@payez/next-mvp 4.0.0 → 4.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api-handlers/account/change-password.js +110 -110
- package/dist/api-handlers/admin/analytics.d.ts +19 -19
- package/dist/api-handlers/admin/analytics.js +378 -378
- package/dist/api-handlers/admin/audit.d.ts +19 -19
- package/dist/api-handlers/admin/audit.js +213 -213
- package/dist/api-handlers/admin/index.d.ts +21 -21
- package/dist/api-handlers/admin/index.js +42 -42
- package/dist/api-handlers/admin/redis-sessions.d.ts +35 -35
- package/dist/api-handlers/admin/redis-sessions.js +203 -203
- package/dist/api-handlers/admin/sessions.d.ts +20 -20
- package/dist/api-handlers/admin/sessions.js +283 -283
- package/dist/api-handlers/admin/site-logs.d.ts +45 -45
- package/dist/api-handlers/admin/site-logs.js +317 -317
- package/dist/api-handlers/admin/stats.d.ts +20 -20
- package/dist/api-handlers/admin/stats.js +239 -239
- package/dist/api-handlers/admin/users.d.ts +19 -19
- package/dist/api-handlers/admin/users.js +221 -221
- package/dist/api-handlers/admin/vibe-data.d.ts +79 -79
- package/dist/api-handlers/admin/vibe-data.js +267 -267
- package/dist/api-handlers/auth/refresh.js +633 -633
- package/dist/api-handlers/auth/signout.js +186 -186
- package/dist/api-handlers/auth/verify-code.d.ts +43 -43
- package/dist/api-handlers/auth/verify-code.js +90 -90
- package/dist/api-handlers/session/viability.js +114 -114
- package/dist/api-handlers/test/force-expire.js +59 -59
- package/dist/auth/auth-decision.js +182 -182
- package/dist/auth/utils/token-utils.d.ts +83 -83
- package/dist/auth/utils/token-utils.js +218 -218
- package/dist/client/AuthContext.js +115 -115
- package/dist/client/better-auth-client.d.ts +1020 -1020
- package/dist/components/SessionSync.js +121 -121
- package/dist/components/account/MobileNavDrawer.js +64 -64
- package/dist/components/account/UserAvatarMenu.js +91 -91
- package/dist/components/admin/VibeAdminLayout.js +71 -71
- package/dist/hooks/useAuthSettings.js +93 -93
- package/dist/hooks/useAvailableProviders.d.ts +43 -43
- package/dist/hooks/useAvailableProviders.js +112 -112
- package/dist/lib/app-slug.d.ts +95 -95
- package/dist/lib/app-slug.js +172 -172
- package/dist/lib/test-aware-get-token.js +86 -86
- package/dist/lib/token-lifecycle.d.ts +78 -78
- package/dist/lib/token-lifecycle.js +360 -360
- package/dist/pages/admin-login/page.js +73 -73
- package/dist/pages/client-admin/ClientSiteAdminPage.js +179 -179
- package/dist/pages/login/page.js +202 -202
- package/dist/pages/showcase/ShowcasePage.js +142 -142
- package/dist/pages/test-env/EmergencyLogoutPage.js +99 -99
- package/dist/pages/test-env/JwtInspectPage.js +116 -116
- package/dist/pages/test-env/TestEnvPage.js +51 -51
- package/dist/pages/verify-code/page.js +412 -412
- package/dist/routes/auth/logout.d.ts +31 -31
- package/dist/routes/auth/logout.js +98 -98
- package/dist/routes/auth/session.js +157 -157
- package/dist/routes/auth/viability.js +190 -190
- package/package.json +6 -16
- package/dist/auth/auth-options.d.ts +0 -57
- package/dist/auth/auth-options.js +0 -213
