@payez/next-mvp 3.9.1 → 4.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +6 -18
- package/src/api/auth-handler.ts +550 -549
- package/src/api-handlers/account/change-password.ts +5 -8
- package/src/api-handlers/admin/analytics.ts +4 -6
- package/src/api-handlers/admin/audit.ts +5 -7
- package/src/api-handlers/admin/index.ts +1 -2
- package/src/api-handlers/admin/redis-sessions.ts +6 -8
- package/src/api-handlers/admin/sessions.ts +5 -7
- package/src/api-handlers/admin/site-logs.ts +8 -10
- package/src/api-handlers/admin/stats.ts +4 -6
- package/src/api-handlers/admin/users.ts +5 -7
- package/src/api-handlers/admin/vibe-data.ts +10 -12
- package/src/api-handlers/auth/refresh.ts +5 -7
- package/src/api-handlers/auth/signout.ts +5 -6
- package/src/api-handlers/auth/status.ts +4 -7
- package/src/api-handlers/auth/update-session.ts +123 -125
- package/src/api-handlers/auth/verify-code.ts +9 -13
- package/src/api-handlers/session/viability.ts +10 -47
- package/src/api-handlers/test/force-expire.ts +4 -11
- package/src/auth/auth-decision.ts +1 -1
- package/src/auth/better-auth.ts +138 -141
- package/src/auth/route-config.ts +219 -219
- package/src/auth/utils/token-utils.ts +0 -1
- package/src/client/AuthContext.tsx +6 -2
- package/src/client/fetch-with-auth.ts +47 -47
- package/src/components/SessionSync.tsx +6 -5
- package/src/components/account/MobileNavDrawer.tsx +3 -3
- package/src/components/account/UserAvatarMenu.tsx +6 -3
- package/src/components/admin/VibeAdminLayout.tsx +4 -2
- package/src/config/logger.ts +1 -1
- package/src/hooks/useAuth.ts +117 -115
- package/src/hooks/useAuthSettings.ts +2 -2
- package/src/hooks/useAvailableProviders.ts +9 -5
- package/src/hooks/useSessionExpiration.ts +101 -102
- package/src/hooks/useViabilitySession.ts +336 -335
- package/src/index.ts +60 -63
- package/src/lib/api-handler.ts +0 -1
- package/src/lib/app-slug.ts +6 -6
- package/src/lib/standardized-client-api.ts +901 -895
- package/src/lib/startup-init.ts +243 -247
- package/src/lib/test-aware-get-token.ts +22 -12
- package/src/lib/token-lifecycle.ts +12 -53
- package/src/pages/admin-login/page.tsx +9 -17
- package/src/pages/client-admin/ClientSiteAdminPage.tsx +4 -2
- package/src/pages/login/page.tsx +21 -28
- package/src/pages/showcase/ShowcasePage.tsx +4 -2
- package/src/pages/test-env/EmergencyLogoutPage.tsx +7 -6
- package/src/pages/test-env/JwtInspectPage.tsx +5 -3
- package/src/pages/test-env/RefreshTokenPage.tsx +157 -155
- package/src/pages/test-env/TestEnvPage.tsx +4 -2
- package/src/pages/verify-code/page.tsx +10 -6
- package/src/routes/auth/logout.ts +7 -25
- package/src/routes/auth/nextauth.ts +45 -71
- package/src/routes/auth/session.ts +25 -50
- package/src/routes/auth/viability.ts +7 -19
- package/src/server/auth.ts +60 -0
- package/src/stores/authStore.ts +1899 -1904
- package/src/utils/logout.ts +30 -30
- package/dist/api/auth-handler.d.ts +0 -67
- package/dist/api/auth-handler.js +0 -397
- package/dist/api/index.d.ts +0 -10
- package/dist/api/index.js +0 -19
- package/dist/api-handlers/account/change-password.d.ts +0 -9
- package/dist/api-handlers/account/change-password.js +0 -112
- package/dist/api-handlers/account/masked-info.d.ts +0 -2
- package/dist/api-handlers/account/masked-info.js +0 -41
- package/dist/api-handlers/account/profile.d.ts +0 -3
- package/dist/api-handlers/account/profile.js +0 -63
- package/dist/api-handlers/account/recovery/initiate.d.ts +0 -2
- package/dist/api-handlers/account/recovery/initiate.js +0 -26
- package/dist/api-handlers/account/recovery/send-code.d.ts +0 -2
- package/dist/api-handlers/account/recovery/send-code.js +0 -28
- package/dist/api-handlers/account/recovery/verify-code.d.ts +0 -2
- package/dist/api-handlers/account/recovery/verify-code.js +0 -28
- package/dist/api-handlers/account/reset-password.d.ts +0 -2
- package/dist/api-handlers/account/reset-password.js +0 -26
- package/dist/api-handlers/account/send-code.d.ts +0 -24
- package/dist/api-handlers/account/send-code.js +0 -60
- package/dist/api-handlers/account/update-phone.d.ts +0 -27
- package/dist/api-handlers/account/update-phone.js +0 -64
- package/dist/api-handlers/account/validate-password.d.ts +0 -17
- package/dist/api-handlers/account/validate-password.js +0 -81
- package/dist/api-handlers/account/verify-email.d.ts +0 -26
- package/dist/api-handlers/account/verify-email.js +0 -106
- package/dist/api-handlers/account/verify-sms.d.ts +0 -26
- package/dist/api-handlers/account/verify-sms.js +0 -106
- package/dist/api-handlers/admin/analytics.d.ts +0 -20
- package/dist/api-handlers/admin/analytics.js +0 -379
- package/dist/api-handlers/admin/audit.d.ts +0 -20
- package/dist/api-handlers/admin/audit.js +0 -214
- package/dist/api-handlers/admin/index.d.ts +0 -22
- package/dist/api-handlers/admin/index.js +0 -43
- package/dist/api-handlers/admin/redis-sessions.d.ts +0 -36
- package/dist/api-handlers/admin/redis-sessions.js +0 -204
- package/dist/api-handlers/admin/sessions.d.ts +0 -21
- package/dist/api-handlers/admin/sessions.js +0 -284
- package/dist/api-handlers/admin/site-logs.d.ts +0 -46
- package/dist/api-handlers/admin/site-logs.js +0 -318
- package/dist/api-handlers/admin/stats.d.ts +0 -21
- package/dist/api-handlers/admin/stats.js +0 -240
- package/dist/api-handlers/admin/users.d.ts +0 -20
- package/dist/api-handlers/admin/users.js +0 -222
- package/dist/api-handlers/admin/vibe-data.d.ts +0 -80
- package/dist/api-handlers/admin/vibe-data.js +0 -268
- package/dist/api-handlers/anon/preferences.d.ts +0 -37
- package/dist/api-handlers/anon/preferences.js +0 -96
- package/dist/api-handlers/auth/jwks.d.ts +0 -2
- package/dist/api-handlers/auth/jwks.js +0 -24
- package/dist/api-handlers/auth/login.d.ts +0 -42
- package/dist/api-handlers/auth/login.js +0 -178
- package/dist/api-handlers/auth/refresh.d.ts +0 -74
- package/dist/api-handlers/auth/refresh.js +0 -635
- package/dist/api-handlers/auth/signout.d.ts +0 -37
- package/dist/api-handlers/auth/signout.js +0 -187
- package/dist/api-handlers/auth/status.d.ts +0 -8
- package/dist/api-handlers/auth/status.js +0 -26
- package/dist/api-handlers/auth/update-session.d.ts +0 -37
- package/dist/api-handlers/auth/update-session.js +0 -95
- package/dist/api-handlers/auth/validate.d.ts +0 -6
- package/dist/api-handlers/auth/validate.js +0 -43
- package/dist/api-handlers/auth/verify-code.d.ts +0 -43
- package/dist/api-handlers/auth/verify-code.js +0 -94
- package/dist/api-handlers/session/refresh-viability.d.ts +0 -14
- package/dist/api-handlers/session/refresh-viability.js +0 -39
- package/dist/api-handlers/session/viability.d.ts +0 -13
- package/dist/api-handlers/session/viability.js +0 -146
