@moodle-next/next 0.0.1

package/dist/client.cjs

@@ -0,0 +1,35 @@
+"use client";
+'use strict';
+
+var react = require('react');
+var reactHookForm = require('react-hook-form');
+var zod = require('@hookform/resolvers/zod');
+
+function useServerActionForm({
+  schema,
+  action,
+  onSuccess,
+  defaultValues
+}) {
+  const [isPending, startTransition] = react.useTransition();
+  const form = reactHookForm.useForm({
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    resolver: zod.zodResolver(schema),
+    defaultValues
+  });
+  function onSubmit(e) {
+    form.handleSubmit((data) => {
+      startTransition(async () => {
+        const result = await action(data);
+        if (result.error) {
+          form.setError("root", { message: result.error });
+        } else {
+          onSuccess?.(result);
+        }
+      });
+    })(e);
+  }
+  return { form, onSubmit, isPending };
+}
+
+exports.useServerActionForm = useServerActionForm;

package/dist/client.d.cts

@@ -0,0 +1,19 @@
+import { FieldValues, DefaultValues, UseFormReturn } from 'react-hook-form';
+import { ZodType } from 'zod/v4';
+
+type ActionResult = {
+    error: string | null;
+    success: boolean;
+};
+declare function useServerActionForm<TValues extends FieldValues>({ schema, action, onSuccess, defaultValues, }: {
+    schema: ZodType<TValues>;
+    action: (data: TValues) => Promise<ActionResult>;
+    onSuccess?: (result: ActionResult) => void;
+    defaultValues: DefaultValues<TValues>;
+}): {
+    form: UseFormReturn<TValues>;
+    onSubmit: (e: React.FormEvent) => void;
+    isPending: boolean;
+};
+
+export { useServerActionForm };

package/dist/client.d.ts

@@ -0,0 +1,19 @@
+import { FieldValues, DefaultValues, UseFormReturn } from 'react-hook-form';
+import { ZodType } from 'zod/v4';
+
+type ActionResult = {
+    error: string | null;
+    success: boolean;
+};
+declare function useServerActionForm<TValues extends FieldValues>({ schema, action, onSuccess, defaultValues, }: {
+    schema: ZodType<TValues>;
+    action: (data: TValues) => Promise<ActionResult>;
+    onSuccess?: (result: ActionResult) => void;
+    defaultValues: DefaultValues<TValues>;
+}): {
+    form: UseFormReturn<TValues>;
+    onSubmit: (e: React.FormEvent) => void;
+    isPending: boolean;
+};
+
+export { useServerActionForm };

package/dist/client.mjs

@@ -0,0 +1,33 @@
+"use client";
+import { useTransition } from 'react';
+import { useForm } from 'react-hook-form';
+import { zodResolver } from '@hookform/resolvers/zod';
+
+function useServerActionForm({
+  schema,
+  action,
+  onSuccess,
+  defaultValues
+}) {
+  const [isPending, startTransition] = useTransition();
+  const form = useForm({
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    resolver: zodResolver(schema),
+    defaultValues
+  });
+  function onSubmit(e) {
+    form.handleSubmit((data) => {
+      startTransition(async () => {
+        const result = await action(data);
+        if (result.error) {
+          form.setError("root", { message: result.error });
+        } else {
+          onSuccess?.(result);
+        }
+      });
+    })(e);
+  }
+  return { form, onSubmit, isPending };
+}
+
+export { useServerActionForm };

package/dist/index.cjs

@@ -0,0 +1,535 @@
+'use strict';
+
+var crypto = require('crypto');
+var headers = require('next/headers');
+var navigation = require('next/navigation');
+var core = require('@moodle-next/core');
+var react = require('react');
+
+// src/session.ts
+var IV_LENGTH = 12;
+var AUTH_TAG_LENGTH = 16;
+var sessionConfig = {
+  cookieName: "moodle_session",
+  durationSeconds: 60 * 60 * 8,
+  loginPath: "/",
+  expiredSessionPath: "/auth/session-expired",
+  sessionSecret: ""
+};
+function configureMoodleSession(config) {
+  sessionConfig = { ...sessionConfig, ...config };
+}
+function getSessionSecret() {
+  const secret = sessionConfig.sessionSecret || process.env.APP_SESSION_SECRET?.trim();
+  if (!secret) {
+    throw new Error(
+      "Missing session secret. Set APP_SESSION_SECRET or call configureMoodleSession({ sessionSecret })."
