npm - @payez/next-mvp - Versions diffs - 3.9.1 → 4.0.1 - Mend

@payez/next-mvp 3.9.1 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (526) hide show

package/package.json +6 -18
package/src/api/auth-handler.ts +550 -549
package/src/api-handlers/account/change-password.ts +5 -8
package/src/api-handlers/admin/analytics.ts +4 -6
package/src/api-handlers/admin/audit.ts +5 -7
package/src/api-handlers/admin/index.ts +1 -2
package/src/api-handlers/admin/redis-sessions.ts +6 -8
package/src/api-handlers/admin/sessions.ts +5 -7
package/src/api-handlers/admin/site-logs.ts +8 -10
package/src/api-handlers/admin/stats.ts +4 -6
package/src/api-handlers/admin/users.ts +5 -7
package/src/api-handlers/admin/vibe-data.ts +10 -12
package/src/api-handlers/auth/refresh.ts +5 -7
package/src/api-handlers/auth/signout.ts +5 -6
package/src/api-handlers/auth/status.ts +4 -7
package/src/api-handlers/auth/update-session.ts +123 -125
package/src/api-handlers/auth/verify-code.ts +9 -13
package/src/api-handlers/session/viability.ts +10 -47
package/src/api-handlers/test/force-expire.ts +4 -11
package/src/auth/auth-decision.ts +1 -1
package/src/auth/better-auth.ts +138 -141
package/src/auth/route-config.ts +219 -219
package/src/auth/utils/token-utils.ts +0 -1
package/src/client/AuthContext.tsx +6 -2
package/src/client/fetch-with-auth.ts +47 -47
package/src/components/SessionSync.tsx +6 -5
package/src/components/account/MobileNavDrawer.tsx +3 -3
package/src/components/account/UserAvatarMenu.tsx +6 -3
package/src/components/admin/VibeAdminLayout.tsx +4 -2
package/src/config/logger.ts +1 -1
package/src/hooks/useAuth.ts +117 -115
package/src/hooks/useAuthSettings.ts +2 -2
package/src/hooks/useAvailableProviders.ts +9 -5
package/src/hooks/useSessionExpiration.ts +101 -102
package/src/hooks/useViabilitySession.ts +336 -335
package/src/index.ts +60 -63
package/src/lib/api-handler.ts +0 -1
package/src/lib/app-slug.ts +6 -6
package/src/lib/standardized-client-api.ts +901 -895
package/src/lib/startup-init.ts +243 -247
package/src/lib/test-aware-get-token.ts +22 -12
package/src/lib/token-lifecycle.ts +12 -53
package/src/pages/admin-login/page.tsx +9 -17
package/src/pages/client-admin/ClientSiteAdminPage.tsx +4 -2
package/src/pages/login/page.tsx +21 -28
package/src/pages/showcase/ShowcasePage.tsx +4 -2
package/src/pages/test-env/EmergencyLogoutPage.tsx +7 -6
package/src/pages/test-env/JwtInspectPage.tsx +5 -3
package/src/pages/test-env/RefreshTokenPage.tsx +157 -155
package/src/pages/test-env/TestEnvPage.tsx +4 -2
package/src/pages/verify-code/page.tsx +10 -6
package/src/routes/auth/logout.ts +7 -25
package/src/routes/auth/nextauth.ts +45 -71
package/src/routes/auth/session.ts +25 -50
package/src/routes/auth/viability.ts +7 -19
package/src/server/auth.ts +60 -0
package/src/stores/authStore.ts +1899 -1904
package/src/utils/logout.ts +30 -30
package/dist/api/auth-handler.d.ts +0 -67
package/dist/api/auth-handler.js +0 -397
package/dist/api/index.d.ts +0 -10
package/dist/api/index.js +0 -19
package/dist/api-handlers/account/change-password.d.ts +0 -9
package/dist/api-handlers/account/change-password.js +0 -112
package/dist/api-handlers/account/masked-info.d.ts +0 -2
package/dist/api-handlers/account/masked-info.js +0 -41
package/dist/api-handlers/account/profile.d.ts +0 -3
package/dist/api-handlers/account/profile.js +0 -63
package/dist/api-handlers/account/recovery/initiate.d.ts +0 -2
package/dist/api-handlers/account/recovery/initiate.js +0 -26
package/dist/api-handlers/account/recovery/send-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/send-code.js +0 -28
package/dist/api-handlers/account/recovery/verify-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/verify-code.js +0 -28
package/dist/api-handlers/account/reset-password.d.ts +0 -2
package/dist/api-handlers/account/reset-password.js +0 -26
package/dist/api-handlers/account/send-code.d.ts +0 -24
package/dist/api-handlers/account/send-code.js +0 -60
package/dist/api-handlers/account/update-phone.d.ts +0 -27
package/dist/api-handlers/account/update-phone.js +0 -64
package/dist/api-handlers/account/validate-password.d.ts +0 -17
package/dist/api-handlers/account/validate-password.js +0 -81
package/dist/api-handlers/account/verify-email.d.ts +0 -26
package/dist/api-handlers/account/verify-email.js +0 -106
package/dist/api-handlers/account/verify-sms.d.ts +0 -26
package/dist/api-handlers/account/verify-sms.js +0 -106
package/dist/api-handlers/admin/analytics.d.ts +0 -20
package/dist/api-handlers/admin/analytics.js +0 -379
package/dist/api-handlers/admin/audit.d.ts +0 -20
package/dist/api-handlers/admin/audit.js +0 -214
package/dist/api-handlers/admin/index.d.ts +0 -22
package/dist/api-handlers/admin/index.js +0 -43
package/dist/api-handlers/admin/redis-sessions.d.ts +0 -36
package/dist/api-handlers/admin/redis-sessions.js +0 -204
package/dist/api-handlers/admin/sessions.d.ts +0 -21
package/dist/api-handlers/admin/sessions.js +0 -284
package/dist/api-handlers/admin/site-logs.d.ts +0 -46
package/dist/api-handlers/admin/site-logs.js +0 -318
package/dist/api-handlers/admin/stats.d.ts +0 -21
package/dist/api-handlers/admin/stats.js +0 -240
package/dist/api-handlers/admin/users.d.ts +0 -20
package/dist/api-handlers/admin/users.js +0 -222
package/dist/api-handlers/admin/vibe-data.d.ts +0 -80
package/dist/api-handlers/admin/vibe-data.js +0 -268
package/dist/api-handlers/anon/preferences.d.ts +0 -37
package/dist/api-handlers/anon/preferences.js +0 -96
package/dist/api-handlers/auth/jwks.d.ts +0 -2
package/dist/api-handlers/auth/jwks.js +0 -24
package/dist/api-handlers/auth/login.d.ts +0 -42
package/dist/api-handlers/auth/login.js +0 -178
package/dist/api-handlers/auth/refresh.d.ts +0 -74
package/dist/api-handlers/auth/refresh.js +0 -635
package/dist/api-handlers/auth/signout.d.ts +0 -37
package/dist/api-handlers/auth/signout.js +0 -187
package/dist/api-handlers/auth/status.d.ts +0 -8
package/dist/api-handlers/auth/status.js +0 -26
package/dist/api-handlers/auth/update-session.d.ts +0 -37
