@payez/next-mvp 3.0.0

package/dist/routes/account/index.js

@@ -0,0 +1,71 @@
+"use strict";
+/**
+ * Account Route Exports
+ *
+ * Provides ready-to-use route exports for all 2FA/account management endpoints.
+ * These routes handle the complete 2FA flow with zero configuration.
+ *
+ * @example
+ * ```typescript
+ * // Import individual routes
+ * export { POST } from '@payez/next-mvp/routes/account/masked-info';
+ * export { POST } from '@payez/next-mvp/routes/account/send-code';
+ * export { POST } from '@payez/next-mvp/routes/account/verify-email';
+ * export { POST } from '@payez/next-mvp/routes/account/verify-sms';
+ * ```
+ *
+ * @version 2.3.0
+ * @since auth-ready-v2
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.updatePhonePOST = exports.verifySmsPOST = exports.verifyEmailPOST = exports.sendCodePOST = exports.maskedInfoPOST = exports.updatePhone = exports.verifySms = exports.verifyEmail = exports.sendCode = exports.maskedInfo = void 0;
+// Export individual route modules
+exports.maskedInfo = __importStar(require("./masked-info"));
+exports.sendCode = __importStar(require("./send-code"));
+exports.verifyEmail = __importStar(require("./verify-email"));
+exports.verifySms = __importStar(require("./verify-sms"));
+exports.updatePhone = __importStar(require("./update-phone"));
+// Re-export POST handlers for convenience (all 2FA endpoints use POST)
+var masked_info_1 = require("./masked-info");
+Object.defineProperty(exports, "maskedInfoPOST", { enumerable: true, get: function () { return masked_info_1.POST; } });
+var send_code_1 = require("./send-code");
+Object.defineProperty(exports, "sendCodePOST", { enumerable: true, get: function () { return send_code_1.POST; } });
+var verify_email_1 = require("./verify-email");
+Object.defineProperty(exports, "verifyEmailPOST", { enumerable: true, get: function () { return verify_email_1.POST; } });
+var verify_sms_1 = require("./verify-sms");
+Object.defineProperty(exports, "verifySmsPOST", { enumerable: true, get: function () { return verify_sms_1.POST; } });
+var update_phone_1 = require("./update-phone");
+Object.defineProperty(exports, "updatePhonePOST", { enumerable: true, get: function () { return update_phone_1.POST; } });

package/dist/routes/account/masked-info.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Ready-to-Use Masked Info Route
+ *
+ * Provides a pre-configured handler for fetching masked contact information
+ * during 2FA flow. Can be imported directly into your app's API routes with
+ * zero configuration.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/masked-info/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/masked-info';
+ * ```
+ *
+ * @version 2.3.0
+ * @since auth-ready-v2
+ */
+export { POST } from '../../api-handlers/account/masked-info';
+/**
+ * Pre-configured POST handler for masked contact information
+ *
+ * This endpoint is typically called during the 2FA flow to display masked
+ * email/phone options to the user.
+ *
+ * Environment variables used:
+ * - IDP_URL or NEXT_PUBLIC_IDP_URL (default: http://localhost:32785)
+ * - CLIENT_ID or NEXT_PUBLIC_IDP_CLIENT_ID (required)
+ * - NEXTAUTH_SECRET (required)
+ *
+ * Returns:
+ * - Masked email addresses
+ * - Masked phone numbers
+ * - Contact method preferences
+ */ 

package/dist/routes/account/masked-info.js

@@ -0,0 +1,39 @@
+"use strict";
+/**
+ * Ready-to-Use Masked Info Route
+ *
+ * Provides a pre-configured handler for fetching masked contact information
+ * during 2FA flow. Can be imported directly into your app's API routes with
+ * zero configuration.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/masked-info/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/masked-info';
+ * ```
+ *
+ * @version 2.3.0
+ * @since auth-ready-v2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = void 0;
+// Re-export the POST handler from api-handlers
+// Note: IDP uses POST for masked-info endpoint
+var masked_info_1 = require("../../api-handlers/account/masked-info");
+Object.defineProperty(exports, "POST", { enumerable: true, get: function () { return masked_info_1.POST; } });
+/**
+ * Pre-configured POST handler for masked contact information
+ *
+ * This endpoint is typically called during the 2FA flow to display masked
+ * email/phone options to the user.
+ *
+ * Environment variables used:
+ * - IDP_URL or NEXT_PUBLIC_IDP_URL (default: http://localhost:32785)
+ * - CLIENT_ID or NEXT_PUBLIC_IDP_CLIENT_ID (required)
+ * - NEXTAUTH_SECRET (required)
+ *
+ * Returns:
+ * - Masked email addresses
+ * - Masked phone numbers
+ * - Contact method preferences
+ */ 

