@monocloud/auth-nextjs 0.1.1 → 0.1.2

package/dist/{types-BleaXQUP.d.mts → types-DOfZTKa6.d.mts}

@@ -1,79 +1,32 @@
 import { Authenticators, AuthorizationParams, DisplayOptions, MonoCloudUser, Prompt } from "@monocloud/auth-node-core";
-import { NextFetchEvent, NextMiddleware, NextRequest, NextResponse } from "next/server";
 import { JSX } from "react";
-import { NextApiRequestCookies } from "next/dist/server/api-utils";
-import { NextMiddlewareResult } from "next/dist/server/web/types";
-import { GetServerSideProps, GetServerSidePropsContext, GetServerSidePropsResult, NextApiHandler, NextApiRequest, NextApiResponse } from "next/types";
-import { IncomingMessage, ServerResponse } from "node:http";
+import { NextFetchEvent, NextRequest, NextResponse } from "next/server";
+import { GetServerSideProps, GetServerSidePropsContext, GetServerSidePropsResult, NextApiRequest, NextApiResponse } from "next/types";
 import { ParsedUrlQuery } from "node:querystring";
 
 //#region src/types.d.ts
+
+/**
+ * Context object passed to App Router API route handlers.
+ * Contains the dynamic route parameters.
+ */
 interface AppRouterContext {
   params: Record<string, string | string[]>;
 }
-type NextAnyRequest = NextRequest | NextApiRequest | (IncomingMessage & {
-  cookies: NextApiRequestCookies;
-});
-type NextAnyResponse = NextApiResponse | AppRouterContext | NextResponse | ServerResponse;
 /**
- * @typeparam TResult - The type of the result returned by the handler.
+ * Return type of `monoCloudAuth()` handler.
  */
-interface BaseFuncHandler<TResult> {
-  /**
-   * @param req - The Next.js request object.
-   * @param ctx - The AppRouterContext or NextResponse object representing the response context.
-   * @returns A promise of the result.
-   */
-  (req: NextRequest, ctx: AppRouterContext | NextResponse): Promise<TResult>;
-  /**
-   * @param req - The Next.js API request object.
-   * @param res - The Next.js API response object.
-   * @returns A promise of the result.
-   */
-  (req: NextApiRequest, res: NextApiResponse): Promise<TResult>;
-  /**
-   * @param req - The Next.js request object.
-   * @param res - The Next.js response object.
-   * @returns A promise of the result.
-   */
-  (req: NextAnyRequest, res: NextAnyResponse): Promise<TResult>;
-  /**
-   * @returns A promise of the result.
-   */
-  (): Promise<TResult>;
-}
+type MonoCloudAuthHandler = (req: Request | NextRequest | NextApiRequest, resOrCtx?: Response | NextResponse<any> | NextApiResponse<any> | AppRouterContext) => Promise<Response | NextResponse | void | any>;
+/** Return type of Next.js middleware/proxy */
+type NextMiddlewareResult = NextResponse | Response | null | undefined | void;
 /**
- * @typeparam TResult - The type of the result returned by the function.
- * @typeparam TOptions - The type of the additional options parameter (default: `any`).
+ * Handler function triggered when a user is denied access in Next.js Middleware.
+ *
+ * @param request - The incoming Next.js request.
+ * @param event - The Next.js fetch event.
+ * @param user - The authenticated user object (if available).
+ * @returns A `NextMiddlewareResult` (e.g., a redirect or rewrite) or a Promise resolving to one.
  */
-type FuncHandler<TResult, TOptions = any> = BaseFuncHandler<TResult> & {
-  /**
-   * @param req - The Next.js request object.
-   * @param ctx - The context object, which can be either an AppRouterContext or a NextResponse.
-   * @param options - Additional options passed to the function (optional).
-   * @returns A promise of the result.
-   */
-  (req: NextRequest, ctx: AppRouterContext | NextResponse, options?: TOptions): Promise<TResult>;
-  /**
-   * @param req - The Next.js API request object.
-   * @param res - The Next.js API response object.
-   * @param options - Additional options passed to the function (optional).
-   * @returns A promise of the result.
-   */
-  (req: NextApiRequest, res: NextApiResponse, options?: TOptions): Promise<TResult>;
-  /**
-   * @param req - The generic Next.js request object.
-   * @param res - The generic Next.js response object.
-   * @param options - Additional options passed to the function (optional).
-   * @returns A promise of the result.
-   */
-  (req: NextAnyRequest, res: NextAnyResponse, options?: TOptions): Promise<TResult>;
-  /**
-   * @param options - Additional options passed to the function (optional).
-   * @returns A promise of the result.
-   */
-  (options?: TOptions): Promise<TResult>;
-};
 type NextMiddlewareOnAccessDenied = (request: NextRequest, event: NextFetchEvent, user?: MonoCloudUser) => NextMiddlewareResult | Promise<NextMiddlewareResult>;
 /**
  *
@@ -163,38 +116,25 @@ interface MonoCloudMiddlewareOptions {
   onAccessDenied?: NextMiddlewareOnAccessDenied;
 }
 /**
- * A middleware that protects pages and apis and handles authentication.
- * This middleware function can be configured with options or directly invoked with request and event parameters.
+ * A subset of authorization parameters used on client side functions
  */
-interface MonoCloudMiddleware {
-  /**
-   * A middleware that protects pages and apis and handles authentication.
-   *
-   * @param options - Options to configure the MonoCloud authentication middleware.
