@payez/next-mvp 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (654) hide show
  1. package/README.md +782 -0
  2. package/dist/api/auth-handler.d.ts +67 -0
  3. package/dist/api/auth-handler.js +397 -0
  4. package/dist/api/index.d.ts +10 -0
  5. package/dist/api/index.js +19 -0
  6. package/dist/api-handlers/account/change-password.d.ts +9 -0
  7. package/dist/api-handlers/account/change-password.js +112 -0
  8. package/dist/api-handlers/account/masked-info.d.ts +2 -0
  9. package/dist/api-handlers/account/masked-info.js +41 -0
  10. package/dist/api-handlers/account/profile.d.ts +3 -0
  11. package/dist/api-handlers/account/profile.js +63 -0
  12. package/dist/api-handlers/account/recovery/initiate.d.ts +2 -0
  13. package/dist/api-handlers/account/recovery/initiate.js +26 -0
  14. package/dist/api-handlers/account/recovery/send-code.d.ts +2 -0
  15. package/dist/api-handlers/account/recovery/send-code.js +28 -0
  16. package/dist/api-handlers/account/recovery/verify-code.d.ts +2 -0
  17. package/dist/api-handlers/account/recovery/verify-code.js +28 -0
  18. package/dist/api-handlers/account/reset-password.d.ts +2 -0
  19. package/dist/api-handlers/account/reset-password.js +26 -0
  20. package/dist/api-handlers/account/send-code.d.ts +24 -0
  21. package/dist/api-handlers/account/send-code.js +60 -0
  22. package/dist/api-handlers/account/update-phone.d.ts +27 -0
  23. package/dist/api-handlers/account/update-phone.js +64 -0
  24. package/dist/api-handlers/account/validate-password.d.ts +17 -0
  25. package/dist/api-handlers/account/validate-password.js +81 -0
  26. package/dist/api-handlers/account/verify-email.d.ts +26 -0
  27. package/dist/api-handlers/account/verify-email.js +106 -0
  28. package/dist/api-handlers/account/verify-sms.d.ts +26 -0
  29. package/dist/api-handlers/account/verify-sms.js +106 -0
  30. package/dist/api-handlers/admin/analytics.d.ts +20 -0
  31. package/dist/api-handlers/admin/analytics.js +379 -0
  32. package/dist/api-handlers/admin/audit.d.ts +20 -0
  33. package/dist/api-handlers/admin/audit.js +214 -0
  34. package/dist/api-handlers/admin/index.d.ts +21 -0
  35. package/dist/api-handlers/admin/index.js +41 -0
  36. package/dist/api-handlers/admin/redis-sessions.d.ts +36 -0
  37. package/dist/api-handlers/admin/redis-sessions.js +204 -0
  38. package/dist/api-handlers/admin/sessions.d.ts +21 -0
  39. package/dist/api-handlers/admin/sessions.js +284 -0
  40. package/dist/api-handlers/admin/site-logs.d.ts +46 -0
  41. package/dist/api-handlers/admin/site-logs.js +318 -0
  42. package/dist/api-handlers/admin/users.d.ts +20 -0
  43. package/dist/api-handlers/admin/users.js +222 -0
  44. package/dist/api-handlers/admin/vibe-data.d.ts +80 -0
  45. package/dist/api-handlers/admin/vibe-data.js +268 -0
  46. package/dist/api-handlers/anon/preferences.d.ts +37 -0
  47. package/dist/api-handlers/anon/preferences.js +96 -0
  48. package/dist/api-handlers/auth/jwks.d.ts +2 -0
  49. package/dist/api-handlers/auth/jwks.js +24 -0
  50. package/dist/api-handlers/auth/login.d.ts +42 -0
  51. package/dist/api-handlers/auth/login.js +178 -0
  52. package/dist/api-handlers/auth/refresh.d.ts +74 -0
  53. package/dist/api-handlers/auth/refresh.js +635 -0
  54. package/dist/api-handlers/auth/signout.d.ts +37 -0
  55. package/dist/api-handlers/auth/signout.js +187 -0
  56. package/dist/api-handlers/auth/status.d.ts +8 -0
  57. package/dist/api-handlers/auth/status.js +26 -0
  58. package/dist/api-handlers/auth/update-session.d.ts +37 -0
  59. package/dist/api-handlers/auth/update-session.js +95 -0
  60. package/dist/api-handlers/auth/validate.d.ts +6 -0
  61. package/dist/api-handlers/auth/validate.js +43 -0
  62. package/dist/api-handlers/auth/verify-code.d.ts +43 -0
  63. package/dist/api-handlers/auth/verify-code.js +94 -0
  64. package/dist/api-handlers/session/refresh-viability.d.ts +14 -0
  65. package/dist/api-handlers/session/refresh-viability.js +39 -0
  66. package/dist/api-handlers/session/viability.d.ts +13 -0
  67. package/dist/api-handlers/session/viability.js +146 -0
  68. package/dist/api-handlers/test/force-expire.d.ts +23 -0
  69. package/dist/api-handlers/test/force-expire.js +65 -0
  70. package/dist/auth/auth-decision.d.ts +39 -0
  71. package/dist/auth/auth-decision.js +182 -0
  72. package/dist/auth/auth-options.d.ts +57 -0
  73. package/dist/auth/auth-options.js +213 -0
  74. package/dist/auth/callbacks/index.d.ts +6 -0
  75. package/dist/auth/callbacks/index.js +12 -0
  76. package/dist/auth/callbacks/jwt.d.ts +45 -0
  77. package/dist/auth/callbacks/jwt.js +305 -0
  78. package/dist/auth/callbacks/session.d.ts +60 -0
  79. package/dist/auth/callbacks/session.js +170 -0
  80. package/dist/auth/callbacks/signin.d.ts +23 -0
  81. package/dist/auth/callbacks/signin.js +44 -0
  82. package/dist/auth/events/index.d.ts +4 -0
  83. package/dist/auth/events/index.js +8 -0
  84. package/dist/auth/events/signout.d.ts +17 -0
  85. package/dist/auth/events/signout.js +32 -0
  86. package/dist/auth/providers/credentials.d.ts +32 -0
  87. package/dist/auth/providers/credentials.js +223 -0
  88. package/dist/auth/providers/index.d.ts +5 -0
  89. package/dist/auth/providers/index.js +21 -0
  90. package/dist/auth/providers/oauth.d.ts +26 -0
  91. package/dist/auth/providers/oauth.js +105 -0
  92. package/dist/auth/route-config.d.ts +66 -0
  93. package/dist/auth/route-config.js +190 -0
  94. package/dist/auth/types/auth-types.d.ts +417 -0
  95. package/dist/auth/types/auth-types.js +53 -0
  96. package/dist/auth/types/index.d.ts +6 -0
  97. package/dist/auth/types/index.js +22 -0
  98. package/dist/auth/unauthenticated-routes.d.ts +1 -0
  99. package/dist/auth/unauthenticated-routes.js +19 -0
  100. package/dist/auth/utils/idp-client.d.ts +94 -0
  101. package/dist/auth/utils/idp-client.js +383 -0
  102. package/dist/auth/utils/index.d.ts +5 -0
  103. package/dist/auth/utils/index.js +21 -0
  104. package/dist/auth/utils/token-utils.d.ts +84 -0
  105. package/dist/auth/utils/token-utils.js +219 -0
  106. package/dist/client/AuthContext.d.ts +19 -0
  107. package/dist/client/AuthContext.js +112 -0
  108. package/dist/client/fetch-with-auth.d.ts +11 -0
  109. package/dist/client/fetch-with-auth.js +44 -0
  110. package/dist/client/fetchWithSession.d.ts +3 -0
  111. package/dist/client/fetchWithSession.js +24 -0
  112. package/dist/client/index.d.ts +9 -0
  113. package/dist/client/index.js +20 -0
  114. package/dist/client/useAnonSession.d.ts +36 -0
  115. package/dist/client/useAnonSession.js +99 -0
  116. package/dist/components/SessionSync.d.ts +13 -0
  117. package/dist/components/SessionSync.js +119 -0
  118. package/dist/components/SignalRHealthCheck.d.ts +10 -0
  119. package/dist/components/SignalRHealthCheck.js +97 -0
  120. package/dist/components/account/UserAvatarMenu.d.ts +20 -0
  121. package/dist/components/account/UserAvatarMenu.js +80 -0
  122. package/dist/components/account/index.d.ts +7 -0
  123. package/dist/components/account/index.js +10 -0
  124. package/dist/components/admin/AlertSettingsTab.d.ts +48 -0
