npm - @monocloud/auth-nextjs - Versions diffs - 0.1.5 → 0.1.7 - Mend

@monocloud/auth-nextjs 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/README.md +21 -4
package/dist/{chunk-CbDLau6x.cjs → chunk-C0xms8kb.cjs} +1 -1
package/dist/client/index.cjs +4 -3
package/dist/client/index.d.mts +73 -118
package/dist/client/index.mjs +2 -2
package/dist/components/client/index.cjs +46 -88
package/dist/components/client/index.cjs.map +1 -1
package/dist/components/client/index.d.mts +59 -93
package/dist/components/client/index.mjs +42 -85
package/dist/components/client/index.mjs.map +1 -1
package/dist/components/index.cjs +46 -42
package/dist/components/index.cjs.map +1 -1
package/dist/components/index.d.mts +72 -49
package/dist/components/index.mjs +44 -41
package/dist/components/index.mjs.map +1 -1
package/dist/index.cjs +399 -374
package/dist/index.cjs.map +1 -1
package/dist/index.d.mts +1546 -1835
package/dist/index.mjs +393 -380
package/dist/index.mjs.map +1 -1
package/dist/{client-xfBYYato.cjs → protect-client-page-B1fOU4Zl.cjs} +65 -114
package/dist/protect-client-page-B1fOU4Zl.cjs.map +1 -0
package/dist/{client-D-3RMRNY.mjs → protect-client-page-BFlGkK8F.mjs} +63 -112
package/dist/protect-client-page-BFlGkK8F.mjs.map +1 -0
package/dist/types-xS_Me3Qg.d.mts +563 -0
package/package.json +8 -7
package/dist/client-D-3RMRNY.mjs.map +0 -1
package/dist/client-xfBYYato.cjs.map +0 -1
package/dist/types-CsBjAJce.d.mts +0 -410

package/dist/types-xS_Me3Qg.d.mts ADDED Viewed

@@ -0,0 +1,563 @@
+import { Authenticators, AuthorizationParams, DisplayOptions, MonoCloudUser, Prompt } from "@monocloud/auth-node-core";
+import { JSX } from "react";
+import { NextFetchEvent, NextRequest, NextResponse } from "next/server";
+import { GetServerSideProps, GetServerSidePropsContext, GetServerSidePropsResult, NextApiRequest, NextApiResponse } from "next/types";
+import { ParsedUrlQuery } from "node:querystring";
+//#region src/types.d.ts
+/**
+ * Context object provided to App Router route handlers.
+ *
+ * Contains dynamic route parameters resolved from the matched route segment (for example, `[id]` or `[...slug]`).
+ *
+ * In streaming or async environments, `params` may be provided as a Promise.
+ *
+ * @category Types
+ */
+interface AppRouterContext {
+  /**
+   * Dynamic route parameters extracted from the request URL.
+   */
+  params: Record<string, string | string[]> | Promise<Record<string, string | string[]>>;
+}
+/**
+ * Handler function returned by `monoCloudAuth()`.
+ *
+ * This handler processes authentication routes such as sign-in, callback, sign-out, and userinfo across supported Next.js runtimes (App Router, Pages Router, and API routes).
+ *
+ * @category Types (Handler)
+ */
+type MonoCloudAuthHandler = (
+/**
+ * Incoming request object.
+ */
+req: Request | NextRequest | NextApiRequest,
+/**
+ * Response object or App Router context.
+ */
+resOrCtx?: Response | NextResponse<any> | NextApiResponse<any> | AppRouterContext) => Promise<Response | NextResponse | void | any>;
+/**
+ * Possible return values from a Next.js middleware or proxy handler.
+ *
+ * @category Types
+ */
+type NextMiddlewareResult = NextResponse | Response | null | undefined | void;
+/**
+ * Handler invoked when access is denied during Next.js middleware execution.
+ *
+ * This callback allows you to customize how unauthenticated or unauthorized requests are handled, for example by redirecting, rewriting, or returning a custom response.
+ *
+ * @category Types (Handler)
+ *
+ * @param request The incoming Next.js request.
+ * @param event The associated Next.js fetch event.
+ * @returns A middleware result that determines how the request should proceed.
+ */
+type NextMiddlewareOnAccessDenied = (request: NextRequest, event: NextFetchEvent) => NextMiddlewareResult | Promise<NextMiddlewareResult>;
+/**
+ * Handler invoked when an authenticated user is denied access during Next.js middleware execution due to group authorization rules.
+ *
+ * This callback allows you to customize how authorization failures are handled, for example by redirecting, rewriting, or returning a custom response.
+ *
+ * @category Types (Handler)
+ *
+ * @param request The incoming Next.js request.
+ * @param event The associated Next.js fetch event.
+ * @param user The authenticated user who failed the group authorization check.
+ * @returns A middleware result that determines how the request should proceed.
+ */
+type NextMiddlewareOnGroupAccessDenied = (request: NextRequest, event: NextFetchEvent, user: MonoCloudUser) => NextMiddlewareResult | Promise<NextMiddlewareResult>;
+/**
+ *
+ * Defines how routes are matched and protected by authentication and optional group-based authorization.
+ *
+ * @category Types
+ *
+ */
+type ProtectedRouteMatcher = string | RegExp | {
+  /**
+   * Route patterns that should be protected.
+   *
+   * Each entry may be:
+   * - A relative route path
+   * - A regular expression used to match routes
+   */
+  routes: (string | RegExp)[];
+  /**
+   * Optional group-based access control.
+   *
+   * When provided, only users belonging to **at least one** of the specified group IDs or names are allowed access.
+   */
+  groups: string[];
+};
+/**
+ * Function used to dynamically determine whether a request should be treated as a protected route.
+ *
+ * @category Types (Handler)
+ *
+ * @param req The incoming Next.js request.
+ * @returns Return `true` to require authentication for the request, or `false` to allow it to continue without protection.
+ */
+type CustomProtectedRouteMatcher = (req: NextRequest) => Promise<boolean> | boolean;
+/**
+ * Handler invoked when an error occurs during execution of an App Router endpoint.
+ *
+ * Allows custom error handling such as logging, transforming the response, or returning a custom `NextResponse`
+ *
+ * @category Types (Handler)
+ *
+ * @param req The incoming Next.js request.
+ * @param ctx The App Router context containing dynamic route parameters.
+ * @param error The error thrown during endpoint execution.
+ * @returns Returns a `NextResponse` or `void`.
+ */
+type AppOnError<T = any> = (req: NextRequest, ctx: T, error: Error) => Promise<NextResponse | void> | NextResponse | void;
+/**
+ * Handler invoked when an error occurs during execution of a Pages Router API endpoint.
+ *
+ * Allows custom error handling such as logging, modifying the response, or sending a custom error payload.
+ *
+ * @category Types (Handler)
+ *
+ * @param req The incoming Next.js API request.
