npm - @payez/next-mvp - Versions diffs - 3.9.1 → 4.0.1 - Mend

@payez/next-mvp 3.9.1 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (526) hide show

package/package.json +6 -18
package/src/api/auth-handler.ts +550 -549
package/src/api-handlers/account/change-password.ts +5 -8
package/src/api-handlers/admin/analytics.ts +4 -6
package/src/api-handlers/admin/audit.ts +5 -7
package/src/api-handlers/admin/index.ts +1 -2
package/src/api-handlers/admin/redis-sessions.ts +6 -8
package/src/api-handlers/admin/sessions.ts +5 -7
package/src/api-handlers/admin/site-logs.ts +8 -10
package/src/api-handlers/admin/stats.ts +4 -6
package/src/api-handlers/admin/users.ts +5 -7
package/src/api-handlers/admin/vibe-data.ts +10 -12
package/src/api-handlers/auth/refresh.ts +5 -7
package/src/api-handlers/auth/signout.ts +5 -6
package/src/api-handlers/auth/status.ts +4 -7
package/src/api-handlers/auth/update-session.ts +123 -125
package/src/api-handlers/auth/verify-code.ts +9 -13
package/src/api-handlers/session/viability.ts +10 -47
package/src/api-handlers/test/force-expire.ts +4 -11
package/src/auth/auth-decision.ts +1 -1
package/src/auth/better-auth.ts +138 -141
package/src/auth/route-config.ts +219 -219
package/src/auth/utils/token-utils.ts +0 -1
package/src/client/AuthContext.tsx +6 -2
package/src/client/fetch-with-auth.ts +47 -47
package/src/components/SessionSync.tsx +6 -5
package/src/components/account/MobileNavDrawer.tsx +3 -3
package/src/components/account/UserAvatarMenu.tsx +6 -3
package/src/components/admin/VibeAdminLayout.tsx +4 -2
package/src/config/logger.ts +1 -1
package/src/hooks/useAuth.ts +117 -115
package/src/hooks/useAuthSettings.ts +2 -2
package/src/hooks/useAvailableProviders.ts +9 -5
package/src/hooks/useSessionExpiration.ts +101 -102
package/src/hooks/useViabilitySession.ts +336 -335
package/src/index.ts +60 -63
package/src/lib/api-handler.ts +0 -1
package/src/lib/app-slug.ts +6 -6
package/src/lib/standardized-client-api.ts +901 -895
package/src/lib/startup-init.ts +243 -247
package/src/lib/test-aware-get-token.ts +22 -12
package/src/lib/token-lifecycle.ts +12 -53
package/src/pages/admin-login/page.tsx +9 -17
package/src/pages/client-admin/ClientSiteAdminPage.tsx +4 -2
package/src/pages/login/page.tsx +21 -28
package/src/pages/showcase/ShowcasePage.tsx +4 -2
package/src/pages/test-env/EmergencyLogoutPage.tsx +7 -6
package/src/pages/test-env/JwtInspectPage.tsx +5 -3
package/src/pages/test-env/RefreshTokenPage.tsx +157 -155
package/src/pages/test-env/TestEnvPage.tsx +4 -2
package/src/pages/verify-code/page.tsx +10 -6
package/src/routes/auth/logout.ts +7 -25
package/src/routes/auth/nextauth.ts +45 -71
package/src/routes/auth/session.ts +25 -50
package/src/routes/auth/viability.ts +7 -19
package/src/server/auth.ts +60 -0
package/src/stores/authStore.ts +1899 -1904
package/src/utils/logout.ts +30 -30
package/dist/api/auth-handler.d.ts +0 -67
package/dist/api/auth-handler.js +0 -397
package/dist/api/index.d.ts +0 -10
package/dist/api/index.js +0 -19
package/dist/api-handlers/account/change-password.d.ts +0 -9
package/dist/api-handlers/account/change-password.js +0 -112
package/dist/api-handlers/account/masked-info.d.ts +0 -2
package/dist/api-handlers/account/masked-info.js +0 -41
package/dist/api-handlers/account/profile.d.ts +0 -3
package/dist/api-handlers/account/profile.js +0 -63
package/dist/api-handlers/account/recovery/initiate.d.ts +0 -2
package/dist/api-handlers/account/recovery/initiate.js +0 -26
package/dist/api-handlers/account/recovery/send-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/send-code.js +0 -28
package/dist/api-handlers/account/recovery/verify-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/verify-code.js +0 -28
package/dist/api-handlers/account/reset-password.d.ts +0 -2
package/dist/api-handlers/account/reset-password.js +0 -26
package/dist/api-handlers/account/send-code.d.ts +0 -24
package/dist/api-handlers/account/send-code.js +0 -60
package/dist/api-handlers/account/update-phone.d.ts +0 -27
package/dist/api-handlers/account/update-phone.js +0 -64
package/dist/api-handlers/account/validate-password.d.ts +0 -17
package/dist/api-handlers/account/validate-password.js +0 -81
package/dist/api-handlers/account/verify-email.d.ts +0 -26
package/dist/api-handlers/account/verify-email.js +0 -106
package/dist/api-handlers/account/verify-sms.d.ts +0 -26
package/dist/api-handlers/account/verify-sms.js +0 -106
package/dist/api-handlers/admin/analytics.d.ts +0 -20
package/dist/api-handlers/admin/analytics.js +0 -379
package/dist/api-handlers/admin/audit.d.ts +0 -20
package/dist/api-handlers/admin/audit.js +0 -214
package/dist/api-handlers/admin/index.d.ts +0 -22
package/dist/api-handlers/admin/index.js +0 -43
package/dist/api-handlers/admin/redis-sessions.d.ts +0 -36
package/dist/api-handlers/admin/redis-sessions.js +0 -204
package/dist/api-handlers/admin/sessions.d.ts +0 -21
package/dist/api-handlers/admin/sessions.js +0 -284
package/dist/api-handlers/admin/site-logs.d.ts +0 -46
package/dist/api-handlers/admin/site-logs.js +0 -318
package/dist/api-handlers/admin/stats.d.ts +0 -21
package/dist/api-handlers/admin/stats.js +0 -240
package/dist/api-handlers/admin/users.d.ts +0 -20
package/dist/api-handlers/admin/users.js +0 -222
package/dist/api-handlers/admin/vibe-data.d.ts +0 -80
package/dist/api-handlers/admin/vibe-data.js +0 -268
package/dist/api-handlers/anon/preferences.d.ts +0 -37
package/dist/api-handlers/anon/preferences.js +0 -96
package/dist/api-handlers/auth/jwks.d.ts +0 -2
package/dist/api-handlers/auth/jwks.js +0 -24
package/dist/api-handlers/auth/login.d.ts +0 -42
package/dist/api-handlers/auth/login.js +0 -178
package/dist/api-handlers/auth/refresh.d.ts +0 -74
package/dist/api-handlers/auth/refresh.js +0 -635
package/dist/api-handlers/auth/signout.d.ts +0 -37
package/dist/api-handlers/auth/signout.js +0 -187
package/dist/api-handlers/auth/status.d.ts +0 -8
package/dist/api-handlers/auth/status.js +0 -26
package/dist/api-handlers/auth/update-session.d.ts +0 -37
package/dist/api-handlers/auth/update-session.js +0 -95
package/dist/api-handlers/auth/validate.d.ts +0 -6
package/dist/api-handlers/auth/validate.js +0 -43
package/dist/api-handlers/auth/verify-code.d.ts +0 -43
package/dist/api-handlers/auth/verify-code.js +0 -94
package/dist/api-handlers/session/refresh-viability.d.ts +0 -14
