@payez/next-mvp 3.9.1 → 4.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +6 -18
- package/src/api/auth-handler.ts +550 -549
- package/src/api-handlers/account/change-password.ts +5 -8
- package/src/api-handlers/admin/analytics.ts +4 -6
- package/src/api-handlers/admin/audit.ts +5 -7
- package/src/api-handlers/admin/index.ts +1 -2
- package/src/api-handlers/admin/redis-sessions.ts +6 -8
- package/src/api-handlers/admin/sessions.ts +5 -7
- package/src/api-handlers/admin/site-logs.ts +8 -10
- package/src/api-handlers/admin/stats.ts +4 -6
- package/src/api-handlers/admin/users.ts +5 -7
- package/src/api-handlers/admin/vibe-data.ts +10 -12
- package/src/api-handlers/auth/refresh.ts +5 -7
- package/src/api-handlers/auth/signout.ts +5 -6
- package/src/api-handlers/auth/status.ts +4 -7
- package/src/api-handlers/auth/update-session.ts +123 -125
- package/src/api-handlers/auth/verify-code.ts +9 -13
- package/src/api-handlers/session/viability.ts +10 -47
- package/src/api-handlers/test/force-expire.ts +4 -11
- package/src/auth/auth-decision.ts +1 -1
- package/src/auth/better-auth.ts +138 -141
- package/src/auth/route-config.ts +219 -219
- package/src/auth/utils/token-utils.ts +0 -1
- package/src/client/AuthContext.tsx +6 -2
- package/src/client/fetch-with-auth.ts +47 -47
- package/src/components/SessionSync.tsx +6 -5
- package/src/components/account/MobileNavDrawer.tsx +3 -3
- package/src/components/account/UserAvatarMenu.tsx +6 -3
- package/src/components/admin/VibeAdminLayout.tsx +4 -2
- package/src/config/logger.ts +1 -1
- package/src/hooks/useAuth.ts +117 -115
- package/src/hooks/useAuthSettings.ts +2 -2
- package/src/hooks/useAvailableProviders.ts +9 -5
- package/src/hooks/useSessionExpiration.ts +101 -102
- package/src/hooks/useViabilitySession.ts +336 -335
- package/src/index.ts +60 -63
- package/src/lib/api-handler.ts +0 -1
- package/src/lib/app-slug.ts +6 -6
- package/src/lib/standardized-client-api.ts +901 -895
- package/src/lib/startup-init.ts +243 -247
- package/src/lib/test-aware-get-token.ts +22 -12
- package/src/lib/token-lifecycle.ts +12 -53
- package/src/pages/admin-login/page.tsx +9 -17
- package/src/pages/client-admin/ClientSiteAdminPage.tsx +4 -2
- package/src/pages/login/page.tsx +21 -28
- package/src/pages/showcase/ShowcasePage.tsx +4 -2
- package/src/pages/test-env/EmergencyLogoutPage.tsx +7 -6
- package/src/pages/test-env/JwtInspectPage.tsx +5 -3
- package/src/pages/test-env/RefreshTokenPage.tsx +157 -155
- package/src/pages/test-env/TestEnvPage.tsx +4 -2
- package/src/pages/verify-code/page.tsx +10 -6
- package/src/routes/auth/logout.ts +7 -25
- package/src/routes/auth/nextauth.ts +45 -71
- package/src/routes/auth/session.ts +25 -50
- package/src/routes/auth/viability.ts +7 -19
- package/src/server/auth.ts +60 -0
- package/src/stores/authStore.ts +1899 -1904
- package/src/utils/logout.ts +30 -30
- package/dist/api/auth-handler.d.ts +0 -67
- package/dist/api/auth-handler.js +0 -397
- package/dist/api/index.d.ts +0 -10
- package/dist/api/index.js +0 -19
- package/dist/api-handlers/account/change-password.d.ts +0 -9
- package/dist/api-handlers/account/change-password.js +0 -112
- package/dist/api-handlers/account/masked-info.d.ts +0 -2
- package/dist/api-handlers/account/masked-info.js +0 -41
- package/dist/api-handlers/account/profile.d.ts +0 -3
- package/dist/api-handlers/account/profile.js +0 -63
- package/dist/api-handlers/account/recovery/initiate.d.ts +0 -2
- package/dist/api-handlers/account/recovery/initiate.js +0 -26
- package/dist/api-handlers/account/recovery/send-code.d.ts +0 -2
- package/dist/api-handlers/account/recovery/send-code.js +0 -28
- package/dist/api-handlers/account/recovery/verify-code.d.ts +0 -2
- package/dist/api-handlers/account/recovery/verify-code.js +0 -28
- package/dist/api-handlers/account/reset-password.d.ts +0 -2
- package/dist/api-handlers/account/reset-password.js +0 -26
- package/dist/api-handlers/account/send-code.d.ts +0 -24
- package/dist/api-handlers/account/send-code.js +0 -60
- package/dist/api-handlers/account/update-phone.d.ts +0 -27
- package/dist/api-handlers/account/update-phone.js +0 -64
- package/dist/api-handlers/account/validate-password.d.ts +0 -17
- package/dist/api-handlers/account/validate-password.js +0 -81
- package/dist/api-handlers/account/verify-email.d.ts +0 -26
- package/dist/api-handlers/account/verify-email.js +0 -106
- package/dist/api-handlers/account/verify-sms.d.ts +0 -26
- package/dist/api-handlers/account/verify-sms.js +0 -106
- package/dist/api-handlers/admin/analytics.d.ts +0 -20
- package/dist/api-handlers/admin/analytics.js +0 -379
- package/dist/api-handlers/admin/audit.d.ts +0 -20
- package/dist/api-handlers/admin/audit.js +0 -214
- package/dist/api-handlers/admin/index.d.ts +0 -22
- package/dist/api-handlers/admin/index.js +0 -43
- package/dist/api-handlers/admin/redis-sessions.d.ts +0 -36
- package/dist/api-handlers/admin/redis-sessions.js +0 -204
- package/dist/api-handlers/admin/sessions.d.ts +0 -21
- package/dist/api-handlers/admin/sessions.js +0 -284
- package/dist/api-handlers/admin/site-logs.d.ts +0 -46
- package/dist/api-handlers/admin/site-logs.js +0 -318
- package/dist/api-handlers/admin/stats.d.ts +0 -21
- package/dist/api-handlers/admin/stats.js +0 -240
- package/dist/api-handlers/admin/users.d.ts +0 -20
- package/dist/api-handlers/admin/users.js +0 -222
- package/dist/api-handlers/admin/vibe-data.d.ts +0 -80
- package/dist/api-handlers/admin/vibe-data.js +0 -268
- package/dist/api-handlers/anon/preferences.d.ts +0 -37
- package/dist/api-handlers/anon/preferences.js +0 -96
- package/dist/api-handlers/auth/jwks.d.ts +0 -2
- package/dist/api-handlers/auth/jwks.js +0 -24
- package/dist/api-handlers/auth/login.d.ts +0 -42
- package/dist/api-handlers/auth/login.js +0 -178
- package/dist/api-handlers/auth/refresh.d.ts +0 -74
- package/dist/api-handlers/auth/refresh.js +0 -635
- package/dist/api-handlers/auth/signout.d.ts +0 -37
- package/dist/api-handlers/auth/signout.js +0 -187
- package/dist/api-handlers/auth/status.d.ts +0 -8
- package/dist/api-handlers/auth/status.js +0 -26
- package/dist/api-handlers/auth/update-session.d.ts +0 -37
- package/dist/api-handlers/auth/update-session.js +0 -95
- package/dist/api-handlers/auth/validate.d.ts +0 -6
- package/dist/api-handlers/auth/validate.js +0 -43
- package/dist/api-handlers/auth/verify-code.d.ts +0 -43
- package/dist/api-handlers/auth/verify-code.js +0 -94
- package/dist/api-handlers/session/refresh-viability.d.ts +0 -14
- package/dist/api-handlers/session/refresh-viability.js +0 -39
- package/dist/api-handlers/session/viability.d.ts +0 -13
- package/dist/api-handlers/session/viability.js +0 -146
- package/dist/api-handlers/test/force-expire.d.ts +0 -23
- package/dist/api-handlers/test/force-expire.js +0 -65
- package/dist/auth/auth-decision.d.ts +0 -39
- package/dist/auth/auth-decision.js +0 -182
