@payez/next-mvp 4.0.1 → 4.0.2

package/dist/logging/hooks/useHealthMetrics.d.ts

@@ -0,0 +1,6 @@
+import { HealthMetrics, TimeRange } from '../types';
+export declare function useHealthMetrics(timeRange?: TimeRange): {
+    data: HealthMetrics | null;
+    loading: boolean;
+    error: string | null;
+};

package/dist/logging/hooks/useHealthMetrics.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useHealthMetrics = useHealthMetrics;
+const react_1 = require("react");
+const admin_analytics_1 = require("../api/admin-analytics");
+function useHealthMetrics(timeRange = '1h') {
+    const [data, setData] = (0, react_1.useState)(null);
+    const [loading, setLoading] = (0, react_1.useState)(true);
+    const [error, setError] = (0, react_1.useState)(null);
+    (0, react_1.useEffect)(() => {
+        let mounted = true;
+        async function fetchData() {
+            try {
+                setLoading(true);
+                const result = await (0, admin_analytics_1.getHealthMetrics)(timeRange);
+                if (mounted) {
+                    setData(result.data);
+                    setError(null);
+                }
+            }
+            catch (err) {
+                if (mounted) {
+                    setError(err instanceof Error ? err.message : 'Failed to fetch health metrics');
+                }
+            }
+            finally {
+                if (mounted) {
+                    setLoading(false);
+                }
+            }
+        }
+        fetchData();
+        // Auto-refresh health metrics every minute
+        const interval = setInterval(fetchData, 60000);
+        return () => {
+            mounted = false;
+            clearInterval(interval);
+        };
+    }, [timeRange]);
+    return { data, loading, error };
+}

package/dist/logging/index.d.ts

@@ -0,0 +1,11 @@
+export { ErrorMetricsCard } from './components/ErrorMetricsCard';
+export { HealthMetricsCard } from './components/HealthMetricsCard';
+export { AuditLogViewer } from './components/AuditLogViewer';
+export { AdminAnalyticsLayout } from './components/AdminAnalyticsLayout';
+export { useErrorMetrics } from './hooks/useErrorMetrics';
+export { useHealthMetrics } from './hooks/useHealthMetrics';
+export { useAuditLog } from './hooks/useAuditLog';
+export { useAdminAnalytics } from './hooks/useAdminAnalytics';
+export * from './types';
+export * from './api/admin-analytics';
+export * from './api/audit-log';

package/dist/logging/index.js

@@ -0,0 +1,40 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useAdminAnalytics = exports.useAuditLog = exports.useHealthMetrics = exports.useErrorMetrics = exports.AdminAnalyticsLayout = exports.AuditLogViewer = exports.HealthMetricsCard = exports.ErrorMetricsCard = void 0;
+// Components
+var ErrorMetricsCard_1 = require("./components/ErrorMetricsCard");
+Object.defineProperty(exports, "ErrorMetricsCard", { enumerable: true, get: function () { return ErrorMetricsCard_1.ErrorMetricsCard; } });
+var HealthMetricsCard_1 = require("./components/HealthMetricsCard");
+Object.defineProperty(exports, "HealthMetricsCard", { enumerable: true, get: function () { return HealthMetricsCard_1.HealthMetricsCard; } });
+var AuditLogViewer_1 = require("./components/AuditLogViewer");
+Object.defineProperty(exports, "AuditLogViewer", { enumerable: true, get: function () { return AuditLogViewer_1.AuditLogViewer; } });
+var AdminAnalyticsLayout_1 = require("./components/AdminAnalyticsLayout");
+Object.defineProperty(exports, "AdminAnalyticsLayout", { enumerable: true, get: function () { return AdminAnalyticsLayout_1.AdminAnalyticsLayout; } });
+// Hooks
+var useErrorMetrics_1 = require("./hooks/useErrorMetrics");
+Object.defineProperty(exports, "useErrorMetrics", { enumerable: true, get: function () { return useErrorMetrics_1.useErrorMetrics; } });
+var useHealthMetrics_1 = require("./hooks/useHealthMetrics");
+Object.defineProperty(exports, "useHealthMetrics", { enumerable: true, get: function () { return useHealthMetrics_1.useHealthMetrics; } });
+var useAuditLog_1 = require("./hooks/useAuditLog");
+Object.defineProperty(exports, "useAuditLog", { enumerable: true, get: function () { return useAuditLog_1.useAuditLog; } });
+var useAdminAnalytics_1 = require("./hooks/useAdminAnalytics");
+Object.defineProperty(exports, "useAdminAnalytics", { enumerable: true, get: function () { return useAdminAnalytics_1.useAdminAnalytics; } });
+// Types
+__exportStar(require("./types"), exports);
+// API (for advanced use cases)
+__exportStar(require("./api/admin-analytics"), exports);
+__exportStar(require("./api/audit-log"), exports);