- package/dist/auth/callbacks/index.d.ts +0 -6
- package/dist/auth/callbacks/index.js +0 -12
- package/dist/auth/callbacks/jwt.d.ts +0 -45
- package/dist/auth/callbacks/jwt.js +0 -305
- package/dist/auth/callbacks/session.d.ts +0 -60
- package/dist/auth/callbacks/session.js +0 -170
- package/dist/auth/callbacks/signin.d.ts +0 -23
- package/dist/auth/callbacks/signin.js +0 -44
- package/dist/auth/events/index.d.ts +0 -4
- package/dist/auth/events/index.js +0 -8
- package/dist/auth/events/signout.d.ts +0 -17
- package/dist/auth/events/signout.js +0 -32
- package/dist/auth/providers/credentials.d.ts +0 -32
- package/dist/auth/providers/credentials.js +0 -223
- package/dist/auth/providers/index.d.ts +0 -5
- package/dist/auth/providers/index.js +0 -21
- package/dist/auth/providers/oauth.d.ts +0 -26
- package/dist/auth/providers/oauth.js +0 -105
- package/dist/lib/nextauth-secret.d.ts +0 -10
- package/dist/lib/nextauth-secret.js +0 -100
- package/dist/pages/profile/profile-patch.d.ts +0 -1
- package/dist/pages/profile/profile-patch.js +0 -281
- package/dist/pages/security/security-patch.d.ts +0 -1
- package/dist/pages/security/security-patch.js +0 -302
|
@@ -1,110 +1,110 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.POST = POST;
|
|
4
|
-
const server_1 = require("next/server");
|
|
5
|
-
const auth_1 = require("../../server/auth");
|
|
6
|
-
const session_store_1 = require("../../lib/session-store");
|
|
7
|
-
const nanoid_1 = require("nanoid");
|
|
8
|
-
// ...
|
|
9
|
-
async function POST(req) {
|
|
10
|
-
const requestId = (0, nanoid_1.nanoid)();
|
|
11
|
-
try {
|
|
12
|
-
// Get session from Better Auth
|
|
13
|
-
const betterAuthSession = await (0, auth_1.getSession)(req);
|
|
14
|
-
const sessionToken = betterAuthSession?.session?.token;
|
|
15
|
-
if (!betterAuthSession || typeof sessionToken !== 'string') {
|
|
16
|
-
return server_1.NextResponse.json({ success: false, message: 'Unauthorized' }, { status: 401 });
|
|
17
|
-
}
|
|
18
|
-
const sessionData = await (0, session_store_1.getSession)(sessionToken);
|
|
19
|
-
// NOTE: Field is idpAccessToken (not accessToken) per normalized naming convention
|
|
20
|
-
if (!sessionData?.idpAccessToken) {
|
|
21
|
-
return server_1.NextResponse.json({
|
|
22
|
-
success: false,
|
|
23
|
-
message: 'Authentication required - no access token available',
|
|
24
|
-
error_code: 'UNAUTHORIZED',
|
|
25
|
-
request_id: requestId,
|
|
26
|
-
}, { status: 401 });
|
|
27
|
-
}
|
|
28
|
-
const body = await req.json();
|
|
29
|
-
const { current_password, new_password, confirm_password } = body;
|
|
30
|
-
// Validate input
|
|
31
|
-
if (!current_password || !new_password || !confirm_password) {
|
|
32
|
-
return server_1.NextResponse.json({
|
|
33
|
-
success: false,
|
|
34
|
-
message: 'Current password, new password, and confirmation are required',
|
|
35
|
-
error_code: 'VALIDATION_ERROR',
|
|
36
|
-
request_id: requestId,
|
|
37
|
-
}, { status: 400 });
|
|
38
|
-
}
|
|
39
|
-
if (new_password !== confirm_password) {
|
|
40
|
-
return server_1.NextResponse.json({
|
|
41
|
-
success: false,
|
|
42
|
-
message: 'New password and confirmation do not match',