  125. package/dist/components/admin/AlertSettingsTab.js +351 -0
  126. package/dist/components/admin/AnalyticsTab.d.ts +22 -0
  127. package/dist/components/admin/AnalyticsTab.js +167 -0
  128. package/dist/components/admin/DataBrowserTab.d.ts +19 -0
  129. package/dist/components/admin/DataBrowserTab.js +252 -0
  130. package/dist/components/admin/LoggingSettingsTab.d.ts +73 -0
  131. package/dist/components/admin/LoggingSettingsTab.js +339 -0
  132. package/dist/components/admin/SessionsTab.d.ts +37 -0
  133. package/dist/components/admin/SessionsTab.js +165 -0
  134. package/dist/components/admin/StatsTab.d.ts +53 -0
  135. package/dist/components/admin/StatsTab.js +161 -0
  136. package/dist/components/admin/VibeAdminContext.d.ts +32 -0
  137. package/dist/components/admin/VibeAdminContext.js +38 -0
  138. package/dist/components/admin/VibeAdminLayout.d.ts +11 -0
  139. package/dist/components/admin/VibeAdminLayout.js +69 -0
  140. package/dist/components/admin/index.d.ts +29 -0
  141. package/dist/components/admin/index.js +44 -0
  142. package/dist/components/auth/FederatedAuthSection.d.ts +8 -0
  143. package/dist/components/auth/FederatedAuthSection.js +45 -0
  144. package/dist/components/auth/ModeAwareLoginPage.d.ts +10 -0
  145. package/dist/components/auth/ModeAwareLoginPage.js +42 -0
  146. package/dist/components/auth/ModeAwareSignupPage.d.ts +9 -0
  147. package/dist/components/auth/ModeAwareSignupPage.js +78 -0
  148. package/dist/components/auth/TraditionalAuthSection.d.ts +14 -0
  149. package/dist/components/auth/TraditionalAuthSection.js +20 -0
  150. package/dist/components/recovery/CompleteStep.d.ts +5 -0
  151. package/dist/components/recovery/CompleteStep.js +8 -0
  152. package/dist/components/recovery/InitiateRecoveryStep.d.ts +8 -0
  153. package/dist/components/recovery/InitiateRecoveryStep.js +20 -0
  154. package/dist/components/recovery/SelectMethodStep.d.ts +8 -0
  155. package/dist/components/recovery/SelectMethodStep.js +8 -0
  156. package/dist/components/recovery/SetPasswordStep.d.ts +6 -0
  157. package/dist/components/recovery/SetPasswordStep.js +20 -0
  158. package/dist/components/recovery/VerifyCodeStep.d.ts +10 -0
  159. package/dist/components/recovery/VerifyCodeStep.js +24 -0
  160. package/dist/components/reserved/ReservedRecoveryWarning.d.ts +38 -0
  161. package/dist/components/reserved/ReservedRecoveryWarning.js +92 -0
  162. package/dist/components/reserved/ReservedStatusBox.d.ts +30 -0
  163. package/dist/components/reserved/ReservedStatusBox.js +71 -0
  164. package/dist/components/ui/BetaBadge.d.ts +29 -0
  165. package/dist/components/ui/BetaBadge.js +38 -0
  166. package/dist/components/ui/Footer.d.ts +37 -0
  167. package/dist/components/ui/Footer.js +41 -0
  168. package/dist/config/env.d.ts +66 -0
  169. package/dist/config/env.js +57 -0
  170. package/dist/config/logger.d.ts +57 -0
  171. package/dist/config/logger.js +73 -0
  172. package/dist/config/logging-config.d.ts +30 -0
  173. package/dist/config/logging-config.js +122 -0
  174. package/dist/config/unauthenticated-routes.d.ts +17 -0
  175. package/dist/config/unauthenticated-routes.js +24 -0
  176. package/dist/config/vibe-log-transport.d.ts +79 -0
  177. package/dist/config/vibe-log-transport.js +203 -0
  178. package/dist/edge/internal-api-url.d.ts +53 -0
  179. package/dist/edge/internal-api-url.js +63 -0
  180. package/dist/edge/middleware.d.ts +14 -0
  181. package/dist/edge/middleware.js +32 -0
  182. package/dist/hooks/useAuth.d.ts +23 -0
  183. package/dist/hooks/useAuth.js +81 -0
  184. package/dist/hooks/useAuthSettings.d.ts +59 -0
  185. package/dist/hooks/useAuthSettings.js +93 -0
  186. package/dist/hooks/useAvailableProviders.d.ts +45 -0
  187. package/dist/hooks/useAvailableProviders.js +108 -0
  188. package/dist/hooks/usePasswordValidation.d.ts +27 -0
  189. package/dist/hooks/usePasswordValidation.js +102 -0
  190. package/dist/hooks/useProfile.d.ts +15 -0
  191. package/dist/hooks/useProfile.js +59 -0
  192. package/dist/hooks/usePublicAuthSettings.d.ts +56 -0
  193. package/dist/hooks/usePublicAuthSettings.js +131 -0
  194. package/dist/hooks/useSessionExpiration.d.ts +57 -0
  195. package/dist/hooks/useSessionExpiration.js +72 -0
  196. package/dist/hooks/useViabilitySession.d.ts +75 -0
  197. package/dist/hooks/useViabilitySession.js +268 -0
  198. package/dist/index.d.ts +12 -0
  199. package/dist/index.js +54 -0
  200. package/dist/lib/anon-session.d.ts +74 -0
  201. package/dist/lib/anon-session.js +169 -0
  202. package/dist/lib/api-handler.d.ts +123 -0
  203. package/dist/lib/api-handler.js +478 -0
  204. package/dist/lib/app-slug.d.ts +95 -0
  205. package/dist/lib/app-slug.js +172 -0
  206. package/dist/lib/demo-mode.d.ts +6 -0
  207. package/dist/lib/demo-mode.js +16 -0
  208. package/dist/lib/geolocation.d.ts +64 -0
  209. package/dist/lib/geolocation.js +235 -0
  210. package/dist/lib/idp-client-config.d.ts +75 -0
  211. package/dist/lib/idp-client-config.js +351 -0
  212. package/dist/lib/idp-fetch.d.ts +14 -0
  213. package/dist/lib/idp-fetch.js +91 -0
  214. package/dist/lib/internal-api.d.ts +87 -0
  215. package/dist/lib/internal-api.js +122 -0
  216. package/dist/lib/jwt-decode-client.d.ts +10 -0
  217. package/dist/lib/jwt-decode-client.js +46 -0
  218. package/dist/lib/jwt-decode.d.ts +48 -0
  219. package/dist/lib/jwt-decode.js +57 -0
  220. package/dist/lib/nextauth-secret.d.ts +10 -0
  221. package/dist/lib/nextauth-secret.js +104 -0
  222. package/dist/lib/rate-limit-service.d.ts +23 -0
  223. package/dist/lib/rate-limit-service.js +6 -0
  224. package/dist/lib/redis.d.ts +5 -0
  225. package/dist/lib/redis.js +28 -0
  226. package/dist/lib/refresh-token-validator.d.ts +13 -0
  227. package/dist/lib/refresh-token-validator.js +117 -0
  228. package/dist/lib/roles.d.ts +145 -0
  229. package/dist/lib/roles.js +168 -0
  230. package/dist/lib/secret-validation.d.ts +4 -0
  231. package/dist/lib/secret-validation.js +14 -0
  232. package/dist/lib/session-store.d.ts +166 -0
  233. package/dist/lib/session-store.js +537 -0
  234. package/dist/lib/session.d.ts +21 -0
  235. package/dist/lib/session.js +26 -0
  236. package/dist/lib/site-logger.d.ts +214 -0
  237. package/dist/lib/site-logger.js +210 -0
  238. package/dist/lib/standardized-client-api.d.ts +161 -0
  239. package/dist/lib/standardized-client-api.js +786 -0
  240. package/dist/lib/startup-init.d.ts +40 -0
  241. package/dist/lib/startup-init.js +261 -0
  242. package/dist/lib/test-aware-get-token.d.ts +2 -0
  243. package/dist/lib/test-aware-get-token.js +81 -0
  244. package/dist/lib/token-expiry.d.ts +14 -0
  245. package/dist/lib/token-expiry.js +39 -0
  246. package/dist/lib/token-lifecycle.d.ts +52 -0
  247. package/dist/lib/token-lifecycle.js +398 -0
  248. package/dist/lib/types/api-responses.d.ts +128 -0
  249. package/dist/lib/types/api-responses.js +171 -0
  250. package/dist/lib/user-agent-parser.d.ts +50 -0
  251. package/dist/lib/user-agent-parser.js +220 -0
  252. package/dist/logging/api/admin-analytics.d.ts +3 -0
