@monocloud/auth-nextjs 0.1.9 → 0.1.11

package/dist/index.mjs

@@ -1,1126 +1,5 @@
-import { MonoCloudAuthBaseError, MonoCloudCoreClient, MonoCloudHttpError, MonoCloudOPError, MonoCloudTokenError, MonoCloudValidationError, MonoCloudValidationError as MonoCloudValidationError$1 } from "@monocloud/auth-node-core";
-import { NextRequest, NextResponse } from "next/server.js";
-import { ensureLeadingSlash, isAbsoluteUrl, isPresent } from "@monocloud/auth-node-core/internal";
-import { isUserInGroup as isUserInGroup$1 } from "@monocloud/auth-node-core/utils";
-import { serialize } from "cookie";
+import { MonoCloudNextClient } from "./monocloud-next-client.mjs";
+import { authMiddleware, getSession, getTokens, isAuthenticated, isUserInGroup, monoCloudAuth, protect, protectApi, protectPage, redirectToSignIn, redirectToSignOut } from "./initialize.mjs";
+import { MonoCloudAuthBaseError, MonoCloudHttpError, MonoCloudOPError, MonoCloudTokenError, MonoCloudValidationError } from "@monocloud/auth-node-core";
 
-//#region src/requests/monocloud-app-router-request.ts
-var MonoCloudAppRouterRequest = class {
-	constructor(req) {
-		this.req = req;
-	}
-	getQuery(parameter) {
-		return new URL(this.req.url).searchParams.get(parameter) ?? void 0;
-	}
-	getCookie(name) {
-		var _this$req$cookies$get;
-		return Promise.resolve((_this$req$cookies$get = this.req.cookies.get(name)) === null || _this$req$cookies$get === void 0 ? void 0 : _this$req$cookies$get.value);
-	}
-	async getRawRequest() {
-		return {
-			method: this.req.method,
-			url: this.req.url,
-			body: await this.req.text()
-		};
-	}
-	getAllCookies() {
-		const values = /* @__PURE__ */ new Map();
-		this.req.cookies.getAll().forEach((x) => {
-			values.set(x.name, x.value);
-		});
-		return Promise.resolve(values);
-	}
-};
-
-//#endregion
-//#region src/requests/monocloud-page-router-request.ts
-var MonoCloudPageRouterRequest = class {
-	constructor(req) {
-		this.req = req;
-	}
-	/* v8 ignore next */
-	getQuery(parameter) {
-		return this.req.query[parameter];
-	}
-	/* v8 ignore next */
-	getCookie(name) {
-		return Promise.resolve(this.req.cookies[name]);
-	}
-	/* v8 ignore next */
-	getRawRequest() {
-		return Promise.resolve({
-			method: this.req.method,
-			url: this.req.url,
-			body: this.req.body
-		});
-	}
-	getAllCookies() {
-		const values = /* @__PURE__ */ new Map();
-		const { cookies } = this.req;
-		Object.keys(cookies).forEach((x) => {
-			const val = cookies[x];
-			/* v8 ignore else -- @preserve */
-			if (typeof x === "string" && typeof val === "string") values.set(x, val);
-		});
-		return Promise.resolve(values);
-	}
-};
-
-//#endregion
-//#region src/responses/monocloud-app-router-response.ts
-var MonoCloudAppRouterResponse = class {
-	constructor(res) {
-		this.res = res;
-	}
-	setCookie(cookieName, value, options) {
-		this.res.cookies.set(cookieName, value, options);
-		return Promise.resolve();
-	}
-	redirect(url, statusCode = 302) {
-		const { headers } = this.res;
-		this.res = NextResponse.redirect(url, {
-			status: statusCode,
-			headers
-		});
-	}
-	sendJson(data, statusCode) {
-		const { headers } = this.res;
-		this.res = NextResponse.json(data, {
-			status: statusCode,
-			headers
-		});
-	}
-	/* v8 ignore next */
-	notFound() {
-		const { headers } = this.res;
-		this.res = new NextResponse(null, {
-			status: 404,
-			headers
-		});
-	}
-	internalServerError() {
-		const { headers } = this.res;
-		this.res = new NextResponse(null, {
-			status: 500,
-			headers
-		});
-	}
-	noContent() {
-		const { headers } = this.res;
-		this.res = new NextResponse(null, {
-			status: 204,
-			headers
-		});
-	}
-	methodNotAllowed() {
-		const { headers } = this.res;
-		this.res = new NextResponse(null, {
-			status: 405,
-			headers
-		});
-	}
-	setNoCache() {
-		this.res.headers.set("Cache-Control", "no-cache no-store");
-		this.res.headers.set("Pragma", "no-cache");
-	}
-	done() {
-		return this.res;
-	}
-};
-
-//#endregion
-//#region src/responses/monocloud-page-router-response.ts
-var MonoCloudPageRouterResponse = class {
-	constructor(res) {
-		this.res = res;
-	}
-	setCookie(cookieName, value, options) {
-		let cookies = this.res.getHeader("Set-Cookie") ?? [];
-		/* v8 ignore if -- @preserve */
-		if (!Array.isArray(cookies)) cookies = [cookies];
-		this.res.setHeader("Set-Cookie", [...cookies.filter((cookie) => !cookie.startsWith(`${cookieName}=`)), serialize(cookieName, value, options)]);
-		return Promise.resolve();
-	}
-	/* v8 ignore next */
-	redirect(url, statusCode) {
-		this.res.redirect(statusCode ?? 302, url);
-	}
-	/* v8 ignore next */
-	sendJson(data, statusCode) {
-		this.res.status(statusCode ?? 200);
-		this.res.json(data);
-	}
-	/* v8 ignore next */
-	notFound() {
-		this.res.status(404);
-	}
-	/* v8 ignore next */
-	internalServerError() {
-		this.res.status(500);
-	}
-	/* v8 ignore next */
-	noContent() {
-		this.res.status(204);
-	}
-	/* v8 ignore next */
-	methodNotAllowed() {
-		this.res.status(405);
-	}
-	/* v8 ignore next */
-	setNoCache() {
-		this.res.setHeader("Cache-Control", "no-cache no-store");
-		this.res.setHeader("Pragma", "no-cache");
-	}
-	/* v8 ignore next */
-	done() {
-		this.res.end();
-	}
-};
-
-//#endregion
-//#region src/responses/monocloud-cookie-response.ts
-let isWarned = false;
-var MonoCloudCookieResponse = class {
-	async setCookie(cookieName, value, options) {
-		try {
-			const { cookies } = await import("next/headers");
-			(await cookies()).set(cookieName, value, options);
-		} catch (e) {
-			if (!isWarned) {
-				console.warn(e.message);
-				isWarned = true;
-			}
-		}
-	}
-};
-
-//#endregion
-//#region src/requests/monocloud-cookie-request.ts
-var MonoCloudCookieRequest = class {
-	/* v8 ignore next */
-	async getCookie(name) {
-		var _await$cookies$get;
-		const { cookies } = await import("next/headers");
