@payez/next-mvp 3.9.1 → 4.0.1

package/dist/api-handlers/admin/vibe-data.js

@@ -1,268 +0,0 @@
-"use strict";
-/**
- * Admin Vibe Data API Handler
- *
- * Provides admin-level access to Vibe data using service account credentials.
- * Bypasses user-level filtering to allow admins to view all records.
- *
- * @version 1.0
- * @requires Admin role (vibe_app_admin or payez_admin)
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createGetCollectionsHandler = createGetCollectionsHandler;
-exports.createGetTablesHandler = createGetTablesHandler;
-exports.createGetTableDataHandler = createGetTableDataHandler;
-exports.createGetRecordHandler = createGetRecordHandler;
-exports.createUpdateRecordHandler = createUpdateRecordHandler;
-exports.createDeleteRecordHandler = createDeleteRecordHandler;
-exports.createQueryHandler = createQueryHandler;
-const server_1 = require("next/server");
-const next_auth_1 = require("next-auth");
-const startup_init_1 = require("../../lib/startup-init");
-const roles_1 = require("../../lib/roles");
-/**
- * Check if the current user has admin role
- */
-async function checkAdminRole(getAuthOptions) {
-    const authOptions = await getAuthOptions();
-    const session = await (0, next_auth_1.getServerSession)(authOptions);
-    if (!session?.user) {
-        return {
-            isAdmin: false,
-            error: server_1.NextResponse.json({ success: false, error: { code: 'UNAUTHORIZED', message: 'Please sign in' } }, { status: 401 }),
-        };
-    }
-    const userRoles = session.user?.roles || [];
-    const hasAdminRole = roles_1.ADMIN_ROLES.some(role => userRoles.includes(role));
-    if (!hasAdminRole) {
-        return {
-            isAdmin: false,
-            error: server_1.NextResponse.json({ success: false, error: { code: 'FORBIDDEN', message: 'Admin access required' } }, { status: 403 }),
-        };
-    }
-    return { isAdmin: true };
-}
-/**
- * Make a service account request to Vibe (admin mode - no user filtering)
- */
-async function vibeServiceRequest(endpoint, options) {
-    const idpUrl = process.env.NEXT_PUBLIC_IDP_URL || process.env.IDP_URL;
-    const clientId = process.env.VIBE_CLIENT_ID;
-    const signingKey = process.env.VIBE_HMAC_KEY;
-    if (!idpUrl || !clientId || !signingKey) {
-        console.error('[Admin Vibe] Missing config:', { idpUrl: !!idpUrl, clientId: !!clientId, signingKey: !!signingKey });
-        return { ok: false, status: 500, data: null, error: 'Vibe not configured' };
-    }
-    const timestamp = Math.floor(Date.now() / 1000);
-    const stringToSign = `${timestamp}|${options.method}|${endpoint}`;
-    // Generate HMAC signature
-    const crypto = await Promise.resolve().then(() => __importStar(require('crypto')));
-    const signature = crypto
-        .createHmac('sha256', Buffer.from(signingKey, 'base64'))
-        .update(stringToSign)
-        .digest('base64');
-    const proxyUrl = `${idpUrl}/api/vibe/proxy`;
-    // Get the client slug from startup config for multi-client admin support
-    const idpConfig = (0, startup_init_1.getStartupIDPConfig)();
-    const idpClientId = idpConfig?.clientSlug || idpConfig?.clientId;
-    try {
-        const res = await fetch(proxyUrl, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'X-Vibe-Client-Id': clientId,
-                'X-Vibe-Timestamp': String(timestamp),
-                'X-Vibe-Signature': signature,
-                // For multi-client admins: specify which client context to use
-                ...(idpClientId && { 'X-Client-Id': idpClientId }),
-            },
-            body: JSON.stringify({
-                endpoint,
-                method: options.method,
-                data: options.body ?? null,
-            }),
-            cache: 'no-store',
-        });
-        if (res.status === 204) {
-            return { ok: true, status: 204, data: null };
-        }
-        if (!res.ok) {
-            const errorText = await res.text();
-            console.error(`[Admin Vibe] Request failed: ${options.method} ${endpoint} - ${res.status}`, errorText);
-            return { ok: false, status: res.status, data: null, error: errorText };
-        }
-        const body = await res.json();
-        return { ok: true, status: res.status, data: body };
-    }
-    catch (error) {
-        console.error(`[Admin Vibe] Request exception: ${options.method} ${endpoint}`, error);
-        return { ok: false, status: 0, data: null, error: String(error) };
-    }
-}
-/**
- * GET /api/admin/vibe/collections
- * List all Vibe collections
- */
-function createGetCollectionsHandler(config) {
-    return async function GET(request) {
-        const adminCheck = await checkAdminRole(config.getAuthOptions);
-        if (adminCheck.error)
-            return adminCheck.error;
-        const result = await vibeServiceRequest('/v1/collections', { method: 'GET' });
-        if (!result.ok) {
-            return server_1.NextResponse.json({ success: false, error: { code: 'FETCH_ERROR', message: result.error } }, { status: result.status || 500 });
-        }
-        return server_1.NextResponse.json(result.data);
-    };
-}
-/**
- * GET /api/admin/vibe/collections/[collection]/tables
- * List tables in a collection
- */
-function createGetTablesHandler(config) {
-    return async function GET(request, { params }) {
