@payez/next-mvp 4.0.0 → 4.0.2

package/dist/lib/test-aware-get-token.js

@@ -1,86 +1,86 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getTokenTestAware = getTokenTestAware;
-const logger_1 = require("../config/logger");
-const auth_1 = require("../server/auth");
-const app_slug_1 = require("./app-slug");
-async function getTokenTestAware(req) {
-    if (process.env.TEST_MODE === 'true') {
-        try {
-            let secret = process.env.NEXTAUTH_SECRET;
-            if (!secret || secret.trim() === '') {
-                const { getIDPClientConfig } = await Promise.resolve().then(() => __importStar(require('./idp-client-config')));
-                const idpConfig = await getIDPClientConfig();
-                secret = idpConfig.nextAuthSecret;
-            }
-            // Use app-slug prefixed cookie name
-            const cookieName = (0, app_slug_1.getSessionCookieName)();
-            const cookies = req.headers.get('cookie');
-            if (!cookies) {
-                logger_1.logger.debug('[GET_TOKEN] No cookies in request');
-                return null;
-            }
-            const cookieValue = cookies.split(';').find(c => c.trim().startsWith(`${cookieName}=`))?.split('=')[1];
-            if (!cookieValue) {
-                logger_1.logger.debug('[GET_TOKEN] Session token cookie not found');
-                return null;
-            }
-            const { jwtVerify } = await Promise.resolve().then(() => __importStar(require('jose')));
-            const secretKey = new TextEncoder().encode(secret);
-            const { payload } = await jwtVerify(cookieValue, secretKey);
-            logger_1.logger.debug('[GET_TOKEN] TEST_MODE token decoded:', { hasPayload: !!payload, redisSessionId: payload.redisSessionId, sub: payload.sub });
-            return payload;
-        }
-        catch (error) {
-            logger_1.logger.error('[GET_TOKEN] TEST_MODE token decode error:', { error: error instanceof Error ? error.message : String(error) });
-            return null;
-        }
-    }
-    // Production path: use Better Auth session
-    const session = await (0, auth_1.getSession)(req);
-    if (!session)
-        return null;
-    // Return a token-like object for backward compatibility with callers
-    // that access token.sub, token.email, token.sessionToken, token.roles, etc.
-    return {
-        sub: session.user?.id,
-        email: session.user?.email,
-        name: session.user?.name,
-        sessionToken: session.session?.token,
-        roles: session.user?.roles || [],
-        ...(session.user || {}),
-    };
-}
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTokenTestAware = getTokenTestAware;
+const logger_1 = require("../config/logger");
+const auth_1 = require("../server/auth");
+const app_slug_1 = require("./app-slug");
+async function getTokenTestAware(req) {
+    if (process.env.TEST_MODE === 'true') {
+        try {
+            let secret = process.env.NEXTAUTH_SECRET;
+            if (!secret || secret.trim() === '') {
+                const { getIDPClientConfig } = await Promise.resolve().then(() => __importStar(require('./idp-client-config')));
+                const idpConfig = await getIDPClientConfig();
+                secret = idpConfig.nextAuthSecret;
+            }
+            // Use app-slug prefixed cookie name
+            const cookieName = (0, app_slug_1.getSessionCookieName)();
+            const cookies = req.headers.get('cookie');
+            if (!cookies) {
+                logger_1.logger.debug('[GET_TOKEN] No cookies in request');
+                return null;
+            }
+            const cookieValue = cookies.split(';').find(c => c.trim().startsWith(`${cookieName}=`))?.split('=')[1];
+            if (!cookieValue) {
+                logger_1.logger.debug('[GET_TOKEN] Session token cookie not found');
+                return null;
+            }
+            const { jwtVerify } = await Promise.resolve().then(() => __importStar(require('jose')));
+            const secretKey = new TextEncoder().encode(secret);
+            const { payload } = await jwtVerify(cookieValue, secretKey);
+            logger_1.logger.debug('[GET_TOKEN] TEST_MODE token decoded:', { hasPayload: !!payload, redisSessionId: payload.redisSessionId, sub: payload.sub });
+            return payload;
+        }
+        catch (error) {
+            logger_1.logger.error('[GET_TOKEN] TEST_MODE token decode error:', { error: error instanceof Error ? error.message : String(error) });
+            return null;
+        }
+    }
+    // Production path: use Better Auth session
+    const session = await (0, auth_1.getSession)(req);
+    if (!session)
+        return null;
+    // Return a token-like object for backward compatibility with callers
+    // that access token.sub, token.email, token.sessionToken, token.roles, etc.
+    return {
+        sub: session.user?.id,
+        email: session.user?.email,
+        name: session.user?.name,
+        sessionToken: session.session?.token,
+        roles: session.user?.roles || [],
+        ...(session.user || {}),
+    };
+}