-   * @returns A Next.js middleware function.
-   */
-  (options?: MonoCloudMiddlewareOptions): NextMiddleware;
-  /**
-   * A middleware that protects pages and apis and handles authentication.
-   *
-   * @returns A promise resolving to a Next.js middleware result or a Next.js middleware result.
-   */
-  (
-  /**
-   * The Next.js request object.
-   */
-  request: NextRequest,
-  /**
-   * The Next.js fetch event object.
-   */
-  event: NextFetchEvent): Promise<NextMiddlewareResult> | NextMiddlewareResult;
-}
 type ExtraAuthParams = Pick<AuthorizationParams, 'scopes' | 'resource' | 'prompt' | 'display' | 'uiLocales' | 'acrValues' | 'authenticatorHint' | 'maxAge' | 'loginHint'>;
+/**
+ * Represents a Next.js App Router React Server Component.
+ *
+ * @param props - The props object containing `params` and `searchParams`.
+ *
+ * @returns A JSX Element or a Promise resolving to one.
+ */
 type AppRouterPageHandler = (props: {
   params?: Record<string, string | string[]>;
   searchParams?: Record<string, string | string[] | undefined>;
 }) => Promise<JSX.Element> | JSX.Element;
-type AppRouterApiHandlerFn = (req: NextRequest, ctx: AppRouterContext) => Promise<Response> | Response;
+/** App Router API Route Handler */
+type AppRouterApiHandlerFn = (req: NextRequest | Request, ctx: AppRouterContext) => Promise<Response | NextResponse> | Response | NextResponse;
+/**
+ * Options for configuring `protectPage()` in the App Router.
+ */
 type ProtectAppPageOptions = {
   /**
    * The URL to return to after authentication.
@@ -213,6 +153,12 @@ type ProtectAppPageOptions = {
    */
   authParams?: ExtraAuthParams;
 } & GroupOptions;
+/**
+ * Options for configuring `protectPage()` in the Pages Router.
+ *
+ * @typeParam P - The type of the props returned by `getServerSideProps`.
+ * @typeParam Q - The type of the parsed query object.
+ */
 type ProtectPagePageOptions<P extends Record<string, any> = Record<string, any>, Q extends ParsedUrlQuery = ParsedUrlQuery> = {
   /**
    * Function to fetch server-side props for the protected page handler.
@@ -235,77 +181,78 @@ type ProtectPagePageOptions<P extends Record<string, any> = Record<string, any>,
    */
   authParams?: ExtraAuthParams;
 } & GroupOptions;
+/**
+ * Handler function triggered when a user is denied access in a Pages Router `getServerSideProps` flow.
+ *
+ * @typeParam P - The type of the props.
+ * @typeParam Q - The type of the parsed query object.
+ *
+ * @param context - The server-side props context extended with the optional user object.
+ *
+ * @returns The result for `getServerSideProps`.
+ */
 type ProtectPagePageOnAccessDeniedType<P, Q extends ParsedUrlQuery = ParsedUrlQuery> = (context: GetServerSidePropsContext<Q> & {
   user?: MonoCloudUser;
 }) => Promise<GetServerSidePropsResult<P>> | GetServerSidePropsResult<P>;
-type ProtectPagePageReturnType<P, Q extends ParsedUrlQuery = ParsedUrlQuery> = (context: GetServerSidePropsContext<Q>) => Promise<GetServerSidePropsResult<P & {
-  user: MonoCloudUser;
-}>>;
 /**
- * Type definition for protecting a server rendered page handler function.
- * This type takes optional protection options and returns the protected page handler.
+ * The return type of the `protectPage()` wrapper for Pages Router.
+ * It returns a function compatible with `getServerSideProps` that injects the user into props.
  *
- * @typeparam P - The type of parameters accepted by the page handler.
- * @typeparam Q - The type of query parameters parsed from the URL.
- * @returns Protected page handler function.
- */
-type ProtectPagePage = <P extends Record<string, any> = Record<string, any>, Q extends ParsedUrlQuery = ParsedUrlQuery>(
-/**
- * Protection options
- */
-options?: ProtectPagePageOptions<P, Q>) => ProtectPagePageReturnType<P, Q>;
-/**
- * Type definition for protecting a server rendered AppRouter page handler function.
+ * @typeParam P - The type of the props.
+ * @typeParam Q - The type of the parsed query object.
  *
- * @returns Protected page handler function.
+ * @returns `GetServerSidePropsResult` with user injected
  */
-type ProtectAppPage = (
+type ProtectPagePageReturnType<P, Q extends ParsedUrlQuery = ParsedUrlQuery> = (context: GetServerSidePropsContext<Q>) => Promise<GetServerSidePropsResult<P & {
+  user: MonoCloudUser;
+  accessDenied?: boolean;
+}>>;
 /**
- * The component to protect
+ * The App Router server component that protectPage wraps and secures
  */
-component: (props: {
+type ProtectedAppServerComponent = (props: {
   user: MonoCloudUser;
   params?: Record<string, string | string[]>;
   searchParams?: Record<string, string | string[] | undefined>;
-}) => Promise<JSX.Element> | JSX.Element,
-/**
- * Protection options
- */
-options?: ProtectAppPageOptions) => AppRouterPageHandler;
+}) => Promise<JSX.Element> | JSX.Element;
 /**
- * Protects a server rendered page.
+ * Handler function triggered when a user is denied access in an App Router API route.