+ * @param res The outgoing Next.js API response.
+ * @param error The error thrown during endpoint execution.
+ * @returns Returns `void` or a Promise that resolves when error handling is complete.
+ */
+type PageOnError = (req: NextApiRequest, res: NextApiResponse, error: Error) => Promise<void> | void;
+/**
+ * Error handler invoked when an exception occurs during execution of the sign-in, callback, sign-out, or userinfo endpoints.
+ *
+ * > - In the **App Router**, you must either return a `NextResponse` or throw an error. Otherwise, the request will remain unresolved.
+ * > - In the **Pages Router**, you must send a response (for example, `res.send()` or `res.json()`) after handling the error, or the request will hang.
+ *
+ * @category Types (Handler)
+ */
+type OnError = AppOnError | PageOnError;
+/**
+ * Options for `monoCloudAuth()`.
+ *
+ * @category Types
+ */
+interface MonoCloudAuthOptions {
+  /**
+   * Optional error handler invoked when an exception occurs during execution of the sign-in, callback, sign-out, or userinfo endpoints.
+   */
+  onError?: OnError;
+}
+/**
+ * Configuration used to determine which routes require authentication.
+ *
+ * You can provide:
+ *
+ * - An array of {@link ProtectedRouteMatcher} values to declaratively define protected routes.
+ * - A {@link CustomProtectedRouteMatcher} function for fully dynamic protection logic.
+ *
+ * @category Types
+ */
+type ProtectedRoutes = ProtectedRouteMatcher[] | CustomProtectedRouteMatcher;
+/**
+ * Options for configuring the MonoCloud authentication middleware.
+ *
+ * These options control which routes are protected and how authentication and authorization failures are handled during request processing.
+ *
+ * @category Types
+ */
+interface MonoCloudMiddlewareOptions {
+  /**
+   * Error handler invoked when an error occurs during execution of authentication endpoints handled by the middleware.
+   *
+   * @param req The incoming Next.js request.
+   * @param evt The associated Next.js fetch event.
+   * @param error The error thrown during execution.
+   * @returns Returns a response to continue the middleware chain, or `void`.
+   */
+  onError?: (req: NextRequest, evt: NextFetchEvent, error: Error) => Promise<NextResponse | void> | NextResponse | void;
+  /**
+   * Defines which routes require authentication.
+   *
+   * Accepts either an array of {@link ProtectedRouteMatcher} or a {@link CustomProtectedRouteMatcher}.
+   *
+   * - If omitted, all routes matched by the middleware config are protected.
+   * - If an empty array is provided, no routes are protected.
+   */
+  protectedRoutes?: ProtectedRoutes;
+  /**
+   * Name of the claim in the user profile that contains group memberships.
+   *
+   * @defaultValue 'groups'
+   */
+  groupsClaim?: string;
+  /**
+   * When `true`, the user must belong to **all** specified groups for authorization to succeed. Otherwise, membership in any one group is sufficient.
+   *
+   * @defaultValue false
+   */
+  matchAll?: boolean;
+  /**
+   * Middleware handler invoked when the user is not authenticated.
+   */
+  onAccessDenied?: NextMiddlewareOnAccessDenied;
+  /**
+   * Middleware handler invoked when the user is authenticated but does not satisfy group authorization requirements.
+   */
+  onGroupAccessDenied?: NextMiddlewareOnGroupAccessDenied;
+}
+/**
+ * A subset of authorization parameters supported by client-side helpers.
+ *
+ * @category Types
+ */
+interface ExtraAuthParams extends Pick<AuthorizationParams, 'scopes' | 'resource' | 'prompt' | 'display' | 'uiLocales' | 'acrValues' | 'authenticatorHint' | 'maxAge' | 'loginHint'> {}
+/**
+ * Represents a Next.js App Router page component (Server Component).
+ *
+ * @category Types (Handler)
+ *
+ * @param props Page props provided by Next.js, including dynamic route parameters and URL search parameters.
+ * @returns A JSX element, or a Promise resolving to one.
+ */
+type AppRouterPageHandler = (props: {
+  /**
+   * Dynamic route parameters extracted from the URL.
+   */
+  params?: Record<string, string | string[]>;
+  /**
+   * URL search parameters (`?key=value`) parsed by Next.js.
+   */
+  searchParams?: Record<string, string | string[] | undefined>;
+}) => Promise<JSX.Element> | JSX.Element;
+/**
+ * Represents a Next.js App Router Route Handler function.
+ *
+ * @category Types (Handler)
+ *
+ * @param req The incoming request object.
+ * @param ctx Route context containing dynamic route parameters.
+ * @returns A `Response` or `NextResponse`, or a Promise resolving to one.
+ */
+type AppRouterApiHandlerFn = (req: NextRequest | Request, ctx: AppRouterContext) => Promise<Response | NextResponse> | Response | NextResponse;
+/**
+ * Options for configuring `protectPage()` in the App Router.
+ *
+ * @category Types
+ */
+interface ProtectAppPageOptions extends GroupOptions {
+  /**
+   * The URL the user should be returned to after successful authentication.
+   *
+   * Defaults to the current request URL.
+   */
+  returnUrl?: string;
+  /**
+   * Alternate Server Component rendered when the user is **not authenticated**.
+   *
+   * If not provided, the default behavior redirects the user to the sign-in flow.
+   */
+  onAccessDenied?: (props: {
+    params?: Record<string, string | string[]>;
+    searchParams?: Record<string, string | string[] | undefined>;
+  }) => Promise<JSX.Element> | JSX.Element;
+  /**
+   * Alternate Server Component rendered when the user is authenticated but does **not** belong to the required groups.
+   *
+   * Receives the resolved authenticated user.
+   */
+  onGroupAccessDenied?: (props: {
+    user: MonoCloudUser;
+    params?: Record<string, string | string[]>;
+    searchParams?: Record<string, string | string[] | undefined>;
+  }) => Promise<JSX.Element> | JSX.Element;
+  /**
+   * Additional authorization parameters applied when redirecting the user to authenticate.
+   */
+  authParams?: ExtraAuthParams;
+}
+/**
+ * Options for configuring `protectPage()` in the Pages Router.
+ *
+ * @category Types
+ *
+ * @typeParam P Props returned from `getServerSideProps`.
+ * @typeParam Q Query parameters parsed from the URL.
+ */
+interface ProtectPagePageOptions<P extends Record<string, any> = Record<string, any>, Q extends ParsedUrlQuery = ParsedUrlQuery> extends GroupOptions {
+  /**
+   * An optional `getServerSideProps` implementation that runs after authentication (and group checks, if configured). Use this to compute additional props for the page.
+   */
+  getServerSideProps?: GetServerSideProps<P, Q>;
+  /**
+   * The URL the user should be returned to after successful authentication.
+   *
+   * Defaults to the current request URL.
+   */
+  returnUrl?: string;
+  /**
+   * Called when no valid session exists.