- package/dist/auth/auth-options.d.ts +0 -57
- package/dist/auth/auth-options.js +0 -213
- package/dist/auth/better-auth.d.ts +0 -82
- package/dist/auth/better-auth.js +0 -122
- package/dist/auth/callbacks/index.d.ts +0 -6
- package/dist/auth/callbacks/index.js +0 -12
- package/dist/auth/callbacks/jwt.d.ts +0 -45
- package/dist/auth/callbacks/jwt.js +0 -305
- package/dist/auth/callbacks/session.d.ts +0 -60
- package/dist/auth/callbacks/session.js +0 -170
- package/dist/auth/callbacks/signin.d.ts +0 -23
- package/dist/auth/callbacks/signin.js +0 -44
- package/dist/auth/events/index.d.ts +0 -4
- package/dist/auth/events/index.js +0 -8
- package/dist/auth/events/signout.d.ts +0 -17
- package/dist/auth/events/signout.js +0 -32
- package/dist/auth/providers/credentials.d.ts +0 -32
- package/dist/auth/providers/credentials.js +0 -223
- package/dist/auth/providers/index.d.ts +0 -5
- package/dist/auth/providers/index.js +0 -21
- package/dist/auth/providers/oauth.d.ts +0 -26
- package/dist/auth/providers/oauth.js +0 -105
- package/dist/auth/route-config.d.ts +0 -66
- package/dist/auth/route-config.js +0 -190
- package/dist/auth/types/auth-types.d.ts +0 -417
- package/dist/auth/types/auth-types.js +0 -53
- package/dist/auth/types/index.d.ts +0 -6
- package/dist/auth/types/index.js +0 -22
- package/dist/auth/unauthenticated-routes.d.ts +0 -1
- package/dist/auth/unauthenticated-routes.js +0 -19
- package/dist/auth/utils/idp-client.d.ts +0 -94
- package/dist/auth/utils/idp-client.js +0 -384
- package/dist/auth/utils/index.d.ts +0 -5
- package/dist/auth/utils/index.js +0 -21
- package/dist/auth/utils/token-utils.d.ts +0 -84
- package/dist/auth/utils/token-utils.js +0 -219
- package/dist/client/AuthContext.d.ts +0 -19
- package/dist/client/AuthContext.js +0 -112
- package/dist/client/better-auth-client.d.ts +0 -1020
- package/dist/client/better-auth-client.js +0 -68
- package/dist/client/fetch-with-auth.d.ts +0 -11
- package/dist/client/fetch-with-auth.js +0 -44
- package/dist/client/fetchWithSession.d.ts +0 -3
- package/dist/client/fetchWithSession.js +0 -24
- package/dist/client/index.d.ts +0 -9
- package/dist/client/index.js +0 -20
- package/dist/client/useAnonSession.d.ts +0 -36
- package/dist/client/useAnonSession.js +0 -99
- package/dist/components/SessionSync.d.ts +0 -13
- package/dist/components/SessionSync.js +0 -119
- package/dist/components/SignalRHealthCheck.d.ts +0 -10
- package/dist/components/SignalRHealthCheck.js +0 -97
- package/dist/components/account/MobileNavDrawer.d.ts +0 -32
- package/dist/components/account/MobileNavDrawer.js +0 -81
- package/dist/components/account/UserAvatarMenu.d.ts +0 -20
- package/dist/components/account/UserAvatarMenu.js +0 -88
- package/dist/components/account/index.d.ts +0 -9
- package/dist/components/account/index.js +0 -13
- package/dist/components/admin/AlertSettingsTab.d.ts +0 -48
- package/dist/components/admin/AlertSettingsTab.js +0 -351
- package/dist/components/admin/AnalyticsTab.d.ts +0 -22
- package/dist/components/admin/AnalyticsTab.js +0 -167
- package/dist/components/admin/DataBrowserTab.d.ts +0 -19
- package/dist/components/admin/DataBrowserTab.js +0 -252
- package/dist/components/admin/LoggingSettingsTab.d.ts +0 -73
- package/dist/components/admin/LoggingSettingsTab.js +0 -339
- package/dist/components/admin/SessionsTab.d.ts +0 -37
- package/dist/components/admin/SessionsTab.js +0 -165
- package/dist/components/admin/StatsTab.d.ts +0 -53
- package/dist/components/admin/StatsTab.js +0 -161
- package/dist/components/admin/VibeAdminContext.d.ts +0 -32
- package/dist/components/admin/VibeAdminContext.js +0 -38
- package/dist/components/admin/VibeAdminLayout.d.ts +0 -11
- package/dist/components/admin/VibeAdminLayout.js +0 -69
- package/dist/components/admin/index.d.ts +0 -29
- package/dist/components/admin/index.js +0 -44
- package/dist/components/auth/FederatedAuthSection.d.ts +0 -8
- package/dist/components/auth/FederatedAuthSection.js +0 -45
- package/dist/components/auth/ModeAwareLoginPage.d.ts +0 -10
- package/dist/components/auth/ModeAwareLoginPage.js +0 -42
- package/dist/components/auth/ModeAwareSignupPage.d.ts +0 -9
- package/dist/components/auth/ModeAwareSignupPage.js +0 -78
- package/dist/components/auth/TraditionalAuthSection.d.ts +0 -14
- package/dist/components/auth/TraditionalAuthSection.js +0 -20
- package/dist/components/recovery/CompleteStep.d.ts +0 -5
- package/dist/components/recovery/CompleteStep.js +0 -8
- package/dist/components/recovery/InitiateRecoveryStep.d.ts +0 -8
- package/dist/components/recovery/InitiateRecoveryStep.js +0 -20
- package/dist/components/recovery/SelectMethodStep.d.ts +0 -8
- package/dist/components/recovery/SelectMethodStep.js +0 -8
- package/dist/components/recovery/SetPasswordStep.d.ts +0 -6
- package/dist/components/recovery/SetPasswordStep.js +0 -20
- package/dist/components/recovery/VerifyCodeStep.d.ts +0 -10
- package/dist/components/recovery/VerifyCodeStep.js +0 -24
- package/dist/components/reserved/ReservedRecoveryWarning.d.ts +0 -38
- package/dist/components/reserved/ReservedRecoveryWarning.js +0 -92
- package/dist/components/reserved/ReservedStatusBox.d.ts +0 -30
- package/dist/components/reserved/ReservedStatusBox.js +0 -71
- package/dist/components/ui/BetaBadge.d.ts +0 -29
- package/dist/components/ui/BetaBadge.js +0 -38
- package/dist/components/ui/Footer.d.ts +0 -37
- package/dist/components/ui/Footer.js +0 -41
- package/dist/config/env.d.ts +0 -66
- package/dist/config/env.js +0 -57
- package/dist/config/logger.d.ts +0 -57
- package/dist/config/logger.js +0 -73
- package/dist/config/logging-config.d.ts +0 -30
- package/dist/config/logging-config.js +0 -122
- package/dist/config/unauthenticated-routes.d.ts +0 -17
- package/dist/config/unauthenticated-routes.js +0 -24
- package/dist/config/vibe-log-transport.d.ts +0 -81
- package/dist/config/vibe-log-transport.js +0 -212
- package/dist/edge/internal-api-url.d.ts +0 -53
- package/dist/edge/internal-api-url.js +0 -63
- package/dist/edge/middleware.d.ts +0 -14
- package/dist/edge/middleware.js +0 -32
- package/dist/hooks/useAuth.d.ts +0 -23
- package/dist/hooks/useAuth.js +0 -81
- package/dist/hooks/useAuthSettings.d.ts +0 -59
- package/dist/hooks/useAuthSettings.js +0 -93
- package/dist/hooks/useAvailableProviders.d.ts +0 -45
- package/dist/hooks/useAvailableProviders.js +0 -108
- package/dist/hooks/usePasswordValidation.d.ts +0 -27
- package/dist/hooks/usePasswordValidation.js +0 -102
- package/dist/hooks/useProfile.d.ts +0 -15
- package/dist/hooks/useProfile.js +0 -59
- package/dist/hooks/usePublicAuthSettings.d.ts +0 -56
- package/dist/hooks/usePublicAuthSettings.js +0 -131
- package/dist/hooks/useSessionExpiration.d.ts +0 -57
- package/dist/hooks/useSessionExpiration.js +0 -72
- package/dist/hooks/useViabilitySession.d.ts +0 -75
- package/dist/hooks/useViabilitySession.js +0 -268
