npm - @payez/next-mvp - Versions diffs - 3.9.1 → 4.0.1 - Mend

@payez/next-mvp 3.9.1 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (526) hide show

package/package.json +6 -18
package/src/api/auth-handler.ts +550 -549
package/src/api-handlers/account/change-password.ts +5 -8
package/src/api-handlers/admin/analytics.ts +4 -6
package/src/api-handlers/admin/audit.ts +5 -7
package/src/api-handlers/admin/index.ts +1 -2
package/src/api-handlers/admin/redis-sessions.ts +6 -8
package/src/api-handlers/admin/sessions.ts +5 -7
package/src/api-handlers/admin/site-logs.ts +8 -10
package/src/api-handlers/admin/stats.ts +4 -6
package/src/api-handlers/admin/users.ts +5 -7
package/src/api-handlers/admin/vibe-data.ts +10 -12
package/src/api-handlers/auth/refresh.ts +5 -7
package/src/api-handlers/auth/signout.ts +5 -6
package/src/api-handlers/auth/status.ts +4 -7
package/src/api-handlers/auth/update-session.ts +123 -125
package/src/api-handlers/auth/verify-code.ts +9 -13
package/src/api-handlers/session/viability.ts +10 -47
package/src/api-handlers/test/force-expire.ts +4 -11
package/src/auth/auth-decision.ts +1 -1
package/src/auth/better-auth.ts +138 -141
package/src/auth/route-config.ts +219 -219
package/src/auth/utils/token-utils.ts +0 -1
package/src/client/AuthContext.tsx +6 -2
package/src/client/fetch-with-auth.ts +47 -47
package/src/components/SessionSync.tsx +6 -5
package/src/components/account/MobileNavDrawer.tsx +3 -3
package/src/components/account/UserAvatarMenu.tsx +6 -3
package/src/components/admin/VibeAdminLayout.tsx +4 -2
package/src/config/logger.ts +1 -1
package/src/hooks/useAuth.ts +117 -115
package/src/hooks/useAuthSettings.ts +2 -2
package/src/hooks/useAvailableProviders.ts +9 -5
package/src/hooks/useSessionExpiration.ts +101 -102
package/src/hooks/useViabilitySession.ts +336 -335
package/src/index.ts +60 -63
package/src/lib/api-handler.ts +0 -1
package/src/lib/app-slug.ts +6 -6
package/src/lib/standardized-client-api.ts +901 -895
package/src/lib/startup-init.ts +243 -247
package/src/lib/test-aware-get-token.ts +22 -12
package/src/lib/token-lifecycle.ts +12 -53
package/src/pages/admin-login/page.tsx +9 -17
package/src/pages/client-admin/ClientSiteAdminPage.tsx +4 -2
package/src/pages/login/page.tsx +21 -28
package/src/pages/showcase/ShowcasePage.tsx +4 -2
package/src/pages/test-env/EmergencyLogoutPage.tsx +7 -6
package/src/pages/test-env/JwtInspectPage.tsx +5 -3
package/src/pages/test-env/RefreshTokenPage.tsx +157 -155
package/src/pages/test-env/TestEnvPage.tsx +4 -2
package/src/pages/verify-code/page.tsx +10 -6
package/src/routes/auth/logout.ts +7 -25
package/src/routes/auth/nextauth.ts +45 -71
package/src/routes/auth/session.ts +25 -50
package/src/routes/auth/viability.ts +7 -19
package/src/server/auth.ts +60 -0
package/src/stores/authStore.ts +1899 -1904
package/src/utils/logout.ts +30 -30
package/dist/api/auth-handler.d.ts +0 -67
package/dist/api/auth-handler.js +0 -397
package/dist/api/index.d.ts +0 -10
package/dist/api/index.js +0 -19
package/dist/api-handlers/account/change-password.d.ts +0 -9
package/dist/api-handlers/account/change-password.js +0 -112
package/dist/api-handlers/account/masked-info.d.ts +0 -2
package/dist/api-handlers/account/masked-info.js +0 -41
package/dist/api-handlers/account/profile.d.ts +0 -3
package/dist/api-handlers/account/profile.js +0 -63
package/dist/api-handlers/account/recovery/initiate.d.ts +0 -2
package/dist/api-handlers/account/recovery/initiate.js +0 -26
package/dist/api-handlers/account/recovery/send-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/send-code.js +0 -28
package/dist/api-handlers/account/recovery/verify-code.d.ts +0 -2
package/dist/api-handlers/account/recovery/verify-code.js +0 -28
package/dist/api-handlers/account/reset-password.d.ts +0 -2
package/dist/api-handlers/account/reset-password.js +0 -26
package/dist/api-handlers/account/send-code.d.ts +0 -24
package/dist/api-handlers/account/send-code.js +0 -60
package/dist/api-handlers/account/update-phone.d.ts +0 -27
package/dist/api-handlers/account/update-phone.js +0 -64
package/dist/api-handlers/account/validate-password.d.ts +0 -17
package/dist/api-handlers/account/validate-password.js +0 -81
package/dist/api-handlers/account/verify-email.d.ts +0 -26
package/dist/api-handlers/account/verify-email.js +0 -106
package/dist/api-handlers/account/verify-sms.d.ts +0 -26
package/dist/api-handlers/account/verify-sms.js +0 -106
package/dist/api-handlers/admin/analytics.d.ts +0 -20
package/dist/api-handlers/admin/analytics.js +0 -379
package/dist/api-handlers/admin/audit.d.ts +0 -20
package/dist/api-handlers/admin/audit.js +0 -214
package/dist/api-handlers/admin/index.d.ts +0 -22
package/dist/api-handlers/admin/index.js +0 -43
package/dist/api-handlers/admin/redis-sessions.d.ts +0 -36
package/dist/api-handlers/admin/redis-sessions.js +0 -204
package/dist/api-handlers/admin/sessions.d.ts +0 -21
package/dist/api-handlers/admin/sessions.js +0 -284
package/dist/api-handlers/admin/site-logs.d.ts +0 -46
package/dist/api-handlers/admin/site-logs.js +0 -318
package/dist/api-handlers/admin/stats.d.ts +0 -21
