npm - @payez/next-mvp - Versions diffs - 3.9.0 → 4.0.0 - Mend

@payez/next-mvp 3.9.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/dist/api/auth-handler.d.ts +1 -2
package/dist/api/auth-handler.js +9 -9
package/dist/api-handlers/account/change-password.js +110 -112
package/dist/api-handlers/admin/analytics.d.ts +19 -20
package/dist/api-handlers/admin/analytics.js +378 -379
package/dist/api-handlers/admin/audit.d.ts +19 -20
package/dist/api-handlers/admin/audit.js +213 -214
package/dist/api-handlers/admin/index.d.ts +21 -22
package/dist/api-handlers/admin/index.js +42 -43
package/dist/api-handlers/admin/redis-sessions.d.ts +35 -36
package/dist/api-handlers/admin/redis-sessions.js +203 -204
package/dist/api-handlers/admin/sessions.d.ts +20 -21
package/dist/api-handlers/admin/sessions.js +283 -284
package/dist/api-handlers/admin/site-logs.d.ts +45 -46
package/dist/api-handlers/admin/site-logs.js +317 -318
package/dist/api-handlers/admin/stats.d.ts +20 -21
package/dist/api-handlers/admin/stats.js +239 -240
package/dist/api-handlers/admin/users.d.ts +19 -20
package/dist/api-handlers/admin/users.js +221 -222
package/dist/api-handlers/admin/vibe-data.d.ts +79 -80
package/dist/api-handlers/admin/vibe-data.js +267 -268
package/dist/api-handlers/auth/refresh.js +633 -635
package/dist/api-handlers/auth/signout.js +186 -187
package/dist/api-handlers/auth/status.js +4 -7
package/dist/api-handlers/auth/update-session.d.ts +1 -1
package/dist/api-handlers/auth/update-session.js +12 -14
package/dist/api-handlers/auth/verify-code.d.ts +43 -43
package/dist/api-handlers/auth/verify-code.js +90 -94
package/dist/api-handlers/session/viability.js +114 -146
package/dist/api-handlers/test/force-expire.js +59 -65
package/dist/auth/auth-decision.js +182 -182
package/dist/auth/better-auth.d.ts +3 -6
package/dist/auth/better-auth.js +3 -6
package/dist/auth/route-config.js +2 -2
package/dist/auth/utils/token-utils.d.ts +83 -84
package/dist/auth/utils/token-utils.js +218 -219
package/dist/client/AuthContext.js +115 -112
package/dist/client/better-auth-client.d.ts +1020 -961
package/dist/client/better-auth-client.js +54 -7
package/dist/client/fetch-with-auth.js +2 -2
package/dist/components/SessionSync.js +121 -119
package/dist/components/account/MobileNavDrawer.js +64 -64
package/dist/components/account/UserAvatarMenu.js +91 -88
package/dist/components/admin/VibeAdminLayout.js +71 -69
package/dist/hooks/useAuth.js +9 -7
package/dist/hooks/useAuthSettings.js +93 -93
package/dist/hooks/useAvailableProviders.d.ts +43 -45
package/dist/hooks/useAvailableProviders.js +112 -108
package/dist/hooks/useSessionExpiration.d.ts +2 -3
package/dist/hooks/useSessionExpiration.js +2 -2
package/dist/hooks/useViabilitySession.js +3 -2
package/dist/index.js +4 -6
package/dist/lib/app-slug.d.ts +95 -95
package/dist/lib/app-slug.js +172 -172
package/dist/lib/standardized-client-api.js +10 -5
package/dist/lib/startup-init.js +21 -25
package/dist/lib/test-aware-get-token.js +86 -81
package/dist/lib/token-lifecycle.d.ts +78 -52
package/dist/lib/token-lifecycle.js +360 -398
package/dist/pages/admin-login/page.js +73 -83
package/dist/pages/client-admin/ClientSiteAdminPage.js +179 -177
package/dist/pages/login/page.js +202 -211
package/dist/pages/showcase/ShowcasePage.js +142 -140
package/dist/pages/test-env/EmergencyLogoutPage.js +99 -98
package/dist/pages/test-env/JwtInspectPage.js +116 -114
package/dist/pages/test-env/RefreshTokenPage.js +4 -2
package/dist/pages/test-env/TestEnvPage.js +51 -49
package/dist/pages/verify-code/page.js +412 -408
package/dist/routes/auth/logout.d.ts +31 -31
package/dist/routes/auth/logout.js +98 -113
package/dist/routes/auth/nextauth.d.ts +14 -11
package/dist/routes/auth/nextauth.js +25 -57
