@payez/next-mvp 3.9.0 → 4.0.0

package/src/index.ts

@@ -1,63 +1,60 @@
-// Type augmentation for NextAuth - included via ambient module declaration
-// Note: Type declarations are picked up automatically via tsconfig.json, no explicit import needed
-
-// NOTE: Server-only exports are NOT exported from the root to prevent bundling Node.js modules in client code.
-// Server-side code should import from subpath exports:
-// - Session management: import { sessionStore } from '@payez/next-mvp/lib/session-store'
-// - Redis client: import { redis } from '@payez/next-mvp/lib/redis'
-// - Token expiry: import { computeTokenExpiries } from '@payez/next-mvp/lib/token-expiry'
-// - Refresh validation: import { validateRefreshToken } from '@payez/next-mvp/lib/refresh-token-validator'
-// - Auth options: import { authOptions } from '@payez/next-mvp/auth/auth-options'
-// - Auth handler: import { createAuthHandler } from '@payez/next-mvp/api/auth-handler'
-
-// Client-safe exports only
-
-// Client-side utilities
-export { fetchWithAuth } from './client/fetch-with-auth';
-
-// Anonymous session hook (for pre-login preferences like theme)
-export { useAnonSession } from './client/useAnonSession';
-export type { AnonPreferences, AnonMetrics, AnonSession, UseAnonSessionReturn } from './client/useAnonSession';
-
-// Authentication Context and Hooks
-export { AuthProvider, useAuthConfig, useAuthMode, useFederatedProviders, useFederatedAuthEnabled, useTraditionalAuthEnabled } from './client/AuthContext';
-export type { AuthConfig } from './types/auth';
-
-// Route configuration (client-safe)
-export { makeAuthDecision } from './auth/auth-decision';
-export { isUnauthenticatedRoute, configurePublicRoutes, getRouteConfig } from './auth/route-config';
-export { createMvpMiddleware } from './middleware/create-middleware';
-
-// Account Components
-export { UserAvatarMenu, MobileNavDrawer } from './components/account';
-export type { UserAvatarMenuProps, MobileNavDrawerProps, NavItem, NavSection } from './components/account';
-
-// Admin Logging & Analytics (client-side components and hooks)
-export {
-  ErrorMetricsCard,
-  HealthMetricsCard,
-  AuditLogViewer,
-  AdminAnalyticsLayout,
-  useErrorMetrics,
-  useHealthMetrics,
-  useAuditLog,
-  useAdminAnalytics,
-  getErrorMetrics,
-  getHealthMetrics,
-  writeAuditLog,
-  queryAuditLog,
-} from './logging';
-export type {
-  ErrorMetrics,
-  HealthMetrics,
-  AuditLogEntry,
-  AuditLogQuery,
-  AuditLogResponse,
-  TimeRange,
-  RouteError,
-  LevelCount,
-  CategoryCount,
-  ErrorDetail,
-  EndpointHealth,
-  SlowRequest,
-} from './logging';
+// NOTE: Server-only exports are NOT exported from the root to prevent bundling Node.js modules in client code.
+// Server-side code should import from subpath exports:
+// - Session management: import { sessionStore } from '@payez/next-mvp/lib/session-store'
+// - Redis client: import { redis } from '@payez/next-mvp/lib/redis'
+// - Token expiry: import { computeTokenExpiries } from '@payez/next-mvp/lib/token-expiry'
+// - Refresh validation: import { validateRefreshToken } from '@payez/next-mvp/lib/refresh-token-validator'
+// - Better Auth: import { createBetterAuthInstance } from '@payez/next-mvp/auth/better-auth'
+// - Server auth: import { getSession } from '@payez/next-mvp/server/auth'
+
+// Client-safe exports only
+
+// Client-side utilities
+export { fetchWithAuth } from './client/fetch-with-auth';
+
+// Anonymous session hook (for pre-login preferences like theme)
+export { useAnonSession } from './client/useAnonSession';
+export type { AnonPreferences, AnonMetrics, AnonSession, UseAnonSessionReturn } from './client/useAnonSession';
+
+// Authentication Context and Hooks
+export { AuthProvider, useAuthConfig, useAuthMode, useFederatedProviders, useFederatedAuthEnabled, useTraditionalAuthEnabled } from './client/AuthContext';
+export type { AuthConfig } from './types/auth';
+
+// Route configuration (client-safe)
+export { makeAuthDecision } from './auth/auth-decision';
+export { isUnauthenticatedRoute, configurePublicRoutes, getRouteConfig } from './auth/route-config';
+export { createMvpMiddleware } from './middleware/create-middleware';
+
+// Account Components
+export { UserAvatarMenu, MobileNavDrawer } from './components/account';
+export type { UserAvatarMenuProps, MobileNavDrawerProps, NavItem, NavSection } from './components/account';
+
+// Admin Logging & Analytics (client-side components and hooks)
+export {
+  ErrorMetricsCard,
+  HealthMetricsCard,
+  AuditLogViewer,
+  AdminAnalyticsLayout,
+  useErrorMetrics,
+  useHealthMetrics,
+  useAuditLog,
+  useAdminAnalytics,
+  getErrorMetrics,
+  getHealthMetrics,
+  writeAuditLog,
+  queryAuditLog,
+} from './logging';
+export type {
+  ErrorMetrics,
+  HealthMetrics,
+  AuditLogEntry,
+  AuditLogQuery,
+  AuditLogResponse,
+  TimeRange,
+  RouteError,
+  LevelCount,
+  CategoryCount,
+  ErrorDetail,
+  EndpointHealth,
+  SlowRequest,
+} from './logging';