+    );
+  }
+  return crypto.createHash("sha256").update(secret).digest();
+}
+function encrypt(value) {
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const cipher = crypto.createCipheriv("aes-256-gcm", getSessionSecret(), iv);
+  const encrypted = Buffer.concat([cipher.update(value, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return Buffer.concat([iv, authTag, encrypted]).toString("base64url");
+}
+function decrypt(value) {
+  const payload = Buffer.from(value, "base64url");
+  const iv = payload.subarray(0, IV_LENGTH);
+  const authTag = payload.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
+  const encrypted = payload.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
+  const decipher = crypto.createDecipheriv("aes-256-gcm", getSessionSecret(), iv);
+  decipher.setAuthTag(authTag);
+  return Buffer.concat([decipher.update(encrypted), decipher.final()]).toString("utf8");
+}
+var SESSION_RENEW_THRESHOLD_MS = 2 * 60 * 60 * 1e3;
+async function createSession(session) {
+  const cookieStore = await headers.cookies();
+  const { cookieName, durationSeconds } = sessionConfig;
+  const expiresAt = Date.now() + durationSeconds * 1e3;
+  const payload = { ...session, expiresAt };
+  cookieStore.set(cookieName, encrypt(JSON.stringify(payload)), {
+    httpOnly: true,
+    sameSite: "lax",
+    secure: process.env.NODE_ENV === "production",
+    path: "/",
+    maxAge: durationSeconds
+  });
+}
+async function getSession() {
+  const cookieStore = await headers.cookies();
+  const { cookieName, durationSeconds } = sessionConfig;
+  const rawCookie = cookieStore.get(cookieName)?.value;
+  if (!rawCookie) return null;
+  try {
+    const parsed = JSON.parse(decrypt(rawCookie));
+    const now = Date.now();
+    if (parsed.expiresAt <= now) return null;
+    if (parsed.expiresAt - now < SESSION_RENEW_THRESHOLD_MS) {
+      const renewed = {
+        ...parsed,
+        expiresAt: now + durationSeconds * 1e3
+      };
+      cookieStore.set(cookieName, encrypt(JSON.stringify(renewed)), {
+        httpOnly: true,
+        sameSite: "lax",
+        secure: process.env.NODE_ENV === "production",
+        path: "/",
+        maxAge: durationSeconds
+      });
+      return renewed;
+    }
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+async function requireSession() {
+  const session = await getSession();
+  if (!session) navigation.redirect(sessionConfig.loginPath);
+  return session;
+}
+async function clearSession() {
+  const cookieStore = await headers.cookies();
+  cookieStore.delete(sessionConfig.cookieName);
+}
+function redirectToExpiredSession() {
+  navigation.redirect(sessionConfig.expiredSessionPath);
+}
+function redirectIfSessionExpired(error) {
+  if (core.isAuthenticationError(error)) redirectToExpiredSession();
+}
+async function clearSessionIfAuthenticationError(error) {
+  if (!core.isAuthenticationError(error)) return false;
+  await clearSession();
+  return true;
+}
+async function getSessionOrUnauthorizedResponse() {
+  const session = await getSession();
+  if (!session) return { session: null, response: new Response("Unauthorized", { status: 401 }) };
+  return { session, response: null };
+}
+async function clearSessionAndReturnUnauthorized() {
+  await clearSession();
+  return new Response("Unauthorized", { status: 401 });
+}
+function fallbackSiteName() {
+  const hostname = new URL(core.getMoodleSiteUrl()).hostname.replace(/^www\./, "");
+  const [subdomain, domain] = hostname.split(".");