-        const { collection } = await params;
-        const adminCheck = await checkAdminRole(config.getAuthOptions);
-        if (adminCheck.error)
-            return adminCheck.error;
-        const result = await vibeServiceRequest(`/v1/collections/${collection}/tables`, { method: 'GET' });
-        if (!result.ok) {
-            return server_1.NextResponse.json({ success: false, error: { code: 'FETCH_ERROR', message: result.error } }, { status: result.status || 500 });
-        }
-        return server_1.NextResponse.json(result.data);
-    };
-}
-/**
- * GET /api/admin/vibe/data/[collection]/[table]
- * Fetch all records from a table (admin - no user filtering)
- */
-function createGetTableDataHandler(config) {
-    return async function GET(request, { params }) {
-        const { collection, table } = await params;
-        const adminCheck = await checkAdminRole(config.getAuthOptions);
-        if (adminCheck.error)
-            return adminCheck.error;
-        const searchParams = request.nextUrl.searchParams.toString();
-        const queryString = searchParams ? `?${searchParams}` : '';
-        const endpoint = `/v1/collections/${collection}/tables/${table}${queryString}`;
-        const result = await vibeServiceRequest(endpoint, { method: 'GET' });
-        if (result.status === 204) {
-            return server_1.NextResponse.json({ data: [], meta: { total: 0, limit: 50, offset: 0 } });
-        }
-        if (!result.ok) {
-            return server_1.NextResponse.json({ success: false, error: { code: 'FETCH_ERROR', message: result.error } }, { status: result.status || 500 });
-        }
-        return server_1.NextResponse.json(result.data);
-    };
-}
-/**
- * GET /api/admin/vibe/data/[collection]/[table]/[id]
- * Fetch single record (admin access)
- */
-function createGetRecordHandler(config) {
-    return async function GET(request, { params }) {
-        const { collection, table, id } = await params;
-        const adminCheck = await checkAdminRole(config.getAuthOptions);
-        if (adminCheck.error)
-            return adminCheck.error;
-        const endpoint = `/v1/collections/${collection}/tables/${table}/${id}`;
-        const result = await vibeServiceRequest(endpoint, { method: 'GET' });
-        if (!result.ok) {
-            const status = result.status === 404 ? 404 : result.status || 500;
-            return server_1.NextResponse.json({ success: false, error: { code: result.status === 404 ? 'NOT_FOUND' : 'FETCH_ERROR', message: result.error } }, { status });
-        }
-        return server_1.NextResponse.json(result.data);
-    };
-}
-/**
- * PUT /api/admin/vibe/data/[collection]/[table]/[id]
- * Update record (admin access)
- */
-function createUpdateRecordHandler(config) {
-    return async function PUT(request, { params }) {
-        const { collection, table, id } = await params;
-        const adminCheck = await checkAdminRole(config.getAuthOptions);
-        if (adminCheck.error)
-            return adminCheck.error;
-        const body = await request.json();
-        const endpoint = `/v1/collections/${collection}/tables/${table}/${id}`;
-        const result = await vibeServiceRequest(endpoint, { method: 'PUT', body });
-        if (!result.ok) {
-            return server_1.NextResponse.json({ success: false, error: { code: 'UPDATE_ERROR', message: result.error } }, { status: result.status || 500 });
-        }
-        return server_1.NextResponse.json(result.data);
-    };
-}
-/**
- * DELETE /api/admin/vibe/data/[collection]/[table]/[id]
- * Delete record (admin access)
- */
-function createDeleteRecordHandler(config) {
-    return async function DELETE(request, { params }) {
-        const { collection, table, id } = await params;
-        const adminCheck = await checkAdminRole(config.getAuthOptions);
-        if (adminCheck.error)
-            return adminCheck.error;
-        const endpoint = `/v1/collections/${collection}/tables/${table}/${id}`;
-        const result = await vibeServiceRequest(endpoint, { method: 'DELETE' });
-        if (!result.ok) {
-            return server_1.NextResponse.json({ success: false, error: { code: 'DELETE_ERROR', message: result.error } }, { status: result.status || 500 });
-        }
-        return new server_1.NextResponse(null, { status: 204 });
-    };
-}
-/**
- * POST /api/admin/vibe/data/[collection]/[table]/query
- * Query records with filters (admin access)
- */
-function createQueryHandler(config) {
-    return async function POST(request, { params }) {
-        const { collection, table } = await params;
-        const adminCheck = await checkAdminRole(config.getAuthOptions);
-        if (adminCheck.error)
-            return adminCheck.error;
-        const body = await request.json();
-        const endpoint = `/v1/collections/${collection}/tables/${table}/query`;
-        const result = await vibeServiceRequest(endpoint, { method: 'POST', body });
-        if (result.status === 204) {
-            return server_1.NextResponse.json({ data: [], meta: { total: 0, page: 1, pageSize: 20 } });
-        }
-        if (!result.ok) {
-            return server_1.NextResponse.json({ success: false, error: { code: 'QUERY_ERROR', message: result.error } }, { status: result.status || 500 });
-        }
-        return server_1.NextResponse.json(result.data);
-    };
-}