package/dist/api-handlers/admin/stats.js +0 -240
package/dist/api-handlers/admin/users.d.ts +0 -20
package/dist/api-handlers/admin/users.js +0 -222
package/dist/api-handlers/admin/vibe-data.d.ts +0 -80
package/dist/api-handlers/admin/vibe-data.js +0 -268
package/dist/api-handlers/anon/preferences.d.ts +0 -37
package/dist/api-handlers/anon/preferences.js +0 -96
package/dist/api-handlers/auth/jwks.d.ts +0 -2
package/dist/api-handlers/auth/jwks.js +0 -24
package/dist/api-handlers/auth/login.d.ts +0 -42
package/dist/api-handlers/auth/login.js +0 -178
package/dist/api-handlers/auth/refresh.d.ts +0 -74
package/dist/api-handlers/auth/refresh.js +0 -635
package/dist/api-handlers/auth/signout.d.ts +0 -37
package/dist/api-handlers/auth/signout.js +0 -187
package/dist/api-handlers/auth/status.d.ts +0 -8
package/dist/api-handlers/auth/status.js +0 -26
package/dist/api-handlers/auth/update-session.d.ts +0 -37
package/dist/api-handlers/auth/update-session.js +0 -95
package/dist/api-handlers/auth/validate.d.ts +0 -6
package/dist/api-handlers/auth/validate.js +0 -43
package/dist/api-handlers/auth/verify-code.d.ts +0 -43
package/dist/api-handlers/auth/verify-code.js +0 -94
package/dist/api-handlers/session/refresh-viability.d.ts +0 -14
package/dist/api-handlers/session/refresh-viability.js +0 -39
package/dist/api-handlers/session/viability.d.ts +0 -13
package/dist/api-handlers/session/viability.js +0 -146
package/dist/api-handlers/test/force-expire.d.ts +0 -23
package/dist/api-handlers/test/force-expire.js +0 -65
package/dist/auth/auth-decision.d.ts +0 -39
package/dist/auth/auth-decision.js +0 -182
package/dist/auth/auth-options.d.ts +0 -57
package/dist/auth/auth-options.js +0 -213
package/dist/auth/better-auth.d.ts +0 -82
package/dist/auth/better-auth.js +0 -122
package/dist/auth/callbacks/index.d.ts +0 -6
package/dist/auth/callbacks/index.js +0 -12
package/dist/auth/callbacks/jwt.d.ts +0 -45
package/dist/auth/callbacks/jwt.js +0 -305
package/dist/auth/callbacks/session.d.ts +0 -60
package/dist/auth/callbacks/session.js +0 -170
package/dist/auth/callbacks/signin.d.ts +0 -23
package/dist/auth/callbacks/signin.js +0 -44
package/dist/auth/events/index.d.ts +0 -4
package/dist/auth/events/index.js +0 -8
package/dist/auth/events/signout.d.ts +0 -17
package/dist/auth/events/signout.js +0 -32
package/dist/auth/providers/credentials.d.ts +0 -32
package/dist/auth/providers/credentials.js +0 -223
package/dist/auth/providers/index.d.ts +0 -5
package/dist/auth/providers/index.js +0 -21
package/dist/auth/providers/oauth.d.ts +0 -26
package/dist/auth/providers/oauth.js +0 -105
package/dist/auth/route-config.d.ts +0 -66
package/dist/auth/route-config.js +0 -190
package/dist/auth/types/auth-types.d.ts +0 -417
package/dist/auth/types/auth-types.js +0 -53
package/dist/auth/types/index.d.ts +0 -6
package/dist/auth/types/index.js +0 -22
package/dist/auth/unauthenticated-routes.d.ts +0 -1
package/dist/auth/unauthenticated-routes.js +0 -19
package/dist/auth/utils/idp-client.d.ts +0 -94
package/dist/auth/utils/idp-client.js +0 -384
package/dist/auth/utils/index.d.ts +0 -5
package/dist/auth/utils/index.js +0 -21
package/dist/auth/utils/token-utils.d.ts +0 -84
package/dist/auth/utils/token-utils.js +0 -219
package/dist/client/AuthContext.d.ts +0 -19
package/dist/client/AuthContext.js +0 -112
package/dist/client/better-auth-client.d.ts +0 -1020
package/dist/client/better-auth-client.js +0 -68
package/dist/client/fetch-with-auth.d.ts +0 -11
package/dist/client/fetch-with-auth.js +0 -44
package/dist/client/fetchWithSession.d.ts +0 -3
package/dist/client/fetchWithSession.js +0 -24
package/dist/client/index.d.ts +0 -9
package/dist/client/index.js +0 -20
package/dist/client/useAnonSession.d.ts +0 -36
package/dist/client/useAnonSession.js +0 -99
package/dist/components/SessionSync.d.ts +0 -13
package/dist/components/SessionSync.js +0 -119
package/dist/components/SignalRHealthCheck.d.ts +0 -10
package/dist/components/SignalRHealthCheck.js +0 -97
package/dist/components/account/MobileNavDrawer.d.ts +0 -32
package/dist/components/account/MobileNavDrawer.js +0 -81
package/dist/components/account/UserAvatarMenu.d.ts +0 -20
package/dist/components/account/UserAvatarMenu.js +0 -88
package/dist/components/account/index.d.ts +0 -9
package/dist/components/account/index.js +0 -13
package/dist/components/admin/AlertSettingsTab.d.ts +0 -48
package/dist/components/admin/AlertSettingsTab.js +0 -351
package/dist/components/admin/AnalyticsTab.d.ts +0 -22
package/dist/components/admin/AnalyticsTab.js +0 -167
package/dist/components/admin/DataBrowserTab.d.ts +0 -19
package/dist/components/admin/DataBrowserTab.js +0 -252
package/dist/components/admin/LoggingSettingsTab.d.ts +0 -73
package/dist/components/admin/LoggingSettingsTab.js +0 -339
package/dist/components/admin/SessionsTab.d.ts +0 -37
package/dist/components/admin/SessionsTab.js +0 -165
package/dist/components/admin/StatsTab.d.ts +0 -53
package/dist/components/admin/StatsTab.js +0 -161
package/dist/components/admin/VibeAdminContext.d.ts +0 -32
