@payez/next-mvp 4.0.7 → 4.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/auth/better-auth.d.ts +6 -1
  2. package/dist/auth/better-auth.js +31 -3
  3. package/dist/lib/token-lifecycle.js +40 -1
  4. package/dist/server/auth.d.ts +6 -1
  5. package/package.json +1 -1
  6. package/src/auth/better-auth.ts +26 -3
  7. package/src/lib/token-lifecycle.ts +41 -1
package/dist/auth/better-auth.d.ts CHANGED
@@ -33,11 +33,16 @@ export declare function createBetterAuthInstance(idpConfig: IDPClientConfig): im
33
33
  secret: string;
34
34
  socialProviders: Record<string, BetterAuthSocialProvider>;
35
35
  trustedOrigins: string[];
36
+ secondaryStorage: {
37
+ get: (key: string) => Promise<string | null>;
38
+ set: (key: string, value: string, ttl?: number) => Promise<void>;
39
+ delete: (key: string) => Promise<void>;
40
+ };
36
41
  session: {
37
42
  cookieCache: {
38
43
  enabled: true;
39
44
  maxAge: number;
40
- refreshCache: true;
45
+ refreshCache: false;
41
46
  };
42
47
  };
43
48
  advanced: {
package/dist/auth/better-auth.js CHANGED
@@ -22,6 +22,7 @@ const next_js_1 = require("better-auth/next-js");
22
22
  const next_js_2 = require("better-auth/next-js");
23
23
  const idp_client_config_1 = require("../lib/idp-client-config");
24
24
  const app_slug_1 = require("../lib/app-slug");
25
+ const redis_1 = require("../lib/redis");
25
26
  /**
26
27
  * Build Better Auth social providers from IDP config.
27
28
  */
@@ -63,13 +64,40 @@ function createBetterAuthInstance(idpConfig) {
63
64
  'http://localhost:3400',
64
65
  'http://localhost:3600',
65
66
  ],
66
- // No database stateless mode. Better Auth defaults to JWE cookie cache.
67
- // Session cookie cache with refreshCache for DB-less setup.
67
+ // Redis-backed session storage via secondaryStorage
68
+ secondaryStorage: {
69
+ get: async (key) => {
70
+ try {
71
+ return await (0, redis_1.getRedis)().get(`ba:${appSlug}:${key}`);
72
+ }
73
+ catch {
74
+ return null;
75
+ }
76
+ },
77
+ set: async (key, value, ttl) => {
78
+ try {
79
+ const redis = (0, redis_1.getRedis)();
80
+ if (ttl) {
81
+ await redis.setex(`ba:${appSlug}:${key}`, ttl, value);
82
+ }
83
+ else {
84
+ await redis.setex(`ba:${appSlug}:${key}`, 7 * 24 * 60 * 60, value);
85
+ }
86
+ }
87
+ catch { /* Redis unavailable — cookie cache still works */ }
88
+ },
89
+ delete: async (key) => {
90
+ try {
91
+ await (0, redis_1.getRedis)().del(`ba:${appSlug}:${key}`);
92
+ }
93
+ catch { /* ignore */ }
94
+ },
95
+ },
68
96
  session: {
69
97
  cookieCache: {
70
98
  enabled: true,
71
99
  maxAge: 300,
72
- refreshCache: true,
100
+ refreshCache: false,
73
101
  },
74
102
  },
75
103
  // Cookie prefix must match slim-middleware expectations ({slug}.session-token)
package/dist/lib/token-lifecycle.js CHANGED
@@ -25,6 +25,8 @@ exports.ensureFreshToken = ensureFreshToken;
25
25
  exports.getFreshAuthHeader = getFreshAuthHeader;
26
26
  const session_store_1 = require("./session-store");
27
27
  const auth_1 = require("../server/auth");
28
+ const redis_1 = require("./redis");
29
+ const app_slug_1 = require("./app-slug");
28
30
  // 5 minute threshold for "needs refresh" - matches refresh handler pattern