-		return (_await$cookies$get = (await cookies()).get(name)) === null || _await$cookies$get === void 0 ? void 0 : _await$cookies$get.value;
-	}
-	async getAllCookies() {
-		const values = /* @__PURE__ */ new Map();
-		const { cookies } = await import("next/headers");
-		(await cookies()).getAll().forEach((x) => {
-			values.set(x.name, x.value);
-		});
-		return values;
-	}
-};
-
-//#endregion
-//#region src/utils.ts
-const isMonoCloudRequest = (req) => req instanceof MonoCloudAppRouterRequest || req instanceof MonoCloudPageRouterRequest || req instanceof MonoCloudCookieRequest;
-const isMonoCloudResponse = (res) => res instanceof MonoCloudAppRouterResponse || res instanceof MonoCloudPageRouterResponse || res instanceof MonoCloudCookieResponse;
-const isAppRouter = (req) => req instanceof Request || req.headers instanceof Headers || typeof req.bodyUsed === "boolean";
-const isNodeRequest = (req) => {
-	return !!(req && typeof req === "object" && "headers" in req && !("bodyUsed" in req) && typeof req.on === "function");
-};
-const isNodeResponse = (res) => {
-	return !!(res && typeof res === "object" && "setHeader" in res && typeof res.setHeader === "function" && "end" in res && typeof res.end === "function");
-};
-const getNextRequest = (req) => {
-	if (req instanceof NextRequest) return req;
-	return new NextRequest(req.url, {
-		method: req.method,
-		headers: req.headers,
-		body: req.body,
-		duplex: req.duplex ?? "half"
-	});
-};
-const getNextResponse = (res) => {
-	if (res instanceof NextResponse) return res;
-	if (res instanceof Response) {
-		const nextResponse = new NextResponse(res.body, {
-			status: res.status,
-			statusText: res.statusText,
-			headers: res.headers,
-			url: res.url
-		});
-		try {
-			/* v8 ignore else -- @preserve */
-			if (!isPresent(nextResponse.url)) nextResponse.url = res.url;
-		} catch {}
-		return nextResponse;
-	}
-	return new NextResponse();
-};
-const getMonoCloudCookieReqRes = (req, resOrCtx) => {
-	let request;
-	let response;
-	if (isAppRouter(req)) {
-		request = new MonoCloudAppRouterRequest(getNextRequest(req));
-		response = resOrCtx instanceof Response ? new MonoCloudAppRouterResponse(getNextResponse(resOrCtx)) : new MonoCloudCookieResponse();
-	} else {
-		if (!isNodeRequest(req) || !isNodeResponse(resOrCtx)) throw new MonoCloudValidationError$1("Invalid pages router request and response");
-		request = new MonoCloudPageRouterRequest(req);
-		response = new MonoCloudPageRouterResponse(resOrCtx);
-	}
-	return {
-		request,
-		response
-	};
-};
-const mergeResponse = (responses) => {
-	const resp = responses.pop();
-	if (!resp) return new NextResponse();
-	responses.forEach((response) => {
-		response.headers.forEach((v, k) => {
-			if (k === "location" && !resp.headers.has(k) || k !== "location") resp.headers.set(k, v);
-		});
-		response.cookies.getAll().forEach((c) => {
-			const { name, value, ...cookieOpt } = c;
-			resp.cookies.set(name, value, cookieOpt);
-		});
-	});
-	return resp;
-};
-
-//#endregion
-//#region src/monocloud-next-client.ts
-/**
-* `MonoCloudNextClient` is the core SDK entry point for integrating MonoCloud authentication into a Next.js application.
-*
-* It provides:
-* - Authentication middleware
-* - Route protection helpers
-* - Session and token access
-* - Redirect utilities
-* - Server-side enforcement helpers
-*
-* ## 1. Add environment variables
-*
-* ```bash:.env.local
-* MONOCLOUD_AUTH_TENANT_DOMAIN=<tenant-domain>
-* MONOCLOUD_AUTH_CLIENT_ID=<client-id>
-* MONOCLOUD_AUTH_CLIENT_SECRET=<client-secret>
-* MONOCLOUD_AUTH_SCOPES=openid profile email
-* MONOCLOUD_AUTH_APP_URL=http://localhost:3000
-* MONOCLOUD_AUTH_COOKIE_SECRET=<cookie-secret>
-* ```
-*
-* ## 2. Register middleware
-*
-* ```typescript:src/proxy.ts
-* import { authMiddleware } from "@monocloud/auth-nextjs";
-*
-* export default authMiddleware();
-*
-* export const config = {
-*   matcher: [
-*     "/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
-*   ],
-* };
-* ```
-*
-* ## Advanced usage
-*
-* ### Create a shared client instance
-*
-* By default, the SDK exposes function exports (for example, `authMiddleware()`, `getSession()`, `getTokens()`) that internally use a shared singleton `MonoCloudNextClient`.
-*
-* Create your own `MonoCloudNextClient` instance when you need multiple configurations, dependency injection, or explicit control over initialization.
-*
-* ```ts:src/monocloud.ts
-* import { MonoCloudNextClient } from "@monocloud/auth-nextjs";
-*
-* export const monoCloud = new MonoCloudNextClient();
-* ```
-*
-* ### Using instance methods
-*
-* Once you create a client instance, call methods directly on it instead of using the default function exports.
-*
-* ```ts:src/app/page.tsx
-* import { monoCloud } from "@/monocloud";
-*
-* export default async function Page() {
-*   const session = await monoCloud.getSession();
-*
-*   if (!session) {
-*     return <>Not signed in</>;
-*   }
-*
-*   return <>Hello {session.user.name}</>;
-* }
-* ```
-*
-* #### Using constructor options
-*
-* When configuration is provided through both constructor options and environment variables, the values passed to the constructor take precedence. Environment variables are used only for options that are not explicitly supplied.
-*
-* ```ts:src/monocloud.ts
-* import { MonoCloudNextClient } from "@monocloud/auth-nextjs";
-*
-* export const monoCloud = new MonoCloudNextClient({
-*   tenantDomain: "<tenant-domain>",
-*   clientId: "<client-id>",
-*   clientSecret: "<client-secret>",
-*   appUrl: "http://localhost:3000",
-*   cookieSecret: "<cookie-secret>",
-*   defaultAuthParams: {
-*     scopes: "openid profile email",
-*   },
-* });
-* ```
-*
-* ### Modifying default routes
-*
-* If you customize any of the default auth route paths:
-*
-* - Also set the corresponding `NEXT_PUBLIC_` environment variables so client-side helpers
-*   (for example `<SignIn />`, `<SignOut />`, and `useAuth()`) can discover the correct URLs.