package/dist/routes/auth/session.js +157 -179
package/dist/routes/auth/viability.js +190 -201
package/dist/server/auth.d.ts +50 -0
package/dist/server/auth.js +62 -0
package/dist/stores/authStore.js +19 -23
package/dist/utils/logout.js +5 -5
package/package.json +1 -3
package/src/api/auth-handler.ts +550 -549
package/src/api-handlers/account/change-password.ts +5 -8
package/src/api-handlers/admin/analytics.ts +4 -6
package/src/api-handlers/admin/audit.ts +5 -7
package/src/api-handlers/admin/index.ts +1 -2
package/src/api-handlers/admin/redis-sessions.ts +6 -8
package/src/api-handlers/admin/sessions.ts +5 -7
package/src/api-handlers/admin/site-logs.ts +8 -10
package/src/api-handlers/admin/stats.ts +4 -6
package/src/api-handlers/admin/users.ts +5 -7
package/src/api-handlers/admin/vibe-data.ts +10 -12
package/src/api-handlers/auth/refresh.ts +5 -7
package/src/api-handlers/auth/signout.ts +5 -6
package/src/api-handlers/auth/status.ts +4 -7
package/src/api-handlers/auth/update-session.ts +123 -125
package/src/api-handlers/auth/verify-code.ts +9 -13
package/src/api-handlers/session/viability.ts +10 -47
package/src/api-handlers/test/force-expire.ts +4 -11
package/src/auth/auth-decision.ts +1 -1
package/src/auth/better-auth.ts +138 -141
package/src/auth/route-config.ts +219 -219
package/src/auth/utils/token-utils.ts +0 -1
package/src/client/AuthContext.tsx +6 -2
package/src/client/better-auth-client.ts +54 -7
package/src/client/fetch-with-auth.ts +47 -47
package/src/components/SessionSync.tsx +6 -5
package/src/components/account/MobileNavDrawer.tsx +3 -3
package/src/components/account/UserAvatarMenu.tsx +6 -3
package/src/components/admin/VibeAdminLayout.tsx +4 -2
package/src/config/logger.ts +1 -1
package/src/hooks/useAuth.ts +117 -115
package/src/hooks/useAuthSettings.ts +2 -2
package/src/hooks/useAvailableProviders.ts +9 -5
package/src/hooks/useSessionExpiration.ts +101 -102
package/src/hooks/useViabilitySession.ts +336 -335
package/src/index.ts +60 -63
package/src/lib/api-handler.ts +0 -1
package/src/lib/app-slug.ts +6 -6
package/src/lib/standardized-client-api.ts +901 -895
package/src/lib/startup-init.ts +243 -247
package/src/lib/test-aware-get-token.ts +22 -12
package/src/lib/token-lifecycle.ts +12 -53
package/src/pages/admin-login/page.tsx +9 -17
package/src/pages/client-admin/ClientSiteAdminPage.tsx +4 -2
package/src/pages/login/page.tsx +21 -28
package/src/pages/showcase/ShowcasePage.tsx +4 -2
package/src/pages/test-env/EmergencyLogoutPage.tsx +7 -6
package/src/pages/test-env/JwtInspectPage.tsx +5 -3
package/src/pages/test-env/RefreshTokenPage.tsx +157 -155
package/src/pages/test-env/TestEnvPage.tsx +4 -2
package/src/pages/verify-code/page.tsx +10 -6
package/src/routes/auth/logout.ts +7 -25
package/src/routes/auth/nextauth.ts +45 -71
package/src/routes/auth/session.ts +25 -50
package/src/routes/auth/viability.ts +7 -19
package/src/server/auth.ts +60 -0
package/src/stores/authStore.ts +1899 -1904
package/src/utils/logout.ts +30 -30
package/src/auth/auth-options.ts +0 -237
package/src/auth/callbacks/index.ts +0 -7
package/src/auth/callbacks/jwt.ts +0 -382
package/src/auth/callbacks/session.ts +0 -243
package/src/auth/callbacks/signin.ts +0 -56
package/src/auth/events/index.ts +0 -5
package/src/auth/events/signout.ts +0 -33
package/src/auth/providers/credentials.ts +0 -256
package/src/auth/providers/index.ts +0 -6
package/src/auth/providers/oauth.ts +0 -114
package/src/lib/nextauth-secret.ts +0 -121
package/src/types/next-auth.d.ts +0 -15

package/dist/routes/auth/session.js CHANGED Viewed

@@ -1,179 +1,157 @@
-"use strict";
-/**
- * Ready-to-Use Session Management Route
- *
- * Provides pre-configured session handlers for checking and updating session state.
