@payez/next-mvp 3.9.1 → 4.0.1

package/dist/auth/providers/credentials.d.ts

@@ -1,32 +0,0 @@
-/**
- * Credentials Provider
- *
- * Handles email/password authentication via PayEz IDP.
- * Creates Redis session and returns minimal user object to NextAuth.
- *
- * FLOW:
- * 1. User submits email/password
- * 2. We call IDP /api/ExternalAuth/login
- * 3. IDP returns tokens if credentials valid
- * 4. We create Redis session with tokens
- * 5. Return user object with redisSessionId to NextAuth
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-/**
- * Create the CredentialsProvider for NextAuth.
- *
- * This provider handles email/password login. The authorize function
- * is called when a user submits the login form.
- */
-export declare function createCredentialsProvider(): import("next-auth/providers/credentials").CredentialsConfig<{
-    email: {
-        label: string;
-        type: string;
-    };
-    password: {
-        label: string;
-        type: string;
-    };
-}>;

package/dist/auth/providers/credentials.js

@@ -1,223 +0,0 @@
-"use strict";
-/**
- * Credentials Provider
- *
- * Handles email/password authentication via PayEz IDP.
- * Creates Redis session and returns minimal user object to NextAuth.
- *
- * FLOW:
- * 1. User submits email/password
- * 2. We call IDP /api/ExternalAuth/login
- * 3. IDP returns tokens if credentials valid
- * 4. We create Redis session with tokens
- * 5. Return user object with redisSessionId to NextAuth
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createCredentialsProvider = createCredentialsProvider;
-const credentials_1 = __importDefault(require("next-auth/providers/credentials"));
-const session_store_1 = require("../../lib/session-store");
-const idp_client_1 = require("../utils/idp-client");
-const token_utils_1 = require("../utils/token-utils");
-const auth_types_1 = require("../types/auth-types");
-// NOTE: Using any for sessionData until Phase 3 normalizes types
-// ============================================================================
-// CREDENTIALS PROVIDER
-// ============================================================================
-/**
- * Create the CredentialsProvider for NextAuth.
- *
- * This provider handles email/password login. The authorize function
- * is called when a user submits the login form.
- */
-function createCredentialsProvider() {
-    return (0, credentials_1.default)({
-        id: 'credentials',
-        name: 'Credentials',
-        credentials: {
-            email: { label: 'Email', type: 'email' },
-            password: { label: 'Password', type: 'password' },
-        },
-        authorize: authorizeCredentials,
-    });
-}
-/**
- * Authorize user with email/password.
- *
- * This is the core authentication function. It:
- * 1. Validates credentials with IDP
- * 2. Decodes the returned tokens
- * 3. Creates a Redis session
- * 4. Returns user info for NextAuth JWT
- *
- * @param credentials - Email and password from login form
- * @param req - The incoming request (for IP/UA forwarding)
- * @returns User object for NextAuth, or null/throws on failure
- */
-async function authorizeCredentials(credentials, req) {
-    // -------------------------------------------------------------------------
-    // Validate Input
-    // -------------------------------------------------------------------------
-    if (!credentials?.email || !credentials?.password) {
-        throw new Error('Email and password required');
-    }
-    const loginCredentials = {
-        email: credentials.email,
-        password: credentials.password,
-    };
-    // Extract client info for audit logging
-    const clientHeaders = extractClientHeaders(req);
-    // -------------------------------------------------------------------------
-    // Call IDP
-    // -------------------------------------------------------------------------
-    const loginResult = await (0, idp_client_1.idpLogin)(loginCredentials, clientHeaders);
-    if (!loginResult.success || !loginResult.result) {
-        // Build structured error for frontend
-        const errorResponse = buildAuthError(loginResult.error);
-        throw new Error(JSON.stringify(errorResponse));
-    }
-    const { access_token, refresh_token, user: idpUser } = loginResult.result;
-    // -------------------------------------------------------------------------
-    // Decode Token
-    // -------------------------------------------------------------------------
-    const decoded = (0, token_utils_1.decodeIdpAccessToken)(access_token);
-    if (!decoded) {
-        throw new Error('Failed to decode token');
-    }
-    // Extract kid from JWT header (CRITICAL: this is different from client_id in payload)
-    const bearerKeyId = (0, token_utils_1.extractKidFromToken)(access_token);
-    if (bearerKeyId) {