  253. package/dist/logging/api/admin-analytics.js +45 -0
  254. package/dist/logging/api/audit-log.d.ts +3 -0
  255. package/dist/logging/api/audit-log.js +52 -0
  256. package/dist/logging/components/AdminAnalyticsLayout.d.ts +10 -0
  257. package/dist/logging/components/AdminAnalyticsLayout.js +11 -0
  258. package/dist/logging/components/AuditLogViewer.d.ts +7 -0
  259. package/dist/logging/components/AuditLogViewer.js +51 -0
  260. package/dist/logging/components/ErrorMetricsCard.d.ts +7 -0
  261. package/dist/logging/components/ErrorMetricsCard.js +16 -0
  262. package/dist/logging/components/HealthMetricsCard.d.ts +7 -0
  263. package/dist/logging/components/HealthMetricsCard.js +19 -0
  264. package/dist/logging/hooks/useAdminAnalytics.d.ts +24 -0
  265. package/dist/logging/hooks/useAdminAnalytics.js +22 -0
  266. package/dist/logging/hooks/useAuditLog.d.ts +6 -0
  267. package/dist/logging/hooks/useAuditLog.js +25 -0
  268. package/dist/logging/hooks/useErrorMetrics.d.ts +6 -0
  269. package/dist/logging/hooks/useErrorMetrics.js +38 -0
  270. package/dist/logging/hooks/useHealthMetrics.d.ts +6 -0
  271. package/dist/logging/hooks/useHealthMetrics.js +41 -0
  272. package/dist/logging/index.d.ts +11 -0
  273. package/dist/logging/index.js +40 -0
  274. package/dist/logging/types/analytics.d.ts +68 -0
  275. package/dist/logging/types/analytics.js +3 -0
  276. package/dist/logging/types/audit.d.ts +29 -0
  277. package/dist/logging/types/audit.js +2 -0
  278. package/dist/logging/types/index.d.ts +2 -0
  279. package/dist/logging/types/index.js +19 -0
  280. package/dist/middleware/auth-decision.d.ts +33 -0
  281. package/dist/middleware/auth-decision.js +65 -0
  282. package/dist/middleware/create-middleware.d.ts +100 -0
  283. package/dist/middleware/create-middleware.js +445 -0
  284. package/dist/middleware/rbac-check.d.ts +44 -0
  285. package/dist/middleware/rbac-check.js +191 -0
  286. package/dist/middleware/twofa-presets.d.ts +134 -0
  287. package/dist/middleware/twofa-presets.js +175 -0
  288. package/dist/models/DecodedAccessToken.d.ts +17 -0
  289. package/dist/models/DecodedAccessToken.js +2 -0
  290. package/dist/models/SessionModel.d.ts +122 -0
  291. package/dist/models/SessionModel.js +136 -0
  292. package/dist/pages/admin-login/page.d.ts +31 -0
  293. package/dist/pages/admin-login/page.js +83 -0
  294. package/dist/pages/admin-roles/RolesAdminPage.d.ts +15 -0
  295. package/dist/pages/admin-roles/RolesAdminPage.js +78 -0
  296. package/dist/pages/admin-roles/index.d.ts +8 -0
  297. package/dist/pages/admin-roles/index.js +15 -0
  298. package/dist/pages/admin-roles/modals.d.ts +72 -0
  299. package/dist/pages/admin-roles/modals.js +154 -0
  300. package/dist/pages/client-admin/ClientSiteAdminPage.d.ts +79 -0
  301. package/dist/pages/client-admin/ClientSiteAdminPage.js +177 -0
  302. package/dist/pages/client-admin/index.d.ts +32 -0
  303. package/dist/pages/client-admin/index.js +37 -0
  304. package/dist/pages/login/page.d.ts +22 -0
  305. package/dist/pages/login/page.js +239 -0
  306. package/dist/pages/profile/EnhancedProfilePage.d.ts +13 -0
  307. package/dist/pages/profile/EnhancedProfilePage.js +150 -0
  308. package/dist/pages/profile/index.d.ts +8 -0
  309. package/dist/pages/profile/index.js +16 -0
  310. package/dist/pages/profile/page.d.ts +19 -0
  311. package/dist/pages/profile/page.js +47 -0
  312. package/dist/pages/profile/profile-patch.d.ts +1 -0
  313. package/dist/pages/profile/profile-patch.js +281 -0
  314. package/dist/pages/recovery/page.d.ts +1 -0
  315. package/dist/pages/recovery/page.js +142 -0
  316. package/dist/pages/roles/MyRolesPage.d.ts +24 -0
  317. package/dist/pages/roles/MyRolesPage.js +71 -0
  318. package/dist/pages/roles/components.d.ts +63 -0
  319. package/dist/pages/roles/components.js +108 -0
  320. package/dist/pages/roles/index.d.ts +8 -0
  321. package/dist/pages/roles/index.js +19 -0
  322. package/dist/pages/security/EnhancedSecurityPage.d.ts +14 -0
  323. package/dist/pages/security/EnhancedSecurityPage.js +248 -0
  324. package/dist/pages/security/index.d.ts +8 -0
  325. package/dist/pages/security/index.js +16 -0
  326. package/dist/pages/security/page.d.ts +21 -0
  327. package/dist/pages/security/page.js +212 -0
  328. package/dist/pages/security/security-patch.d.ts +1 -0
  329. package/dist/pages/security/security-patch.js +302 -0
  330. package/dist/pages/settings/EnhancedSettingsPage.d.ts +46 -0
  331. package/dist/pages/settings/EnhancedSettingsPage.js +231 -0
  332. package/dist/pages/settings/index.d.ts +8 -0
  333. package/dist/pages/settings/index.js +16 -0
  334. package/dist/pages/settings/page.d.ts +7 -0
  335. package/dist/pages/settings/page.js +26 -0
  336. package/dist/pages/showcase/ShowcasePage.d.ts +13 -0
  337. package/dist/pages/showcase/ShowcasePage.js +140 -0
  338. package/dist/pages/showcase/index.d.ts +12 -0
  339. package/dist/pages/showcase/index.js +17 -0
  340. package/dist/pages/test-env/EmergencyLogoutPage.d.ts +14 -0
  341. package/dist/pages/test-env/EmergencyLogoutPage.js +98 -0
  342. package/dist/pages/test-env/JwtInspectPage.d.ts +14 -0
  343. package/dist/pages/test-env/JwtInspectPage.js +114 -0
  344. package/dist/pages/test-env/RefreshTokenPage.d.ts +15 -0
  345. package/dist/pages/test-env/RefreshTokenPage.js +91 -0
  346. package/dist/pages/test-env/TestEnvPage.d.ts +13 -0
  347. package/dist/pages/test-env/TestEnvPage.js +49 -0
  348. package/dist/pages/test-env/index.d.ts +24 -0
  349. package/dist/pages/test-env/index.js +32 -0
  350. package/dist/pages/verify-code/page.d.ts +30 -0
  351. package/dist/pages/verify-code/page.js +408 -0
  352. package/dist/routes/account/index.d.ts +28 -0
  353. package/dist/routes/account/index.js +71 -0
  354. package/dist/routes/account/masked-info.d.ts +33 -0
  355. package/dist/routes/account/masked-info.js +39 -0
  356. package/dist/routes/account/send-code.d.ts +37 -0
  357. package/dist/routes/account/send-code.js +42 -0
  358. package/dist/routes/account/update-phone.d.ts +13 -0
  359. package/dist/routes/account/update-phone.js +17 -0
  360. package/dist/routes/account/verify-email.d.ts +38 -0
  361. package/dist/routes/account/verify-email.js +43 -0
  362. package/dist/routes/account/verify-sms.d.ts +38 -0
  363. package/dist/routes/account/verify-sms.js +43 -0
  364. package/dist/routes/auth/index.d.ts +19 -0
  365. package/dist/routes/auth/index.js +64 -0
  366. package/dist/routes/auth/logout.d.ts +31 -0
  367. package/dist/routes/auth/logout.js +113 -0
  368. package/dist/routes/auth/nextauth.d.ts +19 -0
  369. package/dist/routes/auth/nextauth.js +72 -0
  370. package/dist/routes/auth/refresh.d.ts +30 -0
  371. package/dist/routes/auth/refresh.js +51 -0
  372. package/dist/routes/auth/session.d.ts +72 -0
  373. package/dist/routes/auth/session.js +180 -0
  374. package/dist/routes/auth/settings.d.ts +25 -0
  375. package/dist/routes/auth/settings.js +55 -0
  376. package/dist/routes/auth/viability.d.ts +52 -0
  377. package/dist/routes/auth/viability.js +201 -0
  378. package/dist/routes/index.d.ts +12 -0