package/dist/api-handlers/auth/update-session.js +0 -95
package/dist/api-handlers/auth/validate.d.ts +0 -6
package/dist/api-handlers/auth/validate.js +0 -43
package/dist/api-handlers/auth/verify-code.d.ts +0 -43
package/dist/api-handlers/auth/verify-code.js +0 -94
package/dist/api-handlers/session/refresh-viability.d.ts +0 -14
package/dist/api-handlers/session/refresh-viability.js +0 -39
package/dist/api-handlers/session/viability.d.ts +0 -13
package/dist/api-handlers/session/viability.js +0 -146
package/dist/api-handlers/test/force-expire.d.ts +0 -23
package/dist/api-handlers/test/force-expire.js +0 -65
package/dist/auth/auth-decision.d.ts +0 -39
package/dist/auth/auth-decision.js +0 -182
package/dist/auth/auth-options.d.ts +0 -57
package/dist/auth/auth-options.js +0 -213
package/dist/auth/better-auth.d.ts +0 -82
package/dist/auth/better-auth.js +0 -122
package/dist/auth/callbacks/index.d.ts +0 -6
package/dist/auth/callbacks/index.js +0 -12
package/dist/auth/callbacks/jwt.d.ts +0 -45
package/dist/auth/callbacks/jwt.js +0 -305
package/dist/auth/callbacks/session.d.ts +0 -60
package/dist/auth/callbacks/session.js +0 -170
package/dist/auth/callbacks/signin.d.ts +0 -23
package/dist/auth/callbacks/signin.js +0 -44
package/dist/auth/events/index.d.ts +0 -4
package/dist/auth/events/index.js +0 -8
package/dist/auth/events/signout.d.ts +0 -17
package/dist/auth/events/signout.js +0 -32
package/dist/auth/providers/credentials.d.ts +0 -32
package/dist/auth/providers/credentials.js +0 -223
package/dist/auth/providers/index.d.ts +0 -5
package/dist/auth/providers/index.js +0 -21
package/dist/auth/providers/oauth.d.ts +0 -26
package/dist/auth/providers/oauth.js +0 -105
package/dist/auth/route-config.d.ts +0 -66
package/dist/auth/route-config.js +0 -190
package/dist/auth/types/auth-types.d.ts +0 -417
package/dist/auth/types/auth-types.js +0 -53
package/dist/auth/types/index.d.ts +0 -6
package/dist/auth/types/index.js +0 -22
package/dist/auth/unauthenticated-routes.d.ts +0 -1
package/dist/auth/unauthenticated-routes.js +0 -19
package/dist/auth/utils/idp-client.d.ts +0 -94
package/dist/auth/utils/idp-client.js +0 -384
package/dist/auth/utils/index.d.ts +0 -5
package/dist/auth/utils/index.js +0 -21
package/dist/auth/utils/token-utils.d.ts +0 -84
package/dist/auth/utils/token-utils.js +0 -219
package/dist/client/AuthContext.d.ts +0 -19
package/dist/client/AuthContext.js +0 -112
package/dist/client/better-auth-client.d.ts +0 -1020
package/dist/client/better-auth-client.js +0 -68
package/dist/client/fetch-with-auth.d.ts +0 -11
package/dist/client/fetch-with-auth.js +0 -44
package/dist/client/fetchWithSession.d.ts +0 -3
package/dist/client/fetchWithSession.js +0 -24
package/dist/client/index.d.ts +0 -9
package/dist/client/index.js +0 -20
package/dist/client/useAnonSession.d.ts +0 -36
package/dist/client/useAnonSession.js +0 -99
package/dist/components/SessionSync.d.ts +0 -13
package/dist/components/SessionSync.js +0 -119
package/dist/components/SignalRHealthCheck.d.ts +0 -10
package/dist/components/SignalRHealthCheck.js +0 -97
package/dist/components/account/MobileNavDrawer.d.ts +0 -32
package/dist/components/account/MobileNavDrawer.js +0 -81
package/dist/components/account/UserAvatarMenu.d.ts +0 -20
package/dist/components/account/UserAvatarMenu.js +0 -88
package/dist/components/account/index.d.ts +0 -9
package/dist/components/account/index.js +0 -13
package/dist/components/admin/AlertSettingsTab.d.ts +0 -48
package/dist/components/admin/AlertSettingsTab.js +0 -351
package/dist/components/admin/AnalyticsTab.d.ts +0 -22
package/dist/components/admin/AnalyticsTab.js +0 -167
package/dist/components/admin/DataBrowserTab.d.ts +0 -19
package/dist/components/admin/DataBrowserTab.js +0 -252
package/dist/components/admin/LoggingSettingsTab.d.ts +0 -73
package/dist/components/admin/LoggingSettingsTab.js +0 -339
package/dist/components/admin/SessionsTab.d.ts +0 -37
package/dist/components/admin/SessionsTab.js +0 -165
package/dist/components/admin/StatsTab.d.ts +0 -53
package/dist/components/admin/StatsTab.js +0 -161
package/dist/components/admin/VibeAdminContext.d.ts +0 -32
package/dist/components/admin/VibeAdminContext.js +0 -38
package/dist/components/admin/VibeAdminLayout.d.ts +0 -11
package/dist/components/admin/VibeAdminLayout.js +0 -69
package/dist/components/admin/index.d.ts +0 -29
package/dist/components/admin/index.js +0 -44
package/dist/components/auth/FederatedAuthSection.d.ts +0 -8
package/dist/components/auth/FederatedAuthSection.js +0 -45
package/dist/components/auth/ModeAwareLoginPage.d.ts +0 -10
package/dist/components/auth/ModeAwareLoginPage.js +0 -42
package/dist/components/auth/ModeAwareSignupPage.d.ts +0 -9
package/dist/components/auth/ModeAwareSignupPage.js +0 -78
package/dist/components/auth/TraditionalAuthSection.d.ts +0 -14
package/dist/components/auth/TraditionalAuthSection.js +0 -20
package/dist/components/recovery/CompleteStep.d.ts +0 -5
package/dist/components/recovery/CompleteStep.js +0 -8
package/dist/components/recovery/InitiateRecoveryStep.d.ts +0 -8
package/dist/components/recovery/InitiateRecoveryStep.js +0 -20
package/dist/components/recovery/SelectMethodStep.d.ts +0 -8
package/dist/components/recovery/SelectMethodStep.js +0 -8
package/dist/components/recovery/SetPasswordStep.d.ts +0 -6
package/dist/components/recovery/SetPasswordStep.js +0 -20
package/dist/components/recovery/VerifyCodeStep.d.ts +0 -10
package/dist/components/recovery/VerifyCodeStep.js +0 -24
package/dist/components/reserved/ReservedRecoveryWarning.d.ts +0 -38
package/dist/components/reserved/ReservedRecoveryWarning.js +0 -92
package/dist/components/reserved/ReservedStatusBox.d.ts +0 -30
package/dist/components/reserved/ReservedStatusBox.js +0 -71
package/dist/components/ui/BetaBadge.d.ts +0 -29
package/dist/components/ui/BetaBadge.js +0 -38
package/dist/components/ui/Footer.d.ts +0 -37
package/dist/components/ui/Footer.js +0 -41
package/dist/config/env.d.ts +0 -66