- *
- * @example
- * ```typescript
- * // app/api/auth/session/route.ts
- * export { GET, POST } from '@payez/next-mvp/routes/auth/session';
- * ```
- *
- * @version 2.0.0
- * @since auth-ready-v2
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.GET = GET;
-exports.POST = POST;
-const server_1 = require("next/server");
-const jwt_1 = require("next-auth/jwt");
-const session_store_1 = require("../../lib/session-store");
-const app_slug_1 = require("../../lib/app-slug");
-const idp_client_config_1 = require("../../lib/idp-client-config");
-/**
- * Get NextAuth secret from IDP config (cached).
- * NEVER use process.env.NEXTAUTH_SECRET - it's always loaded from IDP.
- */
-async function getNextAuthSecret() {
-    const config = await (0, idp_client_config_1.getIDPClientConfig)();
-    return config.nextAuthSecret || '';
-}
-/**
- * GET /api/auth/session - Check current session status
- *
- * Returns the current session information including:
- * - User details
- * - Token expiry status
- * - Session validity
- */
-async function GET(req) {
-    try {
-        const secret = await getNextAuthSecret();
-        const cookieName = (0, app_slug_1.getJwtCookieName)();
-        // Debug logging
-        const cookieValue = req.cookies.get(cookieName)?.value;
-        console.log('[SESSION_ROUTE] GET called:', {
-            cookieName,
-            hasCookie: !!cookieValue,
-            cookieLength: cookieValue?.length || 0,
-            secretLength: secret?.length || 0,
-        });
-        const token = await (0, jwt_1.getToken)({ req, secret, cookieName });
-        if (!token) {
-            console.warn('[SESSION_ROUTE] getToken returned null');
-            // MUST return empty {} — NextAuth's useSession() treats any non-empty
-            // response object as "authenticated", causing redirect loops on login page.
-            return server_1.NextResponse.json({});
-        }
-        // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
-        const redisSessionId = token.sessionToken || token.redisSessionId;
-        console.log('[SESSION_ROUTE] Token found:', {
-            sub: token.sub,
-            email: token.email,
-            name: token.name,
-            hasExp: !!token.exp,
-            redisSessionId: redisSessionId ? redisSessionId.substring(0, 8) + '...' : 'MISSING',
-        });
-        // Fetch full session data from Redis
-        const session = redisSessionId ? await (0, session_store_1.getSession)(redisSessionId) : null;
-        console.log('[SESSION_ROUTE] Redis session:', {
-            found: !!session,
-            userId: session?.userId,
-            roles: session?.roles,
-            hasAccessToken: !!session?.idpAccessToken,
-        });
-        // Return NextAuth-compatible session format with Redis data
-        // useSession() expects: { user: {...}, expires: "..." }
-        // We enrich with all session data from Redis
-        return server_1.NextResponse.json({
-            user: {
-                id: session?.userId || token.sub,
-                email: session?.email || token.email,
-                name: session?.name || token.name,
-                image: token.picture || null,
-                // Redis session data
-                roles: session?.roles || [],
-                twoFactorSessionVerified: session?.mfaVerified || false,
-                requiresTwoFactor: !session?.mfaVerified,
-                authenticationMethods: session?.authenticationMethods,
-                authenticationLevel: session?.authenticationLevel,
-                mfaCompletedAt: session?.mfaCompletedAt,
-                mfaExpiresAt: session?.mfaExpiresAt,
-                mfaValidityHours: session?.mfaValidityHours,
-                oauthProvider: session?.oauthProvider,
-                idpClientId: session?.idpClientId,
-                merchantId: session?.merchantId,
-            },
-            // Session tokens
-            sessionToken: redisSessionId,
-            accessToken: session?.idpAccessToken,
-            refreshToken: session?.idpRefreshToken,
-            accessTokenExpires: session?.idpAccessTokenExpires,
-            expires: token.exp ? new Date(token.exp * 1000).toISOString() : new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString(),
-        });
-    }
-    catch (error) {
-        console.error('[SESSION_ROUTE] Error checking session:', error);
-        return server_1.NextResponse.json({
-            error: 'Failed to check session',
-            details: error instanceof Error ? error.message : 'Unknown error'
-        }, { status: 500 });
-    }
-}
-/**
- * POST /api/auth/session - Update session data
- *
- * Allows updating session metadata (not tokens).