-* - Update the **Application URLs** in your MonoCloud Dashboard to match the new paths.
-*
-* Example:
-*
-* ```bash:.env.local
-* MONOCLOUD_AUTH_CALLBACK_URL=/api/custom_callback
-* NEXT_PUBLIC_MONOCLOUD_AUTH_CALLBACK_URL=/api/custom_callback
-* ```
-*
-* When routes are overridden, the Redirect URI configured in the dashboard
-* must reflect the new path. For example, during local development:
-*
-* `http://localhost:3000/api/custom_callback`
-*
-* @category Classes
-*/
-var MonoCloudNextClient = class {
-	/**
-	* This exposes the framework-agnostic MonoCloud client used internally by the Next.js SDK.
-	* Use it if you need access to lower-level functionality not directly exposed by MonoCloudNextClient.
-	*
-	* @returns Returns the underlying **Node client** instance.
-	*/
-	get coreClient() {
-		return this._coreClient;
-	}
-	/**
-	* This is intended for advanced scenarios requiring direct control over the authorization or token flow.
-	*
-	* @returns Returns the underlying **OIDC client** used for OpenID Connect operations.
-	*/
-	get oidcClient() {
-		return this.coreClient.oidcClient;
-	}
-	/**
-	* Creates a new client instance.
-	*
-	* @param options Optional configuration for initializing the MonoCloud client. If not provided, settings are automatically resolved from environment variables.
-	*/
-	constructor(options) {
-		const opt = {
-			...options ?? {},
-			userAgent: (options === null || options === void 0 ? void 0 : options.userAgent) ?? `@monocloud/auth-nextjs@0.1.9`,
-			debugger: (options === null || options === void 0 ? void 0 : options.debugger) ?? "@monocloud:auth-nextjs"
-		};
-		this.registerPublicEnvVariables();
-		this._coreClient = new MonoCloudCoreClient(opt);
-	}
-	/**
-	* @see {@link monoCloudAuth} for full docs and examples.
-	* @param options Optional configuration for the auth handler.
-	* @returns Returns a Next.js-compatible handler for App Router route handlers or Pages Router API routes.
-	*/
-	monoCloudAuth(options) {
-		return (req, resOrCtx) => {
-			const { routes, appUrl } = this.getOptions();
-			let { url = "" } = req;
-			if (!isAbsoluteUrl(url)) url = new URL(url, appUrl).toString();
-			const route = new URL(url);
-			let onError;
-			if (typeof (options === null || options === void 0 ? void 0 : options.onError) === "function") onError = (error) => options.onError(req, resOrCtx, error);
-			let request;
-			let response;
-			if (isAppRouter(req)) {
-				request = new MonoCloudAppRouterRequest(getNextRequest(req));
-				response = new MonoCloudAppRouterResponse(getNextResponse(resOrCtx));
-			} else {
-				request = new MonoCloudPageRouterRequest(req);
-				response = new MonoCloudPageRouterResponse(resOrCtx);
-			}
-			return this.handleAuthRoutes(request, response, route.pathname, routes, onError);
-		};
-	}
-	protectPage(...args) {
-		if (typeof args[0] === "function") return this.protectAppPage(args[0], args[1]);
-		return this.protectPagePage(args[0]);
-	}
-	protectAppPage(component, options) {
-		return async (params) => {
-			const session = await this.getSession();
-			if (!session) {
-				var _options$authParams, _options$authParams2, _options$authParams3, _options$authParams4, _options$authParams5, _options$authParams6, _options$authParams7, _options$authParams8, _options$authParams9;
-				if (options === null || options === void 0 ? void 0 : options.onAccessDenied) return options.onAccessDenied({ ...params });
-				const { routes, appUrl } = this.getOptions();
-				const { headers } = await import("next/headers");
-				const path = (await headers()).get("x-monocloud-path");
-				const signInRoute = new URL(`${appUrl}${ensureLeadingSlash(routes.signIn)}`);
-				signInRoute.searchParams.set("return_url", (options === null || options === void 0 ? void 0 : options.returnUrl) ?? path ?? "/");
-				if (options === null || options === void 0 || (_options$authParams = options.authParams) === null || _options$authParams === void 0 ? void 0 : _options$authParams.scopes) signInRoute.searchParams.set("scope", options.authParams.scopes);
-				if (options === null || options === void 0 || (_options$authParams2 = options.authParams) === null || _options$authParams2 === void 0 ? void 0 : _options$authParams2.resource) signInRoute.searchParams.set("resource", options.authParams.resource);
-				if (options === null || options === void 0 || (_options$authParams3 = options.authParams) === null || _options$authParams3 === void 0 ? void 0 : _options$authParams3.acrValues) signInRoute.searchParams.set("acr_values", options.authParams.acrValues.join(" "));
-				if (options === null || options === void 0 || (_options$authParams4 = options.authParams) === null || _options$authParams4 === void 0 ? void 0 : _options$authParams4.display) signInRoute.searchParams.set("display", options.authParams.display);
-				if (options === null || options === void 0 || (_options$authParams5 = options.authParams) === null || _options$authParams5 === void 0 ? void 0 : _options$authParams5.prompt) signInRoute.searchParams.set("prompt", options.authParams.prompt);
-				if (options === null || options === void 0 || (_options$authParams6 = options.authParams) === null || _options$authParams6 === void 0 ? void 0 : _options$authParams6.authenticatorHint) signInRoute.searchParams.set("authenticator_hint", options.authParams.authenticatorHint);
-				if (options === null || options === void 0 || (_options$authParams7 = options.authParams) === null || _options$authParams7 === void 0 ? void 0 : _options$authParams7.uiLocales) signInRoute.searchParams.set("ui_locales", options.authParams.uiLocales);
-				if (options === null || options === void 0 || (_options$authParams8 = options.authParams) === null || _options$authParams8 === void 0 ? void 0 : _options$authParams8.maxAge) signInRoute.searchParams.set("max_age", options.authParams.maxAge.toString());
-				if (options === null || options === void 0 || (_options$authParams9 = options.authParams) === null || _options$authParams9 === void 0 ? void 0 : _options$authParams9.loginHint) signInRoute.searchParams.set("login_hint", options.authParams.loginHint);
-				const { redirect } = await import("next/navigation");
-				return redirect(signInRoute.toString());
-			}
-			if ((options === null || options === void 0 ? void 0 : options.groups) && !isUserInGroup$1(session.user, options.groups, options.groupsClaim ?? process.env.MONOCLOUD_AUTH_GROUPS_CLAIM, options.matchAll)) {
-				if (options.onGroupAccessDenied) return options.onGroupAccessDenied({
-					...params,
-					user: session.user
-				});
-				return "Access Denied";
-			}
-			return component({
-				...params,
-				user: session.user
-			});
-		};
-	}
-	protectPagePage(options) {
-		return async (context) => {
-			const session = await this.getSession(context.req, context.res);