package/dist/api-handlers/anon/preferences.d.ts

@@ -1,37 +0,0 @@
-/**
- * Anonymous Session Preferences API Handler
- *
- * GET /api/anon/preferences - Get current preferences
- * POST /api/anon/preferences - Update preferences
- *
- * Sets a cookie to track anonymous visitors and stores preferences in Redis.
- */
-import { NextRequest, NextResponse } from 'next/server';
-import { AnonSessionPreferences } from '../../lib/anon-session';
-/**
- * GET handler - retrieves anonymous session preferences
- */
-export declare function GET(request: NextRequest): Promise<NextResponse<{
-    success: boolean;
-    data: {
-        id: string;
-        preferences: AnonSessionPreferences;
-        metrics: import("../../lib/anon-session").AnonSessionMetrics;
-    };
-}> | NextResponse<{
-    success: boolean;
-    error: string;
-}>>;
-/**
- * POST handler - updates anonymous session preferences
- */
-export declare function POST(request: NextRequest): Promise<NextResponse<{
-    success: boolean;
-    error: string;
-}> | NextResponse<{
-    success: boolean;
-    data: {
-        id: string;
-        preferences: AnonSessionPreferences;
-    };
-}>>;

package/dist/api-handlers/anon/preferences.js

@@ -1,96 +0,0 @@
-"use strict";
-/**
- * Anonymous Session Preferences API Handler
- *
- * GET /api/anon/preferences - Get current preferences
- * POST /api/anon/preferences - Update preferences
- *
- * Sets a cookie to track anonymous visitors and stores preferences in Redis.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.GET = GET;
-exports.POST = POST;
-const server_1 = require("next/server");
-const headers_1 = require("next/headers");
-const anon_session_1 = require("../../lib/anon-session");
-const COOKIE_MAX_AGE = 90 * 24 * 60 * 60; // 90 days in seconds
-/**
- * GET handler - retrieves anonymous session preferences
- */
-async function GET(request) {
-    try {
-        const cookieStore = await (0, headers_1.cookies)();
-        let anonId = cookieStore.get(anon_session_1.ANON_COOKIE_NAME)?.value;
-        // Get or create session
-        const session = await (0, anon_session_1.getOrCreateAnonSession)(anonId);
-        // Build response
-        const response = server_1.NextResponse.json({
-            success: true,
-            data: {
-                id: session.id,
-                preferences: session.preferences,
-                metrics: session.metrics,
-            },
-        });
-        // Set cookie if it's a new session
-        if (!anonId || anonId !== session.id) {
-            response.cookies.set(anon_session_1.ANON_COOKIE_NAME, session.id, {
-                httpOnly: true,
-                secure: process.env.NODE_ENV === 'production',
-                sameSite: 'lax',
-                maxAge: COOKIE_MAX_AGE,
-                path: '/',
-            });
-        }
-        return response;
-    }
-    catch (error) {
-        console.error('[ANON-PREFERENCES] GET error:', error);
-        return server_1.NextResponse.json({ success: false, error: 'Failed to get preferences' }, { status: 500 });
-    }
-}
-/**
- * POST handler - updates anonymous session preferences
- */
-async function POST(request) {
-    try {
-        const cookieStore = await (0, headers_1.cookies)();
-        let anonId = cookieStore.get(anon_session_1.ANON_COOKIE_NAME)?.value;
-        // Get or create session first
-        const session = await (0, anon_session_1.getOrCreateAnonSession)(anonId);
-        anonId = session.id;
-        // Parse body for preferences to update
-        const body = await request.json();
-        const preferences = body.preferences || body;
-        // Validate preferences
-        if (typeof preferences !== 'object') {
-            return server_1.NextResponse.json({ success: false, error: 'Invalid preferences format' }, { status: 400 });
-        }
-        // Update preferences
-        const updatedSession = await (0, anon_session_1.updateAnonPreferences)(anonId, preferences);
-        if (!updatedSession) {
-            return server_1.NextResponse.json({ success: false, error: 'Session not found' }, { status: 404 });
-        }
-        // Build response
-        const response = server_1.NextResponse.json({
-            success: true,
-            data: {
-                id: updatedSession.id,
-                preferences: updatedSession.preferences,
-            },
-        });
-        // Ensure cookie is set
-        response.cookies.set(anon_session_1.ANON_COOKIE_NAME, anonId, {
-            httpOnly: true,
-            secure: process.env.NODE_ENV === 'production',
-            sameSite: 'lax',
-            maxAge: COOKIE_MAX_AGE,
-            path: '/',
-        });
-        return response;
-    }
-    catch (error) {
-        console.error('[ANON-PREFERENCES] POST error:', error);
-        return server_1.NextResponse.json({ success: false, error: 'Failed to update preferences' }, { status: 500 });
-    }
-}

package/dist/api-handlers/auth/jwks.d.ts

@@ -1,2 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-export declare function GET(_req: NextRequest): Promise<NextResponse<any>>;

package/dist/api-handlers/auth/jwks.js

@@ -1,24 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.GET = GET;
-const server_1 = require("next/server");
-const env_1 = require("../../config/env");
-const logger_1 = require("../../config/logger");
-async function GET(_req) {
-    try {
-        const url = `${env_1.ENV_CONFIG.IDP_URL}${env_1.API_ENDPOINTS.externalAuth.jwks}`;
-        const res = await fetch(url, { headers: { 'Accept': 'application/json' } });
-        const bodyText = await res.text();
-        try {
-            const json = JSON.parse(bodyText);
-            return server_1.NextResponse.json(json, { status: res.status });
-        }
-        catch (e) {
-            logger_1.logger.error('[AUTH_JWKS] Upstream returned non-JSON', { status: res.status, bodyText: bodyText?.slice(0, 200) });
-            return server_1.NextResponse.json({ error: 'Invalid JWKS response' }, { status: 502 });
-        }
-    }
-    catch (error) {
-        return server_1.NextResponse.json({ error: 'Failed to fetch JWKS' }, { status: 502 });
-    }
-}

