@meistrari/auth-nuxt 3.8.1 → 3.9.1

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "name": "@meistrari/auth-nuxt",
   "configKey": "telaAuth",
-  "version": "3.0.1",
+  "version": "3.9.1",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -21,7 +21,12 @@ const module$1 = defineNuxtModule({
       addImports({
         name: "useTelaApplicationAuth",
         as: "useTelaApplicationAuth",
-        from: resolver.resolve("runtime/composables/application-auth")
+        from: resolver.resolve("runtime/composables/application/auth")
+      });
+      addImports({
+        name: "useTelaOrganization",
+        as: "useTelaOrganization",
+        from: resolver.resolve("runtime/composables/application/organization")
       });
       addComponent({
         name: "TelaRole",
@@ -61,11 +66,6 @@ const module$1 = defineNuxtModule({
         handler: resolver.resolve("./runtime/server/routes/auth/logout"),
         method: "post"
       });
-      addServerHandler({
-        route: "/auth/organizations",
-        handler: resolver.resolve("./runtime/server/routes/auth/organizations"),
-        method: "get"
-      });
       addServerHandler({
         route: "/auth/switch-organization",
         handler: resolver.resolve("./runtime/server/routes/auth/switch-organization"),
@@ -80,6 +80,10 @@ const module$1 = defineNuxtModule({
         route: "/api/auth/api-key/**",
         handler: resolver.resolve("./runtime/server/routes/auth/api-key-proxy")
       });
+      addServerHandler({
+        route: "/api/auth/organization/**",
+        handler: resolver.resolve("./runtime/server/routes/auth/organization-proxy")
+      });
       addPlugin(resolver.resolve("./runtime/plugins/application-token-refresh"));
       addPlugin(resolver.resolve("./runtime/plugins/auth-guard"));
       addPlugin(resolver.resolve("./runtime/plugins/directives"));

package/dist/runtime/components/tela-role.vue

@@ -1,5 +1,5 @@
 <script setup>
-import { useTelaApplicationAuth } from "../composables/application-auth";
+import { useTelaApplicationAuth } from "../composables/application/auth";
 defineProps({
   allowedRoles: { type: Array, required: true }
 });

package/dist/runtime/composables/api-key.js

@@ -2,11 +2,11 @@ import { useCookie, useRequestURL, useRuntimeConfig } from "#app";
 import { createNuxtAuthClient } from "../shared.js";
 export function useTelaApiKey() {
   const { application, jwtCookieName, apiUrl } = useRuntimeConfig().public.telaAuth;
-  const tokenCookie = useCookie(jwtCookieName);
+  const tokenCookie = useCookie(application?.enabled ? "tela-access-token" : jwtCookieName);
   const requestUrl = useRequestURL();
   const authClient = createNuxtAuthClient(
     application?.enabled ? requestUrl.origin : apiUrl,
-    () => application?.enabled ? null : tokenCookie.value ?? null
+    () => tokenCookie.value ?? null
   );
   async function createApiKey(payload) {
     return await authClient.apiKey.createApiKey(payload);

package/dist/runtime/composables/{application-auth.js → application/auth.js}

@@ -1,7 +1,8 @@
 import { navigateTo, useCookie, useRuntimeConfig } from "#app";
 import { AuthorizationFlowError, isTokenExpired, RefreshTokenExpiredError, UserNotLoggedInError } from "@meistrari/auth-core";
-import { useApplicationSessionState } from "./state.js";
-import { willTokenExpireIn } from "../helpers/token.js";
+import { useApplicationSessionState } from "../state.js";
+import { willTokenExpireIn } from "../../helpers/token.js";
+import { useTelaOrganization } from "./organization.js";
 const FIFTEEN_MINUTES = 60 * 15;
 const ONE_MINUTE = 60 * 1e3;
 export function useTelaApplicationAuth() {
@@ -73,8 +74,7 @@ export function useTelaApplicationAuth() {
   }
   async function getAvailableOrganizations() {
     try {
-      const result = await $fetch("/auth/organizations", { method: "GET" });
-      return result.organizations;
+      return await useTelaOrganization().listOrganizations();
     } catch (error) {
       console.error("[Auth Orgs] Failed to list organizations:", error);
       throw error;