+  if (subdomain && domain) {
+    return `${subdomain.charAt(0).toUpperCase()}${subdomain.slice(1)} ${domain.replace(/[-_]/g, " ").replace(/\b\w/g, (letter) => letter.toUpperCase())}`.trim();
+  }
+  return "Campus";
+}
+function normalizeUrl(rawUrl) {
+  if (!rawUrl) return void 0;
+  try {
+    const resolved = core.resolveAbsoluteMoodleUrl(rawUrl).toString();
+    return core.isAllowedMoodleUrl(resolved) ? resolved : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function isValidConfig(payload) {
+  return payload !== null && typeof payload === "object" && !("exception" in payload);
+}
+async function fetchPublicConfigAnonymous() {
+  const response = await fetch(`${core.getMoodleSiteUrl()}/webservice/rest/server.php`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      wsfunction: "tool_mobile_get_public_config",
+      moodlewsrestformat: "json"
+    }),
+    cache: "force-cache",
+    // @ts-expect-error — Next.js fetch extension
+    next: { revalidate: 3600 }
+  });
+  if (!response.ok) return null;
+  const payload = await response.json().catch(() => null);
+  return isValidConfig(payload) ? payload : null;
+}
+async function fetchPublicConfigViaRest() {
+  let token;
+  try {
+    token = core.getAdminToken();
+  } catch {
+    return null;
+  }
+  const response = await fetch(`${core.getMoodleSiteUrl()}/webservice/rest/server.php`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      wstoken: token,
+      wsfunction: "tool_mobile_get_public_config",
+      moodlewsrestformat: "json"
+    }),
+    cache: "force-cache",
+    // @ts-expect-error — Next.js fetch extension
+    next: { revalidate: 3600 }
+  });
+  if (!response.ok) return null;
+  const payload = await response.json().catch(() => null);
+  return isValidConfig(payload) ? payload : null;
+}
+var getMoodlePublicConfig = react.cache(async () => {
+  const anonymous = await fetchPublicConfigAnonymous().catch(() => null);
+  if (anonymous) return anonymous;
+  return fetchPublicConfigViaRest().catch(() => null);
+});
+async function fetchSiteDetails() {
+  let token;
+  try {
+    token = core.getAdminToken();
+  } catch {
+    return {};
+  }
+  try {
+    const response = await fetch(`${core.getMoodleSiteUrl()}/webservice/rest/server.php`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        wstoken: token,
+        wsfunction: "core_webservice_get_site_info",
+        moodlewsrestformat: "json"
+      }),
+      cache: "force-cache",
+      // @ts-expect-error — Next.js fetch extension
+      next: { revalidate: 3600 }
+    });
+    if (!response.ok) return {};
+    const payload = await response.json().catch(() => null);
+    const rawSummary = payload?.summary?.trim() || void 0;
+    const description = rawSummary ? rawSummary.replace(/<[^>]*>/g, " ").replace(/\s+/g, " ").trim() || void 0 : void 0;
+    const advancedFeatures = payload?.advancedfeatures ?? [];
+    const featureEnabled = (name, defaultValue) => {
+      const feature = advancedFeatures.find((f) => f.name === name);
+      return feature ? Number(feature.value) > 0 : defaultValue;
+    };
+    return {
+      name: payload?.sitename?.trim() || void 0,
+      description,
+      globalSearchEnabled: featureEnabled("enableglobalsearch", false),
+      messagingEnabled: featureEnabled("messaging", true)
+    };
+  } catch {
+    return {};
+  }
+}
+var getMoodleBranding = react.cache(async () => {
+  const [config, siteDetails] = await Promise.all([getMoodlePublicConfig(), fetchSiteDetails()]);