-        console.log('[CREDENTIALS] Extracted bearerKeyId (kid) from JWT header:', bearerKeyId);
-    }
-    else {
-        console.warn('[CREDENTIALS] No kid found in JWT header - token may be unsigned or malformed');
-    }
-    // Extract claims from token
-    const email = (0, token_utils_1.extractEmailFromToken)(decoded);
-    const roles = (0, token_utils_1.extractRolesFromToken)(decoded);
-    const amrClaims = (0, token_utils_1.extractAmrFromToken)(decoded);
-    const acrLevel = decoded.acr || '1';
-    const userId = decoded.sub;
-    // Check if 2FA is complete based on ACR level
-    // ACR=1: Provisional token (requires 2FA)
-    // ACR=2: Full authentication (2FA complete)
-    const mfaVerified = acrLevel === '2';
-    // Decode refresh token expiry if available
-    let refreshTokenExpires;
-    try {
-        const refreshDecoded = (0, token_utils_1.decodeIdpAccessToken)(refresh_token);
-        if (refreshDecoded?.exp) {
-            refreshTokenExpires = (0, token_utils_1.expClaimToMs)(refreshDecoded.exp);
-        }
-    }
-    catch {
-        // Ignore - will use default expiry
-    }
-    // -------------------------------------------------------------------------
-    // Create Redis Session
-    // -------------------------------------------------------------------------
-    // Using normalized field names (session-store handles backward compatibility)
-    const sessionData = {
-        userId,
-        email,
-        roles,
-        // IDP tokens (normalized names)
-        idpAccessToken: access_token,
-        idpRefreshToken: refresh_token,
-        idpAccessTokenExpires: (0, token_utils_1.expClaimToMs)(decoded.exp),
-        idpRefreshTokenExpires: refreshTokenExpires,
-        decodedAccessToken: decoded,
-        // Bearer key ID from JWT header (NOT client_id from payload)
-        bearerKeyId,
-        // MFA state (normalized names)
-        mfaVerified,
-        authenticationMethods: amrClaims,
-        authenticationLevel: acrLevel,
-        // MFA timing info from token
-        mfaCompletedAt: decoded.mfa_time ? (0, token_utils_1.expClaimToMs)(decoded.mfa_time) : undefined,
-        mfaExpiresAt: decoded.mfa_expires ? (0, token_utils_1.expClaimToMs)(decoded.mfa_expires) : undefined,
-        mfaValidityHours: decoded.mfa_validity_hours,
-    };
-    // Determine MFA method from IDP user info
-    let mfaMethod;
-    if (idpUser?.isEmailConfirmed) {
-        mfaMethod = 'email';
-    }
-    else if (idpUser?.isSmsConfirmed) {
-        mfaMethod = 'sms';
-    }
-    if (mfaMethod) {
-        sessionData.mfaMethod = mfaMethod;
-    }
-    // Create the Redis session
-    const redisSessionId = await (0, session_store_1.createSession)(sessionData);
-    // -------------------------------------------------------------------------
-    // Return User Object for NextAuth
-    // -------------------------------------------------------------------------
-    // NextAuth requires 'id' field - we use userId from IDP
-    // The redisSessionId is passed through to the JWT callback
-    return {
-        id: userId,
-        email,
-        roles,
-        redisSessionId: (0, auth_types_1.toRedisSessionId)(redisSessionId),
-        mfaRequired: !mfaVerified,
-        mfaMethod,
-    };
-}
-// ============================================================================
-// HELPER FUNCTIONS
-// ============================================================================
-/**
- * Extract client headers from request for audit logging.
- */
-function extractClientHeaders(req) {
-    const headers = {};
-    // Extract client IP
-    const forwardedFor = req?.headers?.['x-forwarded-for'];
-    const realIp = req?.headers?.['x-real-ip'];
-    if (forwardedFor) {
-        const ip = Array.isArray(forwardedFor) ? forwardedFor[0] : forwardedFor.split(',')[0].trim();
-        headers.ip = ip;
-    }
-    else if (realIp) {
-        headers.ip = Array.isArray(realIp) ? realIp[0] : realIp;
-    }
-    // Extract User-Agent
-    const userAgent = req?.headers?.['user-agent'];
-    if (userAgent) {
-        headers.userAgent = Array.isArray(userAgent) ? userAgent[0] : userAgent;
-    }
-    return headers;
-}
-/**
- * Build structured error response for frontend.
- *
- * The frontend expects a specific error structure to display
- * appropriate messages and handle things like lockout.
- */
-function buildAuthError(error) {
-    if (!error) {
-        return {
-            success: false,
-            error: {
-                code: 'AUTH_ERROR',
-                message: 'Authentication failed',
-                details: {},
-            },
-        };
-    }
-    return {
-        success: false,
-        error: {
-            code: error.code || 'AUTH_ERROR',
-            message: error.message || 'Authentication failed',
-            details: error.details || {},
-        },
-    };
-}