package/dist/api-handlers/session/refresh-viability.js +0 -39
package/dist/api-handlers/session/viability.d.ts +0 -13
package/dist/api-handlers/session/viability.js +0 -146
package/dist/api-handlers/test/force-expire.d.ts +0 -23
package/dist/api-handlers/test/force-expire.js +0 -65
package/dist/auth/auth-decision.d.ts +0 -39
package/dist/auth/auth-decision.js +0 -182
package/dist/auth/auth-options.d.ts +0 -57
package/dist/auth/auth-options.js +0 -213
package/dist/auth/better-auth.d.ts +0 -82
package/dist/auth/better-auth.js +0 -122
package/dist/auth/callbacks/index.d.ts +0 -6
package/dist/auth/callbacks/index.js +0 -12
package/dist/auth/callbacks/jwt.d.ts +0 -45
package/dist/auth/callbacks/jwt.js +0 -305
package/dist/auth/callbacks/session.d.ts +0 -60
package/dist/auth/callbacks/session.js +0 -170
package/dist/auth/callbacks/signin.d.ts +0 -23
package/dist/auth/callbacks/signin.js +0 -44
package/dist/auth/events/index.d.ts +0 -4
package/dist/auth/events/index.js +0 -8
package/dist/auth/events/signout.d.ts +0 -17
package/dist/auth/events/signout.js +0 -32
package/dist/auth/providers/credentials.d.ts +0 -32
package/dist/auth/providers/credentials.js +0 -223
package/dist/auth/providers/index.d.ts +0 -5
package/dist/auth/providers/index.js +0 -21
package/dist/auth/providers/oauth.d.ts +0 -26
package/dist/auth/providers/oauth.js +0 -105
package/dist/auth/route-config.d.ts +0 -66
package/dist/auth/route-config.js +0 -190
package/dist/auth/types/auth-types.d.ts +0 -417
package/dist/auth/types/auth-types.js +0 -53
package/dist/auth/types/index.d.ts +0 -6
package/dist/auth/types/index.js +0 -22
package/dist/auth/unauthenticated-routes.d.ts +0 -1
package/dist/auth/unauthenticated-routes.js +0 -19
package/dist/auth/utils/idp-client.d.ts +0 -94
package/dist/auth/utils/idp-client.js +0 -384
package/dist/auth/utils/index.d.ts +0 -5
package/dist/auth/utils/index.js +0 -21
package/dist/auth/utils/token-utils.d.ts +0 -84
package/dist/auth/utils/token-utils.js +0 -219
package/dist/client/AuthContext.d.ts +0 -19
package/dist/client/AuthContext.js +0 -112
package/dist/client/better-auth-client.d.ts +0 -1020
package/dist/client/better-auth-client.js +0 -68
package/dist/client/fetch-with-auth.d.ts +0 -11
package/dist/client/fetch-with-auth.js +0 -44
package/dist/client/fetchWithSession.d.ts +0 -3
package/dist/client/fetchWithSession.js +0 -24
package/dist/client/index.d.ts +0 -9
package/dist/client/index.js +0 -20
package/dist/client/useAnonSession.d.ts +0 -36
package/dist/client/useAnonSession.js +0 -99
package/dist/components/SessionSync.d.ts +0 -13
package/dist/components/SessionSync.js +0 -119
package/dist/components/SignalRHealthCheck.d.ts +0 -10
package/dist/components/SignalRHealthCheck.js +0 -97
package/dist/components/account/MobileNavDrawer.d.ts +0 -32
package/dist/components/account/MobileNavDrawer.js +0 -81
package/dist/components/account/UserAvatarMenu.d.ts +0 -20
package/dist/components/account/UserAvatarMenu.js +0 -88
package/dist/components/account/index.d.ts +0 -9
package/dist/components/account/index.js +0 -13
package/dist/components/admin/AlertSettingsTab.d.ts +0 -48
package/dist/components/admin/AlertSettingsTab.js +0 -351
package/dist/components/admin/AnalyticsTab.d.ts +0 -22
package/dist/components/admin/AnalyticsTab.js +0 -167
package/dist/components/admin/DataBrowserTab.d.ts +0 -19
package/dist/components/admin/DataBrowserTab.js +0 -252
package/dist/components/admin/LoggingSettingsTab.d.ts +0 -73
package/dist/components/admin/LoggingSettingsTab.js +0 -339
package/dist/components/admin/SessionsTab.d.ts +0 -37
package/dist/components/admin/SessionsTab.js +0 -165
package/dist/components/admin/StatsTab.d.ts +0 -53
package/dist/components/admin/StatsTab.js +0 -161
package/dist/components/admin/VibeAdminContext.d.ts +0 -32
package/dist/components/admin/VibeAdminContext.js +0 -38
package/dist/components/admin/VibeAdminLayout.d.ts +0 -11
package/dist/components/admin/VibeAdminLayout.js +0 -69
package/dist/components/admin/index.d.ts +0 -29
package/dist/components/admin/index.js +0 -44
package/dist/components/auth/FederatedAuthSection.d.ts +0 -8
package/dist/components/auth/FederatedAuthSection.js +0 -45
package/dist/components/auth/ModeAwareLoginPage.d.ts +0 -10
package/dist/components/auth/ModeAwareLoginPage.js +0 -42
package/dist/components/auth/ModeAwareSignupPage.d.ts +0 -9
package/dist/components/auth/ModeAwareSignupPage.js +0 -78
package/dist/components/auth/TraditionalAuthSection.d.ts +0 -14
package/dist/components/auth/TraditionalAuthSection.js +0 -20
package/dist/components/recovery/CompleteStep.d.ts +0 -5
package/dist/components/recovery/CompleteStep.js +0 -8
package/dist/components/recovery/InitiateRecoveryStep.d.ts +0 -8
package/dist/components/recovery/InitiateRecoveryStep.js +0 -20
package/dist/components/recovery/SelectMethodStep.d.ts +0 -8
package/dist/components/recovery/SelectMethodStep.js +0 -8
package/dist/components/recovery/SetPasswordStep.d.ts +0 -6
package/dist/components/recovery/SetPasswordStep.js +0 -20
package/dist/components/recovery/VerifyCodeStep.d.ts +0 -10
package/dist/components/recovery/VerifyCodeStep.js +0 -24
package/dist/components/reserved/ReservedRecoveryWarning.d.ts +0 -38
package/dist/components/reserved/ReservedRecoveryWarning.js +0 -92
package/dist/components/reserved/ReservedStatusBox.d.ts +0 -30
package/dist/components/reserved/ReservedStatusBox.js +0 -71
package/dist/components/ui/BetaBadge.d.ts +0 -29
package/dist/components/ui/BetaBadge.js +0 -38
package/dist/components/ui/Footer.d.ts +0 -37
package/dist/components/ui/Footer.js +0 -41
package/dist/config/env.d.ts +0 -66
package/dist/config/env.js +0 -57
package/dist/config/logger.d.ts +0 -57
package/dist/config/logger.js +0 -73
package/dist/config/logging-config.d.ts +0 -30
package/dist/config/logging-config.js +0 -122
package/dist/config/unauthenticated-routes.d.ts +0 -17
package/dist/config/unauthenticated-routes.js +0 -24
package/dist/config/vibe-log-transport.d.ts +0 -81
package/dist/config/vibe-log-transport.js +0 -212
package/dist/edge/internal-api-url.d.ts +0 -53
package/dist/edge/internal-api-url.js +0 -63
package/dist/edge/middleware.d.ts +0 -14
package/dist/edge/middleware.js +0 -32
package/dist/hooks/useAuth.d.ts +0 -23
package/dist/hooks/useAuth.js +0 -81
package/dist/hooks/useAuthSettings.d.ts +0 -59
package/dist/hooks/useAuthSettings.js +0 -93