+   *
+   * If not provided, the default behavior redirects the user to the sign-in flow.
+   */
+  onAccessDenied?: ProtectPagePageOnAccessDeniedType<P, Q>;
+  /**
+   * Called when the user is authenticated but does not satisfy the group requirements.
+   *
+   * If not provided, the default behavior continues rendering and sets `groupAccessDenied` in the returned props, or applies the SDK’s default access-denied behavior.
+   */
+  onGroupAccessDenied?: ProtectPagePageOnGroupAccessDeniedType<P, Q>;
+  /**
+   * Additional authorization parameters applied when redirecting the user to authenticate.
+   */
+  authParams?: ExtraAuthParams;
+}
+/**
+ * Handler invoked when no valid session exists while running a Pages Router `getServerSideProps` protected by `protectPage()`.
+ *
+ * @category Types (Handler)
+ *
+ * @typeParam P Props returned from `getServerSideProps`.
+ * @typeParam Q Query parameters parsed from the URL.
+ * @param context The Next.js `getServerSideProps` context.
+ * @returns A `getServerSideProps` result.
+ */
+type ProtectPagePageOnAccessDeniedType<P, Q extends ParsedUrlQuery = ParsedUrlQuery> = (context: GetServerSidePropsContext<Q>) => Promise<GetServerSidePropsResult<P>> | GetServerSidePropsResult<P>;
+/**
+ * Handler invoked when an authenticated user does not satisfy the required group restrictions while running a Pages Router `getServerSideProps` protected by `protectPage()`.
+ *
+ * @category Types (Handler)
+ *
+ * @typeParam P Props returned from `getServerSideProps`.
+ * @typeParam Q Query parameters parsed from the URL.
+ * @param context The Next.js `getServerSideProps` context.
+ * @returns A `getServerSideProps` result.
+ */
+type ProtectPagePageOnGroupAccessDeniedType<P, Q extends ParsedUrlQuery = ParsedUrlQuery> = (context: GetServerSidePropsContext<Q> & {
+  user: MonoCloudUser;
+}) => Promise<GetServerSidePropsResult<P>> | GetServerSidePropsResult<P>;
+/**
+ * Return type produced by the `protectPage()` wrapper for the Pages Router.
+ *
+ * Represents a `getServerSideProps` compatible function that resolves authentication before executing page logic and injects the authenticated `user` into the returned props.
+ *
+ * @category Types (Handler)
+ *
+ * @typeParam P Props returned from `getServerSideProps`.
+ * @typeParam Q Query parameters parsed from the URL.
+ */
+type ProtectPagePageReturnType<P, Q extends ParsedUrlQuery = ParsedUrlQuery> = (context: GetServerSidePropsContext<Q>) => Promise<GetServerSidePropsResult<P & {
+  user: MonoCloudUser;
+  accessDenied?: boolean;
+}>>;
+/**
+ * App Router Server Component wrapped by `protectPage()`.
+ *
+ * This component is only executed after authentication (and optional authorization) succeeds. The authenticated `user` is injected into the component props automatically.
+ *
+ * @category Types (Handler)
+ */
+type ProtectedAppServerComponent = (props: {
+  /**
+   * The authenticated user resolved from the current session.
+   */
+  user: MonoCloudUser;
+  /**
+   * Dynamic route parameters provided by the App Router.
+   */
+  params?: Record<string, string | string[]>;
+  /**
+   * URL search parameters provided by the App Router.
+   */
+  searchParams?: Record<string, string | string[] | undefined>;
+}) => Promise<JSX.Element> | JSX.Element;
+/**
+ * Handler invoked when a request is denied because the user is not authenticated in an App Router API route.
+ *
+ * @category Types (Handler)
+ *
+ * @param req The incoming Next.js request.
+ * @param ctx The App Router context containing dynamic route parameters.
+ *
+ * @returns Returns a `Response` (or `NextResponse`) or a Promise resolving to one.
+ */
+type AppRouterApiOnAccessDeniedHandler = (req: NextRequest, ctx: AppRouterContext) => Promise<Response> | Response;
+/**
+ * Handler invoked when a request is denied because the authenticated user does not satisfy the required group restrictions in an App Router API route.
+ *
+ * @category Types (Handler)
+ *
+ * @param req The incoming Next.js request.
+ * @param ctx The App Router context containing dynamic route parameters.
+ * @param user The authenticated user associated with the request.
+ *
+ * @returns Returns a `Response` (or `NextResponse`) or a Promise resolving to one.
+ */
+type AppRouterApiOnGroupAccessDeniedHandler = (req: NextRequest, ctx: AppRouterContext, user: MonoCloudUser) => Promise<Response> | Response;
+/**
+ * Options for configuring `protectApi()` in the App Router.
+ *
+ * @category Types
+ */
+interface ProtectApiAppOptions extends GroupOptions {
+  /**
+   * Alternate API route handler invoked when the request is not authenticated.
+   */
+  onAccessDenied?: AppRouterApiOnAccessDeniedHandler;
+  /**
+   * Alternate API route handler invoked when the request is authenticated but the user does not satisfy the required group restrictions.
+   */
+  onGroupAccessDenied?: AppRouterApiOnGroupAccessDeniedHandler;
+}
+/**
+ * Handler function invoked when a request is not authenticated in a Pages Router API route.
+ *
+ * @category Types (Handler)
+ *
+ * @param req The incoming Next.js API request.
+ * @param res The Next.js API response object used to send the custom response.
+ * @returns The handler should send a response using `res` (for example, `res.status(...).json(...)`). Returning a value does not automatically end the request.
+ */
+type PageRouterApiOnAccessDeniedHandler = (req: NextApiRequest, res: NextApiResponse<any>) => Promise<unknown> | unknown;
+/**
+ * Handler function invoked when an authenticated user is denied access in a Pages Router API route due to group authorization restrictions.
+ *
+ * @category Types (Handler)
+ *
+ * @param req The incoming Next.js API request.
+ * @param res The Next.js API response object used to send the custom response.
+ * @returns The handler should send a response using `res` (for example, `res.status(...).json(...)`). Returning a value does not automatically end the request.
+ *
+ * @returns
+ */
+type PageRouterApiOnGroupAccessDeniedHandler = (req: NextApiRequest, res: NextApiResponse<any>, user: MonoCloudUser) => Promise<unknown> | unknown;
+/**
+ * Options for configuring `protectApi()` in the Pages Router.
+ *
+ * @category Types
+ */
+interface ProtectApiPageOptions extends GroupOptions {
+  /**
+   * Alternate API handler invoked when the request is unauthenticated.
+   */
+  onAccessDenied?: PageRouterApiOnAccessDeniedHandler;
+  /**
+   * Alternate API handler invoked when the user is authenticated but does not satisfy the configured group authorization rules.
+   */
+  onGroupAccessDenied?: PageRouterApiOnGroupAccessDeniedHandler;
+}
+/**
+ * Options for configuring the `protect()` helper.