- package/dist/index.d.ts +0 -12
- package/dist/index.js +0 -55
- package/dist/lib/anon-session.d.ts +0 -74
- package/dist/lib/anon-session.js +0 -169
- package/dist/lib/api-handler.d.ts +0 -123
- package/dist/lib/api-handler.js +0 -478
- package/dist/lib/app-slug.d.ts +0 -95
- package/dist/lib/app-slug.js +0 -172
- package/dist/lib/demo-mode.d.ts +0 -6
- package/dist/lib/demo-mode.js +0 -16
- package/dist/lib/geolocation.d.ts +0 -64
- package/dist/lib/geolocation.js +0 -235
- package/dist/lib/idp-client-config.d.ts +0 -75
- package/dist/lib/idp-client-config.js +0 -425
- package/dist/lib/idp-fetch.d.ts +0 -14
- package/dist/lib/idp-fetch.js +0 -91
- package/dist/lib/internal-api.d.ts +0 -87
- package/dist/lib/internal-api.js +0 -122
- package/dist/lib/jwt-decode-client.d.ts +0 -10
- package/dist/lib/jwt-decode-client.js +0 -46
- package/dist/lib/jwt-decode.d.ts +0 -48
- package/dist/lib/jwt-decode.js +0 -57
- package/dist/lib/nextauth-secret.d.ts +0 -10
- package/dist/lib/nextauth-secret.js +0 -100
- package/dist/lib/rate-limit-service.d.ts +0 -23
- package/dist/lib/rate-limit-service.js +0 -6
- package/dist/lib/redis.d.ts +0 -5
- package/dist/lib/redis.js +0 -28
- package/dist/lib/refresh-token-validator.d.ts +0 -13
- package/dist/lib/refresh-token-validator.js +0 -117
- package/dist/lib/roles.d.ts +0 -145
- package/dist/lib/roles.js +0 -168
- package/dist/lib/secret-validation.d.ts +0 -4
- package/dist/lib/secret-validation.js +0 -14
- package/dist/lib/session-store.d.ts +0 -170
- package/dist/lib/session-store.js +0 -545
- package/dist/lib/session.d.ts +0 -21
- package/dist/lib/session.js +0 -26
- package/dist/lib/site-logger.d.ts +0 -214
- package/dist/lib/site-logger.js +0 -210
- package/dist/lib/standardized-client-api.d.ts +0 -161
- package/dist/lib/standardized-client-api.js +0 -786
- package/dist/lib/startup-init.d.ts +0 -40
- package/dist/lib/startup-init.js +0 -261
- package/dist/lib/test-aware-get-token.d.ts +0 -2
- package/dist/lib/test-aware-get-token.js +0 -81
- package/dist/lib/token-expiry.d.ts +0 -14
- package/dist/lib/token-expiry.js +0 -39
- package/dist/lib/token-lifecycle.d.ts +0 -52
- package/dist/lib/token-lifecycle.js +0 -398
- package/dist/lib/types/api-responses.d.ts +0 -128
- package/dist/lib/types/api-responses.js +0 -171
- package/dist/lib/user-agent-parser.d.ts +0 -50
- package/dist/lib/user-agent-parser.js +0 -220
- package/dist/logging/api/admin-analytics.d.ts +0 -3
- package/dist/logging/api/admin-analytics.js +0 -45
- package/dist/logging/api/audit-log.d.ts +0 -3
- package/dist/logging/api/audit-log.js +0 -52
- package/dist/logging/components/AdminAnalyticsLayout.d.ts +0 -10
- package/dist/logging/components/AdminAnalyticsLayout.js +0 -11
- package/dist/logging/components/AuditLogViewer.d.ts +0 -7
- package/dist/logging/components/AuditLogViewer.js +0 -51
- package/dist/logging/components/ErrorMetricsCard.d.ts +0 -7
- package/dist/logging/components/ErrorMetricsCard.js +0 -16
- package/dist/logging/components/HealthMetricsCard.d.ts +0 -7
- package/dist/logging/components/HealthMetricsCard.js +0 -19
- package/dist/logging/hooks/useAdminAnalytics.d.ts +0 -24
- package/dist/logging/hooks/useAdminAnalytics.js +0 -22
- package/dist/logging/hooks/useAuditLog.d.ts +0 -6
- package/dist/logging/hooks/useAuditLog.js +0 -25
- package/dist/logging/hooks/useErrorMetrics.d.ts +0 -6
- package/dist/logging/hooks/useErrorMetrics.js +0 -38
- package/dist/logging/hooks/useHealthMetrics.d.ts +0 -6
- package/dist/logging/hooks/useHealthMetrics.js +0 -41
- package/dist/logging/index.d.ts +0 -11
- package/dist/logging/index.js +0 -40
- package/dist/logging/types/analytics.d.ts +0 -68
- package/dist/logging/types/analytics.js +0 -3
- package/dist/logging/types/audit.d.ts +0 -29
- package/dist/logging/types/audit.js +0 -2
- package/dist/logging/types/index.d.ts +0 -2
- package/dist/logging/types/index.js +0 -19
- package/dist/middleware/auth-decision.d.ts +0 -33
- package/dist/middleware/auth-decision.js +0 -65
- package/dist/middleware/create-middleware.d.ts +0 -102
- package/dist/middleware/create-middleware.js +0 -469
- package/dist/middleware/rbac-check.d.ts +0 -51
- package/dist/middleware/rbac-check.js +0 -219
- package/dist/middleware/twofa-presets.d.ts +0 -134
- package/dist/middleware/twofa-presets.js +0 -175
- package/dist/models/DecodedAccessToken.d.ts +0 -17
- package/dist/models/DecodedAccessToken.js +0 -2
- package/dist/models/SessionModel.d.ts +0 -122
- package/dist/models/SessionModel.js +0 -136
- package/dist/pages/admin-login/page.d.ts +0 -31
- package/dist/pages/admin-login/page.js +0 -83
- package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.d.ts +0 -18
- package/dist/pages/admin-page-permissions/PagePermissionsAdminPage.js +0 -276
- package/dist/pages/admin-page-permissions/index.d.ts +0 -6
- package/dist/pages/admin-page-permissions/index.js +0 -13
- package/dist/pages/admin-roles/RolesAdminPage.d.ts +0 -16
- package/dist/pages/admin-roles/RolesAdminPage.js +0 -261
- package/dist/pages/admin-roles/index.d.ts +0 -8
- package/dist/pages/admin-roles/index.js +0 -15
- package/dist/pages/admin-roles/modals.d.ts +0 -72
- package/dist/pages/admin-roles/modals.js +0 -154
- package/dist/pages/client-admin/ClientSiteAdminPage.d.ts +0 -79
- package/dist/pages/client-admin/ClientSiteAdminPage.js +0 -177
- package/dist/pages/client-admin/index.d.ts +0 -32
- package/dist/pages/client-admin/index.js +0 -37
- package/dist/pages/coming-soon/page.d.ts +0 -8
- package/dist/pages/coming-soon/page.js +0 -28
- package/dist/pages/login/page.d.ts +0 -22
- package/dist/pages/login/page.js +0 -239
- package/dist/pages/profile/EnhancedProfilePage.d.ts +0 -13
- package/dist/pages/profile/EnhancedProfilePage.js +0 -150
- package/dist/pages/profile/index.d.ts +0 -8
- package/dist/pages/profile/index.js +0 -16
- package/dist/pages/profile/page.d.ts +0 -19
- package/dist/pages/profile/page.js +0 -47
- package/dist/pages/profile/profile-patch.d.ts +0 -1
- package/dist/pages/profile/profile-patch.js +0 -281
- package/dist/pages/recovery/page.d.ts +0 -1
- package/dist/pages/recovery/page.js +0 -142
- package/dist/pages/roles/MyRolesPage.d.ts +0 -24
- package/dist/pages/roles/MyRolesPage.js +0 -71
- package/dist/pages/roles/components.d.ts +0 -63
- package/dist/pages/roles/components.js +0 -108
- package/dist/pages/roles/index.d.ts +0 -8
- package/dist/pages/roles/index.js +0 -19
- package/dist/pages/security/EnhancedSecurityPage.d.ts +0 -14
- package/dist/pages/security/EnhancedSecurityPage.js +0 -248
- package/dist/pages/security/index.d.ts +0 -8
- package/dist/pages/security/index.js +0 -16
- package/dist/pages/security/page.d.ts +0 -21
- package/dist/pages/security/page.js +0 -212
- package/dist/pages/security/security-patch.d.ts +0 -1
- package/dist/pages/security/security-patch.js +0 -302
- package/dist/pages/settings/EnhancedSettingsPage.d.ts +0 -46