package/dist/hooks/useAvailableProviders.d.ts +0 -45
package/dist/hooks/useAvailableProviders.js +0 -108
package/dist/hooks/usePasswordValidation.d.ts +0 -27
package/dist/hooks/usePasswordValidation.js +0 -102
package/dist/hooks/useProfile.d.ts +0 -15
package/dist/hooks/useProfile.js +0 -59
package/dist/hooks/usePublicAuthSettings.d.ts +0 -56
package/dist/hooks/usePublicAuthSettings.js +0 -131
package/dist/hooks/useSessionExpiration.d.ts +0 -57
package/dist/hooks/useSessionExpiration.js +0 -72
package/dist/hooks/useViabilitySession.d.ts +0 -75
package/dist/hooks/useViabilitySession.js +0 -268
package/dist/index.d.ts +0 -12
package/dist/index.js +0 -55
package/dist/lib/anon-session.d.ts +0 -74
package/dist/lib/anon-session.js +0 -169
package/dist/lib/api-handler.d.ts +0 -123
package/dist/lib/api-handler.js +0 -478
package/dist/lib/app-slug.d.ts +0 -95
package/dist/lib/app-slug.js +0 -172
package/dist/lib/demo-mode.d.ts +0 -6
package/dist/lib/demo-mode.js +0 -16
package/dist/lib/geolocation.d.ts +0 -64
package/dist/lib/geolocation.js +0 -235
package/dist/lib/idp-client-config.d.ts +0 -75
package/dist/lib/idp-client-config.js +0 -425
package/dist/lib/idp-fetch.d.ts +0 -14
package/dist/lib/idp-fetch.js +0 -91
package/dist/lib/internal-api.d.ts +0 -87
package/dist/lib/internal-api.js +0 -122
package/dist/lib/jwt-decode-client.d.ts +0 -10
package/dist/lib/jwt-decode-client.js +0 -46
package/dist/lib/jwt-decode.d.ts +0 -48
package/dist/lib/jwt-decode.js +0 -57
package/dist/lib/nextauth-secret.d.ts +0 -10
package/dist/lib/nextauth-secret.js +0 -100
package/dist/lib/rate-limit-service.d.ts +0 -23
package/dist/lib/rate-limit-service.js +0 -6
package/dist/lib/redis.d.ts +0 -5
package/dist/lib/redis.js +0 -28
package/dist/lib/refresh-token-validator.d.ts +0 -13
package/dist/lib/refresh-token-validator.js +0 -117
package/dist/lib/roles.d.ts +0 -145
package/dist/lib/roles.js +0 -168
package/dist/lib/secret-validation.d.ts +0 -4
package/dist/lib/secret-validation.js +0 -14
package/dist/lib/session-store.d.ts +0 -170
package/dist/lib/session-store.js +0 -545
package/dist/lib/session.d.ts +0 -21
package/dist/lib/session.js +0 -26
package/dist/lib/site-logger.d.ts +0 -214
package/dist/lib/site-logger.js +0 -210
package/dist/lib/standardized-client-api.d.ts +0 -161
package/dist/lib/standardized-client-api.js +0 -786
package/dist/lib/startup-init.d.ts +0 -40
package/dist/lib/startup-init.js +0 -261
package/dist/lib/test-aware-get-token.d.ts +0 -2
package/dist/lib/test-aware-get-token.js +0 -81
package/dist/lib/token-expiry.d.ts +0 -14
package/dist/lib/token-expiry.js +0 -39
package/dist/lib/token-lifecycle.d.ts +0 -52
package/dist/lib/token-lifecycle.js +0 -398
package/dist/lib/types/api-responses.d.ts +0 -128
package/dist/lib/types/api-responses.js +0 -171
package/dist/lib/user-agent-parser.d.ts +0 -50
package/dist/lib/user-agent-parser.js +0 -220
package/dist/logging/api/admin-analytics.d.ts +0 -3
package/dist/logging/api/admin-analytics.js +0 -45
package/dist/logging/api/audit-log.d.ts +0 -3
package/dist/logging/api/audit-log.js +0 -52
package/dist/logging/components/AdminAnalyticsLayout.d.ts +0 -10
package/dist/logging/components/AdminAnalyticsLayout.js +0 -11
package/dist/logging/components/AuditLogViewer.d.ts +0 -7
package/dist/logging/components/AuditLogViewer.js +0 -51
package/dist/logging/components/ErrorMetricsCard.d.ts +0 -7
package/dist/logging/components/ErrorMetricsCard.js +0 -16
package/dist/logging/components/HealthMetricsCard.d.ts +0 -7
package/dist/logging/components/HealthMetricsCard.js +0 -19
package/dist/logging/hooks/useAdminAnalytics.d.ts +0 -24
package/dist/logging/hooks/useAdminAnalytics.js +0 -22
package/dist/logging/hooks/useAuditLog.d.ts +0 -6
package/dist/logging/hooks/useAuditLog.js +0 -25
package/dist/logging/hooks/useErrorMetrics.d.ts +0 -6
package/dist/logging/hooks/useErrorMetrics.js +0 -38
package/dist/logging/hooks/useHealthMetrics.d.ts +0 -6
package/dist/logging/hooks/useHealthMetrics.js +0 -41
package/dist/logging/index.d.ts +0 -11
package/dist/logging/index.js +0 -40
package/dist/logging/types/analytics.d.ts +0 -68
package/dist/logging/types/analytics.js +0 -3
package/dist/logging/types/audit.d.ts +0 -29
package/dist/logging/types/audit.js +0 -2
package/dist/logging/types/index.d.ts +0 -2
package/dist/logging/types/index.js +0 -19
package/dist/middleware/auth-decision.d.ts +0 -33
package/dist/middleware/auth-decision.js +0 -65
package/dist/middleware/create-middleware.d.ts +0 -102
package/dist/middleware/create-middleware.js +0 -469
package/dist/middleware/rbac-check.d.ts +0 -51
package/dist/middleware/rbac-check.js +0 -219
package/dist/middleware/twofa-presets.d.ts +0 -134
package/dist/middleware/twofa-presets.js +0 -175
package/dist/models/DecodedAccessToken.d.ts +0 -17
package/dist/models/DecodedAccessToken.js +0 -2
package/dist/models/SessionModel.d.ts +0 -122
package/dist/models/SessionModel.js +0 -136
package/dist/pages/admin-login/page.d.ts +0 -31
package/dist/pages/admin-login/page.js +0 -83
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.d.ts +0 -18
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.js +0 -276
package/dist/pages/admin-page-permissions/index.d.ts +0 -6
package/dist/pages/admin-page-permissions/index.js +0 -13
package/dist/pages/admin-roles/RolesAdminPage.d.ts +0 -16
package/dist/pages/admin-roles/RolesAdminPage.js +0 -261
package/dist/pages/admin-roles/index.d.ts +0 -8
package/dist/pages/admin-roles/index.js +0 -15
package/dist/pages/admin-roles/modals.d.ts +0 -72
package/dist/pages/admin-roles/modals.js +0 -154
package/dist/pages/client-admin/ClientSiteAdminPage.d.ts +0 -79
package/dist/pages/client-admin/ClientSiteAdminPage.js +0 -177
package/dist/pages/client-admin/index.d.ts +0 -32
package/dist/pages/client-admin/index.js +0 -37
package/dist/pages/coming-soon/page.d.ts +0 -8
package/dist/pages/coming-soon/page.js +0 -28
package/dist/pages/login/page.d.ts +0 -22
package/dist/pages/login/page.js +0 -239
package/dist/pages/profile/EnhancedProfilePage.d.ts +0 -13
package/dist/pages/profile/EnhancedProfilePage.js +0 -150
package/dist/pages/profile/index.d.ts +0 -8
package/dist/pages/profile/index.js +0 -16
package/dist/pages/profile/page.d.ts +0 -19
package/dist/pages/profile/page.js +0 -47
package/dist/pages/profile/profile-patch.d.ts +0 -1
