npm - @payez/next-mvp - Versions diffs - 3.9.1 → 4.0.1 - Mend

@payez/next-mvp 3.9.1 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (526) hide show

package/package.json +6 -18
package/src/api/auth-handler.ts +550 -549
package/src/api-handlers/account/change-password.ts +5 -8
package/src/api-handlers/admin/analytics.ts +4 -6
package/src/api-handlers/admin/audit.ts +5 -7
package/src/api-handlers/admin/index.ts +1 -2
package/src/api-handlers/admin/redis-sessions.ts +6 -8
package/src/api-handlers/admin/sessions.ts +5 -7
package/src/api-handlers/admin/site-logs.ts +8 -10
package/src/api-handlers/admin/stats.ts +4 -6
package/src/api-handlers/admin/users.ts +5 -7
package/src/api-handlers/admin/vibe-data.ts +10 -12
package/src/api-handlers/auth/refresh.ts +5 -7
package/src/api-handlers/auth/signout.ts +5 -6
package/src/api-handlers/auth/status.ts +4 -7
package/src/api-handlers/auth/update-session.ts +123 -125
package/src/api-handlers/auth/verify-code.ts +9 -13
package/src/api-handlers/session/viability.ts +10 -47
package/src/api-handlers/test/force-expire.ts +4 -11
package/src/auth/auth-decision.ts +1 -1
package/src/auth/better-auth.ts +138 -141
package/src/auth/route-config.ts +219 -219
package/src/auth/utils/token-utils.ts +0 -1
package/src/client/AuthContext.tsx +6 -2
package/src/client/fetch-with-auth.ts +47 -47
package/src/components/SessionSync.tsx +6 -5
package/src/components/account/MobileNavDrawer.tsx +3 -3
package/src/components/account/UserAvatarMenu.tsx +6 -3
package/src/components/admin/VibeAdminLayout.tsx +4 -2
package/src/config/logger.ts +1 -1
package/src/hooks/useAuth.ts +117 -115
package/src/hooks/useAuthSettings.ts +2 -2
package/src/hooks/useAvailableProviders.ts +9 -5
package/src/hooks/useSessionExpiration.ts +101 -102
package/src/hooks/useViabilitySession.ts +336 -335
package/src/index.ts +60 -63
package/src/lib/api-handler.ts +0 -1
package/src/lib/app-slug.ts +6 -6
package/src/lib/standardized-client-api.ts +901 -895
package/src/lib/startup-init.ts +243 -247
package/src/lib/test-aware-get-token.ts +22 -12
package/src/lib/token-lifecycle.ts +12 -53
package/src/pages/admin-login/page.tsx +9 -17
package/src/pages/client-admin/ClientSiteAdminPage.tsx +4 -2
package/src/pages/login/page.tsx +21 -28
package/src/pages/showcase/ShowcasePage.tsx +4 -2
package/src/pages/test-env/EmergencyLogoutPage.tsx +7 -6
package/src/pages/test-env/JwtInspectPage.tsx +5 -3
package/src/pages/test-env/RefreshTokenPage.tsx +157 -155
package/src/pages/test-env/TestEnvPage.tsx +4 -2
package/src/pages/verify-code/page.tsx +10 -6
package/src/routes/auth/logout.ts +7 -25
package/src/routes/auth/nextauth.ts +45 -71
package/src/routes/auth/session.ts +25 -50
package/src/routes/auth/viability.ts +7 -19
package/src/server/auth.ts +60 -0
package/src/stores/authStore.ts +1899 -1904
package/src/utils/logout.ts +30 -30
package/dist/api/auth-handler.d.ts +0 -67
package/dist/api/auth-handler.js +0 -397
package/dist/api/index.d.ts +0 -10
package/dist/api/index.js +0 -19
package/dist/api-handlers/account/change-password.d.ts +0 -9
package/dist/api-handlers/account/change-password.js +0 -112
package/dist/api-handlers/account/masked-info.d.ts +0 -2
package/dist/api-handlers/account/masked-info.js +0 -41
package/dist/api-handlers/account/profile.d.ts +0 -3
package/dist/api-handlers/account/profile.js +0 -63
package/dist/api-handlers/account/recovery/initiate.d.ts +0 -2
package/dist/api-handlers/account/recovery/initiate.js +0 -26
package/dist/api-handlers/account/recovery/send-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/send-code.js +0 -28
package/dist/api-handlers/account/recovery/verify-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/verify-code.js +0 -28
package/dist/api-handlers/account/reset-password.d.ts +0 -2
package/dist/api-handlers/account/reset-password.js +0 -26
package/dist/api-handlers/account/send-code.d.ts +0 -24
package/dist/api-handlers/account/send-code.js +0 -60
package/dist/api-handlers/account/update-phone.d.ts +0 -27
package/dist/api-handlers/account/update-phone.js +0 -64
package/dist/api-handlers/account/validate-password.d.ts +0 -17
package/dist/api-handlers/account/validate-password.js +0 -81
package/dist/api-handlers/account/verify-email.d.ts +0 -26
package/dist/api-handlers/account/verify-email.js +0 -106
package/dist/api-handlers/account/verify-sms.d.ts +0 -26
package/dist/api-handlers/account/verify-sms.js +0 -106
package/dist/api-handlers/admin/analytics.d.ts +0 -20
package/dist/api-handlers/admin/analytics.js +0 -379
package/dist/api-handlers/admin/audit.d.ts +0 -20
package/dist/api-handlers/admin/audit.js +0 -214
package/dist/api-handlers/admin/index.d.ts +0 -22
package/dist/api-handlers/admin/index.js +0 -43
package/dist/api-handlers/admin/redis-sessions.d.ts +0 -36
package/dist/api-handlers/admin/redis-sessions.js +0 -204
package/dist/api-handlers/admin/sessions.d.ts +0 -21
package/dist/api-handlers/admin/sessions.js +0 -284
package/dist/api-handlers/admin/site-logs.d.ts +0 -46
package/dist/api-handlers/admin/site-logs.js +0 -318
package/dist/api-handlers/admin/stats.d.ts +0 -21
package/dist/api-handlers/admin/stats.js +0 -240
package/dist/api-handlers/admin/users.d.ts +0 -20
package/dist/api-handlers/admin/users.js +0 -222
package/dist/api-handlers/admin/vibe-data.d.ts +0 -80
package/dist/api-handlers/admin/vibe-data.js +0 -268
package/dist/api-handlers/anon/preferences.d.ts +0 -37
package/dist/api-handlers/anon/preferences.js +0 -96
package/dist/api-handlers/auth/jwks.d.ts +0 -2
package/dist/api-handlers/auth/jwks.js +0 -24
package/dist/api-handlers/auth/login.d.ts +0 -42
package/dist/api-handlers/auth/login.js +0 -178
package/dist/api-handlers/auth/refresh.d.ts +0 -74
package/dist/api-handlers/auth/refresh.js +0 -635
package/dist/api-handlers/auth/signout.d.ts +0 -37
package/dist/api-handlers/auth/signout.js +0 -187
package/dist/api-handlers/auth/status.d.ts +0 -8
package/dist/api-handlers/auth/status.js +0 -26