- package/dist/api-handlers/test/force-expire.d.ts +0 -23
- package/dist/api-handlers/test/force-expire.js +0 -65
- package/dist/auth/auth-decision.d.ts +0 -39
- package/dist/auth/auth-decision.js +0 -182
- package/dist/auth/auth-options.d.ts +0 -57
- package/dist/auth/auth-options.js +0 -213
- package/dist/auth/better-auth.d.ts +0 -82
- package/dist/auth/better-auth.js +0 -122
- package/dist/auth/callbacks/index.d.ts +0 -6
- package/dist/auth/callbacks/index.js +0 -12
- package/dist/auth/callbacks/jwt.d.ts +0 -45
- package/dist/auth/callbacks/jwt.js +0 -305
- package/dist/auth/callbacks/session.d.ts +0 -60
- package/dist/auth/callbacks/session.js +0 -170
- package/dist/auth/callbacks/signin.d.ts +0 -23
- package/dist/auth/callbacks/signin.js +0 -44
- package/dist/auth/events/index.d.ts +0 -4
- package/dist/auth/events/index.js +0 -8
- package/dist/auth/events/signout.d.ts +0 -17
- package/dist/auth/events/signout.js +0 -32
- package/dist/auth/providers/credentials.d.ts +0 -32
- package/dist/auth/providers/credentials.js +0 -223
- package/dist/auth/providers/index.d.ts +0 -5
- package/dist/auth/providers/index.js +0 -21
- package/dist/auth/providers/oauth.d.ts +0 -26
- package/dist/auth/providers/oauth.js +0 -105
- package/dist/auth/route-config.d.ts +0 -66
- package/dist/auth/route-config.js +0 -190
- package/dist/auth/types/auth-types.d.ts +0 -417
- package/dist/auth/types/auth-types.js +0 -53
- package/dist/auth/types/index.d.ts +0 -6
- package/dist/auth/types/index.js +0 -22
- package/dist/auth/unauthenticated-routes.d.ts +0 -1
- package/dist/auth/unauthenticated-routes.js +0 -19
- package/dist/auth/utils/idp-client.d.ts +0 -94
- package/dist/auth/utils/idp-client.js +0 -384
- package/dist/auth/utils/index.d.ts +0 -5
- package/dist/auth/utils/index.js +0 -21
- package/dist/auth/utils/token-utils.d.ts +0 -84
- package/dist/auth/utils/token-utils.js +0 -219
- package/dist/client/AuthContext.d.ts +0 -19
- package/dist/client/AuthContext.js +0 -112
- package/dist/client/better-auth-client.d.ts +0 -1020
- package/dist/client/better-auth-client.js +0 -68
- package/dist/client/fetch-with-auth.d.ts +0 -11
- package/dist/client/fetch-with-auth.js +0 -44
- package/dist/client/fetchWithSession.d.ts +0 -3
- package/dist/client/fetchWithSession.js +0 -24
- package/dist/client/index.d.ts +0 -9
- package/dist/client/index.js +0 -20
- package/dist/client/useAnonSession.d.ts +0 -36
- package/dist/client/useAnonSession.js +0 -99
- package/dist/components/SessionSync.d.ts +0 -13
- package/dist/components/SessionSync.js +0 -119
- package/dist/components/SignalRHealthCheck.d.ts +0 -10
- package/dist/components/SignalRHealthCheck.js +0 -97
- package/dist/components/account/MobileNavDrawer.d.ts +0 -32
- package/dist/components/account/MobileNavDrawer.js +0 -81
- package/dist/components/account/UserAvatarMenu.d.ts +0 -20
- package/dist/components/account/UserAvatarMenu.js +0 -88
- package/dist/components/account/index.d.ts +0 -9
- package/dist/components/account/index.js +0 -13
- package/dist/components/admin/AlertSettingsTab.d.ts +0 -48
- package/dist/components/admin/AlertSettingsTab.js +0 -351
- package/dist/components/admin/AnalyticsTab.d.ts +0 -22
- package/dist/components/admin/AnalyticsTab.js +0 -167
- package/dist/components/admin/DataBrowserTab.d.ts +0 -19
- package/dist/components/admin/DataBrowserTab.js +0 -252
- package/dist/components/admin/LoggingSettingsTab.d.ts +0 -73
- package/dist/components/admin/LoggingSettingsTab.js +0 -339
- package/dist/components/admin/SessionsTab.d.ts +0 -37
- package/dist/components/admin/SessionsTab.js +0 -165
- package/dist/components/admin/StatsTab.d.ts +0 -53
- package/dist/components/admin/StatsTab.js +0 -161
- package/dist/components/admin/VibeAdminContext.d.ts +0 -32
- package/dist/components/admin/VibeAdminContext.js +0 -38
- package/dist/components/admin/VibeAdminLayout.d.ts +0 -11
- package/dist/components/admin/VibeAdminLayout.js +0 -69
- package/dist/components/admin/index.d.ts +0 -29
- package/dist/components/admin/index.js +0 -44
- package/dist/components/auth/FederatedAuthSection.d.ts +0 -8
- package/dist/components/auth/FederatedAuthSection.js +0 -45
- package/dist/components/auth/ModeAwareLoginPage.d.ts +0 -10
- package/dist/components/auth/ModeAwareLoginPage.js +0 -42
- package/dist/components/auth/ModeAwareSignupPage.d.ts +0 -9
- package/dist/components/auth/ModeAwareSignupPage.js +0 -78
- package/dist/components/auth/TraditionalAuthSection.d.ts +0 -14
- package/dist/components/auth/TraditionalAuthSection.js +0 -20
- package/dist/components/recovery/CompleteStep.d.ts +0 -5
- package/dist/components/recovery/CompleteStep.js +0 -8
- package/dist/components/recovery/InitiateRecoveryStep.d.ts +0 -8
- package/dist/components/recovery/InitiateRecoveryStep.js +0 -20
- package/dist/components/recovery/SelectMethodStep.d.ts +0 -8
- package/dist/components/recovery/SelectMethodStep.js +0 -8
- package/dist/components/recovery/SetPasswordStep.d.ts +0 -6
- package/dist/components/recovery/SetPasswordStep.js +0 -20
- package/dist/components/recovery/VerifyCodeStep.d.ts +0 -10
- package/dist/components/recovery/VerifyCodeStep.js +0 -24
- package/dist/components/reserved/ReservedRecoveryWarning.d.ts +0 -38
- package/dist/components/reserved/ReservedRecoveryWarning.js +0 -92
- package/dist/components/reserved/ReservedStatusBox.d.ts +0 -30
- package/dist/components/reserved/ReservedStatusBox.js +0 -71
- package/dist/components/ui/BetaBadge.d.ts +0 -29
- package/dist/components/ui/BetaBadge.js +0 -38
- package/dist/components/ui/Footer.d.ts +0 -37
- package/dist/components/ui/Footer.js +0 -41
- package/dist/config/env.d.ts +0 -66
- package/dist/config/env.js +0 -57
- package/dist/config/logger.d.ts +0 -57
- package/dist/config/logger.js +0 -73
- package/dist/config/logging-config.d.ts +0 -30
- package/dist/config/logging-config.js +0 -122
- package/dist/config/unauthenticated-routes.d.ts +0 -17
- package/dist/config/unauthenticated-routes.js +0 -24
- package/dist/config/vibe-log-transport.d.ts +0 -81
- package/dist/config/vibe-log-transport.js +0 -212
- package/dist/edge/internal-api-url.d.ts +0 -53
- package/dist/edge/internal-api-url.js +0 -63
- package/dist/edge/middleware.d.ts +0 -14
- package/dist/edge/middleware.js +0 -32
- package/dist/hooks/useAuth.d.ts +0 -23
- package/dist/hooks/useAuth.js +0 -81
- package/dist/hooks/useAuthSettings.d.ts +0 -59
- package/dist/hooks/useAuthSettings.js +0 -93
- package/dist/hooks/useAvailableProviders.d.ts +0 -45
- package/dist/hooks/useAvailableProviders.js +0 -108
- package/dist/hooks/usePasswordValidation.d.ts +0 -27
- package/dist/hooks/usePasswordValidation.js +0 -102
- package/dist/hooks/useProfile.d.ts +0 -15
- package/dist/hooks/useProfile.js +0 -59