+ *
+ * @category Types
+ */
+interface ProtectOptions extends GroupOptions {
+  /**
+   * The URL to return to after successful authentication.
+   *
+   * If not provided, the current request URL is used.
+   */
+  returnUrl?: string;
+  /**
+   * Additional authorization parameters to include when redirecting the user to the sign-in flow.
+   */
+  authParams?: ExtraAuthParams;
+}
+/**
+ * Configuration options for evaluating user group membership.
+ *
+ * @category Types
+ */
+interface IsUserInGroupOptions {
+  /**
+   * The name of the claim in the user profile that contains group information. This value is read from the authenticated user's session.
+   *
+   * @defaultValue 'groups'
+   */
+  groupsClaim?: string;
+  /**
+   * Determines how multiple groups are evaluated. When `true`, the user must belong to **all** specified groups for authorization to succeed. Otherwise, membership in any one group is sufficient.
+   *
+   * @defaultValue false
+   */
+  matchAll?: boolean;
+}
+/**
+ * Configuration options that require the user to belong to specific groups.
+ *
+ * @category Types
+ */
+interface GroupOptions extends IsUserInGroupOptions {
+  /**
+   * A list of group IDs or group names the authenticated user must belong to.
+   *
+   * Group membership is evaluated using the configured `groupsClaim` from the user session.
+   */
+  groups?: string[];
+}
+/**
+ * Options for `redirectToSignIn()`
+ *
+ * @category Types
+ */
+interface RedirectToSignInOptions {
+  /**
+   * URL to return the user to after successful authentication. Must be a relative application URL.
+   */
+  returnUrl?: string;
+  /**
+   * Maximum allowed time (in seconds) since the user's last authentication.
+   */
+  maxAge?: number;
+  /**
+   * Hint to the authorization server indicating which authenticator should be used during sign-in.
+   */
+  authenticatorHint?: Authenticators;
+  /**
+   * Scopes to request during authentication.
+   */
+  scopes?: string[];
+  /**
+   * Resource indicators the access token should be issued for.
+   */
+  resource?: string[];
+  /**
+   * Preferred UI language(s) for the authentication experience.
+   */
+  uiLocales?: string;
+  /**
+   * Preferred display mode for the authentication UI.
+   */
+  display?: DisplayOptions;
+  /**
+   * Authentication Context Class Reference (ACR) values requesting specific authentication methods or assurance levels.
+   */
+  acrValues?: string[];
+  /**
+   * Hint about the user's identifier (for example, email or username).
+   */
+  loginHint?: string;
+  /**
+   * Controls whether the authorization server should force specific user interactions during authentication
+   */
+  prompt?: Prompt;
+}
+/**
+ * Options for `redirectToSignOut()`
+ *
+ * @category Types
+ */
+interface RedirectToSignOutOptions {
+  /**
+   * URL where the authorization server should redirect the user after a successful sign-out.
+   *
+   * This value must match one of the registered Sign-out Redirect URLs configured for the application.
+   */
+  postLogoutRedirectUri?: string;
+  /**
+   * When enabled, the user is also signed out from MonoCloud (Single Sign-Out).
+   */
+  federated?: boolean;
+}
+//#endregion
+export { ProtectedRouteMatcher as A, ProtectAppPageOptions as C, ProtectPagePageOptions as D, ProtectPagePageOnGroupAccessDeniedType as E, RedirectToSignInOptions as M, RedirectToSignOutOptions as N, ProtectPagePageReturnType as O, ProtectApiPageOptions as S, ProtectPagePageOnAccessDeniedType as T, OnError as _, AppRouterContext as a, PageRouterApiOnGroupAccessDeniedHandler as b, ExtraAuthParams as c, MonoCloudAuthHandler as d, MonoCloudAuthOptions as f, NextMiddlewareResult as g, NextMiddlewareOnGroupAccessDenied as h, AppRouterApiOnGroupAccessDeniedHandler as i, ProtectedRoutes as j, ProtectedAppServerComponent as k, GroupOptions as l, NextMiddlewareOnAccessDenied as m, AppRouterApiHandlerFn as n, AppRouterPageHandler as o, MonoCloudMiddlewareOptions as p, AppRouterApiOnAccessDeniedHandler as r, CustomProtectedRouteMatcher as s, AppOnError as t, IsUserInGroupOptions as u, PageOnError as v, ProtectOptions as w, ProtectApiAppOptions as x, PageRouterApiOnAccessDeniedHandler as y };
+//# sourceMappingURL=types-xS_Me3Qg.d.mts.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@monocloud/auth-nextjs",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "MonoCloud Next.js Authentication SDK",
   "keywords": [
     "monocloud",
@@ -56,18 +56,19 @@
   },
   "dependencies": {
     "cookie": "1.1.1",
-    "swr": "2.3.8",
-    "@monocloud/auth-node-core": "0.1.4"
+    "swr": "2.4.0",
+    "@monocloud/auth-node-core": "0.1.6",
+    "@monocloud/auth-core": "0.1.5"
   },
   "devDependencies": {
     "@edge-runtime/vm": "5.0.0",
     "@testing-library/dom": "10.4.1",
-    "@testing-library/react": "16.3.1",
+    "@testing-library/react": "16.3.2",
     "@types/body-parser": "1.19.6",
-    "@types/react": "19.2.7",
+    "@types/react": "19.2.13",
     "@types/react-dom": "19.2.3",
-    "body-parser": "2.2.1",
-    "eslint": "9.39.2",
+    "body-parser": "2.2.2",
+    "eslint": "10.0.0",
     "nock": "15.0.0",
     "tough-cookie": "6.0.0",
     "url-search-params-polyfill": "8.2.5",