package/dist/runtime/composables/application/organization.d.ts

@@ -0,0 +1,26 @@
+import type { CreateTeamPayload, FullOrganization, Invitation, InviteUserToOrganizationOptions, ListMembersOptions, Member, RemoveUserFromOrganizationOptions, Team, TeamMember, UpdateMemberRoleOptions, UpdateTeamPayload } from '@meistrari/auth-core';
+import type { Ref } from 'vue';
+export interface UseTelaApplicationOrganizationReturn {
+    activeOrganization: Ref<FullOrganization | null>;
+    activeMember: Ref<Member | null>;
+    getActiveOrganization: () => Promise<FullOrganization | undefined>;
+    getAvailableOrganizations: () => Promise<FullOrganization[]>;
+    listOrganizations: () => Promise<FullOrganization[]>;
+    listMembers: (options?: ListMembersOptions) => Promise<Member[]>;
+    getActiveMember: () => Promise<Member>;
+    inviteUserToOrganization: (options: InviteUserToOrganizationOptions) => Promise<Invitation>;
+    acceptInvitation: (id: string) => Promise<{
+        homeUrl: string | null;
+    }>;
+    cancelInvitation: (id: string) => Promise<void>;
+    removeUserFromOrganization: (options: RemoveUserFromOrganizationOptions) => Promise<void>;
+    updateMemberRole: (options: UpdateMemberRoleOptions) => Promise<void>;
+    createTeam: (payload: CreateTeamPayload) => Promise<Team>;
+    updateTeam: (id: string, payload: UpdateTeamPayload) => Promise<Team>;
+    deleteTeam: (id: string) => Promise<void>;
+    listTeams: () => Promise<Team[]>;
+    listTeamMembers: (id: string) => Promise<TeamMember[]>;
+    addTeamMember: (teamId: string, userId: string) => Promise<TeamMember>;
+    removeTeamMember: (teamId: string, userId: string) => Promise<void>;
+}
+export declare function useTelaOrganization(): UseTelaApplicationOrganizationReturn;

package/dist/runtime/composables/application/organization.js

@@ -0,0 +1,143 @@
+import { useCookie, useRequestURL } from "#app";
+import { createNuxtAuthClient } from "../../shared.js";
+import { useApplicationSessionState, useOrganizationState } from "../state.js";
+export function useTelaOrganization() {
+  const { activeOrganization } = useApplicationSessionState();
+  const { activeMember } = useOrganizationState();
+  const requestUrl = useRequestURL();
+  const accessToken = useCookie("tela-access-token");
+  const authClient = createNuxtAuthClient(requestUrl.origin, () => accessToken.value ?? null);
+  async function getActiveOrganization() {
+    if (!activeOrganization.value?.id) {
+      return;
+    }
+    const organization = await authClient.organization.getOrganization(activeOrganization.value.id);
+    activeOrganization.value = organization;
+    return organization;
+  }
+  async function getAvailableOrganizations() {
+    return await listOrganizations();
+  }
+  async function listOrganizations() {
+    return await authClient.organization.listOrganizations();
+  }
+  async function listMembers(options) {
+    return await authClient.organization.listMembers(options);
+  }
+  async function getActiveMember() {
+    const member = await authClient.organization.getActiveMember();
+    activeMember.value = member;
+    return member;
+  }
+  async function inviteUserToOrganization(options) {
+    const invitation = await authClient.organization.inviteUserToOrganization(options);
+    if (activeOrganization.value) {
+      activeOrganization.value = {
+        ...activeOrganization.value,
+        invitations: [...activeOrganization.value.invitations ?? [], invitation]
+      };
+    }
+    return invitation;
+  }
+  async function acceptInvitation(id) {
+    const { homeUrl } = await authClient.organization.acceptInvitation(id);
+    const members = await authClient.organization.listMembers();
+    if (activeOrganization.value) {
+      activeOrganization.value = {
+        ...activeOrganization.value,
+        members
+      };
+    }
+    return { homeUrl };
+  }
+  async function cancelInvitation(id) {
+    await authClient.organization.cancelInvitation(id);
+    if (activeOrganization.value) {
+      activeOrganization.value = {
+        ...activeOrganization.value,
+        invitations: activeOrganization.value.invitations?.filter((invitation) => invitation.id !== id) ?? []
+      };
+    }
+  }
+  async function removeUserFromOrganization(options) {
+    await authClient.organization.removeUserFromOrganization(options);
+    if (activeOrganization.value) {
+      activeOrganization.value = {
+        ...activeOrganization.value,
+        members: activeOrganization.value.members?.filter((member) => member.id !== options.memberId) ?? []
+      };
+    }
+  }
+  async function updateMemberRole(options) {
+    await authClient.organization.updateMemberRole(options);
+    const members = await authClient.organization.listMembers();
+    if (activeOrganization.value) {
+      activeOrganization.value = {
+        ...activeOrganization.value,
+        members
+      };
+    }
+  }
+  async function createTeam(payload) {
+    const team = await authClient.organization.createTeam(payload);
+    if (activeOrganization.value) {
+      activeOrganization.value = {
+        ...activeOrganization.value,
+        teams: [...activeOrganization.value.teams ?? [], team]
+      };
+    }
+    return team;
+  }
+  async function updateTeam(id, payload) {
+    const updatedTeam = await authClient.organization.updateTeam(id, payload);
+    if (activeOrganization.value) {
+      activeOrganization.value = {
+        ...activeOrganization.value,
+        teams: activeOrganization.value.teams?.map((team) => team.id === id ? updatedTeam : team) ?? []
+      };
+    }
+    return updatedTeam;
+  }
+  async function deleteTeam(id) {
+    await authClient.organization.deleteTeam(id);
+    if (activeOrganization.value) {
+      activeOrganization.value = {
+        ...activeOrganization.value,
+        teams: activeOrganization.value.teams?.filter((team) => team.id !== id) ?? []
+      };
+    }
+  }
+  async function listTeams() {
+    return await authClient.organization.listTeams();
+  }
+  async function listTeamMembers(id) {
+    return await authClient.organization.listTeamMembers(id);
+  }
+  async function addTeamMember(teamId, userId) {
+    return await authClient.organization.addTeamMember(teamId, userId);
+  }
+  async function removeTeamMember(teamId, userId) {
+    await authClient.organization.removeTeamMember(teamId, userId);
+  }
+  return {
+    activeOrganization,
+    activeMember,
+    getActiveOrganization,
+    getAvailableOrganizations,
+    listOrganizations,
+    listMembers,
+    getActiveMember,
+    inviteUserToOrganization,
+    acceptInvitation,
+    cancelInvitation,
+    removeUserFromOrganization,
+    updateMemberRole,
+    createTeam,
+    updateTeam,
+    deleteTeam,
+    listTeams,
+    listTeamMembers,
+    addTeamMember,
+    removeTeamMember
+  };
+}

