@neondatabase/auth 0.1.0-beta.9 → 0.2.0-beta.1

package/dist/next/server/index.d.mts

@@ -0,0 +1,538 @@
+import "../../adapter-core-CnrOXh1T.mjs";
+import "../../better-auth-react-adapter-DNi5PC5D.mjs";
+import "../../supabase-adapter-DUqw2fw8.mjs";
+import { o as VanillaBetterAuthClient } from "../../neon-auth-BEGCfAe6.mjs";
+import { NextRequest, NextResponse } from "next/server";
+
+//#region src/server/config.d.ts
+/**
+ * Framework-agnostic configuration types for Neon Auth
+ */
+/**
+ * Session cookie configuration
+ */
+interface SessionCookieConfig {
+  /**
+   * Secret for signing session data cookies (enables session caching)
+   * Must be at least 32 characters for security.
+   *
+   * Generate a secure secret:
+   * ```bash
+   * openssl rand -base64 32
+   * ```
+   *
+   * @example process.env.NEON_AUTH_COOKIE_SECRET
+   */
+  secret: string;
+  /**
+   * Time-to-live for cached session data in seconds
+   *
+   * Controls how long session data is cached in a signed cookie before
+   * requiring re-validation with the upstream auth server.
+   * Note: this does not affect the session token cookie TTL.
+   *
+   * @default 300 (5 minutes)
+   * @example 60 // Cache for 1 minute
+   * @example 600 // Cache for 10 minutes
+   */
+  sessionDataTtl?: number;
+  /**
+   * Cookie domain for all Neon Auth cookies
+   *
+   * @default undefined (browser default - current domain only)
+   * @example '.example.com' // Share across subdomains
+   */
+  domain?: string;
+}
+/**
+ * Base configuration for Neon Auth server utilities
+ */
+interface NeonAuthConfig {
+  /**
+   * Base URL for the Neon Auth server
+   * @example 'https://ep-xxxx.neonauth.us-east-1.aws.neon.tech'
+   */
+  baseUrl: string;
+  /**
+   * Cookie configuration
+   */
+  cookies: SessionCookieConfig;
+}
+/**
+ * Configuration for Neon Auth middleware
+ * Extends base config with middleware-specific options
+ */
+interface NeonAuthMiddlewareConfig extends NeonAuthConfig {
+  /**
+   * URL to redirect to when user is not authenticated
+   * @default '/auth/sign-in'
+   */
+  loginUrl?: string;
+}
+//#endregion
+//#region src/next/server/handler.d.ts
+type Params = {
+  path: string[];
+};
+/**
+ * An API route handler to handle the auth requests from the client and proxy them to the Neon Auth.
+ *
+ * @param config - Required configuration
+ * @param config.baseUrl - Base URL of your Neon Auth instance
+ * @param config.cookies - Cookie configuration
+ * @param config.cookies.secret - Secret for signing session cookies (minimum 32 characters)
+ * @param config.cookies.sessionDataTtl - Optional TTL for session cache in seconds (default: 300)
+ * @returns A Next.js API handler functions that can be used in a Next.js route.
+ * @throws Error if `cookies.secret` is less than 32 characters
+ *
+ * @example
+ * Mount the `authApiHandler` to an API route. Create a route file inside `/api/auth/[...all]/route.ts` directory.
+ * And add the following code:
+ *
+ * ```ts
+ * // app/api/auth/[...all]/route.ts
+ * import { authApiHandler } from '@neondatabase/auth/next';
+ *
+ * export const { GET, POST } = authApiHandler({
+ *   baseUrl: process.env.NEON_AUTH_BASE_URL!,
+ *   cookies: {
+ *     secret: process.env.NEON_AUTH_COOKIE_SECRET!,
+ *   },
+ * });
+ * ```
+ */
+declare function authApiHandler(config: NeonAuthConfig): {
+  GET: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+  POST: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+  PUT: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+  DELETE: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+  PATCH: (request: Request, {
+    params
+  }: {
+    params: Promise<Params>;
+  }) => Promise<Response>;
+};
+//#endregion
+//#region src/next/server/middleware.d.ts
+/**
+ * A Next.js middleware to protect routes from unauthenticated requests and refresh the session if required.
