@palbase/web 1.0.0

package/dist/next/client.d.cts

@@ -0,0 +1,19 @@
+import { S as SessionStorageAdapter } from '../storage-BPaeSG8K.cjs';
+
+/**
+ * document.cookie-backed SessionStorageAdapter. `load` returns the EXTENDED
+ * PersistedSession (access token + expiry ride along) so hydration adopts
+ * the full session without a refresh round-trip.
+ */
+declare function cookieSessionStorage(endpointRef: string): SessionStorageAdapter;
+/**
+ * One-liner for a client component/provider: re-configure the already-loaded
+ * gen config (palbe.gen.ts must be imported first — throws the guided
+ * notConfigured error otherwise) with cookie-backed session storage so the
+ * browser and the server share the session. Calling it again simply
+ * re-configures (safe, e.g. under fast refresh). When Next evaluates the
+ * client component module server-side there is no document — no-op.
+ */
+declare function setupPalbeNext(): void;
+
+export { cookieSessionStorage, setupPalbeNext };

package/dist/next/client.d.ts

@@ -0,0 +1,19 @@
+import { S as SessionStorageAdapter } from '../storage-BPaeSG8K.js';
+
+/**
+ * document.cookie-backed SessionStorageAdapter. `load` returns the EXTENDED
+ * PersistedSession (access token + expiry ride along) so hydration adopts
+ * the full session without a refresh round-trip.
+ */
+declare function cookieSessionStorage(endpointRef: string): SessionStorageAdapter;
+/**
+ * One-liner for a client component/provider: re-configure the already-loaded
+ * gen config (palbe.gen.ts must be imported first — throws the guided
+ * notConfigured error otherwise) with cookie-backed session storage so the
+ * browser and the server share the session. Calling it again simply
+ * re-configures (safe, e.g. under fast refresh). When Next evaluates the
+ * client component module server-side there is no document — no-op.
+ */
+declare function setupPalbeNext(): void;
+
+export { cookieSessionStorage, setupPalbeNext };

package/dist/next/client.js

@@ -0,0 +1,75 @@
+import {
+  clearedSessionCookieNames,
+  decodeSessionCookies,
+  encodeSessionCookies
+} from "../chunk-VJXFABBW.js";
+import {
+  __configure,
+  endpointRefFromApiKey,
+  getRuntime
+} from "../chunk-JVT65V4E.js";
+
+// src/next/client.ts
+var SESSION_MAX_AGE_S = 2592e3;
+var WRITE_ATTRS = "Path=/; SameSite=Lax; Secure";
+function cookieJar() {
+  const jar = /* @__PURE__ */ new Map();
+  for (const part of document.cookie.split(";")) {
+    const eq = part.indexOf("=");
+    if (eq === -1) continue;
+    const name = part.slice(0, eq).trim();
+    if (name) jar.set(name, part.slice(eq + 1).trim());
+  }
+  return jar;
+}
+function deleteCookie(name) {
+  document.cookie = `${name}=; ${WRITE_ATTRS}; Max-Age=0`;
+}
+function cookieSessionStorage(endpointRef) {
+  return {
+    load() {
+      if (typeof document === "undefined") return null;
+      const jar = cookieJar();
+      const stored = decodeSessionCookies((name) => jar.get(name), endpointRef);
+      if (!stored) return null;
+      return stored.accessToken && stored.expiresAt > 0 ? {
+        refreshToken: stored.refreshToken,
+        accessToken: stored.accessToken,
+        expiresAt: stored.expiresAt
+      } : { refreshToken: stored.refreshToken };
+    },
+    save(session) {
+      if (typeof document === "undefined") return;
+      const jar = cookieJar();
+      for (const name of clearedSessionCookieNames(endpointRef, (n) => jar.has(n))) {
+        deleteCookie(name);
+      }
+      const { set, clear } = encodeSessionCookies(endpointRef, {
+        accessToken: session.accessToken ?? "",
+        refreshToken: session.refreshToken,
+        expiresAt: session.expiresAt ?? 0
+      });
+      for (const { name, value } of set) {
+        document.cookie = `${name}=${value}; ${WRITE_ATTRS}; Max-Age=${SESSION_MAX_AGE_S}`;
+      }
+      for (const name of clear) deleteCookie(name);
+    },
+    clear() {
+      if (typeof document === "undefined") return;
+      const jar = cookieJar();
+      for (const name of clearedSessionCookieNames(endpointRef, (n) => jar.has(n))) {
+        deleteCookie(name);
+      }
+    }
+  };
+}
+function setupPalbeNext() {
+  if (typeof document === "undefined") return;
+  const config = getRuntime().config;
+  __configure({ ...config, storage: cookieSessionStorage(endpointRefFromApiKey(config.apiKey)) });
+}
+export {
+  cookieSessionStorage,
+  setupPalbeNext
+};
+//# sourceMappingURL=client.js.map