package/dist/logging/types/analytics.d.ts

@@ -0,0 +1,68 @@
+export interface ErrorMetrics {
+    totalErrors: number;
+    errorCount: number;
+    warnCount: number;
+    fatalCount: number;
+    topFailingRoutes: RouteError[];
+    byCategory: CategoryCount[];
+    topErrorCodes?: TopErrorCode[];
+    hourlyTrend?: HourlyTrendPoint[];
+    periodStart: string;
+    periodEnd: string;
+}
+export interface RouteError {
+    route: string;
+    count: number;
+    percentage: number;
+}
+export interface LevelCount {
+    level: 'error' | 'warn' | 'fatal';
+    count: number;
+}
+export interface CategoryCount {
+    category: string;
+    count: number;
+}
+export interface TopErrorCode {
+    errorCode: string;
+    count: number;
+}
+export interface HourlyTrendPoint {
+    hour: string;
+    count: number;
+}
+export interface ErrorDetail {
+    timestamp: string;
+    level: string;
+    message: string;
+    path: string;
+    userId?: number;
+    errorCode?: string;
+}
+export interface HealthMetrics {
+    timeRange: string;
+    apiHealth: {
+        avgResponseTimeMs: number;
+        p95ResponseTimeMs: number;
+        p99ResponseTimeMs: number;
+        requestCount: number;
+        errorRate: number;
+    };
+    endpointBreakdown: EndpointHealth[];
+    rateLimitHits: number;
+    slowRequests: SlowRequest[];
+}
+export interface EndpointHealth {
+    endpoint: string;
+    avgDurationMs: number;
+    p95DurationMs: number;
+    requestCount: number;
+    errorRate: number;
+}
+export interface SlowRequest {
+    timestamp: string;
+    path: string;
+    durationMs: number;
+    userId?: number;
+}
+export type TimeRange = '1h' | '24h' | '7d' | '30d';

package/dist/logging/types/analytics.js

@@ -0,0 +1,3 @@
+"use strict";
+// Universal analytics types that work for ANY app
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/logging/types/audit.d.ts

@@ -0,0 +1,29 @@
+export interface AuditLogEntry {
+    id?: number;
+    category: string;
+    action: string;
+    userId?: number;
+    adminUserId?: number;
+    details?: Record<string, any>;
+    ipAddress?: string;
+    userAgent?: string;
+    timestamp?: string;
+}
+export interface AuditLogQuery {
+    category?: string;
+    userId?: number;
+    startDate?: string;
+    endDate?: string;
+    page?: number;
+    pageSize?: number;
+}
+export interface AuditLogResponse {
+    success: boolean;
+    data: AuditLogEntry[];
+    pagination?: {
+        page: number;
+        pageSize: number;
+        totalCount: number;
+        totalPages: number;
+    };
+}

package/dist/logging/types/audit.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/logging/types/index.d.ts

@@ -0,0 +1,2 @@
+export * from './analytics';
+export * from './audit';

package/dist/logging/types/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+// Re-export all types
+__exportStar(require("./analytics"), exports);
+__exportStar(require("./audit"), exports);

