@neondatabase/auth 0.1.0-beta.2 → 0.1.0-beta.20

package/dist/next/index.mjs

@@ -1,179 +1,42 @@
-import { t as BetterAuthReactAdapter } from "../better-auth-react-adapter-FnBHa2nr.mjs";
-import { t as createAuthClient$1 } from "../neon-auth-C9XTFffv.mjs";
-import { NextRequest, NextResponse } from "next/server";
+import "../adapter-core-8s6XdCco.mjs";
+import { t as BetterAuthReactAdapter } from "../better-auth-react-adapter-D9tIaEyQ.mjs";
+import { t as createAuthClient$1 } from "../neon-auth-2f58U8_-.mjs";
+import { n as neonAuth$1, r as authApiHandler$1, t as neonAuthMiddleware$1 } from "../middleware-C7jHeulu.mjs";
 
-//#region src/next/constants.ts
-const NEON_AUTH_COOKIE_PREFIX = "__Secure-neon-auth";
-const NEON_AUTH_SESSION_COOKIE_NAME = `${NEON_AUTH_COOKIE_PREFIX}.session_token`;
-const NEON_AUTH_SESSION_CHALLENGE_COOKIE_NAME = `${NEON_AUTH_COOKIE_PREFIX}.session_challange`;
-/** Name of the session verifier parameter in the URL, used for the OAUTH flow */
-const NEON_AUTH_SESSION_VERIFIER_PARAM_NAME = "neon_auth_session_verifier";
-
-//#endregion
-//#region src/next/handler/request.ts
-const PROXY_HEADERS = [
-	"user-agent",
-	"authorization",
-	"referer"
-];
-const handleAuthRequest = async (baseUrl, request, path) => {
-	const upstreamURL = `${baseUrl}/${path}${new URL(request.url).search}`;
-	const headers = prepareRequestHeaders(request);
-	const body = await parseRequestBody(request);
-	try {
-		return await fetch(upstreamURL, {
-			method: request.method,
-			headers,
-			body
-		});
-	} catch (error) {
-		const message = error instanceof Error ? error.message : "Internal Server Error";
-		console.error(`[AuthError] ${message}`, error);
-		return new Response(`[AuthError] ${message}`, { status: 500 });
-	}
-};
-const prepareRequestHeaders = (request) => {
-	const headers = new Headers();
-	headers.set("Content-Type", "application/json");
-	for (const header of PROXY_HEADERS) if (request.headers.get(header)) headers.set(header, request.headers.get(header));
-	headers.set("Origin", getOrigin(request));
-	headers.set("Cookie", extractRequestCookies(request.headers));
-	headers.set("X-Neon-Auth-Next", "true");
-	return headers;
-};
-const getOrigin = (request) => {
-	return request.headers.get("origin") || request.headers.get("referer")?.split("/").slice(0, 3).join("/") || new URL(request.url).origin;
-};
-const extractRequestCookies = (headers) => {
-	const cookieHeader = headers.get("cookie");
-	if (!cookieHeader) return "";
-	const cookies = cookieHeader.split(";").map((c) => c.trim());
-	const result = [];
-	for (const cookie of cookies) {
-		const [name] = cookie.split("=");
-		if (name.startsWith(NEON_AUTH_COOKIE_PREFIX)) result.push(cookie);
-	}
-	return result.join(";");
-};
-const parseRequestBody = async (request) => {
-	if (request.body) return request.text();
-};
-
-//#endregion
-//#region src/next/handler/response.ts
-const RESPONSE_HEADERS_ALLOWLIST = [
-	"content-type",
-	"content-length",
-	"content-encoding",
-	"transfer-encoding",
-	"connection",
-	"date",
-	"set-cookie",
-	"set-auth-jwt",
-	"set-auth-token",
-	"x-neon-ret-request-id"
-];
-const handleAuthResponse = async (response) => {
-	return new Response(response.body, {
-		status: response.status,
-		statusText: response.statusText,
-		headers: prepareResponseHeaders(response)
-	});
-};
-const prepareResponseHeaders = (response) => {
-	const headers = new Headers();
-	for (const header of RESPONSE_HEADERS_ALLOWLIST) {
-		const value = response.headers.get(header);
-		if (value) headers.set(header, value);