  379. package/dist/routes/index.js +54 -0
  380. package/dist/routes/session/index.d.ts +6 -0
  381. package/dist/routes/session/index.js +10 -0
  382. package/dist/routes/session/refresh-viability.d.ts +16 -0
  383. package/dist/routes/session/refresh-viability.js +20 -0
  384. package/dist/services/signalrActivityService.d.ts +44 -0
  385. package/dist/services/signalrActivityService.js +257 -0
  386. package/dist/stores/authStore.d.ts +154 -0
  387. package/dist/stores/authStore.js +1531 -0
  388. package/dist/theme/ThemeProvider.d.ts +14 -0
  389. package/dist/theme/ThemeProvider.js +28 -0
  390. package/dist/theme/default.d.ts +8 -0
  391. package/dist/theme/default.js +33 -0
  392. package/dist/theme/index.d.ts +15 -0
  393. package/dist/theme/index.js +25 -0
  394. package/dist/theme/types.d.ts +56 -0
  395. package/dist/theme/types.js +8 -0
  396. package/dist/theme/useTheme.d.ts +60 -0
  397. package/dist/theme/useTheme.js +63 -0
  398. package/dist/theme/utils.d.ts +13 -0
  399. package/dist/theme/utils.js +39 -0
  400. package/dist/types/api.d.ts +134 -0
  401. package/dist/types/api.js +44 -0
  402. package/dist/types/auth.d.ts +19 -0
  403. package/dist/types/auth.js +2 -0
  404. package/dist/types/logging.d.ts +42 -0
  405. package/dist/types/logging.js +2 -0
  406. package/dist/types/recovery.d.ts +48 -0
  407. package/dist/types/recovery.js +2 -0
  408. package/dist/types/security.d.ts +1 -0
  409. package/dist/types/security.js +2 -0
  410. package/dist/utils/api.d.ts +85 -0
  411. package/dist/utils/api.js +287 -0
  412. package/dist/utils/circuitBreaker.d.ts +43 -0
  413. package/dist/utils/circuitBreaker.js +91 -0
  414. package/dist/utils/error-message.d.ts +1 -0
  415. package/dist/utils/error-message.js +103 -0
  416. package/dist/utils/layout/reservedSpace.d.ts +59 -0
  417. package/dist/utils/layout/reservedSpace.js +102 -0
  418. package/dist/utils/logout.d.ts +14 -0
  419. package/dist/utils/logout.js +32 -0
  420. package/dist/vibe/client.d.ts +261 -0
  421. package/dist/vibe/client.js +445 -0
  422. package/dist/vibe/errors.d.ts +83 -0
  423. package/dist/vibe/errors.js +146 -0
  424. package/dist/vibe/generic.d.ts +234 -0
  425. package/dist/vibe/generic.js +369 -0
  426. package/dist/vibe/hooks/index.d.ts +169 -0
  427. package/dist/vibe/hooks/index.js +252 -0
  428. package/dist/vibe/index.d.ts +23 -0
  429. package/dist/vibe/index.js +67 -0
  430. package/dist/vibe/sessions.d.ts +161 -0
  431. package/dist/vibe/sessions.js +391 -0
  432. package/dist/vibe/types.d.ts +353 -0
  433. package/dist/vibe/types.js +315 -0
  434. package/package.json +855 -0
  435. package/scripts/check-internal-url-usage.sh +73 -0
  436. package/scripts/dev-broker.ps1 +35 -0
  437. package/scripts/dev-local.ps1 +45 -0
  438. package/src/api/auth-handler.ts +550 -0
  439. package/src/api/index.ts +18 -0
  440. package/src/api-handlers/account/change-password.ts +145 -0
  441. package/src/api-handlers/account/masked-info.ts +45 -0
  442. package/src/api-handlers/account/profile.ts +80 -0
  443. package/src/api-handlers/account/recovery/initiate.ts +23 -0
  444. package/src/api-handlers/account/recovery/send-code.ts +25 -0
  445. package/src/api-handlers/account/recovery/verify-code.ts +25 -0
  446. package/src/api-handlers/account/reset-password.ts +23 -0
  447. package/src/api-handlers/account/send-code.ts +76 -0
  448. package/src/api-handlers/account/update-phone.ts +79 -0
  449. package/src/api-handlers/account/validate-password.ts +118 -0
  450. package/src/api-handlers/account/verify-email.ts +125 -0
  451. package/src/api-handlers/account/verify-sms.ts +125 -0
  452. package/src/api-handlers/admin/analytics.ts +445 -0
  453. package/src/api-handlers/admin/audit.ts +225 -0
  454. package/src/api-handlers/admin/index.ts +59 -0
  455. package/src/api-handlers/admin/redis-sessions.ts +253 -0
  456. package/src/api-handlers/admin/sessions.ts +320 -0
  457. package/src/api-handlers/admin/site-logs.ts +367 -0
  458. package/src/api-handlers/admin/users.ts +244 -0
  459. package/src/api-handlers/admin/vibe-data.ts +326 -0
  460. package/src/api-handlers/anon/preferences.ts +123 -0
  461. package/src/api-handlers/auth/jwks.ts +20 -0
  462. package/src/api-handlers/auth/login.ts +240 -0
  463. package/src/api-handlers/auth/refresh.ts +687 -0
  464. package/src/api-handlers/auth/signout.ts +212 -0
  465. package/src/api-handlers/auth/status.ts +23 -0
  466. package/src/api-handlers/auth/update-session.ts +125 -0
  467. package/src/api-handlers/auth/validate.ts +44 -0
  468. package/src/api-handlers/auth/verify-code.ts +129 -0
  469. package/src/api-handlers/session/refresh-viability.ts +36 -0
  470. package/src/api-handlers/session/viability.ts +166 -0
  471. package/src/api-handlers/test/force-expire.ts +67 -0
  472. package/src/auth/auth-decision.ts +230 -0
  473. package/src/auth/auth-options.ts +237 -0
  474. package/src/auth/callbacks/index.ts +7 -0
  475. package/src/auth/callbacks/jwt.ts +382 -0
  476. package/src/auth/callbacks/session.ts +243 -0
  477. package/src/auth/callbacks/signin.ts +56 -0
  478. package/src/auth/events/index.ts +5 -0
  479. package/src/auth/events/signout.ts +33 -0
  480. package/src/auth/providers/credentials.ts +256 -0
  481. package/src/auth/providers/index.ts +6 -0
  482. package/src/auth/providers/oauth.ts +114 -0
  483. package/src/auth/route-config.ts +220 -0
  484. package/src/auth/types/auth-types.ts +555 -0
  485. package/src/auth/types/index.ts +7 -0
  486. package/src/auth/unauthenticated-routes.ts +3 -0
  487. package/src/auth/utils/idp-client.ts +444 -0
  488. package/src/auth/utils/index.ts +6 -0
  489. package/src/auth/utils/token-utils.ts +244 -0
  490. package/src/client/AuthContext.tsx +140 -0
  491. package/src/client/fetch-with-auth.ts +48 -0
  492. package/src/client/fetchWithSession.ts +21 -0
  493. package/src/client/index.ts +13 -0
  494. package/src/client/useAnonSession.ts +131 -0
  495. package/src/components/SessionSync.tsx +137 -0
  496. package/src/components/SignalRHealthCheck.tsx +131 -0
  497. package/src/components/account/UserAvatarMenu.tsx +217 -0
  498. package/src/components/account/index.ts +8 -0
  499. package/src/components/admin/AlertSettingsTab.tsx +728 -0
  500. package/src/components/admin/AnalyticsTab.tsx +703 -0
  501. package/src/components/admin/DataBrowserTab.tsx +505 -0
  502. package/src/components/admin/LoggingSettingsTab.tsx +665 -0
  503. package/src/components/admin/SessionsTab.tsx +414 -0
  504. package/src/components/admin/StatsTab.tsx +379 -0
  505. package/src/components/admin/VibeAdminContext.tsx +87 -0
  506. package/src/components/admin/VibeAdminLayout.tsx +185 -0
  507. package/src/components/admin/index.ts +59 -0
  508. package/src/components/auth/FederatedAuthSection.tsx +95 -0
  509. package/src/components/auth/ModeAwareLoginPage.tsx +135 -0
  510. package/src/components/auth/ModeAwareSignupPage.tsx +267 -0
  511. package/src/components/auth/TraditionalAuthSection.tsx +99 -0
  512. package/src/components/recovery/CompleteStep.tsx +36 -0