package/dist/auth/providers/index.d.ts

@@ -1,5 +0,0 @@
-/**
- * Auth Providers - Public Exports
- */
-export * from './credentials';
-export * from './oauth';

package/dist/auth/providers/index.js

@@ -1,21 +0,0 @@
-"use strict";
-/**
- * Auth Providers - Public Exports
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./credentials"), exports);
-__exportStar(require("./oauth"), exports);

package/dist/auth/providers/oauth.d.ts

@@ -1,26 +0,0 @@
-/**
- * OAuth Provider Builder
- *
- * Dynamically builds NextAuth OAuth providers from IDP configuration.
- * Supports Google, Apple, Facebook, GitHub, and Microsoft/Azure AD.
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-import type { Provider } from 'next-auth/providers/index';
-import type { IDPClientConfig } from '../../lib/idp-client-config';
-/**
- * Build NextAuth OAuth providers from IDP configuration.
- *
- * The IDP returns a list of enabled OAuth providers with their credentials.
- * This function maps them to NextAuth provider instances.
- *
- * @param config - IDP client configuration containing OAuth provider list
- * @returns Array of NextAuth Provider instances
- */
-export declare function buildOAuthProviders(config: IDPClientConfig): Provider[];
-/**
- * Get list of enabled provider names from config.
- * Useful for logging and debugging.
- */
-export declare function getEnabledProviderNames(config: IDPClientConfig): string[];

