@redmix/auth-supabase-middleware 0.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Redmix
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,129 @@
+# Supabase Middleware
+
+```tsx filename='entry.server.tsx'
+import type { TagDescriptor } from '@redmix/web'
+
+import App from './App'
+import initSupabaseMiddleware from '@redmix/auth-supabase-middleware'
+import { Document } from './Document'
+
+import { getCurrentUser } from '$api/src/lib/auth'
+
+interface Props {
+  css: string[]
+  meta?: TagDescriptor[]
+}
+
+export const registerMiddleware = () => {
+  const supabaseAuthMiddleware = initSupabaseMiddleware({
+    // Optional. If not set, Supabase will use its own `currentUser` function
+    // instead of your app's
+    getCurrentUser,
+    // Optional. If you wish to enforce RBAC, define a function to return roles.
+    // Typically, one will define roles in Supabase in the user's app_metadata.
+    getRoles,
+  })
+
+  return [supabaseAuthMiddleware]
+}
+
+export const ServerEntry: React.FC<Props> = ({ css, meta }) => {
+  return (
+    <Document css={css} meta={meta}>
+      <App />
+    </Document>
+  )
+}
+```
+
+## About Roles
+
+### How To Set Roles in Supabase
+
+Typically, one will define roles in Supabase in the user's `app_metadata`.
+
+Supabase `app_metadata` includes the provider attribute indicates the first provider that the user used to sign up with. The providers attribute indicates the list of providers that the user can use to login with.
+
+You can add information to `app_metadata` via `SQL`:
+
+You can set a single role:
+
+```sql
+update AUTH.users
+  set raw_app_meta_data = raw_app_meta_data || '{"roles": "admin"}'
+where
+  id = '11111111-1111-1111-1111-111111111111';
+```
+
+Or multiple roles:
+
+```sql
+update AUTH.users
+  set raw_app_meta_data = raw_app_meta_data || '{"roles": ["admin", "owner"]}'
+where
+  id = '11111111-1111-1111-1111-111111111111';
+```
+
+Alternatively, you can update the user's `app_metadata` via the [Auth Admin `update user` api](https://supabase.com/docs/reference/javascript/auth-admin-updateuserbyid). Only a service role api request can modify the user app_metadata.
+
+> A custom data object to store the user's application specific metadata. This maps to the `auth.users.app_metadata` column. Only a service role can modify. The `app_metadata` should be a JSON object that includes app-specific info, such as identity providers, roles, and other access control information.
+
+```ts
+const { data: user, error } = await supabase.auth.admin.updateUserById(
+  '11111111-1111-1111-1111-111111111111',
+  { app_metadata: { roles: ['admin', 'owner'] } },
+)
+```
+
+Note: You may see a `role` attribute on the Supabase user. This is an internal claim used by Postgres to perform Row Level Security (RLS) checks.
+
+### What is the default implementation?
+
+If you do not supply a `getRoles` function, we look in the `app_metadata.roles` property.
+
+If you only had a string, e.g.
+
+```
+{
+  app_metadata: {
+    provider: 'email',
+    providers: ['email'],
+    roles: 'admin', // <-- ⭐ notice this is a string
+  },
+  user_metadata: {
+    ...
+}
+```
+
+it will convert the roles here to `['admin']`.
+
+If you place your roles somewhere else, you will need to provide an implementation of the `getRoles` function. e.g.
+
+```
+{
+  app_metadata: {
+    provider: 'email',
+    providers: ['email'],
+    organization: {
+      name: 'acme',
+      userRoles: ['admin']
+    }
+  },
+  user_metadata: {
+    ...
+}
+```
+
+```js
+// In entry.server.jsx
+export const registerMiddleware = () => {
+  const supabaseAuthMiddleware = initSupabaseMiddleware({
+    // Customise where you get your roles from
+    getRoles: (decoded) => {
+      return decoded.app_metadata.organization?.userRoles
+    },
+  })
+
+  return [supabaseAuthMiddleware]
+}
+```