package/dist/api-handlers/auth/login.d.ts

@@ -1,42 +0,0 @@
-/**
- * Authentication Login API Handler
- *
- * Handles user authentication against the external IDP service.
- * This handler is designed to be imported and used by Next.js applications
- * using the @payez/next-mvp package.
- *
- * @version 2.0
- * @requires No authentication (public endpoint)
- */
-import { NextRequest, NextResponse } from 'next/server';
-interface LoginConfig {
-    idpBaseUrl: string;
-    clientId: string;
-    loginEndpoint?: string;
-    clientType?: string;
-}
-/**
- * Creates a login handler for Next.js API routes
- *
- * @param config Configuration for IDP connection
- * @returns Next.js POST handler function
- *
- * @example
- * ```typescript
- * // In your app's /app/api/auth/login/route.ts
- * import { createLoginHandler } from '@payez/next-mvp/api-handlers/auth/login';
- *
- * export const POST = createLoginHandler({
- *   idpBaseUrl: process.env.IDP_URL!,
- *   clientId: process.env.CLIENT_ID!,
- *   loginEndpoint: '/api/ExternalAuth/login'
- * });
- * ```
- */
-export declare function createLoginHandler(config: LoginConfig): (req: NextRequest) => Promise<NextResponse<unknown>>;
-/**
- * Default export for backward compatibility
- * Requires environment variables: IDP_URL, CLIENT_ID
- */
-export declare const POST: (req: NextRequest) => Promise<NextResponse<unknown>>;
-export {};

