,MACP,cAAc;AAAA,QACZ,MAAM,QAAQ,IAAI,cAAc,WAAW,OAAO,IAC9C,qCACA;AAAA,QACJ,SAAS;AAAA,UACP,UAAU;AAAA,UACV,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,QAAQ,IAAI,cAAc,WAAW,OAAO,KAAK;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,KAAK,GAAG;AACzB,YAAI,MAAM;AACR,UAAC,MAAkC,KAAK,KAAK;AAC7C,UAAC,MAAkC,UAAW,KAA8B;AAC5E,UAAC,MAAkC,cAAe,KAAoC;AAAA,QACxF;AACA,eAAO;AAAA,MACT;AAAA,MACA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAChC,YAAI,QAAQ,MAAM;AAChB,UAAC,QAAQ,KAAiC,KAAM,MAAkC;AAClF,UAAC,QAAQ,KAAiC,UAAW,MAAkC;AACvF,UAAC,QAAQ,KAAiC,cAAe,MAAkC;AAAA,QAC7F;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO,SAAS,OAAO,OAAO,IAAI;AACpC;","names":["isPublicMethod","_CredentialsProvider"]}
package/dist/auth.js CHANGED
@@ -130,14 +130,9 @@ function getNextAuthOptions(config) {
130
130
  ],
131
131
  session: { strategy: "jwt" },
132
132
  pages: { signIn: signInPage },
133
- cookies: process.env.NODE_ENV === "production" ? {
133
+ cookies: {
134
134
  sessionToken: {
135
- name: "__Secure-next-auth.session-token",
136
- options: { httpOnly: true, sameSite: "lax", path: "/", secure: true }
137
- }
138
- } : {
139
- sessionToken: {
140
- name: "next-auth.session-token",
135
+ name: process.env.NEXTAUTH_URL?.startsWith("https") ? "__Secure-next-auth.session-token" : "next-auth.session-token",
141
136
  options: {
142
137
  httpOnly: true,
143
138
  sameSite: "lax",
package/dist/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/auth/helpers.ts","../src/auth/middleware.ts","../src/auth/nextauth-options.ts"],"sourcesContent":["export interface SessionUser {\n id?: string;\n email?: string | null;\n name?: string | null;\n groupId?: number;\n permissions?: string[];\n}\n\nexport type GetSession = () => Promise<{ user?: SessionUser } | null>;\n\nexport const OPEN_ENDPOINTS: Array<Record<string, string[]>> = [\n { '/api/contacts': ['POST'] },\n { '/api/form-submissions': ['POST'] },\n { '/api/blogs': ['GET'] },\n];\n\nexport const PERMISSION_REQUIRED_ENDPOINTS: Record<string, string[]> = {};\n\nexport function isOpenEndpoint(pathname: string): boolean {\n return OPEN_ENDPOINTS.some((endpoint) => pathname.startsWith(Object.keys(endpoint)[0]));\n}\n\nexport function getRequiredPermission(pathname: string): string[] | null {\n return null;\n}\n\nexport function isPublicMethod(pathname: string, method: string): boolean {\n for (const endpoint of OPEN_ENDPOINTS) {\n const key = Object.keys(endpoint)[0];\n if (pathname.startsWith(key) && endpoint[key].includes(method)) return true;\n }\n return false;\n}\n\nexport interface AuthHelpers {\n requireAuth(req: Request): Promise<Response | null>;\n requirePermission(req: Request, permission: string): Promise<Response | null>;\n getAuthenticatedUser(): Promise<SessionUser | null>;\n}\n\nexport function createAuthHelpers(getSession: GetSession, NextResponse: { json: (body: unknown, init?: { status?: number }) => Response }): AuthHelpers {\n return {\n async requireAuth() {\n const session = await getSession();\n if (!session?.user?.email) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\n }\n return null;\n },\n async requirePermission() {\n const session = await getSession();\n if (!session?.user?.email) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\n }\n return null;\n },\n async getAuthenticatedUser() {\n const session = await getSession();\n return session?.user ?? null;\n },\n };\n}\n","export interface CmsMiddlewareConfig {\n publicAdminPaths?: string[];\n publicApiPaths?: string[];\n /** path -> allowed methods */\n publicApiMethods?: Record<string, string[]>;\n signInPath?: string;\n getSessionToken?: (request: { cookies: { get: (name: string) => { value?: string } | undefined } }) => string | undefined;\n}\n\n/** Default public API paths (no auth). Sites should extend this with their own routes. */\nexport const defaultPublicApiMethods: Record<string, string[]> = {\n '/api/contacts': ['POST'],\n '/api/form-submissions': ['POST'],\n '/api/blogs': ['GET'],\n '/api/forms': ['GET'],\n '/api/auth': ['GET', 'POST'],\n '/api/health': ['GET'],\n '/api/users/forgot-password': ['POST'],\n '/api/users/set-password': ['POST'],\n '/api/users/invite': ['POST'],\n};\n\nfunction defaultGetSessionToken(request: { cookies: { get: (name: string) => { value?: string } | undefined } }): string | undefined {\n return (\n request.cookies.get('__Secure-next-auth.session-token')?.value ??\n request.cookies.get('next-auth.session-token')?.value\n );\n}\n\nfunction isPublicMethod(pathname: string, method: string, publicApiMethods: Record<string, string[]>): boolean {\n for (const [endpoint, methods] of Object.entries(publicApiMethods)) {\n if (pathname.startsWith(endpoint) && methods.includes(method)) return true;\n }\n return false;\n}\n\n/**\n * Returns middleware logic. Use from Next.js middleware:\n * import { createCmsMiddleware } from '@infuro/cms-core';\n * export const middleware = createCmsMiddleware({ ... });\n * export const config = { matcher: ['/admin/:path*', '/api/:path*'] };\n */\nexport function createCmsMiddleware(config: CmsMiddlewareConfig = {}) {\n const {\n publicAdminPaths = ['/admin/signin', '/admin/forgot-password', '/admin/reset-password', '/admin/invite'],\n publicApiMethods = defaultPublicApiMethods,\n signInPath = '/admin/signin',\n getSessionToken = defaultGetSessionToken,\n } = config;\n\n return function cmsMiddleware(request: {\n nextUrl: { pathname: string };\n url: string;\n method: string;\n cookies: { get: (name: string) => { value?: string } | undefined };\n }): { type: 'next' } | { type: 'redirect'; url: string } | { type: 'json'; status: number; body: unknown } {\n const pathname = request.nextUrl.pathname;\n const method = request.method;\n\n if (publicAdminPaths.some((p) => pathname === p || pathname.startsWith(p + '/'))) {\n return { type: 'next' };\n }\n\n if (pathname.startsWith('/admin')) {\n const token = getSessionToken(request);\n if (!token) {\n return { type: 'redirect', url: new URL(signInPath, request.url).toString() };\n }\n }\n\n if (pathname.startsWith('/api')) {\n if (isPublicMethod(pathname, method, publicApiMethods)) {\n return { type: 'next' };\n }\n const token = getSessionToken(request);\n if (!token) {\n return { type: 'json', status: 401, body: { error: 'Unauthorized' } };\n }\n }\n\n return { type: 'next' };\n };\n}\n","/**\n * Build NextAuth options for credentials auth. App can extend/override via extend().