npm - @payez/next-mvp - Versions diffs - 3.9.1 → 4.0.1 - Mend

@payez/next-mvp 3.9.1 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (526) hide show

package/package.json +6 -18
package/src/api/auth-handler.ts +550 -549
package/src/api-handlers/account/change-password.ts +5 -8
package/src/api-handlers/admin/analytics.ts +4 -6
package/src/api-handlers/admin/audit.ts +5 -7
package/src/api-handlers/admin/index.ts +1 -2
package/src/api-handlers/admin/redis-sessions.ts +6 -8
package/src/api-handlers/admin/sessions.ts +5 -7
package/src/api-handlers/admin/site-logs.ts +8 -10
package/src/api-handlers/admin/stats.ts +4 -6
package/src/api-handlers/admin/users.ts +5 -7
package/src/api-handlers/admin/vibe-data.ts +10 -12
package/src/api-handlers/auth/refresh.ts +5 -7
package/src/api-handlers/auth/signout.ts +5 -6
package/src/api-handlers/auth/status.ts +4 -7
package/src/api-handlers/auth/update-session.ts +123 -125
package/src/api-handlers/auth/verify-code.ts +9 -13
package/src/api-handlers/session/viability.ts +10 -47
package/src/api-handlers/test/force-expire.ts +4 -11
package/src/auth/auth-decision.ts +1 -1
package/src/auth/better-auth.ts +138 -141
package/src/auth/route-config.ts +219 -219
package/src/auth/utils/token-utils.ts +0 -1
package/src/client/AuthContext.tsx +6 -2
package/src/client/fetch-with-auth.ts +47 -47
package/src/components/SessionSync.tsx +6 -5
package/src/components/account/MobileNavDrawer.tsx +3 -3
package/src/components/account/UserAvatarMenu.tsx +6 -3
package/src/components/admin/VibeAdminLayout.tsx +4 -2
package/src/config/logger.ts +1 -1
package/src/hooks/useAuth.ts +117 -115
package/src/hooks/useAuthSettings.ts +2 -2
package/src/hooks/useAvailableProviders.ts +9 -5
package/src/hooks/useSessionExpiration.ts +101 -102
package/src/hooks/useViabilitySession.ts +336 -335
package/src/index.ts +60 -63
package/src/lib/api-handler.ts +0 -1
package/src/lib/app-slug.ts +6 -6
package/src/lib/standardized-client-api.ts +901 -895
package/src/lib/startup-init.ts +243 -247
package/src/lib/test-aware-get-token.ts +22 -12
package/src/lib/token-lifecycle.ts +12 -53
package/src/pages/admin-login/page.tsx +9 -17
package/src/pages/client-admin/ClientSiteAdminPage.tsx +4 -2
package/src/pages/login/page.tsx +21 -28
package/src/pages/showcase/ShowcasePage.tsx +4 -2
package/src/pages/test-env/EmergencyLogoutPage.tsx +7 -6
package/src/pages/test-env/JwtInspectPage.tsx +5 -3
package/src/pages/test-env/RefreshTokenPage.tsx +157 -155
package/src/pages/test-env/TestEnvPage.tsx +4 -2
package/src/pages/verify-code/page.tsx +10 -6
package/src/routes/auth/logout.ts +7 -25
package/src/routes/auth/nextauth.ts +45 -71
package/src/routes/auth/session.ts +25 -50
package/src/routes/auth/viability.ts +7 -19
package/src/server/auth.ts +60 -0
package/src/stores/authStore.ts +1899 -1904
package/src/utils/logout.ts +30 -30
package/dist/api/auth-handler.d.ts +0 -67
package/dist/api/auth-handler.js +0 -397
package/dist/api/index.d.ts +0 -10
package/dist/api/index.js +0 -19
package/dist/api-handlers/account/change-password.d.ts +0 -9
package/dist/api-handlers/account/change-password.js +0 -112
package/dist/api-handlers/account/masked-info.d.ts +0 -2
package/dist/api-handlers/account/masked-info.js +0 -41
package/dist/api-handlers/account/profile.d.ts +0 -3
package/dist/api-handlers/account/profile.js +0 -63
package/dist/api-handlers/account/recovery/initiate.d.ts +0 -2
package/dist/api-handlers/account/recovery/initiate.js +0 -26
package/dist/api-handlers/account/recovery/send-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/send-code.js +0 -28
package/dist/api-handlers/account/recovery/verify-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/verify-code.js +0 -28
package/dist/api-handlers/account/reset-password.d.ts +0 -2
package/dist/api-handlers/account/reset-password.js +0 -26
package/dist/api-handlers/account/send-code.d.ts +0 -24
package/dist/api-handlers/account/send-code.js +0 -60
package/dist/api-handlers/account/update-phone.d.ts +0 -27
package/dist/api-handlers/account/update-phone.js +0 -64
package/dist/api-handlers/account/validate-password.d.ts +0 -17
package/dist/api-handlers/account/validate-password.js +0 -81
package/dist/api-handlers/account/verify-email.d.ts +0 -26
package/dist/api-handlers/account/verify-email.js +0 -106
package/dist/api-handlers/account/verify-sms.d.ts +0 -26
package/dist/api-handlers/account/verify-sms.js +0 -106
package/dist/api-handlers/admin/analytics.d.ts +0 -20
package/dist/api-handlers/admin/analytics.js +0 -379
package/dist/api-handlers/admin/audit.d.ts +0 -20
package/dist/api-handlers/admin/audit.js +0 -214
package/dist/api-handlers/admin/index.d.ts +0 -22
package/dist/api-handlers/admin/index.js +0 -43
package/dist/api-handlers/admin/redis-sessions.d.ts +0 -36
package/dist/api-handlers/admin/redis-sessions.js +0 -204
package/dist/api-handlers/admin/sessions.d.ts +0 -21
package/dist/api-handlers/admin/sessions.js +0 -284
package/dist/api-handlers/admin/site-logs.d.ts +0 -46
package/dist/api-handlers/admin/site-logs.js +0 -318
package/dist/api-handlers/admin/stats.d.ts +0 -21
package/dist/api-handlers/admin/stats.js +0 -240
package/dist/api-handlers/admin/users.d.ts +0 -20
package/dist/api-handlers/admin/users.js +0 -222
package/dist/api-handlers/admin/vibe-data.d.ts +0 -80
package/dist/api-handlers/admin/vibe-data.js +0 -268
package/dist/api-handlers/anon/preferences.d.ts +0 -37
package/dist/api-handlers/anon/preferences.js +0 -96
package/dist/api-handlers/auth/jwks.d.ts +0 -2
package/dist/api-handlers/auth/jwks.js +0 -24
package/dist/api-handlers/auth/login.d.ts +0 -42
package/dist/api-handlers/auth/login.js +0 -178
package/dist/api-handlers/auth/refresh.d.ts +0 -74
package/dist/api-handlers/auth/refresh.js +0 -635
package/dist/api-handlers/auth/signout.d.ts +0 -37
package/dist/api-handlers/auth/signout.js +0 -187
package/dist/api-handlers/auth/status.d.ts +0 -8
package/dist/api-handlers/auth/status.js +0 -26
package/dist/api-handlers/auth/update-session.d.ts +0 -37
package/dist/api-handlers/auth/update-session.js +0 -95
package/dist/api-handlers/auth/validate.d.ts +0 -6
package/dist/api-handlers/auth/validate.js +0 -43
package/dist/api-handlers/auth/verify-code.d.ts +0 -43
package/dist/api-handlers/auth/verify-code.js +0 -94
package/dist/api-handlers/session/refresh-viability.d.ts +0 -14
package/dist/api-handlers/session/refresh-viability.js +0 -39
package/dist/api-handlers/session/viability.d.ts +0 -13
package/dist/api-handlers/session/viability.js +0 -146
