npm - @payez/next-mvp - Versions diffs - 3.9.1 → 4.0.0 - Mend

@payez/next-mvp 3.9.1 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (147) hide show

package/dist/api/auth-handler.d.ts +1 -2
package/dist/api/auth-handler.js +9 -9
package/dist/api-handlers/account/change-password.js +110 -112
package/dist/api-handlers/admin/analytics.d.ts +19 -20
package/dist/api-handlers/admin/analytics.js +378 -379
package/dist/api-handlers/admin/audit.d.ts +19 -20
package/dist/api-handlers/admin/audit.js +213 -214
package/dist/api-handlers/admin/index.d.ts +21 -22
package/dist/api-handlers/admin/index.js +42 -43
package/dist/api-handlers/admin/redis-sessions.d.ts +35 -36
package/dist/api-handlers/admin/redis-sessions.js +203 -204
package/dist/api-handlers/admin/sessions.d.ts +20 -21
package/dist/api-handlers/admin/sessions.js +283 -284
package/dist/api-handlers/admin/site-logs.d.ts +45 -46
package/dist/api-handlers/admin/site-logs.js +317 -318
package/dist/api-handlers/admin/stats.d.ts +20 -21
package/dist/api-handlers/admin/stats.js +239 -240
package/dist/api-handlers/admin/users.d.ts +19 -20
package/dist/api-handlers/admin/users.js +221 -222
package/dist/api-handlers/admin/vibe-data.d.ts +79 -80
package/dist/api-handlers/admin/vibe-data.js +267 -268
package/dist/api-handlers/auth/refresh.js +633 -635
package/dist/api-handlers/auth/signout.js +186 -187
package/dist/api-handlers/auth/status.js +4 -7
package/dist/api-handlers/auth/update-session.d.ts +1 -1
package/dist/api-handlers/auth/update-session.js +12 -14
package/dist/api-handlers/auth/verify-code.d.ts +43 -43
package/dist/api-handlers/auth/verify-code.js +90 -94
package/dist/api-handlers/session/viability.js +114 -146
package/dist/api-handlers/test/force-expire.js +59 -65
package/dist/auth/auth-decision.js +182 -182
package/dist/auth/better-auth.d.ts +3 -6
package/dist/auth/better-auth.js +3 -6
package/dist/auth/route-config.js +2 -2
package/dist/auth/utils/token-utils.d.ts +83 -84
package/dist/auth/utils/token-utils.js +218 -219
package/dist/client/AuthContext.js +115 -112
package/dist/client/better-auth-client.d.ts +1020 -1020
package/dist/client/fetch-with-auth.js +2 -2
package/dist/components/SessionSync.js +121 -119
package/dist/components/account/MobileNavDrawer.js +64 -64
package/dist/components/account/UserAvatarMenu.js +91 -88
package/dist/components/admin/VibeAdminLayout.js +71 -69
package/dist/hooks/useAuth.js +9 -7
package/dist/hooks/useAuthSettings.js +93 -93
package/dist/hooks/useAvailableProviders.d.ts +43 -45
package/dist/hooks/useAvailableProviders.js +112 -108
package/dist/hooks/useSessionExpiration.d.ts +2 -3
package/dist/hooks/useSessionExpiration.js +2 -2
package/dist/hooks/useViabilitySession.js +3 -2
package/dist/index.js +4 -6
package/dist/lib/app-slug.d.ts +95 -95
package/dist/lib/app-slug.js +172 -172
package/dist/lib/standardized-client-api.js +10 -5
package/dist/lib/startup-init.js +21 -25
package/dist/lib/test-aware-get-token.js +86 -81
package/dist/lib/token-lifecycle.d.ts +78 -52