- * Token refresh should use the /api/auth/refresh endpoint.
- *
- * Body:
- * - metadata: object - Custom metadata to store in session
- */
-async function POST(req) {
-    try {
-        const secret = await getNextAuthSecret();
-        const token = await (0, jwt_1.getToken)({ req, secret, cookieName: (0, app_slug_1.getJwtCookieName)() });
-        if (!token) {
-            return server_1.NextResponse.json({
-                error: 'No session found',
-                code: 'UNAUTHORIZED'
-            }, { status: 401 });
-        }
-        // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
-        const sessionToken = token.sessionToken || token.redisSessionId;
-        if (!sessionToken) {
-            return server_1.NextResponse.json({
-                error: 'Invalid session',
-                code: 'INVALID_SESSION'
-            }, { status: 400 });
-        }
-        const body = await req.json();
-        const { metadata, access_token, refresh_token, twoFactorComplete, twoFactorMethod } = body;
-        // Get current session
-        const session = await (0, session_store_1.getSession)(sessionToken);
-        if (!session) {
-            return server_1.NextResponse.json({
-                error: 'Session not found',
-                code: 'SESSION_NOT_FOUND'
-            }, { status: 404 });
-        }
-        // Update session with new data
-        const updatedSession = {
-            ...session,
-            ...(access_token ? { accessToken: access_token } : {}),
-            ...(refresh_token ? { refreshToken: refresh_token } : {}),
-            ...(typeof twoFactorComplete === 'boolean' ? { twoFactorComplete } : {}),
-            ...(twoFactorMethod ? { twoFactorMethod } : {}),
-            ...(metadata ? {
-                metadata: {
-                    ...(session.metadata || {}),
-                    ...metadata,
-                    updatedAt: new Date().toISOString()
-                }
-            } : {})
-        };
-        await (0, session_store_1.updateSession)(sessionToken, updatedSession);
-        return server_1.NextResponse.json({
-            success: true,
-            message: 'Session updated successfully'
-        });
-    }
-    catch (error) {
-        console.error('[SESSION_ROUTE] Error updating session:', error);
-        return server_1.NextResponse.json({
-            error: 'Failed to update session',
-            details: error instanceof Error ? error.message : 'Unknown error'
-        }, { status: 500 });
-    }
-}
+"use strict";
+/**
+ * Ready-to-Use Session Management Route
+ *
+ * Provides pre-configured session handlers for checking and updating session state.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/session/route.ts
+ * export { GET, POST } from '@payez/next-mvp/routes/auth/session';
+ * ```
+ *
+ * @version 2.0.0
+ * @since auth-ready-v2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GET = GET;
+exports.POST = POST;
+const server_1 = require("next/server");
+const auth_1 = require("../../server/auth");
+const session_store_1 = require("../../lib/session-store");
+/**
+ * GET /api/auth/session - Check current session status
+ *
+ * Returns the current session information including:
+ * - User details
+ * - Token expiry status
+ * - Session validity
+ */
+async function GET(req) {
+    try {
+        const authSession = await (0, auth_1.getSession)(req);
+        if (!authSession) {
+            console.warn('[SESSION_ROUTE] Better Auth session not found');
+            // MUST return empty {} — useSession() treats any non-empty
+            // response object as "authenticated", causing redirect loops on login page.