package/dist/client-D-3RMRNY.mjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"client-D-3RMRNY.mjs","names":[],"sources":["../src/client/use-auth.tsx","../src/client/protect.tsx"],"sourcesContent":["'use client';\n\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport useSWR from 'swr';\n\n/**\n * Authentication State returned by `useAuth` hook.\n */\nexport interface AuthState {\n /**\n * Flag indicating if the authentication state is still loading.\n */\n isLoading: boolean;\n /**\n * Flag indicating if the user is authenticated.\n */\n isAuthenticated: boolean;\n /**\n * Error encountered during authentication, if any.\n */\n error?: Error;\n /**\n * The authenticated user's information, if available.\n */\n user?: MonoCloudUser;\n /**\n * Function to refetch the authentication state.\n *\n */\n refetch: (refresh?: boolean) => void;\n}\n\nconst fetchUser = async (url: string): Promise<MonoCloudUser | undefined> => {\n const res = await fetch(url, { credentials: 'include' });\n\n if (res.status === 204) {\n return undefined;\n }\n\n if (res.ok) {\n return res.json();\n }\n\n throw new Error('Failed to fetch user');\n};\n\n/**\n *\n * Hook for getting the user's profile on client components\n *\n * @returns Authentication State\n *\n * @example App Router\n *\n * ```tsx\n * \"use client\";\n *\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n * const { user } = useAuth();\n *\n * return <>User Id: {user?.sub}</>;\n * }\n * ```\n *\n * @example App Router - Refetch user from Userinfo endpoint\n *\n * Calling `refetch(true)` will force refresh the user's profile from the userinfo endpoint.\n * If you do not intent to refersh from your tenants userinfo endpoint, use just `refetch()`\n *\n * **Note⚠️: You need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for force refresh to work**\n *\n * ```tsx\n * \"use client\";\n *\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n * const { user, refetch } = useAuth();\n *\n * return (\n * <>\n * <pre>{JSON.stringify(user)}</pre>\n * <button onClick={() => refetch(true)}>Refresh</button>\n * </>\n * );\n * }\n * ```\n *\n * @example Pages Router\n *\n * ```tsx\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n * const { user } = useAuth();\n *\n * return <>User Id: {user?.sub}</>;\n * }\n * ```\n *\n * @example Pages Router - Refetch user from Userinfo endpoint\n *\n * Calling `refetch(true)` will force refresh the user's profile from the userinfo endpoint.\n * If you do not intent to refersh from your tenants userinfo endpoint, use just `refetch()`\n *\n * **Note⚠️: You need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for force refresh to work**\n *\n * ```tsx\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n * const { user, refetch } = useAuth();\n *\n * return (\n * <>\n * <pre>{JSON.stringify(user)}</pre>\n * <button onClick={() => refetch(true)}>Refresh</button>\n * </>\n * );\n * }\n * ```\n *\n */\nexport const useAuth = (): AuthState => {\n const key =\n process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_USER_INFO_URL ??\n // eslint-disable-next-line no-underscore-dangle\n `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/userinfo`;\n\n const { data, error, isLoading, mutate } = useSWR<MonoCloudUser | undefined>(\n key,\n fetchUser\n );\n\n const refetch = (refresh?: boolean): void => {\n const url = new URL(key, 'https://dummy');\n if (refresh) {\n url.searchParams.set('refresh', 'true');\n }\n\n void mutate(async () => await fetchUser(url.pathname + url.search), {\n revalidate: false,\n });\n };\n\n if (error) {\n return {\n user: undefined,\n isLoading: false,\n isAuthenticated: false,\n error: error as Error,\n refetch,\n };\n }\n\n if (data) {\n return {\n user: data,\n isLoading,\n isAuthenticated: !!data && Object.keys(data).length > 0,\n error: undefined,\n refetch,\n };\n }\n\n return {\n user: undefined,\n isLoading,\n isAuthenticated: false,\n error: undefined,\n /* v8 ignore next -- @preserve */\n refetch: (): void => {},\n };\n};\n","/* eslint-disable react/display-name */\n'use client';\n\nimport React, { ComponentType, JSX, useEffect } from 'react';\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport { isUserInGroup } from '@monocloud/auth-node-core/utils';\nimport { useAuth } from './use-auth';\nimport { ExtraAuthParams, GroupOptions } from '../types';\n\n/**\n * Options for configuring page protection.\n */\nexport type ProtectPageOptions = {\n /**\n *The url where the user will be redirected to after sign in\n */\n returnUrl?: string;\n\n /**\n * A custom react element to render when the user is not authenticated.\n */\n fallback?: (user?: MonoCloudUser) => JSX.Element;\n\n /**\n * A custom react element to render when the user is authenticated but does not belong to the required groups.\n */\n groupFallback?: (user: MonoCloudUser) => JSX.Element;\n\n /**\n * Authorization parameters to be used during authentication.\n */\n authParams?: ExtraAuthParams;\n\n /**\n * Callback function to handle errors.\n * If not provided, errors will be thrown.\n *\n * @param error - The error object.\n * @returns JSX element to handle the error.\n */\n onError?: (error: Error) => JSX.Element;\n} & GroupOptions;\n\nexport const redirectToSignIn = (\n options: { returnUrl?: string } & ExtraAuthParams\n): void => {\n const searchParams = new URLSearchParams(window.location.search);\n searchParams.set(\n 'return_url',\n options.returnUrl ?? window.location.toString()\n );\n\n if (options?.scopes) {\n searchParams.set('scope', options.scopes);\n }\n if (options?.resource) {\n searchParams.set('resource', options.resource);\n }\n\n if (options?.acrValues) {\n searchParams.set('acr_values', options.acrValues.join(' '));\n }\n\n if (options?.display) {\n searchParams.set('display', options.display);\n }\n\n if (options?.prompt) {\n searchParams.set('prompt', options.prompt);\n }\n\n if (options?.authenticatorHint) {\n searchParams.set('authenticator_hint', options.authenticatorHint);\n }\n\n if (options?.uiLocales) {\n searchParams.set('ui_locales', options.uiLocales);\n }\n\n if (options?.maxAge) {\n searchParams.set('max_age', options.maxAge.toString());\n }\n\n if (options?.loginHint) {\n searchParams.set('login_hint', options.loginHint);\n }\n\n window.location.assign(\n // eslint-disable-next-line no-underscore-dangle\n `${process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_SIGNIN_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/signin`}?