package/dist/middleware/auth-decision.d.ts

@@ -0,0 +1,33 @@
+export interface AuthContext {
+    pathname: string;
+    isPublicRoute: boolean;
+    isLoginPage: boolean;
+    searchParams: URLSearchParams;
+    sessionPointer: {
+        exists: boolean;
+        sessionToken?: string;
+        expired?: boolean;
+        hasRefreshToken?: boolean;
+    };
+    sessionStatus: {
+        exists: boolean | null;
+        forceInvalid: boolean | null;
+        requires2FA: boolean;
+        twoFactorComplete: boolean;
+    };
+    circuitBreakerOpen: boolean;
+}
+export type AuthAction = {
+    type: 'allow';
+} | {
+    type: 'redirect';
+    location: string;
+    reason: string;
+    clearCookies?: boolean;
+} | {
+    type: 'service_error';
+    reason: string;
+};
+export declare function makeAuthDecision(context: AuthContext): AuthAction;
+export declare function isLoginPage(pathname: string): boolean;
+export declare function getCallbackUrl(pathname: string, searchParams: URLSearchParams): string;

package/dist/middleware/auth-decision.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeAuthDecision = makeAuthDecision;
+exports.isLoginPage = isLoginPage;
+exports.getCallbackUrl = getCallbackUrl;
+function makeAuthDecision(context) {
+    const { pathname, isPublicRoute, isLoginPage, searchParams, sessionPointer, sessionStatus, circuitBreakerOpen } = context;
+    // SAFEGUARD: Never use auth pages as callback URLs to prevent redirect loops
+    const safeCallbackUrl = pathname.startsWith('/account-auth/') ? '/' : pathname;
+    if (isPublicRoute && !isLoginPage)
+        return { type: 'allow' };
+    if (circuitBreakerOpen) {
+        if (isLoginPage)
+            return { type: 'allow' };
+        return { type: 'redirect', location: '/account-auth/login?error=ServiceUnavailable&reason=CircuitBreakerOpen', reason: 'CircuitBreakerOpen', clearCookies: true };
+    }
+    if (!sessionPointer.exists) {
+        if (isLoginPage)
+            return { type: 'allow' };
+        if (pathname === '/') {
+            const unauthUrl = process.env.UNAUTHENTICATED_REDIRECT_URL || '/account-auth/login';
+            return { type: 'redirect', location: unauthUrl, reason: 'unauthenticated_root_redirect' };
+        }
+        return { type: 'redirect', location: `/account-auth/login?callbackUrl=${encodeURIComponent(safeCallbackUrl)}`, reason: 'no_session_pointer' };
+    }
+    if (sessionStatus.exists === null || sessionStatus.forceInvalid === null)
+        return { type: 'service_error', reason: 'redis_unavailable' };
+    if (sessionStatus.forceInvalid) {
+        if (isLoginPage)
+            return { type: 'allow' };
+        return { type: 'redirect', location: `/account-auth/login?callbackUrl=${encodeURIComponent(safeCallbackUrl)}&reason=force_invalidated`, reason: 'force_invalidated' };
+    }
+    if (!sessionStatus.exists) {
+        if (isLoginPage)
+            return { type: 'allow' };
+        return { type: 'redirect', location: `/account-auth/login?callbackUrl=${encodeURIComponent(safeCallbackUrl)}&reason=stale_session`, reason: 'stale_session' };
+    }
+    if (sessionStatus.requires2FA && !sessionStatus.twoFactorComplete) {
+        if (pathname === '/account-auth/verify-code')
+            return { type: 'allow' };
+        if (isLoginPage) {
+            const callbackUrl = searchParams.get('callbackUrl') || '/';
+            const safeCallbackUrl2 = callbackUrl.startsWith('/account-auth/') ? '/' : callbackUrl;
+            return { type: 'redirect', location: `/account-auth/verify-code?callbackUrl=${encodeURIComponent(safeCallbackUrl2)}`, reason: '2fa_required_login_redirect' };
+        }
+        return { type: 'allow' };
+    }
+    if (sessionPointer.expired) {
+        if (isLoginPage)
+            return { type: 'allow' };
+        return { type: 'redirect', location: `/account-auth/login?callbackUrl=${encodeURIComponent(safeCallbackUrl)}&error=SessionExpired`, reason: 'token_expired' };
+    }
+    if (pathname === '/')
+        return { type: 'redirect', location: '/', reason: 'authenticated_root_redirect' };
+    if (isLoginPage) {
+        const callbackUrl = searchParams.get('callbackUrl') || '/';
+        const safeCallbackUrl = callbackUrl.startsWith('/account-auth/') ? '/' : callbackUrl;
+        return { type: 'redirect', location: safeCallbackUrl, reason: 'already_authenticated' };
+    }
+    return { type: 'allow' };
+}
+function isLoginPage(pathname) { return pathname === '/account-auth/login'; }
+function getCallbackUrl(pathname, searchParams) { if (pathname.startsWith('/account-auth/'))
+    return '/'; const existingCallback = searchParams.get('callbackUrl'); if (existingCallback && !existingCallback.startsWith('/account-auth/'))
+    return existingCallback; return pathname; }