package/dist/routes/account/send-code.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Ready-to-Use Send Code Route
+ *
+ * Provides a pre-configured handler for sending 2FA verification codes
+ * to the user's registered contact methods. Can be imported directly
+ * into your app's API routes with zero configuration.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/send-code/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/send-code';
+ * ```
+ *
+ * @version 2.3.0
+ * @since auth-ready-v2
+ */
+export { POST } from '../../api-handlers/account/send-code';
+/**
+ * Pre-configured POST handler for sending verification codes
+ *
+ * This endpoint triggers the IDP to send a verification code to the
+ * user's selected contact method (email or SMS).
+ *
+ * Request body:
+ * - method: 'email' | 'sms' - The contact method to use
+ * - contactId: string - ID of the masked contact to send to
+ *
+ * Environment variables used:
+ * - IDP_URL or NEXT_PUBLIC_IDP_URL (default: http://localhost:32785)
+ * - CLIENT_ID or NEXT_PUBLIC_IDP_CLIENT_ID (required)
+ * - NEXTAUTH_SECRET (required)
+ *
+ * Returns:
+ * - Success status
+ * - Rate limit information
+ * - Cooldown timer if applicable
+ */ 

package/dist/routes/account/send-code.js

@@ -0,0 +1,42 @@
+"use strict";
+/**
+ * Ready-to-Use Send Code Route
+ *
+ * Provides a pre-configured handler for sending 2FA verification codes
+ * to the user's registered contact methods. Can be imported directly
+ * into your app's API routes with zero configuration.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/send-code/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/send-code';
+ * ```
+ *
+ * @version 2.3.0
+ * @since auth-ready-v2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = void 0;
+// Re-export the POST handler from api-handlers
+var send_code_1 = require("../../api-handlers/account/send-code");
+Object.defineProperty(exports, "POST", { enumerable: true, get: function () { return send_code_1.POST; } });
+/**
+ * Pre-configured POST handler for sending verification codes
+ *
+ * This endpoint triggers the IDP to send a verification code to the
+ * user's selected contact method (email or SMS).
+ *
+ * Request body:
+ * - method: 'email' | 'sms' - The contact method to use
+ * - contactId: string - ID of the masked contact to send to
+ *
+ * Environment variables used:
+ * - IDP_URL or NEXT_PUBLIC_IDP_URL (default: http://localhost:32785)
+ * - CLIENT_ID or NEXT_PUBLIC_IDP_CLIENT_ID (required)
+ * - NEXTAUTH_SECRET (required)
+ *
+ * Returns:
+ * - Success status
+ * - Rate limit information
+ * - Cooldown timer if applicable
+ */ 

package/dist/routes/account/update-phone.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Update Phone Route
+ *
+ * Ready-to-use route handler for updating phone number.
+ * Used for 2FA setup - users need to add a phone to enable SMS verification.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/update-phone/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/update-phone';
+ * ```
+ */
+export { POST } from '../../api-handlers/account/update-phone';

package/dist/routes/account/update-phone.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = void 0;
+/**
+ * Update Phone Route
+ *
+ * Ready-to-use route handler for updating phone number.
+ * Used for 2FA setup - users need to add a phone to enable SMS verification.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/update-phone/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/update-phone';
+ * ```
+ */
+var update_phone_1 = require("../../api-handlers/account/update-phone");
+Object.defineProperty(exports, "POST", { enumerable: true, get: function () { return update_phone_1.POST; } });

package/dist/routes/account/verify-email.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Ready-to-Use Verify Email Route
+ *
+ * Provides a pre-configured handler for verifying email-based 2FA codes.
+ * Can be imported directly into your app's API routes with zero configuration.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/verify-email/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/verify-email';
+ * ```
+ *
+ * @version 2.3.0
+ * @since auth-ready-v2
+ */
+export { POST } from '../../api-handlers/account/verify-email';
+/**
+ * Pre-configured POST handler for verifying email 2FA codes
+ *
+ * This endpoint verifies the code sent to the user's email address
+ * and upgrades the provisional session to a full session.
+ *
+ * Request body:
+ * - code: string - The 6-digit verification code
+ * - emailId: string - ID of the email address used
+ *
+ * Environment variables used:
+ * - IDP_URL or NEXT_PUBLIC_IDP_URL (default: http://localhost:32785)
+ * - CLIENT_ID or NEXT_PUBLIC_IDP_CLIENT_ID (required)
+ * - NEXTAUTH_SECRET (required)
+ *
+ * Returns:
+ * - Upgraded access token with MFA claim
+ * - New refresh token
+ * - Session upgrade status
+ * - AMR (Authentication Methods Reference) array
+ * - ACR (Authentication Context Class) level
+ */ 