- package/dist/hooks/usePublicAuthSettings.d.ts +0 -56
- package/dist/hooks/usePublicAuthSettings.js +0 -131
- package/dist/hooks/useSessionExpiration.d.ts +0 -57
- package/dist/hooks/useSessionExpiration.js +0 -72
- package/dist/hooks/useViabilitySession.d.ts +0 -75
- package/dist/hooks/useViabilitySession.js +0 -268
- package/dist/index.d.ts +0 -12
- package/dist/index.js +0 -55
- package/dist/lib/anon-session.d.ts +0 -74
- package/dist/lib/anon-session.js +0 -169
- package/dist/lib/api-handler.d.ts +0 -123
- package/dist/lib/api-handler.js +0 -478
- package/dist/lib/app-slug.d.ts +0 -95
- package/dist/lib/app-slug.js +0 -172
- package/dist/lib/demo-mode.d.ts +0 -6
- package/dist/lib/demo-mode.js +0 -16
- package/dist/lib/geolocation.d.ts +0 -64
- package/dist/lib/geolocation.js +0 -235
- package/dist/lib/idp-client-config.d.ts +0 -75
- package/dist/lib/idp-client-config.js +0 -425
- package/dist/lib/idp-fetch.d.ts +0 -14
- package/dist/lib/idp-fetch.js +0 -91
- package/dist/lib/internal-api.d.ts +0 -87
- package/dist/lib/internal-api.js +0 -122
- package/dist/lib/jwt-decode-client.d.ts +0 -10
- package/dist/lib/jwt-decode-client.js +0 -46
- package/dist/lib/jwt-decode.d.ts +0 -48
- package/dist/lib/jwt-decode.js +0 -57
- package/dist/lib/nextauth-secret.d.ts +0 -10
- package/dist/lib/nextauth-secret.js +0 -100
- package/dist/lib/rate-limit-service.d.ts +0 -23
- package/dist/lib/rate-limit-service.js +0 -6
- package/dist/lib/redis.d.ts +0 -5
- package/dist/lib/redis.js +0 -28
- package/dist/lib/refresh-token-validator.d.ts +0 -13
- package/dist/lib/refresh-token-validator.js +0 -117
- package/dist/lib/roles.d.ts +0 -145
- package/dist/lib/roles.js +0 -168
- package/dist/lib/secret-validation.d.ts +0 -4
- package/dist/lib/secret-validation.js +0 -14
- package/dist/lib/session-store.d.ts +0 -170
- package/dist/lib/session-store.js +0 -545
- package/dist/lib/session.d.ts +0 -21
- package/dist/lib/session.js +0 -26
- package/dist/lib/site-logger.d.ts +0 -214
- package/dist/lib/site-logger.js +0 -210
- package/dist/lib/standardized-client-api.d.ts +0 -161
- package/dist/lib/standardized-client-api.js +0 -786
- package/dist/lib/startup-init.d.ts +0 -40
- package/dist/lib/startup-init.js +0 -261
- package/dist/lib/test-aware-get-token.d.ts +0 -2
- package/dist/lib/test-aware-get-token.js +0 -81
- package/dist/lib/token-expiry.d.ts +0 -14
- package/dist/lib/token-expiry.js +0 -39
- package/dist/lib/token-lifecycle.d.ts +0 -52
- package/dist/lib/token-lifecycle.js +0 -398
- package/dist/lib/types/api-responses.d.ts +0 -128
- package/dist/lib/types/api-responses.js +0 -171
- package/dist/lib/user-agent-parser.d.ts +0 -50
- package/dist/lib/user-agent-parser.js +0 -220
- package/dist/logging/api/admin-analytics.d.ts +0 -3
- package/dist/logging/api/admin-analytics.js +0 -45
- package/dist/logging/api/audit-log.d.ts +0 -3
- package/dist/logging/api/audit-log.js +0 -52
- package/dist/logging/components/AdminAnalyticsLayout.d.ts +0 -10
- package/dist/logging/components/AdminAnalyticsLayout.js +0 -11
- package/dist/logging/components/AuditLogViewer.d.ts +0 -7
- package/dist/logging/components/AuditLogViewer.js +0 -51
- package/dist/logging/components/ErrorMetricsCard.d.ts +0 -7
- package/dist/logging/components/ErrorMetricsCard.js +0 -16
- package/dist/logging/components/HealthMetricsCard.d.ts +0 -7
- package/dist/logging/components/HealthMetricsCard.js +0 -19
- package/dist/logging/hooks/useAdminAnalytics.d.ts +0 -24
- package/dist/logging/hooks/useAdminAnalytics.js +0 -22
- package/dist/logging/hooks/useAuditLog.d.ts +0 -6
- package/dist/logging/hooks/useAuditLog.js +0 -25
- package/dist/logging/hooks/useErrorMetrics.d.ts +0 -6
- package/dist/logging/hooks/useErrorMetrics.js +0 -38
- package/dist/logging/hooks/useHealthMetrics.d.ts +0 -6
- package/dist/logging/hooks/useHealthMetrics.js +0 -41
- package/dist/logging/index.d.ts +0 -11
- package/dist/logging/index.js +0 -40
- package/dist/logging/types/analytics.d.ts +0 -68
- package/dist/logging/types/analytics.js +0 -3
- package/dist/logging/types/audit.d.ts +0 -29
- package/dist/logging/types/audit.js +0 -2
- package/dist/logging/types/index.d.ts +0 -2
- package/dist/logging/types/index.js +0 -19
- package/dist/middleware/auth-decision.d.ts +0 -33
- package/dist/middleware/auth-decision.js +0 -65
- package/dist/middleware/create-middleware.d.ts +0 -102
- package/dist/middleware/create-middleware.js +0 -469
- package/dist/middleware/rbac-check.d.ts +0 -51
- package/dist/middleware/rbac-check.js +0 -219
- package/dist/middleware/twofa-presets.d.ts +0 -134
- package/dist/middleware/twofa-presets.js +0 -175
- package/dist/models/DecodedAccessToken.d.ts +0 -17
- package/dist/models/DecodedAccessToken.js +0 -2
- package/dist/models/SessionModel.d.ts +0 -122
- package/dist/models/SessionModel.js +0 -136
- package/dist/pages/admin-login/page.d.ts +0 -31
- package/dist/pages/admin-login/page.js +0 -83
- package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.d.ts +0 -18
- package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.js +0 -276
- package/dist/pages/admin-page-permissions/index.d.ts +0 -6
- package/dist/pages/admin-page-permissions/index.js +0 -13
- package/dist/pages/admin-roles/RolesAdminPage.d.ts +0 -16
- package/dist/pages/admin-roles/RolesAdminPage.js +0 -261
- package/dist/pages/admin-roles/index.d.ts +0 -8
- package/dist/pages/admin-roles/index.js +0 -15
- package/dist/pages/admin-roles/modals.d.ts +0 -72
- package/dist/pages/admin-roles/modals.js +0 -154
- package/dist/pages/client-admin/ClientSiteAdminPage.d.ts +0 -79
- package/dist/pages/client-admin/ClientSiteAdminPage.js +0 -177
- package/dist/pages/client-admin/index.d.ts +0 -32
- package/dist/pages/client-admin/index.js +0 -37
- package/dist/pages/coming-soon/page.d.ts +0 -8
- package/dist/pages/coming-soon/page.js +0 -28
- package/dist/pages/login/page.d.ts +0 -22
- package/dist/pages/login/page.js +0 -239
- package/dist/pages/profile/EnhancedProfilePage.d.ts +0 -13
- package/dist/pages/profile/EnhancedProfilePage.js +0 -150
- package/dist/pages/profile/index.d.ts +0 -8
- package/dist/pages/profile/index.js +0 -16
- package/dist/pages/profile/page.d.ts +0 -19
- package/dist/pages/profile/page.js +0 -47
- package/dist/pages/profile/profile-patch.d.ts +0 -1
- package/dist/pages/profile/profile-patch.js +0 -281
- package/dist/pages/recovery/page.d.ts +0 -1
- package/dist/pages/recovery/page.js +0 -142
- package/dist/pages/roles/MyRolesPage.d.ts +0 -24
- package/dist/pages/roles/MyRolesPage.js +0 -71
- package/dist/pages/roles/components.d.ts +0 -63
- package/dist/pages/roles/components.js +0 -108
- package/dist/pages/roles/index.d.ts +0 -8