package/dist/runtime/composables/session.js

@@ -46,14 +46,12 @@ export function useTelaSession() {
   async function signInWithEmailAndPassword({
     email,
     password,
-    callbackURL,
-    errorCallbackURL
+    callbackURL
   }) {
     await authClient.session.signInWithEmailAndPassword({
       email,
       password,
-      callbackURL,
-      errorCallbackURL
+      callbackURL
     });
   }
   async function requestPasswordReset(email, callbackURL) {

package/dist/runtime/plugins/application-token-refresh.js

@@ -1,6 +1,6 @@
 import { defineNuxtPlugin, navigateTo, useCookie, useRoute, useRuntimeConfig } from "#app";
 import { isTokenExpired } from "@meistrari/auth-core";
-import { useTelaApplicationAuth } from "../composables/application-auth.js";
+import { useTelaApplicationAuth } from "../composables/application/auth.js";
 import { useApplicationSessionState } from "../composables/state.js";
 import { createNuxtAuthClient } from "../shared.js";
 import { parseTokenExpiry } from "../helpers/token.js";

package/dist/runtime/server/routes/auth/api-key-proxy.js

@@ -8,6 +8,7 @@ import {
   setResponseHeader,
   setResponseStatus
 } from "h3";
+import { shouldRejectMutationForCsrf } from "../../utils/csrf.js";
 const ALLOWED_REQUEST_HEADERS = /* @__PURE__ */ new Set([
   "accept",
   "content-type"
@@ -16,9 +17,28 @@ const ALLOWED_RESPONSE_HEADERS = /* @__PURE__ */ new Set([
   "cache-control",
   "content-type"
 ]);
+const ALLOWED_API_KEY_ROUTES = /* @__PURE__ */ new Map([
+  ["/api/auth/api-key/create", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/api-key/delete", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/api-key/get", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/api-key/list", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/api-key/update", /* @__PURE__ */ new Set(["POST"])]
+]);
+function getBearerToken(authorization) {
+  const value = Array.isArray(authorization) ? authorization[0] : authorization;
+  if (!value?.toLowerCase().startsWith("bearer ")) {
+    return void 0;
+  }
+  return value.slice("bearer ".length).trimStart() || void 0;
+}
 export default defineEventHandler(async (event) => {
   const authConfig = useRuntimeConfig(event).public.telaAuth;
-  const accessToken = getCookie(event, "tela-access-token");
+  const requestUrl = getRequestURL(event);
+  const requestHeaders = getHeaders(event);
+  const cookieAccessToken = getCookie(event, "tela-access-token");
+  const bearerAccessToken = getBearerToken(requestHeaders.authorization);
+  const accessToken = cookieAccessToken ?? bearerAccessToken;
+  const allowedMethods = ALLOWED_API_KEY_ROUTES.get(requestUrl.pathname);
   if (!authConfig.application?.enabled) {
     throw createError({
       statusCode: 404,
@@ -32,10 +52,33 @@ export default defineEventHandler(async (event) => {
       message: "No access token found"
     });
   }
-  const requestUrl = getRequestURL(event);
+  if (!allowedMethods) {
+    throw createError({
+      statusCode: 404,
+      statusMessage: "Not Found"
+    });
+  }
+  if (!allowedMethods.has(event.method)) {
+    throw createError({
+      statusCode: 405,
+      statusMessage: "Method Not Allowed"
+    });
+  }
+  if (shouldRejectMutationForCsrf({
+    hasBearerToken: Boolean(bearerAccessToken),
+    hasCookieToken: Boolean(cookieAccessToken),
+    method: event.method,
+    origin: requestHeaders.origin,
+    requestOrigin: requestUrl.origin
+  })) {
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Forbidden"
+    });
+  }
   const targetUrl = new URL(requestUrl.pathname + requestUrl.search, authConfig.apiUrl);
   const headers = new Headers();
-  for (const [name, value] of Object.entries(getHeaders(event))) {
+  for (const [name, value] of Object.entries(requestHeaders)) {
     if (value && ALLOWED_REQUEST_HEADERS.has(name.toLowerCase())) {
       headers.set(name, Array.isArray(value) ? value.join(", ") : value);
     }

package/dist/runtime/server/routes/auth/organization-proxy.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<string>>;
+export default _default;

package/dist/runtime/server/routes/auth/organization-proxy.js

@@ -0,0 +1,118 @@
+import { createError, useRuntimeConfig } from "#imports";
+import {
+  defineEventHandler,
+  getCookie,
+  getHeaders,
+  getRequestURL,
+  readRawBody,
+  setResponseHeader,
+  setResponseStatus
+} from "h3";
+import { shouldRejectMutationForCsrf } from "../../utils/csrf.js";
