npm - @payez/next-mvp - Versions diffs - 4.0.36 → 4.0.37 - Mend

@payez/next-mvp 4.0.36 → 4.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/lib/test-aware-get-token.js +33 -13
package/package.json +1 -1
package/src/lib/test-aware-get-token.ts +34 -12

package/dist/lib/test-aware-get-token.js CHANGED Viewed

@@ -69,18 +69,38 @@ async function getTokenTestAware(req) {
             return null;
         }
     }
-    // Production path: use Better Auth session
+    // Production path: try Better Auth first, fall back to NextAuth JWT cookie
     const session = await (0, auth_1.getSession)(req);
-    if (!session)
-        return null;
-    // Return a token-like object for backward compatibility with callers
-    // that access token.sub, token.email, token.sessionToken, token.roles, etc.
-    return {
-        sub: session.user?.id,
-        email: session.user?.email,
-        name: session.user?.name,
-        sessionToken: session.session?.token,
-        roles: session.user?.roles || [],
-        ...(session.user || {}),
-    };
+    if (session) {
+        // Return a token-like object for backward compatibility with callers
+        // that access token.sub, token.email, token.sessionToken, token.roles, etc.
+        return {
+            sub: session.user?.id,
+            email: session.user?.email,
+            name: session.user?.name,
+            sessionToken: session.session?.token,
+            roles: session.user?.roles || [],
+            ...(session.user || {}),
+        };
+    }
+    // Fallback: NextAuth JWT cookie (for sites still on NextAuth like localhost.api.payez.net)
+    // Use string-literal import that bundlers won't statically resolve
+    try {
+        const moduleName = 'next-auth/jwt';
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const nextAuthJwt = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s))).catch(() => null);
+        if (nextAuthJwt?.getToken) {
+            const { resolveNextAuthSecret } = await Promise.resolve().then(() => __importStar(require('./nextauth-secret')));
+            const secret = await resolveNextAuthSecret();
+            const nextAuthToken = await nextAuthJwt.getToken({ req, secret });
+            if (nextAuthToken) {
+                logger_1.logger.debug('[GET_TOKEN] Resolved via NextAuth JWT fallback');
+                return nextAuthToken;
+            }
+        }
+    }
+    catch (error) {
+        logger_1.logger.debug('[GET_TOKEN] NextAuth fallback failed', { error: error instanceof Error ? error.message : String(error) });
+    }
+    return null;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@payez/next-mvp",
-  "version": "4.0.36",
+  "version": "4.0.37",
   "sideEffects": false,
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/lib/test-aware-get-token.ts CHANGED Viewed

@@ -24,17 +24,39 @@ export async function getTokenTestAware(req: NextRequest): Promise<any> {
       return payload;
     } catch (error) { logger.error('[GET_TOKEN] TEST_MODE token decode error:', { error: error instanceof Error ? error.message : String(error) }); return null; }
   }
-  // Production path: use Better Auth session
+  // Production path: try Better Auth first, fall back to NextAuth JWT cookie
   const session = await getSession(req);
-  if (!session) return null;
-  // Return a token-like object for backward compatibility with callers
-  // that access token.sub, token.email, token.sessionToken, token.roles, etc.
-  return {
-    sub: session.user?.id,
-    email: session.user?.email,
-    name: session.user?.name,
-    sessionToken: session.session?.token,
-    roles: session.user?.roles || [],
-    ...(session.user || {}),
-  };
+  if (session) {
+    // Return a token-like object for backward compatibility with callers
+    // that access token.sub, token.email, token.sessionToken, token.roles, etc.
+    return {
+      sub: session.user?.id,
+      email: session.user?.email,
+      name: session.user?.name,
+      sessionToken: session.session?.token,
+      roles: session.user?.roles || [],
+      ...(session.user || {}),
+    };
+  }
+  // Fallback: NextAuth JWT cookie (for sites still on NextAuth like localhost.api.payez.net)
+  // Use string-literal import that bundlers won't statically resolve
+  try {
+    const moduleName = 'next-auth/jwt';
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const nextAuthJwt: any = await import(/* webpackIgnore: true */ moduleName).catch(() => null);
+    if (nextAuthJwt?.getToken) {
+      const { resolveNextAuthSecret } = await import('./nextauth-secret');
+      const secret = await resolveNextAuthSecret();
+      const nextAuthToken = await nextAuthJwt.getToken({ req, secret });
+      if (nextAuthToken) {
+        logger.debug('[GET_TOKEN] Resolved via NextAuth JWT fallback');
+        return nextAuthToken;
+      }
+    }
+  } catch (error) {
+    logger.debug('[GET_TOKEN] NextAuth fallback failed', { error: error instanceof Error ? error.message : String(error) });
+  }
+  return null;
 }