${searchParams.toString()}`\n );\n};\n\nconst handlePageError = (\n error: Error,\n options?: ProtectPageOptions\n): JSX.Element => {\n /* v8 ignore else -- @preserve */\n if (options?.onError) {\n return options.onError(error);\n }\n\n /* v8 ignore next -- @preserve */\n throw error;\n};\n\n/**\n * Function to protect a client rendered page component.\n * Ensures that only authenticated users can access the component.\n *\n * **Note⚠️: Since `window.location` is set as `returnUrl` query param by default, you need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for returning to the same page.**\n *\n * @param Component - The component to protect.\n * @param options - The options.\n *\n * @returns Protected client rendered page component.\n *\n * @example App Router\n *\n * ```tsx\n * \"use client\";\n *\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(function Home() {\n * return <>You are signed in</>;\n * });\n * ```\n *\n * @example App Router with options\n *\n * See {@link ProtectPageOptions} for more options.\n *\n * ```tsx\n * \"use client\";\n *\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(\n * function Home() {\n * return <>You are signed in</>;\n * },\n * { returnUrl: \"/dashboard\", authParams: { loginHint: \"username\" } }\n * );\n * ```\n * @example Custom Fallback\n *\n * ```tsx\n * \"use client\";\n *\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(\n * function Home() {\n * return <>You are signed in</>;\n * },\n * {\n * fallback: () => <div>Please sign in to continue</div>\n * }\n * );\n * ```\n *\n * @example Group Protection with Group Fallback\n *\n * ```tsx\n * \"use client\";\n *\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(\n * function Home() {\n * return <>Welcome Admin</>;\n * },\n * {\n * groups: [\"admin\"],\n * groupFallback: (user) => <div>User {user.email} is not an admin</div>\n * }\n * );\n * ```\n *\n * @example Pages Router\n *\n * ```tsx\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(function Home() {\n * return <>You are signed in</>;\n * });\n * ```\n *\n * @example Pages Router with options\n *\n * See {@link ProtectPageOptions} for more options.\n *\n * ```tsx\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(\n * function Home() {\n * return <>You are signed in</>;\n * },\n * { returnUrl: \"/dashboard\", authParams: { loginHint: \"username\" } }\n * );\n * ```\n */\nexport const protectPage = <P extends object>(\n Component: ComponentType<P & { user: MonoCloudUser }>,\n options?: ProtectPageOptions\n): React.FC<P> => {\n return props => {\n const { user, error, isLoading } = useAuth();\n\n useEffect(() => {\n if (!user && !isLoading && !error) {\n if (options?.fallback) {\n return;\n }\n\n const authParams = options?.authParams ?? {};\n redirectToSignIn({\n returnUrl: options?.returnUrl,\n ...authParams,\n });\n }\n }, [user, isLoading, error]);\n\n if (error) {\n return handlePageError(error, options);\n }\n\n if (!user && !isLoading && options?.fallback) {\n return options.fallback();\n }\n\n if (user) {\n if (\n options?.groups &&\n !isUserInGroup(\n user,\n options.groups,\n options.groupsClaim ??\n process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_GROUPS_CLAIM,\n options.matchAll\n )\n ) {\n const { groupFallback = (): JSX.Element => <div>Access Denied</div> } =\n options;\n return groupFallback(user);\n }\n\n return <Component user={user} {...props} />;\n }\n\n return null;\n };\n};\n"],"mappings":";;;;;AAgCA,MAAM,YAAY,OAAO,QAAoD;CAC3E,MAAM,MAAM,MAAM,MAAM,KAAK,EAAE,aAAa,WAAW,CAAC;AAExD,KAAI,IAAI,WAAW,IACjB;AAGF,KAAI,IAAI,GACN,QAAO,IAAI,MAAM;AAGnB,OAAM,IAAI,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkFzC,MAAa,gBAA2B;CACtC,MAAM,MACJ,QAAQ,IAAI,4CAEZ,GAAG,QAAQ,IAAI,0BAA0B,GAAG;CAE9C,MAAM,EAAE,MAAM,OAAO,WAAW,WAAW,OACzC,KACA,UACD;CAED,MAAM,WAAW,YAA4B;EAC3C,MAAM,MAAM,IAAI,IAAI,KAAK,gBAAgB;AACzC,MAAI,QACF,KAAI,aAAa,IAAI,WAAW,OAAO;AAGzC,EAAK,OAAO,YAAY,MAAM,UAAU,IAAI,WAAW,IAAI,OAAO,EAAE,EAClE,YAAY,OACb,CAAC;;AAGJ,KAAI,MACF,QAAO;EACL,MAAM;EACN,WAAW;EACX,iBAAiB;EACV;EACP;EACD;AAGH,KAAI,KACF,QAAO;EACL,MAAM;EACN;EACA,iBAAiB,CAAC,CAAC,QAAQ,OAAO,KAAK,KAAK,CAAC,SAAS;EACtD,OAAO;EACP;EACD;AAGH,QAAO;EACL,MAAM;EACN;EACA,iBAAiB;EACjB,OAAO;EAEP,eAAqB;EACtB;;;;;ACnIH,MAAa,oBACX,YACS;CACT,MAAM,eAAe,IAAI,gBAAgB,OAAO,SAAS,OAAO;AAChE,cAAa,IACX,cACA,QAAQ,aAAa,OAAO,SAAS,UAAU,CAChD;AAED,uDAAI,QAAS,OACX,cAAa,IAAI,SAAS,QAAQ,OAAO;AAE3C,uDAAI,QAAS,SACX,cAAa,IAAI,YAAY,QAAQ,SAAS;AAGhD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU,KAAK,IAAI,CAAC;AAG7D,uDAAI,QAAS,QACX,cAAa,IAAI,WAAW,QAAQ,QAAQ;AAG9C,uDAAI,QAAS,OACX,cAAa,IAAI,UAAU,QAAQ,OAAO;AAG5C,uDAAI,QAAS,kBACX,cAAa,IAAI,sBAAsB,QAAQ,kBAAkB;AAGnE,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,uDAAI,QAAS,OACX,cAAa,IAAI,WAAW,QAAQ,OAAO,UAAU,CAAC;AAGxD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,QAAO,SAAS,OAEd,GAAG,QAAQ,IAAI,yCAAyC,GAAG,QAAQ,IAAI,0BAA0B,GAAG,kBAAkB,GAAG,aAAa,UAAU,GACjJ;;AAGH,MAAM,mBACJ,OACA,YACgB;;AAEhB,uDAAI,QAAS,QACX,QAAO,QAAQ,QAAQ,MAAM;;AAI/B,OAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsGR,MAAa,eACX,WACA,YACgB;AAChB,SAAO,UAAS;EACd,MAAM,EAAE,MAAM,OAAO,cAAc,SAAS;AAE5C,kBAAgB;AACd,OAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO;AACjC,0DAAI,QAAS,SACX;IAGF,MAAM,gEAAa,QAAS,eAAc,EAAE;AAC5C,qBAAiB;KACf,6DAAW,QAAS;KACpB,GAAG;KACJ,CAAC;;KAEH;GAAC;GAAM;GAAW;GAAM,CAAC;AAE5B,MAAI,MACF,QAAO,gBAAgB,OAAO,QAAQ;AAGxC,MAAI,CAAC,QAAQ,CAAC,gEAAa,QAAS,UAClC,QAAO,QAAQ,UAAU;AAG3B,MAAI,MAAM;AACR,0DACE,QAAS,WACT,CAAC,cACC,MACA,QAAQ,QACR,QAAQ,eACN,QAAQ,IAAI,yCACd,QAAQ,SACT,EACD;IACA,MAAM,EAAE,sBAAmC,oCAAC,aAAI,gBAAmB,KACjE;AACF,WAAO,cAAc,KAAK;;AAG5B,UAAO,oCAAC;IAAgB;IAAM,GAAI;KAAS;;AAG7C,SAAO"}