package/dist/components/admin/VibeAdminContext.js +0 -38
package/dist/components/admin/VibeAdminLayout.d.ts +0 -11
package/dist/components/admin/VibeAdminLayout.js +0 -69
package/dist/components/admin/index.d.ts +0 -29
package/dist/components/admin/index.js +0 -44
package/dist/components/auth/FederatedAuthSection.d.ts +0 -8
package/dist/components/auth/FederatedAuthSection.js +0 -45
package/dist/components/auth/ModeAwareLoginPage.d.ts +0 -10
package/dist/components/auth/ModeAwareLoginPage.js +0 -42
package/dist/components/auth/ModeAwareSignupPage.d.ts +0 -9
package/dist/components/auth/ModeAwareSignupPage.js +0 -78
package/dist/components/auth/TraditionalAuthSection.d.ts +0 -14
package/dist/components/auth/TraditionalAuthSection.js +0 -20
package/dist/components/recovery/CompleteStep.d.ts +0 -5
package/dist/components/recovery/CompleteStep.js +0 -8
package/dist/components/recovery/InitiateRecoveryStep.d.ts +0 -8
package/dist/components/recovery/InitiateRecoveryStep.js +0 -20
package/dist/components/recovery/SelectMethodStep.d.ts +0 -8
package/dist/components/recovery/SelectMethodStep.js +0 -8
package/dist/components/recovery/SetPasswordStep.d.ts +0 -6
package/dist/components/recovery/SetPasswordStep.js +0 -20
package/dist/components/recovery/VerifyCodeStep.d.ts +0 -10
package/dist/components/recovery/VerifyCodeStep.js +0 -24
package/dist/components/reserved/ReservedRecoveryWarning.d.ts +0 -38
package/dist/components/reserved/ReservedRecoveryWarning.js +0 -92
package/dist/components/reserved/ReservedStatusBox.d.ts +0 -30
package/dist/components/reserved/ReservedStatusBox.js +0 -71
package/dist/components/ui/BetaBadge.d.ts +0 -29
package/dist/components/ui/BetaBadge.js +0 -38
package/dist/components/ui/Footer.d.ts +0 -37
package/dist/components/ui/Footer.js +0 -41
package/dist/config/env.d.ts +0 -66
package/dist/config/env.js +0 -57
package/dist/config/logger.d.ts +0 -57
package/dist/config/logger.js +0 -73
package/dist/config/logging-config.d.ts +0 -30
package/dist/config/logging-config.js +0 -122
package/dist/config/unauthenticated-routes.d.ts +0 -17
package/dist/config/unauthenticated-routes.js +0 -24
package/dist/config/vibe-log-transport.d.ts +0 -81
package/dist/config/vibe-log-transport.js +0 -212
package/dist/edge/internal-api-url.d.ts +0 -53
package/dist/edge/internal-api-url.js +0 -63
package/dist/edge/middleware.d.ts +0 -14
package/dist/edge/middleware.js +0 -32
package/dist/hooks/useAuth.d.ts +0 -23
package/dist/hooks/useAuth.js +0 -81
package/dist/hooks/useAuthSettings.d.ts +0 -59
package/dist/hooks/useAuthSettings.js +0 -93
package/dist/hooks/useAvailableProviders.d.ts +0 -45
package/dist/hooks/useAvailableProviders.js +0 -108
package/dist/hooks/usePasswordValidation.d.ts +0 -27
package/dist/hooks/usePasswordValidation.js +0 -102
package/dist/hooks/useProfile.d.ts +0 -15
package/dist/hooks/useProfile.js +0 -59
package/dist/hooks/usePublicAuthSettings.d.ts +0 -56
package/dist/hooks/usePublicAuthSettings.js +0 -131
package/dist/hooks/useSessionExpiration.d.ts +0 -57
package/dist/hooks/useSessionExpiration.js +0 -72
package/dist/hooks/useViabilitySession.d.ts +0 -75
package/dist/hooks/useViabilitySession.js +0 -268
package/dist/index.d.ts +0 -12
package/dist/index.js +0 -55
package/dist/lib/anon-session.d.ts +0 -74
package/dist/lib/anon-session.js +0 -169
package/dist/lib/api-handler.d.ts +0 -123
package/dist/lib/api-handler.js +0 -478
package/dist/lib/app-slug.d.ts +0 -95
package/dist/lib/app-slug.js +0 -172
package/dist/lib/demo-mode.d.ts +0 -6
package/dist/lib/demo-mode.js +0 -16
package/dist/lib/geolocation.d.ts +0 -64
package/dist/lib/geolocation.js +0 -235
package/dist/lib/idp-client-config.d.ts +0 -75
package/dist/lib/idp-client-config.js +0 -425
package/dist/lib/idp-fetch.d.ts +0 -14
package/dist/lib/idp-fetch.js +0 -91
package/dist/lib/internal-api.d.ts +0 -87
package/dist/lib/internal-api.js +0 -122
package/dist/lib/jwt-decode-client.d.ts +0 -10
package/dist/lib/jwt-decode-client.js +0 -46
package/dist/lib/jwt-decode.d.ts +0 -48
package/dist/lib/jwt-decode.js +0 -57
package/dist/lib/nextauth-secret.d.ts +0 -10
package/dist/lib/nextauth-secret.js +0 -100
package/dist/lib/rate-limit-service.d.ts +0 -23
package/dist/lib/rate-limit-service.js +0 -6
package/dist/lib/redis.d.ts +0 -5
package/dist/lib/redis.js +0 -28
package/dist/lib/refresh-token-validator.d.ts +0 -13
package/dist/lib/refresh-token-validator.js +0 -117
package/dist/lib/roles.d.ts +0 -145
package/dist/lib/roles.js +0 -168
package/dist/lib/secret-validation.d.ts +0 -4
package/dist/lib/secret-validation.js +0 -14
package/dist/lib/session-store.d.ts +0 -170
package/dist/lib/session-store.js +0 -545
package/dist/lib/session.d.ts +0 -21
package/dist/lib/session.js +0 -26
package/dist/lib/site-logger.d.ts +0 -214
package/dist/lib/site-logger.js +0 -210
package/dist/lib/standardized-client-api.d.ts +0 -161
package/dist/lib/standardized-client-api.js +0 -786
package/dist/lib/startup-init.d.ts +0 -40
package/dist/lib/startup-init.js +0 -261
package/dist/lib/test-aware-get-token.d.ts +0 -2
package/dist/lib/test-aware-get-token.js +0 -81