+const ALLOWED_REQUEST_HEADERS = /* @__PURE__ */ new Set([
+  "accept",
+  "content-type"
+]);
+const ALLOWED_RESPONSE_HEADERS = /* @__PURE__ */ new Set([
+  "cache-control",
+  "content-type"
+]);
+const ALLOWED_ORGANIZATION_ROUTES = /* @__PURE__ */ new Map([
+  ["/api/auth/organization/get-full-organization", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/list", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/invite-member", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/cancel-invitation", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/accept-invitation", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/get-invitation", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/reject-invitation", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/list-invitations", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/get-active-member", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/remove-member", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/update-member-role", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/list-user-invitations", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/list-members", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/get-active-member-role", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/create-team", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/list-teams", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/remove-team", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/update-team", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/list-user-teams", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/list-team-members", /* @__PURE__ */ new Set(["GET"])],
+  ["/api/auth/organization/add-team-member", /* @__PURE__ */ new Set(["POST"])],
+  ["/api/auth/organization/remove-team-member", /* @__PURE__ */ new Set(["POST"])]
+]);
+function getBearerToken(authorization) {
+  const value = Array.isArray(authorization) ? authorization[0] : authorization;
+  if (!value?.toLowerCase().startsWith("bearer ")) {
+    return void 0;
+  }
+  return value.slice("bearer ".length).trimStart() || void 0;
+}
+export default defineEventHandler(async (event) => {
+  const authConfig = useRuntimeConfig(event).public.telaAuth;
+  const requestUrl = getRequestURL(event);
+  const requestHeaders = getHeaders(event);
+  const cookieAccessToken = getCookie(event, "tela-access-token");
+  const bearerAccessToken = getBearerToken(requestHeaders.authorization);
+  const accessToken = cookieAccessToken ?? bearerAccessToken;
+  const allowedMethods = ALLOWED_ORGANIZATION_ROUTES.get(requestUrl.pathname);
+  if (!authConfig.application?.enabled) {
+    throw createError({
+      statusCode: 404,
+      statusMessage: "Not Found"
+    });
+  }
+  if (!accessToken) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Unauthorized",
+      message: "No access token found"
+    });
+  }
+  if (!allowedMethods) {
+    throw createError({
+      statusCode: 404,
+      statusMessage: "Not Found"
+    });
+  }
+  if (!allowedMethods.has(event.method)) {
+    throw createError({
+      statusCode: 405,
+      statusMessage: "Method Not Allowed"
+    });
+  }
+  if (shouldRejectMutationForCsrf({
+    hasBearerToken: Boolean(bearerAccessToken),
+    hasCookieToken: Boolean(cookieAccessToken),
+    method: event.method,
+    origin: requestHeaders.origin,
+    requestOrigin: requestUrl.origin
+  })) {
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Forbidden"
+    });
+  }
+  const targetUrl = new URL(requestUrl.pathname + requestUrl.search, authConfig.apiUrl);
+  const headers = new Headers();
+  for (const [name, value] of Object.entries(requestHeaders)) {
+    if (value && ALLOWED_REQUEST_HEADERS.has(name.toLowerCase())) {
+      headers.set(name, Array.isArray(value) ? value.join(", ") : value);
+    }
+  }
+  headers.set("Authorization", `Bearer ${accessToken}`);
+  const method = event.method;
+  const body = method === "GET" || method === "HEAD" ? void 0 : await readRawBody(event);
+  const response = await fetch(targetUrl, {
+    body,
+    headers,
+    method
+  });
+  setResponseStatus(event, response.status, response.statusText);
+  for (const [name, value] of response.headers) {
+    if (ALLOWED_RESPONSE_HEADERS.has(name.toLowerCase())) {
+      setResponseHeader(event, name, value);
+    }
+  }
+  return await response.text();
+});