package/dist/client-xfBYYato.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"client-xfBYYato.cjs","names":[],"sources":["../src/client/use-auth.tsx","../src/client/protect.tsx"],"sourcesContent":["'use client';\n\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport useSWR from 'swr';\n\n/**\n * Authentication State returned by `useAuth` hook.\n */\nexport interface AuthState {\n /**\n * Flag indicating if the authentication state is still loading.\n */\n isLoading: boolean;\n /**\n * Flag indicating if the user is authenticated.\n */\n isAuthenticated: boolean;\n /**\n * Error encountered during authentication, if any.\n */\n error?: Error;\n /**\n * The authenticated user's information, if available.\n */\n user?: MonoCloudUser;\n /**\n * Function to refetch the authentication state.\n *\n */\n refetch: (refresh?: boolean) => void;\n}\n\nconst fetchUser = async (url: string): Promise<MonoCloudUser | undefined> => {\n const res = await fetch(url, { credentials: 'include' });\n\n if (res.status === 204) {\n return undefined;\n }\n\n if (res.ok) {\n return res.json();\n }\n\n throw new Error('Failed to fetch user');\n};\n\n/**\n *\n * Hook for getting the user's profile on client components\n *\n * @returns Authentication State\n *\n * @example App Router\n *\n * ```tsx\n * \"use client\";\n *\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n * const { user } = useAuth();\n *\n * return <>User Id: {user?.sub}</>;\n * }\n * ```\n *\n * @example App Router - Refetch user from Userinfo endpoint\n *\n * Calling `refetch(true)` will force refresh the user's profile from the userinfo endpoint.\n * If you do not intent to refersh from your tenants userinfo endpoint, use just `refetch()`\n *\n * **Note⚠️: You need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for force refresh to work**\n *\n * ```tsx\n * \"use client\";\n *\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n * const { user, refetch } = useAuth();\n *\n * return (\n * <>\n * <pre>{JSON.stringify(user)}</pre>\n * <button onClick={() => refetch(true)}>Refresh</button>\n * </>\n * );\n * }\n * ```\n *\n * @example Pages Router\n *\n * ```tsx\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n * const { user } = useAuth();\n *\n * return <>User Id: {user?.sub}</>;\n * }\n * ```\n *\n * @example Pages Router - Refetch user from Userinfo endpoint\n *\n * Calling `refetch(true)` will force refresh the user's profile from the userinfo endpoint.\n * If you do not intent to refersh from your tenants userinfo endpoint, use just `refetch()`\n *\n * **Note⚠️: You need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for force refresh to work**\n *\n * ```tsx\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n * const { user, refetch } = useAuth();\n *\n * return (\n * <>\n * <pre>{JSON.stringify(user)}</pre>\n * <button onClick={() => refetch(true)}>Refresh</button>\n * </>\n * );\n * }\n * ```\n *\n */\nexport const useAuth = (): AuthState => {\n const key =\n process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_USER_INFO_URL ??\n // eslint-disable-next-line no-underscore-dangle\n `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/userinfo`;\n\n const { data, error, isLoading, mutate } = useSWR<MonoCloudUser | undefined>(\n key,\n fetchUser\n );\n\n const refetch = (refresh?: boolean): void => {\n const url = new URL(key, 'https://dummy');\n if (refresh) {\n url.searchParams.set('refresh', 'true');\n }\n\n void mutate(async () => await fetchUser(url.pathname + url.search), {\n revalidate: false,\n });\n };\n\n if (error) {\n return {\n user: undefined,\n isLoading: false,\n isAuthenticated: false,\n error: error as Error,\n refetch,\n };\n }\n\n if (data) {\n return {\n user: data,\n isLoading,\n isAuthenticated: !!data && Object.keys(data).length > 0,\n error: undefined,\n refetch,\n };\n }\n\n return {\n user: undefined,\n isLoading,\n isAuthenticated: false,\n error: undefined,\n /* v8 ignore next -- @preserve */\n refetch: (): void => {},\n };\n};\n","/* eslint-disable react/display-name */\n'use client';\n\nimport React, { ComponentType, JSX, useEffect } from 'react';\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport { isUserInGroup } from '@monocloud/auth-node-core/utils';\nimport { useAuth } from './use-auth';\nimport { ExtraAuthParams, GroupOptions } from '../types';\n\n/**\n * Options for configuring page protection.\n */\nexport type ProtectPageOptions = {\n /**\n *The url where the user will be redirected to after sign in\n */\n returnUrl?: string;\n\n /**\n * A custom react element to render when the user is not authenticated.\n */\n fallback?: (user?: MonoCloudUser) => JSX.Element;\n\n /**\n * A custom react element to render when the user is authenticated but does not belong to the required groups.\n */\n groupFallback?: (user: MonoCloudUser) => JSX.Element;\n\n /**\n * Authorization parameters to be used during authentication.\n */\n authParams?: ExtraAuthParams;\n\n /**\n * Callback function to handle errors.\n * If not provided, errors will be thrown.\n *\n * @param error - The error object.\n * @returns JSX element to handle the error.\n */\n onError?: (error: Error) => JSX.Element;\n} & GroupOptions;\n\nexport const redirectToSignIn = (\n options: { returnUrl?: string } & ExtraAuthParams\n): void => {\n const searchParams = new URLSearchParams(window.location.search);\n searchParams.set(\n 'return_url',\n options.returnUrl ?? window.location.toString()\n );\n\n if (options?.scopes) {\n searchParams.set('scope', options.scopes);\n }\n if (options?.resource) {\n searchParams.set('resource', options.resource);\n }\n\n if (options?.acrValues) {\n searchParams.set('acr_values', options.acrValues.join(' '));\n }\n\n if (options?.display) {\n searchParams.set('display', options.display);\n }\n\n if (options?.prompt) {\n searchParams.set('prompt', options.prompt);\n }\n\n if (options?.authenticatorHint) {\n searchParams.set('authenticator_hint', options.authenticatorHint);\n }\n\n if (options?.uiLocales) {\n searchParams.set('ui_locales', options.uiLocales);\n }\n\n if (options?.maxAge) {\n searchParams.set('max_age', options.maxAge.toString());\n }\n\n if (options?.loginHint) {\n searchParams.set('login_hint', options.loginHint);\n }\n\n window.location.assign(\n // eslint-disable-next-line no-underscore-dangle\n `${process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_SIGNIN_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/signin`}?