package/dist/cjs/defaultGetRoles.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Currently the supabase auth decoder returns something like this:
+{
+  "aud": "authenticated",
+  "exp": 1716806712,
+  "iat": 1716803112,
+  "iss": "https://bubnfbrfzfdryapcuybr.supabase.co/auth/v1",
+  "sub": "75fd8091-e0a7-4e7d-8a8d-138d0eb3ca5a",
+  "email": "dannychoudhury+1@gmail.com",
+  "phone": "",
+  "app_metadata": {
+    "provider": "email",
+    "providers": [
+      "email"
+    ],
+    "roles": "admin" <-- this the role we're looking for
+  },
+  "user_metadata": {
+    "full-name": "Danny Choudhury 1"
+  },
+  "role": "authenticated", <-- this is the role supabase sets
+  "aal": "aal1",
+  "amr": [
+    {
+      "method": "password",
+      "timestamp": 1716803107
+    }
+  ],
+  "session_id": "39b4ae31-c57a-4ac1-8f01-e9d6ccbd9365",
+  "is_anonymous": false
+}
+ */
+interface PartialSupabaseDecoded {
+    app_metadata: {
+        [key: string]: unknown;
+        roles?: string | undefined;
+    };
+}
+export declare const defaultGetRoles: (decoded: PartialSupabaseDecoded) => string[];
+export {};
+//# sourceMappingURL=defaultGetRoles.d.ts.map

package/dist/cjs/defaultGetRoles.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaultGetRoles.d.ts","sourceRoot":"","sources":["../../src/defaultGetRoles.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,UAAU,sBAAsB;IAC9B,YAAY,EAAE;QACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;QACtB,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC3B,CAAA;CACF;AAED,eAAO,MAAM,eAAe,YAAa,sBAAsB,KAAG,MAAM,EAYvE,CAAA"}

package/dist/cjs/defaultGetRoles.js

@@ -0,0 +1,39 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var defaultGetRoles_exports = {};
+__export(defaultGetRoles_exports, {
+  defaultGetRoles: () => defaultGetRoles
+});
+module.exports = __toCommonJS(defaultGetRoles_exports);
+const defaultGetRoles = (decoded) => {
+  try {
+    const roles = decoded?.app_metadata?.roles;
+    if (Array.isArray(roles)) {
+      return roles;
+    } else {
+      return roles ? [roles] : [];
+    }
+  } catch {
+    return [];
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  defaultGetRoles
+});

package/dist/cjs/index.d.ts

@@ -0,0 +1,12 @@
+import type { GetCurrentUser } from '@redmix/graphql-server';
+import type { Middleware } from '@redmix/web/middleware';
+export interface SupabaseAuthMiddlewareOptions {
+    getCurrentUser: GetCurrentUser;
+    getRoles?: (decoded: any) => string[];
+}
+/**
+ * Create Supabase Auth Middleware that sets the `serverAuthState` based on the Supabase cookie.
+ */
+declare const initSupabaseAuthMiddleware: ({ getCurrentUser, getRoles, }: SupabaseAuthMiddlewareOptions) => [Middleware, "*"];
+export default initSupabaseAuthMiddleware;
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAC5D,OAAO,KAAK,EACV,UAAU,EAGX,MAAM,wBAAwB,CAAA;AAI/B,MAAM,WAAW,6BAA6B;IAC5C,cAAc,EAAE,cAAc,CAAA;IAC9B,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,MAAM,EAAE,CAAA;CACtC;AAED;;GAEG;AACH,QAAA,MAAM,0BAA0B,kCAG7B,6BAA6B,KAAG,CAAC,UAAU,EAAE,GAAG,CAmElD,CAAA;AACD,eAAe,0BAA0B,CAAA"}