package/dist/lib/token-expiry.d.ts +0 -14
package/dist/lib/token-expiry.js +0 -39
package/dist/lib/token-lifecycle.d.ts +0 -52
package/dist/lib/token-lifecycle.js +0 -398
package/dist/lib/types/api-responses.d.ts +0 -128
package/dist/lib/types/api-responses.js +0 -171
package/dist/lib/user-agent-parser.d.ts +0 -50
package/dist/lib/user-agent-parser.js +0 -220
package/dist/logging/api/admin-analytics.d.ts +0 -3
package/dist/logging/api/admin-analytics.js +0 -45
package/dist/logging/api/audit-log.d.ts +0 -3
package/dist/logging/api/audit-log.js +0 -52
package/dist/logging/components/AdminAnalyticsLayout.d.ts +0 -10
package/dist/logging/components/AdminAnalyticsLayout.js +0 -11
package/dist/logging/components/AuditLogViewer.d.ts +0 -7
package/dist/logging/components/AuditLogViewer.js +0 -51
package/dist/logging/components/ErrorMetricsCard.d.ts +0 -7
package/dist/logging/components/ErrorMetricsCard.js +0 -16
package/dist/logging/components/HealthMetricsCard.d.ts +0 -7
package/dist/logging/components/HealthMetricsCard.js +0 -19
package/dist/logging/hooks/useAdminAnalytics.d.ts +0 -24
package/dist/logging/hooks/useAdminAnalytics.js +0 -22
package/dist/logging/hooks/useAuditLog.d.ts +0 -6
package/dist/logging/hooks/useAuditLog.js +0 -25
package/dist/logging/hooks/useErrorMetrics.d.ts +0 -6
package/dist/logging/hooks/useErrorMetrics.js +0 -38
package/dist/logging/hooks/useHealthMetrics.d.ts +0 -6
package/dist/logging/hooks/useHealthMetrics.js +0 -41
package/dist/logging/index.d.ts +0 -11
package/dist/logging/index.js +0 -40
package/dist/logging/types/analytics.d.ts +0 -68
package/dist/logging/types/analytics.js +0 -3
package/dist/logging/types/audit.d.ts +0 -29
package/dist/logging/types/audit.js +0 -2
package/dist/logging/types/index.d.ts +0 -2
package/dist/logging/types/index.js +0 -19
package/dist/middleware/auth-decision.d.ts +0 -33
package/dist/middleware/auth-decision.js +0 -65
package/dist/middleware/create-middleware.d.ts +0 -102
package/dist/middleware/create-middleware.js +0 -469
package/dist/middleware/rbac-check.d.ts +0 -51
package/dist/middleware/rbac-check.js +0 -219
package/dist/middleware/twofa-presets.d.ts +0 -134
package/dist/middleware/twofa-presets.js +0 -175
package/dist/models/DecodedAccessToken.d.ts +0 -17
package/dist/models/DecodedAccessToken.js +0 -2
package/dist/models/SessionModel.d.ts +0 -122
package/dist/models/SessionModel.js +0 -136
package/dist/pages/admin-login/page.d.ts +0 -31
package/dist/pages/admin-login/page.js +0 -83
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.d.ts +0 -18
package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.js +0 -276
package/dist/pages/admin-page-permissions/index.d.ts +0 -6
package/dist/pages/admin-page-permissions/index.js +0 -13
package/dist/pages/admin-roles/RolesAdminPage.d.ts +0 -16
package/dist/pages/admin-roles/RolesAdminPage.js +0 -261
package/dist/pages/admin-roles/index.d.ts +0 -8
package/dist/pages/admin-roles/index.js +0 -15
package/dist/pages/admin-roles/modals.d.ts +0 -72
package/dist/pages/admin-roles/modals.js +0 -154
package/dist/pages/client-admin/ClientSiteAdminPage.d.ts +0 -79
package/dist/pages/client-admin/ClientSiteAdminPage.js +0 -177
package/dist/pages/client-admin/index.d.ts +0 -32
package/dist/pages/client-admin/index.js +0 -37
package/dist/pages/coming-soon/page.d.ts +0 -8
package/dist/pages/coming-soon/page.js +0 -28
package/dist/pages/login/page.d.ts +0 -22
package/dist/pages/login/page.js +0 -239
package/dist/pages/profile/EnhancedProfilePage.d.ts +0 -13
package/dist/pages/profile/EnhancedProfilePage.js +0 -150
package/dist/pages/profile/index.d.ts +0 -8
package/dist/pages/profile/index.js +0 -16
package/dist/pages/profile/page.d.ts +0 -19
package/dist/pages/profile/page.js +0 -47
package/dist/pages/profile/profile-patch.d.ts +0 -1
package/dist/pages/profile/profile-patch.js +0 -281
package/dist/pages/recovery/page.d.ts +0 -1
package/dist/pages/recovery/page.js +0 -142
package/dist/pages/roles/MyRolesPage.d.ts +0 -24
package/dist/pages/roles/MyRolesPage.js +0 -71
package/dist/pages/roles/components.d.ts +0 -63
package/dist/pages/roles/components.js +0 -108
package/dist/pages/roles/index.d.ts +0 -8
package/dist/pages/roles/index.js +0 -19
package/dist/pages/security/EnhancedSecurityPage.d.ts +0 -14
package/dist/pages/security/EnhancedSecurityPage.js +0 -248
package/dist/pages/security/index.d.ts +0 -8
package/dist/pages/security/index.js +0 -16
package/dist/pages/security/page.d.ts +0 -21
package/dist/pages/security/page.js +0 -212
package/dist/pages/security/security-patch.d.ts +0 -1
package/dist/pages/security/security-patch.js +0 -302
package/dist/pages/settings/EnhancedSettingsPage.d.ts +0 -46
package/dist/pages/settings/EnhancedSettingsPage.js +0 -231
package/dist/pages/settings/index.d.ts +0 -8
package/dist/pages/settings/index.js +0 -16
package/dist/pages/settings/page.d.ts +0 -7
package/dist/pages/settings/page.js +0 -26
package/dist/pages/showcase/ShowcasePage.d.ts +0 -13
package/dist/pages/showcase/ShowcasePage.js +0 -140
package/dist/pages/showcase/index.d.ts +0 -12