${searchParams.toString()}`\n );\n};\n\nconst handlePageError = (\n error: Error,\n options?: ProtectPageOptions\n): JSX.Element => {\n /* v8 ignore else -- @preserve */\n if (options?.onError) {\n return options.onError(error);\n }\n\n /* v8 ignore next -- @preserve */\n throw error;\n};\n\n/**\n * Function to protect a client rendered page component.\n * Ensures that only authenticated users can access the component.\n *\n * **Note⚠️: Since `window.location` is set as `returnUrl` query param by default, you need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for returning to the same page.**\n *\n * @param Component - The component to protect.\n * @param options - The options.\n *\n * @returns Protected client rendered page component.\n *\n * @example App Router\n *\n * ```tsx\n * \"use client\";\n *\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(function Home() {\n * return <>You are signed in</>;\n * });\n * ```\n *\n * @example App Router with options\n *\n * See {@link ProtectPageOptions} for more options.\n *\n * ```tsx\n * \"use client\";\n *\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(\n * function Home() {\n * return <>You are signed in</>;\n * },\n * { returnUrl: \"/dashboard\", authParams: { loginHint: \"username\" } }\n * );\n * ```\n * @example Custom Fallback\n *\n * ```tsx\n * \"use client\";\n *\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(\n * function Home() {\n * return <>You are signed in</>;\n * },\n * {\n * fallback: () => <div>Please sign in to continue</div>\n * }\n * );\n * ```\n *\n * @example Group Protection with Group Fallback\n *\n * ```tsx\n * \"use client\";\n *\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(\n * function Home() {\n * return <>Welcome Admin</>;\n * },\n * {\n * groups: [\"admin\"],\n * groupFallback: (user) => <div>User {user.email} is not an admin</div>\n * }\n * );\n * ```\n *\n * @example Pages Router\n *\n * ```tsx\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(function Home() {\n * return <>You are signed in</>;\n * });\n * ```\n *\n * @example Pages Router with options\n *\n * See {@link ProtectPageOptions} for more options.\n *\n * ```tsx\n * import { protectPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectPage(\n * function Home() {\n * return <>You are signed in</>;\n * },\n * { returnUrl: \"/dashboard\", authParams: { loginHint: \"username\" } }\n * );\n * ```\n */\nexport const protectPage = <P extends object>(\n Component: ComponentType<P & { user: MonoCloudUser }>,\n options?: ProtectPageOptions\n): React.FC<P> => {\n return props => {\n const { user, error, isLoading } = useAuth();\n\n useEffect(() => {\n if (!user && !isLoading && !error) {\n if (options?.fallback) {\n return;\n }\n\n const authParams = options?.authParams ?? {};\n redirectToSignIn({\n returnUrl: options?.returnUrl,\n ...authParams,\n });\n }\n }, [user, isLoading, error]);\n\n if (error) {\n return handlePageError(error, options);\n }\n\n if (!user && !isLoading && options?.fallback) {\n return options.fallback();\n }\n\n if (user) {\n if (\n options?.groups &&\n !isUserInGroup(\n user,\n options.groups,\n options.groupsClaim ??\n process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_GROUPS_CLAIM,\n options.matchAll\n )\n ) {\n const { groupFallback = (): JSX.Element => <div>Access Denied</div> } =\n options;\n return groupFallback(user);\n }\n\n return <Component user={user} {...props} />;\n }\n\n return null;\n };\n};\n"],"mappings":";;;;;;;;AAgCA,MAAM,YAAY,OAAO,QAAoD;CAC3E,MAAM,MAAM,MAAM,MAAM,KAAK,EAAE,aAAa,WAAW,CAAC;AAExD,KAAI,IAAI,WAAW,IACjB;AAGF,KAAI,IAAI,GACN,QAAO,IAAI,MAAM;AAGnB,OAAM,IAAI,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkFzC,MAAa,gBAA2B;CACtC,MAAM,MACJ,QAAQ,IAAI,4CAEZ,GAAG,QAAQ,IAAI,0BAA0B,GAAG;CAE9C,MAAM,EAAE,MAAM,OAAO,WAAW,4BAC9B,KACA,UACD;CAED,MAAM,WAAW,YAA4B;EAC3C,MAAM,MAAM,IAAI,IAAI,KAAK,gBAAgB;AACzC,MAAI,QACF,KAAI,aAAa,IAAI,WAAW,OAAO;AAGzC,EAAK,OAAO,YAAY,MAAM,UAAU,IAAI,WAAW,IAAI,OAAO,EAAE,EAClE,YAAY,OACb,CAAC;;AAGJ,KAAI,MACF,QAAO;EACL,MAAM;EACN,WAAW;EACX,iBAAiB;EACV;EACP;EACD;AAGH,KAAI,KACF,QAAO;EACL,MAAM;EACN;EACA,iBAAiB,CAAC,CAAC,QAAQ,OAAO,KAAK,KAAK,CAAC,SAAS;EACtD,OAAO;EACP;EACD;AAGH,QAAO;EACL,MAAM;EACN;EACA,iBAAiB;EACjB,OAAO;EAEP,eAAqB;EACtB;;;;;ACnIH,MAAa,oBACX,YACS;CACT,MAAM,eAAe,IAAI,gBAAgB,OAAO,SAAS,OAAO;AAChE,cAAa,IACX,cACA,QAAQ,aAAa,OAAO,SAAS,UAAU,CAChD;AAED,uDAAI,QAAS,OACX,cAAa,IAAI,SAAS,QAAQ,OAAO;AAE3C,uDAAI,QAAS,SACX,cAAa,IAAI,YAAY,QAAQ,SAAS;AAGhD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU,KAAK,IAAI,CAAC;AAG7D,uDAAI,QAAS,QACX,cAAa,IAAI,WAAW,QAAQ,QAAQ;AAG9C,uDAAI,QAAS,OACX,cAAa,IAAI,UAAU,QAAQ,OAAO;AAG5C,uDAAI,QAAS,kBACX,cAAa,IAAI,sBAAsB,QAAQ,kBAAkB;AAGnE,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,uDAAI,QAAS,OACX,cAAa,IAAI,WAAW,QAAQ,OAAO,UAAU,CAAC;AAGxD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,QAAO,SAAS,OAEd,GAAG,QAAQ,IAAI,yCAAyC,GAAG,QAAQ,IAAI,0BAA0B,GAAG,kBAAkB,GAAG,aAAa,UAAU,GACjJ;;AAGH,MAAM,mBACJ,OACA,YACgB;;AAEhB,uDAAI,QAAS,QACX,QAAO,QAAQ,QAAQ,MAAM;;AAI/B,OAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsGR,MAAa,eACX,WACA,YACgB;AAChB,SAAO,UAAS;EACd,MAAM,EAAE,MAAM,OAAO,cAAc,SAAS;AAE5C,6BAAgB;AACd,OAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO;AACjC,0DAAI,QAAS,SACX;IAGF,MAAM,gEAAa,QAAS,eAAc,EAAE;AAC5C,qBAAiB;KACf,6DAAW,QAAS;KACpB,GAAG;KACJ,CAAC;;KAEH;GAAC;GAAM;GAAW;GAAM,CAAC;AAE5B,MAAI,MACF,QAAO,gBAAgB,OAAO,QAAQ;AAGxC,MAAI,CAAC,QAAQ,CAAC,gEAAa,QAAS,UAClC,QAAO,QAAQ,UAAU;AAG3B,MAAI,MAAM;AACR,0DACE,QAAS,WACT,oDACE,MACA,QAAQ,QACR,QAAQ,eACN,QAAQ,IAAI,yCACd,QAAQ,SACT,EACD;IACA,MAAM,EAAE,sBAAmC,4CAAC,aAAI,gBAAmB,KACjE;AACF,WAAO,cAAc,KAAK;;AAG5B,UAAO,4CAAC;IAAgB;IAAM,GAAI;KAAS;;AAG7C,SAAO"}