package/dist/api-handlers/auth/login.js

@@ -1,178 +0,0 @@
-"use strict";
-/**
- * Authentication Login API Handler
- *
- * Handles user authentication against the external IDP service.
- * This handler is designed to be imported and used by Next.js applications
- * using the @payez/next-mvp package.
- *
- * @version 2.0
- * @requires No authentication (public endpoint)
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.POST = void 0;
-exports.createLoginHandler = createLoginHandler;
-const server_1 = require("next/server");
-// Add protection headers to all responses
-function addSecurityHeaders(response) {
-    // Content Security Policy - restrictive for auth endpoints
-    response.headers.set('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';");
-    // Prevent clickjacking
-    response.headers.set('X-Frame-Options', 'DENY');
-    // Prevent MIME type sniffing
-    response.headers.set('X-Content-Type-Options', 'nosniff');
-    // Enable XSS protection
-    response.headers.set('X-XSS-Protection', '1; mode=block');
-    // Strict transport security for HTTPS
-    response.headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
-    // Referrer policy
-    response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
-    // Permissions policy
-    response.headers.set('Permissions-Policy', 'geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()');
-    // Cache control for sensitive auth endpoints
-    response.headers.set('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
-    response.headers.set('Pragma', 'no-cache');
-    response.headers.set('Expires', '0');
-    return response;
-}
-/**
- * Creates a login handler for Next.js API routes
- *
- * @param config Configuration for IDP connection
- * @returns Next.js POST handler function
- *
- * @example
- * ```typescript
- * // In your app's /app/api/auth/login/route.ts
- * import { createLoginHandler } from '@payez/next-mvp/api-handlers/auth/login';
- *
- * export const POST = createLoginHandler({
- *   idpBaseUrl: process.env.IDP_URL!,
- *   clientId: process.env.CLIENT_ID!,
- *   loginEndpoint: '/api/ExternalAuth/login'
- * });
- * ```
- */
-function createLoginHandler(config) {
-    const { idpBaseUrl, clientId, loginEndpoint = '/api/ExternalAuth/login', clientType = 'partner' } = config;
-    return async function POST(req) {
-        let body;
-        try {
-            body = await req.json();
-        }
-        catch (parseError) {
-            return server_1.NextResponse.json({ error: 'Invalid JSON format' }, { status: 400 });
-        }
-        const { username_or_email, password, client_type, two_factor_code, two_factor_recovery_code } = body;
-        // Validate required fields
-        if (!username_or_email || typeof username_or_email !== 'string' || username_or_email.trim() === '') {
-            return server_1.NextResponse.json({ error: 'username_or_email is required' }, { status: 400 });
-        }
-        if (!password || typeof password !== 'string' || password.trim() === '') {
-            return server_1.NextResponse.json({ error: 'Password is required' }, { status: 400 });
-        }
-        const idpUrl = `${idpBaseUrl}${loginEndpoint}`;
-        const payload = {
-            username_or_email,
-            password,
-            client_id: clientId,
-            client_type: client_type || clientType // Use provided client_type or config default
-        };
-        // Add optional 2FA fields if provided
-        if (two_factor_code) {
-            payload.two_factor_code = two_factor_code;
-        }
-        if (two_factor_recovery_code) {
-            payload.two_factor_recovery_code = two_factor_recovery_code;
-        }
-        // Extract client headers for forwarding to IDP
-        const clientHeaders = {};
-        // Forward client IP if available
-        const clientIp = req.headers.get('x-forwarded-for') || req.headers.get('x-real-ip');
-        if (clientIp) {