package/dist/pages/showcase/index.js +0 -17
package/dist/pages/test-env/EmergencyLogoutPage.d.ts +0 -14
package/dist/pages/test-env/EmergencyLogoutPage.js +0 -98
package/dist/pages/test-env/JwtInspectPage.d.ts +0 -14
package/dist/pages/test-env/JwtInspectPage.js +0 -114
package/dist/pages/test-env/RefreshTokenPage.d.ts +0 -15
package/dist/pages/test-env/RefreshTokenPage.js +0 -91
package/dist/pages/test-env/TestEnvPage.d.ts +0 -13
package/dist/pages/test-env/TestEnvPage.js +0 -49
package/dist/pages/test-env/index.d.ts +0 -24
package/dist/pages/test-env/index.js +0 -32
package/dist/pages/verify-code/page.d.ts +0 -30
package/dist/pages/verify-code/page.js +0 -408
package/dist/routes/account/index.d.ts +0 -28
package/dist/routes/account/index.js +0 -71
package/dist/routes/account/masked-info.d.ts +0 -33
package/dist/routes/account/masked-info.js +0 -39
package/dist/routes/account/send-code.d.ts +0 -37
package/dist/routes/account/send-code.js +0 -42
package/dist/routes/account/update-phone.d.ts +0 -13
package/dist/routes/account/update-phone.js +0 -17
package/dist/routes/account/verify-email.d.ts +0 -38
package/dist/routes/account/verify-email.js +0 -43
package/dist/routes/account/verify-sms.d.ts +0 -38
package/dist/routes/account/verify-sms.js +0 -43
package/dist/routes/auth/index.d.ts +0 -19
package/dist/routes/auth/index.js +0 -64
package/dist/routes/auth/logout.d.ts +0 -31
package/dist/routes/auth/logout.js +0 -113
package/dist/routes/auth/nextauth.d.ts +0 -19
package/dist/routes/auth/nextauth.js +0 -72
package/dist/routes/auth/refresh.d.ts +0 -30
package/dist/routes/auth/refresh.js +0 -51
package/dist/routes/auth/session.d.ts +0 -43
package/dist/routes/auth/session.js +0 -179
package/dist/routes/auth/settings.d.ts +0 -25
package/dist/routes/auth/settings.js +0 -55
package/dist/routes/auth/viability.d.ts +0 -52
package/dist/routes/auth/viability.js +0 -201
package/dist/routes/index.d.ts +0 -12
package/dist/routes/index.js +0 -54
package/dist/routes/session/index.d.ts +0 -6
package/dist/routes/session/index.js +0 -10
package/dist/routes/session/refresh-viability.d.ts +0 -16
package/dist/routes/session/refresh-viability.js +0 -20
package/dist/server/auth-guard.d.ts +0 -46
package/dist/server/auth-guard.js +0 -128
package/dist/server/decode-session.d.ts +0 -30
package/dist/server/decode-session.js +0 -78
package/dist/server/slim-middleware.d.ts +0 -23
package/dist/server/slim-middleware.js +0 -89
package/dist/server/with-auth.d.ts +0 -33
package/dist/server/with-auth.js +0 -59
package/dist/services/signalrActivityService.d.ts +0 -44
package/dist/services/signalrActivityService.js +0 -257
package/dist/stores/authStore.d.ts +0 -154
package/dist/stores/authStore.js +0 -1531
package/dist/theme/ThemeProvider.d.ts +0 -14
package/dist/theme/ThemeProvider.js +0 -28
package/dist/theme/default.d.ts +0 -8
package/dist/theme/default.js +0 -33
package/dist/theme/index.d.ts +0 -15
package/dist/theme/index.js +0 -25
package/dist/theme/types.d.ts +0 -56
package/dist/theme/types.js +0 -8
package/dist/theme/useTheme.d.ts +0 -60
package/dist/theme/useTheme.js +0 -63
package/dist/theme/utils.d.ts +0 -13
package/dist/theme/utils.js +0 -39
package/dist/types/api.d.ts +0 -134
package/dist/types/api.js +0 -44
package/dist/types/auth.d.ts +0 -19
package/dist/types/auth.js +0 -2
package/dist/types/logging.d.ts +0 -42
package/dist/types/logging.js +0 -2
package/dist/types/recovery.d.ts +0 -48
package/dist/types/recovery.js +0 -2
package/dist/types/security.d.ts +0 -1
package/dist/types/security.js +0 -2
package/dist/utils/api.d.ts +0 -85
package/dist/utils/api.js +0 -287
package/dist/utils/circuitBreaker.d.ts +0 -43
package/dist/utils/circuitBreaker.js +0 -91
package/dist/utils/error-message.d.ts +0 -1
package/dist/utils/error-message.js +0 -103
package/dist/utils/layout/reservedSpace.d.ts +0 -59
package/dist/utils/layout/reservedSpace.js +0 -102
package/dist/utils/logout.d.ts +0 -14
package/dist/utils/logout.js +0 -32
package/dist/vibe/client.d.ts +0 -261
package/dist/vibe/client.js +0 -445
package/dist/vibe/enterprise-auth.d.ts +0 -106
package/dist/vibe/enterprise-auth.js +0 -173
package/dist/vibe/errors.d.ts +0 -83
package/dist/vibe/errors.js +0 -146
package/dist/vibe/generic.d.ts +0 -234
package/dist/vibe/generic.js +0 -369
package/dist/vibe/hooks/index.d.ts +0 -169
package/dist/vibe/hooks/index.js +0 -252
package/dist/vibe/index.d.ts +0 -25
package/dist/vibe/index.js +0 -72
package/dist/vibe/sessions.d.ts +0 -161
package/dist/vibe/sessions.js +0 -391
package/dist/vibe/types.d.ts +0 -353
package/dist/vibe/types.js +0 -315
package/src/auth/auth-options.ts +0 -237
package/src/auth/callbacks/index.ts +0 -7
package/src/auth/callbacks/jwt.ts +0 -382
package/src/auth/callbacks/session.ts +0 -243
package/src/auth/callbacks/signin.ts +0 -56
package/src/auth/events/index.ts +0 -5
package/src/auth/events/signout.ts +0 -33
package/src/auth/providers/credentials.ts +0 -256
package/src/auth/providers/index.ts +0 -6
package/src/auth/providers/oauth.ts +0 -114
package/src/lib/nextauth-secret.ts +0 -121
package/src/types/next-auth.d.ts +0 -15