|
|
43
|
-
error_code: 'VALIDATION_ERROR',
|
|
44
|
-
request_id: requestId,
|
|
45
|
-
}, { status: 400 });
|
|
46
|
-
}
|
|
47
|
-
// Get IDP base URL from environment
|
|
48
|
-
const idpBaseUrl = process.env.IDP_URL;
|
|
49
|
-
if (!idpBaseUrl) {
|
|
50
|
-
console.error('[CHANGE_PASSWORD] IDP_URL not configured');
|
|
51
|
-
return server_1.NextResponse.json({
|
|
52
|
-
success: false,
|
|
53
|
-
message: 'Service configuration error',
|
|
54
|
-
error_code: 'CONFIGURATION_ERROR',
|
|
55
|
-
request_id: requestId,
|
|
56
|
-
}, { status: 500 });
|
|
57
|
-
}
|
|
58
|
-
// Proxy request to IDP
|
|
59
|
-
const idpUrl = `${idpBaseUrl}/api/Account/change-password`;
|
|
60
|
-
const idpResponse = await fetch(idpUrl, {
|
|
61
|
-
method: 'POST',
|
|
62
|
-
headers: {
|
|
63
|
-
'Content-Type': 'application/json',
|
|
64
|
-
'Authorization': `Bearer ${sessionData.idpAccessToken}`,
|
|
65
|
-
'x-request-id': requestId,
|
|
66
|
-
},
|
|
67
|
-
body: JSON.stringify({
|
|
68
|
-
current_password,
|
|
69
|
-
new_password,
|
|
70
|
-
confirm_password,
|
|
71
|
-
}),
|
|
72
|
-
});
|
|
73
|
-
const responseData = await idpResponse.json().catch(() => ({}));
|
|
74
|
-
if (!idpResponse.ok) {
|
|
75
|
-
// Extract error message from IDP response
|
|
76
|
-
let errorMessage = 'Failed to change password';
|
|
77
|
-
if (responseData.message) {
|
|
78
|
-
errorMessage = responseData.message;
|
|
79
|
-
}
|
|
80
|
-
else if (responseData.details?.value && Array.isArray(responseData.details.value) && responseData.details.value.length > 0) {
|
|
81
|
-
errorMessage = responseData.details.value[0].message || errorMessage;
|
|
82
|
-
}
|
|
83
|
-
else if (responseData.details?.message) {
|
|
84
|
-
errorMessage = responseData.details.message;
|
|
85
|
-
}
|
|
86
|
-
return server_1.NextResponse.json({
|
|
87
|
-
success: false,
|
|
88
|
-
message: errorMessage,
|
|
89
|
-
error_code: responseData.error_code || 'CHANGE_PASSWORD_FAILED',
|
|
90
|
-
request_id: requestId,
|
|
91
|
-
details: responseData.details,
|
|
92
|
-
}, { status: idpResponse.status });
|
|
93
|
-
}
|
|
94
|
-
return server_1.NextResponse.json({
|
|
95
|
-
success: true,
|
|
96
|
-
message: responseData.message || 'Password changed successfully',
|
|
97
|
-
request_id: requestId,
|
|
98
|
-
});
|
|
99
|
-
}
|
|
100
|
-
catch (error) {
|
|
101
|
-
console.error('[CHANGE_PASSWORD] Error:', error);
|
|
102
|
-
const requestId = req.headers.get('x-request-id') ?? crypto.randomUUID();
|
|
103
|
-
return server_1.NextResponse.json({
|
|
104
|
-
success: false,
|
|
105
|
-
message: error instanceof Error ? error.message : 'Failed to change password',
|
|
106
|
-
error_code: 'INTERNAL_ERROR',
|
|
107
|
-
request_id: requestId,
|
|
108
|
-
}, { status: 500 });
|
|
109
|
-
}
|
|
110
|
-
}
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.POST = POST;
|
|
4
|
+
const server_1 = require("next/server");
|
|
5
|
+
const auth_1 = require("../../server/auth");
|
|
6
|
+
const session_store_1 = require("../../lib/session-store");
|
|
7
|
+
const nanoid_1 = require("nanoid");
|
|
8
|
+
// ...