package/dist/middleware/create-middleware.d.ts

@@ -0,0 +1,102 @@
+/**
+ * MVP Middleware - Authentication & Route Protection
+ *
+ * Creates a Next.js middleware handler that protects routes based on:
+ * - Authentication status (session cookie → Redis viability check)
+ * - 2FA completion status
+ * - RBAC permissions (if enabled)
+ *
+ * Usage: Export the result from your app's middleware.ts:
+ *   export default createMvpMiddleware();
+ *
+ * With custom options:
+ *   export default createMvpMiddleware({
+ *     circuitBreaker: myCircuitBreaker,
+ *     logger: myLogger,
+ *     viabilityEndpoint: '/api/session/refresh-viability',
+ *   });
+ */
+import { NextRequest, NextResponse } from 'next/server';
+export interface AuthContext {
+    pathname: string;
+    isPublicRoute: boolean;
+    isLoginPage: boolean;
+    searchParams: URLSearchParams;
+    sessionPointer: SessionPointer;
+    sessionStatus: SessionStatus;
+    circuitBreakerOpen: boolean;
+}
+export interface SessionPointer {
+    exists: boolean;
+    sessionToken?: string;
+    expired?: boolean;
+    hasRefreshToken?: boolean;
+    roles: string[];
+    clientId: string;
+}
+export interface SessionStatus {
+    exists: boolean | null;
+    forceInvalid: boolean | null;
+    requires2FA: boolean;
+    twoFactorComplete: boolean;
+}
+export type AuthAction = {
+    type: 'allow';
+} | {
+    type: 'redirect';
+    location: string;
+    reason: string;
+    clearCookies?: boolean;
+} | {
+    type: 'service_error';
+    reason: string;
+} | {
+    type: 'refresh_needed';
+};
+/**
+ * Circuit breaker interface for middleware integration.
+ * Implement this to provide custom circuit breaker behavior.
+ */
+export interface CircuitBreakerProvider {
+    /** Check if circuit breaker is currently open */
+    isOpen(): boolean;
+    /** Check if a refresh attempt is allowed (for HALF_OPEN state) */
+    canAttemptRefresh(): boolean;
+    /** Record a successful operation (closes the breaker) */
+    recordSuccess(): void;
+    /** Record a failed operation (may open the breaker) */
+    recordFailure(error?: Error): void;
+    /** Check if an error is a network error (vs HTTP error) */
+    isNetworkError(error: any): boolean;
+}
+/**
+ * Logger interface for middleware.
+ * Implement this to provide custom logging.
+ */
+export interface MiddlewareLogger {
+    info(message: string, data?: Record<string, any>): void;
+    warn(message: string, data?: Record<string, any>): void;
+    error(message: string, data?: Record<string, any>): void;
+}
+/**
+ * Configuration options for createMvpMiddleware
+ */
+export interface MvpMiddlewareOptions {
+    /** Custom circuit breaker implementation */
+    circuitBreaker?: CircuitBreakerProvider;
+    /** Custom logger implementation */
+    logger?: MiddlewareLogger;
+    /** Custom viability check endpoint (default: /api/session/viability) */
+    viabilityEndpoint?: string;
+    /** Custom refresh endpoint (default: /api/auth/refresh) */
+    refreshEndpoint?: string;
+    /** Hook called on successful refresh */
+    onRefreshSuccess?: () => void;
+    /** Hook called on refresh failure */
+    onRefreshFailure?: (status: number, isNetworkError: boolean) => void;
+    /** Additional paths to bypass middleware (beyond /api/auth/ and /api/session/) */
+    bypassPaths?: string[];
+    /** Paths exempt from RBAC checks (auth still enforced, just no page-permission check) */
+    rbacExemptPaths?: string[];
+}
+export declare function createMvpMiddleware(options?: MvpMiddlewareOptions): (request: NextRequest) => Promise<NextResponse>;