package/dist/cjs/index.js

@@ -0,0 +1,74 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var index_exports = {};
+__export(index_exports, {
+  default: () => index_default
+});
+module.exports = __toCommonJS(index_exports);
+var import_api = require("@redmix/api");
+var import_auth_supabase_api = require("@redmix/auth-supabase-api");
+var import_util = require("./util.js");
+const initSupabaseAuthMiddleware = ({
+  getCurrentUser,
+  getRoles
+}) => {
+  const middleware = async (req, res) => {
+    const type = "supabase";
+    const cookieHeader = req.headers.get("cookie");
+    if (!cookieHeader) {
+      return res;
+    }
+    try {
+      const authProviderCookie = req.cookies.get(import_api.AUTH_PROVIDER_HEADER);
+      if (!authProviderCookie || authProviderCookie !== type) {
+        return res;
+      }
+      const decoded = await (0, import_auth_supabase_api.authDecoder)(cookieHeader, type, {
+        event: req
+      });
+      const currentUser = await getCurrentUser(
+        decoded,
+        { type, token: cookieHeader, schema: "cookie" },
+        { event: req }
+      );
+      if (req.url.includes(`/middleware/supabase/currentUser`)) {
+        res.body = // Not sure how currentUser can be string.... but types say so
+        typeof currentUser === "string" ? currentUser : JSON.stringify({ currentUser });
+        return res;
+      }
+      const userMetadata = typeof currentUser === "string" ? null : currentUser?.["user_metadata"];
+      req.serverAuthState.set({
+        currentUser,
+        loading: false,
+        isAuthenticated: !!currentUser,
+        hasError: false,
+        userMetadata: userMetadata || currentUser,
+        cookieHeader,
+        roles: getRoles ? getRoles(decoded) : []
+      });
+    } catch (e) {
+      console.error(e, "Error in Supabase Auth Middleware");
+      (0, import_util.clearAuthState)(req, res);
+      return res;
+    }
+    return res;
+  };
+  return [middleware, "*"];
+};
+var index_default = initSupabaseAuthMiddleware;

package/dist/cjs/package.json

@@ -0,0 +1 @@
+{"type":"commonjs"}

package/dist/cjs/util.d.ts

@@ -0,0 +1,16 @@
+import type { SupabaseClient } from '@supabase/supabase-js';
+import type { MiddlewareRequest, MiddlewareResponse } from '@redmix/web/middleware';
+/**
+ * Creates Supabase Server Client used to get the session cookie (only)
+ * from a given collection of auth cookies
+ */
+export declare const createSupabaseServerClient: (req: MiddlewareRequest, res: MiddlewareResponse) => {
+    cookieName: string | null;
+    supabase: SupabaseClient;
+};
+/**
+ * Clear the Supabase and auth cookies from the request and response
+ * and clear the auth context
+ */
+export declare const clearAuthState: (req: MiddlewareRequest, res: MiddlewareResponse) => void;
+//# sourceMappingURL=util.d.ts.map

package/dist/cjs/util.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/util.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAI3D,OAAO,KAAK,EACV,iBAAiB,EACjB,kBAAkB,EACnB,MAAM,wBAAwB,CAAA;AAC/B;;;GAGG;AACH,eAAO,MAAM,0BAA0B,QAChC,iBAAiB,OACjB,kBAAkB,KACtB;IAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,QAAQ,EAAE,cAAc,CAAA;CAmCvD,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,cAAc,QACpB,iBAAiB,OACjB,kBAAkB,SAgBxB,CAAA"}