package/dist/lib/token-lifecycle.js +360 -398
package/dist/pages/admin-login/page.js +73 -83
package/dist/pages/client-admin/ClientSiteAdminPage.js +179 -177
package/dist/pages/login/page.js +202 -211
package/dist/pages/showcase/ShowcasePage.js +142 -140
package/dist/pages/test-env/EmergencyLogoutPage.js +99 -98
package/dist/pages/test-env/JwtInspectPage.js +116 -114
package/dist/pages/test-env/RefreshTokenPage.js +4 -2
package/dist/pages/test-env/TestEnvPage.js +51 -49
package/dist/pages/verify-code/page.js +412 -408
package/dist/routes/auth/logout.d.ts +31 -31
package/dist/routes/auth/logout.js +98 -113
package/dist/routes/auth/nextauth.d.ts +14 -11
package/dist/routes/auth/nextauth.js +25 -57
package/dist/routes/auth/session.js +157 -179
package/dist/routes/auth/viability.js +190 -201
package/dist/server/auth.d.ts +50 -0
package/dist/server/auth.js +62 -0
package/dist/stores/authStore.js +19 -23
package/dist/utils/logout.js +5 -5
package/package.json +1 -3
package/src/api/auth-handler.ts +550 -549
package/src/api-handlers/account/change-password.ts +5 -8
package/src/api-handlers/admin/analytics.ts +4 -6
package/src/api-handlers/admin/audit.ts +5 -7
package/src/api-handlers/admin/index.ts +1 -2
package/src/api-handlers/admin/redis-sessions.ts +6 -8
package/src/api-handlers/admin/sessions.ts +5 -7
package/src/api-handlers/admin/site-logs.ts +8 -10
package/src/api-handlers/admin/stats.ts +4 -6
package/src/api-handlers/admin/users.ts +5 -7
package/src/api-handlers/admin/vibe-data.ts +10 -12
package/src/api-handlers/auth/refresh.ts +5 -7
package/src/api-handlers/auth/signout.ts +5 -6
package/src/api-handlers/auth/status.ts +4 -7
package/src/api-handlers/auth/update-session.ts +123 -125
package/src/api-handlers/auth/verify-code.ts +9 -13
package/src/api-handlers/session/viability.ts +10 -47
package/src/api-handlers/test/force-expire.ts +4 -11
package/src/auth/auth-decision.ts +1 -1
package/src/auth/better-auth.ts +138 -141
package/src/auth/route-config.ts +219 -219
package/src/auth/utils/token-utils.ts +0 -1
package/src/client/AuthContext.tsx +6 -2
package/src/client/fetch-with-auth.ts +47 -47
package/src/components/SessionSync.tsx +6 -5
package/src/components/account/MobileNavDrawer.tsx +3 -3
package/src/components/account/UserAvatarMenu.tsx +6 -3
package/src/components/admin/VibeAdminLayout.tsx +4 -2
package/src/config/logger.ts +1 -1
package/src/hooks/useAuth.ts +117 -115
package/src/hooks/useAuthSettings.ts +2 -2
package/src/hooks/useAvailableProviders.ts +9 -5
package/src/hooks/useSessionExpiration.ts +101 -102
package/src/hooks/useViabilitySession.ts +336 -335
package/src/index.ts +60 -63
package/src/lib/api-handler.ts +0 -1
package/src/lib/app-slug.ts +6 -6
package/src/lib/standardized-client-api.ts +901 -895
package/src/lib/startup-init.ts +243 -247
package/src/lib/test-aware-get-token.ts +22 -12
package/src/lib/token-lifecycle.ts +12 -53
package/src/pages/admin-login/page.tsx +9 -17
package/src/pages/client-admin/ClientSiteAdminPage.tsx +4 -2
package/src/pages/login/page.tsx +21 -28