package/dist/config/env.js +0 -57
package/dist/config/logger.d.ts +0 -57
package/dist/config/logger.js +0 -73
package/dist/config/logging-config.d.ts +0 -30
package/dist/config/logging-config.js +0 -122
package/dist/config/unauthenticated-routes.d.ts +0 -17
package/dist/config/unauthenticated-routes.js +0 -24
package/dist/config/vibe-log-transport.d.ts +0 -81
package/dist/config/vibe-log-transport.js +0 -212
package/dist/edge/internal-api-url.d.ts +0 -53
package/dist/edge/internal-api-url.js +0 -63
package/dist/edge/middleware.d.ts +0 -14
package/dist/edge/middleware.js +0 -32
package/dist/hooks/useAuth.d.ts +0 -23
package/dist/hooks/useAuth.js +0 -81
package/dist/hooks/useAuthSettings.d.ts +0 -59
package/dist/hooks/useAuthSettings.js +0 -93
package/dist/hooks/useAvailableProviders.d.ts +0 -45
package/dist/hooks/useAvailableProviders.js +0 -108
package/dist/hooks/usePasswordValidation.d.ts +0 -27
package/dist/hooks/usePasswordValidation.js +0 -102
package/dist/hooks/useProfile.d.ts +0 -15
package/dist/hooks/useProfile.js +0 -59
package/dist/hooks/usePublicAuthSettings.d.ts +0 -56
package/dist/hooks/usePublicAuthSettings.js +0 -131
package/dist/hooks/useSessionExpiration.d.ts +0 -57
package/dist/hooks/useSessionExpiration.js +0 -72
package/dist/hooks/useViabilitySession.d.ts +0 -75
package/dist/hooks/useViabilitySession.js +0 -268
package/dist/index.d.ts +0 -12
package/dist/index.js +0 -55
package/dist/lib/anon-session.d.ts +0 -74
package/dist/lib/anon-session.js +0 -169
package/dist/lib/api-handler.d.ts +0 -123
package/dist/lib/api-handler.js +0 -478
package/dist/lib/app-slug.d.ts +0 -95
package/dist/lib/app-slug.js +0 -172
package/dist/lib/demo-mode.d.ts +0 -6
package/dist/lib/demo-mode.js +0 -16
package/dist/lib/geolocation.d.ts +0 -64
package/dist/lib/geolocation.js +0 -235
package/dist/lib/idp-client-config.d.ts +0 -75
package/dist/lib/idp-client-config.js +0 -425
package/dist/lib/idp-fetch.d.ts +0 -14
package/dist/lib/idp-fetch.js +0 -91
package/dist/lib/internal-api.d.ts +0 -87
package/dist/lib/internal-api.js +0 -122
package/dist/lib/jwt-decode-client.d.ts +0 -10
package/dist/lib/jwt-decode-client.js +0 -46
package/dist/lib/jwt-decode.d.ts +0 -48
package/dist/lib/jwt-decode.js +0 -57
package/dist/lib/nextauth-secret.d.ts +0 -10
package/dist/lib/nextauth-secret.js +0 -100
package/dist/lib/rate-limit-service.d.ts +0 -23
package/dist/lib/rate-limit-service.js +0 -6
package/dist/lib/redis.d.ts +0 -5
package/dist/lib/redis.js +0 -28
package/dist/lib/refresh-token-validator.d.ts +0 -13
package/dist/lib/refresh-token-validator.js +0 -117
package/dist/lib/roles.d.ts +0 -145
package/dist/lib/roles.js +0 -168
package/dist/lib/secret-validation.d.ts +0 -4
package/dist/lib/secret-validation.js +0 -14
package/dist/lib/session-store.d.ts +0 -170
package/dist/lib/session-store.js +0 -545
package/dist/lib/session.d.ts +0 -21
package/dist/lib/session.js +0 -26
package/dist/lib/site-logger.d.ts +0 -214
package/dist/lib/site-logger.js +0 -210
package/dist/lib/standardized-client-api.d.ts +0 -161
package/dist/lib/standardized-client-api.js +0 -786
package/dist/lib/startup-init.d.ts +0 -40
package/dist/lib/startup-init.js +0 -261
package/dist/lib/test-aware-get-token.d.ts +0 -2
package/dist/lib/test-aware-get-token.js +0 -81
package/dist/lib/token-expiry.d.ts +0 -14
package/dist/lib/token-expiry.js +0 -39
package/dist/lib/token-lifecycle.d.ts +0 -52
package/dist/lib/token-lifecycle.js +0 -398
package/dist/lib/types/api-responses.d.ts +0 -128
package/dist/lib/types/api-responses.js +0 -171
package/dist/lib/user-agent-parser.d.ts +0 -50
package/dist/lib/user-agent-parser.js +0 -220
package/dist/logging/api/admin-analytics.d.ts +0 -3
package/dist/logging/api/admin-analytics.js +0 -45
package/dist/logging/api/audit-log.d.ts +0 -3
package/dist/logging/api/audit-log.js +0 -52
package/dist/logging/components/AdminAnalyticsLayout.d.ts +0 -10
package/dist/logging/components/AdminAnalyticsLayout.js +0 -11
package/dist/logging/components/AuditLogViewer.d.ts +0 -7
package/dist/logging/components/AuditLogViewer.js +0 -51
package/dist/logging/components/ErrorMetricsCard.d.ts +0 -7
package/dist/logging/components/ErrorMetricsCard.js +0 -16
package/dist/logging/components/HealthMetricsCard.d.ts +0 -7
package/dist/logging/components/HealthMetricsCard.js +0 -19
package/dist/logging/hooks/useAdminAnalytics.d.ts +0 -24
package/dist/logging/hooks/useAdminAnalytics.js +0 -22
package/dist/logging/hooks/useAuditLog.d.ts +0 -6
package/dist/logging/hooks/useAuditLog.js +0 -25
package/dist/logging/hooks/useErrorMetrics.d.ts +0 -6
package/dist/logging/hooks/useErrorMetrics.js +0 -38
package/dist/logging/hooks/useHealthMetrics.d.ts +0 -6
package/dist/logging/hooks/useHealthMetrics.js +0 -41
package/dist/logging/index.d.ts +0 -11
package/dist/logging/index.js +0 -40
package/dist/logging/types/analytics.d.ts +0 -68
package/dist/logging/types/analytics.js +0 -3
package/dist/logging/types/audit.d.ts +0 -29
package/dist/logging/types/audit.js +0 -2
package/dist/logging/types/index.d.ts +0 -2
package/dist/logging/types/index.js +0 -19
package/dist/middleware/auth-decision.d.ts +0 -33
package/dist/middleware/auth-decision.js +0 -65
package/dist/middleware/create-middleware.d.ts +0 -102
package/dist/middleware/create-middleware.js +0 -469
package/dist/middleware/rbac-check.d.ts +0 -51
package/dist/middleware/rbac-check.js +0 -219
package/dist/middleware/twofa-presets.d.ts +0 -134
package/dist/middleware/twofa-presets.js +0 -175
package/dist/models/DecodedAccessToken.d.ts +0 -17
package/dist/models/DecodedAccessToken.js +0 -2
package/dist/models/SessionModel.d.ts +0 -122
package/dist/models/SessionModel.js +0 -136
package/dist/pages/admin-login/page.d.ts +0 -31
package/dist/pages/admin-login/page.js +0 -83
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.d.ts +0 -18
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.js +0 -276
package/dist/pages/admin-page-permissions/index.d.ts +0 -6
package/dist/pages/admin-page-permissions/index.js +0 -13