+  if (config) {
+    return {
+      siteName: siteDetails.name || config.sitename?.trim() || fallbackSiteName(),
+      siteDescription: siteDetails.description,
+      siteUrl: normalizeUrl(config.siteurl) || core.getMoodleSiteUrl(),
+      logoUrl: normalizeUrl(config.logourl || config.logo),
+      compactLogoUrl: normalizeUrl(
+        config.compactlogourl || config.compactlogo || config.logocompact || config.logourl
+      )
+    };
+  }
+  return {
+    siteName: siteDetails.name || fallbackSiteName(),
+    siteDescription: siteDetails.description,
+    siteUrl: core.getMoodleSiteUrl(),
+    logoUrl: normalizeUrl("/favicon.ico"),
+    compactLogoUrl: normalizeUrl("/favicon.ico")
+  };
+});
+var detectForceLoginViaRedirect = react.cache(async () => {
+  try {
+    const res = await fetch(`${core.getMoodleSiteUrl()}/course/index.php`, {
+      // @ts-expect-error — Next.js fetch extension
+      next: { revalidate: 3600 }
+    });
+    return new URL(res.url).pathname.startsWith("/login");
+  } catch {
+    return false;
+  }
+});
+async function getSiteForceLogin() {
+  const config = await getMoodlePublicConfig().catch(() => null);
+  if (config && config.forcelogin !== void 0) return Boolean(config.forcelogin);
+  return detectForceLoginViaRedirect();
+}
+async function getSiteGlobalSearchEnabled() {
+  const details = await fetchSiteDetails();
+  return details.globalSearchEnabled ?? false;
+}
+async function getSiteMessagingEnabled() {
+  const details = await fetchSiteDetails();
+  return details.messagingEnabled ?? false;
+}
+var DEFAULT_ON_AUTH_FAILURE = () => new Response("Unauthorized", { status: 401 });
+function createMoodleMediaHandler(getSession2, onAuthFailure = DEFAULT_ON_AUTH_FAILURE) {
+  async function handleRequest(request, method) {
+    const session = await getSession2();
+    if (!session) return onAuthFailure();
+    const { searchParams } = new URL(request.url);
+    const rawUrl = searchParams.get("url");
+    if (!rawUrl) return new Response("Missing url", { status: 400 });
+    if (!core.isAllowedMoodleUrl(rawUrl)) return new Response("Forbidden", { status: 403 });
+    const upstreamHeaders = new Headers();
+    const range = request.headers.get("range");
+    const ifNoneMatch = request.headers.get("if-none-match");
+    const ifModifiedSince = request.headers.get("if-modified-since");
+    if (range) upstreamHeaders.set("range", range);
+    if (ifNoneMatch) upstreamHeaders.set("if-none-match", ifNoneMatch);
+    if (ifModifiedSince) upstreamHeaders.set("if-modified-since", ifModifiedSince);
+    let upstream = null;
+    let sawAuthFailure = false;
+    for (const candidateUrl of core.getMoodleMediaCandidates(rawUrl, session.token)) {
+      const response = await fetch(candidateUrl, {
+        method,
+        headers: upstreamHeaders,
+        cache: range ? "no-store" : "force-cache"
+      });
+      if (core.isMoodleAuthenticationFailureResponse(response)) {
+        sawAuthFailure = true;
+        continue;
+      }
+      if (response.ok || response.status === 206 || response.status === 304) {
+        upstream = response;
+        break;
+      }
+    }
+    if (!upstream) {
+      if (sawAuthFailure) return onAuthFailure();
+      return new Response("Upstream error", { status: 502 });
+    }
+    const headers = new Headers();
+    const passthrough = [
+      "accept-ranges",
+      "cache-control",
+      "content-disposition",
+      "content-length",