+ *
+ * @param req - The incoming Next.js request.
+ * @param ctx - The App Router context.
+ *
+ * @param user - The authenticated user object (if available).
+ *
+ * @returns A Response/NextResponse or Promise resolving to one.
  */
-type ProtectPage = ProtectAppPage & ProtectPagePage;
-type AppRouterApiOnAccessDeniedHandlerFn = (req: NextRequest, res: AppRouterContext, user?: MonoCloudUser) => Promise<Response> | Response;
+type AppRouterApiOnAccessDeniedHandler = (req: NextRequest, ctx: AppRouterContext, user?: MonoCloudUser) => Promise<Response> | Response;
+/** Options for App Router `protectApi()` */
 type ProtectApiAppOptions = {
   /**
    * Alternate app router api handler called when the user is not authenticated or is not a member of the specified groups.
    */
-  onAccessDenied?: AppRouterApiOnAccessDeniedHandlerFn;
+  onAccessDenied?: AppRouterApiOnAccessDeniedHandler;
 } & GroupOptions;
-type ProtectAppApi = (req: NextRequest, ctx: AppRouterContext, handler: AppRouterApiHandlerFn, options?: ProtectApiAppOptions) => Promise<Response> | Response;
-type NextPageRouterApiOnAccessDeniedHandler = (req: NextApiRequest, res: NextApiResponse<any>, user?: MonoCloudUser) => Promise<unknown> | unknown;
+/**
+ * Handler function triggered when a user is denied access in a Pages Router API route.
+ *
+ * @param req - The incoming Next.js API request.
+ * @param res - The Next.js API response.
+ * @param user - The authenticated user object (if available).
+ *
+ * @returns
+ */
+type PageRouterApiOnAccessDeniedHandler = (req: NextApiRequest, res: NextApiResponse<any>, user?: MonoCloudUser) => Promise<unknown> | unknown;
+/** Options for Page Router `protectApi()` */
 type ProtectApiPageOptions = {
   /**
    * Alternate page router api handler called when the user is not authenticated or is not a member of the specified groups.
    */
-  onAccessDenied?: NextPageRouterApiOnAccessDeniedHandler;
+  onAccessDenied?: PageRouterApiOnAccessDeniedHandler;
 } & GroupOptions;
-type ProtectPageApi = (req: NextApiRequest, res: NextApiResponse, handler: NextApiHandler, options?: ProtectApiPageOptions) => Promise<unknown>;
-type ProtectApiPage = (
 /**
- * The api route handler function to protect
+ * Options for the `protect()` helper function.
  */
-handler: NextApiHandler, options?: ProtectApiPageOptions) => NextApiHandler;
-type ProtectApiApp = (
-/**
- * The api route handler function to protect
- */
-handler: AppRouterApiHandlerFn, options?: ProtectApiAppOptions) => AppRouterApiHandlerFn;
-/**
- * Protects an api route handler.
- */
-type ProtectApi = ProtectApiApp & ProtectApiPage;
 type ProtectOptions = {
   /**
    * The url where the user will be redirected to after sign in.
@@ -317,11 +264,8 @@ type ProtectOptions = {
   authParams?: ExtraAuthParams;
 } & GroupOptions;
 /**
- * Redirects user to sign in page if not already authenticated.
- *
- * @param options - The Protect options
+ * Configuration options for checking if a user belongs to specific groups.
  */
-type Protect = (options?: ProtectOptions) => Promise<void>;
 interface IsUserInGroupOptions {
   /**
    * The name of the groups claim in the user profile. Default: `groups`.
@@ -332,6 +276,9 @@ interface IsUserInGroupOptions {
    */
   matchAll?: boolean;
 }
+/**
+ * Extended configuration options that include a list of required groups.
+ */
 interface GroupOptions extends IsUserInGroupOptions {
   /**
    * A list of group IDs or names specifying the groups the user must belong to.
@@ -396,7 +343,9 @@ interface RedirectToSignOutOptions {
    * The url authorization server should redirect the user to after a successful sign out. This url has to be registered in the client's sign out url section.
