@payez/next-mvp 3.9.1 → 4.0.1

package/dist/routes/auth/nextauth.js

@@ -1,72 +0,0 @@
-"use strict";
-/**
- * Ready-to-Use NextAuth Route Handler
- *
- * Provides a pre-configured NextAuth handler that uses dynamic OAuth providers
- * loaded from IDP at startup via getAuthOptions().
- *
- * @version 2.2.0 - Dynamic provider loading from IDP
- * @since auth-ready-v2-hotfix
- */
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.GET = GET;
-exports.POST = POST;
-const next_auth_1 = __importDefault(require("next-auth"));
-const auth_options_1 = require("../../auth/auth-options");
-// Cached handler - built once with dynamic providers
-let cachedHandler = null;
-let handlerPromise = null;
-/**
- * Get or build the NextAuth handler with dynamic providers.
- * Uses caching to avoid rebuilding on every request.
- */
-async function getHandler() {
-    // Return cached if available
-    if (cachedHandler) {
-        return cachedHandler;
-    }
-    // Prevent concurrent builds
-    if (handlerPromise) {
-        return handlerPromise;
-    }
-    handlerPromise = (async () => {
-        try {
-            // Try to get dynamic auth options from IDP
-            const options = await (0, auth_options_1.getAuthOptions)();
-            console.log('[NEXTAUTH_ROUTE] Built handler with dynamic providers');
-            cachedHandler = (0, next_auth_1.default)(options);
-            return cachedHandler;
-        }
-        catch (error) {
-            // Fallback to static options if IDP unavailable
-            console.warn('[NEXTAUTH_ROUTE] Failed to get dynamic options, using static fallback:', {
-                error: error instanceof Error ? error.message : String(error)
-            });
-            cachedHandler = (0, next_auth_1.default)(auth_options_1.authOptions);
-            return cachedHandler;
-        }
-        finally {
-            handlerPromise = null;
-        }
-    })();
-    return handlerPromise;
-}
-/**
- * GET handler for NextAuth
- * Uses async factory to get dynamic providers from IDP
- */
-async function GET(request, context) {
-    const handler = await getHandler();
-    return handler(request, context);
-}
-/**
- * POST handler for NextAuth
- * Uses async factory to get dynamic providers from IDP
- */
-async function POST(request, context) {
-    const handler = await getHandler();
-    return handler(request, context);
-}

package/dist/routes/auth/refresh.d.ts

@@ -1,30 +0,0 @@
-/**
- * Ready-to-Use Refresh Token Route
- *
- * Provides a pre-configured refresh handler that can be imported directly
- * into your app's API routes with zero configuration.
- *
- * @example
- * ```typescript
- * // app/api/auth/refresh/route.ts
- * export { POST } from '@payez/next-mvp/routes/auth/refresh';
- * ```
- *
- * @version 2.0.0
- * @since auth-ready-v2
- */
-import { NextRequest } from 'next/server';
-export declare function POST(req: NextRequest): Promise<import("next/server").NextResponse<{
-    error: string;
-    code: string;
-}> | import("next/server").NextResponse<{
-    error: any;
-    code: any;
-    discardToken: boolean;
-    retryable: boolean;
-    resolution: any;
-}> | import("next/server").NextResponse<{
-    refreshed: boolean;
-    accessTokenExpires: number;
-    hasRefreshToken: boolean;
-}>>;

package/dist/routes/auth/refresh.js

@@ -1,51 +0,0 @@
-"use strict";
-/**
- * Ready-to-Use Refresh Token Route
- *
- * Provides a pre-configured refresh handler that can be imported directly
- * into your app's API routes with zero configuration.
- *
- * @example
- * ```typescript
- * // app/api/auth/refresh/route.ts
- * export { POST } from '@payez/next-mvp/routes/auth/refresh';
- * ```
- *
- * @version 2.0.0
- * @since auth-ready-v2
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.POST = POST;
-const refresh_1 = require("../../api-handlers/auth/refresh");
-const idp_client_config_1 = require("../../lib/idp-client-config");
-// Configuration is read at runtime from IDP config (cached)
-async function getConfig() {
-    const idpConfig = await (0, idp_client_config_1.getIDPClientConfig)();
-    const idpBaseUrl = process.env.IDP_URL;
-    if (!idpBaseUrl) {
-        throw new Error('[IDP_URL] FATAL: IDP_URL environment variable is REQUIRED.');
-    }
-    return {
-        idpBaseUrl,
-        clientId: process.env.CLIENT_ID || process.env.NEXT_PUBLIC_IDP_CLIENT_ID || '',
-        nextAuthSecret: idpConfig.nextAuthSecret || '',
-        refreshEndpoint: process.env.REFRESH_ENDPOINT || '/api/ExternalAuth/refresh',
-    };
-}
-/**
- * Pre-configured POST handler for token refresh
- *
- * Environment variables used:
- * - IDP_URL (REQUIRED)
- * - CLIENT_ID or NEXT_PUBLIC_IDP_CLIENT_ID (required)
- * - NEXTAUTH_SECRET (required)
- * - REFRESH_ENDPOINT (default: /api/ExternalAuth/refresh)
- */
-let _handler = null;
-async function POST(req) {
-    if (!_handler) {
-        const config = await getConfig();
-        _handler = (0, refresh_1.createRefreshHandler)(config);
-    }
-    return _handler(req);
-}