  513. package/src/components/recovery/InitiateRecoveryStep.tsx +68 -0
  514. package/src/components/recovery/SelectMethodStep.tsx +73 -0
  515. package/src/components/recovery/SetPasswordStep.tsx +97 -0
  516. package/src/components/recovery/VerifyCodeStep.tsx +90 -0
  517. package/src/components/reserved/ReservedRecoveryWarning.tsx +160 -0
  518. package/src/components/reserved/ReservedStatusBox.tsx +118 -0
  519. package/src/components/ui/BetaBadge.tsx +58 -0
  520. package/src/components/ui/Footer.tsx +93 -0
  521. package/src/config/env.ts +57 -0
  522. package/src/config/logger.ts +62 -0
  523. package/src/config/logging-config.ts +82 -0
  524. package/src/config/unauthenticated-routes.ts +19 -0
  525. package/src/config/vibe-log-transport.ts +250 -0
  526. package/src/edge/internal-api-url.ts +65 -0
  527. package/src/edge/middleware.ts +42 -0
  528. package/src/hooks/useAuth.ts +115 -0
  529. package/src/hooks/useAuthSettings.ts +97 -0
  530. package/src/hooks/useAvailableProviders.ts +118 -0
  531. package/src/hooks/usePasswordValidation.ts +127 -0
  532. package/src/hooks/useProfile.ts +75 -0
  533. package/src/hooks/usePublicAuthSettings.ts +149 -0
  534. package/src/hooks/useSessionExpiration.ts +102 -0
  535. package/src/hooks/useViabilitySession.ts +335 -0
  536. package/src/index.ts +63 -0
  537. package/src/lib/anon-session.ts +213 -0
  538. package/src/lib/api-handler.ts +625 -0
  539. package/src/lib/app-slug.ts +178 -0
  540. package/src/lib/demo-mode.ts +13 -0
  541. package/src/lib/geolocation.ts +265 -0
  542. package/src/lib/idp-client-config.ts +442 -0
  543. package/src/lib/idp-fetch.ts +101 -0
  544. package/src/lib/internal-api.ts +171 -0
  545. package/src/lib/jwt-decode-client.ts +45 -0
  546. package/src/lib/jwt-decode.ts +83 -0
  547. package/src/lib/nextauth-secret.ts +126 -0
  548. package/src/lib/rate-limit-service.ts +9 -0
  549. package/src/lib/redis.ts +27 -0
  550. package/src/lib/refresh-token-validator.ts +64 -0
  551. package/src/lib/roles.ts +177 -0
  552. package/src/lib/secret-validation.ts +8 -0
  553. package/src/lib/session-store.ts +637 -0
  554. package/src/lib/session.ts +34 -0
  555. package/src/lib/site-logger.ts +245 -0
  556. package/src/lib/standardized-client-api.ts +896 -0
  557. package/src/lib/startup-init.ts +247 -0
  558. package/src/lib/test-aware-get-token.ts +30 -0
  559. package/src/lib/token-expiry.ts +40 -0
  560. package/src/lib/token-lifecycle.ts +477 -0
  561. package/src/lib/types/api-responses.ts +336 -0
  562. package/src/lib/user-agent-parser.ts +252 -0
  563. package/src/logging/api/admin-analytics.ts +51 -0
  564. package/src/logging/api/audit-log.ts +53 -0
  565. package/src/logging/components/AdminAnalyticsLayout.tsx +49 -0
  566. package/src/logging/components/AuditLogViewer.tsx +125 -0
  567. package/src/logging/components/ErrorMetricsCard.tsx +98 -0
  568. package/src/logging/components/HealthMetricsCard.tsx +70 -0
  569. package/src/logging/hooks/useAdminAnalytics.ts +22 -0
  570. package/src/logging/hooks/useAuditLog.ts +24 -0
  571. package/src/logging/hooks/useErrorMetrics.ts +40 -0
  572. package/src/logging/hooks/useHealthMetrics.ts +44 -0
  573. package/src/logging/index.ts +18 -0
  574. package/src/logging/types/analytics.ts +81 -0
  575. package/src/logging/types/audit.ts +31 -0
  576. package/src/logging/types/index.ts +3 -0
  577. package/src/middleware/auth-decision.ts +43 -0
  578. package/src/middleware/create-middleware.ts +626 -0
  579. package/src/middleware/rbac-check.ts +244 -0
  580. package/src/middleware/twofa-presets.ts +224 -0
  581. package/src/models/DecodedAccessToken.ts +17 -0
  582. package/src/models/SessionModel.ts +258 -0
  583. package/src/pages/admin-login/page.tsx +229 -0
  584. package/src/pages/admin-roles/RolesAdminPage.tsx +357 -0
  585. package/src/pages/admin-roles/index.ts +9 -0
  586. package/src/pages/admin-roles/modals.tsx +469 -0
  587. package/src/pages/client-admin/ClientSiteAdminPage.tsx +380 -0
  588. package/src/pages/client-admin/index.ts +33 -0
  589. package/src/pages/login/page.tsx +463 -0
  590. package/src/pages/profile/EnhancedProfilePage.tsx +479 -0
  591. package/src/pages/profile/index.ts +9 -0
  592. package/src/pages/profile/page.tsx +166 -0
  593. package/src/pages/recovery/page.tsx +234 -0
  594. package/src/pages/roles/MyRolesPage.tsx +211 -0
  595. package/src/pages/roles/components.tsx +294 -0
  596. package/src/pages/roles/index.ts +17 -0
  597. package/src/pages/security/EnhancedSecurityPage.tsx +574 -0
  598. package/src/pages/security/index.ts +9 -0
  599. package/src/pages/security/page.tsx +507 -0
  600. package/src/pages/settings/EnhancedSettingsPage.tsx +642 -0
  601. package/src/pages/settings/index.ts +9 -0
  602. package/src/pages/settings/page.tsx +47 -0
  603. package/src/pages/showcase/ShowcasePage.tsx +530 -0
  604. package/src/pages/showcase/index.ts +13 -0
  605. package/src/pages/test-env/EmergencyLogoutPage.tsx +179 -0
  606. package/src/pages/test-env/JwtInspectPage.tsx +418 -0
  607. package/src/pages/test-env/RefreshTokenPage.tsx +155 -0
  608. package/src/pages/test-env/TestEnvPage.tsx +116 -0
  609. package/src/pages/test-env/index.ts +25 -0
  610. package/src/pages/verify-code/page.tsx +648 -0
  611. package/src/routes/account/index.ts +32 -0
  612. package/src/routes/account/masked-info.ts +37 -0
  613. package/src/routes/account/send-code.ts +40 -0
  614. package/src/routes/account/update-phone.ts +13 -0
  615. package/src/routes/account/verify-email.ts +41 -0
  616. package/src/routes/account/verify-sms.ts +41 -0
  617. package/src/routes/auth/index.ts +23 -0
  618. package/src/routes/auth/logout.ts +127 -0
  619. package/src/routes/auth/nextauth.ts +71 -0
  620. package/src/routes/auth/refresh.ts +54 -0
  621. package/src/routes/auth/session.ts +193 -0
  622. package/src/routes/auth/settings.ts +75 -0
  623. package/src/routes/auth/viability.ts +220 -0
  624. package/src/routes/index.ts +18 -0
  625. package/src/routes/session/index.ts +7 -0
  626. package/src/routes/session/refresh-viability.ts +17 -0
  627. package/src/services/signalrActivityService.ts +258 -0
  628. package/src/stores/authStore.ts +1904 -0
  629. package/src/templates/instrumentation.ts +41 -0
  630. package/src/theme/ThemeProvider.tsx +39 -0
  631. package/src/theme/default.ts +33 -0
  632. package/src/theme/index.ts +31 -0
  633. package/src/theme/types.ts +69 -0
  634. package/src/theme/useTheme.ts +57 -0
  635. package/src/theme/utils.ts +40 -0
  636. package/src/types/api.ts +13 -0
  637. package/src/types/auth.d.ts +15 -0
  638. package/src/types/auth.ts +22 -0
  639. package/src/types/logging.ts +11 -0
  640. package/src/types/next-auth.d.ts +15 -0
  641. package/src/types/recovery.ts +54 -0
  642. package/src/types/security.ts +1 -0
  643. package/src/utils/api.ts +353 -0
  644. package/src/utils/circuitBreaker.ts +40 -0
  645. package/src/utils/error-message.ts +108 -0
  646. package/src/utils/layout/reservedSpace.ts +124 -0
  647. package/src/utils/logout.ts +30 -0
  648. package/src/vibe/client.ts +590 -0