- package/dist/pages/roles/index.js +0 -19
- package/dist/pages/security/EnhancedSecurityPage.d.ts +0 -14
- package/dist/pages/security/EnhancedSecurityPage.js +0 -248
- package/dist/pages/security/index.d.ts +0 -8
- package/dist/pages/security/index.js +0 -16
- package/dist/pages/security/page.d.ts +0 -21
- package/dist/pages/security/page.js +0 -212
- package/dist/pages/security/security-patch.d.ts +0 -1
- package/dist/pages/security/security-patch.js +0 -302
- package/dist/pages/settings/EnhancedSettingsPage.d.ts +0 -46
- package/dist/pages/settings/EnhancedSettingsPage.js +0 -231
- package/dist/pages/settings/index.d.ts +0 -8
- package/dist/pages/settings/index.js +0 -16
- package/dist/pages/settings/page.d.ts +0 -7
- package/dist/pages/settings/page.js +0 -26
- package/dist/pages/showcase/ShowcasePage.d.ts +0 -13
- package/dist/pages/showcase/ShowcasePage.js +0 -140
- package/dist/pages/showcase/index.d.ts +0 -12
- package/dist/pages/showcase/index.js +0 -17
- package/dist/pages/test-env/EmergencyLogoutPage.d.ts +0 -14
- package/dist/pages/test-env/EmergencyLogoutPage.js +0 -98
- package/dist/pages/test-env/JwtInspectPage.d.ts +0 -14
- package/dist/pages/test-env/JwtInspectPage.js +0 -114
- package/dist/pages/test-env/RefreshTokenPage.d.ts +0 -15
- package/dist/pages/test-env/RefreshTokenPage.js +0 -91
- package/dist/pages/test-env/TestEnvPage.d.ts +0 -13
- package/dist/pages/test-env/TestEnvPage.js +0 -49
- package/dist/pages/test-env/index.d.ts +0 -24
- package/dist/pages/test-env/index.js +0 -32
- package/dist/pages/verify-code/page.d.ts +0 -30
- package/dist/pages/verify-code/page.js +0 -408
- package/dist/routes/account/index.d.ts +0 -28
- package/dist/routes/account/index.js +0 -71
- package/dist/routes/account/masked-info.d.ts +0 -33
- package/dist/routes/account/masked-info.js +0 -39
- package/dist/routes/account/send-code.d.ts +0 -37
- package/dist/routes/account/send-code.js +0 -42
- package/dist/routes/account/update-phone.d.ts +0 -13
- package/dist/routes/account/update-phone.js +0 -17
- package/dist/routes/account/verify-email.d.ts +0 -38
- package/dist/routes/account/verify-email.js +0 -43
- package/dist/routes/account/verify-sms.d.ts +0 -38
- package/dist/routes/account/verify-sms.js +0 -43
- package/dist/routes/auth/index.d.ts +0 -19
- package/dist/routes/auth/index.js +0 -64
- package/dist/routes/auth/logout.d.ts +0 -31
- package/dist/routes/auth/logout.js +0 -113
- package/dist/routes/auth/nextauth.d.ts +0 -19
- package/dist/routes/auth/nextauth.js +0 -72
- package/dist/routes/auth/refresh.d.ts +0 -30
- package/dist/routes/auth/refresh.js +0 -51
- package/dist/routes/auth/session.d.ts +0 -43
- package/dist/routes/auth/session.js +0 -179
- package/dist/routes/auth/settings.d.ts +0 -25
- package/dist/routes/auth/settings.js +0 -55
- package/dist/routes/auth/viability.d.ts +0 -52
- package/dist/routes/auth/viability.js +0 -201
- package/dist/routes/index.d.ts +0 -12
- package/dist/routes/index.js +0 -54
- package/dist/routes/session/index.d.ts +0 -6
- package/dist/routes/session/index.js +0 -10
- package/dist/routes/session/refresh-viability.d.ts +0 -16
- package/dist/routes/session/refresh-viability.js +0 -20
- package/dist/server/auth-guard.d.ts +0 -46
- package/dist/server/auth-guard.js +0 -128
- package/dist/server/decode-session.d.ts +0 -30
- package/dist/server/decode-session.js +0 -78
- package/dist/server/slim-middleware.d.ts +0 -23
- package/dist/server/slim-middleware.js +0 -89
- package/dist/server/with-auth.d.ts +0 -33
- package/dist/server/with-auth.js +0 -59
- package/dist/services/signalrActivityService.d.ts +0 -44
- package/dist/services/signalrActivityService.js +0 -257
- package/dist/stores/authStore.d.ts +0 -154
- package/dist/stores/authStore.js +0 -1531
- package/dist/theme/ThemeProvider.d.ts +0 -14
- package/dist/theme/ThemeProvider.js +0 -28
- package/dist/theme/default.d.ts +0 -8
- package/dist/theme/default.js +0 -33
- package/dist/theme/index.d.ts +0 -15
- package/dist/theme/index.js +0 -25
- package/dist/theme/types.d.ts +0 -56
- package/dist/theme/types.js +0 -8
- package/dist/theme/useTheme.d.ts +0 -60
- package/dist/theme/useTheme.js +0 -63
- package/dist/theme/utils.d.ts +0 -13
- package/dist/theme/utils.js +0 -39
- package/dist/types/api.d.ts +0 -134
- package/dist/types/api.js +0 -44
- package/dist/types/auth.d.ts +0 -19
- package/dist/types/auth.js +0 -2
- package/dist/types/logging.d.ts +0 -42
- package/dist/types/logging.js +0 -2
- package/dist/types/recovery.d.ts +0 -48
- package/dist/types/recovery.js +0 -2
- package/dist/types/security.d.ts +0 -1
- package/dist/types/security.js +0 -2
- package/dist/utils/api.d.ts +0 -85
- package/dist/utils/api.js +0 -287
- package/dist/utils/circuitBreaker.d.ts +0 -43
- package/dist/utils/circuitBreaker.js +0 -91
- package/dist/utils/error-message.d.ts +0 -1
- package/dist/utils/error-message.js +0 -103
- package/dist/utils/layout/reservedSpace.d.ts +0 -59
- package/dist/utils/layout/reservedSpace.js +0 -102
- package/dist/utils/logout.d.ts +0 -14
- package/dist/utils/logout.js +0 -32
- package/dist/vibe/client.d.ts +0 -261
- package/dist/vibe/client.js +0 -445
- package/dist/vibe/enterprise-auth.d.ts +0 -106
- package/dist/vibe/enterprise-auth.js +0 -173
- package/dist/vibe/errors.d.ts +0 -83
- package/dist/vibe/errors.js +0 -146
- package/dist/vibe/generic.d.ts +0 -234
- package/dist/vibe/generic.js +0 -369
- package/dist/vibe/hooks/index.d.ts +0 -169
- package/dist/vibe/hooks/index.js +0 -252
- package/dist/vibe/index.d.ts +0 -25
- package/dist/vibe/index.js +0 -72
- package/dist/vibe/sessions.d.ts +0 -161
- package/dist/vibe/sessions.js +0 -391
- package/dist/vibe/types.d.ts +0 -353
- package/dist/vibe/types.js +0 -315
- package/src/auth/auth-options.ts +0 -237
- package/src/auth/callbacks/index.ts +0 -7
- package/src/auth/callbacks/jwt.ts +0 -382
- package/src/auth/callbacks/session.ts +0 -243
- package/src/auth/callbacks/signin.ts +0 -56
- package/src/auth/events/index.ts +0 -5
- package/src/auth/events/signout.ts +0 -33
- package/src/auth/providers/credentials.ts +0 -256
- package/src/auth/providers/index.ts +0 -6
- package/src/auth/providers/oauth.ts +0 -114
- package/src/lib/nextauth-secret.ts +0 -121
- package/src/types/next-auth.d.ts +0 -15
package/src/utils/logout.ts
CHANGED
|
@@ -1,30 +1,30 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Simple Logout Utility for @payez/next-mvp
|
|
3
|
-
*
|
|
4
|
-
* Provides a clean logout function that:
|
|
5
|
-
* - Clears NextAuth session
|
|
6
|
-
* - Redirects to login page
|
|
7
|
-
* - No external dependencies
|
|
8
|
-
*/
|
|
9
|
-
|
|
10
|
-
import {
|
|
11
|
-
|
|
12
|
-
/**
|
|
13
|
-
* Sign out the current user and redirect to login