package/dist/auth/providers/oauth.js

@@ -1,105 +0,0 @@
-"use strict";
-/**
- * OAuth Provider Builder
- *
- * Dynamically builds NextAuth OAuth providers from IDP configuration.
- * Supports Google, Apple, Facebook, GitHub, and Microsoft/Azure AD.
- *
- * @version 1.0.0
- * @since auth-refactor-2026-01
- */
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.buildOAuthProviders = buildOAuthProviders;
-exports.getEnabledProviderNames = getEnabledProviderNames;
-const google_1 = __importDefault(require("next-auth/providers/google"));
-const apple_1 = __importDefault(require("next-auth/providers/apple"));
-const facebook_1 = __importDefault(require("next-auth/providers/facebook"));
-const github_1 = __importDefault(require("next-auth/providers/github"));
-const azure_ad_1 = __importDefault(require("next-auth/providers/azure-ad"));
-// ============================================================================
-// PROVIDER BUILDER
-// ============================================================================
-/**
- * Build NextAuth OAuth providers from IDP configuration.
- *
- * The IDP returns a list of enabled OAuth providers with their credentials.
- * This function maps them to NextAuth provider instances.
- *
- * @param config - IDP client configuration containing OAuth provider list
- * @returns Array of NextAuth Provider instances
- */
-function buildOAuthProviders(config) {
-    const providers = [];
-    for (const oauth of config.oauthProviders || []) {
-        if (!oauth.enabled) {
-            continue;
-        }
-        const provider = createOAuthProvider(oauth);
-        if (provider) {
-            providers.push(provider);
-        }
-    }
-    return providers;
-}
-/**
- * Create a single OAuth provider instance from config.
- */
-function createOAuthProvider(oauth) {
-    const providerName = oauth.provider.toLowerCase();
-    switch (providerName) {
-        case 'google':
-            return (0, google_1.default)({
-                clientId: oauth.clientId,
-                clientSecret: oauth.clientSecret,
-                authorization: {
-                    params: {
-                        scope: oauth.scopes || 'openid email profile',
-                    },
-                },
-            });
-        case 'apple':
-            return (0, apple_1.default)({
-                clientId: oauth.clientId,
-                clientSecret: oauth.clientSecret,
-                authorization: {
-                    params: {
-                        scope: oauth.scopes || 'name email',
-                    },
-                },
-            });
-        case 'facebook':
-            return (0, facebook_1.default)({
-                clientId: oauth.clientId,
-                clientSecret: oauth.clientSecret,
-            });
-        case 'github':
-            return (0, github_1.default)({
-                clientId: oauth.clientId,
-                clientSecret: oauth.clientSecret,
-            });
-        case 'microsoft':
-        case 'azure_ad':
-        case 'azure-ad':
-        case 'azuread':
-            return (0, azure_ad_1.default)({
-                clientId: oauth.clientId,
-                clientSecret: oauth.clientSecret,
-                tenantId: oauth.additionalParams?.tenantId || 'common',
-            });
-        default:
-            console.warn(`[OAUTH_PROVIDERS] Unknown OAuth provider: ${oauth.provider}`);
-            return null;
-    }
-}
-/**
- * Get list of enabled provider names from config.
- * Useful for logging and debugging.
- */
-function getEnabledProviderNames(config) {
-    return (config.oauthProviders || [])
-        .filter((p) => p.enabled)
-        .map((p) => p.provider);
-}

package/dist/auth/route-config.d.ts

@@ -1,66 +0,0 @@
-/**
- * Advanced Route Configuration for `@payez/next-mvp`
- *
- * This module provides a robust, pattern-based mechanism for defining
- * unauthenticated (public) routes, including wildcard support.
- * It is designed to be easily configurable by host applications.
- */
-import { TwoFactorRequirements } from '../middleware/twofa-presets';
-export interface UnauthenticatedRouteConfig {
-    /** The route pattern (supports wildcards with *) */
-    pattern: string;
-    /** Description of what this route is for */
-    description: string;
-    /** Whether this route should be accessible during circuit breaker open state */
-    allowDuringCircuitBreakerOpen?: boolean;
-    /** Whether this route requires rate limiting even when unauthenticated */
-    requiresRateLimit?: boolean;
-}
-/**
- * Protected route configuration with 2FA requirements
- */
-export interface ProtectedRouteConfig {
-    /** The route pattern (supports wildcards with *) */
-    pattern: string;
-    /** Description of what this route is for */
-    description?: string;
-    /** 2FA requirements for this route (default: requires 2FA if site requires it) */
-    twoFactorRequirements: TwoFactorRequirements;
-}
-/**
- * Configures additional public routes for the application.
- * This function should be called once during application initialization.
- * @param appRoutes An array of route patterns or UnauthenticatedRouteConfig objects.
- */
-export declare function configurePublicRoutes(appRoutes?: (string | UnauthenticatedRouteConfig)[]): void;
-/**
- * Configures routes that require authentication but bypass 2FA requirements.
- * Essential for 2FA onboarding flows where user is authenticated but hasn't completed 2FA yet.
- * @param routes An array of route patterns or ProtectedRouteConfig objects.
- */
-export declare function configure2FABypassRoutes(routes?: (string | ProtectedRouteConfig)[]): void;
-/**
- * Checks if a route should bypass 2FA requirements (but still requires auth).
- * @param pathname The URL pathname to check.
- * @returns The ProtectedRouteConfig if found, otherwise undefined.
- */
-export declare function get2FABypassConfig(pathname: string): ProtectedRouteConfig | undefined;
-/**
- * Checks if a route should bypass 2FA requirements.
- * @param pathname The URL pathname to check.
- * @returns true if 2FA should be bypassed for this route.
- */
-export declare function should2FABypass(pathname: string): boolean;
-/**
- * Checks if a given pathname matches any of the configured unauthenticated routes.
- * Supports wildcard matching (e.g., '/api/*').
- * @param pathname The URL pathname to check.
- * @returns `true` if the route is unauthenticated, `false` otherwise.
- */
-export declare function isUnauthenticatedRoute(pathname: string): boolean;
-/**
- * Retrieves the configuration for a specific route.
- * @param pathname The URL pathname to get the configuration for.
- * @returns The `UnauthenticatedRouteConfig` object if found, otherwise `undefined`.
- */
-export declare function getRouteConfig(pathname: string): UnauthenticatedRouteConfig | undefined;