package/dist/api-handlers/auth/update-session.d.ts +0 -37
package/dist/api-handlers/auth/update-session.js +0 -95
package/dist/api-handlers/auth/validate.d.ts +0 -6
package/dist/api-handlers/auth/validate.js +0 -43
package/dist/api-handlers/auth/verify-code.d.ts +0 -43
package/dist/api-handlers/auth/verify-code.js +0 -94
package/dist/api-handlers/session/refresh-viability.d.ts +0 -14
package/dist/api-handlers/session/refresh-viability.js +0 -39
package/dist/api-handlers/session/viability.d.ts +0 -13
package/dist/api-handlers/session/viability.js +0 -146
package/dist/api-handlers/test/force-expire.d.ts +0 -23
package/dist/api-handlers/test/force-expire.js +0 -65
package/dist/auth/auth-decision.d.ts +0 -39
package/dist/auth/auth-decision.js +0 -182
package/dist/auth/auth-options.d.ts +0 -57
package/dist/auth/auth-options.js +0 -213
package/dist/auth/better-auth.d.ts +0 -82
package/dist/auth/better-auth.js +0 -122
package/dist/auth/callbacks/index.d.ts +0 -6
package/dist/auth/callbacks/index.js +0 -12
package/dist/auth/callbacks/jwt.d.ts +0 -45
package/dist/auth/callbacks/jwt.js +0 -305
package/dist/auth/callbacks/session.d.ts +0 -60
package/dist/auth/callbacks/session.js +0 -170
package/dist/auth/callbacks/signin.d.ts +0 -23
package/dist/auth/callbacks/signin.js +0 -44
package/dist/auth/events/index.d.ts +0 -4
package/dist/auth/events/index.js +0 -8
package/dist/auth/events/signout.d.ts +0 -17
package/dist/auth/events/signout.js +0 -32
package/dist/auth/providers/credentials.d.ts +0 -32
package/dist/auth/providers/credentials.js +0 -223
package/dist/auth/providers/index.d.ts +0 -5
package/dist/auth/providers/index.js +0 -21
package/dist/auth/providers/oauth.d.ts +0 -26
package/dist/auth/providers/oauth.js +0 -105
package/dist/auth/route-config.d.ts +0 -66
package/dist/auth/route-config.js +0 -190
package/dist/auth/types/auth-types.d.ts +0 -417
package/dist/auth/types/auth-types.js +0 -53
package/dist/auth/types/index.d.ts +0 -6
package/dist/auth/types/index.js +0 -22
package/dist/auth/unauthenticated-routes.d.ts +0 -1
package/dist/auth/unauthenticated-routes.js +0 -19
package/dist/auth/utils/idp-client.d.ts +0 -94
package/dist/auth/utils/idp-client.js +0 -384
package/dist/auth/utils/index.d.ts +0 -5
package/dist/auth/utils/index.js +0 -21
package/dist/auth/utils/token-utils.d.ts +0 -84
package/dist/auth/utils/token-utils.js +0 -219
package/dist/client/AuthContext.d.ts +0 -19
package/dist/client/AuthContext.js +0 -112
package/dist/client/better-auth-client.d.ts +0 -1020
package/dist/client/better-auth-client.js +0 -68
package/dist/client/fetch-with-auth.d.ts +0 -11
package/dist/client/fetch-with-auth.js +0 -44
package/dist/client/fetchWithSession.d.ts +0 -3
package/dist/client/fetchWithSession.js +0 -24
package/dist/client/index.d.ts +0 -9
package/dist/client/index.js +0 -20
package/dist/client/useAnonSession.d.ts +0 -36
package/dist/client/useAnonSession.js +0 -99
package/dist/components/SessionSync.d.ts +0 -13
package/dist/components/SessionSync.js +0 -119
package/dist/components/SignalRHealthCheck.d.ts +0 -10
package/dist/components/SignalRHealthCheck.js +0 -97
package/dist/components/account/MobileNavDrawer.d.ts +0 -32
package/dist/components/account/MobileNavDrawer.js +0 -81
package/dist/components/account/UserAvatarMenu.d.ts +0 -20
package/dist/components/account/UserAvatarMenu.js +0 -88
package/dist/components/account/index.d.ts +0 -9
package/dist/components/account/index.js +0 -13
package/dist/components/admin/AlertSettingsTab.d.ts +0 -48
package/dist/components/admin/AlertSettingsTab.js +0 -351
package/dist/components/admin/AnalyticsTab.d.ts +0 -22
package/dist/components/admin/AnalyticsTab.js +0 -167
package/dist/components/admin/DataBrowserTab.d.ts +0 -19
package/dist/components/admin/DataBrowserTab.js +0 -252
package/dist/components/admin/LoggingSettingsTab.d.ts +0 -73
package/dist/components/admin/LoggingSettingsTab.js +0 -339
package/dist/components/admin/SessionsTab.d.ts +0 -37
package/dist/components/admin/SessionsTab.js +0 -165
package/dist/components/admin/StatsTab.d.ts +0 -53
package/dist/components/admin/StatsTab.js +0 -161
package/dist/components/admin/VibeAdminContext.d.ts +0 -32
package/dist/components/admin/VibeAdminContext.js +0 -38
package/dist/components/admin/VibeAdminLayout.d.ts +0 -11
package/dist/components/admin/VibeAdminLayout.js +0 -69
package/dist/components/admin/index.d.ts +0 -29
package/dist/components/admin/index.js +0 -44
package/dist/components/auth/FederatedAuthSection.d.ts +0 -8
package/dist/components/auth/FederatedAuthSection.js +0 -45
package/dist/components/auth/ModeAwareLoginPage.d.ts +0 -10
package/dist/components/auth/ModeAwareLoginPage.js +0 -42
package/dist/components/auth/ModeAwareSignupPage.d.ts +0 -9
package/dist/components/auth/ModeAwareSignupPage.js +0 -78
package/dist/components/auth/TraditionalAuthSection.d.ts +0 -14
package/dist/components/auth/TraditionalAuthSection.js +0 -20
package/dist/components/recovery/CompleteStep.d.ts +0 -5
package/dist/components/recovery/CompleteStep.js +0 -8
package/dist/components/recovery/InitiateRecoveryStep.d.ts +0 -8
package/dist/components/recovery/InitiateRecoveryStep.js +0 -20
package/dist/components/recovery/SelectMethodStep.d.ts +0 -8
package/dist/components/recovery/SelectMethodStep.js +0 -8
package/dist/components/recovery/SetPasswordStep.d.ts +0 -6
package/dist/components/recovery/SetPasswordStep.js +0 -20
package/dist/components/recovery/VerifyCodeStep.d.ts +0 -10
package/dist/components/recovery/VerifyCodeStep.js +0 -24
package/dist/components/reserved/ReservedRecoveryWarning.d.ts +0 -38
package/dist/components/reserved/ReservedRecoveryWarning.js +0 -92
package/dist/components/reserved/ReservedStatusBox.d.ts +0 -30
package/dist/components/reserved/ReservedStatusBox.js +0 -71
package/dist/components/ui/BetaBadge.d.ts +0 -29
package/dist/components/ui/BetaBadge.js +0 -38
package/dist/components/ui/Footer.d.ts +0 -37
package/dist/components/ui/Footer.js +0 -41