    */
   postLogoutRedirectUri?: string;
+  /** Whether to also sign out the user from MonoCloud */
+  federated?: boolean;
 }
 //#endregion
-export { ProtectPagePageOnAccessDeniedType as C, RedirectToSignOutOptions as D, RedirectToSignInOptions as E, ProtectPagePage as S, ProtectPagePageReturnType as T, ProtectAppPage as _, FuncHandler as a, ProtectPage as b, MonoCloudAuthOptions as c, NextAnyRequest as d, NextAnyResponse as f, ProtectAppApi as g, ProtectApi as h, ExtraAuthParams as i, MonoCloudMiddleware as l, Protect as m, AppRouterContext as n, GroupOptions as o, NextPageRouterApiOnAccessDeniedHandler as p, BaseFuncHandler as r, IsUserInGroupOptions as s, AppRouterApiOnAccessDeniedHandlerFn as t, MonoCloudMiddlewareOptions as u, ProtectAppPageOptions as v, ProtectPagePageOptions as w, ProtectPageApi as x, ProtectOptions as y };
-//# sourceMappingURL=types-BleaXQUP.d.mts.map
+export { ProtectPagePageOptions as _, GroupOptions as a, RedirectToSignInOptions as b, MonoCloudAuthOptions as c, PageRouterApiOnAccessDeniedHandler as d, ProtectApiAppOptions as f, ProtectPagePageOnAccessDeniedType as g, ProtectOptions as h, ExtraAuthParams as i, MonoCloudMiddlewareOptions as l, ProtectAppPageOptions as m, AppRouterApiOnAccessDeniedHandler as n, IsUserInGroupOptions as o, ProtectApiPageOptions as p, AppRouterPageHandler as r, MonoCloudAuthHandler as s, AppRouterApiHandlerFn as t, NextMiddlewareResult as u, ProtectPagePageReturnType as v, RedirectToSignOutOptions as x, ProtectedAppServerComponent as y };
+//# sourceMappingURL=types-DOfZTKa6.d.mts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@monocloud/auth-nextjs",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "MonoCloud Next.js Authentication SDK",
   "keywords": [
     "monocloud",
@@ -57,7 +57,7 @@
   "dependencies": {
     "cookie": "1.1.1",
     "swr": "2.3.8",
-    "@monocloud/auth-node-core": "0.1.1"
+    "@monocloud/auth-node-core": "0.1.2"
   },
   "devDependencies": {
     "@edge-runtime/vm": "5.0.0",

package/dist/client-0gaUvMR7.mjs

@@ -1,105 +0,0 @@
-import { isUserInGroup } from "@monocloud/auth-node-core/utils";
-import useSWR from "swr";
-import React, { useEffect } from "react";
-
-//#region src/client/use-auth.tsx
-/**
-* @returns Authentication State
-*/
-const useAuth = () => {
-	const { data, error, isLoading, mutate } = useSWR(process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_USER_INFO_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ""}/api/auth/userinfo`, async (url) => {
-		const res = await fetch(url, { credentials: "include" });
-		if (res.status === 204) return;
-		if (res.ok) return res.json();
-		throw new Error("Failed to fetch user");
-	});
-	if (error) return {
-		user: void 0,
-		isLoading: false,
-		isAuthenticated: false,
-		error,
-		refetch: () => mutate()
-	};
-	if (data) return {
-		user: data,
-		isLoading,
-		isAuthenticated: !!data && Object.keys(data).length > 0,
-		error: void 0,
-		refetch: () => mutate()
-	};
-	return {
-		user: void 0,
-		isLoading,
-		isAuthenticated: false,
-		error: void 0,
-		refetch: () => {}
-	};
-};
-
-//#endregion
-//#region src/client/protect.tsx
-const redirectToSignIn = (options) => {
-	const searchParams = new URLSearchParams(window.location.search);
-	searchParams.set("return_url", options.returnUrl ?? window.location.toString());
-	if (options === null || options === void 0 ? void 0 : options.scopes) searchParams.set("scope", options.scopes);
-	if (options === null || options === void 0 ? void 0 : options.resource) searchParams.set("resource", options.resource);
-	if (options === null || options === void 0 ? void 0 : options.acrValues) searchParams.set("acr_values", options.acrValues.join(" "));
-	if (options === null || options === void 0 ? void 0 : options.display) searchParams.set("display", options.display);
-	if (options === null || options === void 0 ? void 0 : options.prompt) searchParams.set("prompt", options.prompt);
-	if (options === null || options === void 0 ? void 0 : options.authenticatorHint) searchParams.set("authenticator_hint", options.authenticatorHint);
-	if (options === null || options === void 0 ? void 0 : options.uiLocales) searchParams.set("ui_locales", options.uiLocales);
-	if (options === null || options === void 0 ? void 0 : options.maxAge) searchParams.set("max_age", options.maxAge.toString());
-	if (options === null || options === void 0 ? void 0 : options.loginHint) searchParams.set("login_hint", options.loginHint);
-	window.location.assign(`${process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_SIGNIN_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ""}/api/auth/signin`}?${searchParams.toString()}`);
-};
-const handlePageError = (error, options) => {
-	/* v8 ignore else -- @preserve */
-	if (options === null || options === void 0 ? void 0 : options.onError) return options.onError(error);
-	/* v8 ignore next -- @preserve */
-	throw error;
-};
-/**
-* Function to protect a client rendered page component.
-* Ensures that only authenticated users can access the component.
-*
-* @param Component - The component to protect.
-* @param options - The options.
-*
-* @returns Protected clinet rendered page component.