package/dist/pages/admin-roles/RolesAdminPage.d.ts +0 -16
package/dist/pages/admin-roles/RolesAdminPage.js +0 -261
package/dist/pages/admin-roles/index.d.ts +0 -8
package/dist/pages/admin-roles/index.js +0 -15
package/dist/pages/admin-roles/modals.d.ts +0 -72
package/dist/pages/admin-roles/modals.js +0 -154
package/dist/pages/client-admin/ClientSiteAdminPage.d.ts +0 -79
package/dist/pages/client-admin/ClientSiteAdminPage.js +0 -177
package/dist/pages/client-admin/index.d.ts +0 -32
package/dist/pages/client-admin/index.js +0 -37
package/dist/pages/coming-soon/page.d.ts +0 -8
package/dist/pages/coming-soon/page.js +0 -28
package/dist/pages/login/page.d.ts +0 -22
package/dist/pages/login/page.js +0 -239
package/dist/pages/profile/EnhancedProfilePage.d.ts +0 -13
package/dist/pages/profile/EnhancedProfilePage.js +0 -150
package/dist/pages/profile/index.d.ts +0 -8
package/dist/pages/profile/index.js +0 -16
package/dist/pages/profile/page.d.ts +0 -19
package/dist/pages/profile/page.js +0 -47
package/dist/pages/profile/profile-patch.d.ts +0 -1
package/dist/pages/profile/profile-patch.js +0 -281
package/dist/pages/recovery/page.d.ts +0 -1
package/dist/pages/recovery/page.js +0 -142
package/dist/pages/roles/MyRolesPage.d.ts +0 -24
package/dist/pages/roles/MyRolesPage.js +0 -71
package/dist/pages/roles/components.d.ts +0 -63
package/dist/pages/roles/components.js +0 -108
package/dist/pages/roles/index.d.ts +0 -8
package/dist/pages/roles/index.js +0 -19
package/dist/pages/security/EnhancedSecurityPage.d.ts +0 -14
package/dist/pages/security/EnhancedSecurityPage.js +0 -248
package/dist/pages/security/index.d.ts +0 -8
package/dist/pages/security/index.js +0 -16
package/dist/pages/security/page.d.ts +0 -21
package/dist/pages/security/page.js +0 -212
package/dist/pages/security/security-patch.d.ts +0 -1
package/dist/pages/security/security-patch.js +0 -302
package/dist/pages/settings/EnhancedSettingsPage.d.ts +0 -46
package/dist/pages/settings/EnhancedSettingsPage.js +0 -231
package/dist/pages/settings/index.d.ts +0 -8
package/dist/pages/settings/index.js +0 -16
package/dist/pages/settings/page.d.ts +0 -7
package/dist/pages/settings/page.js +0 -26
package/dist/pages/showcase/ShowcasePage.d.ts +0 -13
package/dist/pages/showcase/ShowcasePage.js +0 -140
package/dist/pages/showcase/index.d.ts +0 -12
package/dist/pages/showcase/index.js +0 -17
package/dist/pages/test-env/EmergencyLogoutPage.d.ts +0 -14
package/dist/pages/test-env/EmergencyLogoutPage.js +0 -98
package/dist/pages/test-env/JwtInspectPage.d.ts +0 -14
package/dist/pages/test-env/JwtInspectPage.js +0 -114
package/dist/pages/test-env/RefreshTokenPage.d.ts +0 -15
package/dist/pages/test-env/RefreshTokenPage.js +0 -91
package/dist/pages/test-env/TestEnvPage.d.ts +0 -13
package/dist/pages/test-env/TestEnvPage.js +0 -49
package/dist/pages/test-env/index.d.ts +0 -24
package/dist/pages/test-env/index.js +0 -32
package/dist/pages/verify-code/page.d.ts +0 -30
package/dist/pages/verify-code/page.js +0 -408
package/dist/routes/account/index.d.ts +0 -28
package/dist/routes/account/index.js +0 -71
package/dist/routes/account/masked-info.d.ts +0 -33
package/dist/routes/account/masked-info.js +0 -39
package/dist/routes/account/send-code.d.ts +0 -37
package/dist/routes/account/send-code.js +0 -42
package/dist/routes/account/update-phone.d.ts +0 -13
package/dist/routes/account/update-phone.js +0 -17
package/dist/routes/account/verify-email.d.ts +0 -38
package/dist/routes/account/verify-email.js +0 -43
package/dist/routes/account/verify-sms.d.ts +0 -38
package/dist/routes/account/verify-sms.js +0 -43
package/dist/routes/auth/index.d.ts +0 -19
package/dist/routes/auth/index.js +0 -64
package/dist/routes/auth/logout.d.ts +0 -31
package/dist/routes/auth/logout.js +0 -113
package/dist/routes/auth/nextauth.d.ts +0 -19
package/dist/routes/auth/nextauth.js +0 -72
package/dist/routes/auth/refresh.d.ts +0 -30
package/dist/routes/auth/refresh.js +0 -51
package/dist/routes/auth/session.d.ts +0 -43
package/dist/routes/auth/session.js +0 -179
package/dist/routes/auth/settings.d.ts +0 -25
package/dist/routes/auth/settings.js +0 -55
package/dist/routes/auth/viability.d.ts +0 -52
package/dist/routes/auth/viability.js +0 -201
package/dist/routes/index.d.ts +0 -12
package/dist/routes/index.js +0 -54
package/dist/routes/session/index.d.ts +0 -6
package/dist/routes/session/index.js +0 -10
package/dist/routes/session/refresh-viability.d.ts +0 -16
package/dist/routes/session/refresh-viability.js +0 -20
package/dist/server/auth-guard.d.ts +0 -46
package/dist/server/auth-guard.js +0 -128
package/dist/server/decode-session.d.ts +0 -30
package/dist/server/decode-session.js +0 -78
package/dist/server/slim-middleware.d.ts +0 -23
package/dist/server/slim-middleware.js +0 -89
package/dist/server/with-auth.d.ts +0 -33
package/dist/server/with-auth.js +0 -59
package/dist/services/signalrActivityService.d.ts +0 -44
package/dist/services/signalrActivityService.js +0 -257
package/dist/stores/authStore.d.ts +0 -154
package/dist/stores/authStore.js +0 -1531
package/dist/theme/ThemeProvider.d.ts +0 -14
package/dist/theme/ThemeProvider.js +0 -28
package/dist/theme/default.d.ts +0 -8
package/dist/theme/default.js +0 -33
package/dist/theme/index.d.ts +0 -15
package/dist/theme/index.js +0 -25
package/dist/theme/types.d.ts +0 -56
package/dist/theme/types.js +0 -8
package/dist/theme/useTheme.d.ts +0 -60
package/dist/theme/useTheme.js +0 -63
package/dist/theme/utils.d.ts +0 -13
package/dist/theme/utils.js +0 -39
package/dist/types/api.d.ts +0 -134
package/dist/types/api.js +0 -44
package/dist/types/auth.d.ts +0 -19
package/dist/types/auth.js +0 -2
package/dist/types/logging.d.ts +0 -42
package/dist/types/logging.js +0 -2
package/dist/types/recovery.d.ts +0 -48
package/dist/types/recovery.js +0 -2
package/dist/types/security.d.ts +0 -1
package/dist/types/security.js +0 -2
package/dist/utils/api.d.ts +0 -85
package/dist/utils/api.js +0 -287
package/dist/utils/circuitBreaker.d.ts +0 -43