package/dist/config/env.d.ts +0 -66
package/dist/config/env.js +0 -57
package/dist/config/logger.d.ts +0 -57
package/dist/config/logger.js +0 -73
package/dist/config/logging-config.d.ts +0 -30
package/dist/config/logging-config.js +0 -122
package/dist/config/unauthenticated-routes.d.ts +0 -17
package/dist/config/unauthenticated-routes.js +0 -24
package/dist/config/vibe-log-transport.d.ts +0 -81
package/dist/config/vibe-log-transport.js +0 -212
package/dist/edge/internal-api-url.d.ts +0 -53
package/dist/edge/internal-api-url.js +0 -63
package/dist/edge/middleware.d.ts +0 -14
package/dist/edge/middleware.js +0 -32
package/dist/hooks/useAuth.d.ts +0 -23
package/dist/hooks/useAuth.js +0 -81
package/dist/hooks/useAuthSettings.d.ts +0 -59
package/dist/hooks/useAuthSettings.js +0 -93
package/dist/hooks/useAvailableProviders.d.ts +0 -45
package/dist/hooks/useAvailableProviders.js +0 -108
package/dist/hooks/usePasswordValidation.d.ts +0 -27
package/dist/hooks/usePasswordValidation.js +0 -102
package/dist/hooks/useProfile.d.ts +0 -15
package/dist/hooks/useProfile.js +0 -59
package/dist/hooks/usePublicAuthSettings.d.ts +0 -56
package/dist/hooks/usePublicAuthSettings.js +0 -131
package/dist/hooks/useSessionExpiration.d.ts +0 -57
package/dist/hooks/useSessionExpiration.js +0 -72
package/dist/hooks/useViabilitySession.d.ts +0 -75
package/dist/hooks/useViabilitySession.js +0 -268
package/dist/index.d.ts +0 -12
package/dist/index.js +0 -55
package/dist/lib/anon-session.d.ts +0 -74
package/dist/lib/anon-session.js +0 -169
package/dist/lib/api-handler.d.ts +0 -123
package/dist/lib/api-handler.js +0 -478
package/dist/lib/app-slug.d.ts +0 -95
package/dist/lib/app-slug.js +0 -172
package/dist/lib/demo-mode.d.ts +0 -6
package/dist/lib/demo-mode.js +0 -16
package/dist/lib/geolocation.d.ts +0 -64
package/dist/lib/geolocation.js +0 -235
package/dist/lib/idp-client-config.d.ts +0 -75
package/dist/lib/idp-client-config.js +0 -425
package/dist/lib/idp-fetch.d.ts +0 -14
package/dist/lib/idp-fetch.js +0 -91
package/dist/lib/internal-api.d.ts +0 -87
package/dist/lib/internal-api.js +0 -122
package/dist/lib/jwt-decode-client.d.ts +0 -10
package/dist/lib/jwt-decode-client.js +0 -46
package/dist/lib/jwt-decode.d.ts +0 -48
package/dist/lib/jwt-decode.js +0 -57
package/dist/lib/nextauth-secret.d.ts +0 -10
package/dist/lib/nextauth-secret.js +0 -100
package/dist/lib/rate-limit-service.d.ts +0 -23
package/dist/lib/rate-limit-service.js +0 -6
package/dist/lib/redis.d.ts +0 -5
package/dist/lib/redis.js +0 -28
package/dist/lib/refresh-token-validator.d.ts +0 -13
package/dist/lib/refresh-token-validator.js +0 -117
package/dist/lib/roles.d.ts +0 -145
package/dist/lib/roles.js +0 -168
package/dist/lib/secret-validation.d.ts +0 -4
package/dist/lib/secret-validation.js +0 -14
package/dist/lib/session-store.d.ts +0 -170
package/dist/lib/session-store.js +0 -545
package/dist/lib/session.d.ts +0 -21
package/dist/lib/session.js +0 -26
package/dist/lib/site-logger.d.ts +0 -214
package/dist/lib/site-logger.js +0 -210
package/dist/lib/standardized-client-api.d.ts +0 -161
package/dist/lib/standardized-client-api.js +0 -786
package/dist/lib/startup-init.d.ts +0 -40
package/dist/lib/startup-init.js +0 -261
package/dist/lib/test-aware-get-token.d.ts +0 -2
package/dist/lib/test-aware-get-token.js +0 -81
package/dist/lib/token-expiry.d.ts +0 -14
package/dist/lib/token-expiry.js +0 -39
package/dist/lib/token-lifecycle.d.ts +0 -52
package/dist/lib/token-lifecycle.js +0 -398
package/dist/lib/types/api-responses.d.ts +0 -128
package/dist/lib/types/api-responses.js +0 -171
package/dist/lib/user-agent-parser.d.ts +0 -50
package/dist/lib/user-agent-parser.js +0 -220
package/dist/logging/api/admin-analytics.d.ts +0 -3
package/dist/logging/api/admin-analytics.js +0 -45
package/dist/logging/api/audit-log.d.ts +0 -3
package/dist/logging/api/audit-log.js +0 -52
package/dist/logging/components/AdminAnalyticsLayout.d.ts +0 -10
package/dist/logging/components/AdminAnalyticsLayout.js +0 -11
package/dist/logging/components/AuditLogViewer.d.ts +0 -7
package/dist/logging/components/AuditLogViewer.js +0 -51
package/dist/logging/components/ErrorMetricsCard.d.ts +0 -7
package/dist/logging/components/ErrorMetricsCard.js +0 -16
package/dist/logging/components/HealthMetricsCard.d.ts +0 -7
package/dist/logging/components/HealthMetricsCard.js +0 -19
package/dist/logging/hooks/useAdminAnalytics.d.ts +0 -24
package/dist/logging/hooks/useAdminAnalytics.js +0 -22
package/dist/logging/hooks/useAuditLog.d.ts +0 -6
package/dist/logging/hooks/useAuditLog.js +0 -25
package/dist/logging/hooks/useErrorMetrics.d.ts +0 -6
package/dist/logging/hooks/useErrorMetrics.js +0 -38
package/dist/logging/hooks/useHealthMetrics.d.ts +0 -6
package/dist/logging/hooks/useHealthMetrics.js +0 -41
package/dist/logging/index.d.ts +0 -11
package/dist/logging/index.js +0 -40
package/dist/logging/types/analytics.d.ts +0 -68
package/dist/logging/types/analytics.js +0 -3
package/dist/logging/types/audit.d.ts +0 -29
package/dist/logging/types/audit.js +0 -2
package/dist/logging/types/index.d.ts +0 -2
package/dist/logging/types/index.js +0 -19
package/dist/middleware/auth-decision.d.ts +0 -33
package/dist/middleware/auth-decision.js +0 -65
package/dist/middleware/create-middleware.d.ts +0 -102
package/dist/middleware/create-middleware.js +0 -469
package/dist/middleware/rbac-check.d.ts +0 -51
package/dist/middleware/rbac-check.js +0 -219
package/dist/middleware/twofa-presets.d.ts +0 -134
package/dist/middleware/twofa-presets.js +0 -175
package/dist/models/DecodedAccessToken.d.ts +0 -17
package/dist/models/DecodedAccessToken.js +0 -2
package/dist/models/SessionModel.d.ts +0 -122
package/dist/models/SessionModel.js +0 -136
package/dist/pages/admin-login/page.d.ts +0 -31
package/dist/pages/admin-login/page.js +0 -83
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.d.ts +0 -18
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.js +0 -276
package/dist/pages/admin-page-permissions/index.d.ts +0 -6