package/dist/api-handlers/test/force-expire.d.ts +0 -23
package/dist/api-handlers/test/force-expire.js +0 -65
package/dist/auth/auth-decision.d.ts +0 -39
package/dist/auth/auth-decision.js +0 -182
package/dist/auth/auth-options.d.ts +0 -57
package/dist/auth/auth-options.js +0 -213
package/dist/auth/better-auth.d.ts +0 -82
package/dist/auth/better-auth.js +0 -122
package/dist/auth/callbacks/index.d.ts +0 -6
package/dist/auth/callbacks/index.js +0 -12
package/dist/auth/callbacks/jwt.d.ts +0 -45
package/dist/auth/callbacks/jwt.js +0 -305
package/dist/auth/callbacks/session.d.ts +0 -60
package/dist/auth/callbacks/session.js +0 -170
package/dist/auth/callbacks/signin.d.ts +0 -23
package/dist/auth/callbacks/signin.js +0 -44
package/dist/auth/events/index.d.ts +0 -4
package/dist/auth/events/index.js +0 -8
package/dist/auth/events/signout.d.ts +0 -17
package/dist/auth/events/signout.js +0 -32
package/dist/auth/providers/credentials.d.ts +0 -32
package/dist/auth/providers/credentials.js +0 -223
package/dist/auth/providers/index.d.ts +0 -5
package/dist/auth/providers/index.js +0 -21
package/dist/auth/providers/oauth.d.ts +0 -26
package/dist/auth/providers/oauth.js +0 -105
package/dist/auth/route-config.d.ts +0 -66
package/dist/auth/route-config.js +0 -190
package/dist/auth/types/auth-types.d.ts +0 -417
package/dist/auth/types/auth-types.js +0 -53
package/dist/auth/types/index.d.ts +0 -6
package/dist/auth/types/index.js +0 -22
package/dist/auth/unauthenticated-routes.d.ts +0 -1
package/dist/auth/unauthenticated-routes.js +0 -19
package/dist/auth/utils/idp-client.d.ts +0 -94
package/dist/auth/utils/idp-client.js +0 -384
package/dist/auth/utils/index.d.ts +0 -5
package/dist/auth/utils/index.js +0 -21
package/dist/auth/utils/token-utils.d.ts +0 -84
package/dist/auth/utils/token-utils.js +0 -219
package/dist/client/AuthContext.d.ts +0 -19
package/dist/client/AuthContext.js +0 -112
package/dist/client/better-auth-client.d.ts +0 -1020
package/dist/client/better-auth-client.js +0 -68
package/dist/client/fetch-with-auth.d.ts +0 -11
package/dist/client/fetch-with-auth.js +0 -44
package/dist/client/fetchWithSession.d.ts +0 -3
package/dist/client/fetchWithSession.js +0 -24
package/dist/client/index.d.ts +0 -9
package/dist/client/index.js +0 -20
package/dist/client/useAnonSession.d.ts +0 -36
package/dist/client/useAnonSession.js +0 -99
package/dist/components/SessionSync.d.ts +0 -13
package/dist/components/SessionSync.js +0 -119
package/dist/components/SignalRHealthCheck.d.ts +0 -10
package/dist/components/SignalRHealthCheck.js +0 -97
package/dist/components/account/MobileNavDrawer.d.ts +0 -32
package/dist/components/account/MobileNavDrawer.js +0 -81
package/dist/components/account/UserAvatarMenu.d.ts +0 -20
package/dist/components/account/UserAvatarMenu.js +0 -88
package/dist/components/account/index.d.ts +0 -9
package/dist/components/account/index.js +0 -13
package/dist/components/admin/AlertSettingsTab.d.ts +0 -48
package/dist/components/admin/AlertSettingsTab.js +0 -351
package/dist/components/admin/AnalyticsTab.d.ts +0 -22
package/dist/components/admin/AnalyticsTab.js +0 -167
package/dist/components/admin/DataBrowserTab.d.ts +0 -19
package/dist/components/admin/DataBrowserTab.js +0 -252
package/dist/components/admin/LoggingSettingsTab.d.ts +0 -73
package/dist/components/admin/LoggingSettingsTab.js +0 -339
package/dist/components/admin/SessionsTab.d.ts +0 -37
package/dist/components/admin/SessionsTab.js +0 -165
package/dist/components/admin/StatsTab.d.ts +0 -53
package/dist/components/admin/StatsTab.js +0 -161
package/dist/components/admin/VibeAdminContext.d.ts +0 -32
package/dist/components/admin/VibeAdminContext.js +0 -38
package/dist/components/admin/VibeAdminLayout.d.ts +0 -11
package/dist/components/admin/VibeAdminLayout.js +0 -69
package/dist/components/admin/index.d.ts +0 -29
package/dist/components/admin/index.js +0 -44
package/dist/components/auth/FederatedAuthSection.d.ts +0 -8
package/dist/components/auth/FederatedAuthSection.js +0 -45
package/dist/components/auth/ModeAwareLoginPage.d.ts +0 -10
package/dist/components/auth/ModeAwareLoginPage.js +0 -42
package/dist/components/auth/ModeAwareSignupPage.d.ts +0 -9
package/dist/components/auth/ModeAwareSignupPage.js +0 -78
package/dist/components/auth/TraditionalAuthSection.d.ts +0 -14
package/dist/components/auth/TraditionalAuthSection.js +0 -20
package/dist/components/recovery/CompleteStep.d.ts +0 -5
package/dist/components/recovery/CompleteStep.js +0 -8
package/dist/components/recovery/InitiateRecoveryStep.d.ts +0 -8
package/dist/components/recovery/InitiateRecoveryStep.js +0 -20
package/dist/components/recovery/SelectMethodStep.d.ts +0 -8
package/dist/components/recovery/SelectMethodStep.js +0 -8
package/dist/components/recovery/SetPasswordStep.d.ts +0 -6
package/dist/components/recovery/SetPasswordStep.js +0 -20
package/dist/components/recovery/VerifyCodeStep.d.ts +0 -10
package/dist/components/recovery/VerifyCodeStep.js +0 -24
package/dist/components/reserved/ReservedRecoveryWarning.d.ts +0 -38
package/dist/components/reserved/ReservedRecoveryWarning.js +0 -92
package/dist/components/reserved/ReservedStatusBox.d.ts +0 -30
package/dist/components/reserved/ReservedStatusBox.js +0 -71
package/dist/components/ui/BetaBadge.d.ts +0 -29
package/dist/components/ui/BetaBadge.js +0 -38
package/dist/components/ui/Footer.d.ts +0 -37
package/dist/components/ui/Footer.js +0 -41
package/dist/config/env.d.ts +0 -66
package/dist/config/env.js +0 -57
package/dist/config/logger.d.ts +0 -57
package/dist/config/logger.js +0 -73
package/dist/config/logging-config.d.ts +0 -30
package/dist/config/logging-config.js +0 -122
package/dist/config/unauthenticated-routes.d.ts +0 -17
package/dist/config/unauthenticated-routes.js +0 -24
package/dist/config/vibe-log-transport.d.ts +0 -81
package/dist/config/vibe-log-transport.js +0 -212
package/dist/edge/internal-api-url.d.ts +0 -53
package/dist/edge/internal-api-url.js +0 -63
package/dist/edge/middleware.d.ts +0 -14
package/dist/edge/middleware.js +0 -32
package/dist/hooks/useAuth.d.ts +0 -23
package/dist/hooks/useAuth.js +0 -81
package/dist/hooks/useAuthSettings.d.ts +0 -59
package/dist/hooks/useAuthSettings.js +0 -93
package/dist/hooks/useAvailableProviders.d.ts +0 -45
package/dist/hooks/useAvailableProviders.js +0 -108
package/dist/hooks/usePasswordValidation.d.ts +0 -27
package/dist/hooks/usePasswordValidation.js +0 -102
package/dist/hooks/useProfile.d.ts +0 -15
package/dist/hooks/useProfile.js +0 -59