package/dist/auth/route-config.js

@@ -1,190 +0,0 @@
-"use strict";
-/**
- * Advanced Route Configuration for `@payez/next-mvp`
- *
- * This module provides a robust, pattern-based mechanism for defining
- * unauthenticated (public) routes, including wildcard support.
- * It is designed to be easily configurable by host applications.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.configurePublicRoutes = configurePublicRoutes;
-exports.configure2FABypassRoutes = configure2FABypassRoutes;
-exports.get2FABypassConfig = get2FABypassConfig;
-exports.should2FABypass = should2FABypass;
-exports.isUnauthenticatedRoute = isUnauthenticatedRoute;
-exports.getRouteConfig = getRouteConfig;
-const twofa_presets_1 = require("../middleware/twofa-presets");
-// Default public routes provided by the MVP package
-const defaultUnauthenticatedRoutes = [
-    {
-        pattern: '/',
-        description: 'Homepage',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: false
-    },
-    {
-        pattern: '/login',
-        description: 'Login page',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: false
-    },
-    {
-        pattern: '/register',
-        description: 'Registration page',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: false
-    },
-    {
-        pattern: '/forgot-password',
-        description: 'Forgot password page',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: false
-    },
-    {
-        pattern: '/account-auth/*',
-        description: 'All authentication pages (login, register, forgot password, etc.)',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: false
-    },
-    {
-        pattern: '/api/auth/*',
-        description: 'NextAuth.js authentication API endpoints',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: true
-    },
-    {
-        pattern: '/api/session/viability',
-        description: 'Session viability check endpoint',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: false
-    },
-    {
-        pattern: '/api/health/*',
-        description: 'Health check endpoints',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: true
-    },
-    {
-        pattern: '/service-unavailable',
-        description: 'Service unavailable error page',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: false
-    },
-    {
-        pattern: '/_next/*',
-        description: 'Next.js static assets',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: false
-    },
-    {
-        pattern: '/favicon.ico',
-        description: 'Favicon',
-        allowDuringCircuitBreakerOpen: true,
-        requiresRateLimit: false
-    },
-];
-let configuredRoutes = [...defaultUnauthenticatedRoutes];
-// Default routes that require auth but NOT 2FA (for 2FA onboarding flow)
-// NOTE: Only the bare minimum routes needed for 2FA completion - no welcome screens
-const default2FABypassRoutes = [
-    {
-        pattern: '/api/auth/*',
-        description: 'NextAuth.js API routes - must be accessible during 2FA flow for session management',
-        twoFactorRequirements: twofa_presets_1.TwoFactorPresets.NONE
-    },
-    {
-        pattern: '/api/account/*',
-        description: '2FA verification APIs (send-code, verify-email, verify-sms, update-phone, masked-info)',
-        twoFactorRequirements: twofa_presets_1.TwoFactorPresets.NONE
-    },
-    {
-        pattern: '/api/session/*',
-        description: 'Session management APIs (viability, refresh-viability)',
-        twoFactorRequirements: twofa_presets_1.TwoFactorPresets.NONE
-    },
-    {
-        pattern: '/account-auth/verify-code',