- package/dist/pages/settings/EnhancedSettingsPage.js +0 -231
- package/dist/pages/settings/index.d.ts +0 -8
- package/dist/pages/settings/index.js +0 -16
- package/dist/pages/settings/page.d.ts +0 -7
- package/dist/pages/settings/page.js +0 -26
- package/dist/pages/showcase/ShowcasePage.d.ts +0 -13
- package/dist/pages/showcase/ShowcasePage.js +0 -140
- package/dist/pages/showcase/index.d.ts +0 -12
- package/dist/pages/showcase/index.js +0 -17
- package/dist/pages/test-env/EmergencyLogoutPage.d.ts +0 -14
- package/dist/pages/test-env/EmergencyLogoutPage.js +0 -98
- package/dist/pages/test-env/JwtInspectPage.d.ts +0 -14
- package/dist/pages/test-env/JwtInspectPage.js +0 -114
- package/dist/pages/test-env/RefreshTokenPage.d.ts +0 -15
- package/dist/pages/test-env/RefreshTokenPage.js +0 -91
- package/dist/pages/test-env/TestEnvPage.d.ts +0 -13
- package/dist/pages/test-env/TestEnvPage.js +0 -49
- package/dist/pages/test-env/index.d.ts +0 -24
- package/dist/pages/test-env/index.js +0 -32
- package/dist/pages/verify-code/page.d.ts +0 -30
- package/dist/pages/verify-code/page.js +0 -408
- package/dist/routes/account/index.d.ts +0 -28
- package/dist/routes/account/index.js +0 -71
- package/dist/routes/account/masked-info.d.ts +0 -33
- package/dist/routes/account/masked-info.js +0 -39
- package/dist/routes/account/send-code.d.ts +0 -37
- package/dist/routes/account/send-code.js +0 -42
- package/dist/routes/account/update-phone.d.ts +0 -13
- package/dist/routes/account/update-phone.js +0 -17
- package/dist/routes/account/verify-email.d.ts +0 -38
- package/dist/routes/account/verify-email.js +0 -43
- package/dist/routes/account/verify-sms.d.ts +0 -38
- package/dist/routes/account/verify-sms.js +0 -43
- package/dist/routes/auth/index.d.ts +0 -19
- package/dist/routes/auth/index.js +0 -64
- package/dist/routes/auth/logout.d.ts +0 -31
- package/dist/routes/auth/logout.js +0 -113
- package/dist/routes/auth/nextauth.d.ts +0 -19
- package/dist/routes/auth/nextauth.js +0 -72
- package/dist/routes/auth/refresh.d.ts +0 -30
- package/dist/routes/auth/refresh.js +0 -51
- package/dist/routes/auth/session.d.ts +0 -43
- package/dist/routes/auth/session.js +0 -179
- package/dist/routes/auth/settings.d.ts +0 -25
- package/dist/routes/auth/settings.js +0 -55
- package/dist/routes/auth/viability.d.ts +0 -52
- package/dist/routes/auth/viability.js +0 -201
- package/dist/routes/index.d.ts +0 -12
- package/dist/routes/index.js +0 -54
- package/dist/routes/session/index.d.ts +0 -6
- package/dist/routes/session/index.js +0 -10
- package/dist/routes/session/refresh-viability.d.ts +0 -16
- package/dist/routes/session/refresh-viability.js +0 -20
- package/dist/server/auth-guard.d.ts +0 -46
- package/dist/server/auth-guard.js +0 -128
- package/dist/server/decode-session.d.ts +0 -30
- package/dist/server/decode-session.js +0 -78
- package/dist/server/slim-middleware.d.ts +0 -23
- package/dist/server/slim-middleware.js +0 -89
- package/dist/server/with-auth.d.ts +0 -33
- package/dist/server/with-auth.js +0 -59
- package/dist/services/signalrActivityService.d.ts +0 -44
- package/dist/services/signalrActivityService.js +0 -257
- package/dist/stores/authStore.d.ts +0 -154
- package/dist/stores/authStore.js +0 -1531
- package/dist/theme/ThemeProvider.d.ts +0 -14
- package/dist/theme/ThemeProvider.js +0 -28
- package/dist/theme/default.d.ts +0 -8
- package/dist/theme/default.js +0 -33
- package/dist/theme/index.d.ts +0 -15
- package/dist/theme/index.js +0 -25
- package/dist/theme/types.d.ts +0 -56
- package/dist/theme/types.js +0 -8
- package/dist/theme/useTheme.d.ts +0 -60
- package/dist/theme/useTheme.js +0 -63
- package/dist/theme/utils.d.ts +0 -13
- package/dist/theme/utils.js +0 -39
- package/dist/types/api.d.ts +0 -134
- package/dist/types/api.js +0 -44
- package/dist/types/auth.d.ts +0 -19
- package/dist/types/auth.js +0 -2
- package/dist/types/logging.d.ts +0 -42
- package/dist/types/logging.js +0 -2
- package/dist/types/recovery.d.ts +0 -48
- package/dist/types/recovery.js +0 -2
- package/dist/types/security.d.ts +0 -1
- package/dist/types/security.js +0 -2
- package/dist/utils/api.d.ts +0 -85
- package/dist/utils/api.js +0 -287
- package/dist/utils/circuitBreaker.d.ts +0 -43
- package/dist/utils/circuitBreaker.js +0 -91
- package/dist/utils/error-message.d.ts +0 -1
- package/dist/utils/error-message.js +0 -103
- package/dist/utils/layout/reservedSpace.d.ts +0 -59
- package/dist/utils/layout/reservedSpace.js +0 -102
- package/dist/utils/logout.d.ts +0 -14
- package/dist/utils/logout.js +0 -32
- package/dist/vibe/client.d.ts +0 -261
- package/dist/vibe/client.js +0 -445
- package/dist/vibe/enterprise-auth.d.ts +0 -106
- package/dist/vibe/enterprise-auth.js +0 -173
- package/dist/vibe/errors.d.ts +0 -83
- package/dist/vibe/errors.js +0 -146
- package/dist/vibe/generic.d.ts +0 -234
- package/dist/vibe/generic.js +0 -369
- package/dist/vibe/hooks/index.d.ts +0 -169
- package/dist/vibe/hooks/index.js +0 -252
- package/dist/vibe/index.d.ts +0 -25
- package/dist/vibe/index.js +0 -72
- package/dist/vibe/sessions.d.ts +0 -161
- package/dist/vibe/sessions.js +0 -391
- package/dist/vibe/types.d.ts +0 -353
- package/dist/vibe/types.js +0 -315
- package/src/auth/auth-options.ts +0 -237
- package/src/auth/callbacks/index.ts +0 -7
- package/src/auth/callbacks/jwt.ts +0 -382
- package/src/auth/callbacks/session.ts +0 -243
- package/src/auth/callbacks/signin.ts +0 -56
- package/src/auth/events/index.ts +0 -5
- package/src/auth/events/signout.ts +0 -33
- package/src/auth/providers/credentials.ts +0 -256
- package/src/auth/providers/index.ts +0 -6
- package/src/auth/providers/oauth.ts +0 -114
- package/src/lib/nextauth-secret.ts +0 -121
- package/src/types/next-auth.d.ts +0 -15
|
@@ -1,201 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Ready-to-Use Session Viability Route
|
|
4
|
-
*
|
|
5
|
-
* Checks if the current session is viable (valid and not expired).
|
|
6
|
-
* Used by client-side code to determine if a refresh is needed.
|
|
7
|
-
*
|
|
8
|
-
* @example
|
|
9
|
-
* ```typescript
|
|
10
|
-
* // app/api/session/viability/route.ts
|
|
11
|
-
* export { GET } from '@payez/next-mvp/routes/auth/viability';
|
|
12
|
-
* ```
|
|
13
|
-
*
|
|
14
|
-
* @version 2.0.0
|
|
15
|
-
* @since auth-ready-v2
|
|
16
|
-
*/
|
|
17
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
-
exports.GET = GET;
|
|
19
|
-
const server_1 = require("next/server");
|
|
20
|
-
const jwt_1 = require("next-auth/jwt");
|
|
21
|
-
const session_store_1 = require("../../lib/session-store");
|
|
22
|
-
const app_slug_1 = require("../../lib/app-slug");
|
|
23
|
-
const idp_client_config_1 = require("../../lib/idp-client-config");
|
|
24
|
-
/**
|
|
25
|
-
* Get NextAuth secret from IDP config (cached).
|
|
26
|
-
* NEVER use process.env.NEXTAUTH_SECRET at module level - it may not be set yet.