package/dist/routes/account/verify-email.js

@@ -0,0 +1,43 @@
+"use strict";
+/**
+ * Ready-to-Use Verify Email Route
+ *
+ * Provides a pre-configured handler for verifying email-based 2FA codes.
+ * Can be imported directly into your app's API routes with zero configuration.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/verify-email/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/verify-email';
+ * ```
+ *
+ * @version 2.3.0
+ * @since auth-ready-v2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = void 0;
+// Re-export the POST handler from api-handlers
+var verify_email_1 = require("../../api-handlers/account/verify-email");
+Object.defineProperty(exports, "POST", { enumerable: true, get: function () { return verify_email_1.POST; } });
+/**
+ * Pre-configured POST handler for verifying email 2FA codes
+ *
+ * This endpoint verifies the code sent to the user's email address
+ * and upgrades the provisional session to a full session.
+ *
+ * Request body:
+ * - code: string - The 6-digit verification code
+ * - emailId: string - ID of the email address used
+ *
+ * Environment variables used:
+ * - IDP_URL or NEXT_PUBLIC_IDP_URL (default: http://localhost:32785)
+ * - CLIENT_ID or NEXT_PUBLIC_IDP_CLIENT_ID (required)
+ * - NEXTAUTH_SECRET (required)
+ *
+ * Returns:
+ * - Upgraded access token with MFA claim
+ * - New refresh token
+ * - Session upgrade status
+ * - AMR (Authentication Methods Reference) array
+ * - ACR (Authentication Context Class) level
+ */ 

package/dist/routes/account/verify-sms.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Ready-to-Use Verify SMS Route
+ *
+ * Provides a pre-configured handler for verifying SMS-based 2FA codes.
+ * Can be imported directly into your app's API routes with zero configuration.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/verify-sms/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/verify-sms';
+ * ```
+ *
+ * @version 2.3.0
+ * @since auth-ready-v2
+ */
+export { POST } from '../../api-handlers/account/verify-sms';
+/**
+ * Pre-configured POST handler for verifying SMS 2FA codes
+ *
+ * This endpoint verifies the code sent to the user's phone number
+ * and upgrades the provisional session to a full session.
+ *
+ * Request body:
+ * - code: string - The 6-digit verification code
+ * - phoneId: string - ID of the phone number used
+ *
+ * Environment variables used:
+ * - IDP_URL or NEXT_PUBLIC_IDP_URL (default: http://localhost:32785)
+ * - CLIENT_ID or NEXT_PUBLIC_IDP_CLIENT_ID (required)
+ * - NEXTAUTH_SECRET (required)
+ *
+ * Returns:
+ * - Upgraded access token with MFA claim
+ * - New refresh token
+ * - Session upgrade status
+ * - AMR (Authentication Methods Reference) array
+ * - ACR (Authentication Context Class) level
+ */ 

package/dist/routes/account/verify-sms.js

@@ -0,0 +1,43 @@
+"use strict";
+/**
+ * Ready-to-Use Verify SMS Route
+ *
+ * Provides a pre-configured handler for verifying SMS-based 2FA codes.
+ * Can be imported directly into your app's API routes with zero configuration.
+ *
+ * @example
+ * ```typescript
+ * // app/api/account/verify-sms/route.ts
+ * export { POST } from '@payez/next-mvp/routes/account/verify-sms';
+ * ```
+ *
+ * @version 2.3.0
+ * @since auth-ready-v2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = void 0;
+// Re-export the POST handler from api-handlers
+var verify_sms_1 = require("../../api-handlers/account/verify-sms");
+Object.defineProperty(exports, "POST", { enumerable: true, get: function () { return verify_sms_1.POST; } });
+/**
+ * Pre-configured POST handler for verifying SMS 2FA codes
+ *
+ * This endpoint verifies the code sent to the user's phone number
+ * and upgrades the provisional session to a full session.
+ *
+ * Request body:
+ * - code: string - The 6-digit verification code
+ * - phoneId: string - ID of the phone number used
+ *
+ * Environment variables used:
+ * - IDP_URL or NEXT_PUBLIC_IDP_URL (default: http://localhost:32785)
+ * - CLIENT_ID or NEXT_PUBLIC_IDP_CLIENT_ID (required)
+ * - NEXTAUTH_SECRET (required)
+ *
+ * Returns:
+ * - Upgraded access token with MFA claim
+ * - New refresh token
+ * - Session upgrade status
+ * - AMR (Authentication Methods Reference) array
+ * - ACR (Authentication Context Class) level
+ */ 