package/dist/pages/admin-page-permissions/index.js +0 -13
package/dist/pages/admin-roles/RolesAdminPage.d.ts +0 -16
package/dist/pages/admin-roles/RolesAdminPage.js +0 -261
package/dist/pages/admin-roles/index.d.ts +0 -8
package/dist/pages/admin-roles/index.js +0 -15
package/dist/pages/admin-roles/modals.d.ts +0 -72
package/dist/pages/admin-roles/modals.js +0 -154
package/dist/pages/client-admin/ClientSiteAdminPage.d.ts +0 -79
package/dist/pages/client-admin/ClientSiteAdminPage.js +0 -177
package/dist/pages/client-admin/index.d.ts +0 -32
package/dist/pages/client-admin/index.js +0 -37
package/dist/pages/coming-soon/page.d.ts +0 -8
package/dist/pages/coming-soon/page.js +0 -28
package/dist/pages/login/page.d.ts +0 -22
package/dist/pages/login/page.js +0 -239
package/dist/pages/profile/EnhancedProfilePage.d.ts +0 -13
package/dist/pages/profile/EnhancedProfilePage.js +0 -150
package/dist/pages/profile/index.d.ts +0 -8
package/dist/pages/profile/index.js +0 -16
package/dist/pages/profile/page.d.ts +0 -19
package/dist/pages/profile/page.js +0 -47
package/dist/pages/profile/profile-patch.d.ts +0 -1
package/dist/pages/profile/profile-patch.js +0 -281
package/dist/pages/recovery/page.d.ts +0 -1
package/dist/pages/recovery/page.js +0 -142
package/dist/pages/roles/MyRolesPage.d.ts +0 -24
package/dist/pages/roles/MyRolesPage.js +0 -71
package/dist/pages/roles/components.d.ts +0 -63
package/dist/pages/roles/components.js +0 -108
package/dist/pages/roles/index.d.ts +0 -8
package/dist/pages/roles/index.js +0 -19
package/dist/pages/security/EnhancedSecurityPage.d.ts +0 -14
package/dist/pages/security/EnhancedSecurityPage.js +0 -248
package/dist/pages/security/index.d.ts +0 -8
package/dist/pages/security/index.js +0 -16
package/dist/pages/security/page.d.ts +0 -21
package/dist/pages/security/page.js +0 -212
package/dist/pages/security/security-patch.d.ts +0 -1
package/dist/pages/security/security-patch.js +0 -302
package/dist/pages/settings/EnhancedSettingsPage.d.ts +0 -46
package/dist/pages/settings/EnhancedSettingsPage.js +0 -231
package/dist/pages/settings/index.d.ts +0 -8
package/dist/pages/settings/index.js +0 -16
package/dist/pages/settings/page.d.ts +0 -7
package/dist/pages/settings/page.js +0 -26
package/dist/pages/showcase/ShowcasePage.d.ts +0 -13
package/dist/pages/showcase/ShowcasePage.js +0 -140
package/dist/pages/showcase/index.d.ts +0 -12
package/dist/pages/showcase/index.js +0 -17
package/dist/pages/test-env/EmergencyLogoutPage.d.ts +0 -14
package/dist/pages/test-env/EmergencyLogoutPage.js +0 -98
package/dist/pages/test-env/JwtInspectPage.d.ts +0 -14
package/dist/pages/test-env/JwtInspectPage.js +0 -114
package/dist/pages/test-env/RefreshTokenPage.d.ts +0 -15
package/dist/pages/test-env/RefreshTokenPage.js +0 -91
package/dist/pages/test-env/TestEnvPage.d.ts +0 -13
package/dist/pages/test-env/TestEnvPage.js +0 -49
package/dist/pages/test-env/index.d.ts +0 -24
package/dist/pages/test-env/index.js +0 -32
package/dist/pages/verify-code/page.d.ts +0 -30
package/dist/pages/verify-code/page.js +0 -408
package/dist/routes/account/index.d.ts +0 -28
package/dist/routes/account/index.js +0 -71
package/dist/routes/account/masked-info.d.ts +0 -33
package/dist/routes/account/masked-info.js +0 -39
package/dist/routes/account/send-code.d.ts +0 -37
package/dist/routes/account/send-code.js +0 -42
package/dist/routes/account/update-phone.d.ts +0 -13
package/dist/routes/account/update-phone.js +0 -17
package/dist/routes/account/verify-email.d.ts +0 -38
package/dist/routes/account/verify-email.js +0 -43
package/dist/routes/account/verify-sms.d.ts +0 -38
package/dist/routes/account/verify-sms.js +0 -43
package/dist/routes/auth/index.d.ts +0 -19
package/dist/routes/auth/index.js +0 -64
package/dist/routes/auth/logout.d.ts +0 -31
package/dist/routes/auth/logout.js +0 -113
package/dist/routes/auth/nextauth.d.ts +0 -19
package/dist/routes/auth/nextauth.js +0 -72
package/dist/routes/auth/refresh.d.ts +0 -30
package/dist/routes/auth/refresh.js +0 -51
package/dist/routes/auth/session.d.ts +0 -43
package/dist/routes/auth/session.js +0 -179
package/dist/routes/auth/settings.d.ts +0 -25
package/dist/routes/auth/settings.js +0 -55
package/dist/routes/auth/viability.d.ts +0 -52
package/dist/routes/auth/viability.js +0 -201
package/dist/routes/index.d.ts +0 -12
package/dist/routes/index.js +0 -54
package/dist/routes/session/index.d.ts +0 -6
package/dist/routes/session/index.js +0 -10
package/dist/routes/session/refresh-viability.d.ts +0 -16
package/dist/routes/session/refresh-viability.js +0 -20
package/dist/server/auth-guard.d.ts +0 -46
package/dist/server/auth-guard.js +0 -128
package/dist/server/decode-session.d.ts +0 -30
package/dist/server/decode-session.js +0 -78
package/dist/server/slim-middleware.d.ts +0 -23
package/dist/server/slim-middleware.js +0 -89
package/dist/server/with-auth.d.ts +0 -33
package/dist/server/with-auth.js +0 -59
package/dist/services/signalrActivityService.d.ts +0 -44
package/dist/services/signalrActivityService.js +0 -257
package/dist/stores/authStore.d.ts +0 -154
package/dist/stores/authStore.js +0 -1531
package/dist/theme/ThemeProvider.d.ts +0 -14
package/dist/theme/ThemeProvider.js +0 -28
package/dist/theme/default.d.ts +0 -8
package/dist/theme/default.js +0 -33
package/dist/theme/index.d.ts +0 -15
package/dist/theme/index.js +0 -25
package/dist/theme/types.d.ts +0 -56
package/dist/theme/types.js +0 -8
package/dist/theme/useTheme.d.ts +0 -60
package/dist/theme/useTheme.js +0 -63
package/dist/theme/utils.d.ts +0 -13
package/dist/theme/utils.js +0 -39
package/dist/types/api.d.ts +0 -134
package/dist/types/api.js +0 -44
package/dist/types/auth.d.ts +0 -19
package/dist/types/auth.js +0 -2
package/dist/types/logging.d.ts +0 -42
package/dist/types/logging.js +0 -2
package/dist/types/recovery.d.ts +0 -48
package/dist/types/recovery.js +0 -2
package/dist/types/security.d.ts +0 -1
package/dist/types/security.js +0 -2
package/dist/utils/api.d.ts +0 -85