-            clientHeaders['X-Forwarded-For'] = clientIp.split(',')[0].trim();
-        }
-        // Forward user agent if available
-        const userAgent = req.headers.get('user-agent');
-        if (userAgent) {
-            clientHeaders['User-Agent'] = userAgent;
-        }
-        const headers = {
-            'Content-Type': 'application/json',
-            'Accept': 'application/json',
-            'Cookie': 'X-Device-Id=payez-PayEz-6c8201c35c1b44c9b2e823b36b95a718',
-            ...clientHeaders
-        };
-        try {
-            const backendResponse = await fetch(idpUrl, {
-                method: 'POST',
-                headers,
-                body: JSON.stringify(payload),
-            });
-            const rawText = await backendResponse.text();
-            let data;
-            try {
-                data = JSON.parse(rawText);
-            }
-            catch (jsonError) {
-                console.error('[LOGIN] IDP returned non-JSON response', {
-                    response: rawText,
-                    status: backendResponse.status
-                });
-                return server_1.NextResponse.json({ error: 'Invalid response from authentication service' }, { status: 502 });
-            }
-            if (!backendResponse.ok) {
-                // Handle rate limiting specifically
-                if (backendResponse.status === 429) {
-                    const retryAfter = backendResponse.headers.get('retry-after');
-                    const retryAfterSeconds = retryAfter ? parseInt(retryAfter) : 60;
-                    return addSecurityHeaders(server_1.NextResponse.json({
-                        success: false,
-                        error: 'RATE_LIMIT_EXCEEDED',
-                        message: 'Too many login attempts. Please try again later.',
-                        retryAfter: retryAfterSeconds
-                    }, { status: 429 }));
-                }
-                // Pass through error from IDP
-                console.error('[LOGIN] IDP service error', {
-                    status: backendResponse.status,
-                    error: data
-                });
-                return addSecurityHeaders(server_1.NextResponse.json(data, { status: backendResponse.status }));
-            }
-            if (!data.success) {
-                // IDP returned a canonical error envelope with HTTP 200
-                console.error('[LOGIN] IDP authentication failure', { error: data });
-                return addSecurityHeaders(server_1.NextResponse.json(data, { status: 200 }));
-            }
-            // Normalize response shape for NextAuth authorize()
-            const normalized = {
-                success: data?.success === true,
-                result: (data?.data && data?.data?.result) ? data.data.result : (data?.result ?? data),
-                // Preserve original payload for debugging/compatibility
-                original: data
-            };
-            return addSecurityHeaders(server_1.NextResponse.json(normalized));
-        }
-        catch (error) {
-            // Handle network and other errors
-            console.error('[LOGIN] FETCH FAILED:', {
-                error: error instanceof Error ? error.message : String(error),
-                idpUrl
-            });
-            if (error instanceof Error && error.message.includes('fetch')) {
-                return server_1.NextResponse.json({ error: 'Unable to connect to authentication service' }, { status: 503 });
-            }
-            return server_1.NextResponse.json({ error: 'An unexpected error occurred during login' }, { status: 500 });
-        }
-    };
-}
-/**
- * Default export for backward compatibility
- * Requires environment variables: IDP_URL, CLIENT_ID
- */
-exports.POST = createLoginHandler({
-    idpBaseUrl: process.env.IDP_URL,
-    clientId: process.env.CLIENT_ID || 'payez_default_client',
-    loginEndpoint: '/api/ExternalAuth/login'
-});