  649. package/src/vibe/errors.ts +185 -0
  650. package/src/vibe/generic.ts +429 -0
  651. package/src/vibe/hooks/index.ts +367 -0
  652. package/src/vibe/index.ts +121 -0
  653. package/src/vibe/sessions.ts +551 -0
  654. package/src/vibe/types.ts +577 -0
package/src/lib/api-handler.ts ADDED
@@ -0,0 +1,625 @@
1
+ /**
2
+ * Unified API Handler for PayEz Next.js Applications
3
+ *
4
+ * Provides a single, comprehensive API handler with:
5
+ * - Coordinated token refresh with Redis locks
6
+ * - Role-based access control
7
+ * - Middleware queue support
8
+ * - Timeout handling
9
+ * - Standardized PayEz API response format
10
+ * - Client slug validation (security)
11
+ *
12
+ * @version 1.0.0
13
+ * @since Consolidated from website-membership simple-api-handler + MVP auth-handler
14
+ */
15
+
16
+ import { NextRequest, NextResponse } from 'next/server';
17
+ import { getToken } from 'next-auth/jwt';
18
+ import { nanoid } from 'nanoid';
19
+ import {
20
+ getSession,
21
+ getSessionWithVersion,
22
+ acquireRefreshLock,
23
+ releaseRefreshLock,
24
+ checkRefreshLock,
25
+ type RefreshLockInfo
26
+ } from './session-store';
27
+ import { getJwtCookieName } from './app-slug';
28
+ import { getTokenTestAware } from './test-aware-get-token';
29
+ import { internalRefresh } from './internal-api';
30
+
31
+ // ============================================================================
32
+ // Types
33
+ // ============================================================================
34
+
35
+ export interface ApiHandlerConfig {
36
+ /** Whether authentication is required (default: true) */
37
+ requireAuth?: boolean;
38
+ /** Roles required to access this endpoint */
39
+ requiredRoles?: string[];
40
+ /** Request timeout in milliseconds (default: 30000) */
41
+ timeout?: number;
42
+ /** Validate client_slug in token matches expected (default: true) */
43
+ validateClientSlug?: boolean;
44
+ }
45
+
46
+ export interface ApiRequestContext {
47
+ requestId: string;
48
+ startTime: number;
49
+ endpoint: string;
50
+ method: string;
51
+ userId?: string;
52
+ sessionId?: string;
53
+ userAgent?: string;
54
+ ipAddress?: string;
55
+ params?: Record<string, string>;
56
+ }
57
+
58
+ export interface ApiAuthContext {
59
+ accessToken: string | null;
60
+ userId?: string;
61
+ roles: string[];
62
+ sessionId?: string;
63
+ tokenType: string;
64
+ refreshToken: string | null;
65
+ }
66
+
67
+ export interface ApiMiddleware {
68
+ name: string;
69
+ execute: (context: ApiRequestContext, config: ApiHandlerConfig) => Promise<void>;
70
+ }
71
+
72
+ export type ApiHandlerFunction<T = any> = (
73
+ req: NextRequest,
74
+ ctx: ApiRequestContext,
75
+ auth: ApiAuthContext,
76
+ responseBuilder: any
77
+ ) => Promise<T>;
78
+
79
+ // ============================================================================
80
+ // API Response Builder (for backward compatibility)
81
+ // ============================================================================
82
+
83
+ export class ApiResponseBuilder {
84
+ private context: ApiRequestContext;
85
+
86
+ constructor(context: ApiRequestContext) {
87
+ this.context = context;
88
+ }
89
+
90
+ success<T>(data: T, meta?: { operation?: string; version?: string; [key: string]: any }): { success: true; data: T; message: string; operation_code: string; meta: any; timestamp: string; request_id: string } {
91
+ return {
92
+ success: true,
93
+ data,
94
+ message: meta?.operation ? `${meta.operation.replace(/-/g, ' ')} completed successfully` : 'Operation completed successfully',
95
+ operation_code: meta?.operation || 'unknown-operation',
96
+ meta: {
97
+ version: '1.0',
98
+ responseTime: Date.now() - this.context.startTime,
99
+ ...meta
100
+ },
101
+ timestamp: new Date().toISOString(),
102
+ request_id: this.context.requestId
103
+ };
104
+ }
105
+
106
+ error(code: string, message?: string, details?: Record<string, any>): { success: false; error: any; meta: any; timestamp: string; request_id: string } {
107
+ return {
108
+ success: false,
109
+ error: {
110
+ code,
111
+ message: message || code,
112
+ details
113
+ },
114
+ meta: {
115
+ version: '1.0',
116
+ responseTime: Date.now() - this.context.startTime
117
+ },
118
+ timestamp: new Date().toISOString(),
119
+ request_id: this.context.requestId
120
+ };
121
+ }
122
+ }
123
+
124
+ // ============================================================================
125
+ // API Handler Class
126
+ // ============================================================================
127
+
128
+ export class ApiHandler {
129
+ private config: Required<ApiHandlerConfig>;
130
+ private middlewareQueue: ApiMiddleware[] = [];
131
+
132
+ constructor(config: ApiHandlerConfig = {}) {
133
+ this.config = {
134
+ requireAuth: config.requireAuth ?? true,
135
+ requiredRoles: config.requiredRoles ?? [],
136
+ timeout: config.timeout ?? 30000,
137
+ validateClientSlug: config.validateClientSlug ?? true,
138
+ };
139
+ }
140
+
141
+ /**
142
+ * Add middleware to the handler chain
143
+ */
144
+ use(middleware: ApiMiddleware): this {
145
+ this.middlewareQueue.push(middleware);
146
+ return this;
147
+ }
148
+
149
+ /**
150
+ * Create the route handler
151
+ */
152
+ handle<T = any>(handler: ApiHandlerFunction<T>) {
153
+ return async (req: NextRequest): Promise<NextResponse> => {
154
+ const startTime = Date.now();
155
+ const requestId = nanoid();
156
+
157
+ const ctx: ApiRequestContext = {
158
+ requestId,
159
+ startTime,
160
+ endpoint: req.nextUrl.pathname,
161
+ method: req.method,
162
+ userAgent: req.headers.get('user-agent') || undefined,
163
+ ipAddress: req.headers.get('x-forwarded-for') || req.headers.get('x-real-ip') || undefined,
164
+ };
165
+
166
+ try {
167
+ // Execute middleware chain
168
+ for (const middleware of this.middlewareQueue) {
169
+ await middleware.execute(ctx, this.config);
170
+ }
171
+
172
+ // Handle authentication
173
+ const authResult = await this.handleAuthentication(req, ctx);
174
+
175
+ if (!authResult.success) {
176
+ if (authResult.reason === 'REFRESH_IN_PROGRESS') {
177
+ const response = this.errorResponse('SERVICE_UNAVAILABLE', 'Token refresh in progress', 503, requestId);
178
+ response.headers.set('Retry-After', '1');
179
+ return response;
180
+ }
181
+ if (this.config.requireAuth) {
182
+ return this.errorResponse('UNAUTHORIZED', 'Authentication required', 401, requestId);
183
+ }
184
+ }
185
+
186
+ const auth = authResult.auth || this.createEmptyAuth();
187
+
188
+ // Attach auth context to request for downstream use
189
+ if (auth.accessToken) {
190
+ (req as any).__authContext = { accessToken: auth.accessToken };
191
+ }
192
+
193
+ // Check roles
194
+ if (this.config.requiredRoles.length > 0 && auth) {
195
+ const hasRequiredRole = this.config.requiredRoles.some(role => auth.roles.includes(role));
196
+ if (!hasRequiredRole) {
197
+ return this.errorResponse('FORBIDDEN', 'Insufficient permissions', 403, requestId);
198
+ }
199
+ }
200
+
201
+ // Create response builder for backward compatibility
202
+ const responseBuilder = new ApiResponseBuilder(ctx);