package/src/pages/showcase/ShowcasePage.tsx +4 -2
package/src/pages/test-env/EmergencyLogoutPage.tsx +7 -6
package/src/pages/test-env/JwtInspectPage.tsx +5 -3
package/src/pages/test-env/RefreshTokenPage.tsx +157 -155
package/src/pages/test-env/TestEnvPage.tsx +4 -2
package/src/pages/verify-code/page.tsx +10 -6
package/src/routes/auth/logout.ts +7 -25
package/src/routes/auth/nextauth.ts +45 -71
package/src/routes/auth/session.ts +25 -50
package/src/routes/auth/viability.ts +7 -19
package/src/server/auth.ts +60 -0
package/src/stores/authStore.ts +1899 -1904
package/src/utils/logout.ts +30 -30
package/src/auth/auth-options.ts +0 -237
package/src/auth/callbacks/index.ts +0 -7
package/src/auth/callbacks/jwt.ts +0 -382
package/src/auth/callbacks/session.ts +0 -243
package/src/auth/callbacks/signin.ts +0 -56
package/src/auth/events/index.ts +0 -5
package/src/auth/events/signout.ts +0 -33
package/src/auth/providers/credentials.ts +0 -256
package/src/auth/providers/index.ts +0 -6
package/src/auth/providers/oauth.ts +0 -114
package/src/lib/nextauth-secret.ts +0 -121
package/src/types/next-auth.d.ts +0 -15

package/dist/routes/auth/logout.d.ts CHANGED Viewed

@@ -1,31 +1,31 @@
-/**
- * Ready-to-Use Logout Route
- *
- * Provides a pre-configured logout handler that properly cleans up
- * sessions and revokes tokens.
- *
- * @example
- * ```typescript
- * // app/api/auth/logout/route.ts
- * export { POST } from '@payez/next-mvp/routes/auth/logout';
- * ```
- *
- * @version 2.0.0
- * @since auth-ready-v2
- */
-import { NextRequest, NextResponse } from 'next/server';
-/**
- * POST /api/auth/logout - Sign out and clean up session
- *
- * Performs complete logout:
- * 1. Revokes tokens at IDP (if refresh token available)
- * 2. Deletes session from store
- * 3. Clears NextAuth session cookie
- */
-export declare function POST(req: NextRequest): Promise<NextResponse<{
-    success: boolean;
-    message: string;
-}> | NextResponse<{
-    error: string;
-    details: string;
-}>>;
+/**
+ * Ready-to-Use Logout Route
+ *
+ * Provides a pre-configured logout handler that properly cleans up
+ * sessions and revokes tokens.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/logout/route.ts
+ * export { POST } from '@payez/next-mvp/routes/auth/logout';
+ * ```
+ *
+ * @version 2.0.0
+ * @since auth-ready-v2
+ */
+import { NextRequest, NextResponse } from 'next/server';
+/**
+ * POST /api/auth/logout - Sign out and clean up session
+ *
+ * Performs complete logout:
+ * 1. Revokes tokens at IDP (if refresh token available)
+ * 2. Deletes session from store
+ * 3. Clears session cookies
+ */
+export declare function POST(req: NextRequest): Promise<NextResponse<{
+    success: boolean;
+    message: string;
+}> | NextResponse<{
+    error: string;
+    details: string;
+}>>;

package/dist/routes/auth/logout.js CHANGED Viewed

@@ -1,113 +1,98 @@
-"use strict";
-/**
- * Ready-to-Use Logout Route
- *
- * Provides a pre-configured logout handler that properly cleans up
- * sessions and revokes tokens.