-			if (!session) {
-				var _options$authParams10, _options$authParams11, _options$authParams12, _options$authParams13, _options$authParams14, _options$authParams15, _options$authParams16, _options$authParams17, _options$authParams18;
-				if (options === null || options === void 0 ? void 0 : options.onAccessDenied) {
-					const customProps = await options.onAccessDenied({ ...context });
-					return {
-						...customProps ?? {},
-						props: { ...(customProps === null || customProps === void 0 ? void 0 : customProps.props) ?? {} }
-					};
-				}
-				const { routes, appUrl } = this.getOptions();
-				const signInRoute = new URL(`${appUrl}${ensureLeadingSlash(routes.signIn)}`);
-				signInRoute.searchParams.set("return_url", (options === null || options === void 0 ? void 0 : options.returnUrl) ?? context.resolvedUrl);
-				if (options === null || options === void 0 || (_options$authParams10 = options.authParams) === null || _options$authParams10 === void 0 ? void 0 : _options$authParams10.scopes) signInRoute.searchParams.set("scope", options.authParams.scopes);
-				if (options === null || options === void 0 || (_options$authParams11 = options.authParams) === null || _options$authParams11 === void 0 ? void 0 : _options$authParams11.resource) signInRoute.searchParams.set("resource", options.authParams.resource);
-				if (options === null || options === void 0 || (_options$authParams12 = options.authParams) === null || _options$authParams12 === void 0 ? void 0 : _options$authParams12.acrValues) signInRoute.searchParams.set("acr_values", options.authParams.acrValues.join(" "));
-				if (options === null || options === void 0 || (_options$authParams13 = options.authParams) === null || _options$authParams13 === void 0 ? void 0 : _options$authParams13.display) signInRoute.searchParams.set("display", options.authParams.display);
-				if (options === null || options === void 0 || (_options$authParams14 = options.authParams) === null || _options$authParams14 === void 0 ? void 0 : _options$authParams14.prompt) signInRoute.searchParams.set("prompt", options.authParams.prompt);
-				if (options === null || options === void 0 || (_options$authParams15 = options.authParams) === null || _options$authParams15 === void 0 ? void 0 : _options$authParams15.authenticatorHint) signInRoute.searchParams.set("authenticator_hint", options.authParams.authenticatorHint);
-				if (options === null || options === void 0 || (_options$authParams16 = options.authParams) === null || _options$authParams16 === void 0 ? void 0 : _options$authParams16.uiLocales) signInRoute.searchParams.set("ui_locales", options.authParams.uiLocales);
-				if (options === null || options === void 0 || (_options$authParams17 = options.authParams) === null || _options$authParams17 === void 0 ? void 0 : _options$authParams17.maxAge) signInRoute.searchParams.set("max_age", options.authParams.maxAge.toString());
-				if (options === null || options === void 0 || (_options$authParams18 = options.authParams) === null || _options$authParams18 === void 0 ? void 0 : _options$authParams18.loginHint) signInRoute.searchParams.set("login_hint", options.authParams.loginHint);
-				return { redirect: {
-					destination: signInRoute.toString(),
-					permanent: false
-				} };
-			}
-			if ((options === null || options === void 0 ? void 0 : options.groups) && !isUserInGroup$1(session.user, options.groups, options.groupsClaim ?? process.env.MONOCLOUD_AUTH_GROUPS_CLAIM, options.matchAll)) {
-				var _options$onGroupAcces;
-				const customProps = await ((_options$onGroupAcces = options.onGroupAccessDenied) === null || _options$onGroupAcces === void 0 ? void 0 : _options$onGroupAcces.call(options, {
-					...context,
-					user: session.user
-				})) ?? { props: { groupAccessDenied: true } };
-				return {
-					...customProps,
-					props: { ...customProps.props ?? {} }
-				};
-			}
-			const customProps = (options === null || options === void 0 ? void 0 : options.getServerSideProps) ? await options.getServerSideProps(context) : {};
-			const promiseProp = customProps.props;
-			if (promiseProp instanceof Promise) return {
-				...customProps,
-				props: promiseProp.then((props) => ({
-					user: session.user,
-					...props
-				}))
-			};
-			return {
-				...customProps,
-				props: {
-					user: session.user,
-					...customProps.props
-				}
-			};
-		};
-	}
-	protectApi(handler, options) {
-		return (req, resOrCtx) => {
-			if (isAppRouter(req)) return this.protectAppApi(req, resOrCtx, handler, options);
-			return this.protectPageApi(req, resOrCtx, handler, options);
-		};
-	}
-	async protectAppApi(req, ctx, handler, options) {
-		const res = new NextResponse();
-		const session = await this.getSession(req, res);
-		if (!session) {
-			if (options === null || options === void 0 ? void 0 : options.onAccessDenied) {
-				const result = await options.onAccessDenied(req, ctx);
-				if (result instanceof NextResponse) return mergeResponse([res, result]);
-				return mergeResponse([res, new NextResponse(result.body, result)]);
-			}
-			return mergeResponse([res, NextResponse.json({ message: "unauthorized" }, { status: 401 })]);
-		}
-		if ((options === null || options === void 0 ? void 0 : options.groups) && !isUserInGroup$1(session.user, options.groups, options.groupsClaim ?? process.env.MONOCLOUD_AUTH_GROUPS_CLAIM, options.matchAll)) {
-			if (options.onGroupAccessDenied) {
-				const result = await options.onGroupAccessDenied(req, ctx, session.user);
-				if (result instanceof NextResponse) return mergeResponse([res, result]);
-				return mergeResponse([res, new NextResponse(result.body, result)]);
-			}
-			return mergeResponse([res, NextResponse.json({ message: "forbidden" }, { status: 403 })]);
-		}
-		const resp = await handler(req, ctx);
-		if (resp instanceof NextResponse) return mergeResponse([res, resp]);
-		return mergeResponse([res, new NextResponse(resp.body, resp)]);
-	}
-	async protectPageApi(req, res, handler, options) {
-		const session = await this.getSession(req, res);
-		if (!session) {
-			if (options === null || options === void 0 ? void 0 : options.onAccessDenied) return options.onAccessDenied(req, res);
-			return res.status(401).json({ message: "unauthorized" });
-		}
-		if ((options === null || options === void 0 ? void 0 : options.groups) && !isUserInGroup$1(session.user, options.groups, options.groupsClaim ?? process.env.MONOCLOUD_AUTH_GROUPS_CLAIM, options.matchAll)) {
-			if (options.onGroupAccessDenied) return options.onGroupAccessDenied(req, res, session.user);
-			return res.status(403).json({ message: "forbidden" });
-		}
-		return handler(req, res);
-	}
-	authMiddleware(...args) {
-		let req;
-		let evt;
-		let options;
-		/* v8 ignore else -- @preserve */
-		if (Array.isArray(args)) {