package/dist/utils/circuitBreaker.js +0 -91
package/dist/utils/error-message.d.ts +0 -1
package/dist/utils/error-message.js +0 -103
package/dist/utils/layout/reservedSpace.d.ts +0 -59
package/dist/utils/layout/reservedSpace.js +0 -102
package/dist/utils/logout.d.ts +0 -14
package/dist/utils/logout.js +0 -32
package/dist/vibe/client.d.ts +0 -261
package/dist/vibe/client.js +0 -445
package/dist/vibe/enterprise-auth.d.ts +0 -106
package/dist/vibe/enterprise-auth.js +0 -173
package/dist/vibe/errors.d.ts +0 -83
package/dist/vibe/errors.js +0 -146
package/dist/vibe/generic.d.ts +0 -234
package/dist/vibe/generic.js +0 -369
package/dist/vibe/hooks/index.d.ts +0 -169
package/dist/vibe/hooks/index.js +0 -252
package/dist/vibe/index.d.ts +0 -25
package/dist/vibe/index.js +0 -72
package/dist/vibe/sessions.d.ts +0 -161
package/dist/vibe/sessions.js +0 -391
package/dist/vibe/types.d.ts +0 -353
package/dist/vibe/types.js +0 -315
package/src/auth/auth-options.ts +0 -237
package/src/auth/callbacks/index.ts +0 -7
package/src/auth/callbacks/jwt.ts +0 -382
package/src/auth/callbacks/session.ts +0 -243
package/src/auth/callbacks/signin.ts +0 -56
package/src/auth/events/index.ts +0 -5
package/src/auth/events/signout.ts +0 -33
package/src/auth/providers/credentials.ts +0 -256
package/src/auth/providers/index.ts +0 -6
package/src/auth/providers/oauth.ts +0 -114
package/src/lib/nextauth-secret.ts +0 -121
package/src/types/next-auth.d.ts +0 -15

package/dist/middleware/create-middleware.js DELETED Viewed

@@ -1,469 +0,0 @@
-"use strict";
-/**
- * MVP Middleware - Authentication & Route Protection
- *
- * Creates a Next.js middleware handler that protects routes based on:
- * - Authentication status (session cookie → Redis viability check)
- * - 2FA completion status
- * - RBAC permissions (if enabled)
- *
- * Usage: Export the result from your app's middleware.ts:
- *   export default createMvpMiddleware();
- *
- * With custom options:
- *   export default createMvpMiddleware({
- *     circuitBreaker: myCircuitBreaker,
- *     logger: myLogger,
- *     viabilityEndpoint: '/api/session/refresh-viability',
- *   });
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createMvpMiddleware = createMvpMiddleware;
-const server_1 = require("next/server");
-const route_config_1 = require("../auth/route-config");
-const internal_api_url_1 = require("../edge/internal-api-url");
-const app_slug_1 = require("../lib/app-slug");
-const rbac_check_1 = require("./rbac-check");
-// =============================================================================
-// DEFAULT IMPLEMENTATIONS
-// =============================================================================
-/** Default no-op circuit breaker (always closed) */
-const defaultCircuitBreaker = {
-    isOpen: () => false,
-    canAttemptRefresh: () => true,
-    recordSuccess: () => { },
-    recordFailure: () => { },
-    isNetworkError: (error) => {
-        return error?.cause?.code === 'ECONNREFUSED' ||
-            error?.code === 'ECONNREFUSED' ||
-            error?.message?.includes('ECONNREFUSED') ||
-            error?.message?.includes('fetch failed') ||
-            error?.message?.includes('ENOTFOUND') ||
-            error?.message?.includes('ETIMEDOUT') ||
-            error?.message?.includes('ECONNRESET');
-    }
-};
-/** Default console logger */
-const defaultLogger = {
-    info: (msg, data) => console.log(`[MIDDLEWARE] ${msg}`, data || ''),
-    warn: (msg, data) => console.warn(`[MIDDLEWARE] ${msg}`, data || ''),
-    error: (msg, data) => console.error(`[MIDDLEWARE] ${msg}`, data || ''),
-};
-// =============================================================================
-// HELPERS
-// =============================================================================
-const LOGIN_PAGE = '/account-auth/login';
-const VERIFY_CODE_PAGE = '/account-auth/verify-code';
-function isLoginPage(pathname) {
-    return pathname === LOGIN_PAGE;
-}
-/** Ensures callback URLs never point to auth pages (prevents redirect loops) */
-function getSafeCallbackUrl(pathname, searchParams) {
-    if (pathname.startsWith('/account-auth/')) {
-        return '/';
-    }
-    const existing = searchParams?.get('callbackUrl');
-    if (existing && !existing.startsWith('/account-auth/')) {
-        return existing;
-    }
-    return pathname;
-}
-/** Clear all session cookies on a response */
-function clearSessionCookies(response, request) {
-    const sessionCookie = (0, app_slug_1.getSessionCookieName)();
-    const secureCookie = (0, app_slug_1.getSecureSessionCookieName)();
-    // Clear main cookies
-    response.cookies.set(sessionCookie, '', { path: '/', expires: new Date(0), httpOnly: true, sameSite: 'lax' });
-    response.cookies.set(secureCookie, '', { path: '/', expires: new Date(0), httpOnly: true, sameSite: 'lax', secure: true });
-    // Clear any chunked cookies (NextAuth chunks large cookies)
-    for (const [name] of request.cookies) {
-        if (name.startsWith(`${sessionCookie}.`) || name.startsWith(`${secureCookie}.`)) {
-            const isSecure = name.startsWith('__Secure-');
-            response.cookies.set(name, '', {
-                path: '/',
-                expires: new Date(0),
-                httpOnly: true,
-                sameSite: 'lax',
-                ...(isSecure && { secure: true })
-            });
-        }
-    }
-}
-/** Create redirect response, optionally clearing cookies */
-function redirectTo(request, location, clearCookies = false) {
-    const response = server_1.NextResponse.redirect(new URL(location, request.url));
-    if (clearCookies) {
-        clearSessionCookies(response, request);
-    }
-    return response;
-}
-// =============================================================================
-// AUTH DECISION ENGINE
-// =============================================================================
-/**
- * Pure function that determines what action to take based on auth state.