package/dist/routes/auth/session.d.ts

@@ -1,43 +0,0 @@
-/**
- * Ready-to-Use Session Management Route
- *
- * Provides pre-configured session handlers for checking and updating session state.
- *
- * @example
- * ```typescript
- * // app/api/auth/session/route.ts
- * export { GET, POST } from '@payez/next-mvp/routes/auth/session';
- * ```
- *
- * @version 2.0.0
- * @since auth-ready-v2
- */
-import { NextRequest, NextResponse } from 'next/server';
-/**
- * GET /api/auth/session - Check current session status
- *
- * Returns the current session information including:
- * - User details
- * - Token expiry status
- * - Session validity
- */
-export declare function GET(req: NextRequest): Promise<NextResponse<{}>>;
-/**
- * POST /api/auth/session - Update session data
- *
- * Allows updating session metadata (not tokens).
- * Token refresh should use the /api/auth/refresh endpoint.
- *
- * Body:
- * - metadata: object - Custom metadata to store in session
- */
-export declare function POST(req: NextRequest): Promise<NextResponse<{
-    error: string;
-    code: string;
-}> | NextResponse<{
-    success: boolean;
-    message: string;
-}> | NextResponse<{
-    error: string;
-    details: string;
-}>>;

package/dist/routes/auth/session.js

@@ -1,179 +0,0 @@
-"use strict";
-/**
- * Ready-to-Use Session Management Route
- *
- * Provides pre-configured session handlers for checking and updating session state.
- *
- * @example
- * ```typescript
- * // app/api/auth/session/route.ts
- * export { GET, POST } from '@payez/next-mvp/routes/auth/session';
- * ```
- *
- * @version 2.0.0
- * @since auth-ready-v2
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.GET = GET;
-exports.POST = POST;
-const server_1 = require("next/server");
-const jwt_1 = require("next-auth/jwt");
-const session_store_1 = require("../../lib/session-store");
-const app_slug_1 = require("../../lib/app-slug");
-const idp_client_config_1 = require("../../lib/idp-client-config");
-/**
- * Get NextAuth secret from IDP config (cached).
- * NEVER use process.env.NEXTAUTH_SECRET - it's always loaded from IDP.
- */
-async function getNextAuthSecret() {
-    const config = await (0, idp_client_config_1.getIDPClientConfig)();
-    return config.nextAuthSecret || '';
-}
-/**
- * GET /api/auth/session - Check current session status
- *
- * Returns the current session information including:
- * - User details
- * - Token expiry status
- * - Session validity
- */
-async function GET(req) {
-    try {
-        const secret = await getNextAuthSecret();
-        const cookieName = (0, app_slug_1.getJwtCookieName)();
-        // Debug logging
-        const cookieValue = req.cookies.get(cookieName)?.value;
-        console.log('[SESSION_ROUTE] GET called:', {
-            cookieName,
-            hasCookie: !!cookieValue,
-            cookieLength: cookieValue?.length || 0,
-            secretLength: secret?.length || 0,
-        });
-        const token = await (0, jwt_1.getToken)({ req, secret, cookieName });
-        if (!token) {
-            console.warn('[SESSION_ROUTE] getToken returned null');
-            // MUST return empty {} — NextAuth's useSession() treats any non-empty
-            // response object as "authenticated", causing redirect loops on login page.
-            return server_1.NextResponse.json({});
-        }
-        // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
-        const redisSessionId = token.sessionToken || token.redisSessionId;
-        console.log('[SESSION_ROUTE] Token found:', {
-            sub: token.sub,
-            email: token.email,
-            name: token.name,
-            hasExp: !!token.exp,
-            redisSessionId: redisSessionId ? redisSessionId.substring(0, 8) + '...' : 'MISSING',
-        });
-        // Fetch full session data from Redis
-        const session = redisSessionId ? await (0, session_store_1.getSession)(redisSessionId) : null;
-        console.log('[SESSION_ROUTE] Redis session:', {
-            found: !!session,
-            userId: session?.userId,
-            roles: session?.roles,
-            hasAccessToken: !!session?.idpAccessToken,
-        });
-        // Return NextAuth-compatible session format with Redis data
-        // useSession() expects: { user: {...}, expires: "..." }
-        // We enrich with all session data from Redis