+      "content-range",
+      "content-type",
+      "etag",
+      "last-modified"
+    ];
+    for (const name of passthrough) {
+      const value = upstream.headers.get(name);
+      if (value) headers.set(name, value);
+    }
+    if (!headers.has("cache-control")) {
+      headers.set(
+        "cache-control",
+        range ? "private, no-store" : "public, max-age=3600, stale-while-revalidate=86400"
+      );
+    }
+    if (!headers.has("accept-ranges")) headers.set("accept-ranges", "bytes");
+    headers.set("x-proxied-from", core.resolveAbsoluteMoodleUrl(rawUrl).origin);
+    return new Response(method === "HEAD" ? null : upstream.body, {
+      status: upstream.status,
+      headers
+    });
+  }
+  return {
+    GET: (request) => handleRequest(request, "GET"),
+    HEAD: (request) => handleRequest(request, "HEAD")
+  };
+}
+var DEFAULT_ON_AUTH_FAILURE2 = () => new Response("Unauthorized", { status: 401 });
+function decodeBaseSegment(base) {
+  try {
+    return Buffer.from(base, "base64url").toString("utf8");
+  } catch {
+    return null;
+  }
+}
+function buildUpstreamUrl(baseUrl, pathParts, requestUrl) {
+  const joinedPath = pathParts.map((part) => encodeURIComponent(part)).join("/");
+  const target = new URL(joinedPath || ".", baseUrl);
+  for (const [key, value] of requestUrl.searchParams.entries()) {
+    target.searchParams.append(key, value);
+  }
+  return target.toString();
+}
+function createMoodleScormHandler(getSession2, options = {}) {
+  const { onAuthFailure = DEFAULT_ON_AUTH_FAILURE2, injectIntoHtml } = options;
+  async function handleRequest(request, params, method) {
+    const session = await getSession2();
+    if (!session) return onAuthFailure();
+    const { base, path = [] } = params;
+    const decodedBase = decodeBaseSegment(base);
+    if (!decodedBase) return new Response("Invalid base", { status: 400 });
+    if (!core.isAllowedMoodleUrl(decodedBase)) return new Response("Forbidden", { status: 403 });
+    const requestUrl = new URL(request.url);
+    const upstreamUrl = buildUpstreamUrl(decodedBase, path, requestUrl);
+    if (!core.isAllowedMoodleUrl(upstreamUrl)) return new Response("Forbidden", { status: 403 });
+    const upstreamHeaders = new Headers();
+    const range = request.headers.get("range");
+    const ifNoneMatch = request.headers.get("if-none-match");
+    const ifModifiedSince = request.headers.get("if-modified-since");
+    if (range) upstreamHeaders.set("range", range);
+    if (ifNoneMatch) upstreamHeaders.set("if-none-match", ifNoneMatch);
+    if (ifModifiedSince) upstreamHeaders.set("if-modified-since", ifModifiedSince);
+    const upstream = await fetch(core.appendMoodleToken(upstreamUrl, session.token), {
+      method,
+      headers: upstreamHeaders,
+      cache: range ? "no-store" : "force-cache"
+    });
+    if (core.isMoodleAuthenticationFailureResponse(upstream)) return onAuthFailure();
+    if (!upstream.ok && upstream.status !== 206 && upstream.status !== 304) {
+      return new Response("Upstream error", { status: 502 });
+    }
+    const headers = new Headers({ "x-frame-options": "SAMEORIGIN" });
+    const passthrough = [
+      "accept-ranges",
+      "cache-control",
+      "content-disposition",
+      "content-length",
+      "content-range",
+      "content-type",
+      "etag",
+      "last-modified"
+    ];
+    for (const name of passthrough) {
+      const value = upstream.headers.get(name);
+      if (value) headers.set(name, value);