- * No side effects - just examines context and returns a decision.
- */
-function makeAuthDecision(ctx) {
-    const { pathname, isPublicRoute, isLoginPage: onLoginPage, searchParams, sessionPointer, sessionStatus, circuitBreakerOpen } = ctx;
-    const safeCallback = getSafeCallbackUrl(pathname);
-    // --- Public routes: Allow, but enforce 2FA for authenticated users ---
-    if (isPublicRoute && !onLoginPage) {
-        if (needsTwoFactorRedirect(pathname, sessionPointer, sessionStatus)) {
-            return redirect2FA(safeCallback);
-        }
-        return { type: 'allow' };
-    }
-    // --- Circuit breaker open: Service degraded ---
-    if (circuitBreakerOpen) {
-        if (onLoginPage)
-            return { type: 'allow' };
-        return {
-            type: 'redirect',
-            location: `${LOGIN_PAGE}?error=ServiceUnavailable`,
-            reason: 'circuit_breaker_open',
-            clearCookies: true
-        };
-    }
-    // --- No session cookie: Need to login ---
-    if (!sessionPointer.exists) {
-        if (onLoginPage)
-            return { type: 'allow' };
-        if (pathname === '/') {
-            const unauthUrl = process.env.UNAUTHENTICATED_REDIRECT_URL || '/account-auth/login';
-            return { type: 'redirect', location: unauthUrl, reason: 'unauthenticated_root' };
-        }
-        if (pathname.startsWith('/api/')) {
-            return { type: 'allow' }; // Let API return proper 401 JSON
-        }
-        return {
-            type: 'redirect',
-            location: `${LOGIN_PAGE}?callbackUrl=${encodeURIComponent(safeCallback)}`,
-            reason: 'no_session'
-        };
-    }
-    // --- Service error: Can't verify session ---
-    if (sessionStatus.exists === null || sessionStatus.forceInvalid === null) {
-        return { type: 'service_error', reason: 'viability_check_failed' };
-    }
-    // --- Session force-invalidated (admin action, password change, etc.) ---
-    if (sessionStatus.forceInvalid) {
-        if (onLoginPage)
-            return { type: 'allow' };
-        if (pathname.startsWith('/api/'))
-            return { type: 'allow' };
-        return {
-            type: 'redirect',
-            location: `${LOGIN_PAGE}?callbackUrl=${encodeURIComponent(safeCallback)}&reason=invalidated`,
-            reason: 'force_invalidated',
-            clearCookies: true
-        };
-    }
-    // --- Stale session (cookie exists but Redis entry gone) ---
-    if (!sessionStatus.exists) {
-        if (onLoginPage)
-            return { type: 'allow' };
-        if (pathname.startsWith('/api/'))
-            return { type: 'allow' };
-        return {
-            type: 'redirect',
-            location: `${LOGIN_PAGE}?callbackUrl=${encodeURIComponent(safeCallback)}&reason=stale`,
-            reason: 'stale_session',
-            clearCookies: true
-        };
-    }
-    // --- 2FA required but not completed ---
-    if (needsTwoFactorRedirect(pathname, sessionPointer, sessionStatus)) {
-        if (onLoginPage) {
-            const cb = getSafeCallbackUrl(pathname, searchParams);
-            return { type: 'redirect', location: `${VERIFY_CODE_PAGE}?callbackUrl=${encodeURIComponent(cb)}`, reason: '2fa_from_login' };
-        }
-        return redirect2FA(safeCallback);
-    }
-    // --- Token expired: Try refresh ---
-    if (sessionPointer.expired) {
-        if (onLoginPage)
-            return { type: 'allow' };
-        if (sessionPointer.hasRefreshToken) {
-            return { type: 'refresh_needed' };
-        }
-        return {
-            type: 'redirect',
-            location: `${LOGIN_PAGE}?callbackUrl=${encodeURIComponent(safeCallback)}&error=SessionExpired`,
-            reason: 'token_expired_no_refresh'
-        };
-    }
-    // --- Authenticated user on login page: Send to their destination ---
-    if (onLoginPage) {
-        const dest = getSafeCallbackUrl(pathname, searchParams);
-        return { type: 'redirect', location: dest, reason: 'already_authenticated' };
-    }
-    // --- All checks passed ---
-    return { type: 'allow' };
-}
-/** Check if user needs 2FA redirect */
-function needsTwoFactorRedirect(pathname, session, status) {
-    if (!session.exists || !status.exists)
-        return false;
-    if (!status.requires2FA || status.twoFactorComplete)
-        return false;
-    if (pathname === VERIFY_CODE_PAGE)
-        return false;
-    if ((0, route_config_1.should2FABypass)(pathname))
-        return false;
-    if (pathname.startsWith('/api/'))
-        return false; // APIs return JSON errors
-    return true;
-}
-function redirect2FA(callbackUrl) {
-    return {
-        type: 'redirect',
-        location: `${VERIFY_CODE_PAGE}?callbackUrl=${encodeURIComponent(callbackUrl)}`,
-        reason: '2fa_required'
-    };
-}
-// =============================================================================
-// MIDDLEWARE FACTORY
-// =============================================================================
-function createMvpMiddleware(options = {}) {
-    // Resolve options with defaults
-    const cb = options.circuitBreaker || defaultCircuitBreaker;
-    const log = options.logger || defaultLogger;
-    const viabilityEndpoint = options.viabilityEndpoint || '/api/session/viability';
-    const refreshEndpoint = options.refreshEndpoint || '/api/auth/refresh';
-    const bypassPaths = options.bypassPaths || [];
-    const rbacExemptPaths = options.rbacExemptPaths || [];
-    return async function middleware(request) {
-        const { pathname, searchParams } = request.nextUrl;
-        // =========================================================================
-        // CRITICAL: Auth routes MUST bypass middleware
-        // =========================================================================
-        // These routes are called internally by middleware itself (viability check,
-        // token refresh). Without this bypass, we get infinite loops or 403s.