+ *
+ * @param config - Required middleware configuration
+ * @param config.baseUrl - Base URL of your Neon Auth instance
+ * @param config.cookies - Cookie configuration
+ * @param config.cookies.secret - Secret for signing session cookies (minimum 32 characters)
+ * @param config.cookies.sessionDataTtl - Optional TTL for session cache in seconds (default: 300)
+ * @param config.loginUrl - The URL to redirect to when the user is not authenticated (default: '/auth/sign-in')
+ * @returns A middleware function that can be used in the Next.js app.
+ * @throws Error if `cookies.secret` is less than 32 characters
+ *
+ * @example
+ * ```ts
+ * import { neonAuthMiddleware } from "@neondatabase/auth/next"
+ *
+ * export default neonAuthMiddleware({
+ *   baseUrl: process.env.NEON_AUTH_BASE_URL!,
+ *   cookies: {
+ *     secret: process.env.NEON_AUTH_COOKIE_SECRET!,
+ *   },
+ *   loginUrl: '/auth/sign-in',
+ * });
+ * ```
+ */
+declare function neonAuthMiddleware(config: NeonAuthMiddlewareConfig): (request: NextRequest) => Promise<NextResponse<unknown>>;
+//#endregion
+//#region src/server/endpoints.d.ts
+declare const API_ENDPOINTS: {
+  readonly getSession: {
+    readonly path: "get-session";
+    readonly method: "GET";
+  };
+  readonly getAccessToken: {
+    readonly path: "get-access-token";
+    readonly method: "GET";
+  };
+  readonly listSessions: {
+    readonly path: "list-sessions";
+    readonly method: "GET";
+  };
+  readonly revokeSession: {
+    readonly path: "revoke-session";
+    readonly method: "POST";
+  };
+  readonly revokeSessions: {
+    readonly path: "revoke-sessions";
+    readonly method: "POST";
+  };
+  readonly revokeOtherSessions: {
+    readonly path: "revoke-all-sessions";
+    readonly method: "POST";
+  };
+  readonly refreshToken: {
+    readonly path: "refresh-token";
+    readonly method: "POST";
+  };
+  readonly signIn: {
+    readonly email: {
+      readonly path: "sign-in/email";
+      readonly method: "POST";
+    };
+    readonly social: {
+      readonly path: "sign-in/social";
+      readonly method: "POST";
+    };
+    readonly emailOtp: {
+      readonly path: "sign-in/email-otp";
+      readonly method: "POST";
+    };
+  };
+  readonly signUp: {
+    readonly email: {
+      readonly path: "sign-up/email";
+      readonly method: "POST";
+    };
+  };
+  readonly signOut: {
+    readonly path: "sign-out";
+    readonly method: "POST";
+  };
+  readonly listAccounts: {
+    readonly path: "list-accounts";
+    readonly method: "GET";
+  };
+  readonly accountInfo: {
+    readonly path: "account-info";
+    readonly method: "GET";
+  };
+  readonly updateUser: {
+    readonly path: "update-user";
+    readonly method: "POST";
+  };
+  readonly deleteUser: {
+    readonly path: "delete-user";
+    readonly method: "POST";
+  };
+  readonly changePassword: {
+    readonly path: "change-password";
+    readonly method: "POST";
+  };
+  readonly sendVerificationEmail: {
+    readonly path: "send-verification-email";
+    readonly method: "POST";
+  };
+  readonly verifyEmail: {
+    readonly path: "verify-email";
+    readonly method: "POST";
+  };
+  readonly resetPassword: {
+    readonly path: "reset-password";
+    readonly method: "POST";
+  };
+  readonly requestPasswordReset: {
+    readonly path: "request-password-reset";
+    readonly method: "POST";
+  };
+  readonly token: {
+    readonly path: "token";
+    readonly method: "GET";
+  };
+  readonly jwks: {
+    readonly path: "jwt";
+    readonly method: "GET";
+  };
+  readonly getAnonymousToken: {
+    readonly path: "token/anonymous";
+    readonly method: "GET";
+  };
+  readonly admin: {
+    readonly createUser: {
+      readonly path: "admin/create-user";
+      readonly method: "POST";
+    };
+    readonly listUsers: {
+      readonly path: "admin/list-users";
+      readonly method: "GET";
+    };
+    readonly setRole: {
+      readonly path: "admin/set-role";
+      readonly method: "POST";
+    };
+    readonly setUserPassword: {
+      readonly path: "admin/set-user-password";
+      readonly method: "POST";
+    };
+    readonly updateUser: {
+      readonly path: "admin/update-user";
+      readonly method: "POST";
+    };
+    readonly banUser: {