-*/
-const protectPage = (Component, options) => {
-	return (props) => {
-		const { user, error, isLoading } = useAuth();
-		useEffect(() => {
-			if (!user && !isLoading && !error) {
-				if (options === null || options === void 0 ? void 0 : options.onAccessDenied) return;
-				const authParams = (options === null || options === void 0 ? void 0 : options.authParams) ?? {};
-				redirectToSignIn({
-					returnUrl: options === null || options === void 0 ? void 0 : options.returnUrl,
-					...authParams
-				});
-			}
-		}, [
-			user,
-			isLoading,
-			error
-		]);
-		if (error) return handlePageError(error, options);
-		if (!user && !isLoading && (options === null || options === void 0 ? void 0 : options.onAccessDenied)) return options.onAccessDenied();
-		if (user) {
-			if ((options === null || options === void 0 ? void 0 : options.groups) && !isUserInGroup(user, options.groups, options.groupsClaim ?? process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_GROUPS_CLAIM, options.matchAll)) {
-				const { onAccessDenied = () => /* @__PURE__ */ React.createElement("div", null, "Access Denied") } = options;
-				return onAccessDenied(user);
-			}
-			return /* @__PURE__ */ React.createElement(Component, {
-				user,
-				...props
-			});
-		}
-		return null;
-	};
-};
-
-//#endregion
-export { redirectToSignIn as n, useAuth as r, protectPage as t };
-//# sourceMappingURL=client-0gaUvMR7.mjs.map

package/dist/client-0gaUvMR7.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"client-0gaUvMR7.mjs","names":[],"sources":["../src/client/use-auth.tsx","../src/client/protect.tsx"],"sourcesContent":["'use client';\n\nimport { MonoCloudUser } from '@monocloud/auth-node-core';\nimport useSWR from 'swr';\n\n/**\n * Authentication State returned by `useAuth` hook.\n */\nexport interface AuthState {\n  /**\n   * Flag indicating if the authentication state is still loading.\n   */\n  isLoading: boolean;\n  /**\n   * Flag indicating if the user is authenticated.\n   */\n  isAuthenticated: boolean;\n  /**\n   * Error encountered during authentication, if any.\n   */\n  error?: Error;\n  /**\n   *  The authenticated user's information, if available.\n   */\n  user?: MonoCloudUser;\n  /**\n   * Function to refetch the authentication state.\n   */\n  refetch?: () => void;\n}\n\n/**\n * @returns Authentication State\n */\nexport const useAuth = (): AuthState => {\n  const { data, error, isLoading, mutate } = useSWR<MonoCloudUser | undefined>(\n    process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_USER_INFO_URL ??\n      // eslint-disable-next-line no-underscore-dangle\n      `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/userinfo`,\n    async (url: string) => {\n      const res = await fetch(url, { credentials: 'include' });\n\n      if (res.status === 204) {\n        return undefined;\n      }\n\n      if (res.ok) {\n        return res.json();\n      }\n\n      throw new Error('Failed to fetch user');\n    }\n  );\n\n  if (error) {\n    return {\n      user: undefined,\n      isLoading: false,\n      isAuthenticated: false,\n      error: error as Error,\n      refetch: () => mutate(),\n    };\n  }\n\n  if (data) {\n    return {\n      user: data,\n      isLoading,\n      isAuthenticated: !!data && Object.keys(data).length > 0,\n      error: undefined,\n      refetch: () => mutate(),\n    };\n  }\n\n  return {\n    user: undefined,\n    isLoading,\n    isAuthenticated: false,\n    error: undefined,\n    /* v8 ignore next -- @preserve */\n    refetch: (): void => {},\n  };\n};\n","/* eslint-disable react/display-name */\n'use client';\n\nimport React, { ComponentType, JSX, useEffect } from 'react';\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport { isUserInGroup } from '@monocloud/auth-node-core/utils';\nimport { useAuth } from './use-auth';\nimport { ExtraAuthParams, GroupOptions } from '../types';\n\n/**\n * Options for configuring page protection.\n */\nexport type ProtectPageOptions = {\n  /**\n   *The url where the user will be redirected to after sign in\n   */\n  returnUrl?: string;\n\n  /**\n   * A custom react element to render when the user is not authenticated or is not a member of the specified groups.\n   */\n  onAccessDenied?: (user?: MonoCloudUser) => JSX.Element;\n\n  /**\n   * Authorization parameters to be used during authentication.\n   */\n  authParams?: ExtraAuthParams;\n\n  /**\n   * Callback function to handle errors.\n   * If not provided, errors will be thrown.\n   *\n   * @param error - The error object.