package/dist/pages/profile/profile-patch.js +0 -281
package/dist/pages/recovery/page.d.ts +0 -1
package/dist/pages/recovery/page.js +0 -142
package/dist/pages/roles/MyRolesPage.d.ts +0 -24
package/dist/pages/roles/MyRolesPage.js +0 -71
package/dist/pages/roles/components.d.ts +0 -63
package/dist/pages/roles/components.js +0 -108
package/dist/pages/roles/index.d.ts +0 -8
package/dist/pages/roles/index.js +0 -19
package/dist/pages/security/EnhancedSecurityPage.d.ts +0 -14
package/dist/pages/security/EnhancedSecurityPage.js +0 -248
package/dist/pages/security/index.d.ts +0 -8
package/dist/pages/security/index.js +0 -16
package/dist/pages/security/page.d.ts +0 -21
package/dist/pages/security/page.js +0 -212
package/dist/pages/security/security-patch.d.ts +0 -1
package/dist/pages/security/security-patch.js +0 -302
package/dist/pages/settings/EnhancedSettingsPage.d.ts +0 -46
package/dist/pages/settings/EnhancedSettingsPage.js +0 -231
package/dist/pages/settings/index.d.ts +0 -8
package/dist/pages/settings/index.js +0 -16
package/dist/pages/settings/page.d.ts +0 -7
package/dist/pages/settings/page.js +0 -26
package/dist/pages/showcase/ShowcasePage.d.ts +0 -13
package/dist/pages/showcase/ShowcasePage.js +0 -140
package/dist/pages/showcase/index.d.ts +0 -12
package/dist/pages/showcase/index.js +0 -17
package/dist/pages/test-env/EmergencyLogoutPage.d.ts +0 -14
package/dist/pages/test-env/EmergencyLogoutPage.js +0 -98
package/dist/pages/test-env/JwtInspectPage.d.ts +0 -14
package/dist/pages/test-env/JwtInspectPage.js +0 -114
package/dist/pages/test-env/RefreshTokenPage.d.ts +0 -15
package/dist/pages/test-env/RefreshTokenPage.js +0 -91
package/dist/pages/test-env/TestEnvPage.d.ts +0 -13
package/dist/pages/test-env/TestEnvPage.js +0 -49
package/dist/pages/test-env/index.d.ts +0 -24
package/dist/pages/test-env/index.js +0 -32
package/dist/pages/verify-code/page.d.ts +0 -30
package/dist/pages/verify-code/page.js +0 -408
package/dist/routes/account/index.d.ts +0 -28
package/dist/routes/account/index.js +0 -71
package/dist/routes/account/masked-info.d.ts +0 -33
package/dist/routes/account/masked-info.js +0 -39
package/dist/routes/account/send-code.d.ts +0 -37
package/dist/routes/account/send-code.js +0 -42
package/dist/routes/account/update-phone.d.ts +0 -13
package/dist/routes/account/update-phone.js +0 -17
package/dist/routes/account/verify-email.d.ts +0 -38
package/dist/routes/account/verify-email.js +0 -43
package/dist/routes/account/verify-sms.d.ts +0 -38
package/dist/routes/account/verify-sms.js +0 -43
package/dist/routes/auth/index.d.ts +0 -19
package/dist/routes/auth/index.js +0 -64
package/dist/routes/auth/logout.d.ts +0 -31
package/dist/routes/auth/logout.js +0 -113
package/dist/routes/auth/nextauth.d.ts +0 -19
package/dist/routes/auth/nextauth.js +0 -72
package/dist/routes/auth/refresh.d.ts +0 -30
package/dist/routes/auth/refresh.js +0 -51
package/dist/routes/auth/session.d.ts +0 -43
package/dist/routes/auth/session.js +0 -179
package/dist/routes/auth/settings.d.ts +0 -25
package/dist/routes/auth/settings.js +0 -55
package/dist/routes/auth/viability.d.ts +0 -52
package/dist/routes/auth/viability.js +0 -201
package/dist/routes/index.d.ts +0 -12
package/dist/routes/index.js +0 -54
package/dist/routes/session/index.d.ts +0 -6
package/dist/routes/session/index.js +0 -10
package/dist/routes/session/refresh-viability.d.ts +0 -16
package/dist/routes/session/refresh-viability.js +0 -20
package/dist/server/auth-guard.d.ts +0 -46
package/dist/server/auth-guard.js +0 -128
package/dist/server/decode-session.d.ts +0 -30
package/dist/server/decode-session.js +0 -78
package/dist/server/slim-middleware.d.ts +0 -23
package/dist/server/slim-middleware.js +0 -89
package/dist/server/with-auth.d.ts +0 -33
package/dist/server/with-auth.js +0 -59
package/dist/services/signalrActivityService.d.ts +0 -44
package/dist/services/signalrActivityService.js +0 -257
package/dist/stores/authStore.d.ts +0 -154
package/dist/stores/authStore.js +0 -1531
package/dist/theme/ThemeProvider.d.ts +0 -14
package/dist/theme/ThemeProvider.js +0 -28
package/dist/theme/default.d.ts +0 -8
package/dist/theme/default.js +0 -33
package/dist/theme/index.d.ts +0 -15
package/dist/theme/index.js +0 -25
package/dist/theme/types.d.ts +0 -56
package/dist/theme/types.js +0 -8
package/dist/theme/useTheme.d.ts +0 -60
package/dist/theme/useTheme.js +0 -63
package/dist/theme/utils.d.ts +0 -13
package/dist/theme/utils.js +0 -39
package/dist/types/api.d.ts +0 -134
package/dist/types/api.js +0 -44
package/dist/types/auth.d.ts +0 -19
package/dist/types/auth.js +0 -2
package/dist/types/logging.d.ts +0 -42
package/dist/types/logging.js +0 -2
package/dist/types/recovery.d.ts +0 -48
package/dist/types/recovery.js +0 -2
package/dist/types/security.d.ts +0 -1
package/dist/types/security.js +0 -2
package/dist/utils/api.d.ts +0 -85
package/dist/utils/api.js +0 -287
package/dist/utils/circuitBreaker.d.ts +0 -43
package/dist/utils/circuitBreaker.js +0 -91
package/dist/utils/error-message.d.ts +0 -1
package/dist/utils/error-message.js +0 -103
package/dist/utils/layout/reservedSpace.d.ts +0 -59
package/dist/utils/layout/reservedSpace.js +0 -102
package/dist/utils/logout.d.ts +0 -14
package/dist/utils/logout.js +0 -32
package/dist/vibe/client.d.ts +0 -261
package/dist/vibe/client.js +0 -445
package/dist/vibe/enterprise-auth.d.ts +0 -106
package/dist/vibe/enterprise-auth.js +0 -173
package/dist/vibe/errors.d.ts +0 -83
package/dist/vibe/errors.js +0 -146
package/dist/vibe/generic.d.ts +0 -234
package/dist/vibe/generic.js +0 -369
package/dist/vibe/hooks/index.d.ts +0 -169
package/dist/vibe/hooks/index.js +0 -252
package/dist/vibe/index.d.ts +0 -25
package/dist/vibe/index.js +0 -72
package/dist/vibe/sessions.d.ts +0 -161
package/dist/vibe/sessions.js +0 -391
package/dist/vibe/types.d.ts +0 -353
package/dist/vibe/types.js +0 -315
package/src/auth/auth-options.ts +0 -237
package/src/auth/callbacks/index.ts +0 -7
package/src/auth/callbacks/jwt.ts +0 -382
package/src/auth/callbacks/session.ts +0 -243
package/src/auth/callbacks/signin.ts +0 -56
package/src/auth/events/index.ts +0 -5
package/src/auth/events/signout.ts +0 -33
package/src/auth/providers/credentials.ts +0 -256
package/src/auth/providers/index.ts +0 -6
package/src/auth/providers/oauth.ts +0 -114
package/src/lib/nextauth-secret.ts +0 -121
package/src/types/next-auth.d.ts +0 -15