+    }
+    if (!headers.has("cache-control")) {
+      headers.set(
+        "cache-control",
+        range ? "private, no-store" : "private, max-age=300, stale-while-revalidate=3600"
+      );
+    }
+    if (!headers.has("accept-ranges")) headers.set("accept-ranges", "bytes");
+    headers.set("x-proxied-from", core.resolveAbsoluteMoodleUrl(upstreamUrl).origin);
+    const contentType = headers.get("content-type") ?? "";
+    if (method === "GET" && injectIntoHtml && contentType.startsWith("text/html")) {
+      const html = await upstream.text();
+      const modified = await injectIntoHtml(html, requestUrl);
+      headers.delete("content-length");
+      return new Response(modified, { status: upstream.status, headers });
+    }
+    return new Response(method === "HEAD" ? null : upstream.body, {
+      status: upstream.status,
+      headers
+    });
+  }
+  return {
+    GET: (request, context) => context.params.then((params) => handleRequest(request, params, "GET")),
+    HEAD: (request, context) => context.params.then((params) => handleRequest(request, params, "HEAD"))
+  };
+}
+var DEFAULT_CACHE_CONTROL = "public, max-age=3600, stale-while-revalidate=86400";
+function escapeXml(value) {
+  return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll('"', "&quot;").replaceAll("'", "&apos;");
+}
+function getBrandInitials(siteName) {
+  const initials = siteName.split(/\s+/).filter(Boolean).slice(0, 2).map((part) => part.charAt(0).toUpperCase()).join("");
+  return initials || "C";
+}
+function buildFallbackSvg(siteName, variant) {
+  const safeSiteName = escapeXml(siteName);
+  const initials = escapeXml(getBrandInitials(siteName));
+  const showLabel = variant === "full" && safeSiteName.length <= 24;
+  return `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 128 128" role="img" aria-label="${safeSiteName}">
+  <defs>
+    <linearGradient id="brand-gradient" x1="0%" y1="0%" x2="100%" y2="100%">
+      <stop offset="0%" stop-color="#0f172a" />
+      <stop offset="100%" stop-color="#1d4ed8" />
+    </linearGradient>
+  </defs>
+  <rect width="128" height="128" rx="28" fill="url(#brand-gradient)" />
+  <circle cx="64" cy="52" r="28" fill="rgba(255,255,255,0.14)" />
+  <text x="64" y="${showLabel ? "61" : "66"}" fill="#f8fafc" font-family="ui-sans-serif, system-ui, sans-serif" font-size="${showLabel ? "34" : "40"}" font-weight="700" text-anchor="middle">${initials}</text>
+  ${showLabel ? `<text x="64" y="100" fill="#dbeafe" font-family="ui-sans-serif, system-ui, sans-serif" font-size="12" font-weight="600" text-anchor="middle">${safeSiteName}</text>` : ""}
+</svg>`.trim();
+}
+function createFallbackResponse(siteName, variant, method) {
+  const svg = buildFallbackSvg(siteName, variant);
+  const headers = new Headers({
+    "cache-control": DEFAULT_CACHE_CONTROL,
+    "content-length": Buffer.byteLength(svg).toString(),
+    "content-type": "image/svg+xml; charset=utf-8",
+    "x-brand-logo-fallback": "true"
+  });
+  return new Response(method === "HEAD" ? null : svg, { status: 200, headers });
+}
+function createMoodleBrandLogoHandler() {
+  async function handleRequest(request, method) {
+    const variant = new URL(request.url).searchParams.get("variant") === "compact" ? "compact" : "full";
+    const branding = await getMoodleBranding();
+    const sourceUrl = (variant === "compact" ? branding.compactLogoUrl : branding.logoUrl) || branding.logoUrl || branding.compactLogoUrl;