|
|
14
|
-
*
|
|
15
|
-
* @param redirectUrl - URL to redirect to after logout (default: /account-auth/login)
|
|
16
|
-
*/
|
|
17
|
-
export async function logout(redirectUrl: string = '/account-auth/login'): Promise<void> {
|
|
18
|
-
try {
|
|
19
|
-
await signOut(
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
}
|
|
23
|
-
} catch (error) {
|
|
24
|
-
console.error('Logout error:', error);
|
|
25
|
-
// Fallback: force redirect to login
|
|
26
|
-
if (typeof window !== 'undefined') {
|
|
27
|
-
window.location.href = redirectUrl;
|
|
28
|
-
}
|
|
29
|
-
}
|
|
30
|
-
}
|
|
1
|
+
/**
|
|
2
|
+
* Simple Logout Utility for @payez/next-mvp
|
|
3
|
+
*
|
|
4
|
+
* Provides a clean logout function that:
|
|
5
|
+
* - Clears NextAuth session
|
|
6
|
+
* - Redirects to login page
|
|
7
|
+
* - No external dependencies
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
import { authClient } from '../client/better-auth-client';
|
|
11
|
+
|
|
12
|
+
/**
|
|
13
|
+
* Sign out the current user and redirect to login
|
|
14
|
+
*
|
|
15
|
+
* @param redirectUrl - URL to redirect to after logout (default: /account-auth/login)
|
|
16
|
+
*/
|
|
17
|
+
export async function logout(redirectUrl: string = '/account-auth/login'): Promise<void> {
|
|
18
|
+
try {
|
|
19
|
+
await authClient.signOut();
|
|
20
|
+
if (typeof window !== 'undefined') {
|
|
21
|
+
window.location.href = redirectUrl;
|
|
22
|
+
}
|
|
23
|
+
} catch (error) {
|
|
24
|
+
console.error('Logout error:', error);
|
|
25
|
+
// Fallback: force redirect to login
|
|
26
|
+
if (typeof window !== 'undefined') {
|
|
27
|
+
window.location.href = redirectUrl;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
}
|
|
@@ -1,67 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Enhanced Auth Handler with Coordinated Token Refresh
|
|
3
|
-
*
|
|
4
|
-
* Provides a middleware wrapper that automatically handles token lifecycle:
|
|
5
|
-
* - Checks token expiry before each request
|
|
6
|
-
* - Automatically refreshes expired or near-expired tokens
|
|
7
|
-
* - Uses Redis locks for coordinated refresh (prevents race conditions)
|
|
8
|
-
* - Retries requests on 401 responses with fresh tokens
|
|
9
|
-
*
|
|
10
|
-
* Pattern ported from website-membership simple-api-handler.ts
|
|
11
|
-
*
|
|
12
|
-
* @version 2.1.0
|
|
13
|
-
* @since auth-ready-v2
|
|
14
|
-
*/
|
|
15
|
-
import { NextRequest, NextResponse } from 'next/server';
|
|
16
|
-
import { JWT } from 'next-auth/jwt';
|
|
17
|
-
export interface AuthContext {
|
|
18
|
-
token: JWT;
|
|
19
|
-
accessToken: string;
|
|
20
|
-
userId: string;
|
|
21
|
-
sessionToken: string;
|
|
22
|
-
refreshToken?: string;
|
|
23
|
-
}
|
|
24
|
-
export interface AuthHandlerOptions {
|
|
25
|
-
/** Whether authentication is required for this route (default: true) */
|
|
26
|
-
requireAuth?: boolean;
|
|
27
|
-
/** Automatically refresh expired or near-expired tokens (default: true) */
|
|
28
|
-
autoRefresh?: boolean;
|
|
29
|
-
/** Buffer time in seconds before token expiry to trigger refresh (default: 300 = 5 minutes) */
|
|
30
|
-
refreshBuffer?: number;
|
|
31
|
-
/** Retry request on 401 response after refreshing token (default: true) */
|
|
32
|
-
retryOn401?: boolean;
|
|
33
|
-
/** Maximum number of retry attempts on 401 (default: 1) */
|
|
34
|
-
maxRetries?: number;
|
|
35
|
-
/** NextAuth secret for JWT decoding */
|
|
36
|
-
nextAuthSecret?: string;
|
|
37
|
-
/** IDP base URL for refresh requests */
|
|
38
|
-
idpBaseUrl?: string;
|
|
39
|
-
/** OAuth client ID */
|
|
40
|
-
clientId?: string;
|
|
41
|
-
}
|
|
42
|
-
export type HandlerFunction = (req: NextRequest, context: any, auth: AuthContext) => Promise<NextResponse | Response>;
|
|
43
|
-
/**
|
|
44
|
-
* Creates an auth-aware handler with automatic token refresh
|
|
45
|
-
*
|
|
46
|
-
* @example
|
|
47
|
-
* ```typescript
|
|
48
|
-
* import { createAuthHandler } from '@payez/next-mvp/api';
|
|
49
|
-
*
|
|
50
|
-
* const handler = createAuthHandler({ requireAuth: true });
|
|
51
|
-
*
|
|
52
|
-
* export const GET = handler.handle(async (req, context, auth) => {
|
|
53
|
-
* // auth.accessToken is guaranteed to be fresh
|
|
54
|
-
* const response = await fetch('https://api.example.com/data', {
|
|
55
|
-
* headers: { 'Authorization': `Bearer ${auth.accessToken}` }
|
|
56
|
-
* });
|
|
57
|
-
* return NextResponse.json(await response.json());
|
|
58
|
-
* });
|
|
59
|
-
* ```
|
|
60
|
-
*/
|
|
61
|
-
export declare function createAuthHandler(options?: AuthHandlerOptions): {
|
|
62
|
-
handle: (handler: HandlerFunction) => (req: NextRequest, context?: any) => Promise<Response>;
|
|
63
|
-
};
|
|
64
|
-
/**
|
|
65
|
-
* Default export for convenience
|
|
66
|
-
*/
|
|
67
|
-
export default createAuthHandler;
|
package/dist/api/auth-handler.js
DELETED
|
@@ -1,397 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Enhanced Auth Handler with Coordinated Token Refresh
|
|
4
|
-
*
|
|
5
|
-
* Provides a middleware wrapper that automatically handles token lifecycle:
|
|
6
|
-
* - Checks token expiry before each request
|
|
7
|
-
* - Automatically refreshes expired or near-expired tokens
|
|
8
|
-
* - Uses Redis locks for coordinated refresh (prevents race conditions)
|
|
9
|
-
* - Retries requests on 401 responses with fresh tokens
|
|
10
|
-
*
|
|
11
|
-
* Pattern ported from website-membership simple-api-handler.ts
|
|
12
|
-
*
|
|
13
|
-
* @version 2.1.0
|
|
14
|
-
* @since auth-ready-v2
|
|
15
|
-
*/
|
|
16
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
exports.createAuthHandler = createAuthHandler;
|
|
18
|
-
const server_1 = require("next/server");
|
|
19
|
-
const jwt_1 = require("next-auth/jwt");
|
|
20
|
-
const nanoid_1 = require("nanoid");
|
|
21
|
-
const session_store_1 = require("../lib/session-store");
|
|
22
|
-
const app_slug_1 = require("../lib/app-slug");
|
|
23
|
-
/**
|
|
24
|
-
* Creates an auth-aware handler with automatic token refresh
|
|
25
|
-
*
|
|
26
|
-
* @example
|
|
27
|
-
* ```typescript
|
|
28
|
-
* import { createAuthHandler } from '@payez/next-mvp/api';
|
|
29
|
-
*
|
|
30
|
-
* const handler = createAuthHandler({ requireAuth: true });
|
|
31
|
-
*
|
|
32
|
-
* export const GET = handler.handle(async (req, context, auth) => {
|
|
33
|
-
* // auth.accessToken is guaranteed to be fresh
|
|
34
|
-
* const response = await fetch('https://api.example.com/data', {
|
|
35
|
-
* headers: { 'Authorization': `Bearer ${auth.accessToken}` }
|
|
36
|
-
* });
|
|
37
|
-
* return NextResponse.json(await response.json());
|
|
38
|
-
* });
|
|
39
|
-
* ```
|
|
40
|
-
*/
|
|
41
|
-
function createAuthHandler(options = {}) {
|
|
42
|
-