package/dist/hooks/usePublicAuthSettings.d.ts +0 -56
package/dist/hooks/usePublicAuthSettings.js +0 -131
package/dist/hooks/useSessionExpiration.d.ts +0 -57
package/dist/hooks/useSessionExpiration.js +0 -72
package/dist/hooks/useViabilitySession.d.ts +0 -75
package/dist/hooks/useViabilitySession.js +0 -268
package/dist/index.d.ts +0 -12
package/dist/index.js +0 -55
package/dist/lib/anon-session.d.ts +0 -74
package/dist/lib/anon-session.js +0 -169
package/dist/lib/api-handler.d.ts +0 -123
package/dist/lib/api-handler.js +0 -478
package/dist/lib/app-slug.d.ts +0 -95
package/dist/lib/app-slug.js +0 -172
package/dist/lib/demo-mode.d.ts +0 -6
package/dist/lib/demo-mode.js +0 -16
package/dist/lib/geolocation.d.ts +0 -64
package/dist/lib/geolocation.js +0 -235
package/dist/lib/idp-client-config.d.ts +0 -75
package/dist/lib/idp-client-config.js +0 -425
package/dist/lib/idp-fetch.d.ts +0 -14
package/dist/lib/idp-fetch.js +0 -91
package/dist/lib/internal-api.d.ts +0 -87
package/dist/lib/internal-api.js +0 -122
package/dist/lib/jwt-decode-client.d.ts +0 -10
package/dist/lib/jwt-decode-client.js +0 -46
package/dist/lib/jwt-decode.d.ts +0 -48
package/dist/lib/jwt-decode.js +0 -57
package/dist/lib/nextauth-secret.d.ts +0 -10
package/dist/lib/nextauth-secret.js +0 -100
package/dist/lib/rate-limit-service.d.ts +0 -23
package/dist/lib/rate-limit-service.js +0 -6
package/dist/lib/redis.d.ts +0 -5
package/dist/lib/redis.js +0 -28
package/dist/lib/refresh-token-validator.d.ts +0 -13
package/dist/lib/refresh-token-validator.js +0 -117
package/dist/lib/roles.d.ts +0 -145
package/dist/lib/roles.js +0 -168
package/dist/lib/secret-validation.d.ts +0 -4
package/dist/lib/secret-validation.js +0 -14
package/dist/lib/session-store.d.ts +0 -170
package/dist/lib/session-store.js +0 -545
package/dist/lib/session.d.ts +0 -21
package/dist/lib/session.js +0 -26
package/dist/lib/site-logger.d.ts +0 -214
package/dist/lib/site-logger.js +0 -210
package/dist/lib/standardized-client-api.d.ts +0 -161
package/dist/lib/standardized-client-api.js +0 -786
package/dist/lib/startup-init.d.ts +0 -40
package/dist/lib/startup-init.js +0 -261
package/dist/lib/test-aware-get-token.d.ts +0 -2
package/dist/lib/test-aware-get-token.js +0 -81
package/dist/lib/token-expiry.d.ts +0 -14
package/dist/lib/token-expiry.js +0 -39
package/dist/lib/token-lifecycle.d.ts +0 -52
package/dist/lib/token-lifecycle.js +0 -398
package/dist/lib/types/api-responses.d.ts +0 -128
package/dist/lib/types/api-responses.js +0 -171
package/dist/lib/user-agent-parser.d.ts +0 -50
package/dist/lib/user-agent-parser.js +0 -220
package/dist/logging/api/admin-analytics.d.ts +0 -3
package/dist/logging/api/admin-analytics.js +0 -45
package/dist/logging/api/audit-log.d.ts +0 -3
package/dist/logging/api/audit-log.js +0 -52
package/dist/logging/components/AdminAnalyticsLayout.d.ts +0 -10
package/dist/logging/components/AdminAnalyticsLayout.js +0 -11
package/dist/logging/components/AuditLogViewer.d.ts +0 -7
package/dist/logging/components/AuditLogViewer.js +0 -51
package/dist/logging/components/ErrorMetricsCard.d.ts +0 -7
package/dist/logging/components/ErrorMetricsCard.js +0 -16
package/dist/logging/components/HealthMetricsCard.d.ts +0 -7
package/dist/logging/components/HealthMetricsCard.js +0 -19
package/dist/logging/hooks/useAdminAnalytics.d.ts +0 -24
package/dist/logging/hooks/useAdminAnalytics.js +0 -22
package/dist/logging/hooks/useAuditLog.d.ts +0 -6
package/dist/logging/hooks/useAuditLog.js +0 -25
package/dist/logging/hooks/useErrorMetrics.d.ts +0 -6
package/dist/logging/hooks/useErrorMetrics.js +0 -38
package/dist/logging/hooks/useHealthMetrics.d.ts +0 -6
package/dist/logging/hooks/useHealthMetrics.js +0 -41
package/dist/logging/index.d.ts +0 -11
package/dist/logging/index.js +0 -40
package/dist/logging/types/analytics.d.ts +0 -68
package/dist/logging/types/analytics.js +0 -3
package/dist/logging/types/audit.d.ts +0 -29
package/dist/logging/types/audit.js +0 -2
package/dist/logging/types/index.d.ts +0 -2
package/dist/logging/types/index.js +0 -19
package/dist/middleware/auth-decision.d.ts +0 -33
package/dist/middleware/auth-decision.js +0 -65
package/dist/middleware/create-middleware.d.ts +0 -102
package/dist/middleware/create-middleware.js +0 -469
package/dist/middleware/rbac-check.d.ts +0 -51
package/dist/middleware/rbac-check.js +0 -219
package/dist/middleware/twofa-presets.d.ts +0 -134
package/dist/middleware/twofa-presets.js +0 -175
package/dist/models/DecodedAccessToken.d.ts +0 -17
package/dist/models/DecodedAccessToken.js +0 -2
package/dist/models/SessionModel.d.ts +0 -122
package/dist/models/SessionModel.js +0 -136
package/dist/pages/admin-login/page.d.ts +0 -31
package/dist/pages/admin-login/page.js +0 -83
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.d.ts +0 -18
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.js +0 -276
package/dist/pages/admin-page-permissions/index.d.ts +0 -6
package/dist/pages/admin-page-permissions/index.js +0 -13
package/dist/pages/admin-roles/RolesAdminPage.d.ts +0 -16
package/dist/pages/admin-roles/RolesAdminPage.js +0 -261
package/dist/pages/admin-roles/index.d.ts +0 -8
package/dist/pages/admin-roles/index.js +0 -15
package/dist/pages/admin-roles/modals.d.ts +0 -72
package/dist/pages/admin-roles/modals.js +0 -154
package/dist/pages/client-admin/ClientSiteAdminPage.d.ts +0 -79
package/dist/pages/client-admin/ClientSiteAdminPage.js +0 -177
package/dist/pages/client-admin/index.d.ts +0 -32
package/dist/pages/client-admin/index.js +0 -37
package/dist/pages/coming-soon/page.d.ts +0 -8
package/dist/pages/coming-soon/page.js +0 -28
package/dist/pages/login/page.d.ts +0 -22
package/dist/pages/login/page.js +0 -239
package/dist/pages/profile/EnhancedProfilePage.d.ts +0 -13
package/dist/pages/profile/EnhancedProfilePage.js +0 -150
package/dist/pages/profile/index.d.ts +0 -8
package/dist/pages/profile/index.js +0 -16
package/dist/pages/profile/page.d.ts +0 -19
package/dist/pages/profile/page.js +0 -47
package/dist/pages/profile/profile-patch.d.ts +0 -1
package/dist/pages/profile/profile-patch.js +0 -281
package/dist/pages/recovery/page.d.ts +0 -1
package/dist/pages/recovery/page.js +0 -142
package/dist/pages/roles/MyRolesPage.d.ts +0 -24
package/dist/pages/roles/MyRolesPage.js +0 -71
package/dist/pages/roles/components.d.ts +0 -63
package/dist/pages/roles/components.js +0 -108
package/dist/pages/roles/index.d.ts +0 -8
package/dist/pages/roles/index.js +0 -19
package/dist/pages/security/EnhancedSecurityPage.d.ts +0 -14