- *
- * @example
- * ```typescript
- * // app/api/auth/logout/route.ts
- * export { POST } from '@payez/next-mvp/routes/auth/logout';
- * ```
- *
- * @version 2.0.0
- * @since auth-ready-v2
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.POST = POST;
-const server_1 = require("next/server");
-const jwt_1 = require("next-auth/jwt");
-const session_store_1 = require("../../lib/session-store");
-const app_slug_1 = require("../../lib/app-slug");
-const idp_client_config_1 = require("../../lib/idp-client-config");
-const site_logger_1 = require("../../lib/site-logger");
-async function getConfig() {
-    const idpConfig = await (0, idp_client_config_1.getIDPClientConfig)();
-    const idpBaseUrl = process.env.IDP_URL;
-    if (!idpBaseUrl) {
-        throw new Error('[IDP_URL] FATAL: IDP_URL environment variable is REQUIRED.');
-    }
-    return {
-        nextAuthSecret: idpConfig.nextAuthSecret || '',
-        idpBaseUrl,
-        clientId: process.env.CLIENT_ID || process.env.NEXT_PUBLIC_IDP_CLIENT_ID || '',
-    };
-}
-/**
- * POST /api/auth/logout - Sign out and clean up session
- *
- * Performs complete logout:
- * 1. Revokes tokens at IDP (if refresh token available)
- * 2. Deletes session from store
- * 3. Clears NextAuth session cookie
- */
-async function POST(req) {
-    const { nextAuthSecret, idpBaseUrl, clientId } = await getConfig();
-    try {
-        const token = await (0, jwt_1.getToken)({ req, secret: nextAuthSecret, cookieName: (0, app_slug_1.getJwtCookieName)() });
-        if (!token) {
-            // Already logged out
-            return server_1.NextResponse.json({
-                success: true,
-                message: 'No active session'
-            });
-        }
-        // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
-        const sessionId = token.sessionToken || token.redisSessionId;
-        // Delete session from store (this also removes the refresh token)
-        if (sessionId) {
-            try {
-                await (0, session_store_1.deleteSession)(sessionId);
-                console.info('[LOGOUT_ROUTE] Session deleted from store');
-            }
-            catch (error) {
-                console.warn('[LOGOUT_ROUTE] Failed to delete session:', error);
-            }
-        }
-        // Log logout event (fire-and-forget)
-        const userId = token.sub || token.idpUserId;
-        if (userId) {
-            site_logger_1.siteEvents.logout({
-                user_id: userId,
-                session_id: sessionId,
-                trigger: 'user',
-                url: '/api/auth/logout',
-                user_agent: req.headers.get('user-agent') || undefined,
-                ip_address: (0, site_logger_1.getClientIp)(req.headers) || undefined,
-            });
-        }
-        // Build response that clears NextAuth cookies
-        const response = server_1.NextResponse.json({
-            success: true,
-            message: 'Logged out successfully'
-        });
-        // Clear NextAuth session cookies (using app-slug prefixed names)
-        const cookieNames = [
-            (0, app_slug_1.getSessionCookieName)(),
-            (0, app_slug_1.getSecureSessionCookieName)(),
-            (0, app_slug_1.getCsrfCookieName)(),
-            (0, app_slug_1.getSecureCsrfCookieName)(),
-            (0, app_slug_1.getCallbackUrlCookieName)(),
-            `__Secure-${(0, app_slug_1.getCallbackUrlCookieName)()}`,
-        ];
-        // Clear each cookie by setting it with maxAge 0
-        cookieNames.forEach(name => {
-            response.cookies.set(name, '', {
-                maxAge: 0,
-                path: '/',
-                httpOnly: true,
-                secure: process.env.NODE_ENV === 'production',
-                sameSite: 'lax'
-            });
-        });
-        return response;
-    }
-    catch (error) {
-        console.error('[LOGOUT_ROUTE] Error during logout:', error);
-        return server_1.NextResponse.json({
-            error: 'Failed to logout',
-            details: error instanceof Error ? error.message : 'Unknown error'
-        }, { status: 500 });
-    }
-}
+"use strict";
+/**
+ * Ready-to-Use Logout Route
+ *
+ * Provides a pre-configured logout handler that properly cleans up