package/dist/auth/callbacks/jwt.js DELETED Viewed

@@ -1,305 +0,0 @@
-"use strict";
-/**
- * JWT Callback
- *
- * Minimal token strategy - only store redisSessionId in JWT.
- * All session data lives in Redis, not in the browser cookie.
- *
- * HANDLES:
- * - Initial sign-in (credentials): Store redisSessionId from authorize()
- * - Initial sign-in (OAuth): Register with IDP, create session, store redisSessionId
- * - Subsequent requests: Validate session exists, return token
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.jwtCallback = jwtCallback;
-const crypto_1 = require("crypto");
-const session_store_1 = require("../../lib/session-store");
-const idp_client_config_1 = require("../../lib/idp-client-config");
-const idp_client_1 = require("../utils/idp-client");
-const token_utils_1 = require("../utils/token-utils");
-// NOTE: Using any for sessionData until Phase 3 normalizes types
-// ============================================================================
-// VIBE ROLE FETCHING
-// ============================================================================
-/**
- * Generate HMAC signature for Vibe API request.
- */
-function generateVibeSignature(endpoint, clientId, timestamp) {
-    const signingKey = process.env.VIBE_SIGNING_KEY;
-    if (!signingKey) {
-        return '';
-    }
-    const stringToSign = `${timestamp}|GET|${endpoint}|${clientId}`;
-    return (0, crypto_1.createHmac)('sha256', Buffer.from(signingKey, 'base64'))
-        .update(stringToSign)
-        .digest('base64');
-}
-/**
- * Fetch user's roles from Vibe API.
- * Returns empty array on failure (non-blocking).
- * Uses HMAC signature for authentication when signing key is configured.
- */
-async function fetchVibeRoles(userId, clientId) {
-    const vibeApiUrl = process.env.VIBE_API_URL;
-    if (!vibeApiUrl) {
-        return [];
-    }
-    const endpoint = `/api/v1/users/${userId}/roles`;
-    const timestamp = Math.floor(Date.now() / 1000);
-    const signature = generateVibeSignature(endpoint, clientId, timestamp);
-    // Build headers with optional signature
-    const headers = {
-        'Accept': 'application/json',
-        'X-Client-Id': clientId,
-        'X-Vibe-Client-Id': clientId,
-    };
-    if (signature) {
-        headers['X-Vibe-Timestamp'] = String(timestamp);
-        headers['X-Vibe-Signature'] = signature;
-    }
-    try {
-        const response = await fetch(`${vibeApiUrl}${endpoint}`, {
-            method: 'GET',
-            headers,
-            // 2 second timeout
-            signal: AbortSignal.timeout(2000),
-        });
-        if (!response.ok) {
-            console.warn('[JWT_CALLBACK] Failed to fetch Vibe roles:', response.status);
-            return [];
-        }
-        const data = await response.json();
-        const roles = data.roles?.map((r) => r.role_name || r) || [];
-        console.log('[JWT_CALLBACK] Fetched Vibe roles:', roles);
-        return roles;
-    }
-    catch (error) {
-        console.warn('[JWT_CALLBACK] Error fetching Vibe roles (continuing with IDP roles only):', error);
-        return [];
-    }
-}
-/**
- * Merge IDP roles with Vibe roles, deduplicating.
- */
-function mergeRoles(idpRoles, vibeRoles) {
-    return [...new Set([...idpRoles, ...vibeRoles])];
-}
-// ============================================================================
-// JWT CALLBACK
-// ============================================================================
-/**
- * JWT callback - builds the NextAuth JWT token.
- *
- * MINIMAL TOKEN STRATEGY:
- * - Only store redisSessionId (key to Redis session)
- * - All tokens and user data live in Redis
- * - Browser cookie stays small and secure
- *
- * @param params - JWT callback parameters from NextAuth
- * @returns JWT payload to store in browser cookie
- */
-async function jwtCallback({ token, user, account, trigger, }) {
-    console.log('[JWT_CALLBACK] Called with:', {
-        trigger,
-        hasAccount: !!account,
-        provider: account?.provider,
-        hasUser: !!user,
-        userEmail: user?.email,
-        existingRedisSessionId: token?.redisSessionId ? 'yes' : 'no',
-    });
-    // -------------------------------------------------------------------------
-    // OAuth Sign-In: Register with IDP and create session
-    // -------------------------------------------------------------------------
-    if (account && account.provider !== 'credentials') {
-        console.log('[JWT_CALLBACK] Handling OAuth sign-in for provider:', account.provider);
-        return handleOAuthSignIn(token, user, account);
-    }
-    // -------------------------------------------------------------------------
-    // Credentials Sign-In: Session already created in authorize()
-    // -------------------------------------------------------------------------
-    if (user && user.redisSessionId) {
-        // Credentials authorize() returns redisSessionId
-        const redisSessionId = user.redisSessionId;
-        return {
-            ...token,
-            redisSessionId,
-            sub: user.id || token.sub || 'unknown',
-        };
-    }
-    // -------------------------------------------------------------------------
-    // Subsequent Requests: Validate session exists
-    // -------------------------------------------------------------------------
-    const redisSessionId = user?.redisSessionId || token?.redisSessionId || token?.redisSessionId;
-    if (!redisSessionId) {
-        return { ...token, error: 'NoSession', sub: token.sub || 'unknown' };
-    }
-    // Validate session still exists in Redis
-    try {
-        const sessionData = await (0, session_store_1.getSession)(redisSessionId);
-        if (!sessionData) {
-            // Session expired or deleted
-            return { ...token, error: 'SessionNotFound', sub: token.sub || 'unknown' };
-        }
-        // Check if refresh token has expired (session should be terminated)
-        if (sessionData.idpRefreshTokenExpires && Date.now() >= sessionData.idpRefreshTokenExpires) {
-            return { ...token, error: 'RefreshTokenExpired', sub: token.sub || 'unknown' };
-        }
-        // Check if MFA has expired (requires step-up authentication)
-        if (sessionData.mfaExpiresAt && Date.now() > sessionData.mfaExpiresAt) {
-            return {
-                ...token,
-                redisSessionId,
-                sub: sessionData.userId,
-                error: 'MfaExpired',
-            };
-        }
-    }
-    catch (error) {
-        console.error('[JWT_CALLBACK] Session validation error:', error);
-        return { ...token, error: 'SessionError', sub: token.sub || 'unknown' };
-    }
-    // Session is valid - return minimal token
-    return {
-        ...token,