package/dist/pages/security/EnhancedSecurityPage.js +0 -248
package/dist/pages/security/index.d.ts +0 -8
package/dist/pages/security/index.js +0 -16
package/dist/pages/security/page.d.ts +0 -21
package/dist/pages/security/page.js +0 -212
package/dist/pages/security/security-patch.d.ts +0 -1
package/dist/pages/security/security-patch.js +0 -302
package/dist/pages/settings/EnhancedSettingsPage.d.ts +0 -46
package/dist/pages/settings/EnhancedSettingsPage.js +0 -231
package/dist/pages/settings/index.d.ts +0 -8
package/dist/pages/settings/index.js +0 -16
package/dist/pages/settings/page.d.ts +0 -7
package/dist/pages/settings/page.js +0 -26
package/dist/pages/showcase/ShowcasePage.d.ts +0 -13
package/dist/pages/showcase/ShowcasePage.js +0 -140
package/dist/pages/showcase/index.d.ts +0 -12
package/dist/pages/showcase/index.js +0 -17
package/dist/pages/test-env/EmergencyLogoutPage.d.ts +0 -14
package/dist/pages/test-env/EmergencyLogoutPage.js +0 -98
package/dist/pages/test-env/JwtInspectPage.d.ts +0 -14
package/dist/pages/test-env/JwtInspectPage.js +0 -114
package/dist/pages/test-env/RefreshTokenPage.d.ts +0 -15
package/dist/pages/test-env/RefreshTokenPage.js +0 -91
package/dist/pages/test-env/TestEnvPage.d.ts +0 -13
package/dist/pages/test-env/TestEnvPage.js +0 -49
package/dist/pages/test-env/index.d.ts +0 -24
package/dist/pages/test-env/index.js +0 -32
package/dist/pages/verify-code/page.d.ts +0 -30
package/dist/pages/verify-code/page.js +0 -408
package/dist/routes/account/index.d.ts +0 -28
package/dist/routes/account/index.js +0 -71
package/dist/routes/account/masked-info.d.ts +0 -33
package/dist/routes/account/masked-info.js +0 -39
package/dist/routes/account/send-code.d.ts +0 -37
package/dist/routes/account/send-code.js +0 -42
package/dist/routes/account/update-phone.d.ts +0 -13
package/dist/routes/account/update-phone.js +0 -17
package/dist/routes/account/verify-email.d.ts +0 -38
package/dist/routes/account/verify-email.js +0 -43
package/dist/routes/account/verify-sms.d.ts +0 -38
package/dist/routes/account/verify-sms.js +0 -43
package/dist/routes/auth/index.d.ts +0 -19
package/dist/routes/auth/index.js +0 -64
package/dist/routes/auth/logout.d.ts +0 -31
package/dist/routes/auth/logout.js +0 -113
package/dist/routes/auth/nextauth.d.ts +0 -19
package/dist/routes/auth/nextauth.js +0 -72
package/dist/routes/auth/refresh.d.ts +0 -30
package/dist/routes/auth/refresh.js +0 -51
package/dist/routes/auth/session.d.ts +0 -43
package/dist/routes/auth/session.js +0 -179
package/dist/routes/auth/settings.d.ts +0 -25
package/dist/routes/auth/settings.js +0 -55
package/dist/routes/auth/viability.d.ts +0 -52
package/dist/routes/auth/viability.js +0 -201
package/dist/routes/index.d.ts +0 -12
package/dist/routes/index.js +0 -54
package/dist/routes/session/index.d.ts +0 -6
package/dist/routes/session/index.js +0 -10
package/dist/routes/session/refresh-viability.d.ts +0 -16
package/dist/routes/session/refresh-viability.js +0 -20
package/dist/server/auth-guard.d.ts +0 -46
package/dist/server/auth-guard.js +0 -128
package/dist/server/decode-session.d.ts +0 -30
package/dist/server/decode-session.js +0 -78
package/dist/server/slim-middleware.d.ts +0 -23
package/dist/server/slim-middleware.js +0 -89
package/dist/server/with-auth.d.ts +0 -33
package/dist/server/with-auth.js +0 -59
package/dist/services/signalrActivityService.d.ts +0 -44
package/dist/services/signalrActivityService.js +0 -257
package/dist/stores/authStore.d.ts +0 -154
package/dist/stores/authStore.js +0 -1531
package/dist/theme/ThemeProvider.d.ts +0 -14
package/dist/theme/ThemeProvider.js +0 -28
package/dist/theme/default.d.ts +0 -8
package/dist/theme/default.js +0 -33
package/dist/theme/index.d.ts +0 -15
package/dist/theme/index.js +0 -25
package/dist/theme/types.d.ts +0 -56
package/dist/theme/types.js +0 -8
package/dist/theme/useTheme.d.ts +0 -60
package/dist/theme/useTheme.js +0 -63
package/dist/theme/utils.d.ts +0 -13
package/dist/theme/utils.js +0 -39
package/dist/types/api.d.ts +0 -134
package/dist/types/api.js +0 -44
package/dist/types/auth.d.ts +0 -19
package/dist/types/auth.js +0 -2
package/dist/types/logging.d.ts +0 -42
package/dist/types/logging.js +0 -2
package/dist/types/recovery.d.ts +0 -48
package/dist/types/recovery.js +0 -2
package/dist/types/security.d.ts +0 -1
package/dist/types/security.js +0 -2
package/dist/utils/api.d.ts +0 -85
package/dist/utils/api.js +0 -287
package/dist/utils/circuitBreaker.d.ts +0 -43
package/dist/utils/circuitBreaker.js +0 -91
package/dist/utils/error-message.d.ts +0 -1
package/dist/utils/error-message.js +0 -103
package/dist/utils/layout/reservedSpace.d.ts +0 -59
package/dist/utils/layout/reservedSpace.js +0 -102
package/dist/utils/logout.d.ts +0 -14
package/dist/utils/logout.js +0 -32
package/dist/vibe/client.d.ts +0 -261
package/dist/vibe/client.js +0 -445
package/dist/vibe/enterprise-auth.d.ts +0 -106
package/dist/vibe/enterprise-auth.js +0 -173
package/dist/vibe/errors.d.ts +0 -83
package/dist/vibe/errors.js +0 -146
package/dist/vibe/generic.d.ts +0 -234
package/dist/vibe/generic.js +0 -369
package/dist/vibe/hooks/index.d.ts +0 -169
package/dist/vibe/hooks/index.js +0 -252
package/dist/vibe/index.d.ts +0 -25
package/dist/vibe/index.js +0 -72
package/dist/vibe/sessions.d.ts +0 -161
package/dist/vibe/sessions.js +0 -391
package/dist/vibe/types.d.ts +0 -353
package/dist/vibe/types.js +0 -315
package/src/auth/auth-options.ts +0 -237
package/src/auth/callbacks/index.ts +0 -7
package/src/auth/callbacks/jwt.ts +0 -382
package/src/auth/callbacks/session.ts +0 -243
package/src/auth/callbacks/signin.ts +0 -56
package/src/auth/events/index.ts +0 -5
package/src/auth/events/signout.ts +0 -33
package/src/auth/providers/credentials.ts +0 -256
package/src/auth/providers/index.ts +0 -6
package/src/auth/providers/oauth.ts +0 -114
package/src/lib/nextauth-secret.ts +0 -121
package/src/types/next-auth.d.ts +0 -15

package/dist/lib/idp-client-config.js DELETED Viewed

@@ -1,425 +0,0 @@
-"use strict";
-/**
- * IDP Client Configuration
- *
- * Fetches full client configuration from IDP including:
- * - OAuth provider credentials (from Key Vault)
- * - 2FA/MFA settings
- * - Session configuration
- * - NextAuth secret
- * - Branding
- *
- * CACHING STRATEGY:
- * 1. In-memory cache (fastest, but lost on module reload in dev)
- * 2. Redis cache (survives module reloads, shared across instances)
- * 3. IDP fetch (when both caches miss)
- *
- * NO FALLBACKS. If IDP doesn't respond correctly, we fail loud.