203
+
204
+ // Execute handler with timeout
205
+ const result = await this.executeWithTimeout(
206
+ handler(req, ctx, auth, responseBuilder),
207
+ this.config.timeout
208
+ );
209
+
210
+ return this.successResponse(result, requestId, ctx);
211
+
212
+ } catch (error) {
213
+ if (error instanceof Error && error.message === 'Request timeout') {
214
+ return this.errorResponse('TIMEOUT', 'Request timeout', 408, requestId);
215
+ }
216
+
217
+ const statusCode = error instanceof Error ? this.getStatusFromError(error) : 500;
218
+ const message = error instanceof Error ? error.message : 'An unexpected error occurred';
219
+
220
+ return this.errorResponse(
221
+ this.getErrorCode(statusCode),
222
+ message,
223
+ statusCode,
224
+ requestId
225
+ );
226
+ }
227
+ };
228
+ }
229
+
230
+ // ==========================================================================
231
+ // Authentication
232
+ // ==========================================================================
233
+
234
+ private async handleAuthentication(
235
+ req: NextRequest,
236
+ ctx: ApiRequestContext
237
+ ): Promise<{ success: true; auth: ApiAuthContext } | { success: false; reason: string; auth?: null }> {
238
+ try {
239
+ const token = await getTokenTestAware(req);
240
+
241
+ if (!token) {
242
+ if (this.config.requireAuth) {
243
+ return { success: false, reason: 'NO_TOKEN' };
244
+ }
245
+ return { success: true, auth: this.createEmptyAuth() };
246
+ }
247
+
248
+ // Client slug validation (security feature from auth-handler)
249
+ if (this.config.validateClientSlug) {
250
+ const validationResult = this.validateClientSlug(token);
251
+ if (!validationResult.valid) {
252
+ return { success: false, reason: validationResult.reason };
253
+ }
254
+ }
255
+
256
+ // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
257
+ const sessionToken = token.sessionToken || token.redisSessionId;
258
+
259
+ if (!sessionToken) {
260
+ return this.handleNoSessionToken(token, ctx);
261
+ }
262
+
263
+ // Get session with version for coordinated refresh
264
+ const sessionWithVersion = await getSessionWithVersion(sessionToken);
265
+
266
+ if (!sessionWithVersion) {
267
+ return { success: false, reason: 'SESSION_EXPIRED' };
268
+ }
269
+
270
+ const { session: sessionData } = sessionWithVersion;
271
+ let accessToken = sessionData.idpAccessToken || null;
272
+ let userRoles: string[] = Array.isArray(sessionData.roles) ? sessionData.roles : [];
273
+
274
+ // Merge roles from JWT token
275
+ try {
276
+ const tokenRoles: string[] = Array.isArray(token.roles) ? token.roles : [];
277
+ if (tokenRoles.length > 0) {
278
+ userRoles = Array.from(new Set([...userRoles, ...tokenRoles]));
279
+ }
280
+ } catch { /* ignore */ }
281
+
282
+ // Check if token needs refresh
283
+ const thresholdMs = 5 * 60 * 1000;
284
+ const expires = sessionData.idpAccessTokenExpires || 0;
285
+ const needsRefresh = !accessToken || (expires - Date.now()) <= thresholdMs;
286
+
287
+ if (needsRefresh) {
288
+ const refreshResult = await this.handleCoordinatedRefresh(req, token, sessionData, ctx);
289
+ if (refreshResult.blocked) {
290
+ return { success: false, reason: 'REFRESH_IN_PROGRESS' };
291
+ }
292
+ if (refreshResult.accessToken) {
293
+ accessToken = refreshResult.accessToken;
294
+ if (refreshResult.roles) {
295
+ userRoles = Array.from(new Set([...userRoles, ...refreshResult.roles]));
296
+ }
297
+ }
298
+ }
299
+
300
+ if (!accessToken) {
301
+ return { success: false, reason: 'NO_ACCESS_TOKEN' };
302
+ }
303
+
304
+ ctx.userId = token.sub;
305
+ ctx.sessionId = sessionToken;
306
+
307
+ return {
308
+ success: true,
309
+ auth: {
310
+ accessToken,
311
+ userId: token.sub,
312
+ roles: userRoles,
313
+ sessionId: sessionToken,
314
+ tokenType: 'bearer',
315
+ refreshToken: sessionData?.refreshToken || null,
316
+ }
317
+ };
318
+
319
+ } catch (error) {
320
+ return { success: false, reason: 'AUTH_ERROR' };
321
+ }
322
+ }
323
+
324
+ private validateClientSlug(token: any): { valid: boolean; reason: string } {
325
+ const expectedClientSlug = process.env.NEXT_PUBLIC_EXPECTED_CLIENT_SLUG;
326
+
327
+ // If not configured, skip validation (backward compat)
328
+ if (!expectedClientSlug) {
329
+ return { valid: true, reason: '' };
330
+ }
331
+
332
+ const tokenClientSlug = token.client_slug || token.clientSlug;
333
+
334
+ if (!tokenClientSlug) {
335
+ return { valid: false, reason: 'TOKEN_MISSING_CLIENT_SLUG' };
336
+ }
337
+
338
+ if (tokenClientSlug.toLowerCase() !== expectedClientSlug.toLowerCase()) {
339
+ return { valid: false, reason: 'TOKEN_CLIENT_MISMATCH' };
340
+ }
341
+
342
+ return { valid: true, reason: '' };
343
+ }
344
+
345
+ private handleNoSessionToken(token: any, ctx: ApiRequestContext): { success: true; auth: ApiAuthContext } | { success: false; reason: string } {
346
+ const allowTestFallback = process.env.TEST_MODE === 'true' || process.env.NODE_ENV === 'test';
347
+
348
+ if (allowTestFallback && token.accessToken) {
349
+ return {
350
+ success: true,
351
+ auth: {
352
+ accessToken: token.accessToken,
353
+ userId: token.sub,
354
+ roles: token.roles || [],
355
+ sessionId: undefined,
356
+ tokenType: 'bearer',
357
+ refreshToken: null,
358
+ }
359
+ };
360
+ }
361
+
362
+ if (this.config.requireAuth) {
363
+ return { success: false, reason: 'NO_SESSION_TOKEN' };
364
+ }
365
+
366
+ return { success: true, auth: this.createEmptyAuth() };
367
+ }
368
+
369
+ // ==========================================================================
370
+ // Coordinated Refresh
371
+ // ==========================================================================
372
+
373
+ private async handleCoordinatedRefresh(
374
+ req: NextRequest,
375
+ token: any,
376
+ sessionData: any,
377
+ ctx: ApiRequestContext
378
+ ): Promise<{ blocked?: boolean; accessToken?: string; roles?: string[] }> {
379
+ // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
380
+ const sessionToken = token.sessionToken || token.redisSessionId;
381
+
382
+ const existingLock = await checkRefreshLock(sessionToken);
383
+
384
+ if (existingLock) {
385
+ // Wait for existing refresh to complete
386
+ const waitResult = await this.waitForRefresh(sessionToken, 10000);
387
+ if (waitResult.success) {
388
+ const refreshed = await getSession(sessionToken);
389
+ if (refreshed?.accessToken) {
390
+ return {
391
+ accessToken: refreshed.accessToken,
392
+ roles: Array.isArray(refreshed.roles) ? refreshed.roles : [],
393
+ };
394
+ }
395
+ }
396
+ return { blocked: true };
397
+ }
398
+
399
+ // Try to acquire lock
400
+ const lockResult = await acquireRefreshLock(sessionToken, ctx.requestId, 5000);
401
+
402
+ if (!lockResult.acquired || !lockResult.lockInfo) {
403
+ const waitResult = await this.waitForRefresh(sessionToken, 10000);
404
+ if (waitResult.success) {
405
+ const refreshed = await getSession(sessionToken);
406
+ if (refreshed?.accessToken) {
407
+ return {
408
+ accessToken: refreshed.accessToken,
409
+ roles: Array.isArray(refreshed.roles) ? refreshed.roles : [],
410
+ };
411
+ }
412
+ }
413