-        redisSessionId,
-        sub: token.sub || 'unknown',
-    };
-}
-// ============================================================================
-// OAUTH SIGN-IN HANDLER
-// ============================================================================
-/**
- * Handle OAuth sign-in by registering with IDP and creating session.
- */
-async function handleOAuthSignIn(token, user, account) {
-    console.log('[JWT_CALLBACK] handleOAuthSignIn starting for:', {
-        provider: account.provider,
-        email: user?.email,
-        providerAccountId: account.providerAccountId,
-    });
-    try {
-        // Call IDP to register/authenticate OAuth user
-        const idpResult = await (0, idp_client_1.idpOAuthCallback)({
-            provider: account.provider,
-            providerAccountId: account.providerAccountId,
-            email: user?.email || '',
-            name: user?.name || '',
-            image: user?.image || '',
-            accessToken: account.access_token,
-            refreshToken: account.refresh_token,
-            expiresAt: account.expires_at,
-        });
-        // Build session data using normalized field names
-        let sessionData;
-        let mfaVerified = false;
-        if (idpResult.success && idpResult.data?.accessToken) {
-            // IDP integration succeeded - we have IDP tokens
-            const decoded = (0, token_utils_1.decodeIdpAccessToken)(idpResult.data.accessToken);
-            const amrClaims = decoded ? (0, token_utils_1.extractAmrFromToken)(decoded) : [];
-            const acrLevel = decoded?.acr || '1';
-            // Extract kid from JWT header (CRITICAL: different from client_id in payload)
-            const bearerKeyId = (0, token_utils_1.extractKidFromToken)(idpResult.data.accessToken);
-            if (bearerKeyId) {
-                console.log('[JWT_CALLBACK] Extracted bearerKeyId (kid) from JWT header:', bearerKeyId);
-            }
-            else {
-                console.warn('[JWT_CALLBACK] No kid found in JWT header');
-            }
-            // Check if MFA is required for this client
-            try {
-                const clientConfig = await (0, idp_client_config_1.getIDPClientConfig)();
-                const require2FA = clientConfig?.authSettings?.require2FA ?? true;
-                mfaVerified = !require2FA; // If MFA not required, mark as verified
-            }
-            catch {
-                // Default to requiring MFA if config unavailable
-                mfaVerified = false;
-            }
-            sessionData = {
-                userId: idpResult.data.user?.userId?.toString() || account.providerAccountId,
-                email: idpResult.data.user?.email || user?.email || '',
-                name: idpResult.data.user?.fullName || user?.name || '',
-                roles: idpResult.data.user?.roles || [],
-                // IDP tokens (normalized names)
-                idpAccessToken: idpResult.data.accessToken,
-                idpRefreshToken: idpResult.data.refreshToken,
-                idpAccessTokenExpires: decoded?.exp ? (0, token_utils_1.expClaimToMs)(decoded.exp) : Date.now() + 3600000,
-                decodedAccessToken: decoded || undefined,
-                // Bearer key ID from JWT header (NOT client_id from payload)
-                bearerKeyId,
-                // MFA state (normalized names)
-                mfaVerified,
-                authenticationMethods: amrClaims,
-                authenticationLevel: acrLevel,
-                // OAuth provider info (normalized names)
-                oauthProvider: account.provider,
-                oauthProviderToken: account.access_token,
-                oauthProviderRefreshToken: account.refresh_token,
-                // Multi-tenant info
-                idpClientId: decoded?.client_id,
-                merchantId: decoded?.merchant_id,
-            };
-        }
-        else {
-            // IDP integration failed - create OAuth-only session
-            // This allows OAuth login to work even if IDP is unavailable
-            mfaVerified = true; // OAuth IS multi-factor (Google/Microsoft handle MFA)
-            sessionData = {
-                userId: account.providerAccountId,
-                email: user?.email || '',
-                name: user?.name || '',
-                roles: [],
-                mfaVerified: true, // OAuth IS multi-factor
-                oauthProvider: account.provider,
-                oauthProviderToken: account.access_token,
-                oauthProviderRefreshToken: account.refresh_token,
-                idpAccessTokenExpires: account.expires_at
-                    ? account.expires_at * 1000
-                    : Date.now() + 3600000,
-            };
-        }
-        // -------------------------------------------------------------------------
-        // ROLE MERGING: Fetch Vibe roles and merge with IDP roles
-        // -------------------------------------------------------------------------
-        const clientId = sessionData.idpClientId || process.env.IDP_CLIENT_ID || '';
-        if (clientId && sessionData.userId) {
-            const vibeRoles = await fetchVibeRoles(sessionData.userId, clientId);
-            // SECURITY: Filter out protected IDP-level role prefixes to prevent injection
-            const safeVibeRoles = vibeRoles.filter(r => !r.startsWith('payez_'));
-            const idpRoles = sessionData.roles || [];
-            sessionData.roles = mergeRoles(idpRoles, safeVibeRoles);
-            console.log('[JWT_CALLBACK] Merged roles:', {
-                idpRoles,
-                vibeRoles,
-                safeVibeRoles,
-                merged: sessionData.roles,
-            });
-        }
-        // Create Redis session
-        console.log('[JWT_CALLBACK] Creating Redis session for:', {
-            userId: sessionData.userId,
-            email: sessionData.email,
-            mfaVerified: sessionData.mfaVerified,
-            roles: sessionData.roles,
-        });
-        const redisSessionId = await (0, session_store_1.createSession)(sessionData);
-        console.log('[JWT_CALLBACK] Redis session created:', {
-            redisSessionId: redisSessionId ? redisSessionId.substring(0, 8) + '...' : 'NONE',
-        });
-        // Check if immediate MFA redirect is needed
-        const needsImmediateTwoFactor = !mfaVerified;
-        return {
-            ...token,
-            redisSessionId,
-            sub: sessionData.userId,
-            requiresTwoFactorRedirect: needsImmediateTwoFactor,
-        };
-    }
-    catch (error) {
-        console.error('[JWT_CALLBACK] handleOAuthSignIn FAILED:', error);
-        return { ...token, error: 'OAuthSignInFailed', sub: token.sub || 'unknown' };
-    }
-}