const { requireAuth = true, autoRefresh = true, refreshBuffer = 60, // 60 seconds - matches website-membership proven threshold
|
|
43
|
-
retryOn401 = true, maxRetries = 1, nextAuthSecret = process.env.NEXTAUTH_SECRET, idpBaseUrl = process.env.IDP_URL, clientId = process.env.CLIENT_ID || process.env.NEXT_PUBLIC_IDP_CLIENT_ID } = options;
|
|
44
|
-
/**
|
|
45
|
-
* Performs coordinated token refresh with Redis locking
|
|
46
|
-
* This prevents multiple concurrent requests from all trying to refresh simultaneously
|
|
47
|
-
*/
|
|
48
|
-
async function performCoordinatedRefresh(sessionToken, requestId) {
|
|
49
|
-
// Check if refresh is already in progress
|
|
50
|
-
const existingLock = await (0, session_store_1.checkRefreshLock)(sessionToken);
|
|
51
|
-
if (existingLock) {
|
|
52
|
-
console.info('[AUTH_HANDLER] Refresh already in progress, waiting...', {
|
|
53
|
-
requestId,
|
|
54
|
-
lockOwner: existingLock.acquiredBy,
|
|
55
|
-
lockAge: Date.now() - existingLock.acquiredAt
|
|
56
|
-
});
|
|
57
|
-
// Wait for the refresh to complete
|
|
58
|
-
const waitResult = await waitForRefreshCompletion(sessionToken, requestId, 10000);
|
|
59
|
-
if (waitResult.success) {
|
|
60
|
-
// Get the fresh token from session
|
|
61
|
-
const freshSession = await (0, session_store_1.getSession)(sessionToken);
|
|
62
|
-
if (freshSession?.accessToken) {
|
|
63
|
-
return {
|
|
64
|
-
success: true,
|
|
65
|
-
accessToken: freshSession.accessToken,
|
|
66
|
-
refreshToken: freshSession.refreshToken,
|
|
67
|
-
expiresIn: freshSession.accessTokenExpires
|
|
68
|
-
? Math.floor((freshSession.accessTokenExpires - Date.now()) / 1000)
|
|
69
|
-
: undefined
|
|
70
|
-
};
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
return { success: false, error: waitResult.reason || 'Wait for refresh failed' };
|
|
74
|
-
}
|
|
75
|
-
// Try to acquire the refresh lock
|
|
76
|
-
const lockAcquired = await (0, session_store_1.acquireRefreshLock)(sessionToken, requestId, 5000);
|
|
77
|
-
if (!lockAcquired) {
|
|
78
|
-
// Another request grabbed the lock, wait for it
|
|
79
|
-
console.info('[AUTH_HANDLER] Failed to acquire lock, waiting for other request', { requestId });
|
|
80
|
-
const waitResult = await waitForRefreshCompletion(sessionToken, requestId, 10000);
|
|
81
|
-
if (waitResult.success) {
|
|
82
|
-
const freshSession = await (0, session_store_1.getSession)(sessionToken);
|
|
83
|
-
if (freshSession?.accessToken) {
|
|
84
|
-
return {
|
|
85
|
-
success: true,
|
|
86
|
-
accessToken: freshSession.accessToken,
|
|
87
|
-
refreshToken: freshSession.refreshToken
|
|
88
|
-
};
|
|
89
|
-
}
|
|
90
|
-
}
|
|
91
|
-
return { success: false, error: waitResult.reason || 'Wait for refresh failed' };
|
|
92
|
-
}
|
|
93
|
-
try {
|
|
94
|
-
// Double-check if tokens are still stale after acquiring lock
|
|
95
|
-
const latestSession = await (0, session_store_1.getSession)(sessionToken);
|
|
96
|
-
if (latestSession && !tokenNeedsRefresh(latestSession, refreshBuffer)) {
|
|
97
|
-
console.info('[AUTH_HANDLER] Tokens already fresh after acquiring lock, skipping refresh', { requestId });
|
|
98
|
-
return {
|
|
99
|
-
success: true,
|
|
100
|
-
accessToken: latestSession.accessToken,
|
|
101
|
-
refreshToken: latestSession.refreshToken
|
|
102
|
-
};
|
|
103
|
-
}
|
|
104
|
-
// Actually perform the refresh
|
|
105
|
-
return await executeRefresh(sessionToken, latestSession);
|
|
106
|
-
}
|
|
107
|
-
finally {
|
|
108
|
-
// Always release the lock
|
|
109
|
-
await (0, session_store_1.releaseRefreshLock)(sessionToken, requestId);
|
|
110
|
-
}
|
|
111
|
-
}
|
|
112
|
-
/**
|
|
113
|
-
* Wait for an in-progress refresh to complete
|
|
114
|
-
*/
|
|
115
|
-
async function waitForRefreshCompletion(sessionToken, requestId, maxWaitMs) {
|
|
116
|
-
const startTime = Date.now();
|
|
117
|
-
const pollInterval = 100;
|
|
118
|
-
while (Date.now() - startTime < maxWaitMs) {
|
|
119
|
-
const lockExists = await (0, session_store_1.checkRefreshLock)(sessionToken);
|
|
120
|
-
if (!lockExists) {
|
|
121
|
-
// Lock released, check if tokens are fresh
|
|
122
|
-
const session = await (0, session_store_1.getSession)(sessionToken);
|
|
123
|
-
if (session?.accessToken && !tokenNeedsRefresh(session, refreshBuffer)) {
|
|
124
|
-
return { success: true };
|
|
125
|
-
}
|
|
126
|
-
else {
|
|
127
|
-
return { success: false, reason: 'Lock released but tokens not fresh' };
|
|
128
|
-
}
|
|
129
|
-
}
|
|
130
|
-
await new Promise(resolve => setTimeout(resolve, pollInterval));
|
|
131
|
-
}
|
|
132
|
-
return { success: false, reason: `Timeout waiting for refresh (${maxWaitMs}ms)` };
|
|
133
|
-
}
|
|
134
|
-
/**
|
|
135
|
-
* Check if token needs refresh based on expiry and buffer
|
|
136
|
-
*/
|
|
137
|
-
function tokenNeedsRefresh(session, bufferSeconds) {
|
|
138
|
-
if (!session.accessToken)
|
|
139
|
-
return true;
|
|
140
|
-
const expires = session.accessTokenExpires || 0;
|
|
141
|
-
const bufferMs = bufferSeconds * 1000;
|
|
142
|
-
const timeUntilExpiry = expires - Date.now();
|
|
143
|
-
return timeUntilExpiry <= bufferMs;
|
|
144
|
-
}
|
|
145
|
-
/**
|
|
146
|
-
* Execute the actual token refresh against IDP
|
|
147
|
-
*/
|
|
148
|
-
async function executeRefresh(sessionToken, currentSession) {
|
|
149
|
-
try {
|
|
150
|
-
if (!idpBaseUrl || !clientId) {
|
|
151
|
-
console.error('[AUTH_HANDLER] Missing IDP configuration for refresh');
|
|
152
|
-
return { success: false, error: 'Missing IDP configuration' };
|
|
153
|
-
}
|
|
154
|
-
if (!currentSession) {
|
|
155
|
-
console.error('[AUTH_HANDLER] No session found for refresh');
|
|
156
|
-
return { success: false, error: 'No session found' };
|
|
157
|
-
}
|
|
158
|
-
if (!currentSession.refreshToken) {
|
|
159
|
-
console.error('[AUTH_HANDLER] No refresh token available');
|
|
160
|
-
return { success: false, error: 'No refresh token' };
|
|
161
|
-
}
|
|
162
|
-
// Extract authentication methods from session
|
|
163
|
-
const authMethods = currentSession.authMethods ||
|
|
164
|
-
(currentSession.token?.amr ? JSON.parse(currentSession.token.amr) : ['pwd', 'mfa']);
|
|
165
|
-
const authLevel = String(currentSession.authenticationLevel || currentSession.token?.acr || '2');
|
|
166
|
-
const twoFactorMethod = currentSession.twoFactorMethod || 'authenticator';
|
|
167
|
-
// Build refresh request body
|
|
168
|
-
const refreshRequestBody = {
|
|
169
|
-
refresh_token: currentSession.refreshToken,
|
|
170
|
-
amr: authMethods,
|
|
171
|
-
acr: authLevel
|
|
172
|
-
};
|
|
173
|
-
if (currentSession.twoFactorComplete) {
|
|
174
|
-
refreshRequestBody.two_factor_verified = true;
|
|
175
|
-
}
|
|
176
|
-
if (twoFactorMethod) {
|
|
177
|
-
refreshRequestBody.two_factor_method = twoFactorMethod;