+            return server_1.NextResponse.json({});
+        }
+        const redisSessionId = authSession.session?.token;
+        console.log('[SESSION_ROUTE] Session found:', {
+            userId: authSession.user?.id,
+            email: authSession.user?.email,
+            name: authSession.user?.name,
+            redisSessionId: redisSessionId ? redisSessionId.substring(0, 8) + '...' : 'MISSING',
+        });
+        // Fetch full session data from Redis
+        const session = redisSessionId ? await (0, session_store_1.getSession)(redisSessionId) : null;
+        console.log('[SESSION_ROUTE] Redis session:', {
+            found: !!session,
+            userId: session?.userId,
+            roles: session?.roles,
+            hasAccessToken: !!session?.idpAccessToken,
+        });
+        // Return session format with Redis data
+        // useSession() expects: { user: {...}, expires: "..." }
+        // We enrich with all session data from Redis
+        return server_1.NextResponse.json({
+            user: {
+                id: session?.userId || authSession.user?.id,
+                email: session?.email || authSession.user?.email,
+                name: session?.name || authSession.user?.name,
+                image: authSession.user?.image || null,
+                // Redis session data
+                roles: session?.roles || [],
+                twoFactorSessionVerified: session?.mfaVerified || false,
+                requiresTwoFactor: !session?.mfaVerified,
+                authenticationMethods: session?.authenticationMethods,
+                authenticationLevel: session?.authenticationLevel,
+                mfaCompletedAt: session?.mfaCompletedAt,
+                mfaExpiresAt: session?.mfaExpiresAt,
+                mfaValidityHours: session?.mfaValidityHours,
+                oauthProvider: session?.oauthProvider,
+                idpClientId: session?.idpClientId,
+                merchantId: session?.merchantId,
+            },
+            // Session tokens
+            sessionToken: redisSessionId,
+            accessToken: session?.idpAccessToken,
+            refreshToken: session?.idpRefreshToken,
+            accessTokenExpires: session?.idpAccessTokenExpires,
+            expires: authSession.session?.expiresAt
+                ? new Date(authSession.session.expiresAt).toISOString()
+                : new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString(),
+        });
+    }
+    catch (error) {
+        console.error('[SESSION_ROUTE] Error checking session:', error);
+        return server_1.NextResponse.json({
+            error: 'Failed to check session',
+            details: error instanceof Error ? error.message : 'Unknown error'
+        }, { status: 500 });
+    }
+}
+/**
+ * POST /api/auth/session - Update session data
+ *
+ * Allows updating session metadata (not tokens).
+ * Token refresh should use the /api/auth/refresh endpoint.
+ *
+ * Body:
+ * - metadata: object - Custom metadata to store in session
+ */
+async function POST(req) {
+    try {
+        const authSession = await (0, auth_1.getSession)(req);
+        if (!authSession) {
+            return server_1.NextResponse.json({
+                error: 'No session found',
+                code: 'UNAUTHORIZED'
+            }, { status: 401 });
+        }
+        const sessionToken = authSession.session?.token;
+        if (!sessionToken) {
+            return server_1.NextResponse.json({
+                error: 'Invalid session',
+                code: 'INVALID_SESSION'
+            }, { status: 400 });
+        }
+        const body = await req.json();
+        const { metadata, access_token, refresh_token, twoFactorComplete, twoFactorMethod } = body;
+        // Get current session from Redis
+        const session = await (0, session_store_1.getSession)(sessionToken);
+        if (!session) {
+            return server_1.NextResponse.json({
+                error: 'Session not found',
+                code: 'SESSION_NOT_FOUND'
+            }, { status: 404 });
+        }
+        // Update session with new data
+        const updatedSession = {
+            ...session,
+            ...(access_token ? { accessToken: access_token } : {}),
+            ...(refresh_token ? { refreshToken: refresh_token } : {}),
+            ...(typeof twoFactorComplete === 'boolean' ? { twoFactorComplete } : {}),
+            ...(twoFactorMethod ? { twoFactorMethod } : {}),
+            ...(metadata ? {
+                metadata: {
+                    ...(session.metadata || {}),
+                    ...metadata,
+                    updatedAt: new Date().toISOString()
+                }
+            } : {})
+        };
+        await (0, session_store_1.updateSession)(sessionToken, updatedSession);
+        return server_1.NextResponse.json({
+            success: true,
+            message: 'Session updated successfully'
+        });
+    }
+    catch (error) {
+        console.error('[SESSION_ROUTE] Error updating session:', error);
+        return server_1.NextResponse.json({
+            error: 'Failed to update session',
+            details: error instanceof Error ? error.message : 'Unknown error'
+        }, { status: 500 });
+    }
+}