package/dist/utils/api.js +0 -287
package/dist/utils/circuitBreaker.d.ts +0 -43
package/dist/utils/circuitBreaker.js +0 -91
package/dist/utils/error-message.d.ts +0 -1
package/dist/utils/error-message.js +0 -103
package/dist/utils/layout/reservedSpace.d.ts +0 -59
package/dist/utils/layout/reservedSpace.js +0 -102
package/dist/utils/logout.d.ts +0 -14
package/dist/utils/logout.js +0 -32
package/dist/vibe/client.d.ts +0 -261
package/dist/vibe/client.js +0 -445
package/dist/vibe/enterprise-auth.d.ts +0 -106
package/dist/vibe/enterprise-auth.js +0 -173
package/dist/vibe/errors.d.ts +0 -83
package/dist/vibe/errors.js +0 -146
package/dist/vibe/generic.d.ts +0 -234
package/dist/vibe/generic.js +0 -369
package/dist/vibe/hooks/index.d.ts +0 -169
package/dist/vibe/hooks/index.js +0 -252
package/dist/vibe/index.d.ts +0 -25
package/dist/vibe/index.js +0 -72
package/dist/vibe/sessions.d.ts +0 -161
package/dist/vibe/sessions.js +0 -391
package/dist/vibe/types.d.ts +0 -353
package/dist/vibe/types.js +0 -315
package/src/auth/auth-options.ts +0 -237
package/src/auth/callbacks/index.ts +0 -7
package/src/auth/callbacks/jwt.ts +0 -382
package/src/auth/callbacks/session.ts +0 -243
package/src/auth/callbacks/signin.ts +0 -56
package/src/auth/events/index.ts +0 -5
package/src/auth/events/signout.ts +0 -33
package/src/auth/providers/credentials.ts +0 -256
package/src/auth/providers/index.ts +0 -6
package/src/auth/providers/oauth.ts +0 -114
package/src/lib/nextauth-secret.ts +0 -121
package/src/types/next-auth.d.ts +0 -15

package/src/lib/startup-init.ts CHANGED Viewed

@@ -1,247 +1,243 @@
-/**
- * Startup Initialization for MVP
- *
- * This module ensures that critical initialization tasks are completed
- * before the application serves requests.
- *
- * Now uses unified IDP client config for:
- * - NEXTAUTH_SECRET
- * - OAuth provider configuration
- * - Auth settings (2FA, session timeouts, etc.)
- */
-import 'server-only';
-import { getIDPClientConfig, type IDPClientConfig } from './idp-client-config';
-let initializationStarted = false;
-let initializationComplete = false;
-let initializationFailed = false;
-let initializationPromise: Promise<void> | null = null;
-let lastInitError: Error | null = null;
-// Cached IDP config for access after initialization
-let cachedIDPConfig: IDPClientConfig | null = null;
-// Startup backoff to prevent pod restart storms from hammering IDP
-let lastStartupAttemptTime = 0;
-const STARTUP_BACKOFF_MS = 30000; // 30 seconds between startup attempts after failure
-/**
- * Initialize the application startup sequence (async)
- * Handles async initialization like fetching secrets from IDP
- */
-export async function ensureInitialized(): Promise<void> {
-  // If already initialized, return immediately
-  if (initializationComplete) {
-    return;
-  }
-  // If initialization is in progress, wait for it
-  if (initializationPromise) {
-    return initializationPromise;
-  }
-  // Prevent hammering IDP on rapid pod restarts
-  const now = Date.now();
-  if (initializationFailed && (now - lastStartupAttemptTime) < STARTUP_BACKOFF_MS) {
-    const remainingMs = STARTUP_BACKOFF_MS - (now - lastStartupAttemptTime);
-    console.warn('[STARTUP] In backoff period after previous failure, skipping IDP call', {
-      remainingMs: Math.round(remainingMs),
-      lastError: lastInitError?.message
-    });
-    // Re-throw last error so callers know we're still in failed state
-    throw lastInitError || new Error('Initialization in backoff period');
-  }
-  // Track this attempt time
-  lastStartupAttemptTime = now;
-  // Mark as started
-  initializationStarted = true;
-  // Start initialization
-  initializationPromise = performInitialization();
-  await initializationPromise;
-}
-/**
- * Synchronously log startup status
- * Can be called before async initialization is complete
- */
-export function logStartupStatus(): void {
-  if (!initializationStarted) {
-    console.log('\n');
-    console.log('╔══════════════════════════════════════════════════════════════╗');
-    console.log('║            🚀 PayEz Next MVP - Starting Up                    ║');
-    console.log('║                                                              ║');
-    console.log('║  Async initialization in progress...                         ║');
-    console.log('║  - Resolving NEXTAUTH_SECRET from IDP                       ║');
-    console.log('║  - Verifying environment configuration                       ║');
-    console.log('║                                                              ║');
-    console.log('║  Check logs below for detailed initialization status:        ║');
-    console.log('╚══════════════════════════════════════════════════════════════╝');
-    console.log('');
-  } else if (initializationComplete) {
-    console.log('\n');
-    console.log('╔══════════════════════════════════════════════════════════════╗');
-    console.log('║            ✨ PayEz Next MVP Ready for Requests ✨            ║');
-    console.log('╚══════════════════════════════════════════════════════════════╝');
-    console.log('');
-  } else if (lastInitError) {
-    console.log('\n');
-    console.log('╔══════════════════════════════════════════════════════════════╗');
-    console.log('║  ⚠️  Startup error detected - initialization may still retry  ║');
-    console.log('╚══════════════════════════════════════════════════════════════╝');
-    console.log('');
-  }
-}
-async function performInitialization(): Promise<void> {
-  console.log('\n');
-  console.log('╔══════════════════════════════════════════════════════════════╗');
-  console.log('║            PayEz Next MVP - Async Startup                     ║');
-  console.log('╚══════════════════════════════════════════════════════════════╝');
-  console.log('');
-  try {
-    // Step 1: Fetch full client config from IDP (includes secret, providers, settings)
-    console.log('[STARTUP] Step 1/2: Fetching client config from IDP...');