+      readonly path: "admin/ban-user";
+      readonly method: "POST";
+    };
+    readonly unbanUser: {
+      readonly path: "admin/unban-user";
+      readonly method: "POST";
+    };
+    readonly listUserSessions: {
+      readonly path: "admin/list-user-sessions";
+      readonly method: "GET";
+    };
+    readonly revokeUserSession: {
+      readonly path: "admin/revoke-user-session";
+      readonly method: "POST";
+    };
+    readonly revokeUserSessions: {
+      readonly path: "admin/revoke-user-sessions";
+      readonly method: "POST";
+    };
+    readonly impersonateUser: {
+      readonly path: "admin/impersonate-user";
+      readonly method: "POST";
+    };
+    readonly stopImpersonating: {
+      readonly path: "admin/stop-impersonating";
+      readonly method: "POST";
+    };
+    readonly removeUser: {
+      readonly path: "admin/remove-user";
+      readonly method: "POST";
+    };
+    readonly hasPermission: {
+      readonly path: "admin/has-permission";
+      readonly method: "POST";
+    };
+  };
+  readonly organization: {
+    readonly create: {
+      readonly path: "organization/create";
+      readonly method: "POST";
+    };
+    readonly update: {
+      readonly path: "organization/update";
+      readonly method: "POST";
+    };
+    readonly delete: {
+      readonly path: "organization/delete";
+      readonly method: "POST";
+    };
+    readonly list: {
+      readonly path: "organization/list";
+      readonly method: "GET";
+    };
+    readonly getFullOrganization: {
+      readonly path: "organization/get-full-organization";
+      readonly method: "GET";
+    };
+    readonly setActive: {
+      readonly path: "organization/set-active";
+      readonly method: "POST";
+    };
+    readonly checkSlug: {
+      readonly path: "organization/check-slug";
+      readonly method: "GET";
+    };
+    readonly listMembers: {
+      readonly path: "organization/list-members";
+      readonly method: "GET";
+    };
+    readonly removeMember: {
+      readonly path: "organization/remove-member";
+      readonly method: "POST";
+    };
+    readonly updateMemberRole: {
+      readonly path: "organization/update-member-role";
+      readonly method: "POST";
+    };
+    readonly leave: {
+      readonly path: "organization/leave";
+      readonly method: "POST";
+    };
+    readonly getActiveMember: {
+      readonly path: "organization/get-active-member";
+      readonly method: "GET";
+    };
+    readonly getActiveMemberRole: {
+      readonly path: "organization/get-active-member-role";
+      readonly method: "GET";
+    };
+    readonly inviteMember: {
+      readonly path: "organization/invite-member";
+      readonly method: "POST";
+    };
+    readonly acceptInvitation: {
+      readonly path: "organization/accept-invitation";
+      readonly method: "POST";
+    };
+    readonly rejectInvitation: {
+      readonly path: "organization/reject-invitation";
+      readonly method: "POST";
+    };
+    readonly cancelInvitation: {
+      readonly path: "organization/cancel-invitation";
+      readonly method: "POST";
+    };
+    readonly getInvitation: {
+      readonly path: "organization/get-invitation";
+      readonly method: "GET";
+    };
+    readonly listInvitations: {
+      readonly path: "organization/list-invitations";
+      readonly method: "GET";
+    };
+    readonly listUserInvitations: {
+      readonly path: "organization/list-user-invitations";
+      readonly method: "GET";
+    };
+    readonly hasPermission: {
+      readonly path: "organization/has-permission";
+      readonly method: "POST";
+    };
+  };
+  readonly emailOtp: {
+    readonly sendVerificationOtp: {
+      readonly path: "email-otp/send-verification-otp";
+      readonly method: "POST";
+    };
+    readonly verifyEmail: {
+      readonly path: "email-otp/verify-email";
+      readonly method: "POST";
+    };
+    readonly checkVerificationOtp: {
+      readonly path: "email-otp/check-verification-otp";
+      readonly method: "POST";
+    };
+    readonly resetPassword: {
+      readonly path: "email-otp/passcode";
+      readonly method: "POST";
+    };
+  };
+};
+//#endregion
+//#region src/server/types.d.ts
+/**
+ * Extract top-level keys from API_ENDPOINTS.