-	}
-	return headers;
-};
-
-//#endregion
-//#region src/next/handler/index.ts
-const toNextJsHandler = (baseUrl) => {
-	const baseURL = baseUrl || process.env.NEON_AUTH_BASE_URL;
-	if (!baseURL) throw new Error("You must provide a Neon Auth base URL in the handler options or in the environment variables");
-	const handler = async (request, { params }) => {
-		return await handleAuthResponse(await handleAuthRequest(baseURL, request, (await params).path.join("/")));
-	};
-	return {
-		GET: handler,
-		POST: handler,
-		PUT: handler,
-		DELETE: handler,
-		PATCH: handler
-	};
-};
-
-//#endregion
-//#region src/next/middleware/oauth.ts
-const needsSessionVerification = (request) => {
-	const hasVerifier = request.nextUrl.searchParams.has(NEON_AUTH_SESSION_VERIFIER_PARAM_NAME);
-	const hasChallenge = request.cookies.get(NEON_AUTH_SESSION_CHALLENGE_COOKIE_NAME);
-	const hasSession = request.cookies.get(NEON_AUTH_SESSION_COOKIE_NAME);
-	return hasVerifier && hasChallenge && !hasSession;
-};
-const verifySession = async (request, baseUrl) => {
-	const url = request.nextUrl;
-	const verifier = url.searchParams.get(NEON_AUTH_SESSION_VERIFIER_PARAM_NAME);
-	const challenge = request.cookies.get(NEON_AUTH_SESSION_CHALLENGE_COOKIE_NAME);
-	if (!verifier || !challenge) return null;
-	const response = await getSession(request, baseUrl);
-	if (response.ok) {
-		const headers = new Headers();
-		const cookies = extractResponseCookies(response.headers);
-		for (const cookie of cookies) headers.append("Set-Cookie", cookie);
-		url.searchParams.delete(NEON_AUTH_SESSION_VERIFIER_PARAM_NAME);
-		return NextResponse.redirect(url, { headers });
-	}
-	return null;
-};
-const getSession = async (request, baseUrl) => {
-	return handleAuthResponse(await handleAuthRequest(baseUrl, new Request(request.url, {
-		method: "GET",
-		headers: request.headers,
-		body: null
-	}), "get-session"));
-};
-const extractResponseCookies = (headers) => {
-	const cookieHeader = headers.get("set-cookie");
-	if (!cookieHeader) return [];
-	return cookieHeader.split(", ").map((c) => c.trim());
-};
-
-//#endregion
-//#region src/next/middleware/index.ts
-const SKIP_ROUTES = [
-	"/api/auth",
-	"/auth/callback",
-	"/auth/sign-in",
-	"/auth/sign-up",
-	"/auth/magic-link",
-	"/auth/email-otp",
-	"/auth/forgot-password"
-];
-const neonAuthMiddleware = ({ loginUrl = "/auth/sign-in", authBaseUrl }) => {
-	const baseURL = authBaseUrl || process.env.NEON_AUTH_BASE_URL;
-	if (!baseURL) throw new Error("You must provide a Neon Auth base URL in the middleware options or in the environment variables");
-	return async (request) => {
-		const { pathname } = request.nextUrl;
-		if (pathname.startsWith(loginUrl)) return NextResponse.next();
-		if (needsSessionVerification(request)) {
-			const response = await verifySession(request, baseURL);
-			if (response !== null) return response;
-		}
-		if (SKIP_ROUTES.some((route) => pathname.startsWith(route))) return NextResponse.next();
-		if (!request.cookies.get(NEON_AUTH_SESSION_COOKIE_NAME)) return NextResponse.redirect(new URL(loginUrl, request.url));
-		return NextResponse.next();
-	};
-};
-
-//#endregion
 //#region src/next/index.ts
-const createAuthClient = () => {
+function createAuthClient() {
 	return createAuthClient$1(void 0, { adapter: BetterAuthReactAdapter() });
-};
+}
+/**
+* @deprecated 
+* - Moved to `@neondatabase/auth/next/server` and 
+* - Moved to `@neondatabase/neon-js/auth/next/server` 
+* 
+* An API route handler to handle the auth requests from the client and proxy them to the Neon Auth.