-    try {
-      const config = await getIDPClientConfig(true);
-      cachedIDPConfig = config;
-      console.log('[STARTUP] Client config loaded successfully');
-      console.log('[STARTUP]    - Client ID:', config.clientId);
-      console.log('[STARTUP]    - Client Slug:', config.clientSlug);
-      console.log('[STARTUP]    - Secret length:', config.nextAuthSecret?.length || 0, 'chars');
-      console.log('[STARTUP]    - OAuth Providers:', config.oauthProviders?.filter(p => p.enabled).map(p => p.provider).join(', ') || 'none');
-      console.log('[STARTUP]    - Require 2FA:', config.authSettings?.require2FA);
-      console.log('[STARTUP]    - Cache TTL:', config.configCacheTtlSeconds, 'seconds');
-      console.log('[STARTUP]    - Base Client URL:', config.baseClientUrl || '(not set)');
-      // Set NEXTAUTH_SECRET from IDP response if not already set
-      if (config.nextAuthSecret && !process.env.NEXTAUTH_SECRET) {
-        process.env.NEXTAUTH_SECRET = config.nextAuthSecret;
-        console.log('[STARTUP] Set NEXTAUTH_SECRET from IDP config');
-      }
-    } catch (error) {
-      const errorMsg = error instanceof Error ? error.message : String(error);
-      console.error('[STARTUP] IDP config fetch failed:', errorMsg);
-      // Fall back to legacy secret resolution
-      console.log('[STARTUP] Falling back to legacy NEXTAUTH_SECRET resolution...');
-      const { resolveNextAuthSecret } = await import('./nextauth-secret');
-      const secret = await resolveNextAuthSecret();
-      console.log('[STARTUP] NEXTAUTH_SECRET resolved via fallback');
-      console.log('[STARTUP]    - Secret length:', secret.length, 'chars');
-    }
-    // Step 2: Verify NEXTAUTH_SECRET is available - FAIL FAST if not
-    console.log('[STARTUP] Step 2/2: Verifying NEXTAUTH_SECRET...');
-    const secret = process.env.NEXTAUTH_SECRET;
-    if (!secret || secret.trim() === '') {
-      console.error('');
-      console.error('╔══════════════════════════════════════════════════════════════╗');
-      console.error('║   ❌ FATAL: NEXTAUTH_SECRET NOT AVAILABLE                     ║');
-      console.error('║                                                              ║');
-      console.error('║   The app cannot start without a valid NEXTAUTH_SECRET.      ║');
-      console.error('║   This should be fetched from IDP at startup.                ║');
-      console.error('║                                                              ║');
-      console.error('║   Possible causes:                                           ║');
-      console.error('║   • IDP is not running or unreachable                        ║');
-      console.error('║   • CLIENT_ID is not registered in IDP                       ║');
-      console.error('║   • IDP_URL is incorrect                                     ║');
-      console.error('║   • Network connectivity issue                               ║');
-      console.error('╚══════════════════════════════════════════════════════════════╝');
-      console.error('');
-      throw new Error('FATAL: NEXTAUTH_SECRET not available - cannot start without valid secret from IDP');
-    }
-    console.log('[STARTUP] NEXTAUTH_SECRET verified (' + secret.length + ' chars)');
-    // Step 3: Validate cookie name consistency
-    // This catches bugs where getJwtCookieName() returns a different name than
-    // what auth-options.ts configures, which causes sessions to fail in production
-    const { validateCookieNameConsistency, getSessionCookieName } = await import('./app-slug');
-    validateCookieNameConsistency();
-    console.log('[STARTUP] Cookie name consistency validated:', getSessionCookieName());
-    // All done
-    console.log('');
-    console.log('╔══════════════════════════════════════════════════════════════╗');
-    console.log('║            PayEz Next MVP Ready for Requests                  ║');
-    console.log('╚══════════════════════════════════════════════════════════════╝');
-    console.log('');
-    initializationComplete = true;
-    initializationFailed = false;
-    lastInitError = null;
-  } catch (error) {
-    lastInitError = error instanceof Error ? error : new Error(String(error));
-    initializationFailed = true;
-    const errorMsg = lastInitError.message || 'Unknown error';
-    const isConnectionError = errorMsg.includes('fetch failed') || errorMsg.includes('ECONNREFUSED');
-    const idpUrl = (process.env.IDP_URL || 'NOT SET').padEnd(46);
-    const clientId = (process.env.CLIENT_ID || 'NOT SET').padEnd(43);
-    const connectionLine = isConnectionError
-      ? '║   🔌 CONNECTION REFUSED - IDP appears to be down             ║\n║                                                              ║\n'
-      : '';
-    console.error(`
-╔══════════════════════════════════════════════════════════════╗
-║   ❌ FATAL: NEXTAUTH_SECRET NOT AVAILABLE                     ║
-║                                                              ║
-║   The app cannot start without a valid NEXTAUTH_SECRET.      ║
-║   This should be fetched from IDP at startup.                ║
-║                                                              ║
-${connectionLine}║   Possible causes:                                           ║
-║   • IDP is not running or unreachable                        ║
-║   • CLIENT_ID is not registered in IDP                       ║
-║   • IDP_URL is incorrect                                     ║
-║   • Network connectivity issue                               ║
-║                                                              ║
-║   Current config:                                            ║
-║   • IDP_URL: ${idpUrl}║
-║   • CLIENT_ID: ${clientId}║
-╚══════════════════════════════════════════════════════════════╝
-[STARTUP] Error: ${errorMsg}
-`);
-    // Re-throw so callers know initialization failed
-    throw lastInitError;
-  }
-}
-/**
- * Get the cached IDP config after initialization.