+ * For nested endpoints like signIn.email, this extracts 'signIn' (not 'email').
+ */
+type TopLevelEndpointKeys<T> = { [K in keyof T]: K }[keyof T];
+type ServerAuthMethods = TopLevelEndpointKeys<typeof API_ENDPOINTS>;
+type NeonAuthServer = Pick<VanillaBetterAuthClient, ServerAuthMethods>;
+//#endregion
+//#region src/next/server/index.d.ts
+/**
+ * Unified entry point for Neon Auth in Next.js
+ *
+ * This is the recommended way to use Neon Auth in Next.js. It provides a single
+ * entry point that combines all server-side functionality.
+ *
+ * **Features:**
+ * - All Better Auth server methods (signIn, signUp, getSession, etc.)
+ * - `.handler()` - API route handler for `/api/auth/[...path]`
+ * - `.middleware(config?)` - Middleware for route protection
+ *
+ * **Where to use:**
+ * - React Server Components
+ * - Server Actions
+ * - Route Handlers
+ * - Middleware
+ *
+ * @param config - Required configuration
+ * @param config.baseUrl - Base URL of your Neon Auth instance
+ * @param config.cookies - Cookie configuration
+ * @param config.cookies.secret - Secret for signing session cookies (minimum 32 characters)
+ * @param config.cookies.sessionDataTtl - Optional TTL for session cache in seconds (default: 300)
+ * @param config.cookies.domain - Optional cookie domain (default: current domain)
+ * @returns Unified auth instance with server methods, handler, and middleware
+ * @throws Error if `cookies.secret` is less than 32 characters
+ *
+ * @example
+ * ```typescript
+ * // lib/auth.ts - Create a singleton instance
+ * import { createNeonAuth } from '@neondatabase/auth/next/server';
+ *
+ * export const auth = createNeonAuth({
+ *   baseUrl: process.env.NEON_AUTH_BASE_URL!,
+ *   cookies: {
+ *     secret: process.env.NEON_AUTH_COOKIE_SECRET!,
+ *     sessionDataTtl: 300, // 5 minutes (default)
+ *   },
+ * });
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/[...path]/route.ts - API handler
+ * import { auth } from '@/lib/auth';
+ *
+ * export const { GET, POST } = auth.handler();
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // middleware.ts - Route protection
+ * import { auth } from '@/lib/auth';
+ *
+ * export default auth.middleware({ loginUrl: '/auth/sign-in' });
+ *
+ * export const config = {
+ *   matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
+ * };
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // app/page.tsx - Server Component
+ * import { auth } from '@/lib/auth';
+ *
+ * // Server components using `auth` methods must be rendered dynamically
+ * export const dynamic = 'force-dynamic'
+ *
+ * export default async function Page() {
+ *   const { data: session } = await auth.getSession();
+ *   if (!session?.user) return <div>Not logged in</div>;
+ *   return <div>Hello {session.user.name}</div>;
+ * }
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // app/actions.ts - Server Action
+ * 'use server';
+ * import { auth } from '@/lib/auth';
+ * import { redirect } from 'next/navigation';
+ *
+ * export async function signIn(formData: FormData) {
+ *   const { error } = await auth.signIn.email({
+ *     email: formData.get('email') as string,
+ *     password: formData.get('password') as string,
+ *   });
+ *   if (error) return { error: error.message };
+ *   redirect('/dashboard');
+ * }
+ * ```
+ */
+declare function createNeonAuth(config: NeonAuthConfig): NeonAuth;
+/**
+ * Return type for createNeonAuth
+ * Includes all Better Auth server methods plus handler() and middleware()
+ */
+type NeonAuth = NeonAuthServer & {
+  handler: () => ReturnType<typeof authApiHandler>;
+  middleware: (middlewareConfig?: Pick<NeonAuthMiddlewareConfig, 'loginUrl'>) => ReturnType<typeof neonAuthMiddleware>;
+};
+//#endregion
+export { NeonAuth, createNeonAuth };