+*/
+function authApiHandler() {
+	return authApiHandler$1();
+}
+/**
+* @deprecated 
+* - Moved to `@neondatabase/auth/next/server` and 
+* - Moved to `@neondatabase/neon-js/auth/next/server` 
+* 
+* A Next.js middleware to protect routes from unauthenticated requests and refresh the session if required.
+*/
+function neonAuthMiddleware(args) {
+	return neonAuthMiddleware$1(args);
+}
+/**
+* @deprecated 
+* - Moved to `@neondatabase/auth/next/server` and 
+* - Moved to `@neondatabase/neon-js/auth/next/server` 
+* 
+* A utility function to be used in react server components fetch the session details from the Neon Auth API, if session token is available in cookie.
+*/
+function neonAuth() {
+	return neonAuth$1();
+}
 
 //#endregion
-export { createAuthClient, neonAuthMiddleware, toNextJsHandler };
+export { authApiHandler, createAuthClient, neonAuth, neonAuthMiddleware };

package/dist/next/server/index.d.mts

@@ -0,0 +1,389 @@
+import "../../better-auth-types-BUiggBfa.mjs";
+import "../../adapter-core-23fYTUxT.mjs";
+import "../../better-auth-react-adapter-QFe5RtaM.mjs";
+import "../../supabase-adapter-Dr-pKvPt.mjs";
+import { o as VanillaBetterAuthClient } from "../../neon-auth-CDYpC_O1.mjs";
+import { r as neonAuth, t as neonAuthMiddleware } from "../../index-Bga0CzOO.mjs";
+
+//#region src/server/endpoints.d.ts
+
+declare const API_ENDPOINTS: {
+  readonly getSession: {
+    readonly path: "get-session";
+    readonly method: "GET";
+  };
+  readonly getAccessToken: {
+    readonly path: "get-access-token";
+    readonly method: "GET";
+  };
+  readonly listSessions: {
+    readonly path: "list-sessions";
+    readonly method: "GET";
+  };
+  readonly revokeSession: {
+    readonly path: "revoke-session";
+    readonly method: "POST";
+  };
+  readonly revokeSessions: {
+    readonly path: "revoke-sessions";
+    readonly method: "POST";
+  };
+  readonly revokeOtherSessions: {
+    readonly path: "revoke-all-sessions";
+    readonly method: "POST";
+  };
+  readonly refreshToken: {
+    readonly path: "refresh-token";
+    readonly method: "POST";
+  };
+  readonly signIn: {
+    readonly email: {
+      readonly path: "sign-in/email";
+      readonly method: "POST";
+    };
+    readonly social: {
+      readonly path: "sign-in/social";
+      readonly method: "POST";
+    };
+    readonly emailOtp: {
+      readonly path: "sign-in/email-otp";
+      readonly method: "POST";
+    };
+  };
+  readonly signUp: {
+    readonly email: {
+      readonly path: "sign-up/email";
+      readonly method: "POST";
+    };
+  };
+  readonly signOut: {
+    readonly path: "sign-out";
+    readonly method: "POST";
+  };
+  readonly listAccounts: {
+    readonly path: "list-accounts";
+    readonly method: "GET";
+  };
+  readonly accountInfo: {
+    readonly path: "account-info";
+    readonly method: "GET";
+  };
+  readonly updateUser: {
+    readonly path: "update-user";
+    readonly method: "POST";
+  };
+  readonly deleteUser: {
+    readonly path: "delete-user";
+    readonly method: "POST";
+  };
+  readonly changePassword: {
+    readonly path: "change-password";
+    readonly method: "POST";
+  };
+  readonly sendVerificationEmail: {
+    readonly path: "send-verification-email";
+    readonly method: "POST";
+  };
+  readonly verifyEmail: {
+    readonly path: "verify-email";
+    readonly method: "POST";
+  };
+  readonly resetPassword: {
+    readonly path: "reset-password";
+    readonly method: "POST";
+  };
+  readonly requestPasswordReset: {
+    readonly path: "request-password-reset";
+    readonly method: "POST";
+  };
+  readonly token: {
+    readonly path: "token";
+    readonly method: "GET";
+  };
+  readonly jwks: {
+    readonly path: "jwt";
+    readonly method: "GET";
+  };
+  readonly getAnonymousToken: {
+    readonly path: "token/anonymous";
+    readonly method: "GET";
+  };
+  readonly admin: {
+    readonly createUser: {
+      readonly path: "admin/create-user";
+      readonly method: "POST";
+    };
+    readonly listUsers: {
+      readonly path: "admin/list-users";
+      readonly method: "GET";
+    };
+    readonly setRole: {
+      readonly path: "admin/set-role";
+      readonly method: "POST";
+    };
+    readonly setUserPassword: {
+      readonly path: "admin/set-user-password";
+      readonly method: "POST";
+    };
+    readonly updateUser: {