\n */\nimport type { NextAuthOptions } from 'next-auth';\nimport _CredentialsProvider from 'next-auth/providers/credentials';\nconst CredentialsProvider = (_CredentialsProvider as unknown as { default: typeof _CredentialsProvider }).default ?? _CredentialsProvider;\n\nexport interface NextAuthUser {\n id: number;\n email: string;\n name: string | null;\n password: string | null;\n blocked?: boolean;\n deleted?: boolean;\n groupId?: number | null;\n group?: { permissions?: unknown[] };\n}\n\nexport interface NextAuthOptionsConfig {\n /** Resolve user by email (e.g. from TypeORM). Return null if not found. */\n getUserByEmail: (email: string) => Promise<NextAuthUser | null>;\n comparePassword: (plain: string, hash: string) => Promise<boolean>;\n signInPage?: string;\n secret?: string;\n extend?: (options: NextAuthOptions) => NextAuthOptions;\n}\n\nexport function getNextAuthOptions(config: NextAuthOptionsConfig): NextAuthOptions {\n const { getUserByEmail, comparePassword, signInPage = '/admin/signin', secret, extend } = config;\n\n const options: NextAuthOptions = {\n secret: secret ?? process.env.NEXTAUTH_SECRET,\n providers: [\n CredentialsProvider({\n name: 'credentials',\n credentials: {\n email: { label: 'Email', type: 'email' },\n password: { label: 'Password', type: 'password' },\n },\n async authorize(credentials) {\n if (!credentials?.email || !credentials?.password) return null;\n try {\n const user = await getUserByEmail(credentials.email);\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted || !user.password) return null;\n const valid = await comparePassword(credentials.password, user.password);\n if (!valid) return null;\n return {\n id: user.id.toString(),\n email: user.email,\n name: user.name,\n groupId: user.groupId ?? undefined,\n permissions: ['admin'],\n };\n } catch {\n return null;\n }\n },\n }),\n ],\n session: { strategy: 'jwt' },\n pages: { signIn: signInPage },\n cookies:\n process.env.NODE_ENV === 'production'\n ? {\n sessionToken: {\n name: '__Secure-next-auth.session-token',\n options: { httpOnly: true, sameSite: 'lax', path: '/', secure: true },\n },\n }\n : {\n sessionToken: {\n name: 'next-auth.session-token',\n options: {\n httpOnly: true,\n sameSite: 'lax',\n path: '/',\n secure: process.env.NEXTAUTH_URL?.startsWith('https') ?? false,\n },\n },\n },\n callbacks: {\n async jwt({ token, user }) {\n if (user) {\n (token as Record<string, unknown>).id = user.id;\n (token as Record<string, unknown>).groupId = (user as { groupId?: number }).groupId;\n (token as Record<string, unknown>).permissions = (user as { permissions?: string[] }).permissions;\n }\n return token;\n },\n async session({ session, token }) {\n if (session.user) {\n (session.user as Record<string, unknown>).id = (token as Record<string, unknown>).id;\n (session.user as Record<string, unknown>).groupId = (token as Record<string, unknown>).groupId;\n (session.user as Record<string, unknown>).permissions = (token as Record<string, unknown>).permissions;\n }\n return session;\n },\n },\n };\n\n return extend ? extend(options) : options;\n}\n"],"mappings":";AAUO,IAAM,iBAAkD;AAAA,EAC7D,EAAE,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B,EAAE,yBAAyB,CAAC,MAAM,EAAE;AAAA,EACpC,EAAE,cAAc,CAAC,KAAK,EAAE;AAC1B;AAEO,IAAM,gCAA0D,CAAC;AAEjE,SAAS,eAAe,UAA2B;AACxD,SAAO,eAAe,KAAK,CAAC,aAAa,SAAS,WAAW,OAAO,KAAK,QAAQ,EAAE,CAAC,CAAC,CAAC;AACxF;AAEO,SAAS,sBAAsB,UAAmC;AACvE,SAAO;AACT;AAEO,SAAS,eAAe,UAAkB,QAAyB;AACxE,aAAW,YAAY,gBAAgB;AACrC,UAAM,MAAM,OAAO,KAAK,QAAQ,EAAE,CAAC;AACnC,QAAI,SAAS,WAAW,GAAG,KAAK,SAAS,GAAG,EAAE,SAAS,MAAM,EAAG,QAAO;AAAA,EACzE;AACA,SAAO;AACT;AAQO,SAAS,kBAAkB,YAAwB,cAA8F;AACtJ,SAAO;AAAA,IACL,MAAM,cAAc;AAClB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,oBAAoB;AACxB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,uBAAuB;AAC3B,YAAM,UAAU,MAAM,WAAW;AACjC,aAAO,SAAS,QAAQ;AAAA,IAC1B;AAAA,EACF;AACF;;;ACnDO,IAAM,0BAAoD;AAAA,EAC/D,iBAAiB,CAAC,MAAM;AAAA,EACxB,yBAAyB,CAAC,MAAM;AAAA,EAChC,cAAc,CAAC,KAAK;AAAA,EACpB,cAAc,CAAC,KAAK;AAAA,EACpB,aAAa,CAAC,OAAO,MAAM;AAAA,EAC3B,eAAe,CAAC,KAAK;AAAA,EACrB,8BAA8B,CAAC,MAAM;AAAA,EACrC,2BAA2B,CAAC,MAAM;AAAA,EAClC,qBAAqB,CAAC,MAAM;AAC9B;AAEA,SAAS,uBAAuB,SAAqG;AACnI,SACE,QAAQ,QAAQ,IAAI,kCAAkC,GAAG,SACzD,QAAQ,QAAQ,IAAI,yBAAyB,GAAG;AAEpD;AAEA,SAASA,gBAAe,UAAkB,QAAgB,kBAAqD;AAC7G,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,gBAAgB,GAAG;AAClE,QAAI,SAAS,WAAW,QAAQ,KAAK,QAAQ,SAAS,MAAM,EAAG,QAAO;AAAA,EACxE;AACA,SAAO;AACT;AAQO,SAAS,oBAAoB,SAA8B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,mBAAmB,CAAC,iBAAiB,0BAA0B,yBAAyB,eAAe;AAAA,IACvG,mBAAmB;AAAA,IACnB,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,SAAS,cAAc,SAK6E;AACzG,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,SAAS,QAAQ;AAEvB,QAAI,iBAAiB,KAAK,CAAC,MAAM,aAAa,KAAK,SAAS,WAAW,IAAI,GAAG,CAAC,GAAG;AAChF,aAAO,EAAE,MAAM,OAAO;AAAA,IACxB;AAEA,QAAI,SAAS,WAAW,QAAQ,GAAG;AACjC,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,YAAY,KAAK,IAAI,IAAI,YAAY,QAAQ,GAAG,EAAE,SAAS,EAAE;AAAA,MAC9E;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,MAAM,GAAG;AAC/B,UAAIA,gBAAe,UAAU,QAAQ,gBAAgB,GAAG;AACtD,eAAO,EAAE,MAAM,OAAO;AAAA,MACxB;AACA,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,QAAQ,QAAQ,KAAK,MAAM,EAAE,OAAO,eAAe,EAAE;AAAA,MACtE;AAAA,IACF;AAEA,WAAO,EAAE,MAAM,OAAO;AAAA,EACxB;AACF;;;AC9EA,OAAO,0BAA0B;AACjC,IAAM,sBAAuB,qBAA6E,WAAW;AAsB9G,SAAS,mBAAmB,QAAgD;AACjF,QAAM,EAAE,gBAAgB,iBAAiB,aAAa,iBAAiB,QAAQ,OAAO,IAAI;AAE1F,QAAM,UAA2B;AAAA,IAC/B,QAAQ,UAAU,QAAQ,IAAI;AAAA,IAC9B,WAAW;AAAA,MACT,oBAAoB;AAAA,QAClB,MAAM;AAAA,QACN,aAAa;AAAA,UACX,OAAO,EAAE,OAAO,SAAS,MAAM,QAAQ;AAAA,UACvC,UAAU,EAAE,OAAO,YAAY,MAAM,WAAW;AAAA,QAClD;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,cAAI,CAAC,aAAa,SAAS,CAAC,aAAa,SAAU,QAAO;AAC1D,cAAI;AACF,kBAAM,OAAO,MAAM,eAAe,YAAY,KAAK;AACnD,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,WAAW,CAAC,KAAK,SAAU,QAAO;AAC/F,kBAAM,QAAQ,MAAM,gBAAgB,YAAY,UAAU,KAAK,QAAQ;AACvE,gBAAI,CAAC,MAAO,QAAO;AACnB,mBAAO;AAAA,cACL,IAAI,KAAK,GAAG,SAAS;AAAA,cACrB,OAAO,KAAK;AAAA,cACZ,MAAM,KAAK;AAAA,cACX,SAAS,KAAK,WAAW;AAAA,cACzB,aAAa,CAAC,OAAO;AAAA,YACvB;AAAA,UACF,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IACA,SAAS,EAAE,UAAU,MAAM;AAAA,IAC3B,OAAO,EAAE,QAAQ,WAAW;AAAA,IAC5B,SACE,QAAQ,IAAI,aAAa,eACrB;AAAA,MACE,cAAc;AAAA,QACZ,MAAM;AAAA,QACN,SAAS,EAAE,UAAU,MAAM,UAAU,OAAO,MAAM,KAAK,QAAQ,KAAK;AAAA,MACtE;AAAA,IACF,IACA;AAAA,MACE,cAAc;AAAA,QACZ,MAAM;AAAA,QACN,SAAS;AAAA,UACP,UAAU;AAAA,UACV,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,QAAQ,IAAI,cAAc,WAAW,OAAO,KAAK;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAAA,IACN,