@payez/next-mvp 3.9.1 → 4.0.0

package/dist/api/auth-handler.d.ts

@@ -13,9 +13,8 @@
  * @since auth-ready-v2
  */
 import { NextRequest, NextResponse } from 'next/server';
-import { JWT } from 'next-auth/jwt';
 export interface AuthContext {
-    token: JWT;
+    token: any;
     accessToken: string;
     userId: string;
     sessionToken: string;

package/dist/api/auth-handler.js

@@ -16,10 +16,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createAuthHandler = createAuthHandler;
 const server_1 = require("next/server");
-const jwt_1 = require("next-auth/jwt");
+const auth_1 = require("../server/auth");
 const nanoid_1 = require("nanoid");
 const session_store_1 = require("../lib/session-store");
-const app_slug_1 = require("../lib/app-slug");
 /**
  * Creates an auth-aware handler with automatic token refresh
  *
@@ -262,14 +261,15 @@ function createAuthHandler(options = {}) {
     return {
         handle: (handler) => {
             return async (req, context = {}) => {
-                // Extract token from NextAuth
-                const token = await (0, jwt_1.getToken)({ req, secret: nextAuthSecret, cookieName: (0, app_slug_1.getJwtCookieName)() });
+                // Extract session from Better Auth
+                const betterAuthSession = await (0, auth_1.getSession)(req);
+                const token = betterAuthSession ? { ...betterAuthSession.user, ...betterAuthSession.session } : null;
                 // Check if auth is required
-                if (requireAuth && !token) {
+                if (requireAuth && !betterAuthSession) {
                     return server_1.NextResponse.json({ error: 'Authentication required', code: 'UNAUTHORIZED' }, { status: 401 });
                 }
-                // If no token and auth not required, call handler without auth context
-                if (!token) {
+                // If no session and auth not required, call handler without auth context
+                if (!betterAuthSession) {
                     return handler(req, context, null);
                 }
                 // Validate client_slug (token confusion attack prevention)
@@ -305,8 +305,8 @@ function createAuthHandler(options = {}) {
                 let authContext = {
                     token,
                     accessToken: token.accessToken || '',
-                    userId: token.sub || token.userId || '',
-                    sessionToken: token.redisSessionId || '',
+                    userId: betterAuthSession.user?.id || token.userId || '',
+                    sessionToken: betterAuthSession.session?.token || '',
                     refreshToken: token.refreshToken,
                 };
                 // Check if token needs refresh