|
|
27
|
-
*/
|
|
28
|
-
async function getNextAuthSecret() {
|
|
29
|
-
const config = await (0, idp_client_config_1.getIDPClientConfig)();
|
|
30
|
-
return config.nextAuthSecret || '';
|
|
31
|
-
}
|
|
32
|
-
/**
|
|
33
|
-
* Get tenant-wide 2FA requirement from cached client config (from broker handshake)
|
|
34
|
-
*/
|
|
35
|
-
async function getTenantRequiresTwoFactor() {
|
|
36
|
-
try {
|
|
37
|
-
const config = await (0, idp_client_config_1.getIDPClientConfig)();
|
|
38
|
-
return config.authSettings?.require2FA ?? true; // Default to true for security
|
|
39
|
-
}
|
|
40
|
-
catch {
|
|
41
|
-
console.warn('[VIABILITY] Could not get client config, defaulting tenantRequiresTwoFactor to true');
|
|
42
|
-
return true;
|
|
43
|
-
}
|
|
44
|
-
}
|
|
45
|
-
/**
|
|
46
|
-
* GET /api/session/viability - Check if session is viable
|
|
47
|
-
*
|
|
48
|
-
* Returns:
|
|
49
|
-
* - viable: boolean - Whether the session can be used
|
|
50
|
-
* - needsRefresh: boolean - Whether a refresh is recommended
|
|
51
|
-
* - expiresIn: number - Seconds until token expires
|
|
52
|
-
*/
|
|
53
|
-
async function GET(req) {
|
|
54
|
-
try {
|
|
55
|
-
const cookieName = (0, app_slug_1.getJwtCookieName)();
|
|
56
|
-
const secret = await getNextAuthSecret();
|
|
57
|
-
const token = await (0, jwt_1.getToken)({ req, secret, cookieName });
|
|
58
|
-
if (!token) {
|
|
59
|
-
return server_1.NextResponse.json({
|
|
60
|
-
viable: false,
|
|
61
|
-
needsRefresh: false,
|
|
62
|
-
authenticated: false,
|
|
63
|
-
reason: 'No session found'
|
|
64
|
-
});
|
|
65
|
-
}
|
|
66
|
-
// Support both field names: sessionToken (auth.ts JWT) and redisSessionId (legacy)
|
|
67
|
-
const sessionToken = token.sessionToken || token.redisSessionId;
|
|
68
|
-
const session = sessionToken ? await (0, session_store_1.getSession)(sessionToken) : null;
|
|
69
|
-
// CRITICAL: Detect stale cookie state (JWT exists but Redis session missing)
|
|
70
|
-
if (sessionToken && !session) {
|
|
71
|
-
console.warn('[VIABILITY] Stale cookie detected - session not in Redis');
|
|
72
|
-
return server_1.NextResponse.json({
|
|
73
|
-
viable: false,
|
|
74
|
-
needsRefresh: false,
|
|
75
|
-
authenticated: false,
|
|
76
|
-
sessionToken, // Return sessionToken so middleware can detect and clear stale cookie
|
|
77
|
-
reason: 'Stale session - cookie exists but session not found in Redis'
|
|
78
|
-
});
|
|
79
|
-
}
|
|
80
|
-
// Check access token expiry
|
|
81
|
-
const now = Math.floor(Date.now() / 1000);
|
|
82
|
-
const accessTokenExpires = token.accessTokenExpires || token.exp;
|
|
83
|
-
if (!accessTokenExpires) {
|
|
84
|
-
// No expiry info, assume viable but recommend refresh
|
|
85
|
-
const tenantRequiresTwoFactor = await getTenantRequiresTwoFactor();
|
|
86
|
-
// CRITICAL: Check if MFA has expired (2FA TTL enforcement)
|
|
87
|
-
const mfaExpiresAt = session?.mfaExpiresAt || 0;
|
|
88
|
-
const mfaExpired = mfaExpiresAt > 0 && mfaExpiresAt < Date.now();
|
|
89
|
-
// Check mfaVerified (normalized name) with fallback to twoFactorComplete for compatibility
|
|
90
|
-
const mfaVerifiedInSession = session?.mfaVerified ?? session?.twoFactorComplete ?? false;
|
|
91
|
-
// User has completed 2FA requirements if: they verified AND it hasn't expired
|
|
92
|
-
const userHasCompletedTenantTwoFactorRequirements = mfaVerifiedInSession && !mfaExpired;
|
|
93
|
-
// userStillNeedsTwoFactor = inverse of completed (matches session callback logic)
|
|
94
|
-
const userStillNeedsTwoFactor = !userHasCompletedTenantTwoFactorRequirements;
|
|
95
|
-
return server_1.NextResponse.json({
|
|
96
|
-
viable: true,
|
|
97
|
-
needsRefresh: true,
|
|
98
|
-
authenticated: true,
|
|
99
|
-
sessionToken,
|
|
100
|
-
// Clear names for middleware decision-making
|
|
101
|
-
tenantRequiresTwoFactor,
|
|
102
|
-
userHasCompletedTenantTwoFactorRequirements,
|
|
103
|
-
userStillNeedsTwoFactor,
|
|
104
|
-
// Legacy field names for backwards compatibility
|
|
105
|
-
requires2FA: tenantRequiresTwoFactor,
|
|
106
|
-
twoFactorComplete: userHasCompletedTenantTwoFactorRequirements,
|
|
107
|
-
accessTokenExpired: false,
|
|
108
|
-
reason: 'No expiry information'
|
|
109
|
-
});
|
|
110
|
-
}
|
|
111
|
-
// Convert to seconds if needed
|
|
112
|
-
const expiryTime = accessTokenExpires > 1000000000000
|
|
113
|
-
? Math.floor(accessTokenExpires / 1000)
|
|
114
|
-
: accessTokenExpires;
|
|
115
|
-
const expiresIn = expiryTime - now;
|
|
116
|
-
const isExpired = expiresIn <= 0;
|
|
117
|
-
const needsRefresh = expiresIn <= 300; // 5 minutes buffer
|
|
118
|
-
// Check if we have refresh capability (check normalized field name first)
|
|
119
|
-
const hasRefreshToken = !!(session?.idpRefreshToken || session?.refreshToken || token.refreshToken);
|
|
120
|
-
// CLEAR NAMING: Tenant-wide 2FA requirement from client config
|
|
121
|
-
const tenantRequiresTwoFactor = await getTenantRequiresTwoFactor();
|
|
122
|
-
// CRITICAL: Check if MFA has expired (2FA TTL enforcement)
|
|
123
|
-
// The session may have mfaVerified=true from days ago, but if mfaExpiresAt
|
|
124
|
-
// has passed, we must treat 2FA as incomplete to force re-verification.