- *
- * @version 2.0.0 - Added Redis-backed caching
- */
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getIDPClientConfig = getIDPClientConfig;
-exports.clearConfigCache = clearConfigCache;
-exports.getEnabledProviders = getEnabledProviders;
-require("server-only");
-const crypto_1 = require("crypto");
-const redis_1 = __importDefault(require("./redis"));
-// ============================================================================
-// Cache & Fetch Deduplication
-// ============================================================================
-let cachedConfig = null;
-let cacheExpiry = 0;
-let pendingFetch = null; // Prevents parallel fetches
-// ============================================================================
-// Redis Cache Configuration
-// ============================================================================
-const REDIS_CONFIG_KEY_PREFIX = 'idp_config:';
-function getRedisConfigKey() {
-    const clientId = process.env.CLIENT_ID || process.env.NEXT_PUBLIC_CLIENT_ID || 'default';
-    return `${REDIS_CONFIG_KEY_PREFIX}${clientId}`;
-}
-async function getConfigFromRedis() {
-    try {
-        const key = getRedisConfigKey();
-        const cached = await redis_1.default.get(key);
-        if (!cached)
-            return null;
-        const parsed = JSON.parse(cached);
-        if (Date.now() >= parsed.expiresAt) {
-            // Expired, delete it
-            await redis_1.default.del(key);
-            return null;
-        }
-        return parsed.config;
-    }
-    catch (error) {
-        console.warn('[IDP_CONFIG] Failed to read from Redis cache:', error);
-        return null;
-    }
-}
-async function setConfigInRedis(config) {
-    try {
-        const key = getRedisConfigKey();
-        const ttlSeconds = config.configCacheTtlSeconds || 300;
-        const data = {
-            config,
-            expiresAt: Date.now() + (ttlSeconds * 1000)
-        };
-        // Store with TTL slightly longer than the logical expiry to allow for clock skew
-        await redis_1.default.set(key, JSON.stringify(data), 'EX', ttlSeconds + 10);
-    }
-    catch (error) {
-        console.warn('[IDP_CONFIG] Failed to write to Redis cache:', error);
-    }
-}
-// ============================================================================
-// Circuit Breaker & Backoff State
-// ============================================================================
-let consecutiveFailures = 0;
-let lastFailureTime = 0;
-const MAX_FAILURES = 3;
-const CIRCUIT_OPEN_MS = 300000; // 5 minutes
-const MAX_BACKOFF_MS = 30000; // 30 seconds max backoff
-// ============================================================================
-// Main Functions
-// ============================================================================
-/**
- * Get IDP client configuration with multi-tier caching.
- *
- * Caching layers (checked in order):
- * 1. In-memory cache (fastest, lost on module reload in dev)
- * 2. Redis cache (survives module reloads)
- * 3. IDP fetch (when both caches miss)
- *
- * THROWS if IDP is unavailable or misconfigured. No fallbacks.
- */
-async function getIDPClientConfig(forceRefresh = false) {
-    const now = Date.now();
-    // Layer 1: Return in-memory cached if still valid (skip if forceRefresh)
-    if (!forceRefresh && cachedConfig && now < cacheExpiry) {
-        return cachedConfig;
-    }
-    // If a fetch is already in progress, wait for it instead of starting another
-    if (pendingFetch) {
-        return pendingFetch;
-    }
-    // Layer 2: Check Redis cache (skip if forceRefresh - startup should always get fresh data)
-    if (!forceRefresh) {
-        const redisConfig = await getConfigFromRedis();
-        if (redisConfig) {
-            // Restore to in-memory cache
-            cachedConfig = redisConfig;
-            cacheExpiry = Date.now() + ((redisConfig.configCacheTtlSeconds || 300) * 1000);
-            // Set NEXTAUTH_SECRET from cached config
-            if (redisConfig.nextAuthSecret) {
-                process.env.NEXTAUTH_SECRET = redisConfig.nextAuthSecret;
-            }
-            // Set IDENTITY_CLIENT_BASE_EXTERNAL_URL from cached config
-            // AUTH_TRUST_HOST=true tells NextAuth to derive OAuth callback URLs from headers.
-            // Only set if not already defined (allows deployment override for beta/staging)
-            if (redisConfig.baseClientUrl && !process.env.IDENTITY_CLIENT_BASE_EXTERNAL_URL) {
-                process.env.IDENTITY_CLIENT_BASE_EXTERNAL_URL = redisConfig.baseClientUrl;
-            }
-            return redisConfig;
-        }
-    }
-    // Layer 3: Fetch from IDP
-    const internalIdpUrl = process.env.INTERNAL_IDP_URL;
-    const idpUrl = process.env.IDP_URL;
-    const clientIdStr = process.env.CLIENT_ID || process.env.NEXT_PUBLIC_CLIENT_ID;
-    if (!clientIdStr) {
-        throw new Error('[IDP_CONFIG] FATAL: CLIENT_ID or NEXT_PUBLIC_CLIENT_ID must be set');
-    }
-    if (!internalIdpUrl && !idpUrl) {
-        throw new Error('[IDP_CONFIG] FATAL: INTERNAL_IDP_URL or IDP_URL must be set');
-    }
-    // Start fetch and store promise so concurrent callers wait for same result
-    const fetcher = internalIdpUrl
-        ? fetchConfigFromInternalIDP(internalIdpUrl, clientIdStr)
-        : fetchConfigFromIDP(idpUrl, clientIdStr);
-    pendingFetch = fetcher
-        .then(async (config) => {
-        // Cache with TTL from response (default 5 minutes)
-        cachedConfig = config;
-        cacheExpiry = Date.now() + ((config.configCacheTtlSeconds || 300) * 1000);
-        // Store in Redis for persistence across module reloads
-        await setConfigInRedis(config);
-        // Set NEXTAUTH_SECRET from config
-        if (config.nextAuthSecret) {
-            process.env.NEXTAUTH_SECRET = config.nextAuthSecret;
-        }
-        else {
-            throw new Error('[IDP_CONFIG] FATAL: IDP did not return nextAuthSecret');
-        }
-        // Set IDENTITY_CLIENT_BASE_EXTERNAL_URL from config
-        // AUTH_TRUST_HOST=true tells NextAuth to derive OAuth callback URLs from headers.