\n   * @returns JSX element to handle the error.\n   */\n  onError?: (error: Error) => JSX.Element;\n} & GroupOptions;\n\nexport const redirectToSignIn = (\n  options: { returnUrl?: string } & ExtraAuthParams\n): void => {\n  const searchParams = new URLSearchParams(window.location.search);\n  searchParams.set(\n    'return_url',\n    options.returnUrl ?? window.location.toString()\n  );\n\n  if (options?.scopes) {\n    searchParams.set('scope', options.scopes);\n  }\n  if (options?.resource) {\n    searchParams.set('resource', options.resource);\n  }\n\n  if (options?.acrValues) {\n    searchParams.set('acr_values', options.acrValues.join(' '));\n  }\n\n  if (options?.display) {\n    searchParams.set('display', options.display);\n  }\n\n  if (options?.prompt) {\n    searchParams.set('prompt', options.prompt);\n  }\n\n  if (options?.authenticatorHint) {\n    searchParams.set('authenticator_hint', options.authenticatorHint);\n  }\n\n  if (options?.uiLocales) {\n    searchParams.set('ui_locales', options.uiLocales);\n  }\n\n  if (options?.maxAge) {\n    searchParams.set('max_age', options.maxAge.toString());\n  }\n\n  if (options?.loginHint) {\n    searchParams.set('login_hint', options.loginHint);\n  }\n\n  window.location.assign(\n    // eslint-disable-next-line no-underscore-dangle\n    `${process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_SIGNIN_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/signin`}?${searchParams.toString()}`\n  );\n};\n\nconst handlePageError = (\n  error: Error,\n  options?: ProtectPageOptions\n): JSX.Element => {\n  /* v8 ignore else -- @preserve */\n  if (options?.onError) {\n    return options.onError(error);\n  }\n\n  /* v8 ignore next -- @preserve */\n  throw error;\n};\n\n/**\n * Function to protect a client rendered page component.\n * Ensures that only authenticated users can access the component.\n *\n * @param Component - The component to protect.\n * @param options - The options.\n *\n * @returns Protected clinet rendered page component.\n */\nexport const protectPage = <P extends object>(\n  Component: ComponentType<P & { user: MonoCloudUser }>,\n  options?: ProtectPageOptions\n): React.FC<P> => {\n  return props => {\n    const { user, error, isLoading } = useAuth();\n\n    useEffect(() => {\n      if (!user && !isLoading && !error) {\n        if (options?.onAccessDenied) {\n          return;\n        }\n\n        const authParams = options?.authParams ?? {};\n        redirectToSignIn({\n          returnUrl: options?.returnUrl,\n          ...authParams,\n        });\n      }\n    }, [user, isLoading, error]);\n\n    if (error) {\n      return handlePageError(error, options);\n    }\n\n    if (!user && !isLoading && options?.onAccessDenied) {\n      return options.onAccessDenied();\n    }\n\n    if (user) {\n      if (\n        options?.groups &&\n        !isUserInGroup(\n          user,\n          options.groups,\n          options.groupsClaim ??\n            process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_GROUPS_CLAIM,\n          options.matchAll\n        )\n      ) {\n        const { onAccessDenied = (): JSX.Element => <div>Access Denied</div> } =\n          options;\n        return onAccessDenied(user);\n      }\n\n      return <Component user={user} {...props} />;\n    }\n\n    return null;\n  };\n};\n"],"mappings":";;;;;;;;AAkCA,MAAa,gBAA2B;CACtC,MAAM,EAAE,MAAM,OAAO,WAAW,WAAW,OACzC,QAAQ,IAAI,4CAEV,GAAG,QAAQ,IAAI,0BAA0B,GAAG,qBAC9C,OAAO,QAAgB;EACrB,MAAM,MAAM,MAAM,MAAM,KAAK,EAAE,aAAa,WAAW,CAAC;AAExD,MAAI,IAAI,WAAW,IACjB;AAGF,MAAI,IAAI,GACN,QAAO,IAAI,MAAM;AAGnB,QAAM,IAAI,MAAM,uBAAuB;GAE1C;AAED,KAAI,MACF,QAAO;EACL,MAAM;EACN,WAAW;EACX,iBAAiB;EACV;EACP,eAAe,QAAQ;EACxB;AAGH,KAAI,KACF,QAAO;EACL,MAAM;EACN;EACA,iBAAiB,CAAC,CAAC,QAAQ,OAAO,KAAK,KAAK,CAAC,SAAS;EACtD,OAAO;EACP,eAAe,QAAQ;EACxB;AAGH,QAAO;EACL,MAAM;EACN;EACA,iBAAiB;EACjB,OAAO;EAEP,eAAqB;EACtB;;;;;AC3CH,MAAa,oBACX,YACS;CACT,MAAM,eAAe,IAAI,gBAAgB,OAAO,SAAS,OAAO;AAChE,cAAa,IACX,cACA,QAAQ,aAAa,OAAO,SAAS,UAAU,CAChD;AAED,uDAAI,QAAS,OACX,cAAa,IAAI,SAAS,QAAQ,OAAO;AAE3C,uDAAI,QAAS,SACX,cAAa,IAAI,YAAY,QAAQ,SAAS;AAGhD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU,KAAK,IAAI,CAAC;AAG7D,uDAAI,QAAS,QACX,cAAa,IAAI,WAAW,QAAQ,QAAQ;AAG9C,uDAAI,QAAS,OACX,cAAa,IAAI,UAAU,QAAQ,OAAO;AAG5C,uDAAI,QAAS,kBACX,cAAa,IAAI,sBAAsB,QAAQ,kBAAkB;AAGnE,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,uDAAI,QAAS,OACX,cAAa,IAAI,WAAW,QAAQ,OAAO,UAAU,CAAC;AAGxD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,QAAO,SAAS,OAEd,GAAG,QAAQ,IAAI,yCAAyC,GAAG,QAAQ,IAAI,0BAA0B,GAAG,kBAAkB,GAAG,aAAa,UAAU,GACjJ;;AAGH,MAAM,mBACJ,OACA,YACgB;;AAEhB,uDAAI,QAAS,QACX,QAAO,QAAQ,QAAQ,MAAM;;AAI/B,OAAM;;;;;;;;;;;AAYR,MAAa,eACX,WACA,YACgB;AAChB,SAAO,UAAS;EACd,MAAM,EAAE,MAAM,OAAO,cAAc,SAAS;AAE5C,kBAAgB;AACd,OAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO;AACjC,0DAAI,QAAS,eACX;IAGF,MAAM,gEAAa,QAAS,eAAc,EAAE;AAC5C,qBAAiB;KACf,6DAAW,QAAS;KACpB,GAAG;KACJ,CAAC;;KAEH;GAAC;GAAM;GAAW;GAAM,CAAC;AAE5B,MAAI,MACF,QAAO,gBAAgB,OAAO,QAAQ;AAGxC,MAAI,CAAC,QAAQ,CAAC,gEAAa,QAAS,gBAClC,QAAO,QAAQ,gBAAgB;AAGjC,MAAI,MAAM;AACR,0DACE,QAAS,WACT,CAAC,cACC,MACA,QAAQ,QACR,QAAQ,eACN,QAAQ,IAAI,yCACd,QAAQ,SACT,EACD;IACA,MAAM,EAAE,uBAAoC,oCAAC,aAAI,gBAAmB,KAClE;AACF,WAAO,eAAe,KAAK;;AAG7B,UAAO,oCAAC;IAAgB;IAAM,GAAI;KAAS;;AAG7C,SAAO"}

package/dist/client-BjnSJS59.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"client-BjnSJS59.cjs","names":[],"sources":["../src/client/use-auth.tsx","../src/client/protect.tsx"],"sourcesContent":["'use client';\n\nimport { MonoCloudUser } from '@monocloud/auth-node-core';\nimport useSWR from 'swr';\n\n/**\n * Authentication State returned by `useAuth` hook.\n */\nexport interface AuthState {\n  /**\n   * Flag indicating if the authentication state is still loading.\n   */\n  isLoading: boolean;\n  /**\n   * Flag indicating if the user is authenticated.\n   */\n  isAuthenticated: boolean;\n  /**\n   * Error encountered during authentication, if any.\n   */\n  error?: Error;\n  /**\n   *  The authenticated user's information, if available.\n   */\n  user?: MonoCloudUser;\n  /**\n   * Function to refetch the authentication state.\n   */\n  refetch?: () => void;\n}\n\n/**\n * @returns Authentication State\n */\nexport const useAuth = (): AuthState => {\n  const { data, error, isLoading, mutate } = useSWR<MonoCloudUser | undefined>(\n    process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_USER_INFO_URL ??\n      // eslint-disable-next-line no-underscore-dangle\n      `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/userinfo`,\n    async (url: string) => {\n      const res = await fetch(url, { credentials: 'include' });\n\n      if (res.status === 204) {\n        return undefined;\n      }\n\n      if (res.ok) {\n        return res.json();\n      }\n\n      throw new Error('Failed to fetch user');\n    }\n  );\n\n  if (error) {\n    return {\n      user: undefined,\n      isLoading: false,\n      isAuthenticated: false,\n      error: error as Error,\n      refetch: () => mutate(),\n    };\n  }\n\n  if (data) {\n    return {\n      user: data,\n      isLoading,\n      isAuthenticated: !!data && Object.keys(data).length > 0,\n      error: undefined,\n      refetch: () => mutate(),\n    };\n  }\n\n  return {\n    user: undefined,\n    isLoading,\n    isAuthenticated: false,\n    error: undefined,\n    /* v8 ignore next -- @preserve */\n    refetch: (): void => {},\n  };\n};\n","/* eslint-disable react/display-name */\n'use client';\n\nimport React, { ComponentType, JSX, useEffect } from 'react';\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport { isUserInGroup } from '@monocloud/auth-node-core/utils';\nimport { useAuth } from './use-auth';\nimport { ExtraAuthParams, GroupOptions } from '../types';\n\n/**\n * Options for configuring page protection.\n */\nexport type ProtectPageOptions = {\n  /**\n   *The url where the user will be redirected to after sign in\n   */\n  returnUrl?: string;\n\n  /**\n   * A custom react element to render when the user is not authenticated or is not a member of the specified groups.\n   */\n  onAccessDenied?: (user?: MonoCloudUser) => JSX.Element;\n\n  /**\n   * Authorization parameters to be used during authentication.\n   */\n  authParams?: ExtraAuthParams;\n\n  /**\n   * Callback function to handle errors.\n   * If not provided, errors will be thrown.\n   *\n   * @param error - The error object.\n   * @returns JSX element to handle the error.