-        return server_1.NextResponse.json({
-            user: {
-                id: session?.userId || token.sub,
-                email: session?.email || token.email,
-                name: session?.name || token.name,
-                image: token.picture || null,
-                // Redis session data
-                roles: session?.roles || [],
-                twoFactorSessionVerified: session?.mfaVerified || false,
-                requiresTwoFactor: !session?.mfaVerified,
-                authenticationMethods: session?.authenticationMethods,
-                authenticationLevel: session?.authenticationLevel,
-                mfaCompletedAt: session?.mfaCompletedAt,
-                mfaExpiresAt: session?.mfaExpiresAt,
-                mfaValidityHours: session?.mfaValidityHours,
-                oauthProvider: session?.oauthProvider,
-                idpClientId: session?.idpClientId,
-                merchantId: session?.merchantId,
-            },
-            // Session tokens
-            sessionToken: redisSessionId,
-            accessToken: session?.idpAccessToken,
-            refreshToken: session?.idpRefreshToken,
-            accessTokenExpires: session?.idpAccessTokenExpires,
-            expires: token.exp ? new Date(token.exp * 1000).toISOString() : new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString(),
-        });
-    }
-    catch (error) {
-        console.error('[SESSION_ROUTE] Error checking session:', error);
-        return server_1.NextResponse.json({
-            error: 'Failed to check session',
-            details: error instanceof Error ? error.message : 'Unknown error'
-        }, { status: 500 });
-    }
-}
-/**
- * POST /api/auth/session - Update session data
- *
- * Allows updating session metadata (not tokens).
- * Token refresh should use the /api/auth/refresh endpoint.
- *
- * Body:
- * - metadata: object - Custom metadata to store in session
- */
-async function POST(req) {
-    try {
-        const secret = await getNextAuthSecret();
-        const token = await (0, jwt_1.getToken)({ req, secret, cookieName: (0, app_slug_1.getJwtCookieName)() });
-        if (!token) {
-            return server_1.NextResponse.json({
-                error: 'No session found',
-                code: 'UNAUTHORIZED'
-            }, { status: 401 });
-        }
-        // Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
-        const sessionToken = token.sessionToken || token.redisSessionId;
-        if (!sessionToken) {
-            return server_1.NextResponse.json({
-                error: 'Invalid session',
-                code: 'INVALID_SESSION'
-            }, { status: 400 });
-        }
-        const body = await req.json();
-        const { metadata, access_token, refresh_token, twoFactorComplete, twoFactorMethod } = body;
-        // Get current session
-        const session = await (0, session_store_1.getSession)(sessionToken);
-        if (!session) {
-            return server_1.NextResponse.json({
-                error: 'Session not found',
-                code: 'SESSION_NOT_FOUND'
-            }, { status: 404 });
-        }
-        // Update session with new data
-        const updatedSession = {
-            ...session,
-            ...(access_token ? { accessToken: access_token } : {}),
-            ...(refresh_token ? { refreshToken: refresh_token } : {}),
-            ...(typeof twoFactorComplete === 'boolean' ? { twoFactorComplete } : {}),
-            ...(twoFactorMethod ? { twoFactorMethod } : {}),
-            ...(metadata ? {
-                metadata: {
-                    ...(session.metadata || {}),
-                    ...metadata,
-                    updatedAt: new Date().toISOString()
-                }
-            } : {})
-        };
-        await (0, session_store_1.updateSession)(sessionToken, updatedSession);
-        return server_1.NextResponse.json({
-            success: true,
-            message: 'Session updated successfully'
-        });
-    }
-    catch (error) {
-        console.error('[SESSION_ROUTE] Error updating session:', error);
-        return server_1.NextResponse.json({
-            error: 'Failed to update session',
-            details: error instanceof Error ? error.message : 'Unknown error'
-        }, { status: 500 });
-    }
-}