+ return { blocked: true };
414
+ }
415
+
416
+ try {
417
+ // Double-check if still needs refresh
418
+ const latest = await getSession(sessionToken);
419
+ const thresholdMs = 5 * 60 * 1000;
420
+ const stillNeeds = !latest?.accessToken || ((latest?.accessTokenExpires || 0) - Date.now()) <= thresholdMs;
421
+
422
+ if (!stillNeeds && latest?.accessToken) {
423
+ return {
424
+ accessToken: latest.accessToken,
425
+ roles: Array.isArray(latest.roles) ? latest.roles : [],
426
+ };
427
+ }
428
+
429
+ // Use centralized internal API helper for server-to-server refresh calls
430
+ const refreshResponse = await internalRefresh(
431
+ req.headers.get('cookie') || '',
432
+ sessionToken,
433
+ sessionData.idpRefreshToken,
434
+ ctx.requestId
435
+ );
436
+
437
+ if (!refreshResponse.ok) {
438
+ return {};
439
+ }
440
+
441
+ const refreshed = await getSession(sessionToken);
442
+ if (refreshed?.accessToken) {
443
+ return {
444
+ accessToken: refreshed.accessToken,
445
+ roles: Array.isArray(refreshed.roles) ? refreshed.roles : [],
446
+ };
447
+ }
448
+
449
+ return {};
450
+
451
+ } finally {
452
+ await releaseRefreshLock(sessionToken, ctx.requestId, lockResult.lockInfo.lockVersion);
453
+ }
454
+ }
455
+
456
+ private async waitForRefresh(sessionToken: string, maxWaitMs: number): Promise<{ success: boolean }> {
457
+ const startTime = Date.now();
458
+ const pollInterval = 100;
459
+
460
+ while (Date.now() - startTime < maxWaitMs) {
461
+ const lockExists = await checkRefreshLock(sessionToken);
462
+ if (!lockExists) {
463
+ const session = await getSession(sessionToken);
464
+ if (session?.accessToken) {
465
+ const expires = session.accessTokenExpires || 0;
466
+ if ((expires - Date.now()) > (5 * 60 * 1000)) {
467
+ return { success: true };
468
+ }
469
+ }
470
+ return { success: false };
471
+ }
472
+ await new Promise(resolve => setTimeout(resolve, pollInterval));
473
+ }
474
+
475
+ return { success: false };
476
+ }
477
+
478
+ // ==========================================================================
479
+ // Response Helpers
480
+ // ==========================================================================
481
+
482
+ private createEmptyAuth(): ApiAuthContext {
483
+ return {
484
+ accessToken: null,
485
+ roles: [],
486
+ tokenType: 'bearer',
487
+ refreshToken: null,
488
+ };
489
+ }
490
+
491
+ private async executeWithTimeout<T>(promise: Promise<T>, timeoutMs: number): Promise<T> {
492
+ const timeoutPromise = new Promise<never>((_, reject) => {
493
+ setTimeout(() => reject(new Error('Request timeout')), timeoutMs);
494
+ });
495
+ return Promise.race([promise, timeoutPromise]);
496
+ }
497
+
498
+ private successResponse(data: any, requestId: string, ctx: ApiRequestContext): NextResponse {
499
+ // Pass through Response objects unchanged
500
+ if (data instanceof Response) {
501
+ return data as any;
502
+ }
503
+
504
+ // Handle nested success/error flags
505
+ if (data && typeof data === 'object') {
506
+ if (Object.prototype.hasOwnProperty.call(data, 'success')) {
507
+ if (data.success === false) {
508
+ const msg = data.error?.message || data.message || 'Upstream service error';
509
+ const code = data.error?.code || 'UPSTREAM_SERVICE_ERROR';
510
+ return this.errorResponse(code, msg, 400, requestId);
511
+ }
512
+ }
513
+ }
514
+
515
+ return NextResponse.json({
516
+ success: true,
517
+ data,
518
+ message: 'Operation completed successfully',
519
+ operation_code: 'api_handler_operation',
520
+ timestamp: new Date().toISOString(),
521
+ request_id: requestId,
522
+ meta: {
523
+ version: '1.0',
524
+ responseTime: Date.now() - ctx.startTime,
525
+ }
526
+ }, { status: 200 });
527
+ }
528
+
529
+ private errorResponse(code: string, message: string, status: number, requestId: string): NextResponse {
530
+ const now = new Date().toISOString();
531
+ return NextResponse.json({
532
+ success: false,
533
+ message,
534
+ operation_code: 'api_handler_error',
535
+ timestamp: now,
536
+ request_id: requestId,
537
+ error: {
538
+ code,
539
+ message,
540
+ support: { request_id: requestId, timestamp: now }
541
+ },
542
+ meta: { version: '1.0' }
543
+ }, { status });
544
+ }
545
+
546
+ private getStatusFromError(error: Error): number {
547
+ const msg = error.message.toLowerCase();
548
+
549
+ if (msg.includes('unauthorized')) return 401;
550
+ if (msg.includes('forbidden') || msg.includes('insufficient permissions')) return 403;
551
+ if (msg.includes('not found')) return 404;
552
+ if (msg.includes('timeout')) return 408;
553
+ if (msg.includes('rate limit')) return 429;
554
+ if (msg.includes('bad gateway') || msg.includes('upstream')) return 502;
555
+ if (msg.includes('service unavailable')) return 503;
556
+
557
+ return 500;
558
+ }
559
+
560
+ private getErrorCode(status: number): string {
561
+ switch (status) {
562
+ case 400: return 'BAD_REQUEST';
563
+ case 401: return 'UNAUTHORIZED';
564
+ case 403: return 'FORBIDDEN';
565
+ case 404: return 'NOT_FOUND';
566
+ case 408: return 'TIMEOUT';
567
+ case 429: return 'RATE_LIMIT_EXCEEDED';
568
+ case 502: return 'BAD_GATEWAY';
569
+ case 503: return 'SERVICE_UNAVAILABLE';
570
+ default: return 'INTERNAL_SERVER_ERROR';
571
+ }
572
+ }
573
+ }
574
+
575
+ // ============================================================================
576
+ // Factory Function
577
+ // ============================================================================
578
+
579
+ /**
580
+ * Create an API handler with the specified configuration
581
+ *
582
+ * @example
583
+ * ```typescript
584
+ * export const GET = createApiHandler({ requireAuth: true })
585
+ * .handle(async (req, ctx, auth) => {
586
+ * return { data: 'hello' };
587
+ * });
588
+ * ```
589
+ */
590
+ export function createApiHandler(config: ApiHandlerConfig = {}): ApiHandler {
591
+ return new ApiHandler(config);
592
+ }
593
+
594
+ // ============================================================================
595
+ // Pre-configured Presets
596
+ // ============================================================================
597
+
598
+ /**
599
+ * Pre-configured API handler presets for common use cases
600
+ */
601
+ export const API_PRESETS = {
602
+ /** Public endpoint - no authentication required */
603
+ PUBLIC: () => createApiHandler({ requireAuth: false, validateClientSlug: false }),
604
+
605
+ /** Authenticated endpoint - any logged-in user */
606
+ AUTHENTICATED: () => createApiHandler({ requireAuth: true }),
607
+
608
+ /** User endpoint - requires payez_user or payez_admin role */
609
+ USER: () => createApiHandler({
610
+ requireAuth: true,
611
+ requiredRoles: ['payez_user', 'payez_admin'],
612
+ }),
613
+
614
+ /** Admin endpoint - requires payez_admin role */
615
+ ADMIN: () => createApiHandler({
616
+ requireAuth: true,
617
+ requiredRoles: ['payez_admin'],
618
+ }),
619
+ } as const;
620
+
621
+ // ============================================================================
622
+ // Default Export
623
+ // ============================================================================
624
+
625
+ export default createApiHandler;