|
|
125
|
-
const mfaExpiresAt = session?.mfaExpiresAt || 0;
|
|
126
|
-
const mfaExpired = mfaExpiresAt > 0 && mfaExpiresAt < Date.now();
|
|
127
|
-
// Check mfaVerified (normalized name) with fallback to twoFactorComplete for compatibility
|
|
128
|
-
const mfaVerifiedInSession = session?.mfaVerified ?? session?.twoFactorComplete ?? false;
|
|
129
|
-
// DEBUG: Log what we're reading from the session
|
|
130
|
-
console.log('[VIABILITY] Session 2FA state:', {
|
|
131
|
-
sessionToken: sessionToken?.substring(0, 8) + '...',
|
|
132
|
-
'session.mfaVerified': session?.mfaVerified,
|
|
133
|
-
'session.twoFactorComplete': session?.twoFactorComplete,
|
|
134
|
-
mfaVerifiedInSession,
|
|
135
|
-
mfaExpiresAt,
|
|
136
|
-
mfaExpired,
|
|
137
|
-
hasRefreshToken,
|
|
138
|
-
'session.idpRefreshToken': !!session?.idpRefreshToken,
|
|
139
|
-
'session.refreshToken': !!session?.refreshToken,
|
|
140
|
-
});
|
|
141
|
-
// CLEAR NAMING: User has completed 2FA requirements if: they verified AND it hasn't expired
|
|
142
|
-
const userHasCompletedTenantTwoFactorRequirements = mfaVerifiedInSession && !mfaExpired;
|
|
143
|
-
// userStillNeedsTwoFactor = inverse of completed (matches session callback logic)
|
|
144
|
-
const userStillNeedsTwoFactor = !userHasCompletedTenantTwoFactorRequirements;
|
|
145
|
-
if (mfaExpired && mfaVerifiedInSession) {
|
|
146
|
-
console.warn('[VIABILITY] MFA expired - forcing 2FA re-verification');
|
|
147
|
-
}
|
|
148
|
-
if (isExpired) {
|
|
149
|
-
return server_1.NextResponse.json({
|
|
150
|
-
viable: false,
|
|
151
|
-
needsRefresh: hasRefreshToken,
|
|
152
|
-
expiresIn: 0,
|
|
153
|
-
hasRefreshToken,
|
|
154
|
-
authenticated: true,
|
|
155
|
-
sessionToken,
|
|
156
|
-
// Clear names
|
|
157
|
-
tenantRequiresTwoFactor,
|
|
158
|
-
userHasCompletedTenantTwoFactorRequirements,
|
|
159
|
-
userStillNeedsTwoFactor,
|
|
160
|
-
// Legacy names for backwards compatibility
|
|
161
|
-
requires2FA: tenantRequiresTwoFactor,
|
|
162
|
-
twoFactorComplete: userHasCompletedTenantTwoFactorRequirements,
|
|
163
|
-
accessTokenExpired: true,
|
|
164
|
-
reason: 'Token expired',
|
|
165
|
-
// RBAC fields
|
|
166
|
-
roles: session?.roles || [],
|
|
167
|
-
clientId: session?.idpClientId || process.env.IDP_CLIENT_ID || '',
|
|
168
|
-
});
|
|
169
|
-
}
|
|
170
|
-
return server_1.NextResponse.json({
|
|
171
|
-
viable: true,
|
|
172
|
-
needsRefresh,
|
|
173
|
-
expiresIn,
|
|
174
|
-
hasRefreshToken,
|
|
175
|
-
authenticated: true,
|
|
176
|
-
sessionToken,
|
|
177
|
-
// Clear names
|
|
178
|
-
tenantRequiresTwoFactor,
|
|
179
|
-
userHasCompletedTenantTwoFactorRequirements,
|
|
180
|
-
userStillNeedsTwoFactor,
|
|
181
|
-
// Legacy names for backwards compatibility
|
|
182
|
-
requires2FA: tenantRequiresTwoFactor,
|
|
183
|
-
twoFactorComplete: userHasCompletedTenantTwoFactorRequirements,
|
|
184
|
-
accessTokenExpired: false,
|
|
185
|
-
expiresAt: new Date(expiryTime * 1000).toISOString(),
|
|
186
|
-
// RBAC fields
|
|
187
|
-
roles: session?.roles || [],
|
|
188
|
-
clientId: session?.idpClientId || process.env.IDP_CLIENT_ID || '',
|
|
189
|
-
});
|
|
190
|
-
}
|
|
191
|
-
catch (error) {
|
|
192
|
-
console.error('[VIABILITY_ROUTE] Error checking session viability:', error);
|
|
193
|
-
return server_1.NextResponse.json({
|
|
194
|
-
viable: false,
|
|
195
|
-
needsRefresh: false,
|
|
196
|
-
authenticated: false,
|
|
197
|
-
error: 'Failed to check session',
|
|
198
|
-
details: error instanceof Error ? error.message : 'Unknown error'
|
|
199
|
-
}, { status: 500 });
|
|
200
|
-
}
|
|
201
|
-
}
|
package/dist/routes/index.d.ts
DELETED
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* @payez/next-mvp Route Module Exports
|
|
3
|
-
*
|
|
4
|
-
* Ready-to-use route handlers for quick integration
|
|
5
|
-
*
|
|
6
|
-
* @version 2.3.0
|
|
7
|
-
* @since auth-ready-v2
|
|
8
|
-
*/
|
|
9
|
-
export * from './auth';
|
|
10
|
-
export * from './account';
|
|
11
|
-
export * as auth from './auth';
|
|
12
|
-
export * as account from './account';
|
package/dist/routes/index.js
DELETED
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* @payez/next-mvp Route Module Exports
|
|
4
|
-
*
|
|
5
|
-
* Ready-to-use route handlers for quick integration
|
|
6
|
-
*
|
|
7
|
-
* @version 2.3.0
|
|
8
|
-
* @since auth-ready-v2
|
|
9
|
-
*/
|
|
10
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
11
|
-
if (k2 === undefined) k2 = k;
|
|
12
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
13
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
14
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
15
|
-
}
|
|
16
|
-
Object.defineProperty(o, k2, desc);
|
|
17
|
-
}) : (function(o, m, k, k2) {
|
|
18
|
-
if (k2 === undefined) k2 = k;
|
|
19
|
-
o[k2] = m[k];
|
|
20
|
-
}));
|
|
21
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
22
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
23
|
-
}) : function(o, v) {
|
|
24
|
-
o["default"] = v;
|
|
25
|
-
});
|
|
26
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
27
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
28
|
-
};
|
|
29
|
-
var __importStar = (this && this.__importStar) || (function () {
|
|
30
|
-
var ownKeys = function(o) {
|
|
31
|
-
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
32
|
-
var ar = [];
|
|
33
|
-
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
34
|
-
return ar;
|
|
35
|
-
};
|
|
36
|
-
return ownKeys(o);
|
|
37
|
-
};
|
|
38
|
-
return function (mod) {
|
|
39
|
-
if (mod && mod.__esModule) return mod;
|
|
40
|
-
var result = {};
|
|
41
|
-
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
42
|
-
__setModuleDefault(result, mod);
|
|
43
|
-
return result;
|
|
44
|
-
};
|
|
45
|
-
})();
|
|
46
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
47
|
-
exports.account = exports.auth = void 0;
|
|
48
|
-
// Export auth routes
|
|
49
|
-
__exportStar(require("./auth"), exports);
|
|
50
|
-
// Export account/2FA routes
|
|
51
|
-
__exportStar(require("./account"), exports);
|
|
52
|
-
// Namespace exports for cleaner imports
|
|
53
|
-
exports.auth = __importStar(require("./auth"));
|
|
54
|
-
exports.account = __importStar(require("./account"));
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Session Routes Index
|
|
4
|
-
*
|
|
5
|
-
* Re-exports all session-related route handlers for easy importing.
|
|
6
|
-
*/
|
|
7
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
|
-
exports.refreshViabilityGET = void 0;
|
|
9
|
-
var refresh_viability_1 = require("./refresh-viability");
|
|
10
|
-
Object.defineProperty(exports, "refreshViabilityGET", { enumerable: true, get: function () { return refresh_viability_1.GET; } });
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Ready-to-Use Refresh Viability Route
|
|
3
|
-
*
|
|
4
|
-
* Checks if a session has a valid refresh token for automatic refresh.
|
|
5
|
-
* Used by middleware to decide whether to attempt refresh or redirect to login.
|
|
6
|
-
*
|
|
7
|
-
* @example
|
|
8
|
-
* ```typescript
|
|
9
|
-
* // app/api/session/refresh-viability/route.ts
|
|
10
|
-
* export { GET } from '@payez/next-mvp/routes/session/refresh-viability';
|
|
11
|
-
* ```
|
|
12
|
-
*
|
|
13
|
-
* @version 2.0.0
|
|
14
|
-
* @since auth-ready-v2
|
|
15
|
-
*/
|
|
16
|
-
export { GET } from '../../api-handlers/session/refresh-viability';
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Ready-to-Use Refresh Viability Route
|
|
4
|
-
*
|
|
5
|
-
* Checks if a session has a valid refresh token for automatic refresh.
|
|
6
|
-
* Used by middleware to decide whether to attempt refresh or redirect to login.
|
|
7
|
-
*
|
|
8
|
-
* @example
|
|
9
|
-
* ```typescript
|
|
10
|
-
* // app/api/session/refresh-viability/route.ts
|
|
11
|
-
* export { GET } from '@payez/next-mvp/routes/session/refresh-viability';
|
|
12
|
-
* ```
|
|
13
|
-
*
|
|
14
|
-
* @version 2.0.0
|
|
15
|
-
* @since auth-ready-v2
|
|
16
|
-
*/
|
|
17
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
-
exports.GET = void 0;
|
|
19
|
-
var refresh_viability_1 = require("../../api-handlers/session/refresh-viability");
|
|
20
|
-
Object.defineProperty(exports, "GET", { enumerable: true, get: function () { return refresh_viability_1.GET; } });
|
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Server-Side Auth Guard for Layouts
|
|
3
|
-
*
|
|
4
|
-
* Replaces middleware's self-fetch auth checks with direct Redis/function calls.
|
|
5
|
-
* Call from server-component layouts to protect routes.
|
|
6
|
-
*
|
|
7
|
-
* Zero HTTP self-fetches. ~8ms total (Redis + in-memory checks).