-        description: '2FA verification page',
-        twoFactorRequirements: twofa_presets_1.TwoFactorPresets.NONE
-    },
-    {
-        pattern: '/test-env/*',
-        description: 'Test/debug pages (emergency-logout, jwt-inspect, refresh-token) - must bypass 2FA',
-        twoFactorRequirements: twofa_presets_1.TwoFactorPresets.NONE
-    },
-    // NOTE: /onboarding/two-factor intentionally NOT included - go straight to 2FA, no welcome page
-];
-let configured2FABypassRoutes = [...default2FABypassRoutes];
-/**
- * Configures additional public routes for the application.
- * This function should be called once during application initialization.
- * @param appRoutes An array of route patterns or UnauthenticatedRouteConfig objects.
- */
-function configurePublicRoutes(appRoutes = []) {
-    const newRoutes = appRoutes.map(route => typeof route === 'string'
-        ? { pattern: route, description: `Application-defined public route: ${route}` }
-        : route);
-    configuredRoutes = [...defaultUnauthenticatedRoutes, ...newRoutes];
-}
-/**
- * Configures routes that require authentication but bypass 2FA requirements.
- * Essential for 2FA onboarding flows where user is authenticated but hasn't completed 2FA yet.
- * @param routes An array of route patterns or ProtectedRouteConfig objects.
- */
-function configure2FABypassRoutes(routes = []) {
-    const newRoutes = routes.map(route => typeof route === 'string'
-        ? { pattern: route, description: `2FA bypass route: ${route}`, twoFactorRequirements: twofa_presets_1.TwoFactorPresets.NONE }
-        : route);
-    configured2FABypassRoutes = [...default2FABypassRoutes, ...newRoutes];
-}
-/**
- * Checks if a route should bypass 2FA requirements (but still requires auth).
- * @param pathname The URL pathname to check.
- * @returns The ProtectedRouteConfig if found, otherwise undefined.
- */
-function get2FABypassConfig(pathname) {
-    return configured2FABypassRoutes.find(route => {
-        if (route.pattern.endsWith('*')) {
-            const basePattern = route.pattern.slice(0, -1);
-            return pathname.startsWith(basePattern);
-        }
-        return pathname === route.pattern;
-    });
-}
-/**
- * Checks if a route should bypass 2FA requirements.
- * @param pathname The URL pathname to check.
- * @returns true if 2FA should be bypassed for this route.
- */
-function should2FABypass(pathname) {
-    return get2FABypassConfig(pathname) !== undefined;
-}
-/**
- * Checks if a given pathname matches any of the configured unauthenticated routes.
- * Supports wildcard matching (e.g., '/api/*').
- * @param pathname The URL pathname to check.
- * @returns `true` if the route is unauthenticated, `false` otherwise.
- */
-function isUnauthenticatedRoute(pathname) {
-    return configuredRoutes.some(route => {
-        if (route.pattern.endsWith('*')) {
-            const basePattern = route.pattern.slice(0, -1);
-            return pathname.startsWith(basePattern);
-        }
-        return pathname === route.pattern;
-    });
-}
-/**
- * Retrieves the configuration for a specific route.
- * @param pathname The URL pathname to get the configuration for.
- * @returns The `UnauthenticatedRouteConfig` object if found, otherwise `undefined`.
- */
-function getRouteConfig(pathname) {
-    return configuredRoutes.find(route => {
-        if (route.pattern.endsWith('*')) {
-            const basePattern = route.pattern.slice(0, -1);
-            return pathname.startsWith(basePattern);
-        }
-        return pathname === route.pattern;
-    });
-}