package/dist/auth/callbacks/session.d.ts DELETED Viewed

@@ -1,60 +0,0 @@
-/**
- * Session Callback
- *
- * Builds the NextAuth session from Redis session data.
- * The JWT only contains redisSessionId - all user data comes from Redis.
- *
- * FLOW:
- * 1. Extract redisSessionId from JWT token
- * 2. Fetch session data from Redis
- * 3. Build NextAuth session with user info
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-import type { Session } from 'next-auth';
-import type { JWT } from 'next-auth/jwt';
-interface SessionCallbackParams {
-    session: Session;
-    token: JWT & {
-        /** Redis session ID - the key to look up session data */
-        redisSessionId?: string;
-        error?: string;
-    };
-}
-interface AppSessionUser {
-    id: string;
-    email: string;
-    name?: string;
-    roles: string[];
-    twoFactorSessionVerified: boolean;
-    requiresTwoFactor: boolean;
-    authenticationMethods?: string[];
-    authenticationLevel?: string;
-    mfaCompletedAt?: number;
-    mfaExpiresAt?: number;
-    mfaValidityHours?: number;
-    oauthProvider?: string;
-    idpClientId?: string;
-    merchantId?: string;
-    bearerKeyId?: string;
-}
-interface AppSession extends Omit<Session, 'user'> {
-    user: AppSessionUser;
-    sessionToken?: string;
-    accessToken?: string;
-    refreshToken?: string;
-    accessTokenExpires?: number;
-    error?: string;
-}
-/**
- * Session callback - builds NextAuth session from Redis.
- *
- * This callback is called whenever getSession() or useSession() is used.
- * It fetches the full session from Redis and exposes it to the client.
- *
- * @param params - Session callback parameters from NextAuth
- * @returns AppSession with user data from Redis
- */
-export declare function sessionCallback({ session, token, }: SessionCallbackParams): Promise<AppSession>;
-export {};

package/dist/auth/callbacks/session.js DELETED Viewed

@@ -1,170 +0,0 @@
-"use strict";
-/**
- * Session Callback
- *
- * Builds the NextAuth session from Redis session data.
- * The JWT only contains redisSessionId - all user data comes from Redis.
- *
- * FLOW:
- * 1. Extract redisSessionId from JWT token
- * 2. Fetch session data from Redis
- * 3. Build NextAuth session with user info
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.sessionCallback = sessionCallback;
-const session_store_1 = require("../../lib/session-store");
-// ============================================================================
-// SESSION CALLBACK
-// ============================================================================
-/**
- * Session callback - builds NextAuth session from Redis.
- *
- * This callback is called whenever getSession() or useSession() is used.
- * It fetches the full session from Redis and exposes it to the client.
- *
- * @param params - Session callback parameters from NextAuth
- * @returns AppSession with user data from Redis
- */
-async function sessionCallback({ session, token, }) {
-    // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
-    const redisSessionId = token?.sessionToken || token?.redisSessionId;
-    console.log('[SESSION_CALLBACK] Entry:', {
-        hasToken: !!token,
-        redisSessionId: redisSessionId || 'MISSING',
-        tokenError: token?.error || 'none',
-        tokenKeys: token ? Object.keys(token) : [],
-    });
-    // -------------------------------------------------------------------------
-    // Handle Token Errors
-    // -------------------------------------------------------------------------
-    if (token.error) {
-        console.log('[SESSION_CALLBACK] Token has error:', token.error);
-        // Special case: MFA expired - return partial session for step-up flow
-        if (token.error === 'MfaExpired' && redisSessionId) {
-            const sessionData = await safeGetSession(redisSessionId);
-            if (sessionData) {
-                return {
-                    ...session,
-                    user: {
-                        id: sessionData.userId,
-                        email: sessionData.email,
-                        name: sessionData.name,
-                        roles: sessionData.roles || [],
-                        twoFactorSessionVerified: false,
-                        requiresTwoFactor: true,
-                        authenticationMethods: sessionData.authenticationMethods,
-                        authenticationLevel: sessionData.authenticationLevel,
-                        mfaExpiresAt: sessionData.mfaExpiresAt,
-                    },
-                    sessionToken: redisSessionId,
-                    accessToken: sessionData.idpAccessToken,
-                    refreshToken: sessionData.idpRefreshToken,
-                    error: 'MfaExpired',
-                };
-            }
-        }
-        // For other errors, try to recover session data if possible
-        if (redisSessionId) {
-            const sessionData = await safeGetSession(redisSessionId);
-            if (sessionData) {
-                return buildSessionFromRedis(session, redisSessionId, sessionData);
-            }
-        }
-        // No recovery possible - return error session
-        return buildErrorSession(session, token.error);
-    }
-    // -------------------------------------------------------------------------
-    // Validate Session Token
-    // -------------------------------------------------------------------------
-    if (!redisSessionId) {
-        console.log('[SESSION_CALLBACK] No redisSessionId - returning error session');
-        return buildErrorSession(session, 'NoSessionToken');
-    }
-    // -------------------------------------------------------------------------
-    // Fetch Session from Redis
-    // -------------------------------------------------------------------------
-    const sessionData = await safeGetSession(redisSessionId);
-    if (!sessionData) {
-        console.log('[SESSION_CALLBACK] Redis session not found for:', redisSessionId);
-        return buildErrorSession(session, 'SessionNotFound');
-    }
-    console.log('[SESSION_CALLBACK] Redis session found:', {
-        userId: sessionData.userId,
-        email: sessionData.email,
-        roles: sessionData.roles,
-        hasAccessToken: !!sessionData.idpAccessToken,
-    });
-    const result = buildSessionFromRedis(session, redisSessionId, sessionData);
-    console.log('[SESSION_CALLBACK] Returning:', {
-        userId: result.user.id,
-        roles: result.user.roles,
-        hasAccessToken: !!result.accessToken,
-    });
-    return result;
-}
-// ============================================================================
-// HELPER FUNCTIONS
-// ============================================================================
-/**
- * Safely fetch session from Redis, returning null on error.
- */
-async function safeGetSession(sessionId) {
-    try {
-        return await (0, session_store_1.getSession)(sessionId);
-    }
-    catch {
-        return null;
-    }
-}
-/**
- * Build complete session from Redis data.
- * Uses normalized field names from SessionData.
- */
-function buildSessionFromRedis(session, sessionId, data) {
-    return {
-        ...session,
-        user: {
-            id: data.userId,
-            email: data.email,
-            name: data.name,
-            roles: data.roles || [],
-            // MFA state (normalized field name)
-            twoFactorSessionVerified: data.mfaVerified,
-            requiresTwoFactor: !data.mfaVerified,
-            authenticationMethods: data.authenticationMethods,
-            authenticationLevel: data.authenticationLevel,
-            mfaCompletedAt: data.mfaCompletedAt,
-            mfaExpiresAt: data.mfaExpiresAt,
-            mfaValidityHours: data.mfaValidityHours,
-            oauthProvider: data.oauthProvider,
-            idpClientId: data.idpClientId,
-            merchantId: data.merchantId,
-            // Bearer key ID from JWT header (may be undefined for old sessions)
-            bearerKeyId: data.bearerKeyId,
-        },
-        sessionToken: sessionId,
-        // IDP tokens (normalized field names)
-        accessToken: data.idpAccessToken,
-        refreshToken: data.idpRefreshToken,
-        accessTokenExpires: data.idpAccessTokenExpires,
-    };
-}
-/**
- * Build error session with empty user.
- */
-function buildErrorSession(session, error) {
-    return {
-        ...session,
-        user: {
-            id: '',
-            email: '',
-            roles: [],
-            twoFactorSessionVerified: false,
-            requiresTwoFactor: false,
-        },
-        error,
-    };
-}