|
|
8
|
-
*/
|
|
9
|
-
import 'server-only';
|
|
10
|
-
import type { SessionData } from '../lib/session-store';
|
|
11
|
-
export interface AuthGuardOptions {
|
|
12
|
-
/** Custom checks to run after standard auth validation */
|
|
13
|
-
checks?: AuthCheck[];
|
|
14
|
-
/** Override login redirect URL (default: /account-auth/login) */
|
|
15
|
-
loginUrl?: string;
|
|
16
|
-
/** Override 2FA redirect URL (default: /account-auth/verify-code) */
|
|
17
|
-
verifyCodeUrl?: string;
|
|
18
|
-
/** Override service unavailable URL (default: /service-unavailable) */
|
|
19
|
-
serviceUnavailableUrl?: string;
|
|
20
|
-
}
|
|
21
|
-
export interface AuthCheck {
|
|
22
|
-
/** Name for logging */
|
|
23
|
-
name: string;
|
|
24
|
-
/** Returns redirect URL if check fails, null if passes */
|
|
25
|
-
check: (session: SessionData, pathname: string) => Promise<string | null>;
|
|
26
|
-
}
|
|
27
|
-
export interface AuthGuardResult {
|
|
28
|
-
userId: string;
|
|
29
|
-
email: string;
|
|
30
|
-
roles: string[];
|
|
31
|
-
sessionData: SessionData;
|
|
32
|
-
accessToken?: string;
|
|
33
|
-
}
|
|
34
|
-
/**
|
|
35
|
-
* Server-side auth guard. Call from async server layouts.
|
|
36
|
-
*
|
|
37
|
-
* Redirects (via next/navigation redirect()) if:
|
|
38
|
-
* - No session cookie / invalid JWT
|
|
39
|
-
* - Session not in Redis (stale)
|
|
40
|
-
* - Session force-invalidated
|
|
41
|
-
* - 2FA required but not completed / expired
|
|
42
|
-
* - Any custom check fails
|
|
43
|
-
*
|
|
44
|
-
* Returns the authenticated user's session data on success.
|
|
45
|
-
*/
|
|
46
|
-
export declare function authGuard(options?: AuthGuardOptions): Promise<AuthGuardResult>;
|
|
@@ -1,128 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Server-Side Auth Guard for Layouts
|
|
4
|
-
*
|
|
5
|
-
* Replaces middleware's self-fetch auth checks with direct Redis/function calls.
|
|
6
|
-
* Call from server-component layouts to protect routes.
|
|
7
|
-
*
|
|
8
|
-
* Zero HTTP self-fetches. ~8ms total (Redis + in-memory checks).
|
|
9
|
-
*/
|
|
10
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
-
exports.authGuard = authGuard;
|
|
12
|
-
require("server-only");
|
|
13
|
-
const navigation_1 = require("next/navigation");
|
|
14
|
-
const headers_1 = require("next/headers");
|
|
15
|
-
const decode_session_1 = require("./decode-session");
|
|
16
|
-
const idp_client_config_1 = require("../lib/idp-client-config");
|
|
17
|
-
// =============================================================================
|
|
18
|
-
// CONSTANTS
|
|
19
|
-
// =============================================================================
|
|
20
|
-
const LOGIN_PAGE = '/account-auth/login';
|
|
21
|
-
const VERIFY_CODE_PAGE = '/account-auth/verify-code';
|
|
22
|
-
const SERVICE_UNAVAILABLE_PAGE = '/service-unavailable';
|
|
23
|
-
// =============================================================================
|
|
24
|
-
// MAIN
|
|
25
|
-
// =============================================================================
|
|
26
|
-
/**
|
|
27
|
-
* Server-side auth guard. Call from async server layouts.
|
|
28
|
-
*
|
|
29
|
-
* Redirects (via next/navigation redirect()) if:
|
|
30
|
-
* - No session cookie / invalid JWT
|
|
31
|
-
* - Session not in Redis (stale)
|
|
32
|
-
* - Session force-invalidated
|
|
33
|
-
* - 2FA required but not completed / expired
|
|
34
|
-
* - Any custom check fails
|
|
35
|
-
*
|
|
36
|
-
* Returns the authenticated user's session data on success.
|
|
37
|
-
*/
|
|
38
|
-
async function authGuard(options) {
|
|
39
|
-
const loginUrl = options?.loginUrl || LOGIN_PAGE;
|
|
40
|
-
const verifyCodeUrl = options?.verifyCodeUrl || VERIFY_CODE_PAGE;
|
|
41
|
-
const serviceUnavailableUrl = options?.serviceUnavailableUrl || SERVICE_UNAVAILABLE_PAGE;
|
|
42
|
-
// Get current pathname from headers (set by Next.js)
|
|
43
|
-
const headerStore = await (0, headers_1.headers)();
|
|
44
|
-
const pathname = headerStore.get('x-next-pathname') ||
|
|
45
|
-
headerStore.get('x-invoke-path') ||
|
|
46
|
-
headerStore.get('x-matched-path') ||
|
|
47
|
-
'/';
|
|
48
|
-
const callbackUrl = encodeURIComponent(pathname);
|
|
49
|
-
// --- Decode session (cookie → JWT → Redis) ---
|
|
50
|
-
let decoded;
|
|
51
|
-
try {
|
|
52
|
-
decoded = await (0, decode_session_1.decodeSession)();
|
|
53
|
-
}
|
|
54
|
-
catch (error) {
|
|
55
|
-
// Redis unreachable or startup failure → fail closed
|
|
56
|
-
console.error('[AUTH-GUARD] Session decode failed (service error):', error instanceof Error ? error.message : String(error));
|
|
57
|
-
(0, navigation_1.redirect)(serviceUnavailableUrl);
|
|
58
|
-
}
|
|
59
|
-
// No session at all → redirect to login
|
|
60
|
-
if (!decoded) {
|
|
61
|
-
(0, navigation_1.redirect)(`${loginUrl}?callbackUrl=${callbackUrl}`);
|
|
62
|
-
}
|
|
63
|
-
const { sessionData } = decoded;
|
|
64
|
-
// --- Force-invalidated session (admin action, password change) ---
|
|
65
|
-
if (sessionData.forceInvalidated) {
|
|
66
|
-
console.warn('[AUTH-GUARD] Session force-invalidated', {
|
|
67
|
-
userId: sessionData.userId,
|
|
68
|
-
pathname,
|
|
69
|
-
});
|
|
70
|
-
(0, navigation_1.redirect)(`${loginUrl}?callbackUrl=${callbackUrl}&reason=invalidated`);
|
|
71
|
-
}
|
|
72
|
-
// --- 2FA check ---
|
|
73
|
-
try {
|
|
74
|
-
const config = await (0, idp_client_config_1.getIDPClientConfig)();
|
|
75
|
-
const requires2FA = config.authSettings?.require2FA ?? true;
|
|
76
|
-
if (requires2FA) {
|
|
77
|
-
const mfaVerified = sessionData.mfaVerified ?? sessionData.twoFactorComplete ?? false;
|
|
78
|
-
const mfaExpiresAt = sessionData.mfaExpiresAt || 0;
|
|
79
|
-
const mfaExpired = mfaExpiresAt > 0 && mfaExpiresAt < Date.now();
|
|
80
|
-
if (!mfaVerified || mfaExpired) {
|
|
81
|
-
console.log('[AUTH-GUARD] 2FA required', {
|
|
82
|
-
mfaVerified,
|
|
83
|
-
mfaExpired,
|
|
84
|
-
userId: sessionData.userId,
|
|
85
|
-
pathname,
|
|
86
|
-
});
|
|
87
|
-
(0, navigation_1.redirect)(`${verifyCodeUrl}?callbackUrl=${callbackUrl}`);
|
|
88
|
-
}
|
|
89
|
-
}
|
|
90
|
-
}
|
|
91
|
-
catch (error) {
|
|
92
|
-
// If we can't check 2FA config, fail closed
|
|
93
|
-
console.error('[AUTH-GUARD] 2FA config check failed:', error instanceof Error ? error.message : String(error));
|
|
94
|
-
(0, navigation_1.redirect)(serviceUnavailableUrl);
|
|
95
|
-
}
|
|
96
|
-
// --- Custom checks (beta, admin, etc.) ---
|
|
97
|
-
if (options?.checks) {
|
|
98
|
-
for (const check of options.checks) {
|
|
99
|
-
try {
|
|
100
|
-
const redirectUrl = await check.check(sessionData, pathname);
|
|
101
|
-
if (redirectUrl) {
|
|
102
|
-
console.log(`[AUTH-GUARD] Custom check "${check.name}" failed`, {
|
|
103
|
-
userId: sessionData.userId,
|
|
104
|
-
pathname,
|
|
105
|
-
redirectUrl,
|
|
106
|
-
});
|
|
107
|
-
(0, navigation_1.redirect)(redirectUrl);
|
|
108
|
-
}
|
|
109
|
-
}
|
|
110
|
-
catch (error) {
|
|
111
|
-
// If the error is a redirect (from next/navigation), re-throw it
|
|
112
|
-
if (error && typeof error === 'object' && 'digest' in error) {
|
|
113
|
-
throw error;
|
|
114
|
-
}
|
|
115
|
-
console.error(`[AUTH-GUARD] Custom check "${check.name}" error:`, error instanceof Error ? error.message : String(error));
|
|
116
|
-
(0, navigation_1.redirect)(serviceUnavailableUrl);
|
|
117
|
-
}
|
|
118
|
-
}
|
|
119
|
-
}
|
|
120
|
-
// --- All checks passed ---
|
|
121
|
-
return {
|
|
122
|
-
userId: sessionData.userId,
|
|
123
|
-
email: sessionData.email,
|
|
124
|
-
roles: sessionData.roles || [],
|
|
125
|
-
sessionData,
|
|
126
|
-
accessToken: sessionData.idpAccessToken,
|
|
127
|
-
};
|
|
128
|
-
}
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Server-Side Session Decoder
|
|
3
|
-
*
|
|
4
|
-
* Reads the JWT session cookie, decodes it with jose, and fetches the
|
|
5
|
-
* full session from Redis. Used by authGuard (layouts) and withAuth (API routes).