-			if (args.length === 2) {
-				/* v8 ignore else -- @preserve */
-				if (isAppRouter(args[0])) {
-					req = args[0];
-					evt = args[1];
-				}
-			}
-			if (args.length === 1) options = args[0];
-		}
-		if (req && evt) return this.authMiddlewareHandler(req, evt, options);
-		return (request, nxtEvt) => {
-			return this.authMiddlewareHandler(request, nxtEvt, options);
-		};
-	}
-	async authMiddlewareHandler(req, evt, options) {
-		req = getNextRequest(req);
-		if (req.headers.has("x-middleware-subrequest")) return NextResponse.json({ message: "forbidden" }, { status: 403 });
-		const { routes, appUrl } = this.getOptions();
-		if (Object.values(routes).map((x) => ensureLeadingSlash(x)).includes(req.nextUrl.pathname)) {
-			let onError;
-			if (typeof (options === null || options === void 0 ? void 0 : options.onError) === "function") onError = (error) => options.onError(req, evt, error);
-			const request = new MonoCloudAppRouterRequest(req);
-			const response = new MonoCloudAppRouterResponse(new NextResponse());
-			return this.handleAuthRoutes(request, response, req.nextUrl.pathname, routes, onError);
-		}
-		const nxtResp = new NextResponse();
-		nxtResp.headers.set("x-monocloud-path", req.nextUrl.pathname + req.nextUrl.search);
-		let isRouteProtected = true;
-		let allowedGroups;
-		if (typeof (options === null || options === void 0 ? void 0 : options.protectedRoutes) === "function") isRouteProtected = await options.protectedRoutes(req);
-		else if (typeof (options === null || options === void 0 ? void 0 : options.protectedRoutes) !== "undefined" && Array.isArray(options.protectedRoutes)) isRouteProtected = options.protectedRoutes.some((route) => {
-			if (typeof route === "string" || route instanceof RegExp) return new RegExp(route).test(req.nextUrl.pathname);
-			return route.routes.some((groupRoute) => {
-				const result = new RegExp(groupRoute).test(req.nextUrl.pathname);
-				if (result) allowedGroups = route.groups;
-				return result;
-			});
-		});
-		if (!isRouteProtected) return NextResponse.next({ headers: { "x-monocloud-path": req.nextUrl.pathname + req.nextUrl.search } });
-		const session = await this.getSession(req, nxtResp);
-		if (!session) {
-			if (options === null || options === void 0 ? void 0 : options.onAccessDenied) {
-				const result = await options.onAccessDenied(req, evt);
-				if (result instanceof NextResponse) return mergeResponse([nxtResp, result]);
-				if (result) return mergeResponse([nxtResp, new NextResponse(result.body, result)]);
-				return NextResponse.next(nxtResp);
-			}
-			if (req.nextUrl.pathname.startsWith("/api")) return mergeResponse([nxtResp, NextResponse.json({ message: "unauthorized" }, { status: 401 })]);
-			const signInRoute = new URL(`${appUrl}${ensureLeadingSlash(routes.signIn)}`);
-			signInRoute.searchParams.set("return_url", req.nextUrl.pathname + req.nextUrl.search);
-			return mergeResponse([nxtResp, NextResponse.redirect(signInRoute)]);
-		}
-		const groupsClaim = (options === null || options === void 0 ? void 0 : options.groupsClaim) ?? process.env.MONOCLOUD_AUTH_GROUPS_CLAIM;
-		if (allowedGroups && !isUserInGroup$1(session.user, allowedGroups, groupsClaim)) {
-			if (options === null || options === void 0 ? void 0 : options.onGroupAccessDenied) {
-				const result = await options.onGroupAccessDenied(req, evt, session.user);
-				if (result instanceof NextResponse) return mergeResponse([nxtResp, result]);
-				if (result) return mergeResponse([nxtResp, new NextResponse(result.body, result)]);
-				return NextResponse.next(nxtResp);
-			}
-			if (req.nextUrl.pathname.startsWith("/api")) return mergeResponse([nxtResp, NextResponse.json({ message: "forbidden" }, { status: 403 })]);
-			return new NextResponse(`forbidden`, { status: 403 });
-		}
-		return NextResponse.next(nxtResp);
-	}
-	handleAuthRoutes(request, response, path, routes, onError) {
-		switch (path) {
-			case ensureLeadingSlash(routes.signIn): return this.coreClient.signIn(request, response, { onError });
-			case ensureLeadingSlash(routes.callback): return this.coreClient.callback(request, response, { onError });
-			case ensureLeadingSlash(routes.userInfo): return this.coreClient.userInfo(request, response, { onError });
-			case ensureLeadingSlash(routes.signOut): return this.coreClient.signOut(request, response, { onError });
-			default:
-				response.notFound();
-				return response.done();
-		}
-	}
-	async getSession(...args) {
-		let request;
-		let response;
-		if (args.length === 0) {
-			request = new MonoCloudCookieRequest();
-			response = new MonoCloudCookieResponse();
-		} else ({request, response} = getMonoCloudCookieReqRes(args[0], args[1]));
-		/* v8 ignore next -- @preserve */
-		if (!isMonoCloudRequest(request) || !isMonoCloudResponse(response)) throw new MonoCloudValidationError$1("Invalid parameters passed to getSession()");
-		return await this.coreClient.getSession(request, response);
-	}
-	async getTokens(...args) {
-		let request;
-		let response;
-		let options;
-		if (args.length === 0) {
-			request = new MonoCloudCookieRequest();
-			response = new MonoCloudCookieResponse();
-		} else if (args.length === 1) if (args[0] instanceof Request) ({request, response} = getMonoCloudCookieReqRes(args[0], void 0));
-		else {
-			request = new MonoCloudCookieRequest();
-			response = new MonoCloudCookieResponse();
-			options = args[0];
-		}
-		else if (args.length === 2 && args[0] instanceof Request) if (args[1] instanceof Response) ({request, response} = getMonoCloudCookieReqRes(args[0], args[1]));
-		else {
-			({request, response} = getMonoCloudCookieReqRes(args[0], void 0));
-			options = args[1];
-		}
-		else if (args.length === 2 && isNodeRequest(args[0]) && isNodeResponse(args[1])) ({request, response} = getMonoCloudCookieReqRes(args[0], args[1]));
-		else {
-			({request, response} = getMonoCloudCookieReqRes(args[0], args[1]));
-			options = args[2];
-		}
-		if (!isMonoCloudRequest(request) || !isMonoCloudResponse(response) || options && typeof options !== "object") throw new MonoCloudValidationError$1("Invalid parameters passed to getTokens()");
-		return await this.coreClient.getTokens(request, response, options);
-	}
-	async isAuthenticated(...args) {
-		let request;
-		let response;
-		if (args.length === 0) {
-			request = new MonoCloudCookieRequest();
-			response = new MonoCloudCookieResponse();
-		} else ({request, response} = getMonoCloudCookieReqRes(args[0], args[1]));
-		/* v8 ignore next -- @preserve */
-		if (!isMonoCloudRequest(request) || !isMonoCloudResponse(response)) throw new MonoCloudValidationError$1("Invalid parameters passed to isAuthenticated()");
-		return await this.coreClient.isAuthenticated(request, response);
-	}
-	/**
-	* @see {@link protect} for full docs and examples.