|
|
178
|
-
}
|
|
179
|
-
if (currentSession.mfaCompletedAt) {
|
|
180
|
-
refreshRequestBody.two_factor_completed_at = new Date(currentSession.mfaCompletedAt).toISOString();
|
|
181
|
-
}
|
|
182
|
-
console.info('[AUTH_HANDLER] Executing refresh against IDP', {
|
|
183
|
-
sessionToken: sessionToken.substring(0, 8) + '...',
|
|
184
|
-
hasRefreshToken: true
|
|
185
|
-
});
|
|
186
|
-
const response = await fetch(`${idpBaseUrl}/api/ExternalAuth/refresh`, {
|
|
187
|
-
method: 'POST',
|
|
188
|
-
headers: {
|
|
189
|
-
'Content-Type': 'application/json',
|
|
190
|
-
'X-Client-Id': clientId,
|
|
191
|
-
},
|
|
192
|
-
body: JSON.stringify(refreshRequestBody),
|
|
193
|
-
});
|
|
194
|
-
if (!response.ok) {
|
|
195
|
-
const errorText = await response.text().catch(() => 'Unknown error');
|
|
196
|
-
console.error('[AUTH_HANDLER] Refresh failed:', response.status, errorText);
|
|
197
|
-
return { success: false, error: `Refresh failed: ${response.status}` };
|
|
198
|
-
}
|
|
199
|
-
const data = await response.json();
|
|
200
|
-
if (data.success === false) {
|
|
201
|
-
return { success: false, error: data.error?.message || data.message || 'Refresh failed' };
|
|
202
|
-
}
|
|
203
|
-
const tokenData = data.data || data;
|
|
204
|
-
if (!tokenData.access_token) {
|
|
205
|
-
console.error('[AUTH_HANDLER] No access token in refresh response');
|
|
206
|
-
return { success: false, error: 'No access token received' };
|
|
207
|
-
}
|
|
208
|
-
// Update session with new tokens
|
|
209
|
-
const updatedSession = {
|
|
210
|
-
...currentSession,
|
|
211
|
-
accessToken: tokenData.access_token,
|
|
212
|
-
refreshToken: tokenData.refresh_token || currentSession.refreshToken,
|
|
213
|
-
accessTokenExpires: tokenData.expires_in
|
|
214
|
-
? Date.now() + (tokenData.expires_in * 1000)
|
|
215
|
-
: Date.now() + (3600 * 1000),
|
|
216
|
-
};
|
|
217
|
-
await (0, session_store_1.updateSession)(sessionToken, updatedSession);
|
|
218
|
-
console.info('[AUTH_HANDLER] Token refresh successful', {
|
|
219
|
-
newExpiry: new Date(updatedSession.accessTokenExpires).toISOString()
|
|
220
|
-
});
|
|
221
|
-
return {
|
|
222
|
-
success: true,
|
|
223
|
-
accessToken: tokenData.access_token,
|
|
224
|
-
refreshToken: tokenData.refresh_token,
|
|
225
|
-
expiresIn: tokenData.expires_in,
|
|
226
|
-
};
|
|
227
|
-
}
|
|
228
|
-
catch (error) {
|
|
229
|
-
console.error('[AUTH_HANDLER] Refresh exception:', error);
|
|
230
|
-
return { success: false, error: error instanceof Error ? error.message : 'Refresh failed' };
|
|
231
|
-
}
|
|
232
|
-
}
|
|
233
|
-
/**
|
|
234
|
-
* Checks if auth context token needs refresh based on expiry and buffer
|
|
235
|
-
*/
|
|
236
|
-
function needsRefresh(auth) {
|
|
237
|
-
if (!autoRefresh)
|
|
238
|
-
return false;
|
|
239
|
-
// Check if we have token expiry information
|
|
240
|
-
const token = auth.token;
|
|
241
|
-
const expiresAt = token.accessTokenExpires || token.exp;
|
|
242
|
-
if (!expiresAt) {
|
|
243
|
-
// No expiry info, can't determine if refresh needed
|
|
244
|
-
return false;
|
|
245
|
-
}
|
|
246
|
-
const now = Math.floor(Date.now() / 1000);
|
|
247
|
-
const expiryTime = typeof expiresAt === 'number' && expiresAt > 1000000000000
|
|
248
|
-
? Math.floor(expiresAt / 1000) // Convert milliseconds to seconds
|
|
249
|
-
: expiresAt;
|
|
250
|
-
// Check if token expires within the buffer period
|
|
251
|
-
return (expiryTime - now) <= refreshBuffer;
|
|
252
|
-
}
|
|
253
|
-
/**
|
|
254
|
-
* Generate a unique request ID for coordinated refresh
|
|
255
|
-
*/
|
|
256
|
-
function generateRequestId() {
|
|
257
|
-
return (0, nanoid_1.nanoid)();
|
|
258
|
-
}
|
|
259
|
-
/**
|
|
260
|
-
* Main handler wrapper
|
|
261
|
-
*/
|
|
262
|
-
return {
|
|
263
|
-
handle: (handler) => {
|
|
264
|
-
return async (req, context = {}) => {
|
|
265
|
-
// Extract token from NextAuth
|
|
266
|
-
const token = await (0, jwt_1.getToken)({ req, secret: nextAuthSecret, cookieName: (0, app_slug_1.getJwtCookieName)() });
|
|
267
|
-
// Check if auth is required
|
|
268
|
-
if (requireAuth && !token) {
|
|
269
|
-
return server_1.NextResponse.json({ error: 'Authentication required', code: 'UNAUTHORIZED' }, { status: 401 });
|
|
270
|
-
}
|
|
271
|
-
// If no token and auth not required, call handler without auth context
|
|
272
|
-
if (!token) {
|
|
273
|
-
return handler(req, context, null);
|
|
274
|
-
}
|
|
275
|
-
// Validate client_slug (token confusion attack prevention)
|
|
276
|
-
// SECURITY: Fail closed - require configuration to be explicitly set
|
|
277
|
-
const expectedClientSlug = process.env.NEXT_PUBLIC_EXPECTED_CLIENT_SLUG;
|
|
278
|
-
if (!expectedClientSlug) {
|
|
279
|
-
console.error('[AUTH_HANDLER] SECURITY MISCONFIGURATION: NEXT_PUBLIC_EXPECTED_CLIENT_SLUG not set');
|
|
280
|
-
return server_1.NextResponse.json({
|
|
281
|
-
error: 'Server configuration error',
|
|
282
|
-
code: 'SECURITY_CONFIGURATION_MISSING'
|
|
283
|
-
}, { status: 500 });
|
|
284
|
-
}
|
|
285
|
-
// Extract client_slug from token (normalize property name)
|
|
286
|
-
const tokenClientSlug = token.client_slug || token.clientSlug;
|
|
287
|
-
// SECURITY: Require client_slug claim in all tokens (no backward compat)
|
|
288
|
-
if (!tokenClientSlug) {
|
|
289
|
-
console.warn('[AUTH_HANDLER] Token missing required client_slug claim');
|
|
290
|
-
return server_1.NextResponse.json({
|
|
291
|
-
error: 'Token missing required claim',
|
|
292
|
-
code: 'TOKEN_MISSING_CLIENT_SLUG'
|
|
293
|
-
}, { status: 401 });
|
|
294
|
-
}
|
|
295
|
-
// SECURITY: Case-insensitive comparison to avoid casing attacks
|
|
296
|
-
if (tokenClientSlug.toLowerCase() !== expectedClientSlug.toLowerCase()) {
|
|
297
|
-
// Log without exposing sensitive details
|
|
298
|
-
console.warn('[AUTH_HANDLER] Token client mismatch detected');
|
|
299
|
-
return server_1.NextResponse.json({
|
|
300
|
-
error: 'Token issued for different client',
|
|
301
|
-
code: 'TOKEN_CLIENT_MISMATCH'
|
|
302
|
-
}, { status: 401 });
|
|
303
|
-
}
|
|
304
|
-
// Build initial auth context
|
|
305
|
-
let authContext = {
|
|
306
|
-
token,
|
|
307
|
-
accessToken: token.accessToken || '',
|
|
308
|
-
userId: token.sub || token.userId || '',
|
|
309
|
-
sessionToken: token.redisSessionId || '',
|
|
310
|
-
refreshToken: token.refreshToken,
|
|
311
|
-
};
|
|
312
|
-
// Check if token needs refresh
|
|
313
|
-
if (needsRefresh(authContext) && authContext.refreshToken) {
|
|
314
|
-
const requestId = generateRequestId();
|
|
315
|
-
console.info('[AUTH_HANDLER] Token near expiry, initiating coordinated refresh', {
|
|
316
|
-
requestId,
|
|
317
|
-
sessionToken: authContext.sessionToken.substring(0, 8) + '...'