-        // This has caused production outages. DO NOT REMOVE.
-        // =========================================================================
-        if (pathname.startsWith('/api/auth/') || pathname.startsWith('/api/session/')) {
-            return server_1.NextResponse.next();
-        }
-        // Check custom bypass paths
-        for (const bypassPath of bypassPaths) {
-            if (pathname.startsWith(bypassPath)) {
-                return server_1.NextResponse.next();
-            }
-        }
-        const isPublic = (0, route_config_1.isUnauthenticatedRoute)(pathname);
-        const isLogin = isLoginPage(pathname);
-        // --- Optimization: Skip viability check for unauthenticated public browsing ---
-        if (isPublic && !isLogin) {
-            const hasCookie = request.cookies.get((0, app_slug_1.getSessionCookieName)())?.value ||
-                request.cookies.get((0, app_slug_1.getSecureSessionCookieName)())?.value;
-            if (!hasCookie) {
-                return server_1.NextResponse.next();
-            }
-            // Has cookie - continue to viability check for 2FA enforcement
-        }
-        // --- Fetch session viability from internal API ---
-        const { sessionStatus, sessionPointer } = await checkViability(request, viabilityEndpoint, log);
-        // --- Handle stale session early (cookie exists but session doesn't) ---
-        if (!isPublic && sessionStatus.exists === false && sessionPointer.sessionToken) {
-            const safeCallback = getSafeCallbackUrl(pathname);
-            log.warn('Stale session detected', {
-                sessionToken: sessionPointer.sessionToken?.substring(0, 8) + '...',
-                pathname
-            });
-            return redirectTo(request, `${LOGIN_PAGE}?callbackUrl=${encodeURIComponent(safeCallback)}`, true);
-        }
-        // --- Run decision engine ---
-        const decision = makeAuthDecision({
-            pathname,
-            isPublicRoute: isPublic,
-            isLoginPage: isLogin,
-            searchParams,
-            sessionPointer,
-            sessionStatus,
-            circuitBreakerOpen: cb.isOpen(),
-        });
-        // --- Execute decision ---
-        return executeDecision(request, decision, pathname, sessionPointer, sessionStatus, {
-            circuitBreaker: cb,
-            logger: log,
-            refreshEndpoint,
-            rbacExemptPaths,
-            onRefreshSuccess: options.onRefreshSuccess,
-            onRefreshFailure: options.onRefreshFailure,
-        });
-    };
-}
-/** Check session viability via internal API */
-async function checkViability(request, endpoint, log) {
-    const sessionStatus = {
-        exists: false,
-        forceInvalid: false,
-        requires2FA: false,
-        twoFactorComplete: false,
-    };
-    const sessionPointer = {
-        exists: false,
-        sessionToken: undefined,
-        expired: false,
-        hasRefreshToken: false,
-        roles: [],
-        clientId: '',
-    };
-    try {
-        const baseUrl = (0, internal_api_url_1.getInternalApiUrl)(request);
-        const response = await fetch(new URL(endpoint, baseUrl), {
-            method: 'GET',
-            headers: {
-                'Accept': 'application/json',
-                'Cache-Control': 'no-store',
-                'Cookie': request.headers.get('cookie') || ''
-            },
-            credentials: 'include',
-            signal: AbortSignal.timeout(5000),
-        });
-        if (response.ok) {
-            const data = await response.json();
-            // Support both response formats (viability and refresh-viability)
-            sessionStatus.exists = data.authenticated ?? (data.sessionToken && data.reason !== 'session_not_found');
-            sessionStatus.requires2FA = data.requires2FA || false;
-            sessionStatus.twoFactorComplete = data.twoFactorComplete || false;
-            sessionPointer.exists = sessionStatus.exists ?? false;
-            sessionPointer.sessionToken = data.sessionToken;
-            sessionPointer.expired = data.accessTokenExpired || false;
-            sessionPointer.hasRefreshToken = data.hasRefreshToken ?? data.canRefresh ?? false;
-            sessionPointer.roles = data.roles || [];
-            sessionPointer.clientId = data.clientId || '';
-        }
-        else {
-            log.error('Viability check failed', { status: response.status });
-            sessionStatus.exists = null;
-            sessionStatus.forceInvalid = null;
-        }
-    }
-    catch (error) {
-        log.error('Viability check error', { error: error instanceof Error ? error.message : String(error) });
-        sessionStatus.exists = null;
-        sessionStatus.forceInvalid = null;
-    }
-    return { sessionStatus, sessionPointer };
-}
-/** Execute the auth decision */
-async function executeDecision(request, decision, pathname, sessionPointer, sessionStatus, opts) {
-    const safeCallback = getSafeCallbackUrl(pathname);
-    switch (decision.type) {
-        case 'allow':
-            return handleAllow(request, pathname, sessionPointer, sessionStatus, opts.rbacExemptPaths);
-        case 'redirect':
-            return redirectTo(request, decision.location, decision.clearCookies);
-        case 'service_error':
-            return server_1.NextResponse.redirect(new URL('/service-unavailable', request.url));
-        case 'refresh_needed':
-            return handleRefresh(request, safeCallback, opts);
-    }
-}
-/** Paths that must never be RBAC-checked (they are RBAC redirect targets) */
-const RBAC_EXEMPT_PATHS = ['/error', '/unauthorized', '/service-unavailable'];
-/** Handle 'allow' decision - run RBAC if enabled */
-async function handleAllow(request, pathname, sessionPointer, sessionStatus, rbacExemptPaths = []) {
-    const isPublic = (0, route_config_1.isUnauthenticatedRoute)(pathname);
-    if ((0, rbac_check_1.isRBACEnabled)() && !isPublic && sessionPointer.exists) {
-        // Skip RBAC for error/fallback pages (prevent redirect loops) and app-configured exempt paths
-        if (RBAC_EXEMPT_PATHS.some(p => pathname.startsWith(p)) ||
-            rbacExemptPaths.some(p => pathname.startsWith(p))) {
-            return server_1.NextResponse.next();
-        }
-        if (!sessionPointer.clientId) {
-            console.error('[MIDDLEWARE] RBAC: No clientId — returning 401');
-            if (pathname.startsWith('/api/')) {
-                return server_1.NextResponse.json({ error: 'Unauthorized — missing clientId for RBAC' }, { status: 401 });