package/dist/api-handlers/account/change-password.js

@@ -1,112 +1,110 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.POST = POST;
-const server_1 = require("next/server");
-const jwt_1 = require("next-auth/jwt");
-const session_store_1 = require("../../lib/session-store");
-const app_slug_1 = require("../../lib/app-slug");
-const nanoid_1 = require("nanoid");
-// ...
-async function POST(req) {
-    const requestId = (0, nanoid_1.nanoid)();
-    try {
-        // Get session token from NextAuth JWT
-        // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
-        const token = await (0, jwt_1.getToken)({ req, secret: process.env.NEXTAUTH_SECRET, cookieName: (0, app_slug_1.getJwtCookieName)() });
-        const sessionToken = (token?.sessionToken || token?.redisSessionId);
-        if (!token || typeof sessionToken !== 'string') {
-            return server_1.NextResponse.json({ success: false, message: 'Unauthorized' }, { status: 401 });
-        }
-        const sessionData = await (0, session_store_1.getSession)(sessionToken);
-        // NOTE: Field is idpAccessToken (not accessToken) per normalized naming convention
-        if (!sessionData?.idpAccessToken) {
-            return server_1.NextResponse.json({
-                success: false,
-                message: 'Authentication required - no access token available',
-                error_code: 'UNAUTHORIZED',
-                request_id: requestId,
-            }, { status: 401 });
-        }
-        const body = await req.json();
-        const { current_password, new_password, confirm_password } = body;
-        // Validate input
-        if (!current_password || !new_password || !confirm_password) {
-            return server_1.NextResponse.json({
-                success: false,
-                message: 'Current password, new password, and confirmation are required',
-                error_code: 'VALIDATION_ERROR',
-                request_id: requestId,
-            }, { status: 400 });
-        }
-        if (new_password !== confirm_password) {
-            return server_1.NextResponse.json({
-                success: false,
-                message: 'New password and confirmation do not match',
-                error_code: 'VALIDATION_ERROR',
-                request_id: requestId,
-            }, { status: 400 });
-        }
-        // Get IDP base URL from environment
-        const idpBaseUrl = process.env.IDP_URL;
-        if (!idpBaseUrl) {
-            console.error('[CHANGE_PASSWORD] IDP_URL not configured');
-            return server_1.NextResponse.json({
-                success: false,
-                message: 'Service configuration error',
-                error_code: 'CONFIGURATION_ERROR',
-                request_id: requestId,
-            }, { status: 500 });
-        }
-        // Proxy request to IDP
-        const idpUrl = `${idpBaseUrl}/api/Account/change-password`;
-        const idpResponse = await fetch(idpUrl, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'Authorization': `Bearer ${sessionData.idpAccessToken}`,
-                'x-request-id': requestId,
-            },
-            body: JSON.stringify({
-                current_password,
-                new_password,
-                confirm_password,
-            }),
-        });
-        const responseData = await idpResponse.json().catch(() => ({}));
-        if (!idpResponse.ok) {
-            // Extract error message from IDP response
-            let errorMessage = 'Failed to change password';
-            if (responseData.message) {
-                errorMessage = responseData.message;
-            }
-            else if (responseData.details?.value && Array.isArray(responseData.details.value) && responseData.details.value.length > 0) {
-                errorMessage = responseData.details.value[0].message || errorMessage;
-            }
-            else if (responseData.details?.message) {
-                errorMessage = responseData.details.message;
-            }
-            return server_1.NextResponse.json({
-                success: false,
-                message: errorMessage,
-                error_code: responseData.error_code || 'CHANGE_PASSWORD_FAILED',
-                request_id: requestId,
-                details: responseData.details,
-            }, { status: idpResponse.status });
-        }
-        return server_1.NextResponse.json({
-            success: true,
-            message: responseData.message || 'Password changed successfully',
-            request_id: requestId,
-        });
-    }
-    catch (error) {
-        console.error('[CHANGE_PASSWORD] Error:', error);
-        const requestId = req.headers.get('x-request-id') ?? crypto.randomUUID();
-        return server_1.NextResponse.json({
-            success: false,
-            message: error instanceof Error ? error.message : 'Failed to change password',
-            error_code: 'INTERNAL_ERROR',
-            request_id: requestId,
-        }, { status: 500 });
-    }
-}
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = POST;
+const server_1 = require("next/server");
+const auth_1 = require("../../server/auth");
+const session_store_1 = require("../../lib/session-store");
+const nanoid_1 = require("nanoid");
+// ...
+async function POST(req) {
+    const requestId = (0, nanoid_1.nanoid)();
+    try {
+        // Get session from Better Auth
+        const betterAuthSession = await (0, auth_1.getSession)(req);
+        const sessionToken = betterAuthSession?.session?.token;
+        if (!betterAuthSession || typeof sessionToken !== 'string') {
+            return server_1.NextResponse.json({ success: false, message: 'Unauthorized' }, { status: 401 });
+        }
+        const sessionData = await (0, session_store_1.getSession)(sessionToken);
+        // NOTE: Field is idpAccessToken (not accessToken) per normalized naming convention
+        if (!sessionData?.idpAccessToken) {
+            return server_1.NextResponse.json({
+                success: false,
+                message: 'Authentication required - no access token available',
+                error_code: 'UNAUTHORIZED',
+                request_id: requestId,
+            }, { status: 401 });
+        }
+        const body = await req.json();
+        const { current_password, new_password, confirm_password } = body;
+        // Validate input
+        if (!current_password || !new_password || !confirm_password) {
+            return server_1.NextResponse.json({
+                success: false,
+                message: 'Current password, new password, and confirmation are required',
+                error_code: 'VALIDATION_ERROR',
+                request_id: requestId,
+            }, { status: 400 });
+        }
+        if (new_password !== confirm_password) {
+            return server_1.NextResponse.json({
+                success: false,
+                message: 'New password and confirmation do not match',
+                error_code: 'VALIDATION_ERROR',
+                request_id: requestId,
+            }, { status: 400 });
+        }
+        // Get IDP base URL from environment
+        const idpBaseUrl = process.env.IDP_URL;
+        if (!idpBaseUrl) {
+            console.error('[CHANGE_PASSWORD] IDP_URL not configured');
+            return server_1.NextResponse.json({
+                success: false,
+                message: 'Service configuration error',
+                error_code: 'CONFIGURATION_ERROR',
+                request_id: requestId,
+            }, { status: 500 });
+        }
+        // Proxy request to IDP
+        const idpUrl = `${idpBaseUrl}/api/Account/change-password`;
+        const idpResponse = await fetch(idpUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${sessionData.idpAccessToken}`,
+                'x-request-id': requestId,
+            },
+            body: JSON.stringify({
+                current_password,
+                new_password,
+                confirm_password,
+            }),
+        });
+        const responseData = await idpResponse.json().catch(() => ({}));
+        if (!idpResponse.ok) {
+            // Extract error message from IDP response
+            let errorMessage = 'Failed to change password';
+            if (responseData.message) {
+                errorMessage = responseData.message;
+            }
+            else if (responseData.details?.value && Array.isArray(responseData.details.value) && responseData.details.value.length > 0) {
+                errorMessage = responseData.details.value[0].message || errorMessage;
+            }
+            else if (responseData.details?.message) {
+                errorMessage = responseData.details.message;
+            }
+            return server_1.NextResponse.json({
+                success: false,
+                message: errorMessage,
+                error_code: responseData.error_code || 'CHANGE_PASSWORD_FAILED',
+                request_id: requestId,
+                details: responseData.details,
+            }, { status: idpResponse.status });
+        }
+        return server_1.NextResponse.json({
+            success: true,
+            message: responseData.message || 'Password changed successfully',
+            request_id: requestId,
+        });
+    }
+    catch (error) {
+        console.error('[CHANGE_PASSWORD] Error:', error);
+        const requestId = req.headers.get('x-request-id') ?? crypto.randomUUID();
+        return server_1.NextResponse.json({
+            success: false,
+            message: error instanceof Error ? error.message : 'Failed to change password',
+            error_code: 'INTERNAL_ERROR',
+            request_id: requestId,
+        }, { status: 500 });
+    }
+}