package/src/auth/route-config.ts CHANGED Viewed

@@ -1,220 +1,220 @@
-/**
- * Advanced Route Configuration for `@payez/next-mvp`
- *
- * This module provides a robust, pattern-based mechanism for defining
- * unauthenticated (public) routes, including wildcard support.
- * It is designed to be easily configurable by host applications.
- */
-import { TwoFactorRequirements, TwoFactorPresets } from '../middleware/twofa-presets';
-export interface UnauthenticatedRouteConfig {
-  /** The route pattern (supports wildcards with *) */
-  pattern: string;
-  /** Description of what this route is for */
-  description: string;
-  /** Whether this route should be accessible during circuit breaker open state */
-  allowDuringCircuitBreakerOpen?: boolean;
-  /** Whether this route requires rate limiting even when unauthenticated */
-  requiresRateLimit?: boolean;
-}
-/**
- * Protected route configuration with 2FA requirements
- */
-export interface ProtectedRouteConfig {
-  /** The route pattern (supports wildcards with *) */
-  pattern: string;
-  /** Description of what this route is for */
-  description?: string;
-  /** 2FA requirements for this route (default: requires 2FA if site requires it) */
-  twoFactorRequirements: TwoFactorRequirements;
-}
-// Default public routes provided by the MVP package
-const defaultUnauthenticatedRoutes: UnauthenticatedRouteConfig[] = [
-  {
-    pattern: '/',
-    description: 'Homepage',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: false
-  },
-  {
-    pattern: '/login',
-    description: 'Login page',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: false
-  },
-  {
-    pattern: '/register',
-    description: 'Registration page',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: false
-  },
-  {
-    pattern: '/forgot-password',
-    description: 'Forgot password page',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: false
-  },
-  {
-    pattern: '/account-auth/*',
-    description: 'All authentication pages (login, register, forgot password, etc.)',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: false
-  },
-  {
-    pattern: '/api/auth/*',
-    description: 'NextAuth.js authentication API endpoints',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: true
-  },
-  {
-    pattern: '/api/session/viability',
-    description: 'Session viability check endpoint',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: false
-  },
-  {
-    pattern: '/api/health/*',
-    description: 'Health check endpoints',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: true
-  },
-  {
-    pattern: '/service-unavailable',
-    description: 'Service unavailable error page',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: false
-  },
-  {
-    pattern: '/_next/*',
-    description: 'Next.js static assets',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: false
-  },
-  {
-    pattern: '/favicon.ico',
-    description: 'Favicon',
-    allowDuringCircuitBreakerOpen: true,
-    requiresRateLimit: false
-  },
-];
-let configuredRoutes: UnauthenticatedRouteConfig[] = [...defaultUnauthenticatedRoutes];
-// Default routes that require auth but NOT 2FA (for 2FA onboarding flow)
-// NOTE: Only the bare minimum routes needed for 2FA completion - no welcome screens
-const default2FABypassRoutes: ProtectedRouteConfig[] = [
-  {
-    pattern: '/api/auth/*',
-    description: 'NextAuth.js API routes - must be accessible during 2FA flow for session management',
-    twoFactorRequirements: TwoFactorPresets.NONE
-  },
-  {
-    pattern: '/api/account/*',
-    description: '2FA verification APIs (send-code, verify-email, verify-sms, update-phone, masked-info)',
-    twoFactorRequirements: TwoFactorPresets.NONE
-  },
-  {
-    pattern: '/api/session/*',
-    description: 'Session management APIs (viability, refresh-viability)',
-    twoFactorRequirements: TwoFactorPresets.NONE
-  },
-  {
-    pattern: '/account-auth/verify-code',
-    description: '2FA verification page',
-    twoFactorRequirements: TwoFactorPresets.NONE
-  },
-  {
-    pattern: '/test-env/*',
-    description: 'Test/debug pages (emergency-logout, jwt-inspect, refresh-token) - must bypass 2FA',
-    twoFactorRequirements: TwoFactorPresets.NONE
-  },
-  // NOTE: /onboarding/two-factor intentionally NOT included - go straight to 2FA, no welcome page
-];
-let configured2FABypassRoutes: ProtectedRouteConfig[] = [...default2FABypassRoutes];
-/**
- * Configures additional public routes for the application.
- * This function should be called once during application initialization.
- * @param appRoutes An array of route patterns or UnauthenticatedRouteConfig objects.
- */
-export function configurePublicRoutes(appRoutes: (string | UnauthenticatedRouteConfig)[] = []) {
-  const newRoutes = appRoutes.map(route =>
-    typeof route === 'string'
-      ? { pattern: route, description: `Application-defined public route: ${route}` }
-      : route
-  );
-  configuredRoutes = [...defaultUnauthenticatedRoutes, ...newRoutes];
-}
-/**
- * Configures routes that require authentication but bypass 2FA requirements.
- * Essential for 2FA onboarding flows where user is authenticated but hasn't completed 2FA yet.
- * @param routes An array of route patterns or ProtectedRouteConfig objects.
- */
-export function configure2FABypassRoutes(routes: (string | ProtectedRouteConfig)[] = []) {
-  const newRoutes = routes.map(route =>
-    typeof route === 'string'
-      ? { pattern: route, description: `2FA bypass route: ${route}`, twoFactorRequirements: TwoFactorPresets.NONE }
-      : route
-  );
-  configured2FABypassRoutes = [...default2FABypassRoutes, ...newRoutes];
-}
-/**
- * Checks if a route should bypass 2FA requirements (but still requires auth).
- * @param pathname The URL pathname to check.
- * @returns The ProtectedRouteConfig if found, otherwise undefined.
- */
-export function get2FABypassConfig(pathname: string): ProtectedRouteConfig | undefined {
-  return configured2FABypassRoutes.find(route => {
-    if (route.pattern.endsWith('*')) {
-      const basePattern = route.pattern.slice(0, -1);
-      return pathname.startsWith(basePattern);
-    }
-    return pathname === route.pattern;
-  });
-}
-/**
- * Checks if a route should bypass 2FA requirements.
- * @param pathname The URL pathname to check.
- * @returns true if 2FA should be bypassed for this route.
- */
-export function should2FABypass(pathname: string): boolean {
-  return get2FABypassConfig(pathname) !== undefined;
-}
-/**
- * Checks if a given pathname matches any of the configured unauthenticated routes.
- * Supports wildcard matching (e.g., '/api/*').
- * @param pathname The URL pathname to check.
- * @returns `true` if the route is unauthenticated, `false` otherwise.
- */
-export function isUnauthenticatedRoute(pathname: string): boolean {
-  return configuredRoutes.some(route => {
-    if (route.pattern.endsWith('*')) {
-      const basePattern = route.pattern.slice(0, -1);
-      return pathname.startsWith(basePattern);
-    }
-    return pathname === route.pattern;
-  });
-}
-/**
- * Retrieves the configuration for a specific route.
- * @param pathname The URL pathname to get the configuration for.
- * @returns The `UnauthenticatedRouteConfig` object if found, otherwise `undefined`.
- */
-export function getRouteConfig(pathname: string): UnauthenticatedRouteConfig | undefined {
-  return configuredRoutes.find(route => {
-    if (route.pattern.endsWith('*')) {
-      const basePattern = route.pattern.slice(0, -1);
-      return pathname.startsWith(basePattern);
-    }