package/dist/routes/auth/index.d.ts

@@ -0,0 +1,19 @@
+/**
+ * @payez/next-mvp Ready-to-Use Route Exports
+ *
+ * Pre-configured route handlers that can be imported directly
+ * into your Next.js app with zero configuration.
+ *
+ * @version 2.0.0
+ * @since auth-ready-v2
+ */
+export { POST as refreshPOST } from './refresh';
+export { GET as sessionGET, POST as sessionPOST } from './session';
+export { POST as logoutPOST } from './logout';
+export { GET as viabilityGET } from './viability';
+export { GET as nextAuthGET, POST as nextAuthPOST } from './nextauth';
+export * as refresh from './refresh';
+export * as session from './session';
+export * as logout from './logout';
+export * as viability from './viability';
+export * as nextauth from './nextauth';

package/dist/routes/auth/index.js

@@ -0,0 +1,64 @@
+"use strict";
+/**
+ * @payez/next-mvp Ready-to-Use Route Exports
+ *
+ * Pre-configured route handlers that can be imported directly
+ * into your Next.js app with zero configuration.
+ *
+ * @version 2.0.0
+ * @since auth-ready-v2
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.nextauth = exports.viability = exports.logout = exports.session = exports.refresh = exports.nextAuthPOST = exports.nextAuthGET = exports.viabilityGET = exports.logoutPOST = exports.sessionPOST = exports.sessionGET = exports.refreshPOST = void 0;
+// Export individual route handlers
+var refresh_1 = require("./refresh");
+Object.defineProperty(exports, "refreshPOST", { enumerable: true, get: function () { return refresh_1.POST; } });
+var session_1 = require("./session");
+Object.defineProperty(exports, "sessionGET", { enumerable: true, get: function () { return session_1.GET; } });
+Object.defineProperty(exports, "sessionPOST", { enumerable: true, get: function () { return session_1.POST; } });
+var logout_1 = require("./logout");
+Object.defineProperty(exports, "logoutPOST", { enumerable: true, get: function () { return logout_1.POST; } });
+var viability_1 = require("./viability");
+Object.defineProperty(exports, "viabilityGET", { enumerable: true, get: function () { return viability_1.GET; } });
+var nextauth_1 = require("./nextauth");
+Object.defineProperty(exports, "nextAuthGET", { enumerable: true, get: function () { return nextauth_1.GET; } });
+Object.defineProperty(exports, "nextAuthPOST", { enumerable: true, get: function () { return nextauth_1.POST; } });
+// Also export as namespaced objects for cleaner imports
+exports.refresh = __importStar(require("./refresh"));
+exports.session = __importStar(require("./session"));
+exports.logout = __importStar(require("./logout"));
+exports.viability = __importStar(require("./viability"));
+exports.nextauth = __importStar(require("./nextauth"));

package/dist/routes/auth/logout.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Ready-to-Use Logout Route
+ *
+ * Provides a pre-configured logout handler that properly cleans up
+ * sessions and revokes tokens.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/logout/route.ts
+ * export { POST } from '@payez/next-mvp/routes/auth/logout';
+ * ```
+ *
+ * @version 2.0.0
+ * @since auth-ready-v2
+ */
+import { NextRequest, NextResponse } from 'next/server';
+/**
+ * POST /api/auth/logout - Sign out and clean up session
+ *
+ * Performs complete logout:
+ * 1. Revokes tokens at IDP (if refresh token available)
+ * 2. Deletes session from store
+ * 3. Clears NextAuth session cookie
+ */
+export declare function POST(req: NextRequest): Promise<NextResponse<{
+    success: boolean;
+    message: string;
+}> | NextResponse<{
+    error: string;
+    details: string;
+}>>;