|
|
6
|
-
*
|
|
7
|
-
* Zero HTTP self-fetches. Direct Redis reads only.
|
|
8
|
-
*/
|
|
9
|
-
import 'server-only';
|
|
10
|
-
import { type JWTPayload } from 'jose';
|
|
11
|
-
import { type SessionData } from '../lib/session-store';
|
|
12
|
-
export interface DecodedSession {
|
|
13
|
-
sessionData: SessionData;
|
|
14
|
-
jwtPayload: JWTPayload & {
|
|
15
|
-
sessionToken?: string;
|
|
16
|
-
redisSessionId?: string;
|
|
17
|
-
};
|
|
18
|
-
}
|
|
19
|
-
/**
|
|
20
|
-
* Decode the session from cookies and Redis.
|
|
21
|
-
* Returns null if no valid session exists.
|
|
22
|
-
*
|
|
23
|
-
* @param requestCookies Optional cookie getter for API route context (NextRequest.cookies).
|
|
24
|
-
* If omitted, uses next/headers cookies() for server components.
|
|
25
|
-
*/
|
|
26
|
-
export declare function decodeSession(requestCookies?: {
|
|
27
|
-
get: (name: string) => {
|
|
28
|
-
value: string;
|
|
29
|
-
} | undefined;
|
|
30
|
-
}): Promise<DecodedSession | null>;
|
|
@@ -1,78 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Server-Side Session Decoder
|
|
4
|
-
*
|
|
5
|
-
* Reads the JWT session cookie, decodes it with jose, and fetches the
|
|
6
|
-
* full session from Redis. Used by authGuard (layouts) and withAuth (API routes).
|
|
7
|
-
*
|
|
8
|
-
* Zero HTTP self-fetches. Direct Redis reads only.
|
|
9
|
-
*/
|
|
10
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
-
exports.decodeSession = decodeSession;
|
|
12
|
-
require("server-only");
|
|
13
|
-
const headers_1 = require("next/headers");
|
|
14
|
-
const jose_1 = require("jose");
|
|
15
|
-
const session_store_1 = require("../lib/session-store");
|
|
16
|
-
const idp_client_config_1 = require("../lib/idp-client-config");
|
|
17
|
-
const app_slug_1 = require("../lib/app-slug");
|
|
18
|
-
const startup_init_1 = require("../lib/startup-init");
|
|
19
|
-
/**
|
|
20
|
-
* Decode the session from cookies and Redis.
|
|
21
|
-
* Returns null if no valid session exists.
|
|
22
|
-
*
|
|
23
|
-
* @param requestCookies Optional cookie getter for API route context (NextRequest.cookies).
|
|
24
|
-
* If omitted, uses next/headers cookies() for server components.
|
|
25
|
-
*/
|
|
26
|
-
async function decodeSession(requestCookies) {
|
|
27
|
-
try {
|
|
28
|
-
// Ensure startup initialization is complete (Redis, IDP config, etc.)
|
|
29
|
-
await (0, startup_init_1.ensureInitialized)();
|
|
30
|
-
// Get the JWT cookie value
|
|
31
|
-
const cookieStore = requestCookies || (await (0, headers_1.cookies)());
|
|
32
|
-
const sessionCookieName = (0, app_slug_1.getSessionCookieName)();
|
|
33
|
-
const secureCookieName = (0, app_slug_1.getSecureSessionCookieName)();
|
|
34
|
-
const cookieValue = cookieStore.get(secureCookieName)?.value ||
|
|
35
|
-
cookieStore.get(sessionCookieName)?.value;
|
|
36
|
-
if (!cookieValue) {
|
|
37
|
-
return null;
|
|
38
|
-
}
|
|
39
|
-
// Get the NextAuth secret from IDP config
|
|
40
|
-
const config = await (0, idp_client_config_1.getIDPClientConfig)();
|
|
41
|
-
const secret = config.nextAuthSecret;
|
|
42
|
-
if (!secret) {
|
|
43
|
-
console.error('[DECODE-SESSION] No nextAuthSecret available from IDP config');
|
|
44
|
-
return null;
|
|
45
|
-
}
|
|
46
|
-
// Decode the JWT (same pattern as test-aware-get-token.ts)
|
|
47
|
-
const secretKey = new TextEncoder().encode(secret);
|
|
48
|
-
let payload;
|
|
49
|
-
try {
|
|
50
|
-
const result = await (0, jose_1.jwtVerify)(cookieValue, secretKey);
|
|
51
|
-
payload = result.payload;
|
|
52
|
-
}
|
|
53
|
-
catch (jwtError) {
|
|
54
|
-
// JWT decode failed - cookie may be corrupted or secret rotated
|
|
55
|
-
console.warn('[DECODE-SESSION] JWT verification failed:', jwtError instanceof Error ? jwtError.message : String(jwtError));
|
|
56
|
-
return null;
|
|
57
|
-
}
|
|
58
|
-
// Extract the Redis session ID from JWT payload
|
|
59
|
-
const sessionToken = payload.sessionToken || payload.redisSessionId;
|
|
60
|
-
if (!sessionToken) {
|
|
61
|
-
console.warn('[DECODE-SESSION] JWT payload missing sessionToken/redisSessionId');
|
|
62
|
-
return null;
|
|
63
|
-
}
|
|
64
|
-
// Fetch session from Redis (direct, no HTTP)
|
|
65
|
-
const sessionData = await (0, session_store_1.getSession)(sessionToken);
|
|
66
|
-
if (!sessionData) {
|
|
67
|
-
return null;
|
|
68
|
-
}
|
|
69
|
-
return {
|
|
70
|
-
sessionData,
|
|
71
|
-
jwtPayload: payload,
|
|
72
|
-
};
|
|
73
|
-
}
|
|
74
|
-
catch (error) {
|
|
75
|
-
console.error('[DECODE-SESSION] Error:', error instanceof Error ? error.message : String(error));
|
|
76
|
-
return null;
|
|
77
|
-
}
|
|
78
|
-
}
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Slim Middleware — Cookie-Only Auth Check
|
|
3
|
-
*
|
|
4
|
-
* Replaces the self-fetching middleware with a cookie existence check.
|
|
5
|
-
* All real auth validation happens in server-side layouts (authGuard).
|
|
6
|
-
*
|
|
7
|
-
* Zero self-fetches. Zero Redis calls. Zero JWT decoding.
|
|
8
|
-
* Just: does the session cookie exist? Yes → pass through. No → redirect to login.
|
|
9
|
-
*/
|
|
10
|
-
import { NextRequest, NextResponse } from 'next/server';
|
|
11
|
-
export interface SlimMiddlewareOptions {
|
|
12
|
-
/** Routes that don't require authentication (glob-style patterns) */
|
|
13
|
-
publicRoutes?: string[];
|
|
14
|
-
/** Login page URL (default: /account-auth/login) */
|
|
15
|
-
loginUrl?: string;
|
|
16
|
-
/** Additional paths to always bypass (e.g., /api/auth/, /api/session/) */
|
|
17
|
-
bypassPrefixes?: string[];
|
|
18
|
-
}
|
|
19
|
-
/**
|
|
20
|
-
* Create a slim middleware that only checks cookie existence.
|
|
21
|
-
* Auth validation is deferred to server-side layouts (authGuard).
|
|
22
|
-
*/
|
|
23
|
-
export declare function createSlimMiddleware(options?: SlimMiddlewareOptions): (request: NextRequest) => NextResponse;
|