+ * sessions and revokes tokens.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/logout/route.ts
+ * export { POST } from '@payez/next-mvp/routes/auth/logout';
+ * ```
+ *
+ * @version 2.0.0
+ * @since auth-ready-v2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = POST;
+const server_1 = require("next/server");
+const auth_1 = require("../../server/auth");
+const session_store_1 = require("../../lib/session-store");
+const app_slug_1 = require("../../lib/app-slug");
+const site_logger_1 = require("../../lib/site-logger");
+/**
+ * POST /api/auth/logout - Sign out and clean up session
+ *
+ * Performs complete logout:
+ * 1. Revokes tokens at IDP (if refresh token available)
+ * 2. Deletes session from store
+ * 3. Clears session cookies
+ */
+async function POST(req) {
+    try {
+        const session = await (0, auth_1.getSession)(req);
+        if (!session) {
+            // Already logged out
+            return server_1.NextResponse.json({
+                success: true,
+                message: 'No active session'
+            });
+        }
+        const sessionId = session.session?.token;
+        // Delete session from store (this also removes the refresh token)
+        if (sessionId) {
+            try {
+                await (0, session_store_1.deleteSession)(sessionId);
+                console.info('[LOGOUT_ROUTE] Session deleted from store');
+            }
+            catch (error) {
+                console.warn('[LOGOUT_ROUTE] Failed to delete session:', error);
+            }
+        }
+        // Log logout event (fire-and-forget)
+        const userId = session.user?.id;
+        if (userId) {
+            site_logger_1.siteEvents.logout({
+                user_id: userId,
+                session_id: sessionId,
+                trigger: 'user',
+                url: '/api/auth/logout',
+                user_agent: req.headers.get('user-agent') || undefined,
+                ip_address: (0, site_logger_1.getClientIp)(req.headers) || undefined,
+            });
+        }
+        // Build response that clears session cookies
+        const response = server_1.NextResponse.json({
+            success: true,
+            message: 'Logged out successfully'
+        });
+        // Clear NextAuth session cookies (using app-slug prefixed names)
+        const cookieNames = [
+            (0, app_slug_1.getSessionCookieName)(),
+            (0, app_slug_1.getSecureSessionCookieName)(),
+            (0, app_slug_1.getCsrfCookieName)(),
+            (0, app_slug_1.getSecureCsrfCookieName)(),
+            (0, app_slug_1.getCallbackUrlCookieName)(),
+            `__Secure-${(0, app_slug_1.getCallbackUrlCookieName)()}`,
+        ];
+        // Clear each cookie by setting it with maxAge 0
+        cookieNames.forEach(name => {
+            response.cookies.set(name, '', {
+                maxAge: 0,
+                path: '/',
+                httpOnly: true,
+                secure: process.env.NODE_ENV === 'production',
+                sameSite: 'lax'
+            });
+        });
+        return response;
+    }
+    catch (error) {
+        console.error('[LOGOUT_ROUTE] Error during logout:', error);
+        return server_1.NextResponse.json({
+            error: 'Failed to logout',
+            details: error instanceof Error ? error.message : 'Unknown error'
+        }, { status: 500 });
+    }
+}

package/dist/routes/auth/nextauth.d.ts CHANGED Viewed

@@ -1,19 +1,22 @@
 /**
- * Ready-to-Use NextAuth Route Handler
+ * Ready-to-Use Auth Route Handler (Better Auth)
  *
- * Provides a pre-configured NextAuth handler that uses dynamic OAuth providers
- * loaded from IDP at startup via getAuthOptions().
+ * Provides a pre-configured Better Auth handler that uses dynamic OAuth providers
+ * loaded from IDP at startup.
  *
- * @version 2.2.0 - Dynamic provider loading from IDP
- * @since auth-ready-v2-hotfix
+ * Replaces the former NextAuth handler. The file name is kept as nextauth.ts
+ * to avoid breaking re-exports in routes/auth/index.ts.
+ *
+ * @version 4.0.0 - Better Auth migration
+ * @since better-auth-4.0
  */
 /**
- * GET handler for NextAuth
- * Uses async factory to get dynamic providers from IDP
+ * GET handler for auth routes
+ * Delegates to Better Auth instance.