package/dist/routes/auth/logout.js

@@ -0,0 +1,113 @@
+"use strict";
+/**
+ * Ready-to-Use Logout Route
+ *
+ * Provides a pre-configured logout handler that properly cleans up
+ * sessions and revokes tokens.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/logout/route.ts
+ * export { POST } from '@payez/next-mvp/routes/auth/logout';
+ * ```
+ *
+ * @version 2.0.0
+ * @since auth-ready-v2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = POST;
+const server_1 = require("next/server");
+const jwt_1 = require("next-auth/jwt");
+const session_store_1 = require("../../lib/session-store");
+const app_slug_1 = require("../../lib/app-slug");
+const idp_client_config_1 = require("../../lib/idp-client-config");
+const site_logger_1 = require("../../lib/site-logger");
+async function getConfig() {
+    const idpConfig = await (0, idp_client_config_1.getIDPClientConfig)();
+    const idpBaseUrl = process.env.IDP_URL;
+    if (!idpBaseUrl) {
+        throw new Error('[IDP_URL] FATAL: IDP_URL environment variable is REQUIRED.');
+    }
+    return {
+        nextAuthSecret: idpConfig.nextAuthSecret || '',
+        idpBaseUrl,
+        clientId: process.env.CLIENT_ID || process.env.NEXT_PUBLIC_IDP_CLIENT_ID || '',
+    };
+}
+/**
+ * POST /api/auth/logout - Sign out and clean up session
+ *
+ * Performs complete logout:
+ * 1. Revokes tokens at IDP (if refresh token available)
+ * 2. Deletes session from store
+ * 3. Clears NextAuth session cookie
+ */
+async function POST(req) {
+    const { nextAuthSecret, idpBaseUrl, clientId } = await getConfig();
+    try {
+        const token = await (0, jwt_1.getToken)({ req, secret: nextAuthSecret, cookieName: (0, app_slug_1.getJwtCookieName)() });
+        if (!token) {
+            // Already logged out
+            return server_1.NextResponse.json({
+                success: true,
+                message: 'No active session'
+            });
+        }
+        // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
+        const sessionId = token.sessionToken || token.redisSessionId;
+        // Delete session from store (this also removes the refresh token)
+        if (sessionId) {
+            try {
+                await (0, session_store_1.deleteSession)(sessionId);
+                console.info('[LOGOUT_ROUTE] Session deleted from store');
+            }
+            catch (error) {
+                console.warn('[LOGOUT_ROUTE] Failed to delete session:', error);
+            }
+        }
+        // Log logout event (fire-and-forget)
+        const userId = token.sub || token.idpUserId;
+        if (userId) {
+            site_logger_1.siteEvents.logout({
+                user_id: userId,
+                session_id: sessionId,
+                trigger: 'user',
+                url: '/api/auth/logout',
+                user_agent: req.headers.get('user-agent') || undefined,
+                ip_address: (0, site_logger_1.getClientIp)(req.headers) || undefined,
+            });
+        }
+        // Build response that clears NextAuth cookies
+        const response = server_1.NextResponse.json({
+            success: true,
+            message: 'Logged out successfully'
+        });
+        // Clear NextAuth session cookies (using app-slug prefixed names)
+        const cookieNames = [
+            (0, app_slug_1.getSessionCookieName)(),
+            (0, app_slug_1.getSecureSessionCookieName)(),
+            (0, app_slug_1.getCsrfCookieName)(),
+            (0, app_slug_1.getSecureCsrfCookieName)(),
+            (0, app_slug_1.getCallbackUrlCookieName)(),
+            `__Secure-${(0, app_slug_1.getCallbackUrlCookieName)()}`,
+        ];
+        // Clear each cookie by setting it with maxAge 0
+        cookieNames.forEach(name => {
+            response.cookies.set(name, '', {
+                maxAge: 0,
+                path: '/',
+                httpOnly: true,
+                secure: process.env.NODE_ENV === 'production',
+                sameSite: 'lax'
+            });
+        });
+        return response;
+    }
+    catch (error) {
+        console.error('[LOGOUT_ROUTE] Error during logout:', error);
+        return server_1.NextResponse.json({
+            error: 'Failed to logout',
+            details: error instanceof Error ? error.message : 'Unknown error'
+        }, { status: 500 });
+    }
+}

package/dist/routes/auth/nextauth.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Ready-to-Use NextAuth Route Handler
+ *
+ * Provides a pre-configured NextAuth handler that uses dynamic OAuth providers
+ * loaded from IDP at startup via getAuthOptions().
+ *
+ * @version 2.2.0 - Dynamic provider loading from IDP
+ * @since auth-ready-v2-hotfix
+ */
+/**
+ * GET handler for NextAuth
+ * Uses async factory to get dynamic providers from IDP
+ */
+export declare function GET(request: Request, context: any): Promise<any>;
+/**
+ * POST handler for NextAuth
+ * Uses async factory to get dynamic providers from IDP
+ */
+export declare function POST(request: Request, context: any): Promise<any>;