|
|
9
|
+
async function POST(req) {
|
|
10
|
+
const requestId = (0, nanoid_1.nanoid)();
|
|
11
|
+
try {
|
|
12
|
+
// Get session from Better Auth
|
|
13
|
+
const betterAuthSession = await (0, auth_1.getSession)(req);
|
|
14
|
+
const sessionToken = betterAuthSession?.session?.token;
|
|
15
|
+
if (!betterAuthSession || typeof sessionToken !== 'string') {
|
|
16
|
+
return server_1.NextResponse.json({ success: false, message: 'Unauthorized' }, { status: 401 });
|
|
17
|
+
}
|
|
18
|
+
const sessionData = await (0, session_store_1.getSession)(sessionToken);
|
|
19
|
+
// NOTE: Field is idpAccessToken (not accessToken) per normalized naming convention
|
|
20
|
+
if (!sessionData?.idpAccessToken) {
|
|
21
|
+
return server_1.NextResponse.json({
|
|
22
|
+
success: false,
|
|
23
|
+
message: 'Authentication required - no access token available',
|
|
24
|
+
error_code: 'UNAUTHORIZED',
|
|
25
|
+
request_id: requestId,
|
|
26
|
+
}, { status: 401 });
|
|
27
|
+
}
|
|
28
|
+
const body = await req.json();
|
|
29
|
+
const { current_password, new_password, confirm_password } = body;
|
|
30
|
+
// Validate input
|
|
31
|
+
if (!current_password || !new_password || !confirm_password) {
|
|
32
|
+
return server_1.NextResponse.json({
|
|
33
|
+
success: false,
|
|
34
|
+
message: 'Current password, new password, and confirmation are required',
|
|
35
|
+
error_code: 'VALIDATION_ERROR',
|
|
36
|
+
request_id: requestId,
|
|
37
|
+
}, { status: 400 });
|
|
38
|
+
}
|
|
39
|
+
if (new_password !== confirm_password) {
|
|
40
|
+
return server_1.NextResponse.json({
|
|
41
|
+
success: false,
|
|
42
|
+
message: 'New password and confirmation do not match',
|
|
43
|
+
error_code: 'VALIDATION_ERROR',
|
|
44
|
+
request_id: requestId,
|
|
45
|
+
}, { status: 400 });
|
|
46
|
+
}
|
|
47
|
+
// Get IDP base URL from environment
|
|
48
|
+
const idpBaseUrl = process.env.IDP_URL;
|
|
49
|
+
if (!idpBaseUrl) {
|
|
50
|
+
console.error('[CHANGE_PASSWORD] IDP_URL not configured');
|
|
51
|
+
return server_1.NextResponse.json({
|
|
52
|
+
success: false,
|
|
53
|
+
message: 'Service configuration error',
|
|
54
|
+
error_code: 'CONFIGURATION_ERROR',
|
|
55
|
+
request_id: requestId,
|
|
56
|
+
}, { status: 500 });
|
|
57
|
+
}
|
|
58
|
+
// Proxy request to IDP
|
|
59
|
+
const idpUrl = `${idpBaseUrl}/api/Account/change-password`;
|
|
60
|
+
const idpResponse = await fetch(idpUrl, {
|
|
61
|
+
method: 'POST',
|
|
62
|
+
headers: {
|
|
63
|
+
'Content-Type': 'application/json',
|
|
64
|
+
'Authorization': `Bearer ${sessionData.idpAccessToken}`,
|
|
65
|
+
'x-request-id': requestId,
|
|
66
|
+
},
|
|
67
|
+
body: JSON.stringify({
|
|
68
|
+
current_password,
|
|
69
|
+
new_password,
|
|
70
|
+
confirm_password,
|
|
71
|
+
}),
|
|
72
|
+
});
|
|
73
|
+
const responseData = await idpResponse.json().catch(() => ({}));
|
|
74
|
+
if (!idpResponse.ok) {
|
|
75
|
+
// Extract error message from IDP response
|
|
76
|
+
let errorMessage = 'Failed to change password';
|
|
77
|
+
if (responseData.message) {
|
|
78
|
+
errorMessage = responseData.message;
|
|
79