29
31
  const REFRESH_THRESHOLD_MS = 5 * 60 * 1000;
30
32
  // Concurrent refresh handling configuration
@@ -220,8 +222,45 @@ async function ensureFreshToken(request) {
220
222
  };
221
223
  }
222
224
  const sessionToken = betterAuthSession.session.token;
223
- // 2. Get session data from Redis
225
+ // 2. Get session data from Redis (legacy prefix), or Better Auth's secondary storage
224
226
  let sessionData = await (0, session_store_1.getSession)(sessionToken);
227
+ if (!sessionData) {
228
+ // Try Better Auth's secondaryStorage key (ba:{slug}:{token})
229
+ try {
230
+ const baKey = `ba:${(0, app_slug_1.getAppSlug)()}:${sessionToken}`;
231
+ const baRaw = await (0, redis_1.getRedis)().get(baKey);
232
+ if (baRaw) {
233
+ const baSession = JSON.parse(baRaw);
234
+ // Map Better Auth session to SessionData
235
+ sessionData = {
236
+ userId: baSession.user?.id || betterAuthSession.user?.id || '',
237
+ email: baSession.user?.email || betterAuthSession.user?.email || '',
238
+ name: baSession.user?.name || betterAuthSession.user?.name,
239
+ roles: [],
240
+ idpAccessTokenExpires: baSession.session?.expiresAt
241
+ ? new Date(baSession.session.expiresAt).getTime()
242
+ : Date.now() + 24 * 60 * 60 * 1000,
243
+ mfaVerified: true,
244
+ oauthProvider: 'google',
245
+ };
246
+ }
247
+ }
248
+ catch { /* Redis unavailable */ }
249
+ }
250
+ if (!sessionData) {
251
+ // Last resort: build from Better Auth in-memory session
252
+ if (betterAuthSession.user) {
253
+ sessionData = {
254
+ userId: betterAuthSession.user.id || '',
255
+ email: betterAuthSession.user.email || '',
256
+ name: betterAuthSession.user.name,
257
+ roles: [],
258
+ idpAccessTokenExpires: Date.now() + 24 * 60 * 60 * 1000,
259
+ mfaVerified: true,
260
+ oauthProvider: 'google',
261
+ };
262
+ }
263
+ }
225
264
  if (!sessionData) {
226
265
  return {
227
266
  success: false,
package/dist/server/auth.d.ts CHANGED
@@ -16,11 +16,16 @@ export declare function getAuthInstance(): Promise<import("better-auth/types").A
16
16
  secret: string;
17
17
  socialProviders: Record<string, import("../auth/better-auth").BetterAuthSocialProvider>;
18
18
  trustedOrigins: string[];
19
+ secondaryStorage: {
20
+ get: (key: string) => Promise<string | null>;
21
+ set: (key: string, value: string, ttl?: number) => Promise<void>;
22
+ delete: (key: string) => Promise<void>;
23
+ };
19
24
  session: {
20
25
  cookieCache: {
21
26
  enabled: true;
22
27
  maxAge: number;
23
- refreshCache: true;
28
+ refreshCache: false;
24
29
  };
25
30
  };
26
31
  advanced: {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@payez/next-mvp",
3
- "version": "4.0.7",
3
+ "version": "4.0.9",
4
4
  "sideEffects": false,
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
package/src/auth/better-auth.ts CHANGED
@@ -16,6 +16,7 @@ import { toNextJsHandler } from 'better-auth/next-js';
16
16
  import type { IDPClientConfig } from '../lib/idp-client-config';
17
17
  import { getIDPClientConfig } from '../lib/idp-client-config';
18
18
  import { getAppSlug } from '../lib/app-slug';
19
+ import { getRedis } from '../lib/redis';
19
20
 