-    return pathname === route.pattern;
-  });
+/**
+ * Advanced Route Configuration for `@payez/next-mvp`
+ *
+ * This module provides a robust, pattern-based mechanism for defining
+ * unauthenticated (public) routes, including wildcard support.
+ * It is designed to be easily configurable by host applications.
+ */
+import { TwoFactorRequirements, TwoFactorPresets } from '../middleware/twofa-presets';
+export interface UnauthenticatedRouteConfig {
+  /** The route pattern (supports wildcards with *) */
+  pattern: string;
+  /** Description of what this route is for */
+  description: string;
+  /** Whether this route should be accessible during circuit breaker open state */
+  allowDuringCircuitBreakerOpen?: boolean;
+  /** Whether this route requires rate limiting even when unauthenticated */
+  requiresRateLimit?: boolean;
+}
+/**
+ * Protected route configuration with 2FA requirements
+ */
+export interface ProtectedRouteConfig {
+  /** The route pattern (supports wildcards with *) */
+  pattern: string;
+  /** Description of what this route is for */
+  description?: string;
+  /** 2FA requirements for this route (default: requires 2FA if site requires it) */
+  twoFactorRequirements: TwoFactorRequirements;
+}
+// Default public routes provided by the MVP package
+const defaultUnauthenticatedRoutes: UnauthenticatedRouteConfig[] = [
+  {
+    pattern: '/',
+    description: 'Homepage',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: false
+  },
+  {
+    pattern: '/login',
+    description: 'Login page',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: false
+  },
+  {
+    pattern: '/register',
+    description: 'Registration page',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: false
+  },
+  {
+    pattern: '/forgot-password',
+    description: 'Forgot password page',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: false
+  },
+  {
+    pattern: '/account-auth/*',
+    description: 'All authentication pages (login, register, forgot password, etc.)',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: false
+  },
+  {
+    pattern: '/api/auth/*',
+    description: 'Authentication API endpoints',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: true
+  },
+  {
+    pattern: '/api/session/viability',
+    description: 'Session viability check endpoint',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: false
+  },
+  {
+    pattern: '/api/health/*',
+    description: 'Health check endpoints',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: true
+  },
+  {
+    pattern: '/service-unavailable',
+    description: 'Service unavailable error page',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: false
+  },
+  {
+    pattern: '/_next/*',
+    description: 'Next.js static assets',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: false
+  },
+  {
+    pattern: '/favicon.ico',
+    description: 'Favicon',
+    allowDuringCircuitBreakerOpen: true,
+    requiresRateLimit: false
+  },
+];
+let configuredRoutes: UnauthenticatedRouteConfig[] = [...defaultUnauthenticatedRoutes];
+// Default routes that require auth but NOT 2FA (for 2FA onboarding flow)
+// NOTE: Only the bare minimum routes needed for 2FA completion - no welcome screens
+const default2FABypassRoutes: ProtectedRouteConfig[] = [
+  {
+    pattern: '/api/auth/*',
+    description: 'Auth API routes - must be accessible during 2FA flow for session management',
+    twoFactorRequirements: TwoFactorPresets.NONE
+  },
+  {
+    pattern: '/api/account/*',
+    description: '2FA verification APIs (send-code, verify-email, verify-sms, update-phone, masked-info)',
+    twoFactorRequirements: TwoFactorPresets.NONE
+  },
+  {
+    pattern: '/api/session/*',
+    description: 'Session management APIs (viability, refresh-viability)',
+    twoFactorRequirements: TwoFactorPresets.NONE
+  },
+  {
+    pattern: '/account-auth/verify-code',
+    description: '2FA verification page',
+    twoFactorRequirements: TwoFactorPresets.NONE
+  },
+  {
+    pattern: '/test-env/*',
+    description: 'Test/debug pages (emergency-logout, jwt-inspect, refresh-token) - must bypass 2FA',
+    twoFactorRequirements: TwoFactorPresets.NONE
+  },
+  // NOTE: /onboarding/two-factor intentionally NOT included - go straight to 2FA, no welcome page
+];
+let configured2FABypassRoutes: ProtectedRouteConfig[] = [...default2FABypassRoutes];
+/**
+ * Configures additional public routes for the application.
+ * This function should be called once during application initialization.
+ * @param appRoutes An array of route patterns or UnauthenticatedRouteConfig objects.
+ */
+export function configurePublicRoutes(appRoutes: (string | UnauthenticatedRouteConfig)[] = []) {
+  const newRoutes = appRoutes.map(route =>
+    typeof route === 'string'
+      ? { pattern: route, description: `Application-defined public route: ${route}` }
+      : route
+  );
+  configuredRoutes = [...defaultUnauthenticatedRoutes, ...newRoutes];
+}
+/**
+ * Configures routes that require authentication but bypass 2FA requirements.
+ * Essential for 2FA onboarding flows where user is authenticated but hasn't completed 2FA yet.
+ * @param routes An array of route patterns or ProtectedRouteConfig objects.
+ */
+export function configure2FABypassRoutes(routes: (string | ProtectedRouteConfig)[] = []) {
+  const newRoutes = routes.map(route =>
+    typeof route === 'string'
+      ? { pattern: route, description: `2FA bypass route: ${route}`, twoFactorRequirements: TwoFactorPresets.NONE }
+      : route
+  );
+  configured2FABypassRoutes = [...default2FABypassRoutes, ...newRoutes];
+}
+/**
+ * Checks if a route should bypass 2FA requirements (but still requires auth).
+ * @param pathname The URL pathname to check.
+ * @returns The ProtectedRouteConfig if found, otherwise undefined.
+ */
+export function get2FABypassConfig(pathname: string): ProtectedRouteConfig | undefined {
+  return configured2FABypassRoutes.find(route => {
+    if (route.pattern.endsWith('*')) {
+      const basePattern = route.pattern.slice(0, -1);
+      return pathname.startsWith(basePattern);
+    }
+    return pathname === route.pattern;
+  });
+}
+/**
+ * Checks if a route should bypass 2FA requirements.
+ * @param pathname The URL pathname to check.
+ * @returns true if 2FA should be bypassed for this route.
+ */
+export function should2FABypass(pathname: string): boolean {
+  return get2FABypassConfig(pathname) !== undefined;
+}
+/**
+ * Checks if a given pathname matches any of the configured unauthenticated routes.
+ * Supports wildcard matching (e.g., '/api/*').
+ * @param pathname The URL pathname to check.
+ * @returns `true` if the route is unauthenticated, `false` otherwise.
+ */
+export function isUnauthenticatedRoute(pathname: string): boolean {
+  return configuredRoutes.some(route => {
+    if (route.pattern.endsWith('*')) {
+      const basePattern = route.pattern.slice(0, -1);
+      return pathname.startsWith(basePattern);
+    }
+    return pathname === route.pattern;
+  });
+}
+/**
+ * Retrieves the configuration for a specific route.
+ * @param pathname The URL pathname to get the configuration for.
+ * @returns The `UnauthenticatedRouteConfig` object if found, otherwise `undefined`.
+ */
+export function getRouteConfig(pathname: string): UnauthenticatedRouteConfig | undefined {
+  return configuredRoutes.find(route => {
+    if (route.pattern.endsWith('*')) {
+      const basePattern = route.pattern.slice(0, -1);
+      return pathname.startsWith(basePattern);
+    }
+    return pathname === route.pattern;
+  });
 }

