npm - @payez/next-mvp - Versions diffs - 4.0.8 → 4.0.9 - Mend

@payez/next-mvp 4.0.8 → 4.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/auth/better-auth.d.ts +1 -0
package/dist/auth/better-auth.js +1 -0
package/dist/lib/token-lifecycle.js +40 -1
package/dist/server/auth.d.ts +1 -0
package/package.json +1 -1
package/src/auth/better-auth.ts +1 -0
package/src/lib/token-lifecycle.ts +41 -1

package/dist/auth/better-auth.d.ts CHANGED Viewed

@@ -42,6 +42,7 @@ export declare function createBetterAuthInstance(idpConfig: IDPClientConfig): im
         cookieCache: {
             enabled: true;
             maxAge: number;
+            refreshCache: false;
         };
     };
     advanced: {

package/dist/auth/better-auth.js CHANGED Viewed

@@ -97,6 +97,7 @@ function createBetterAuthInstance(idpConfig) {
             cookieCache: {
                 enabled: true,
                 maxAge: 300,
+                refreshCache: false,
             },
         },
         // Cookie prefix must match slim-middleware expectations ({slug}.session-token)

package/dist/lib/token-lifecycle.js CHANGED Viewed

@@ -25,6 +25,8 @@ exports.ensureFreshToken = ensureFreshToken;
 exports.getFreshAuthHeader = getFreshAuthHeader;
 const session_store_1 = require("./session-store");
 const auth_1 = require("../server/auth");
+const redis_1 = require("./redis");
+const app_slug_1 = require("./app-slug");
 // 5 minute threshold for "needs refresh" - matches refresh handler pattern
 const REFRESH_THRESHOLD_MS = 5 * 60 * 1000;
 // Concurrent refresh handling configuration
@@ -220,8 +222,45 @@ async function ensureFreshToken(request) {
             };
         }
         const sessionToken = betterAuthSession.session.token;
-        // 2. Get session data from Redis
+        // 2. Get session data from Redis (legacy prefix), or Better Auth's secondary storage
         let sessionData = await (0, session_store_1.getSession)(sessionToken);
+        if (!sessionData) {
+            // Try Better Auth's secondaryStorage key (ba:{slug}:{token})
+            try {
+                const baKey = `ba:${(0, app_slug_1.getAppSlug)()}:${sessionToken}`;
+                const baRaw = await (0, redis_1.getRedis)().get(baKey);
+                if (baRaw) {
+                    const baSession = JSON.parse(baRaw);
+                    // Map Better Auth session to SessionData
+                    sessionData = {
+                        userId: baSession.user?.id || betterAuthSession.user?.id || '',
+                        email: baSession.user?.email || betterAuthSession.user?.email || '',
+                        name: baSession.user?.name || betterAuthSession.user?.name,
+                        roles: [],
+                        idpAccessTokenExpires: baSession.session?.expiresAt
+                            ? new Date(baSession.session.expiresAt).getTime()
+                            : Date.now() + 24 * 60 * 60 * 1000,
+                        mfaVerified: true,
+                        oauthProvider: 'google',
+                    };
+                }
+            }
+            catch { /* Redis unavailable */ }
+        }
+        if (!sessionData) {
+            // Last resort: build from Better Auth in-memory session
+            if (betterAuthSession.user) {
+                sessionData = {
+                    userId: betterAuthSession.user.id || '',
+                    email: betterAuthSession.user.email || '',
+                    name: betterAuthSession.user.name,
+                    roles: [],
+                    idpAccessTokenExpires: Date.now() + 24 * 60 * 60 * 1000,
+                    mfaVerified: true,
+                    oauthProvider: 'google',
+                };
+            }
+        }
         if (!sessionData) {
             return {
                 success: false,

package/dist/server/auth.d.ts CHANGED Viewed

@@ -25,6 +25,7 @@ export declare function getAuthInstance(): Promise<import("better-auth/types").A
         cookieCache: {
             enabled: true;
             maxAge: number;
+            refreshCache: false;
         };
     };
     advanced: {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@payez/next-mvp",
-  "version": "4.0.8",
+  "version": "4.0.9",
   "sideEffects": false,
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/auth/better-auth.ts CHANGED Viewed

@@ -105,6 +105,7 @@ export function createBetterAuthInstance(idpConfig: IDPClientConfig) {
       cookieCache: {
         enabled: true,
         maxAge: 300,
+        refreshCache: false,
       },
     },

package/src/lib/token-lifecycle.ts CHANGED Viewed

@@ -23,6 +23,8 @@
 import { NextRequest } from 'next/server';
 import { getSession as getRedisSession, SessionData } from './session-store';
 import { getSession as getBetterAuthSession } from '../server/auth';
+import { getRedis } from './redis';
+import { getAppSlug } from './app-slug';
 // 5 minute threshold for "needs refresh" - matches refresh handler pattern
 const REFRESH_THRESHOLD_MS = 5 * 60 * 1000;
@@ -282,9 +284,47 @@ export async function ensureFreshToken(
     const sessionToken = betterAuthSession.session.token;
-    // 2. Get session data from Redis
+    // 2. Get session data from Redis (legacy prefix), or Better Auth's secondary storage
     let sessionData = await getRedisSession(sessionToken);
+    if (!sessionData) {
+      // Try Better Auth's secondaryStorage key (ba:{slug}:{token})
+      try {
+        const baKey = `ba:${getAppSlug()}:${sessionToken}`;
+        const baRaw = await getRedis().get(baKey);
+        if (baRaw) {
+          const baSession = JSON.parse(baRaw);
+          // Map Better Auth session to SessionData
+          sessionData = {
+            userId: baSession.user?.id || betterAuthSession.user?.id || '',
+            email: baSession.user?.email || betterAuthSession.user?.email || '',
+            name: baSession.user?.name || betterAuthSession.user?.name,
+            roles: [],
+            idpAccessTokenExpires: baSession.session?.expiresAt
+              ? new Date(baSession.session.expiresAt).getTime()
+              : Date.now() + 24 * 60 * 60 * 1000,
+            mfaVerified: true,
+            oauthProvider: 'google',
+          } as SessionData;
+        }
+      } catch { /* Redis unavailable */ }
+    }
+    if (!sessionData) {
+      // Last resort: build from Better Auth in-memory session
+      if (betterAuthSession.user) {
+        sessionData = {
+          userId: betterAuthSession.user.id || '',
+          email: betterAuthSession.user.email || '',
+          name: betterAuthSession.user.name,
+          roles: [],
+          idpAccessTokenExpires: Date.now() + 24 * 60 * 60 * 1000,
+          mfaVerified: true,
+          oauthProvider: 'google',
+        } as SessionData;
+      }
+    }
     if (!sessionData) {
       return {
         success: false,