- * Returns null if not yet initialized.
- */
-export function getStartupIDPConfig(): IDPClientConfig | null {
-  return cachedIDPConfig;
-}
-/**
- * Check if initialization failed (NEXTAUTH_SECRET couldn't be retrieved)
- */
-export function isInitializationFailed(): boolean {
-  return initializationFailed;
-}
-/**
- * Get the last initialization error
- */
-export function getInitializationError(): Error | null {
-  return lastInitError;
-}
-/**
- * Check if the app is ready to handle auth requests
- */
-export function isAppReady(): boolean {
-  return initializationComplete && !initializationFailed;
-}
+/**
+ * Startup Initialization for MVP
+ *
+ * This module ensures that critical initialization tasks are completed
+ * before the application serves requests.
+ *
+ * Now uses unified IDP client config for:
+ * - NEXTAUTH_SECRET
+ * - OAuth provider configuration
+ * - Auth settings (2FA, session timeouts, etc.)
+ */
+import 'server-only';
+import { getIDPClientConfig, type IDPClientConfig } from './idp-client-config';
+let initializationStarted = false;
+let initializationComplete = false;
+let initializationFailed = false;
+let initializationPromise: Promise<void> | null = null;
+let lastInitError: Error | null = null;
+// Cached IDP config for access after initialization
+let cachedIDPConfig: IDPClientConfig | null = null;
+// Startup backoff to prevent pod restart storms from hammering IDP
+let lastStartupAttemptTime = 0;
+const STARTUP_BACKOFF_MS = 30000; // 30 seconds between startup attempts after failure
+/**
+ * Initialize the application startup sequence (async)
+ * Handles async initialization like fetching secrets from IDP
+ */
+export async function ensureInitialized(): Promise<void> {
+  // If already initialized, return immediately
+  if (initializationComplete) {
+    return;
+  }
+  // If initialization is in progress, wait for it
+  if (initializationPromise) {
+    return initializationPromise;
+  }
+  // Prevent hammering IDP on rapid pod restarts
+  const now = Date.now();
+  if (initializationFailed && (now - lastStartupAttemptTime) < STARTUP_BACKOFF_MS) {
+    const remainingMs = STARTUP_BACKOFF_MS - (now - lastStartupAttemptTime);
+    console.warn('[STARTUP] In backoff period after previous failure, skipping IDP call', {
+      remainingMs: Math.round(remainingMs),
+      lastError: lastInitError?.message
+    });
+    // Re-throw last error so callers know we're still in failed state
+    throw lastInitError || new Error('Initialization in backoff period');
+  }
+  // Track this attempt time
+  lastStartupAttemptTime = now;
+  // Mark as started
+  initializationStarted = true;
+  // Start initialization
+  initializationPromise = performInitialization();
+  await initializationPromise;
+}
+/**
+ * Synchronously log startup status
+ * Can be called before async initialization is complete
+ */
+export function logStartupStatus(): void {
+  if (!initializationStarted) {
+    console.log('\n');
+    console.log('╔══════════════════════════════════════════════════════════════╗');
+    console.log('║            🚀 PayEz Next MVP - Starting Up                    ║');
+    console.log('║                                                              ║');
+    console.log('║  Async initialization in progress...                         ║');
+    console.log('║  - Resolving NEXTAUTH_SECRET from IDP                       ║');
+    console.log('║  - Verifying environment configuration                       ║');
+    console.log('║                                                              ║');
+    console.log('║  Check logs below for detailed initialization status:        ║');
+    console.log('╚══════════════════════════════════════════════════════════════╝');
+    console.log('');
+  } else if (initializationComplete) {
+    console.log('\n');
+    console.log('╔══════════════════════════════════════════════════════════════╗');
+    console.log('║            ✨ PayEz Next MVP Ready for Requests ✨            ║');
+    console.log('╚══════════════════════════════════════════════════════════════╝');
+    console.log('');
+  } else if (lastInitError) {
+    console.log('\n');
+    console.log('╔══════════════════════════════════════════════════════════════╗');
+    console.log('║  ⚠️  Startup error detected - initialization may still retry  ║');
+    console.log('╚══════════════════════════════════════════════════════════════╝');
+    console.log('');
+  }
+}
+async function performInitialization(): Promise<void> {
+  console.log('\n');
+  console.log('╔══════════════════════════════════════════════════════════════╗');
+  console.log('║            PayEz Next MVP - Async Startup                     ║');
+  console.log('╚══════════════════════════════════════════════════════════════╝');
+  console.log('');
+  try {
+    // Step 1: Fetch full client config from IDP (includes secret, providers, settings)
+    console.log('[STARTUP] Step 1/2: Fetching client config from IDP...');
+    try {
+      const config = await getIDPClientConfig(true);
+      cachedIDPConfig = config;
+      console.log('[STARTUP] Client config loaded successfully');
+      console.log('[STARTUP]    - Client ID:', config.clientId);
+      console.log('[STARTUP]    - Client Slug:', config.clientSlug);
+      console.log('[STARTUP]    - Secret length:', config.nextAuthSecret?.length || 0, 'chars');
+      console.log('[STARTUP]    - OAuth Providers:', config.oauthProviders?.filter(p => p.enabled).map(p => p.provider).join(', ') || 'none');
+      console.log('[STARTUP]    - Require 2FA:', config.authSettings?.require2FA);
+      console.log('[STARTUP]    - Cache TTL:', config.configCacheTtlSeconds, 'seconds');
+      console.log('[STARTUP]    - Base Client URL:', config.baseClientUrl || '(not set)');
+      // Set NEXTAUTH_SECRET from IDP response if not already set
+      if (config.nextAuthSecret && !process.env.NEXTAUTH_SECRET) {
+        process.env.NEXTAUTH_SECRET = config.nextAuthSecret;
+        console.log('[STARTUP] Set NEXTAUTH_SECRET from IDP config');
+      }
+    } catch (error) {
+      const errorMsg = error instanceof Error ? error.message : String(error);
+      console.error('[STARTUP] IDP config fetch failed:', errorMsg);
+      // No fallback available — IDP config is the only source for the auth secret
+      console.error('[STARTUP] No fallback available for auth secret resolution');
+    }
+    // Step 2: Verify NEXTAUTH_SECRET is available - FAIL FAST if not
+    console.log('[STARTUP] Step 2/2: Verifying NEXTAUTH_SECRET...');
+    const secret = process.env.NEXTAUTH_SECRET;
+    if (!secret || secret.trim() === '') {
+      console.error('');
+      console.error('╔══════════════════════════════════════════════════════════════╗');
+      console.error('║   ❌ FATAL: NEXTAUTH_SECRET NOT AVAILABLE                     ║');
+      console.error('║                                                              ║');