package/src/auth/utils/token-utils.ts CHANGED Viewed

@@ -2,7 +2,6 @@
  * Token Utilities
  *
  * JWT decoding and expiry checking utilities.
- * Extracted from auth-options.ts for clarity.
  *
  * @version 1.0.0
  * @since auth-refactor-2026-01

package/src/client/AuthContext.tsx CHANGED Viewed

@@ -1,7 +1,7 @@
 'use client';
 import React, { createContext, useContext, ReactNode, useState, useEffect } from 'react';
-import { getProviders } from 'next-auth/react';
+import { authClient } from './better-auth-client';
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import { AuthConfig, AuthMode, FederatedProvider } from '@/types/auth';
@@ -62,7 +62,11 @@ export function AuthProvider({ children, config, useDynamicProviders = true }: A
     async function fetchDynamicProviders() {
       try {
-        const result = await getProviders();
+        // Better Auth doesn't have a getProviders equivalent.
+        // Use static provider map based on configured social providers.
+        const result: Record<string, { id: string; name: string }> | null = {
+          google: { id: 'google', name: 'Google' },
+        };
         if (!mounted) return;

package/src/client/fetch-with-auth.ts CHANGED Viewed

@@ -1,48 +1,48 @@
-// src/client/fetch-with-auth.ts
-import { getSession } from 'next-auth/react';
-/**
- * A wrapper for the `fetch` API that automatically injects the session's
- * accessToken into the Authorization header and handles 401 Unauthorized
- * responses by redirecting the user to the login page.
- *
- * @param url The URL to fetch.
- * @param options The standard `fetch` options.
- * @returns A `Promise` that resolves to the `Response` object.
- * @throws An 'UNAUTHORIZED_REDIRECT' error after initiating the redirect to halt further execution.
- */
-export async function fetchWithAuth(url: string, options: RequestInit = {}): Promise<Response> {
-  // 1. Retrieve the client-side session to get the accessToken.
-  const session = await getSession();
-  // 2. Inject the accessToken into the Authorization header.
-  const headers = new Headers(options.headers);
-  if (session?.accessToken) {
-    headers.set('Authorization', `Bearer ${session.accessToken}`);
-  }
-  options.headers = headers;
-  const response = await fetch(url, options);
-  // 3. Handle the 401 response intelligently.
-  if (response.status === 401) {
-    // If we have a valid session, this is likely a claim/permission error, not an auth error
-    if (session?.accessToken) {
-      console.warn('API returned 401 despite valid session. Likely insufficient claims or permissions.');
-      // Don't redirect - let the calling code handle the error gracefully
-      return response;
-    }
-    // No valid session - this is a real authentication failure
-    console.error('Unauthorized API call (no valid session). Redirecting to login.');
-    // SAFEGUARD: Never use auth pages as callback URLs to prevent redirect loops
-    const pathname = window.location.pathname;
-    const safeCallbackUrl = pathname.startsWith('/account-auth/') ? '/' : pathname;
-    window.location.href = `/account-auth/login?callbackUrl=${encodeURIComponent(safeCallbackUrl)}`;
-    // Throw a specific error to signal that a redirect has been initiated.
-    throw new Error('UNAUTHORIZED_REDIRECT');
-  }
-  return response;
+// src/client/fetch-with-auth.ts
+import { authClient } from './better-auth-client';
+/**
+ * A wrapper for the `fetch` API that automatically injects the session's
+ * accessToken into the Authorization header and handles 401 Unauthorized
+ * responses by redirecting the user to the login page.
+ *
+ * @param url The URL to fetch.
+ * @param options The standard `fetch` options.
+ * @returns A `Promise` that resolves to the `Response` object.
+ * @throws An 'UNAUTHORIZED_REDIRECT' error after initiating the redirect to halt further execution.
+ */
+export async function fetchWithAuth(url: string, options: RequestInit = {}): Promise<Response> {
+  // 1. Retrieve the client-side session to get the accessToken.
+  const { data: session } = await authClient.getSession();
+  // 2. Inject the accessToken into the Authorization header.
+  const headers = new Headers(options.headers);
+  if ((session as any)?.accessToken) {
+    headers.set('Authorization', `Bearer ${(session as any).accessToken}`);
+  }
+  options.headers = headers;
+  const response = await fetch(url, options);
+  // 3. Handle the 401 response intelligently.
+  if (response.status === 401) {
+    // If we have a valid session, this is likely a claim/permission error, not an auth error
+    if ((session as any)?.accessToken) {
+      console.warn('API returned 401 despite valid session. Likely insufficient claims or permissions.');
+      // Don't redirect - let the calling code handle the error gracefully
+      return response;
+    }
+    // No valid session - this is a real authentication failure
+    console.error('Unauthorized API call (no valid session). Redirecting to login.');
+    // SAFEGUARD: Never use auth pages as callback URLs to prevent redirect loops
+    const pathname = window.location.pathname;
+    const safeCallbackUrl = pathname.startsWith('/account-auth/') ? '/' : pathname;
+    window.location.href = `/account-auth/login?callbackUrl=${encodeURIComponent(safeCallbackUrl)}`;
+    // Throw a specific error to signal that a redirect has been initiated.
+    throw new Error('UNAUTHORIZED_REDIRECT');
+  }
+  return response;
 }

package/src/components/SessionSync.tsx CHANGED Viewed

@@ -1,8 +1,7 @@
 'use client';
 import { useEffect, useRef } from 'react';
-import { useSession, signOut } from 'next-auth/react';
-import type { Session } from 'next-auth';
+import { authClient } from '../client/better-auth-client';
 import { useAuthStore } from '../stores/authStore';
 import { isValidSession } from '../lib/session';
 import {
@@ -44,7 +43,9 @@ function sanitizeForLog(value: string | undefined, type: 'email' | 'userId'): st
  * This ensures the app NEVER shows authenticated UI with empty/invalid session data.
  */
 export function SessionSync({ children }: { children: React.ReactNode }) {
-  const { data: session, status } = useSession();
+  const { data: sessionData, isPending } = authClient.useSession();
+  const session = sessionData;
+  const status = isPending ? 'loading' : session ? 'authenticated' : 'unauthenticated';
   const { setSession, clearSession } = useAuthStore();
   // Guard against duplicate sign-out calls
@@ -102,8 +103,8 @@ export function SessionSync({ children }: { children: React.ReactNode }) {
         // Cookie clearing failed - non-critical, continue with signout
       }
-      // Force NextAuth to sign out (this will clear cookies and trigger redirect)
-      signOut({ redirect: false })
+      // Force Better Auth to sign out (this will clear cookies and trigger redirect)
+      authClient.signOut()
         .then(() => {
           if (isMounted) {
             // Use generic error code instead of implementation details

package/src/components/account/MobileNavDrawer.tsx CHANGED Viewed

@@ -1,7 +1,7 @@
 'use client';
 import { useEffect, useCallback } from 'react';
-import { useSession, signIn } from 'next-auth/react';
+import { authClient } from '../../client/better-auth-client';
 import { usePathname } from 'next/navigation';
 import Image from 'next/image';
 import Link from 'next/link';
@@ -52,7 +52,7 @@ export function MobileNavDrawer({
   unauthActions,
   authFooter,
 }: MobileNavDrawerProps) {
-  const { data: session } = useSession();
+  const { data: session } = authClient.useSession();
   const pathname = usePathname();
   const isAuthenticated = !!session?.user;
@@ -90,7 +90,7 @@ export function MobileNavDrawer({
     if (onSignIn) {
       onSignIn();
     } else {
-      signIn(undefined, { callbackUrl: signInCallbackUrl });
+      authClient.signIn.social({ provider: 'google', callbackURL: signInCallbackUrl });
     }
   };

package/src/components/account/UserAvatarMenu.tsx CHANGED Viewed

@@ -1,7 +1,7 @@
 'use client';
 import { useState, useRef, useEffect } from 'react';
-import { useSession, signOut } from 'next-auth/react';
+import { authClient } from '../../client/better-auth-client';
 import { useRouter } from 'next/navigation';
 import Image from 'next/image';
 import { User, Settings, Shield, LogOut } from 'lucide-react';
@@ -39,7 +39,9 @@ export function UserAvatarMenu({
   customItems,
   onSignOut,
 }: UserAvatarMenuProps) {
-  const { data: session, status } = useSession();
+  const { data: sessionData, isPending } = authClient.useSession();
+  const session = sessionData;
+  const status = isPending ? 'loading' : session ? 'authenticated' : 'unauthenticated';
   const router = useRouter();
   const [isOpen, setIsOpen] = useState(false);
   const menuRef = useRef<HTMLDivElement>(null);
@@ -102,7 +104,8 @@ export function UserAvatarMenu({
     } else {
       // Use NEXT_PUBLIC env var or default to root
       const logoutUrl = process.env.NEXT_PUBLIC_LOGOUT_REDIRECT_URL || '/';
-      await signOut({ callbackUrl: logoutUrl });
+      await authClient.signOut();
+      window.location.href = logoutUrl;
     }
   };