+      readonly path: "admin/update-user";
+      readonly method: "POST";
+    };
+    readonly banUser: {
+      readonly path: "admin/ban-user";
+      readonly method: "POST";
+    };
+    readonly unbanUser: {
+      readonly path: "admin/unban-user";
+      readonly method: "POST";
+    };
+    readonly listUserSessions: {
+      readonly path: "admin/list-user-sessions";
+      readonly method: "GET";
+    };
+    readonly revokeUserSession: {
+      readonly path: "admin/revoke-user-session";
+      readonly method: "POST";
+    };
+    readonly revokeUserSessions: {
+      readonly path: "admin/revoke-user-sessions";
+      readonly method: "POST";
+    };
+    readonly impersonateUser: {
+      readonly path: "admin/impersonate-user";
+      readonly method: "POST";
+    };
+    readonly stopImpersonating: {
+      readonly path: "admin/stop-impersonating";
+      readonly method: "POST";
+    };
+    readonly removeUser: {
+      readonly path: "admin/remove-user";
+      readonly method: "POST";
+    };
+    readonly hasPermission: {
+      readonly path: "admin/has-permission";
+      readonly method: "POST";
+    };
+  };
+  readonly organization: {
+    readonly create: {
+      readonly path: "organization/create";
+      readonly method: "POST";
+    };
+    readonly update: {
+      readonly path: "organization/update";
+      readonly method: "POST";
+    };
+    readonly delete: {
+      readonly path: "organization/delete";
+      readonly method: "POST";
+    };
+    readonly list: {
+      readonly path: "organization/list";
+      readonly method: "GET";
+    };
+    readonly getFullOrganization: {
+      readonly path: "organization/get-full-organization";
+      readonly method: "GET";
+    };
+    readonly setActive: {
+      readonly path: "organization/set-active";
+      readonly method: "POST";
+    };
+    readonly checkSlug: {
+      readonly path: "organization/check-slug";
+      readonly method: "GET";
+    };
+    readonly listMembers: {
+      readonly path: "organization/list-members";
+      readonly method: "GET";
+    };
+    readonly removeMember: {
+      readonly path: "organization/remove-member";
+      readonly method: "POST";
+    };
+    readonly updateMemberRole: {
+      readonly path: "organization/update-member-role";
+      readonly method: "POST";
+    };
+    readonly leave: {
+      readonly path: "organization/leave";
+      readonly method: "POST";
+    };
+    readonly getActiveMember: {
+      readonly path: "organization/get-active-member";
+      readonly method: "GET";
+    };
+    readonly getActiveMemberRole: {
+      readonly path: "organization/get-active-member-role";
+      readonly method: "GET";
+    };
+    readonly inviteMember: {
+      readonly path: "organization/invite-member";
+      readonly method: "POST";
+    };
+    readonly acceptInvitation: {
+      readonly path: "organization/accept-invitation";
+      readonly method: "POST";
+    };
+    readonly rejectInvitation: {
+      readonly path: "organization/reject-invitation";
+      readonly method: "POST";
+    };
+    readonly cancelInvitation: {
+      readonly path: "organization/cancel-invitation";
+      readonly method: "POST";
+    };
+    readonly getInvitation: {
+      readonly path: "organization/get-invitation";
+      readonly method: "GET";
+    };
+    readonly listInvitations: {
+      readonly path: "organization/list-invitations";
+      readonly method: "GET";
+    };
+    readonly listUserInvitations: {
+      readonly path: "organization/list-user-invitations";
+      readonly method: "GET";
+    };
+    readonly hasPermission: {
+      readonly path: "organization/has-permission";
+      readonly method: "POST";
+    };
+  };
+  readonly emailOtp: {
+    readonly sendVerificationOtp: {
+      readonly path: "email-otp/send-verification-otp";
+      readonly method: "POST";
+    };
+    readonly verifyEmail: {
+      readonly path: "email-otp/verify-email";
+      readonly method: "POST";
+    };
+    readonly checkVerificationOtp: {
+      readonly path: "email-otp/check-verification-otp";
+      readonly method: "POST";
+    };
+    readonly resetPassword: {
+      readonly path: "email-otp/passcode";
+      readonly method: "POST";
+    };
+  };
+};
+//#endregion
+//#region src/server/types.d.ts
+/**
+ * Extract top-level keys from API_ENDPOINTS.