-	* @param options Optional configuration for redirect behavior (for example, return URL or sign-in parameters).
-	* @returns Resolves if the user is authenticated; otherwise triggers a redirect.
-	*/
-	async protect(options) {
-		var _options$authParams19, _options$authParams20, _options$authParams21, _options$authParams22, _options$authParams23, _options$authParams24, _options$authParams25, _options$authParams26, _options$authParams27;
-		const { routes, appUrl } = this.coreClient.getOptions();
-		let path;
-		try {
-			const session = await this.getSession();
-			if (session && !(options === null || options === void 0 ? void 0 : options.groups)) return;
-			if (session && (options === null || options === void 0 ? void 0 : options.groups) && isUserInGroup$1(session.user, options.groups, options.groupsClaim ?? process.env.MONOCLOUD_AUTH_GROUPS_CLAIM, options.matchAll)) return;
-			const { headers } = await import("next/headers");
-			path = (await headers()).get("x-monocloud-path") ?? "/";
-		} catch {
-			throw new Error("protect() can only be used in App Router server environments (RSC, route handlers, or server actions)");
-		}
-		const signInRoute = new URL(`${appUrl}${routes.signIn}`);
-		signInRoute.searchParams.set("return_url", (options === null || options === void 0 ? void 0 : options.returnUrl) ?? path);
-		if (options === null || options === void 0 || (_options$authParams19 = options.authParams) === null || _options$authParams19 === void 0 ? void 0 : _options$authParams19.maxAge) signInRoute.searchParams.set("max_age", options.authParams.maxAge.toString());
-		if (options === null || options === void 0 || (_options$authParams20 = options.authParams) === null || _options$authParams20 === void 0 ? void 0 : _options$authParams20.authenticatorHint) signInRoute.searchParams.set("authenticator_hint", options.authParams.authenticatorHint);
-		if (options === null || options === void 0 || (_options$authParams21 = options.authParams) === null || _options$authParams21 === void 0 ? void 0 : _options$authParams21.scopes) signInRoute.searchParams.set("scope", options.authParams.scopes);
-		if (options === null || options === void 0 || (_options$authParams22 = options.authParams) === null || _options$authParams22 === void 0 ? void 0 : _options$authParams22.resource) signInRoute.searchParams.set("resource", options.authParams.resource);
-		if (options === null || options === void 0 || (_options$authParams23 = options.authParams) === null || _options$authParams23 === void 0 ? void 0 : _options$authParams23.display) signInRoute.searchParams.set("display", options.authParams.display);
-		if (options === null || options === void 0 || (_options$authParams24 = options.authParams) === null || _options$authParams24 === void 0 ? void 0 : _options$authParams24.uiLocales) signInRoute.searchParams.set("ui_locales", options.authParams.uiLocales);
-		if (Array.isArray(options === null || options === void 0 || (_options$authParams25 = options.authParams) === null || _options$authParams25 === void 0 ? void 0 : _options$authParams25.acrValues)) signInRoute.searchParams.set("acr_values", options.authParams.acrValues.join(" "));
-		if (options === null || options === void 0 || (_options$authParams26 = options.authParams) === null || _options$authParams26 === void 0 ? void 0 : _options$authParams26.loginHint) signInRoute.searchParams.set("login_hint", options.authParams.loginHint);
-		if (options === null || options === void 0 || (_options$authParams27 = options.authParams) === null || _options$authParams27 === void 0 ? void 0 : _options$authParams27.prompt) signInRoute.searchParams.set("prompt", options.authParams.prompt);
-		const { redirect } = await import("next/navigation");
-		redirect(signInRoute.toString());
-	}
-	async isUserInGroup(...args) {
-		let request;
-		let response;
-		let groups;
-		let options;
-		if (args.length === 4) {
-			groups = args[2];
-			options = args[3];
-			({request, response} = getMonoCloudCookieReqRes(args[0], args[1]));
-		}
-		if (args.length === 3) {
-			if (args[0] instanceof Request) if (args[1] instanceof Response) {
-				({request, response} = getMonoCloudCookieReqRes(args[0], args[1]));
-				groups = args[2];
-			} else {
-				({request, response} = getMonoCloudCookieReqRes(args[0], void 0));
-				groups = args[1];
-				options = args[2];
-			}
-			if (isNodeRequest(args[0]) && isNodeResponse(args[1])) {
-				({request, response} = getMonoCloudCookieReqRes(args[0], args[1]));
-				groups = args[2];
-			}
-		}
-		if (args.length === 2) {
-			if (args[0] instanceof Request) {
-				({request, response} = getMonoCloudCookieReqRes(args[0], void 0));
-				groups = args[1];
-			}
-			if (Array.isArray(args[0])) {
-				request = new MonoCloudCookieRequest();
-				response = new MonoCloudCookieResponse();
-				groups = args[0];
-				options = args[1];
-			}
-		}
-		if (args.length === 1) {
-			request = new MonoCloudCookieRequest();
-			response = new MonoCloudCookieResponse();
-			groups = args[0];
-		}
-		if (!Array.isArray(groups) || !isMonoCloudRequest(request) || !isMonoCloudResponse(response) || options && typeof options !== "object") throw new MonoCloudValidationError$1("Invalid parameters passed to isUserInGroup()");
-		return await this.coreClient.isUserInGroup(request, response, groups, (options === null || options === void 0 ? void 0 : options.groupsClaim) ?? process.env.MONOCLOUD_AUTH_GROUPS_CLAIM, options === null || options === void 0 ? void 0 : options.matchAll);
-	}
-	/**
-	* @see {@link redirectToSignIn} for full docs and examples.
-	* @param options Optional configuration for the redirect, such as `returnUrl` or additional sign-in parameters.