package/dist/routes/auth/settings.d.ts

@@ -1,25 +0,0 @@
-/**
- * Public Auth Settings Route
- *
- * Returns client auth settings for pre-login pages (signup, login).
- * Does NOT require authentication - these are public client settings.
- */
-import { NextResponse } from 'next/server';
-export interface PublicAuthSettings {
-    enabledProviders: string[];
-    allowPublicRegistration: boolean;
-    allowSocialLogin: boolean;
-    enablePasswordReset: boolean;
-    require2FA: boolean;
-    allowed2FAMethods: string[];
-}
-/**
- * GET /api/auth/settings
- *
- * Returns public auth settings for the current client.
- * Used by login/signup pages to determine what options to show.
- */
-export declare function GET(): Promise<NextResponse<{
-    success: boolean;
-    data: PublicAuthSettings;
-}>>;

package/dist/routes/auth/settings.js

@@ -1,55 +0,0 @@
-"use strict";
-/**
- * Public Auth Settings Route
- *
- * Returns client auth settings for pre-login pages (signup, login).
- * Does NOT require authentication - these are public client settings.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.GET = GET;
-const server_1 = require("next/server");
-const idp_client_config_1 = require("../../lib/idp-client-config");
-/**
- * GET /api/auth/settings
- *
- * Returns public auth settings for the current client.
- * Used by login/signup pages to determine what options to show.
- */
-async function GET() {
-    try {
-        const config = await (0, idp_client_config_1.getIDPClientConfig)();
-        const settings = {
-            // Get enabled OAuth provider names
-            enabledProviders: config.oauthProviders
-                ?.filter(p => p.enabled)
-                .map(p => p.provider) ?? [],
-            // Registration - default to true if not specified
-            allowPublicRegistration: true, // Could come from config.authSettings in future
-            allowSocialLogin: config.oauthProviders?.some(p => p.enabled) ?? false,
-            // Password reset
-            enablePasswordReset: true, // Could come from config.authSettings in future
-            // 2FA
-            require2FA: config.authSettings?.require2FA ?? true,
-            allowed2FAMethods: config.authSettings?.allowed2FAMethods ?? ['email', 'sms'],
-        };
-        return server_1.NextResponse.json({
-            success: true,
-            data: settings,
-        });
-    }
-    catch (error) {
-        console.error('[AUTH_SETTINGS] Failed to get settings:', error);
-        // Return safe defaults on error
-        return server_1.NextResponse.json({
-            success: true,
-            data: {
-                enabledProviders: [],
-                allowPublicRegistration: true,
-                allowSocialLogin: false,
-                enablePasswordReset: true,
-                require2FA: true,
-                allowed2FAMethods: ['email', 'sms'],
-            },
-        });
-    }
-}

package/dist/routes/auth/viability.d.ts

@@ -1,52 +0,0 @@
-/**
- * Ready-to-Use Session Viability Route
- *
- * Checks if the current session is viable (valid and not expired).
- * Used by client-side code to determine if a refresh is needed.
- *
- * @example
- * ```typescript
- * // app/api/session/viability/route.ts
- * export { GET } from '@payez/next-mvp/routes/auth/viability';
- * ```
- *
- * @version 2.0.0
- * @since auth-ready-v2
- */
-import { NextRequest, NextResponse } from 'next/server';
-/**
- * GET /api/session/viability - Check if session is viable
- *
- * Returns:
- * - viable: boolean - Whether the session can be used
- * - needsRefresh: boolean - Whether a refresh is recommended
- * - expiresIn: number - Seconds until token expires
- */
-export declare function GET(req: NextRequest): Promise<NextResponse<{
-    viable: boolean;
-    needsRefresh: boolean;
-    authenticated: boolean;
-    reason: string;
-}> | NextResponse<{
-    viable: boolean;
-    needsRefresh: boolean;
-    expiresIn: number;
-    hasRefreshToken: boolean;
-    authenticated: boolean;
-    sessionToken: any;
-    tenantRequiresTwoFactor: boolean;
-    userHasCompletedTenantTwoFactorRequirements: any;
-    userStillNeedsTwoFactor: boolean;
-    requires2FA: boolean;
-    twoFactorComplete: any;
-    accessTokenExpired: boolean;
-    expiresAt: string;
-    roles: string[];
-    clientId: string;
-}> | NextResponse<{
-    viable: boolean;
-    needsRefresh: boolean;
-    authenticated: boolean;
-    error: string;
-    details: string;
-}>>;