+ * For nested endpoints like signIn.email, this extracts 'signIn' (not 'email').
+ */
+type TopLevelEndpointKeys<T> = { [K in keyof T]: K }[keyof T];
+type ServerAuthMethods = TopLevelEndpointKeys<typeof API_ENDPOINTS>;
+type NeonAuthServer = Pick<VanillaBetterAuthClient, ServerAuthMethods>;
+//#endregion
+//#region src/next/handler/index.d.ts
+type Params = {
+  path: string[];
+};
+/**
+ *
+ * An API route handler to handle the auth requests from the client and proxy them to the Neon Auth.
+ *
+ * @returns A Next.js API handler functions those can be used in a Next.js route.
+ *
+ * @example
+ * Mount the `authApiHandler` to an API route. Create a route file inside `/api/auth/[...all]/route.ts` directory.
+ *  And add the following code:
+ *
+ * ```ts
+ * // app/api/auth/[...all]/route.ts
+ * import { authApiHandler } from '@neondatabase/auth/next';
+ *
+ * export const { GET, POST } = authApiHandler();
+ * ```
+ */
+declare function authApiHandler(): {
+  GET: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+  POST: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+  PUT: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+  DELETE: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+  PATCH: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+};
+//#endregion
+//#region src/next/server/index.d.ts
+/**
+ * Creates a server-side auth API client for Next.js.
+ *
+ * This client exposes the Neon Auth APIs including authentication, user management, organizations, and admin operations.
+ *
+ * **Where to use:**
+ * - React Server Components
+ * - Server Actions
+ * - Route Handlers
+ *
+ * **Requirements:**
+ * - `NEON_AUTH_BASE_URL` environment variable must be set
+ * - Cookies are automatically read/written via `next/headers`
+ *
+ * @returns Auth server API client for Next.js
+ * @throws Error if `NEON_AUTH_BASE_URL` environment variable is not set
+ *
+ * @example
+ * ```typescript
+ * // lib/auth/server.ts - Create a singleton instance
+ * import { createAuthServer } from '@neondatabase/auth/next/server';
+ * export const authServer = createAuthServer();
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Server Component - Reading session
+ * import { authServer } from '@/lib/auth/server';
+ *
+ * export default async function Page() {
+ *   const { data: session } = await authServer.getSession();
+ *   if (!session?.user) return <div>Not logged in</div>;
+ *   return <div>Hello {session.user.name}</div>;
+ * }
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Server Action - Sign in
+ * 'use server';
+ * import { authServer } from '@/lib/auth/server';
+ * import { redirect } from 'next/navigation';
+ *
+ * export async function signIn(formData: FormData) {
+ *   const { error } = await authServer.signIn.email({
+ *     email: formData.get('email') as string,
+ *     password: formData.get('password') as string,
+ *   });
+ *   if (error) return { error: error.message };
+ *   redirect('/dashboard');
+ * }
+ * ```
+ */
+declare function createAuthServer(): NeonAuthServer;
+//#endregion
+export { authApiHandler, createAuthServer, neonAuth, neonAuthMiddleware };