package/dist/next/client.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/next/client.ts"],"sourcesContent":["/**\n * '@palbase/web/next/client' — the browser half of the Next.js adapter. This entry\n * must NEVER import 'next' (it runs in plain client bundles); the cookie jar\n * is document.cookie itself, written with the shared codec so the server\n * side (pbServer / middleware / callback) reads the same bytes.\n */\nimport { __configure, getRuntime } from '../internal.js';\nimport type { PersistedSession, SessionStorageAdapter } from '../storage.js';\nimport {\n  clearedSessionCookieNames,\n  decodeSessionCookies,\n  encodeSessionCookies,\n  endpointRefFromApiKey,\n} from './cookie-codec.js';\n\n/** 30 days — the refresh-token TTL (P3 design contract). */\nconst SESSION_MAX_AGE_S = 2_592_000;\n\n// Secure is unconditional, INCLUDING http://localhost: browsers treat\n// localhost as a potentially-trustworthy origin, so document.cookie accepts\n// Secure cookies there — no dev-mode special case needed. KNOWN LIMITATION:\n// plain-http origins OTHER than localhost — e.g. LAN-IP device testing on\n// http://192.168.x.x — are NOT trustworthy, so the browser silently DROPS\n// these Secure cookie writes and the session won't persist; use https (or a\n// localhost tunnel/port-forward) for on-device testing. NOT HttpOnly by\n// design: the browser SDK must read/write the session (Supabase-paradigm\n// tradeoff, documented in the P3 plan).\nconst WRITE_ATTRS = 'Path=/; SameSite=Lax; Secure';\n\n/** Parse document.cookie (\"a=1; b=2\") into a name → raw-value map. */\nfunction cookieJar(): Map<string, string> {\n  const jar = new Map<string, string>();\n  for (const part of document.cookie.split(';')) {\n    const eq = part.indexOf('=');\n    if (eq === -1) continue;\n    const name = part.slice(0, eq).trim();\n    if (name) jar.set(name, part.slice(eq + 1).trim());\n  }\n  return jar;\n}\n\nfunction deleteCookie(name: string): void {\n  // biome-ignore lint/suspicious/noDocumentCookie: SessionStorageAdapter is a SYNC contract; the async Cookie Store API can't back it (and isn't universal).\n  document.cookie = `${name}=; ${WRITE_ATTRS}; Max-Age=0`;\n}\n\n/**\n * document.cookie-backed SessionStorageAdapter. `load` returns the EXTENDED\n * PersistedSession (access token + expiry ride along) so hydration adopts\n * the full session without a refresh round-trip.\n */\nexport function cookieSessionStorage(endpointRef: string): SessionStorageAdapter {\n  return {\n    load(): PersistedSession | null {\n      if (typeof document === 'undefined') return null;\n      const jar = cookieJar();\n      const stored = decodeSessionCookies((name) => jar.get(name), endpointRef);\n      if (!stored) return null;\n      // A refresh-only save round-trips as a:'' / e:0 — normalize back to\n      // the legacy shape so hydration takes the expired-trick path cleanly.\n      return stored.accessToken && stored.expiresAt > 0\n        ? {\n            refreshToken: stored.refreshToken,\n            accessToken: stored.accessToken,\n            expiresAt: stored.expiresAt,\n          }\n        : { refreshToken: stored.refreshToken };\n    },\n    save(session: PersistedSession): void {\n      if (typeof document === 'undefined') return;\n      const jar = cookieJar();\n      // Delete every currently-present session cookie first (stale chunks of\n      // a previously-larger session, or a stale base when the new write\n      // chunks), then set the new cookie(s).