package/dist/lib/token-lifecycle.d.ts

@@ -1,78 +1,78 @@
-/**
- * Token Lifecycle Management for @payez/next-mvp
- *
- * Ensures tokens are fresh before making API calls.
- * Checks expiration and triggers refresh if needed.
- *
- * Pattern: Check first, refresh if needed, fail gracefully if refresh fails.
- *
- * HANDLES CONCURRENT REFRESH: When multiple API calls arrive simultaneously
- * with expired tokens, only one will actually perform the refresh. Others
- * receive 409 (conflict) and wait for the refresh to complete, then use
- * the freshly refreshed tokens.
- *
- * REQUIRED: Your app must expose the refresh route:
- * ```typescript
- * // app/api/auth/refresh/route.ts
- * export { POST } from '@payez/next-mvp/routes/auth/refresh';
- * ```
- *
- * @version 2.0.0
- */
-import { NextRequest } from 'next/server';
-import { SessionData } from './session-store';
-export interface TokenResult {
-    success: true;
-    accessToken: string;
-    sessionData: SessionData;
-}
-export interface TokenError {
-    success: false;
-    error: 'NO_SESSION' | 'NO_TOKEN' | 'EXPIRED' | 'REFRESH_FAILED' | 'SESSION_EXPIRED_NO_REFRESH';
-    message: string;
-    terminal?: boolean;
-}
-export type EnsureFreshTokenResult = TokenResult | TokenError;
-/**
- * Ensures we have a fresh access token before making API calls.
- *
- * This utility checks token expiration and triggers a refresh if needed,
- * preventing 401 errors from expired tokens being sent to downstream APIs.
- *
- * @param request - The incoming NextRequest
- * @returns TokenResult with accessToken and sessionData, or TokenError
- *
- * @example
- * ```typescript
- * import { ensureFreshToken } from '@payez/next-mvp/lib/token-lifecycle';
- *
- * export async function GET(request: NextRequest) {
- *   const tokenResult = await ensureFreshToken(request);
- *   if (!tokenResult.success) {
- *     return NextResponse.json({ error: tokenResult.error }, { status: 401 });
- *   }
- *
- *   // Use tokenResult.accessToken for downstream API calls
- *   const response = await fetch('https://api.example.com/data', {
- *     headers: { 'Authorization': `Bearer ${tokenResult.accessToken}` }
- *   });
- * }
- * ```
- */
-export declare function ensureFreshToken(request: NextRequest): Promise<EnsureFreshTokenResult>;
-/**
- * Get authorization header from fresh token.
- * Convenience wrapper for API routes.
- *
- * @param request - The incoming NextRequest
- * @returns Authorization header string or null if token unavailable
- *
- * @example
- * ```typescript
- * const authHeader = await getFreshAuthHeader(request);
- * if (!authHeader) {
- *   return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
- * }
- * ```
- */
-export declare function getFreshAuthHeader(request: NextRequest): Promise<string | null>;
+/**
+ * Token Lifecycle Management for @payez/next-mvp
+ *
+ * Ensures tokens are fresh before making API calls.
+ * Checks expiration and triggers refresh if needed.
+ *
+ * Pattern: Check first, refresh if needed, fail gracefully if refresh fails.
+ *
+ * HANDLES CONCURRENT REFRESH: When multiple API calls arrive simultaneously
+ * with expired tokens, only one will actually perform the refresh. Others
+ * receive 409 (conflict) and wait for the refresh to complete, then use
+ * the freshly refreshed tokens.
+ *
+ * REQUIRED: Your app must expose the refresh route:
+ * ```typescript
+ * // app/api/auth/refresh/route.ts
+ * export { POST } from '@payez/next-mvp/routes/auth/refresh';
+ * ```
+ *
+ * @version 2.0.0
+ */
+import { NextRequest } from 'next/server';
+import { SessionData } from './session-store';
+export interface TokenResult {
+    success: true;
+    accessToken: string;
+    sessionData: SessionData;
+}
+export interface TokenError {
+    success: false;
+    error: 'NO_SESSION' | 'NO_TOKEN' | 'EXPIRED' | 'REFRESH_FAILED' | 'SESSION_EXPIRED_NO_REFRESH';
+    message: string;
+    terminal?: boolean;
+}
+export type EnsureFreshTokenResult = TokenResult | TokenError;
+/**
+ * Ensures we have a fresh access token before making API calls.
+ *
+ * This utility checks token expiration and triggers a refresh if needed,
+ * preventing 401 errors from expired tokens being sent to downstream APIs.
+ *
+ * @param request - The incoming NextRequest
+ * @returns TokenResult with accessToken and sessionData, or TokenError
+ *
+ * @example
+ * ```typescript
+ * import { ensureFreshToken } from '@payez/next-mvp/lib/token-lifecycle';
+ *
+ * export async function GET(request: NextRequest) {
+ *   const tokenResult = await ensureFreshToken(request);
+ *   if (!tokenResult.success) {
+ *     return NextResponse.json({ error: tokenResult.error }, { status: 401 });
+ *   }
+ *
+ *   // Use tokenResult.accessToken for downstream API calls
+ *   const response = await fetch('https://api.example.com/data', {
+ *     headers: { 'Authorization': `Bearer ${tokenResult.accessToken}` }
+ *   });
+ * }
+ * ```
+ */
+export declare function ensureFreshToken(request: NextRequest): Promise<EnsureFreshTokenResult>;
+/**
+ * Get authorization header from fresh token.
+ * Convenience wrapper for API routes.
+ *
+ * @param request - The incoming NextRequest
+ * @returns Authorization header string or null if token unavailable
+ *
+ * @example
+ * ```typescript
+ * const authHeader = await getFreshAuthHeader(request);
+ * if (!authHeader) {
+ *   return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+ * }
+ * ```
+ */
+export declare function getFreshAuthHeader(request: NextRequest): Promise<string | null>;