package/dist/runtime/server/utils/csrf.d.ts

@@ -0,0 +1,9 @@
+type CsrfMutationOptions = {
+    hasBearerToken: boolean;
+    hasCookieToken: boolean;
+    method: string;
+    origin: string | string[] | undefined;
+    requestOrigin: string;
+};
+export declare function shouldRejectMutationForCsrf({ hasBearerToken, hasCookieToken, method, origin, requestOrigin, }: CsrfMutationOptions): boolean;
+export {};

package/dist/runtime/server/utils/csrf.js

@@ -0,0 +1,19 @@
+function getHeaderValue(value) {
+  return Array.isArray(value) ? value[0] : value;
+}
+export function shouldRejectMutationForCsrf({
+  hasBearerToken,
+  hasCookieToken,
+  method,
+  origin,
+  requestOrigin
+}) {
+  if (method === "GET") {
+    return false;
+  }
+  const requestOriginHeader = getHeaderValue(origin);
+  if (requestOriginHeader) {
+    return requestOriginHeader !== requestOrigin;
+  }
+  return hasCookieToken && !hasBearerToken;
+}

package/package.json

@@ -1,63 +1,63 @@
 {
-    "name": "@meistrari/auth-nuxt",
-    "version": "3.8.1",
-    "type": "module",
-    "exports": {
-        ".": {
-            "types": "./dist/types.d.mts",
-            "import": "./dist/module.mjs"
-        },
-        "./server/middleware/auth": {
-            "types": "./dist/runtime/server/middleware/auth.d.ts",
-            "import": "./dist/runtime/server/middleware/auth.js"
-        },
-        "./server/middleware/application-auth": {
-            "types": "./dist/runtime/server/middleware/application-auth.d.ts",
-            "import": "./dist/runtime/server/middleware/application-auth.js"
-        },
-        "./core": {
-            "types": "./dist/core.d.mts",
-            "import": "./dist/core.mjs"
-        }
+  "name": "@meistrari/auth-nuxt",
+  "version": "3.9.1",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/types.d.mts",
+      "import": "./dist/module.mjs"
     },
-    "main": "./dist/module.mjs",
-    "typesVersions": {
-        "*": {
-            ".": [
-                "./dist/types.d.mts"
-            ]
-        }
+    "./server/middleware/auth": {
+      "types": "./dist/runtime/server/middleware/auth.d.ts",
+      "import": "./dist/runtime/server/middleware/auth.js"
     },
-    "files": [
-        "dist"
-    ],
-    "scripts": {
-        "build": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxt-module-build build",
-        "docs": "nuxt-module-build prepare && typedoc"
+    "./server/middleware/application-auth": {
+      "types": "./dist/runtime/server/middleware/application-auth.d.ts",
+      "import": "./dist/runtime/server/middleware/application-auth.js"
     },
-    "dependencies": {
-        "@meistrari/auth-core": "1.19.0",
-        "jose": "6.1.3"
-    },
-    "peerDependencies": {
-        "nuxt": "^3.0.0 || ^4.0.0",
-        "vue": "^3.0.0"
-    },
-    "devDependencies": {
-        "@nuxt/devtools": "2.6.3",
-        "@nuxt/eslint-config": "1.9.0",
-        "@nuxt/kit": "4.0.3",
-        "@nuxt/module-builder": "1.0.2",
-        "@nuxt/schema": "4.0.3",
-        "@nuxt/test-utils": "3.19.2",
-        "@types/node": "latest",
-        "changelogen": "0.6.2",
-        "nuxt": "4.0.3",
-        "typescript": "5.9.2",
-        "unbuild": "3.6.1",