package/src/lib/api-handler.ts

@@ -14,7 +14,6 @@
  */
 
 import { NextRequest, NextResponse } from 'next/server';
-import { getToken } from 'next-auth/jwt';
 import { nanoid } from 'nanoid';
 import {
   getSession,

package/src/lib/app-slug.ts

@@ -67,7 +67,7 @@ export function getRefreshLockPrefix(): string {
 // ============================================================================
 //
 // CRITICAL: The session cookie name MUST be consistent between:
-//   1. auth-options.ts (where NextAuth SETS the cookie)
+//   1. better-auth.ts (where auth SETS the cookie)
 //   2. getToken() calls (where we READ the cookie)
 //
 // If these don't match, sessions will appear empty in one environment but
@@ -81,7 +81,7 @@ export function getRefreshLockPrefix(): string {
  * THE session cookie name - SINGLE SOURCE OF TRUTH.
  *
  * This is used by:
- * - auth-options.ts (cookies.sessionToken.name)
+ * - better-auth.ts (cookies.sessionToken.name)
  * - getToken() calls (cookieName parameter)
  * - getJwtCookieName() (alias for consistency)
  *
@@ -94,14 +94,14 @@ export function getSessionCookieName(): string {
 /**
  * Gets the JWT cookie name for getToken() calls.
  *
- * CRITICAL: This MUST match what auth-options.ts configures:
+ * CRITICAL: This MUST match what the auth config sets:
  * - Production: __Secure-{slug}.session-token
  * - Development: {slug}.session-token
  *
  * This is the cookie name that getToken() should use to READ the JWT.
  */
 export function getJwtCookieName(): string {
-  // Must match auth-options.ts cookies.sessionToken.name logic
+  // Must match auth config cookies.sessionToken.name logic
   if (process.env.NODE_ENV === 'production') {
     return getSecureSessionCookieName();
   }
@@ -109,7 +109,7 @@ export function getJwtCookieName(): string {
 }
 
 /**
- * Validates that cookie names are consistent with auth-options.ts.
+ * Validates that cookie names are consistent with the auth config.
  * Call this at startup to catch mismatches early.
  */
 export function validateCookieNameConsistency(): void {
@@ -133,7 +133,7 @@ export function validateCookieNameConsistency(): void {
  *
  * WARNING: This is ONLY for clearing cookies during logout.
  * DO NOT use this for reading cookies - use getSessionCookieName().
- * NextAuth does NOT automatically use this prefix.
+ * Auth does NOT automatically use this prefix.
  *
  * Format: __Secure-{slug}.session-token
  */