|
+
}
|
|
80
|
+
else if (responseData.details?.value && Array.isArray(responseData.details.value) && responseData.details.value.length > 0) {
|
|
81
|
+
errorMessage = responseData.details.value[0].message || errorMessage;
|
|
82
|
+
}
|
|
83
|
+
else if (responseData.details?.message) {
|
|
84
|
+
errorMessage = responseData.details.message;
|
|
85
|
+
}
|
|
86
|
+
return server_1.NextResponse.json({
|
|
87
|
+
success: false,
|
|
88
|
+
message: errorMessage,
|
|
89
|
+
error_code: responseData.error_code || 'CHANGE_PASSWORD_FAILED',
|
|
90
|
+
request_id: requestId,
|
|
91
|
+
details: responseData.details,
|
|
92
|
+
}, { status: idpResponse.status });
|
|
93
|
+
}
|
|
94
|
+
return server_1.NextResponse.json({
|
|
95
|
+
success: true,
|
|
96
|
+
message: responseData.message || 'Password changed successfully',
|
|
97
|
+
request_id: requestId,
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
catch (error) {
|
|
101
|
+
console.error('[CHANGE_PASSWORD] Error:', error);
|
|
102
|
+
const requestId = req.headers.get('x-request-id') ?? crypto.randomUUID();
|
|
103
|
+
return server_1.NextResponse.json({
|
|
104
|
+
success: false,
|
|
105
|
+
message: error instanceof Error ? error.message : 'Failed to change password',
|
|
106
|
+
error_code: 'INTERNAL_ERROR',
|
|
107
|
+
request_id: requestId,
|
|
108
|
+
}, { status: 500 });
|
|
109
|
+
}
|
|
110
|
+
}
|
|
@@ -1,19 +1,19 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Admin Analytics API Handler
|
|
3
|
-
*
|
|
4
|
-
* Provides admin-level analytics data using service account credentials.
|
|
5
|
-
* Supports: geo stats, login stats, revenue stats, feature usage.
|
|
6
|
-
*
|
|
7
|
-
* @version 1.0
|
|
8
|
-
* @requires Admin role (vibe_app_admin or payez_admin)
|
|
9
|
-
*/
|
|
10
|
-
import { NextRequest, NextResponse } from 'next/server';
|
|
11
|
-
export interface AdminAnalyticsHandlerConfig {
|
|
12
|
-
}
|
|
13
|
-
/**
|
|
14
|
-
* POST /api/admin/analytics
|
|
15
|
-
* Body: { type: 'geo' | 'logins' | 'revenue' | 'features', period?: string }
|
|
16
|
-
*/
|
|
17
|
-
export declare function createAnalyticsHandler(config: AdminAnalyticsHandlerConfig): {
|
|
18
|
-
POST(request: NextRequest): Promise<NextResponse<unknown>>;
|
|
19
|
-
};
|
|
1
|
+
/**
|
|
2
|
+
* Admin Analytics API Handler
|
|
3
|
+
*
|
|
4
|
+
* Provides admin-level analytics data using service account credentials.
|
|
5
|
+
* Supports: geo stats, login stats, revenue stats, feature usage.
|
|
6
|
+
*
|
|
7
|
+
* @version 1.0
|
|
8
|
+
* @requires Admin role (vibe_app_admin or payez_admin)
|
|
9
|
+
*/
|
|
10
|
+
import { NextRequest, NextResponse } from 'next/server';
|
|
11
|
+
export interface AdminAnalyticsHandlerConfig {
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* POST /api/admin/analytics
|
|
15
|
+
* Body: { type: 'geo' | 'logins' | 'revenue' | 'features', period?: string }
|
|
16
|
+
*/
|
|
17
|
+
export declare function createAnalyticsHandler(config: AdminAnalyticsHandlerConfig): {
|
|
18
|
+
POST(request: NextRequest): Promise<NextResponse<unknown>>;
|
|
19
|
+
};
|