-        // Only set if not already defined (allows deployment override for beta/staging)
-        if (config.baseClientUrl && !process.env.IDENTITY_CLIENT_BASE_EXTERNAL_URL) {
-            process.env.IDENTITY_CLIENT_BASE_EXTERNAL_URL = config.baseClientUrl;
-            console.log("[IDP_CONFIG] Set IDENTITY_CLIENT_BASE_EXTERNAL_URL:", config.baseClientUrl);
-        }
-        return config;
-    })
-        .finally(() => {
-        pendingFetch = null; // Clear so next cache miss can fetch again
-    });
-    return pendingFetch;
-}
-/**
- * Clear the config cache (useful for testing or forced refresh)
- */
-function clearConfigCache() {
-    cachedConfig = null;
-    cacheExpiry = 0;
-}
-/**
- * Get enabled OAuth providers from config
- */
-function getEnabledProviders(config) {
-    return config.oauthProviders?.filter(p => p.enabled) || [];
-}
-// ============================================================================
-// Internal Functions
-// ============================================================================
-async function fetchConfigFromInternalIDP(internalIdpUrl, clientIdStr) {
-    const containersKey = process.env.CONTAINERS_KEY;
-    if (!containersKey) {
-        throw new Error('[IDP_CONFIG] FATAL: CONTAINERS_KEY is required when using INTERNAL_IDP_URL');
-    }
-    const url = `${internalIdpUrl.replace(/\/$/, '')}/InternalClientConfig/${encodeURIComponent(clientIdStr)}`;
-    console.log(`[IDP_CONFIG] Fetching config from internal IDP: ${url}`);
-    const resp = await fetch(url, {
-        method: 'GET',
-        headers: {
-            'Accept': 'application/json',
-            'Authorization': `Secret ${containersKey}`,
-        },
-        cache: 'no-store'
-    });
-    if (!resp.ok) {
-        const txt = await resp.text().catch(() => 'Unknown error');
-        throw new Error(`[IDP_CONFIG] FATAL: Internal IDP returned ${resp.status} - ${txt}`);
-    }
-    const body = await resp.json().catch(() => null);
-    if (!body) {
-        throw new Error('[IDP_CONFIG] FATAL: Internal IDP returned empty or invalid JSON');
-    }
-    const configData = body?.data ?? body;
-    const rawClientId = configData.clientId ?? configData.client_id;
-    if (rawClientId === undefined || rawClientId === null) {
-        throw new Error(`[IDP_CONFIG] FATAL: Internal IDP response missing clientId. Got: ${JSON.stringify(Object.keys(configData))}`);
-    }
-    const config = {
-        clientId: String(rawClientId),
-        clientSlug: configData.clientSlug ?? configData.client_slug ?? configData.slug ?? '',
-        nextAuthSecret: configData.nextAuthSecret ?? configData.next_auth_secret ?? '',
-        configCacheTtlSeconds: configData.configCacheTtlSeconds ?? configData.config_cache_ttl_seconds ?? 300,
-        oauthProviders: (configData.oauthProviders ?? configData.oauth_providers ?? []).map((p) => ({
-            provider: p.provider ?? '',
-            enabled: p.enabled ?? false,
-            clientId: p.clientId ?? p.client_id ?? '',
-            clientSecret: p.clientSecret ?? p.client_secret ?? '',
-            scopes: p.scopes,
-            additionalParams: p.additionalParams ?? p.additional_params
-        })),
-        authSettings: {
-            require2FA: configData.authSettings?.require2FA ?? configData.auth_settings?.require_2fa ?? true,
-            allowed2FAMethods: configData.authSettings?.allowed2FAMethods ?? configData.auth_settings?.allowed_2fa_methods ?? ['email', 'sms'],
-            mfaGracePeriodHours: configData.authSettings?.mfaGracePeriodHours ?? configData.auth_settings?.mfa_grace_period_hours ?? 24,
-            mfaRememberDeviceDays: configData.authSettings?.mfaRememberDeviceDays ?? configData.auth_settings?.mfa_remember_device_days ?? 30,
-            sessionTimeoutMinutes: configData.authSettings?.sessionTimeoutMinutes ?? configData.auth_settings?.session_timeout_minutes ?? 60,
-            idleTimeoutMinutes: configData.authSettings?.idleTimeoutMinutes ?? configData.auth_settings?.idle_timeout_minutes ?? 15,
-            allowRememberMe: configData.authSettings?.allowRememberMe ?? configData.auth_settings?.allow_remember_me ?? true,
-            rememberMeDays: configData.authSettings?.rememberMeDays ?? configData.auth_settings?.remember_me_days ?? 30,
-            lockoutThreshold: configData.authSettings?.lockoutThreshold ?? configData.auth_settings?.lockout_threshold ?? 5,
-            lockoutDurationMinutes: configData.authSettings?.lockoutDurationMinutes ?? configData.auth_settings?.lockout_duration_minutes ?? 15
-        },
-        branding: {
-            theme: configData.branding?.theme,
-            primaryColor: configData.branding?.primaryColor ?? configData.branding?.primary_color,
-            secondaryColor: configData.branding?.secondaryColor ?? configData.branding?.secondary_color,
-            logoUrl: configData.branding?.logoUrl ?? configData.branding?.logo_url
-        },
-        baseClientUrl: configData.baseClientUrl ?? configData.base_client_url ?? configData.BaseClientUrl
-    };
-    if (!config.nextAuthSecret) {
-        throw new Error('[IDP_CONFIG] FATAL: Internal IDP did not return nextAuthSecret');
-    }
-    console.log(`[IDP_CONFIG] Internal IDP config loaded for ${clientIdStr}`);
-    consecutiveFailures = 0;
-    return config;
-}
-async function fetchConfigFromIDP(idpUrl, clientIdStr) {
-    // =========================================================================
-    // Circuit Breaker Check
-    // =========================================================================
-    if (consecutiveFailures >= MAX_FAILURES) {
-        const timeSinceFailure = Date.now() - lastFailureTime;
-        if (timeSinceFailure < CIRCUIT_OPEN_MS) {
-            // Circuit is open - return stale cache if available
-            if (cachedConfig) {
-                return cachedConfig;
-            }
-            throw new Error(`[IDP_CONFIG] Circuit breaker OPEN - no cached config available. Retry in ${Math.round((CIRCUIT_OPEN_MS - timeSinceFailure) / 1000)}s`);
-        }
-        // Half-open state: allow one request to test
-        consecutiveFailures = MAX_FAILURES - 1;
-    }
-    // =========================================================================
-    // Exponential Backoff Check
-    // =========================================================================
-    if (consecutiveFailures > 0) {
-        const backoffMs = Math.min(1000 * Math.pow(2, consecutiveFailures), MAX_BACKOFF_MS);
-        const timeSinceFailure = Date.now() - lastFailureTime;
-        if (timeSinceFailure < backoffMs) {
-            const remainingMs = backoffMs - timeSinceFailure;
-            // Return stale cache during backoff if available
-            if (cachedConfig) {
-                return cachedConfig;
-            }
-            throw new Error(`[IDP_CONFIG] In backoff period - retry in ${Math.round(remainingMs)}ms`);
-        }
-    }
-    try {
-        // Step 1: Get signed client assertion from IDP
-        const signingUrl = `${idpUrl.replace(/\/$/, '')}/api/ExternalAuth/sign-client-assertion`;
-        const signingPayload = {
-            issuer: clientIdStr,
-            subject: clientIdStr,
-            audience: 'urn:payez:externalauth:clientconfig',
-            expires_in: 60,
-        };
-        const signingResp = await fetch(signingUrl, {
-            method: 'POST',
-            headers: {
-                'Accept': 'application/json',
-                'Content-Type': 'application/json',
-                'X-Client-Id': clientIdStr,
-                'X-Correlation-Id': (0, crypto_1.randomUUID)().replace(/-/g, ''),
-            },
-            body: JSON.stringify(signingPayload),
-            cache: 'no-store'
-        });
-        if (!signingResp.ok) {
-            const txt = await signingResp.text().catch(() => 'Unknown error');
-            throw new Error(`[IDP_CONFIG] FATAL: Failed to sign client assertion: ${signingResp.status} - ${txt}`);
-        }
-        const signingBody = await signingResp.json().catch(() => null);
-        if (!signingBody) {
-            throw new Error('[IDP_CONFIG] FATAL: IDP returned empty or invalid JSON for sign-client-assertion');
-        }
-        // Per PayEz API standard: response is { success, data: { client_assertion }, ... }
-        // But IDP might use camelCase (clientAssertion) - check both
-        const client_assertion = (signingBody?.data?.client_assertion ??