-        "typedoc": "0.28.18",
-        "typedoc-plugin-markdown": "4.11.0",
-        "vitest": "3.2.4",
-        "vue-tsc": "3.0.6"
+    "./core": {
+      "types": "./dist/core.d.mts",
+      "import": "./dist/core.mjs"
+    }
+  },
+  "main": "./dist/module.mjs",
+  "typesVersions": {
+    "*": {
+      ".": [
+        "./dist/types.d.mts"
+      ]
     }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxt-module-build build",
+    "docs": "nuxt-module-build prepare && typedoc"
+  },
+  "dependencies": {
+    "@meistrari/auth-core": "1.20.1",
+    "jose": "6.1.3"
+  },
+  "peerDependencies": {
+    "nuxt": "^3.0.0 || ^4.0.0",
+    "vue": "^3.0.0"
+  },
+  "devDependencies": {
+    "@nuxt/devtools": "2.6.3",
+    "@nuxt/eslint-config": "1.9.0",
+    "@nuxt/kit": "4.0.3",
+    "@nuxt/module-builder": "1.0.2",
+    "@nuxt/schema": "4.0.3",
+    "@nuxt/test-utils": "3.19.2",
+    "@types/node": "latest",
+    "changelogen": "0.6.2",
+    "nuxt": "4.0.3",
+    "typescript": "5.9.2",
+    "unbuild": "3.6.1",
+    "typedoc": "0.28.18",
+    "typedoc-plugin-markdown": "4.11.0",
+    "vitest": "3.2.4",
+    "vue-tsc": "3.0.6"
+  }
 }

package/dist/runtime/server/routes/auth/organizations.d.ts

@@ -1,16 +0,0 @@
-/**
- * Server route handler for listing available organizations
- *
- * This route:
- * 1. Retrieves the access token from the cookie
- * 2. Calls the auth API to get the list of organizations the user can switch to
- * 3. Returns the organizations data
- *
- * Returns only organizations that are entitled to the application and where
- * the entitlement's access rules permit the current user.
- */
-declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
-    success: boolean;
-    organizations: import("@meistrari/auth-core").FullOrganization[];
-}>>;
-export default _default;

package/dist/runtime/server/routes/auth/organizations.js

@@ -1,40 +0,0 @@
-import { createError, useRuntimeConfig } from "#imports";
-import { defineEventHandler, getCookie } from "h3";
-import { createNuxtAuthClient } from "../../../shared.js";
-export default defineEventHandler(async (event) => {
-  const config = useRuntimeConfig();
-  const authConfig = config.public.telaAuth;
-  const accessToken = getCookie(event, "tela-access-token");
-  if (!accessToken) {
-    throw createError({
-      statusCode: 401,
-      statusMessage: "Unauthorized",
-      message: "No access token found"
-    });
-  }
-  if (!authConfig.application?.applicationId) {
-    throw createError({
-      statusCode: 500,
-      statusMessage: "Internal Server Error",
-      message: "Application ID is not configured"
-    });
-  }
-  try {
-    const authClient = createNuxtAuthClient(
-      authConfig.apiUrl,
-      () => accessToken
-    );
-    const { organizations } = await authClient.application.listCandidateOrganizations(authConfig.application.applicationId);
-    return {
-      success: true,
-      organizations
-    };
-  } catch (error) {
-    console.error("[Auth Orgs] Failed to list organizations:", error);
-    throw createError({
-      statusCode: 500,
-      statusMessage: "Internal Server Error",
-      message: "Failed to list organizations"
-    });
-  }
-});