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,KAAK,GAAG;AACzB,YAAI,MAAM;AACR,UAAC,MAAkC,KAAK,KAAK;AAC7C,UAAC,MAAkC,UAAW,KAA8B;AAC5E,UAAC,MAAkC,cAAe,KAAoC;AAAA,QACxF;AACA,eAAO;AAAA,MACT;AAAA,MACA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAChC,YAAI,QAAQ,MAAM;AAChB,UAAC,QAAQ,KAAiC,KAAM,MAAkC;AAClF,UAAC,QAAQ,KAAiC,UAAW,MAAkC;AACvF,UAAC,QAAQ,KAAiC,cAAe,MAAkC;AAAA,QAC7F;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO,SAAS,OAAO,OAAO,IAAI;AACpC;","names":["isPublicMethod"]}
1
+ {"version":3,"sources":["../src/auth/helpers.ts","../src/auth/middleware.ts","../src/auth/nextauth-options.ts"],"sourcesContent":["export interface SessionUser {\n id?: string;\n email?: string | null;\n name?: string | null;\n groupId?: number;\n permissions?: string[];\n}\n\nexport type GetSession = () => Promise<{ user?: SessionUser } | null>;\n\nexport const OPEN_ENDPOINTS: Array<Record<string, string[]>> = [\n { '/api/contacts': ['POST'] },\n { '/api/form-submissions': ['POST'] },\n { '/api/blogs': ['GET'] },\n];\n\nexport const PERMISSION_REQUIRED_ENDPOINTS: Record<string, string[]> = {};\n\nexport function isOpenEndpoint(pathname: string): boolean {\n return OPEN_ENDPOINTS.some((endpoint) => pathname.startsWith(Object.keys(endpoint)[0]));\n}\n\nexport function getRequiredPermission(pathname: string): string[] | null {\n return null;\n}\n\nexport function isPublicMethod(pathname: string, method: string): boolean {\n for (const endpoint of OPEN_ENDPOINTS) {\n const key = Object.keys(endpoint)[0];\n if (pathname.startsWith(key) && endpoint[key].includes(method)) return true;\n }\n return false;\n}\n\nexport interface AuthHelpers {\n requireAuth(req: Request): Promise<Response | null>;\n requirePermission(req: Request, permission: string): Promise<Response | null>;\n getAuthenticatedUser(): Promise<SessionUser | null>;\n}\n\nexport function createAuthHelpers(getSession: GetSession, NextResponse: { json: (body: unknown, init?: { status?: number }) => Response }): AuthHelpers {\n return {\n async requireAuth() {\n const session = await getSession();\n if (!session?.user?.email) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\n }\n return null;\n },\n async requirePermission() {\n const session = await getSession();\n if (!session?.user?.email) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\n }\n return null;\n },\n async getAuthenticatedUser() {\n const session = await getSession();\n return session?.user ?? null;\n },\n };\n}\n","export interface CmsMiddlewareConfig {\n publicAdminPaths?: string[];\n publicApiPaths?: string[];\n /** path -> allowed methods */\n publicApiMethods?: Record<string, string[]>;\n signInPath?: string;\n getSessionToken?: (request: { cookies: { get: (name: string) => { value?: string } | undefined } }) => string | undefined;\n}\n\n/** Default public API paths (no auth). Sites should extend this with their own routes. */\nexport const defaultPublicApiMethods: Record<string, string[]> = {\n '/api/contacts': ['POST'],\n '/api/form-submissions': ['POST'],\n '/api/blogs': ['GET'],\n '/api/forms': ['GET'],\n '/api/auth': ['GET', 'POST'],\n '/api/health': ['GET'],\n '/api/users/forgot-password': ['POST'],\n '/api/users/set-password': ['POST'],\n '/api/users/invite': ['POST'],\n};\n\nfunction defaultGetSessionToken(request: { cookies: { get: (name: string) => { value?: string } | undefined } }): string | undefined {\n return (\n request.cookies.get('__Secure-next-auth.session-token')?.value ??