\n   */\n  onError?: (error: Error) => JSX.Element;\n} & GroupOptions;\n\nexport const redirectToSignIn = (\n  options: { returnUrl?: string } & ExtraAuthParams\n): void => {\n  const searchParams = new URLSearchParams(window.location.search);\n  searchParams.set(\n    'return_url',\n    options.returnUrl ?? window.location.toString()\n  );\n\n  if (options?.scopes) {\n    searchParams.set('scope', options.scopes);\n  }\n  if (options?.resource) {\n    searchParams.set('resource', options.resource);\n  }\n\n  if (options?.acrValues) {\n    searchParams.set('acr_values', options.acrValues.join(' '));\n  }\n\n  if (options?.display) {\n    searchParams.set('display', options.display);\n  }\n\n  if (options?.prompt) {\n    searchParams.set('prompt', options.prompt);\n  }\n\n  if (options?.authenticatorHint) {\n    searchParams.set('authenticator_hint', options.authenticatorHint);\n  }\n\n  if (options?.uiLocales) {\n    searchParams.set('ui_locales', options.uiLocales);\n  }\n\n  if (options?.maxAge) {\n    searchParams.set('max_age', options.maxAge.toString());\n  }\n\n  if (options?.loginHint) {\n    searchParams.set('login_hint', options.loginHint);\n  }\n\n  window.location.assign(\n    // eslint-disable-next-line no-underscore-dangle\n    `${process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_SIGNIN_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/signin`}?${searchParams.toString()}`\n  );\n};\n\nconst handlePageError = (\n  error: Error,\n  options?: ProtectPageOptions\n): JSX.Element => {\n  /* v8 ignore else -- @preserve */\n  if (options?.onError) {\n    return options.onError(error);\n  }\n\n  /* v8 ignore next -- @preserve */\n  throw error;\n};\n\n/**\n * Function to protect a client rendered page component.\n * Ensures that only authenticated users can access the component.\n *\n * @param Component - The component to protect.\n * @param options - The options.\n *\n * @returns Protected clinet rendered page component.\n */\nexport const protectPage = <P extends object>(\n  Component: ComponentType<P & { user: MonoCloudUser }>,\n  options?: ProtectPageOptions\n): React.FC<P> => {\n  return props => {\n    const { user, error, isLoading } = useAuth();\n\n    useEffect(() => {\n      if (!user && !isLoading && !error) {\n        if (options?.onAccessDenied) {\n          return;\n        }\n\n        const authParams = options?.authParams ?? {};\n        redirectToSignIn({\n          returnUrl: options?.returnUrl,\n          ...authParams,\n        });\n      }\n    }, [user, isLoading, error]);\n\n    if (error) {\n      return handlePageError(error, options);\n    }\n\n    if (!user && !isLoading && options?.onAccessDenied) {\n      return options.onAccessDenied();\n    }\n\n    if (user) {\n      if (\n        options?.groups &&\n        !isUserInGroup(\n          user,\n          options.groups,\n          options.groupsClaim ??\n            process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_GROUPS_CLAIM,\n          options.matchAll\n        )\n      ) {\n        const { onAccessDenied = (): JSX.Element => <div>Access Denied</div> } =\n          options;\n        return onAccessDenied(user);\n      }\n\n      return <Component user={user} {...props} />;\n    }\n\n    return null;\n  };\n};\n"],"mappings":";;;;;;;;;;;AAkCA,MAAa,gBAA2B;CACtC,MAAM,EAAE,MAAM,OAAO,WAAW,4BAC9B,QAAQ,IAAI,4CAEV,GAAG,QAAQ,IAAI,0BAA0B,GAAG,qBAC9C,OAAO,QAAgB;EACrB,MAAM,MAAM,MAAM,MAAM,KAAK,EAAE,aAAa,WAAW,CAAC;AAExD,MAAI,IAAI,WAAW,IACjB;AAGF,MAAI,IAAI,GACN,QAAO,IAAI,MAAM;AAGnB,QAAM,IAAI,MAAM,uBAAuB;GAE1C;AAED,KAAI,MACF,QAAO;EACL,MAAM;EACN,WAAW;EACX,iBAAiB;EACV;EACP,eAAe,QAAQ;EACxB;AAGH,KAAI,KACF,QAAO;EACL,MAAM;EACN;EACA,iBAAiB,CAAC,CAAC,QAAQ,OAAO,KAAK,KAAK,CAAC,SAAS;EACtD,OAAO;EACP,eAAe,QAAQ;EACxB;AAGH,QAAO;EACL,MAAM;EACN;EACA,iBAAiB;EACjB,OAAO;EAEP,eAAqB;EACtB;;;;;AC3CH,MAAa,oBACX,YACS;CACT,MAAM,eAAe,IAAI,gBAAgB,OAAO,SAAS,OAAO;AAChE,cAAa,IACX,cACA,QAAQ,aAAa,OAAO,SAAS,UAAU,CAChD;AAED,uDAAI,QAAS,OACX,cAAa,IAAI,SAAS,QAAQ,OAAO;AAE3C,uDAAI,QAAS,SACX,cAAa,IAAI,YAAY,QAAQ,SAAS;AAGhD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU,KAAK,IAAI,CAAC;AAG7D,uDAAI,QAAS,QACX,cAAa,IAAI,WAAW,QAAQ,QAAQ;AAG9C,uDAAI,QAAS,OACX,cAAa,IAAI,UAAU,QAAQ,OAAO;AAG5C,uDAAI,QAAS,kBACX,cAAa,IAAI,sBAAsB,QAAQ,kBAAkB;AAGnE,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,uDAAI,QAAS,OACX,cAAa,IAAI,WAAW,QAAQ,OAAO,UAAU,CAAC;AAGxD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,QAAO,SAAS,OAEd,GAAG,QAAQ,IAAI,yCAAyC,GAAG,QAAQ,IAAI,0BAA0B,GAAG,kBAAkB,GAAG,aAAa,UAAU,GACjJ;;AAGH,MAAM,mBACJ,OACA,YACgB;;AAEhB,uDAAI,QAAS,QACX,QAAO,QAAQ,QAAQ,MAAM;;AAI/B,OAAM;;;;;;;;;;;AAYR,MAAa,eACX,WACA,YACgB;AAChB,SAAO,UAAS;EACd,MAAM,EAAE,MAAM,OAAO,cAAc,SAAS;AAE5C,6BAAgB;AACd,OAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO;AACjC,0DAAI,QAAS,eACX;IAGF,MAAM,gEAAa,QAAS,eAAc,EAAE;AAC5C,qBAAiB;KACf,6DAAW,QAAS;KACpB,GAAG;KACJ,CAAC;;KAEH;GAAC;GAAM;GAAW;GAAM,CAAC;AAE5B,MAAI,MACF,QAAO,gBAAgB,OAAO,QAAQ;AAGxC,MAAI,CAAC,QAAQ,CAAC,gEAAa,QAAS,gBAClC,QAAO,QAAQ,gBAAgB;AAGjC,MAAI,MAAM;AACR,0DACE,QAAS,WACT,oDACE,MACA,QAAQ,QACR,QAAQ,eACN,QAAQ,IAAI,yCACd,QAAQ,SACT,EACD;IACA,MAAM,EAAE,uBAAoC,4CAAC,aAAI,gBAAmB,KAClE;AACF,WAAO,eAAe,KAAK;;AAG7B,UAAO,4CAAC;IAAgB;IAAM,GAAI;KAAS;;AAG7C,SAAO"}