-            signingBody?.data?.clientAssertion);
-        if (!client_assertion) {
-            console.error('[IDP_CONFIG] FATAL: Full response body:', JSON.stringify(signingBody, null, 2));
-            throw new Error(`[IDP_CONFIG] FATAL: IDP response missing client_assertion. Got keys: ${JSON.stringify(Object.keys(signingBody?.data || signingBody || {}))}`);
-        }
-        // Step 2: Fetch client config using the assertion
-        const configUrl = `${idpUrl.replace(/\/$/, '')}/api/ExternalAuth/client-config`;
-        const configResp = await fetch(configUrl, {
-            method: 'POST',
-            headers: {
-                'Accept': 'application/json',
-                'Content-Type': 'application/json',
-                'X-Client-Id': clientIdStr,
-                'X-Correlation-Id': (0, crypto_1.randomUUID)().replace(/-/g, ''),
-            },
-            body: JSON.stringify({ client_assertion }),
-            cache: 'no-store'
-        });
-        if (!configResp.ok) {
-            const txt = await configResp.text().catch(() => 'Unknown error');
-            throw new Error(`[IDP_CONFIG] FATAL: Failed to fetch client config: ${configResp.status} - ${txt}`);
-        }
-        const configBody = await configResp.json().catch(() => null);
-        if (!configBody) {
-            throw new Error('[IDP_CONFIG] FATAL: IDP returned empty or invalid JSON for client-config');
-        }
-        // Per PayEz API standard: response is wrapped in { success, data: {...} }
-        const configData = configBody?.data;
-        if (!configData || typeof configData !== 'object') {
-            console.error('[IDP_CONFIG] FATAL: Full config response body:', JSON.stringify(configBody, null, 2));
-            throw new Error('[IDP_CONFIG] FATAL: IDP client-config response missing data envelope');
-        }
-        // Validate required fields - handle both number and string client_id
-        const rawClientId = configData.clientId ?? configData.client_id;
-        if (rawClientId === undefined || rawClientId === null) {
-            throw new Error(`[IDP_CONFIG] FATAL: IDP response missing clientId/client_id. Got: ${JSON.stringify(Object.keys(configData))}`);
-        }
-        // Map response to our interface (IDP always returns snake_case)
-        const config = {
-            clientId: String(rawClientId),
-            clientSlug: configData.clientSlug ?? configData.client_slug ?? configData.slug ?? '',
-            nextAuthSecret: configData.nextAuthSecret ?? configData.next_auth_secret ?? '',
-            configCacheTtlSeconds: configData.configCacheTtlSeconds ?? configData.config_cache_ttl_seconds ?? 300,
-            oauthProviders: (configData.oauthProviders ?? configData.oauth_providers ?? []).map((p) => ({
-                provider: p.provider ?? '',
-                enabled: p.enabled ?? false,
-                clientId: p.clientId ?? p.client_id ?? '',
-                clientSecret: p.clientSecret ?? p.client_secret ?? '',
-                scopes: p.scopes,
-                additionalParams: p.additionalParams ?? p.additional_params
-            })),
-            authSettings: {
-                require2FA: (() => {
-                    // Check nested locations first (canonical)
-                    const nested = configData.authSettings?.require2FA ?? configData.auth_settings?.require_2fa;
-                    if (nested !== undefined)
-                        return nested;
-                    // TRANSITION FALLBACK: Check top-level (deprecated)
-                    const topLevel = configData.require2FA ?? configData.require_2fa;
-                    if (topLevel !== undefined) {
-                        console.warn('[IDP_CONFIG] DEPRECATION: require2FA found at top-level. Should be nested under auth_settings. Update IDP.');
-                        return topLevel;
-                    }
-                    return true; // Default to true for security
-                })(),
-                allowed2FAMethods: configData.authSettings?.allowed2FAMethods ?? configData.auth_settings?.allowed_2fa_methods ?? ['email', 'sms'],
-                mfaGracePeriodHours: configData.authSettings?.mfaGracePeriodHours ?? configData.auth_settings?.mfa_grace_period_hours ?? 24,
-                mfaRememberDeviceDays: configData.authSettings?.mfaRememberDeviceDays ?? configData.auth_settings?.mfa_remember_device_days ?? 30,
-                sessionTimeoutMinutes: configData.authSettings?.sessionTimeoutMinutes ?? configData.auth_settings?.session_timeout_minutes ?? 60,
-                idleTimeoutMinutes: configData.authSettings?.idleTimeoutMinutes ?? configData.auth_settings?.idle_timeout_minutes ?? 15,
-                allowRememberMe: configData.authSettings?.allowRememberMe ?? configData.auth_settings?.allow_remember_me ?? true,
-                rememberMeDays: configData.authSettings?.rememberMeDays ?? configData.auth_settings?.remember_me_days ?? 30,
-                lockoutThreshold: configData.authSettings?.lockoutThreshold ?? configData.auth_settings?.lockout_threshold ?? 5,
-                lockoutDurationMinutes: configData.authSettings?.lockoutDurationMinutes ?? configData.auth_settings?.lockout_duration_minutes ?? 15
-            },
-            branding: {
-                theme: configData.branding?.theme,
-                primaryColor: configData.branding?.primaryColor ?? configData.branding?.primary_color,
-                secondaryColor: configData.branding?.secondaryColor ?? configData.branding?.secondary_color,
-                logoUrl: configData.branding?.logoUrl ?? configData.branding?.logo_url
-            },
-            baseClientUrl: configData.baseClientUrl ?? configData.base_client_url ?? configData.BaseClientUrl
-        };
-        // Debug: log what we got for baseClientUrl
-        console.log(`[IDP_CONFIG] Parsed baseClientUrl:`, config.baseClientUrl, `| raw keys:`, Object.keys(configData).filter(k => k.toLowerCase().includes('client')));
-        // Validate we got what we need
-        if (!config.clientId) {
-            throw new Error('[IDP_CONFIG] FATAL: clientId is empty or missing after parsing');
-        }
-        if (!config.nextAuthSecret) {
-            throw new Error('[IDP_CONFIG] FATAL: nextAuthSecret is empty after parsing');
-        }
-        // Success - reset failure tracking
-        consecutiveFailures = 0;
-        return config;
-    }
-    catch (error) {
-        // Track failure for circuit breaker
-        consecutiveFailures++;
-        lastFailureTime = Date.now();
-        console.error('[IDP_CONFIG] Fetch failed', {
-            consecutiveFailures,
-            maxFailures: MAX_FAILURES,
-            error: error instanceof Error ? error.message : String(error)
-        });
-        throw error;
-    }
-}

package/dist/lib/idp-fetch.d.ts DELETED Viewed

@@ -1,14 +0,0 @@
-import { NextRequest } from 'next/server';
-/**
- * Centralized IDP fetch helper
- * - Injects Bearer from Redis session
- * - If access token is expired/near-expiry, triggers one refresh and retries fetch once
- * - Returns parsed JSON and HTTP status
- */
-export interface IdpFetchResult<T = any> {
-    ok: boolean;
-    status: number;