\n      for (const name of clearedSessionCookieNames(endpointRef, (n) => jar.has(n))) {\n        deleteCookie(name);\n      }\n      const { set, clear } = encodeSessionCookies(endpointRef, {\n        accessToken: session.accessToken ?? '',\n        refreshToken: session.refreshToken,\n        expiresAt: session.expiresAt ?? 0,\n      });\n      for (const { name, value } of set) {\n        // biome-ignore lint/suspicious/noDocumentCookie: SessionStorageAdapter is a SYNC contract; the async Cookie Store API can't back it (and isn't universal).\n        document.cookie = `${name}=${value}; ${WRITE_ATTRS}; Max-Age=${SESSION_MAX_AGE_S}`;\n      }\n      // Overflow guard (codec contract): delete one-past-the-end so a stale\n      // orphan chunk behind a gap can never join a future chunk run.\n      for (const name of clear) deleteCookie(name);\n    },\n    clear(): void {\n      if (typeof document === 'undefined') return;\n      const jar = cookieJar();\n      for (const name of clearedSessionCookieNames(endpointRef, (n) => jar.has(n))) {\n        deleteCookie(name);\n      }\n    },\n  };\n}\n\n/**\n * One-liner for a client component/provider: re-configure the already-loaded\n * gen config (palbe.gen.ts must be imported first — throws the guided\n * notConfigured error otherwise) with cookie-backed session storage so the\n * browser and the server share the session. Calling it again simply\n * re-configures (safe, e.g. under fast refresh). When Next evaluates the\n * client component module server-side there is no document — no-op.\n */\nexport function setupPalbeNext(): void {\n  if (typeof document === 'undefined') return;\n  const config = getRuntime().config;\n  __configure({ ...config, storage: cookieSessionStorage(endpointRefFromApiKey(config.apiKey)) });\n}\n"],"mappings":";;;;;;;;;;;;AAgBA,IAAM,oBAAoB;AAW1B,IAAM,cAAc;AAGpB,SAAS,YAAiC;AACxC,QAAM,MAAM,oBAAI,IAAoB;AACpC,aAAW,QAAQ,SAAS,OAAO,MAAM,GAAG,GAAG;AAC7C,UAAM,KAAK,KAAK,QAAQ,GAAG;AAC3B,QAAI,OAAO,GAAI;AACf,UAAM,OAAO,KAAK,MAAM,GAAG,EAAE,EAAE,KAAK;AACpC,QAAI,KAAM,KAAI,IAAI,MAAM,KAAK,MAAM,KAAK,CAAC,EAAE,KAAK,CAAC;AAAA,EACnD;AACA,SAAO;AACT;AAEA,SAAS,aAAa,MAAoB;AAExC,WAAS,SAAS,GAAG,IAAI,MAAM,WAAW;AAC5C;AAOO,SAAS,qBAAqB,aAA4C;AAC/E,SAAO;AAAA,IACL,OAAgC;AAC9B,UAAI,OAAO,aAAa,YAAa,QAAO;AAC5C,YAAM,MAAM,UAAU;AACtB,YAAM,SAAS,qBAAqB,CAAC,SAAS,IAAI,IAAI,IAAI,GAAG,WAAW;AACxE,UAAI,CAAC,OAAQ,QAAO;AAGpB,aAAO,OAAO,eAAe,OAAO,YAAY,IAC5C;AAAA,QACE,cAAc,OAAO;AAAA,QACrB,aAAa,OAAO;AAAA,QACpB,WAAW,OAAO;AAAA,MACpB,IACA,EAAE,cAAc,OAAO,aAAa;AAAA,IAC1C;AAAA,IACA,KAAK,SAAiC;AACpC,UAAI,OAAO,aAAa,YAAa;AACrC,YAAM,MAAM,UAAU;AAItB,iBAAW,QAAQ,0BAA0B,aAAa,CAAC,MAAM,IAAI,IAAI,CAAC,CAAC,GAAG;AAC5E,qBAAa,IAAI;AAAA,MACnB;AACA,YAAM,EAAE,KAAK,MAAM,IAAI,qBAAqB,aAAa;AAAA,QACvD,aAAa,QAAQ,eAAe;AAAA,QACpC,cAAc,QAAQ;AAAA,QACtB,WAAW,QAAQ,aAAa;AAAA,MAClC,CAAC;AACD,iBAAW,EAAE,MAAM,MAAM,KAAK,KAAK;AAEjC,iBAAS,SAAS,GAAG,IAAI,IAAI,KAAK,KAAK,WAAW,aAAa,iBAAiB;AAAA,MAClF;AAGA,iBAAW,QAAQ,MAAO,cAAa,IAAI;AAAA,IAC7C;AAAA,IACA,QAAc;AACZ,UAAI,OAAO,aAAa,YAAa;AACrC,YAAM,MAAM,UAAU;AACtB,iBAAW,QAAQ,0BAA0B,aAAa,CAAC,MAAM,IAAI,IAAI,CAAC,CAAC,GAAG;AAC5E,qBAAa,IAAI;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AACF;AAUO,SAAS,iBAAuB;AACrC,MAAI,OAAO,aAAa,YAAa;AACrC,QAAM,SAAS,WAAW,EAAE;AAC5B,cAAY,EAAE,GAAG,QAAQ,SAAS,qBAAqB,sBAAsB,OAAO,MAAM,CAAC,EAAE,CAAC;AAChG;","names":[]}