|
|
318
|
-
});
|
|
319
|
-
const refreshResult = await performCoordinatedRefresh(authContext.sessionToken, requestId);
|
|
320
|
-
if (refreshResult.success && refreshResult.accessToken) {
|
|
321
|
-
// Update auth context with fresh token
|
|
322
|
-
authContext.accessToken = refreshResult.accessToken;
|
|
323
|
-
if (refreshResult.refreshToken) {
|
|
324
|
-
authContext.refreshToken = refreshResult.refreshToken;
|
|
325
|
-
}
|
|
326
|
-
// Update token object for future checks
|
|
327
|
-
authContext.token.accessToken = refreshResult.accessToken;
|
|
328
|
-
if (refreshResult.expiresIn) {
|
|
329
|
-
authContext.token.accessTokenExpires = Date.now() + (refreshResult.expiresIn * 1000);
|
|
330
|
-
}
|
|
331
|
-
console.info('[AUTH_HANDLER] Coordinated refresh successful', { requestId });
|
|
332
|
-
}
|
|
333
|
-
else {
|
|
334
|
-
console.warn('[AUTH_HANDLER] Failed to refresh token:', refreshResult.error);
|
|
335
|
-
// Continue with potentially expired token - handler may still succeed
|
|
336
|
-
}
|
|
337
|
-
}
|
|
338
|
-
// Attach auth context to request for downstream use (following existing pattern)
|
|
339
|
-
// IMPORTANT: Set this ONCE before the retry loop to avoid overwriting with stale data
|
|
340
|
-
req.__authContext = {
|
|
341
|
-
accessToken: authContext.accessToken,
|
|
342
|
-
userId: authContext.userId,
|
|
343
|
-
sessionToken: authContext.sessionToken,
|
|
344
|
-
};
|
|
345
|
-
// Call the actual handler
|
|
346
|
-
let response;
|
|
347
|
-
let retryCount = 0;
|
|
348
|
-
while (retryCount <= maxRetries) {
|
|
349
|
-
try {
|
|
350
|
-
response = await handler(req, context, authContext);
|
|
351
|
-
// Check if we got a 401 and should retry
|
|
352
|
-
if (response.status === 401 &&
|
|
353
|
-
retryOn401 &&
|
|
354
|
-
retryCount < maxRetries &&
|
|
355
|
-
authContext.refreshToken) {
|
|
356
|
-
const retryRequestId = generateRequestId();
|
|
357
|
-
console.info('[AUTH_HANDLER] Got 401, attempting coordinated refresh and retry', { retryRequestId });
|
|
358
|
-
const refreshResult = await performCoordinatedRefresh(authContext.sessionToken, retryRequestId);
|
|
359
|
-
if (refreshResult.success && refreshResult.accessToken) {
|
|
360
|
-
console.info('[AUTH_HANDLER] Refresh succeeded, updating tokens', { retryRequestId });
|
|
361
|
-
// Update auth context with fresh token
|
|
362
|
-
authContext.accessToken = refreshResult.accessToken;
|
|
363
|
-
if (refreshResult.refreshToken) {
|
|
364
|
-
authContext.refreshToken = refreshResult.refreshToken;
|
|
365
|
-
}
|
|
366
|
-
// Update request context
|
|
367
|
-
req.__authContext.accessToken = refreshResult.accessToken;
|
|
368
|
-
console.info('[AUTH_HANDLER] Updated req.__authContext with new token, retrying request', { retryRequestId });
|
|
369
|
-
retryCount++;
|
|
370
|
-
continue; // Retry the request
|
|
371
|
-
}
|
|
372
|
-
else {
|
|
373
|
-
console.warn('[AUTH_HANDLER] Refresh failed on 401 retry:', refreshResult.error);
|
|
374
|
-
break; // Don't retry if refresh failed
|
|
375
|
-
}
|
|
376
|
-
}
|
|
377
|
-
// Success or non-401 error - return response
|
|
378
|
-
break;
|
|
379
|
-
}
|
|
380
|
-
catch (error) {
|
|
381
|
-
// Handler threw an error
|
|
382
|
-
console.error('[AUTH_HANDLER] Handler error:', error);
|
|
383
|
-
return server_1.NextResponse.json({
|
|
384
|
-
error: 'Internal server error',
|
|
385
|
-
details: error instanceof Error ? error.message : 'Unknown error'
|
|
386
|
-
}, { status: 500 });
|
|
387
|
-
}
|
|
388
|
-
}
|
|
389
|
-
return response;
|
|
390
|
-
};
|
|
391
|
-
}
|
|
392
|
-
};
|
|
393
|
-
}
|
|
394
|
-
/**
|
|
395
|
-
* Default export for convenience
|
|
396
|
-
*/
|
|
397
|
-
exports.default = createAuthHandler;
|
package/dist/api/index.d.ts
DELETED
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* @payez/next-mvp API Module Exports
|
|
3
|
-
*
|
|
4
|
-
* Provides enhanced API route handlers with automatic token management
|
|
5
|
-
*
|
|
6
|
-
* @version 2.0.0
|
|
7
|
-
* @since auth-ready-v2
|
|
8
|
-
*/
|
|
9
|
-
export { createAuthHandler, type AuthContext, type AuthHandlerOptions, type HandlerFunction } from './auth-handler';
|
|
10
|
-
export { default } from './auth-handler';
|
package/dist/api/index.js
DELETED
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* @payez/next-mvp API Module Exports
|
|
4
|
-
*
|
|
5
|
-
* Provides enhanced API route handlers with automatic token management
|
|
6
|
-
*
|
|
7
|
-
* @version 2.0.0
|
|
8
|
-
* @since auth-ready-v2
|
|
9
|
-
*/
|
|
10
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
11
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
12
|
-
};
|
|
13
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
|
-
exports.default = exports.createAuthHandler = void 0;
|
|
15
|
-
var auth_handler_1 = require("./auth-handler");
|
|
16
|
-
Object.defineProperty(exports, "createAuthHandler", { enumerable: true, get: function () { return auth_handler_1.createAuthHandler; } });
|
|
17
|
-
// Default export for convenience
|
|
18
|
-
var auth_handler_2 = require("./auth-handler");
|
|
19
|
-
Object.defineProperty(exports, "default", { enumerable: true, get: function () { return __importDefault(auth_handler_2).default; } });
|