+      console.error('║   The app cannot start without a valid NEXTAUTH_SECRET.      ║');
+      console.error('║   This should be fetched from IDP at startup.                ║');
+      console.error('║                                                              ║');
+      console.error('║   Possible causes:                                           ║');
+      console.error('║   • IDP is not running or unreachable                        ║');
+      console.error('║   • CLIENT_ID is not registered in IDP                       ║');
+      console.error('║   • IDP_URL is incorrect                                     ║');
+      console.error('║   • Network connectivity issue                               ║');
+      console.error('╚══════════════════════════════════════════════════════════════╝');
+      console.error('');
+      throw new Error('FATAL: NEXTAUTH_SECRET not available - cannot start without valid secret from IDP');
+    }
+    console.log('[STARTUP] NEXTAUTH_SECRET verified (' + secret.length + ' chars)');
+    // Step 3: Validate cookie name consistency
+    // This catches bugs where getJwtCookieName() returns a different name than
+    // what auth-options.ts configures, which causes sessions to fail in production
+    const { validateCookieNameConsistency, getSessionCookieName } = await import('./app-slug');
+    validateCookieNameConsistency();
+    console.log('[STARTUP] Cookie name consistency validated:', getSessionCookieName());
+    // All done
+    console.log('');
+    console.log('╔══════════════════════════════════════════════════════════════╗');
+    console.log('║            PayEz Next MVP Ready for Requests                  ║');
+    console.log('╚══════════════════════════════════════════════════════════════╝');
+    console.log('');
+    initializationComplete = true;
+    initializationFailed = false;
+    lastInitError = null;
+  } catch (error) {
+    lastInitError = error instanceof Error ? error : new Error(String(error));
+    initializationFailed = true;
+    const errorMsg = lastInitError.message || 'Unknown error';
+    const isConnectionError = errorMsg.includes('fetch failed') || errorMsg.includes('ECONNREFUSED');
+    const idpUrl = (process.env.IDP_URL || 'NOT SET').padEnd(46);
+    const clientId = (process.env.CLIENT_ID || 'NOT SET').padEnd(43);
+    const connectionLine = isConnectionError
+      ? '║   🔌 CONNECTION REFUSED - IDP appears to be down             ║\n║                                                              ║\n'
+      : '';
+    console.error(`
+╔══════════════════════════════════════════════════════════════╗
+║   ❌ FATAL: NEXTAUTH_SECRET NOT AVAILABLE                     ║
+║                                                              ║
+║   The app cannot start without a valid NEXTAUTH_SECRET.      ║
+║   This should be fetched from IDP at startup.                ║
+║                                                              ║
+${connectionLine}║   Possible causes:                                           ║
+║   • IDP is not running or unreachable                        ║
+║   • CLIENT_ID is not registered in IDP                       ║
+║   • IDP_URL is incorrect                                     ║
+║   • Network connectivity issue                               ║
+║                                                              ║
+║   Current config:                                            ║
+║   • IDP_URL: ${idpUrl}║
+║   • CLIENT_ID: ${clientId}║
+╚══════════════════════════════════════════════════════════════╝
+[STARTUP] Error: ${errorMsg}
+`);
+    // Re-throw so callers know initialization failed
+    throw lastInitError;
+  }
+}
+/**
+ * Get the cached IDP config after initialization.
+ * Returns null if not yet initialized.
+ */
+export function getStartupIDPConfig(): IDPClientConfig | null {
+  return cachedIDPConfig;
+}
+/**
+ * Check if initialization failed (NEXTAUTH_SECRET couldn't be retrieved)
+ */
+export function isInitializationFailed(): boolean {
+  return initializationFailed;
+}
+/**
+ * Get the last initialization error
+ */
+export function getInitializationError(): Error | null {
+  return lastInitError;
+}
+/**
+ * Check if the app is ready to handle auth requests
+ */
+export function isAppReady(): boolean {
+  return initializationComplete && !initializationFailed;
+}

package/src/lib/test-aware-get-token.ts CHANGED Viewed

@@ -1,17 +1,18 @@
 import { NextRequest } from 'next/server';
-import { getToken as nextAuthGetToken } from 'next-auth/jwt';
 import { logger } from '../config/logger';
-import { resolveNextAuthSecret } from './nextauth-secret';
-import { getSessionCookieName, getSecureSessionCookieName } from './app-slug';
+import { getSession } from '../server/auth';
+import { getSessionCookieName } from './app-slug';
 export async function getTokenTestAware(req: NextRequest): Promise<any> {
-  let secret = process.env.NEXTAUTH_SECRET;
-  if (!secret || secret.trim() === '') {
-    try { secret = await resolveNextAuthSecret(); } catch (e) { logger.error('[GET_TOKEN] Failed to resolve NEXTAUTH_SECRET', { error: e instanceof Error ? e.message : String(e) }); return null; }
-  }
   if (process.env.TEST_MODE === 'true') {
     try {
-      // Use app-slug prefixed cookie name (must match auth-options.ts)
+      let secret = process.env.NEXTAUTH_SECRET;
+      if (!secret || secret.trim() === '') {
+        const { getIDPClientConfig } = await import('./idp-client-config');
+        const idpConfig = await getIDPClientConfig();
+        secret = idpConfig.nextAuthSecret as string;
+      }
+      // Use app-slug prefixed cookie name
       const cookieName = getSessionCookieName();
       const cookies = req.headers.get('cookie'); if (!cookies) { logger.debug('[GET_TOKEN] No cookies in request'); return null; }
       const cookieValue = cookies.split(';').find(c => c.trim().startsWith(`${cookieName}=`))?.split('=')[1];
@@ -23,8 +24,17 @@ export async function getTokenTestAware(req: NextRequest): Promise<any> {
       return payload;
     } catch (error) { logger.error('[GET_TOKEN] TEST_MODE token decode error:', { error: error instanceof Error ? error.message : String(error) }); return null; }
   }
-  // Use app-slug prefixed cookie name (must match auth-options.ts)
-  // In production, NextAuth uses __Secure- prefix for cookies
-  const cookieName = process.env.NODE_ENV === 'production' ? getSecureSessionCookieName() : getSessionCookieName();
-  return await nextAuthGetToken({ req, secret, cookieName });
+  // Production path: use Better Auth session
+  const session = await getSession(req);
+  if (!session) return null;
+  // Return a token-like object for backward compatibility with callers
+  // that access token.sub, token.email, token.sessionToken, token.roles, etc.
+  return {
+    sub: session.user?.id,
+    email: session.user?.email,
+    name: session.user?.name,
+    sessionToken: session.session?.token,
+    roles: session.user?.roles || [],
+    ...(session.user || {}),
+  };
 }