package/dist/auth/callbacks/signin.d.ts DELETED Viewed

@@ -1,23 +0,0 @@
-/**
- * SignIn Callback
- *
- * Handles post-authentication actions like 2FA redirect.
- * Called after credentials or OAuth authentication succeeds.
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-import type { User, Account } from 'next-auth';
-/**
- * SignIn callback - handle 2FA redirect for OAuth users.
- *
- * When require2FA is true for the client, OAuth users need to be
- * redirected to the verify-code page immediately after OAuth login.
- *
- * @param params - SignIn callback parameters from NextAuth
- * @returns true to allow sign-in, or a URL string to redirect
- */
-export declare function signInCallback({ user, account, }: {
-    user: User | any;
-    account: Account | null;
-}): Promise<boolean | string>;

package/dist/auth/callbacks/signin.js DELETED Viewed

@@ -1,44 +0,0 @@
-"use strict";
-/**
- * SignIn Callback
- *
- * Handles post-authentication actions like 2FA redirect.
- * Called after credentials or OAuth authentication succeeds.
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.signInCallback = signInCallback;
-// ============================================================================
-// SIGNIN CALLBACK
-// ============================================================================
-/**
- * SignIn callback - handle 2FA redirect for OAuth users.
- *
- * When require2FA is true for the client, OAuth users need to be
- * redirected to the verify-code page immediately after OAuth login.
- *
- * @param params - SignIn callback parameters from NextAuth
- * @returns true to allow sign-in, or a URL string to redirect
- */
-async function signInCallback({ user, account, }) {
-    // Only handle OAuth providers (credentials flow handles 2FA separately)
-    if (!account?.provider || account.provider === 'credentials') {
-        return true;
-    }
-    // Check if OAuth user needs 2FA redirect
-    const token = user;
-    if (token?.requiresTwoFactorRedirect) {
-        // Preserve the original callback URL through 2FA flow
-        const originalCallbackUrl = account?.callbackUrl || '/';
-        // Don't redirect back to auth pages after 2FA
-        const safeCallbackUrl = originalCallbackUrl.startsWith('/account-auth/')
-            ? '/'
-            : originalCallbackUrl;
-        const encodedCallback = encodeURIComponent(safeCallbackUrl);
-        // Return redirect URL - NextAuth will redirect here instead of completing sign-in
-        return `/account-auth/verify-code?callbackUrl=${encodedCallback}`;
-    }
-    return true;
-}

package/dist/auth/events/index.d.ts DELETED Viewed

@@ -1,4 +0,0 @@
-/**
- * Auth Events - Public Exports
- */
-export { handleSignOut } from './signout';

package/dist/auth/events/index.js DELETED Viewed

@@ -1,8 +0,0 @@
-"use strict";
-/**
- * Auth Events - Public Exports
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.handleSignOut = void 0;
-var signout_1 = require("./signout");
-Object.defineProperty(exports, "handleSignOut", { enumerable: true, get: function () { return signout_1.handleSignOut; } });

package/dist/auth/events/signout.d.ts DELETED Viewed

@@ -1,17 +0,0 @@
-/**
- * SignOut Event Handler
- *
- * Cleans up Redis session when user signs out.
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-import type { JWT } from 'next-auth/jwt';
-/**
- * Handle user sign out by deleting Redis session.
- *
- * @param token - The JWT token containing the session ID
- */
-export declare function handleSignOut({ token }: {
-    token: JWT | null;
-}): Promise<void>;

package/dist/auth/events/signout.js DELETED Viewed

@@ -1,32 +0,0 @@
-"use strict";
-/**
- * SignOut Event Handler
- *
- * Cleans up Redis session when user signs out.
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.handleSignOut = handleSignOut;
-const session_store_1 = require("../../lib/session-store");
-// ============================================================================
-// SIGNOUT EVENT
-// ============================================================================
-/**
- * Handle user sign out by deleting Redis session.
- *
- * @param token - The JWT token containing the session ID
- */
-async function handleSignOut({ token }) {
-    // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
-    const redisSessionId = token?.sessionToken || token?.redisSessionId;
-    if (redisSessionId) {
-        try {
-            await (0, session_store_1.deleteSession)(redisSessionId);
-        }
-        catch (error) {
-            console.error('[SIGNOUT_EVENT] Failed to delete session:', error);
-        }
-    }
-}