\n request.cookies.get('next-auth.session-token')?.value\n );\n}\n\nfunction isPublicMethod(pathname: string, method: string, publicApiMethods: Record<string, string[]>): boolean {\n for (const [endpoint, methods] of Object.entries(publicApiMethods)) {\n if (pathname.startsWith(endpoint) && methods.includes(method)) return true;\n }\n return false;\n}\n\n/**\n * Returns middleware logic. Use from Next.js middleware:\n * import { createCmsMiddleware } from '@infuro/cms-core';\n * export const middleware = createCmsMiddleware({ ... });\n * export const config = { matcher: ['/admin/:path*', '/api/:path*'] };\n */\nexport function createCmsMiddleware(config: CmsMiddlewareConfig = {}) {\n const {\n publicAdminPaths = ['/admin/signin', '/admin/forgot-password', '/admin/reset-password', '/admin/invite'],\n publicApiMethods = defaultPublicApiMethods,\n signInPath = '/admin/signin',\n getSessionToken = defaultGetSessionToken,\n } = config;\n\n return function cmsMiddleware(request: {\n nextUrl: { pathname: string };\n url: string;\n method: string;\n cookies: { get: (name: string) => { value?: string } | undefined };\n }): { type: 'next' } | { type: 'redirect'; url: string } | { type: 'json'; status: number; body: unknown } {\n const pathname = request.nextUrl.pathname;\n const method = request.method;\n\n if (publicAdminPaths.some((p) => pathname === p || pathname.startsWith(p + '/'))) {\n return { type: 'next' };\n }\n\n if (pathname.startsWith('/admin')) {\n const token = getSessionToken(request);\n if (!token) {\n return { type: 'redirect', url: new URL(signInPath, request.url).toString() };\n }\n }\n\n if (pathname.startsWith('/api')) {\n if (isPublicMethod(pathname, method, publicApiMethods)) {\n return { type: 'next' };\n }\n const token = getSessionToken(request);\n if (!token) {\n return { type: 'json', status: 401, body: { error: 'Unauthorized' } };\n }\n }\n\n return { type: 'next' };\n };\n}\n","/**\n * Build NextAuth options for credentials auth. App can extend/override via extend().\n */\nimport type { NextAuthOptions } from 'next-auth';\nimport _CredentialsProvider from 'next-auth/providers/credentials';\nconst CredentialsProvider = (_CredentialsProvider as unknown as { default: typeof _CredentialsProvider }).default ?? _CredentialsProvider;\n\nexport interface NextAuthUser {\n id: number;\n email: string;\n name: string | null;\n password: string | null;\n blocked?: boolean;\n deleted?: boolean;\n groupId?: number | null;\n group?: { permissions?: unknown[] };\n}\n\nexport interface NextAuthOptionsConfig {\n /** Resolve user by email (e.g. from TypeORM). Return null if not found. */\n getUserByEmail: (email: string) => Promise<NextAuthUser | null>;\n comparePassword: (plain: string, hash: string) => Promise<boolean>;\n signInPage?: string;\n secret?: string;\n extend?: (options: NextAuthOptions) => NextAuthOptions;\n}\n\nexport function getNextAuthOptions(config: NextAuthOptionsConfig): NextAuthOptions {\n const { getUserByEmail, comparePassword, signInPage = '/admin/signin', secret, extend } = config;\n\n const options: NextAuthOptions = {\n secret: secret ?? process.env.NEXTAUTH_SECRET,\n providers: [\n CredentialsProvider({\n name: 'credentials',\n credentials: {\n email: { label: 'Email', type: 'email' },\n password: { label: 'Password', type: 'password' },\n },\n async authorize(credentials) {\n if (!credentials?.email || !credentials?.password) return null;\n try {\n const user = await getUserByEmail(credentials.email);\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted || !user.password) return null;\n const valid = await comparePassword(credentials.password, user.password);\n if (!valid) return null;\n return {\n id: user.id.toString(),\n email: user.email,\n name: user.name,\n groupId: user.groupId ?? undefined,\n permissions: ['admin'],\n };\n } catch {\n return null;\n }\n },\n }),\n ],\n session: { strategy: 'jwt' },\n pages: { signIn: signInPage },\n cookies: {\n sessionToken: {\n name: process.env.NEXTAUTH_URL?.startsWith('https')\n ? '__Secure-next-auth.session-token'\n : 'next-auth.session-token',\n options: {\n httpOnly: true,\n sameSite: 'lax',\n path: '/',\n secure: process.env.NEXTAUTH_URL?.startsWith('https') ?? false,\n },\n },\n },\n callbacks: {\n async jwt({ token, user }) {\n if (user) {\n (token as Record<string, unknown>).id = user.id;\n (token as Record<string, unknown>).groupId = (user as { groupId?: number }).groupId;\n (token as Record<string, unknown>).permissions = (user as { permissions?: string[] }).permissions;\n }\n return token;\n },\n async session({ session, token }) {\n if (session.user) {\n (session.user as Record<string, unknown>).id = (token as Record<string, unknown>).id;\n (session.user as Record<string, unknown>).groupId = (token as Record<string, unknown>).groupId;\n (session.user as Record<string, unknown>).permissions = (token as Record<string, unknown>).permissions;\n }\n return session;\n },\n },\n };\n\n return extend ? extend(options) : options;\n}\n"],"mappings":";AAUO,IAAM,iBAAkD;AAAA,EAC7D,EAAE,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B,EAAE,yBAAyB,CAAC,MAAM,EAAE;AAAA,EACpC,EAAE,cAAc,CAAC,KAAK,EAAE;AAC1B;AAEO,IAAM,gCAA0D,CAAC;AAEjE,SAAS,eAAe,UAA2B;AACxD,SAAO,eAAe,KAAK,CAAC,aAAa,SAAS,WAAW,OAAO,KAAK,QAAQ,EAAE,CAAC,CAAC,CAAC;AACxF;AAEO,SAAS,sBAAsB,UAAmC;AACvE,SAAO;AACT;AAEO,SAAS,eAAe,UAAkB,QAAyB;AACxE,aAAW,YAAY,gBAAgB;AACrC,UAAM,MAAM,OAAO,KAAK,QAAQ,EAAE,CAAC;AACnC,QAAI,SAAS,WAAW,GAAG,KAAK,SAAS,GAAG,EAAE,SAAS,MAAM,EAAG,QAAO;AAAA,EACzE;AACA,SAAO;AACT;AAQO,SAAS,kBAAkB,YAAwB,cAA8F;AACtJ,SAAO;AAAA,IACL,MAAM,cAAc;AAClB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,oBAAoB;AACxB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,uBAAuB;AAC3B,YAAM,UAAU,MAAM,WAAW;AACjC,aAAO,SAAS,QAAQ;AAAA,IAC1B;AAAA,EACF;AACF;;;ACnDO,IAAM,0BAAoD;AAAA,EAC/D,iBAAiB,CAAC,MAAM;AAAA,EACxB,yBAAyB,CAAC,MAAM;AAAA,EAChC,cAAc,CAAC,KAAK;AAAA,EACpB,cAAc,CAAC,KAAK;AAAA,EACpB,aAAa,CAAC,OAAO,MAAM;AAAA,EAC3B,eAAe,CAAC,KAAK;AAAA,EACrB,8BAA8B,CAAC,MAAM;AAAA,EACrC,2BAA2B,CAAC,MAAM;AAAA,EAClC,qBAAqB,CAAC,MAAM;AAC9B;AAEA,SAAS,uBAAuB,SAAqG;AACnI,SACE,QAAQ,QAAQ,IAAI,kCAAkC,GAAG,SACzD,QAAQ,QAAQ,IAAI,yBAAyB,GAAG;AAEpD;AAEA,SAASA,gBAAe,UAAkB,QAAgB,kBAAqD;AAC7G,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,gBAAgB,GAAG;AAClE,QAAI,SAAS,WAAW,QAAQ,KAAK,QAAQ,SAAS,MAAM,EAAG,QAAO;AAAA,EACxE;AACA,SAAO;AACT;AAQO,SAAS,oBAAoB,SAA8B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,mBAAmB,CAAC,iBAAiB,0BAA0B,yBAAyB,eAAe;AAAA,IACvG,mBAAmB;AAAA,IACnB,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,SAAS,cAAc,SAK6E;AACzG,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,SAAS,QAAQ;AAEvB,QAAI,iBAAiB,KAAK,CAAC,MAAM,aAAa,KAAK,SAAS,WAAW,IAAI,GAAG,CAAC,GAAG;AAChF,aAAO,EAAE,MAAM,OAAO;AAAA,IACxB;AAEA,QAAI,SAAS,WAAW,QAAQ,GAAG;AACjC,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,YAAY,KAAK,IAAI,IAAI,YAAY,QAAQ,GAAG,EAAE,SAAS,EAAE;AAAA,MAC9E;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,MAAM,GAAG;AAC/B,UAAIA,gBAAe,UAAU,QAAQ,gBAAgB,GAAG;AACtD,eAAO,EAAE,MAAM,OAAO;AAAA,MACxB;AACA,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,QAAQ,QAAQ,KAAK,MAAM,EAAE,OAAO,eAAe,EAAE;AAAA,MACtE;AAAA,IACF;AAEA,WAAO,EAAE,MAAM,OAAO;AAAA,EACxB;AACF;;;AC9EA,OAAO,0BAA0B;AACjC,IAAM,sBAAuB,qBAA6E,WAAW;AAsB9G,SAAS,mBAAmB,QAAgD;AACjF,QAAM,EAAE,gBAAgB,iBAAiB,aAAa,iBAAiB,QAAQ,OAAO,IAAI;AAE1F,QAAM,UAA2B;AAAA,IAC/B,QAAQ,UAAU,QAAQ,IAAI;AAAA,IAC9B,WAAW;AAAA,MACT,oBAAoB;AAAA,QAClB,MAAM;AAAA,QACN,aAAa;AAAA,UACX,OAAO,EAAE,OAAO,SAAS,MAAM,QAAQ;AAAA,UACvC,UAAU,EAAE,OAAO,YAAY,MAAM,WAAW;AAAA,QAClD;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,cAAI,CAAC,aAAa,SAAS,CAAC,aAAa,SAAU,QAAO;AAC1D,cAAI;AACF,kBAAM,OAAO,MAAM,eAAe,YAAY,KAAK;AACnD,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,WAAW,CAAC,KAAK,SAAU,QAAO;AAC/F,kBAAM,QAAQ,MAAM,gBAAgB,YAAY,UAAU,KAAK,QAAQ;AACvE,gBAAI,CAAC,MAAO,QAAO;AACnB,mBAAO;AAAA,cACL,IAAI,KAAK,GAAG,SAAS;AAAA,cACrB,OAAO,KAAK;AAAA,cACZ,MAAM,KAAK;AAAA,cACX,SAAS,KAAK,WAAW;AAAA,cACzB,aAAa,CAAC,OAAO;AAAA,YACvB;AAAA,UACF,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IACA,SAAS,EAAE,UAAU,MAAM;AAAA,IAC3B,OAAO,EAAE,QAAQ,WAAW;AAAA,IAC5B,SAAS;AAAA,MACP,cAAc;AAAA,QACZ,MAAM,QAAQ,IAAI,cAAc,WAAW,OAAO,IAC9C,qCACA;AAAA,QACJ,SAAS;AAAA,UACP,UAAU;AAAA,UACV,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,QAAQ,IAAI,cAAc,WAAW,OAAO,KAAK;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,KAAK,GAAG;AACzB,YAAI,MAAM;AACR,UAAC,MAAkC,KAAK,KAAK;AAC7C,UAAC,MAAkC,UAAW,KAA8B;AAC5E,UAAC,MAAkC,cAAe,KAAoC;AAAA,QACxF;AACA,eAAO;AAAA,MACT;AAAA,MACA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAChC,YAAI,QAAQ,MAAM;AAChB,UAAC,QAAQ,KAAiC,KAAM,MAAkC;AAClF,UAAC,QAAQ,KAAiC,UAAW,MAAkC;AACvF,UAAC,QAAQ,KAAiC,cAAe,MAAkC;AAAA,QAC7F;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO,SAAS,OAAO,OAAO,IAAI;AACpC;","names":["isPublicMethod"]}
package/dist/index.cjs CHANGED
@@ -1925,14 +1925,9 @@ function getNextAuthOptions(config) {
1925
1925
  ],
1926
1926
  session: { strategy: "jwt" },
1927
1927
  pages: { signIn: signInPage },
1928
- cookies: process.env.NODE_ENV === "production" ? {
1928
+ cookies: {
1929
1929
  sessionToken: {
1930
- name: "__Secure-next-auth.session-token",
1931
- options: { httpOnly: true, sameSite: "lax", path: "/", secure: true }
1932
- }
1933
- } : {
1934
- sessionToken: {
1935
- name: "next-auth.session-token",
1930
+ name: process.env.NEXTAUTH_URL?.startsWith("https") ? "__Secure-next-auth.session-token" : "next-auth.session-token",
1936
1931
  options: {
1937
1932
  httpOnly: true,
1938
1933
  sameSite: "lax",