-            }
-            return server_1.NextResponse.redirect(new URL('/unauthorized', request.url));
-        }
-        try {
-            const result = await (0, rbac_check_1.checkPagePermission)(pathname, sessionPointer.roles, sessionPointer.clientId);
-            if (!result.allowed) {
-                console.log('[MIDDLEWARE] RBAC denied:', { pathname, reason: result.reason });
-                // In development, fail open - RBAC API may not be fully configured
-                if (process.env.NODE_ENV !== 'production') {
-                    console.warn('[MIDDLEWARE] RBAC: Allowing in development despite denial:', result.reason);
-                    return server_1.NextResponse.next();
-                }
-                return server_1.NextResponse.redirect(new URL(result.redirect || '/unauthorized', request.url));
-            }
-            if (result.requires_2fa && !sessionStatus.twoFactorComplete) {
-                return server_1.NextResponse.redirect(new URL(`${VERIFY_CODE_PAGE}?callbackUrl=${encodeURIComponent(pathname)}`, request.url));
-            }
-        }
-        catch (error) {
-            console.error('[MIDDLEWARE] RBAC error:', error);
-            // In development, fail open
-            if (process.env.NODE_ENV !== 'production') {
-                console.warn('[MIDDLEWARE] RBAC: Allowing in development despite error');
-                return server_1.NextResponse.next();
-            }
-            return server_1.NextResponse.redirect(new URL('/error?code=rbac_error', request.url));
-        }
-    }
-    return server_1.NextResponse.next();
-}
-/** Handle token refresh */
-async function handleRefresh(request, safeCallback, opts) {
-    const { circuitBreaker: cb, logger: log, refreshEndpoint, onRefreshSuccess, onRefreshFailure } = opts;
-    // Check if circuit breaker allows refresh attempt
-    if (!cb.canAttemptRefresh()) {
-        log.warn('Circuit breaker preventing refresh attempt');
-        return redirectTo(request, `${LOGIN_PAGE}?callbackUrl=${encodeURIComponent(safeCallback)}&error=ServiceUnavailable`, true);
-    }
-    try {
-        const baseUrl = (0, internal_api_url_1.getInternalApiUrl)(request);
-        const response = await fetch(new URL(refreshEndpoint, baseUrl), {
-            method: 'POST',
-            headers: {
-                'Accept': 'application/json',
-                'Content-Type': 'application/json',
-                'Cookie': request.headers.get('cookie') || '',
-                'x-session-token': request.cookies.get((0, app_slug_1.getSessionCookieName)())?.value ||
-                    request.cookies.get((0, app_slug_1.getSecureSessionCookieName)())?.value || ''
-            },
-            credentials: 'include',
-            signal: AbortSignal.timeout(5000),
-        });
-        if (response.ok) {
-            const data = await response.json();
-            if (data.refreshed || data.reason === 'already_fresh') {
-                cb.recordSuccess();
-                onRefreshSuccess?.();
-                log.info('Token refresh successful');
-                return server_1.NextResponse.next();
-            }
-        }
-        // Refresh failed - check for permanent failures (401/403) vs transient (5xx)
-        // CRITICAL: Always clear cookies on 401/403 to prevent redirect loops
-        // CRITICAL: Only record circuit breaker failures for network errors, not HTTP errors
-        // HTTP 500 means the server responded - it's reachable. Only network failures should trip the breaker.
-        const isPermanentFailure = response.status === 401 || response.status === 403;
-        const errorParam = isPermanentFailure ? 'SessionExpired' : 'RefreshError';
-        log.warn('Refresh failed', {
-            status: response.status,
-            isPermanentFailure,
-            clearingCookies: isPermanentFailure
-        });
-        onRefreshFailure?.(response.status, false);
-        return redirectTo(request, `${LOGIN_PAGE}?callbackUrl=${encodeURIComponent(safeCallback)}&error=${errorParam}`, isPermanentFailure);
-    }
-    catch (error) {
-        const isNetwork = cb.isNetworkError(error);
-        log.error('Refresh error', {
-            error: error instanceof Error ? error.message : String(error),
-            isNetworkError: isNetwork
-        });
-        // Only record circuit breaker failure for actual network errors
-        if (isNetwork) {
-            cb.recordFailure(error);
-        }
-        onRefreshFailure?.(0, isNetwork);
-        // Network error - don't clear cookies, might be transient
-        return redirectTo(request, `${LOGIN_PAGE}?callbackUrl=${encodeURIComponent(safeCallback)}&error=RefreshError`, false);
-    }
-}

package/dist/middleware/rbac-check.d.ts DELETED Viewed

@@ -1,51 +0,0 @@
-/**
- * Page RBAC Check Module
- *
- * Checks page-level permissions via Vibe API through the IDP Proxy.
- * Uses in-memory cache to reduce API calls.
- * Fails closed (DENY) on errors or timeout.
- *
- * All requests route through the IDP Vibe Proxy ({IDP_URL}/api/vibe/proxy)
- * which injects proper HMAC credentials for the Vibe API.
- *
- * @version 2.0.0
- * @since page-rbac-2026-01
- */
-export interface RBACResult {
-    allowed: boolean;
-    requires_2fa?: boolean;
-    requires_elevated_auth?: boolean;
-    reason?: string;
-    required_roles?: string[];
-    required_claims?: Array<{
-        type: string;
-        value: string;
-    }>;
-    matched_rule?: string;
-    redirect?: string;
-    cache_ttl?: number;
-}
-/**
- * Clear cache (for testing or config changes).
- */
-export declare function clearRBACCache(): void;
-/**
- * Check if user has permission to access a page.
- *
- * Routes through IDP Vibe Proxy ({IDP_URL}/api/vibe/proxy) which injects
- * proper HMAC credentials. The Vibe RBAC endpoint requires client context
- * that only the proxy can provide.
- *
- * FAIL CLOSED: If proxy is unreachable or times out, access is DENIED.
- *
- * @param path - The route path to check
- * @param userRoles - User's roles from session
- * @param clientId - Client slug for multi-tenancy
- * @param userClaims - Optional claims for claim-based authorization
- * @returns RBAC result with allowed/denied status
- */
-export declare function checkPagePermission(path: string, userRoles: string[], clientId: string, userClaims?: Record<string, string>): Promise<RBACResult>;
-/**
- * Check if RBAC is enabled for this deployment.
- */
-export declare function isRBACEnabled(): boolean;