20
21
  /**
21
22
  * Better Auth social provider config shape.
@@ -76,13 +77,35 @@ export function createBetterAuthInstance(idpConfig: IDPClientConfig) {
76
77
  'http://localhost:3600',
77
78
  ],
78
79
 
79
- // No database stateless mode. Better Auth defaults to JWE cookie cache.
80
- // Session cookie cache with refreshCache for DB-less setup.
80
+ // Redis-backed session storage via secondaryStorage
81
+ secondaryStorage: {
82
+ get: async (key: string) => {
83
+ try {
84
+ return await getRedis().get(`ba:${appSlug}:${key}`);
85
+ } catch { return null; }
86
+ },
87
+ set: async (key: string, value: string, ttl?: number) => {
88
+ try {
89
+ const redis = getRedis();
90
+ if (ttl) {
91
+ await redis.setex(`ba:${appSlug}:${key}`, ttl, value);
92
+ } else {
93
+ await redis.setex(`ba:${appSlug}:${key}`, 7 * 24 * 60 * 60, value);
94
+ }
95
+ } catch { /* Redis unavailable — cookie cache still works */ }
96
+ },
97
+ delete: async (key: string) => {
98
+ try {
99
+ await getRedis().del(`ba:${appSlug}:${key}`);
100
+ } catch { /* ignore */ }
101
+ },
102
+ },
103
+
81
104
  session: {
82
105
  cookieCache: {
83
106
  enabled: true,
84
107
  maxAge: 300,
85
- refreshCache: true,
108
+ refreshCache: false,
86
109
  },
87
110
  },
88
111
 
package/src/lib/token-lifecycle.ts CHANGED
@@ -23,6 +23,8 @@
23
23
  import { NextRequest } from 'next/server';
24
24
  import { getSession as getRedisSession, SessionData } from './session-store';
25
25
  import { getSession as getBetterAuthSession } from '../server/auth';
26
+ import { getRedis } from './redis';
27
+ import { getAppSlug } from './app-slug';
26
28
 
27
29
  // 5 minute threshold for "needs refresh" - matches refresh handler pattern
28
30
  const REFRESH_THRESHOLD_MS = 5 * 60 * 1000;
@@ -282,9 +284,47 @@ export async function ensureFreshToken(
282
284
 
283
285
  const sessionToken = betterAuthSession.session.token;
284
286
 
285
- // 2. Get session data from Redis
287
+ // 2. Get session data from Redis (legacy prefix), or Better Auth's secondary storage
286
288
  let sessionData = await getRedisSession(sessionToken);
287
289
 
290
+ if (!sessionData) {
291
+ // Try Better Auth's secondaryStorage key (ba:{slug}:{token})
292
+ try {
293
+ const baKey = `ba:${getAppSlug()}:${sessionToken}`;
294
+ const baRaw = await getRedis().get(baKey);
295
+ if (baRaw) {
296
+ const baSession = JSON.parse(baRaw);
297
+ // Map Better Auth session to SessionData
298
+ sessionData = {
299
+ userId: baSession.user?.id || betterAuthSession.user?.id || '',
300
+ email: baSession.user?.email || betterAuthSession.user?.email || '',
301
+ name: baSession.user?.name || betterAuthSession.user?.name,
302
+ roles: [],
303
+ idpAccessTokenExpires: baSession.session?.expiresAt
304
+ ? new Date(baSession.session.expiresAt).getTime()
305
+ : Date.now() + 24 * 60 * 60 * 1000,
306
+ mfaVerified: true,
307
+ oauthProvider: 'google',
308
+ } as SessionData;
309
+ }
310
+ } catch { /* Redis unavailable */ }
311
+ }
312
+
313
+ if (!sessionData) {
314
+ // Last resort: build from Better Auth in-memory session
315
+ if (betterAuthSession.user) {
316
+ sessionData = {
317
+ userId: betterAuthSession.user.id || '',
318
+ email: betterAuthSession.user.email || '',
319
+ name: betterAuthSession.user.name,
320
+ roles: [],
321
+ idpAccessTokenExpires: Date.now() + 24 * 60 * 60 * 1000,
322
+ mfaVerified: true,
323
+ oauthProvider: 'google',
324
+ } as SessionData;
325
+ }
326
+ }
327
+
288
328
  if (!sessionData) {
289
329
  return {
290
330
  success: false,