-	* @returns Never resolves. Triggers a redirect to the sign-in flow.
-	*/
-	async redirectToSignIn(options) {
-		const { routes, appUrl } = this.coreClient.getOptions();
-		try {
-			const { headers } = await import("next/headers");
-			await headers();
-		} catch {
-			throw new Error("redirectToSignIn() can only be used in App Router server environments (RSC, route handlers, or server actions)");
-		}
-		const signInRoute = new URL(`${appUrl}${routes.signIn}`);
-		if (options === null || options === void 0 ? void 0 : options.returnUrl) signInRoute.searchParams.set("return_url", options.returnUrl);
-		if (options === null || options === void 0 ? void 0 : options.maxAge) signInRoute.searchParams.set("max_age", options.maxAge.toString());
-		if (options === null || options === void 0 ? void 0 : options.authenticatorHint) signInRoute.searchParams.set("authenticator_hint", options.authenticatorHint);
-		if (options === null || options === void 0 ? void 0 : options.scopes) signInRoute.searchParams.set("scope", options.scopes);
-		if (options === null || options === void 0 ? void 0 : options.resource) signInRoute.searchParams.set("resource", options.resource);
-		if (options === null || options === void 0 ? void 0 : options.display) signInRoute.searchParams.set("display", options.display);
-		if (options === null || options === void 0 ? void 0 : options.uiLocales) signInRoute.searchParams.set("ui_locales", options.uiLocales);
-		if (Array.isArray(options === null || options === void 0 ? void 0 : options.acrValues)) signInRoute.searchParams.set("acr_values", options.acrValues.join(" "));
-		if (options === null || options === void 0 ? void 0 : options.loginHint) signInRoute.searchParams.set("login_hint", options.loginHint);
-		if (options === null || options === void 0 ? void 0 : options.prompt) signInRoute.searchParams.set("prompt", options.prompt);
-		const { redirect } = await import("next/navigation");
-		redirect(signInRoute.toString());
-	}
-	/**
-	* @see {@link redirectToSignOut} for full docs and examples.
-	* @param options Optional configuration for the redirect, such as `postLogoutRedirectUri` or additional sign-out parameters.
-	* @returns Never resolves. Triggers a redirect to the sign-out flow.
-	*/
-	async redirectToSignOut(options) {
-		var _options$postLogoutRe;
-		const { routes, appUrl } = this.coreClient.getOptions();
-		try {
-			const { headers } = await import("next/headers");
-			await headers();
-		} catch {
-			throw new Error("redirectToSignOut() can only be used in App Router server environments (RSC, route handlers, or server actions)");
-		}
-		const signOutRoute = new URL(`${appUrl}${routes.signOut}`);
-		if (options === null || options === void 0 || (_options$postLogoutRe = options.postLogoutRedirectUri) === null || _options$postLogoutRe === void 0 ? void 0 : _options$postLogoutRe.trim().length) signOutRoute.searchParams.set("post_logout_url", options.postLogoutRedirectUri);
-		if (typeof (options === null || options === void 0 ? void 0 : options.federated) === "boolean") signOutRoute.searchParams.set("federated", options.federated.toString());
-		const { redirect } = await import("next/navigation");
-		redirect(signOutRoute.toString());
-	}
-	getOptions() {
-		return this.coreClient.getOptions();
-	}
-	registerPublicEnvVariables() {
-		Object.keys(process.env).filter((key) => key.startsWith("NEXT_PUBLIC_MONOCLOUD_AUTH")).forEach((publicKey) => {
-			const [, privateKey] = publicKey.split("NEXT_PUBLIC_");
-			process.env[privateKey] = process.env[publicKey];
-		});
-	}
-};
-
-//#endregion
-//#region src/initialize.ts
-let instance;
-/**
-* Retrieves the singleton instance of the MonoCloudNextClient.
-* Initializes it lazily on the first call.
-*/
-const getInstance = () => {
-	instance ??= new MonoCloudNextClient();
-	return instance;
-};
-/**
-* Creates a Next.js catch-all auth route handler (Pages Router and App Router) for the built-in routes (`/signin`, `/callback`, `/userinfo`, `/signout`).
-*
-* Mount this handler on a catch-all route (e.g. `/api/auth/[...monocloud]`).
-*
-* > If you already use `authMiddleware()`, you typically don’t need this handler. Use `monoCloudAuth()` when middleware cannot be used or when auth routes need customization.
-*
-* @example App Router
-* ```tsx:src/app/api/auth/[...monocloud]/route.ts tab="App Router" tab-group="monoCloudAuth"
-* import { monoCloudAuth } from "@monocloud/auth-nextjs";
-*
-* export const GET = monoCloudAuth();
-*```
-*
-* @example App Router (Response)
-* ```tsx:src/app/api/auth/[...monocloud]/route.ts tab="App Router (Response)" tab-group="monoCloudAuth"
-* import { monoCloudAuth } from "@monocloud/auth-nextjs";
-* import { NextRequest, NextResponse } from "next/server";
-*
-* export const GET = (req: NextRequest) => {
-*   const authHandler = monoCloudAuth();
-*
-*   const res = new NextResponse();
-*
-*   res.cookies.set("last_auth_requested", `${Date.now()}`);
-*
-*   return authHandler(req, res);
-* };
-* ```
-*
-* @example Pages Router
-* ```tsx:src/pages/api/auth/[...monocloud].ts tab="Pages Router" tab-group="monoCloudAuth"
-* import { monoCloudAuth } from "@monocloud/auth-nextjs";
-*
-* export default monoCloudAuth();
-*```
-*
-* @example Pages Router (Response)
-* ```tsx:src/pages/api/auth/[...monocloud].ts tab="Pages Router (Response)" tab-group="monoCloudAuth"
-* import { monoCloudAuth } from "@monocloud/auth-nextjs";
-* import { NextApiRequest, NextApiResponse } from "next";
-*
-* export default function handler(req: NextApiRequest, res: NextApiResponse) {
-*   const authHandler = monoCloudAuth();
-*
-*   res.setHeader("last_auth_requested", `${Date.now()}`);
-*
-*   return authHandler(req, res);
-* }
-* ```
-*
-* @param options Optional configuration for the auth handler.
-* @returns Returns a Next.js-compatible handler for App Router route handlers or Pages Router API routes.
-*
-* @category Functions
-*/
-function monoCloudAuth(options) {
-	return getInstance().monoCloudAuth(options);
-}
-function authMiddleware(...args) {
-	return getInstance().authMiddleware(...args);
-}
-function getSession(...args) {
-	return getInstance().getSession(...args);
-}
-function getTokens(...args) {
-	return getInstance().getTokens(...args);
-}
-function isAuthenticated(...args) {
-	return getInstance().isAuthenticated(...args);
-}
-/**
-* Ensures the current user is authenticated. If not, redirects to the sign-in flow.