+    if (!sourceUrl) return createFallbackResponse(branding.siteName, variant, method);
+    const upstream = await fetch(core.resolveAbsoluteMoodleUrl(sourceUrl).toString(), {
+      method,
+      cache: "force-cache",
+      // @ts-expect-error — Next.js fetch extension
+      next: { revalidate: 3600 }
+    }).catch(() => null);
+    if (!upstream?.ok) return createFallbackResponse(branding.siteName, variant, method);
+    const headers = new Headers();
+    const passthrough = ["cache-control", "content-length", "content-type", "etag", "last-modified"];
+    for (const name of passthrough) {
+      const value = upstream.headers.get(name);
+      if (value) headers.set(name, value);
+    }
+    if (!headers.has("cache-control")) headers.set("cache-control", DEFAULT_CACHE_CONTROL);
+    return new Response(method === "HEAD" ? null : upstream.body, {
+      status: upstream.status,
+      headers
+    });
+  }
+  return {
+    GET: (request) => handleRequest(request, "GET"),
+    HEAD: (request) => handleRequest(request, "HEAD")
+  };
+}
+function toBase64Url(value) {
+  return Buffer.from(value).toString("base64url");
+}
+function getMoodleMediaProxyUrl(rawUrl, basePath = "/api/moodle-media") {
+  if (!rawUrl) return void 0;
+  return `${basePath}?url=${encodeURIComponent(rawUrl)}`;
+}
+function getMoodleScormProxyUrl(rawUrl, basePath = "/api/moodle-scorm") {
+  if (!rawUrl) return void 0;
+  const absoluteUrl = core.resolveAbsoluteMoodleUrl(rawUrl);
+  const pathnameParts = absoluteUrl.pathname.split("/").filter(Boolean);
+  if (pathnameParts.length === 0) return void 0;
+  const filename = pathnameParts[pathnameParts.length - 1];
+  const baseUrl = new URL("./", absoluteUrl).toString();
+  const encodedBase = toBase64Url(baseUrl);
+  return `${basePath}/${encodedBase}/${filename}${absoluteUrl.search}`;
+}
+function getMoodleBrandLogoProxyUrl(variant = "full", basePath = "/api/moodle-brand-logo") {
+  return `${basePath}?variant=${variant}`;
+}
+
+// src/safe-redirect.ts
+function sanitizeReturnPath(rawPath, fallback, allowedPrefixes = ["/"]) {
+  const path = rawPath?.trim() || fallback;
+  if (path.startsWith("/") && !path.startsWith("//") && allowedPrefixes.some((prefix) => path.startsWith(prefix))) {
+    return path;
+  }
+  return fallback;
+}
+
+exports.clearSession = clearSession;
+exports.clearSessionAndReturnUnauthorized = clearSessionAndReturnUnauthorized;
+exports.clearSessionIfAuthenticationError = clearSessionIfAuthenticationError;
+exports.configureMoodleSession = configureMoodleSession;
+exports.createMoodleBrandLogoHandler = createMoodleBrandLogoHandler;
+exports.createMoodleMediaHandler = createMoodleMediaHandler;
+exports.createMoodleScormHandler = createMoodleScormHandler;
+exports.createSession = createSession;
+exports.getMoodleBrandLogoProxyUrl = getMoodleBrandLogoProxyUrl;
+exports.getMoodleBranding = getMoodleBranding;
+exports.getMoodleMediaProxyUrl = getMoodleMediaProxyUrl;
+exports.getMoodleScormProxyUrl = getMoodleScormProxyUrl;
+exports.getSession = getSession;
+exports.getSessionOrUnauthorizedResponse = getSessionOrUnauthorizedResponse;
+exports.getSiteForceLogin = getSiteForceLogin;
+exports.getSiteGlobalSearchEnabled = getSiteGlobalSearchEnabled;
+exports.getSiteMessagingEnabled = getSiteMessagingEnabled;
+exports.redirectIfSessionExpired = redirectIfSessionExpired;
+exports.redirectToExpiredSession = redirectToExpiredSession;
+exports.requireSession = requireSession;
+exports.sanitizeReturnPath = sanitizeReturnPath;