package/dist/api-handlers/admin/analytics.d.ts

@@ -1,20 +1,19 @@
-/**
- * Admin Analytics API Handler
- *
- * Provides admin-level analytics data using service account credentials.
- * Supports: geo stats, login stats, revenue stats, feature usage.
- *
- * @version 1.0
- * @requires Admin role (vibe_app_admin or payez_admin)
- */
-import { NextRequest, NextResponse } from 'next/server';
-export interface AdminAnalyticsHandlerConfig {
-    getAuthOptions: () => Promise<any>;
-}
-/**
- * POST /api/admin/analytics
- * Body: { type: 'geo' | 'logins' | 'revenue' | 'features', period?: string }
- */
-export declare function createAnalyticsHandler(config: AdminAnalyticsHandlerConfig): {
-    POST(request: NextRequest): Promise<NextResponse<unknown>>;
-};
+/**
+ * Admin Analytics API Handler
+ *
+ * Provides admin-level analytics data using service account credentials.
+ * Supports: geo stats, login stats, revenue stats, feature usage.
+ *
+ * @version 1.0
+ * @requires Admin role (vibe_app_admin or payez_admin)
+ */
+import { NextRequest, NextResponse } from 'next/server';
+export interface AdminAnalyticsHandlerConfig {
+}
+/**
+ * POST /api/admin/analytics
+ * Body: { type: 'geo' | 'logins' | 'revenue' | 'features', period?: string }
+ */
+export declare function createAnalyticsHandler(config: AdminAnalyticsHandlerConfig): {
+    POST(request: NextRequest): Promise<NextResponse<unknown>>;
+};