-*
-* > **App Router only.** Intended for Server Components, Route Handlers, and Server Actions.
-*
-* @example Server Component
-* ```tsx:src/app/page.tsx tab="Server Component" tab-group="protect"
-* import { protect } from "@monocloud/auth-nextjs";
-*
-* export default async function Home() {
-*   await protect();
-*
-*   return <>You are signed in.</>;
-* }
-* ```
-*
-* @example Server Action
-* ```tsx:src/action.ts tab="Server Action" tab-group="protect"
-* "use server";
-*
-* import { protect } from "@monocloud/auth-nextjs";
-*
-* export async function getMessage() {
-*   await protect();
-*
-*   return { secret: "sssshhhhh!!!" };
-* }
-* ```
-*
-* @example API Handler
-* ```tsx:src/app/api/protected/route.ts tab="API Handler" tab-group="protect"
-* import { protect } from "@monocloud/auth-nextjs";
-* import { NextResponse } from "next/server";
-*
-* export const GET = async () => {
-*   await protect();
-*
-*   return NextResponse.json({ secret: "ssshhhh!!!" });
-* };
-* ```
-*
-* @param options Optional configuration for redirect behavior (for example, return URL or sign-in parameters).
-* @returns Resolves if the user is authenticated; otherwise triggers a redirect.
-*
-* @category Functions
-*/
-function protect(options) {
-	return getInstance().protect(options);
-}
-function protectApi(handler, options) {
-	return getInstance().protectApi(handler, options);
-}
-function protectPage(...args) {
-	return getInstance().protectPage(...args);
-}
-function isUserInGroup(...args) {
-	return getInstance().isUserInGroup(...args);
-}
-/**
-* Redirects the user to the sign-in flow.
-*
-* > **App Router only**. Intended for use in Server Components, Route Handlers, and Server Actions.
-*
-* This helper performs a server-side redirect to the configured sign-in route. Execution does not continue after the redirect is triggered.
-*
-* @example Server Component
-* ```tsx:src/app/page.tsx tab="Server Component" tab-group="redirect-to-sign-in"
-* import { isUserInGroup, redirectToSignIn } from "@monocloud/auth-nextjs";
-*
-* export default async function Home() {
-*   const allowed = await isUserInGroup(["admin"]);
-*
-*   if (!allowed) {
-*     await redirectToSignIn({ returnUrl: "/home" });
-*   }
-*
-*   return <>You are signed in.</>;
-* }
-* ```
-*
-* @example Server Action
-* ```tsx:src/action.ts tab="Server Action" tab-group="redirect-to-sign-in"
-* "use server";
-*
-* import { getSession, redirectToSignIn } from "@monocloud/auth-nextjs";
-*
-* export async function protectedAction() {
-*   const session = await getSession();
-*
-*   if (!session) {
-*     await redirectToSignIn();
-*   }
-*
-*   return { data: "Sensitive Data" };
-* }
-* ```
-*
-* @example API Handler
-* ```tsx:src/app/api/protected/route.ts tab="API Handler" tab-group="redirect-to-sign-in"
-* import { getSession, redirectToSignIn } from "@monocloud/auth-nextjs";
-* import { NextResponse } from "next/server";
-*
-* export const GET = async () => {
-*   const session = await getSession();
-*
-*   if (!session) {
-*     await redirectToSignIn({
-*       returnUrl: "/dashboard",
-*     });
-*   }
-*
-*   return NextResponse.json({ data: "Protected content" });
-* };
-* ```
-*
-* @param options Optional configuration for the redirect, such as `returnUrl` or additional sign-in parameters.
-* @returns Never resolves. Triggers a redirect to the sign-in flow.
-*
-* @category Functions
-*/
-function redirectToSignIn(options) {
-	return getInstance().redirectToSignIn(options);
-}
-/**
-* Redirects the user to the sign-out flow.
-*
-* > **App Router only**. Intended for use in Server Components, Route Handlers, and Server Actions.
-*
-* This helper performs a server-side redirect to the configured sign-out route. Execution does not continue after the redirect is triggered.
-*
-* @example Server Component
-* ```tsx:src/app/page.tsx tab="Server Component" tab-group="redirect-to-sign-out"
-* import { getSession, redirectToSignOut } from "@monocloud/auth-nextjs";
-*
-* export default async function Page() {
-*   const session = await getSession();
-*
-*   // Example: Force sign-out if a specific condition is met (e.g., account suspended)
-*   if (session?.user.isSuspended) {
-*     await redirectToSignOut();
-*   }
-*
-*   return <>Welcome User</>;
-* }
-* ```
-*
-* @example Server Action
-* ```tsx:src/action.ts tab="Server Action" tab-group="redirect-to-sign-out"
-* "use server";
-*
-* import { getSession, redirectToSignOut } from "@monocloud/auth-nextjs";
-*
-* export async function signOutAction() {
-*   const session = await getSession();
-*
-*   if (session) {
-*     await redirectToSignOut();
-*   }
-* }
-* ```
-*
-* @example API Handler
-* ```tsx:src/app/api/signout/route.ts tab="API Handler" tab-group="redirect-to-sign-out"
-* import { getSession, redirectToSignOut } from "@monocloud/auth-nextjs";
-* import { NextResponse } from "next/server";
-*
-* export const GET = async () => {
-*   const session = await getSession();
-*
-*   if (session) {
-*     await redirectToSignOut({
-*       postLogoutRedirectUri: "/goodbye",
-*     });
-*   }
-*
-*   return NextResponse.json({ status: "already_signed_out" });
-* };
-* ```
-*
-* @param options Optional configuration for the redirect, such as `postLogoutRedirectUri` or additional sign-out parameters.
-* @returns Never resolves. Triggers a redirect to the sign-out flow.
-*
-* @category Functions
-*/
-function redirectToSignOut(options) {
-	return getInstance().redirectToSignOut(options);
-}
-
-//#endregion
-export { MonoCloudAuthBaseError, MonoCloudHttpError, MonoCloudNextClient, MonoCloudOPError, MonoCloudTokenError, MonoCloudValidationError, authMiddleware, getSession, getTokens, isAuthenticated, isUserInGroup, monoCloudAuth, protect, protectApi, protectPage, redirectToSignIn, redirectToSignOut };
-//# sourceMappingURL=index.mjs.map
+export { MonoCloudAuthBaseError, MonoCloudHttpError, MonoCloudNextClient, MonoCloudOPError, MonoCloudTokenError, MonoCloudValidationError, authMiddleware, getSession, getTokens, isAuthenticated, isUserInGroup, monoCloudAuth, protect, protectApi, protectPage, redirectToSignIn, redirectToSignOut };