-    json: T | null;
-    attemptedRefresh: boolean;
-}
-export declare function idpFetchJSON<T = any>(req: NextRequest, targetUrl: string, init?: RequestInit): Promise<IdpFetchResult<T>>;

package/dist/lib/idp-fetch.js DELETED Viewed

@@ -1,91 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.idpFetchJSON = idpFetchJSON;
-const test_aware_get_token_1 = require("./test-aware-get-token");
-const session_store_1 = require("./session-store");
-const internal_api_1 = require("./internal-api");
-function buildHeaders(req, bearer, extra) {
-    const headers = {
-        Accept: 'application/json',
-        'Content-Type': 'application/json',
-        ...extra,
-    };
-    const xfwd = req.headers.get('x-forwarded-for') || req.headers.get('x-real-ip');
-    if (xfwd)
-        headers['X-Forwarded-For'] = xfwd.split(',')[0].trim();
-    const ua = req.headers.get('user-agent');
-    if (ua)
-        headers['User-Agent'] = ua;
-    if (bearer)
-        headers['Authorization'] = `Bearer ${bearer}`;
-    return headers;
-}
-async function ensureFreshAccessToken(req) {
-    const token = await (0, test_aware_get_token_1.getTokenTestAware)(req);
-    // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
-    const sessionToken = (token?.sessionToken || token?.redisSessionId);
-    console.log('[IDP_FETCH] ensureFreshAccessToken:', {
-        hasToken: !!token,
-        sessionToken: sessionToken?.substring(0, 20) + '...',
-        pathname: req.nextUrl.pathname
-    });
-    if (!sessionToken) {
-        console.warn('[IDP_FETCH] No sessionToken found in JWT - Bearer token will NOT be sent!');
-        return {};
-    }
-    let session = await (0, session_store_1.getSession)(sessionToken);
-    console.log('[IDP_FETCH] Redis session lookup:', {
-        hasSession: !!session,
-        hasAccessToken: !!session?.idpAccessToken,
-        bearerKeyId: session?.bearerKeyId || 'NOT_SET',
-        idpClientId: session?.idpClientId || 'NOT_SET',
-    });
-    if (!session?.idpAccessToken)
-        return { sessionToken };
-    const now = Date.now();
-    const timeLeft = (session.idpAccessTokenExpires ?? now) - now;
-    // Treat tokens as effectively expired if within 5 minutes of expiry
-    if (timeLeft > 5 * 60 * 1000) {
-        return { sessionToken, accessToken: session.idpAccessToken };
-    }
-    // attempt refresh once via centralized internal API helper
-    try {
-        await (0, internal_api_1.internalRefresh)(req.headers.get('cookie') || '', sessionToken);
-    }
-    catch { }
-    session = await (0, session_store_1.getSession)(sessionToken);
-    return { sessionToken, accessToken: session?.idpAccessToken };
-}
-async function idpFetchJSON(req, targetUrl, init = {}) {
-    let attemptedRefresh = false;
-    let { accessToken, sessionToken } = await ensureFreshAccessToken(req);
-    const makeCall = async (bearer) => {
-        const res = await fetch(targetUrl, {
-            ...init,
-            headers: buildHeaders(req, bearer, init.headers),
-        });
-        let json = null;
-        try {
-            json = await res.json();
-        }
-        catch {
-            json = null;
-        }
-        return { res, json };
-    };
-    // First attempt
-    let { res, json } = await makeCall(accessToken);
-    if ((res.status === 401 || res.status === 403) && sessionToken && !attemptedRefresh) {
-        attemptedRefresh = true;
-        try {
-            // Use centralized internal API helper for server-to-server calls
-            const rf = await (0, internal_api_1.internalRefresh)(req.headers.get('cookie') || '', sessionToken);
-            if (rf.ok) {
-                const fresh = await (0, session_store_1.getSession)(sessionToken);
-                ({ res, json } = await makeCall(fresh?.idpAccessToken));
-            }
-        }
-        catch { }
-    }
-    return { ok: res.ok, status: res.status, json: json, attemptedRefresh };
-}

package/dist/lib/internal-api.d.ts DELETED Viewed

@@ -1,87 +0,0 @@
-/**
- * Centralized internal API helper for the app to call ITSELF.
- *
- * IMPORTANT: All calls from the Next.js server to its own API routes MUST use
- * these functions. Never use req.url, req.nextUrl.origin, or construct URLs
- * from the incoming request.
- *
- * WHY HTTP IS REQUIRED (not optional):
- * - This is the app calling its OWN backend within the same pod/container
- * - NextAuth cookies are encrypted based on request protocol
- * - TLS is terminated at ingress, so the pod receives HTTP internally
- * - Using HTTPS here causes cookie decryption failures and 403 errors
- * - This is NOT about "K8s traffic doesn't need TLS" - it's about
- *   protocol consistency for cookie/session encryption
- *
- * Environment:
- * - INTERNAL_API_URL: Required in production (e.g., http://service.namespace.svc.cluster.local:80)
- * - Falls back to http://localhost:3200 in development only
- */
-/**
- * Get the internal API base URL for the app to call itself.
- *
- * @throws Error in production if INTERNAL_API_URL is not set
- * @returns The base URL (no trailing slash)
- */
-export declare function getInternalApiUrl(): string;
-/**
- * Options for internal fetch calls
- */
-export interface InternalFetchOptions extends Omit<RequestInit, 'headers'> {
-    /** Additional headers to include */
-    headers?: Record<string, string>;
-    /** Cookie header to forward (typically from req.headers.get('cookie')) */
-    cookie?: string;
-    /** Session token for x-session-token header */
-    sessionToken?: string;
-    /** Request ID for tracing */
-    requestId?: string;
-    /** Parse response as JSON (default: true) */
-    parseJson?: boolean;
-}
-/**
- * Result of an internal fetch call
- */
-export interface InternalFetchResult<T = unknown> {
-    ok: boolean;
-    status: number;
-    statusText: string;
-    data: T | null;
-    response: Response;
-}
-/**
- * Make a fetch call to an internal API route (app calling itself).
- *
- * @param path - The API path (e.g., '/api/auth/refresh')
- * @param options - Fetch options
- * @returns The fetch result with parsed data
- *
- * @example
- * ```ts
- * // Simple GET
- * const result = await internalFetch('/api/health');
- *
- * // POST with session
- * const result = await internalFetch('/api/auth/refresh', {
- *   method: 'POST',
- *   cookie: req.headers.get('cookie') || '',
- *   sessionToken: token.redisSessionId,
- *   body: JSON.stringify({ refresh_token: refreshToken }),
- * });
- * ```
- */
-export declare function internalFetch<T = unknown>(path: string, options?: InternalFetchOptions): Promise<InternalFetchResult<T>>;
-/**
- * Trigger a token refresh via the internal API.
- * This is a convenience wrapper for the common refresh pattern.
- *
- * @param cookie - The cookie header from the incoming request
- * @param sessionToken - The session token
- * @param refreshToken - Optional refresh token to include in body
- * @param requestId - Optional request ID for tracing
- * @returns Whether the refresh was successful
- */
-export declare function internalRefresh(cookie: string, sessionToken: string, refreshToken?: string, requestId?: string): Promise<{
-    ok: boolean;
-    status: number;
-}>;