  */
-export declare function GET(request: Request, context: any): Promise<any>;
+export declare function GET(request: Request): Promise<Response>;
 /**
- * POST handler for NextAuth
- * Uses async factory to get dynamic providers from IDP
+ * POST handler for auth routes
+ * Delegates to Better Auth instance.
  */
-export declare function POST(request: Request, context: any): Promise<any>;
+export declare function POST(request: Request): Promise<Response>;

package/dist/routes/auth/nextauth.js CHANGED Viewed

@@ -1,72 +1,40 @@
 "use strict";
 /**
- * Ready-to-Use NextAuth Route Handler
+ * Ready-to-Use Auth Route Handler (Better Auth)
  *
- * Provides a pre-configured NextAuth handler that uses dynamic OAuth providers
- * loaded from IDP at startup via getAuthOptions().
+ * Provides a pre-configured Better Auth handler that uses dynamic OAuth providers
+ * loaded from IDP at startup.
  *
- * @version 2.2.0 - Dynamic provider loading from IDP
- * @since auth-ready-v2-hotfix
+ * Replaces the former NextAuth handler. The file name is kept as nextauth.ts
+ * to avoid breaking re-exports in routes/auth/index.ts.
+ *
+ * @version 4.0.0 - Better Auth migration
+ * @since better-auth-4.0
  */
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.GET = GET;
 exports.POST = POST;
-const next_auth_1 = __importDefault(require("next-auth"));
-const auth_options_1 = require("../../auth/auth-options");
-// Cached handler - built once with dynamic providers
-let cachedHandler = null;
-let handlerPromise = null;
+const better_auth_1 = require("../../auth/better-auth");
+const server_1 = require("next/server");
 /**
- * Get or build the NextAuth handler with dynamic providers.
- * Uses caching to avoid rebuilding on every request.
+ * GET handler for auth routes
+ * Delegates to Better Auth instance.
  */
-async function getHandler() {
-    // Return cached if available
-    if (cachedHandler) {
-        return cachedHandler;
-    }
-    // Prevent concurrent builds
-    if (handlerPromise) {
-        return handlerPromise;
+async function GET(request) {
+    const handler = await (0, better_auth_1.getBetterAuthHandler)();
+    if (!handler) {
+        return server_1.NextResponse.json({ error: 'Auth handler not available' }, { status: 503 });
     }
-    handlerPromise = (async () => {
-        try {
-            // Try to get dynamic auth options from IDP
-            const options = await (0, auth_options_1.getAuthOptions)();
-            console.log('[NEXTAUTH_ROUTE] Built handler with dynamic providers');
-            cachedHandler = (0, next_auth_1.default)(options);
-            return cachedHandler;
-        }
-        catch (error) {
-            // Fallback to static options if IDP unavailable
-            console.warn('[NEXTAUTH_ROUTE] Failed to get dynamic options, using static fallback:', {
-                error: error instanceof Error ? error.message : String(error)
-            });
-            cachedHandler = (0, next_auth_1.default)(auth_options_1.authOptions);
-            return cachedHandler;
-        }
-        finally {
-            handlerPromise = null;
-        }
-    })();
-    return handlerPromise;
-}
-/**
- * GET handler for NextAuth
- * Uses async factory to get dynamic providers from IDP
- */
-async function GET(request, context) {
-    const handler = await getHandler();
-    return handler(request, context);
+    return handler.GET(request);
 }
 /**
- * POST handler for NextAuth
- * Uses async factory to get dynamic providers from IDP
+ * POST handler for auth routes
+ * Delegates to Better Auth instance.
  */
-async function POST(request, context) {
-    const handler = await getHandler();
-    return handler(request, context);
+async function POST(request) {
+    const handler = await (0, better_auth_1.getBetterAuthHandler)();
+    if (!handler) {
+        return server_1.NextResponse.json({ error: 'Auth handler not available' }, { status: 503 });
+    }
+    return handler.POST(request);
 }