package/dist/cjs/util.js

@@ -0,0 +1,72 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var util_exports = {};
+__export(util_exports, {
+  clearAuthState: () => clearAuthState,
+  createSupabaseServerClient: () => createSupabaseServerClient
+});
+module.exports = __toCommonJS(util_exports);
+var import_ssr = require("@supabase/ssr");
+var import_api = require("@redmix/api");
+var import_auth_supabase_api = require("@redmix/auth-supabase-api");
+const createSupabaseServerClient = (req, res) => {
+  let cookieName = null;
+  if (!process.env.SUPABASE_URL) {
+    (0, import_auth_supabase_api.throwSupabaseSettingsError)("SUPABASE_URL");
+  }
+  if (!process.env.SUPABASE_KEY) {
+    (0, import_auth_supabase_api.throwSupabaseSettingsError)("SUPABASE_KEY");
+  }
+  const supabase = (0, import_ssr.createServerClient)(
+    process.env.SUPABASE_URL || "",
+    process.env.SUPABASE_KEY || "",
+    {
+      cookies: {
+        get(name) {
+          cookieName = name;
+          return req.cookies.get(name)?.valueOf();
+        },
+        set(name, value, options) {
+          cookieName = name;
+          req.cookies.set(name, value, options);
+          res.cookies.set(name, value, options);
+        },
+        remove(name, options) {
+          cookieName = name;
+          req.cookies.set(name, "", options);
+          res.cookies.set(name, "", options);
+        }
+      }
+    }
+  );
+  return { cookieName, supabase };
+};
+const clearAuthState = (req, res) => {
+  req.serverAuthState.clear();
+  const { cookieName } = createSupabaseServerClient(req, res);
+  if (cookieName) {
+    res.cookies.unset(cookieName);
+  }
+  res.cookies.unset(import_api.AUTH_PROVIDER_HEADER);
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  clearAuthState,
+  createSupabaseServerClient
+});

package/dist/defaultGetRoles.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Currently the supabase auth decoder returns something like this:
+{
+  "aud": "authenticated",
+  "exp": 1716806712,
+  "iat": 1716803112,
+  "iss": "https://bubnfbrfzfdryapcuybr.supabase.co/auth/v1",
+  "sub": "75fd8091-e0a7-4e7d-8a8d-138d0eb3ca5a",
+  "email": "dannychoudhury+1@gmail.com",
+  "phone": "",
+  "app_metadata": {
+    "provider": "email",
+    "providers": [
+      "email"
+    ],
+    "roles": "admin" <-- this the role we're looking for
+  },
+  "user_metadata": {
+    "full-name": "Danny Choudhury 1"
+  },
+  "role": "authenticated", <-- this is the role supabase sets
+  "aal": "aal1",
+  "amr": [
+    {
+      "method": "password",
+      "timestamp": 1716803107
+    }
+  ],
+  "session_id": "39b4ae31-c57a-4ac1-8f01-e9d6ccbd9365",
+  "is_anonymous": false
+}
+ */
+interface PartialSupabaseDecoded {
+    app_metadata: {
+        [key: string]: unknown;
+        roles?: string | undefined;
+    };
+}
+export declare const defaultGetRoles: (decoded: PartialSupabaseDecoded) => string[];
+export {};
+//# sourceMappingURL=defaultGetRoles.d.ts.map

package/dist/defaultGetRoles.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaultGetRoles.d.ts","sourceRoot":"","sources":["../src/defaultGetRoles.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,UAAU,sBAAsB;IAC9B,YAAY,EAAE;QACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;QACtB,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC3B,CAAA;CACF;AAED,eAAO,MAAM,eAAe,YAAa,sBAAsB,KAAG,MAAM,EAYvE,CAAA"}

package/dist/defaultGetRoles.js

@@ -0,0 +1,15 @@
+const defaultGetRoles = (decoded) => {
+  try {
+    const roles = decoded?.app_metadata?.roles;
+    if (Array.isArray(roles)) {
+      return roles;
+    } else {
+      return roles ? [roles] : [];
+    }
+  } catch {
+    return [];
+  }
+};
+export {
+  defaultGetRoles
+};

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+import type { GetCurrentUser } from '@redmix/graphql-server';
+import type { Middleware } from '@redmix/web/middleware';
+export interface SupabaseAuthMiddlewareOptions {
+    getCurrentUser: GetCurrentUser;
+    getRoles?: (decoded: any) => string[];
+}
+/**
+ * Create Supabase Auth Middleware that sets the `serverAuthState` based on the Supabase cookie.
+ */
+declare const initSupabaseAuthMiddleware: ({ getCurrentUser, getRoles, }: SupabaseAuthMiddlewareOptions) => [Middleware, "*"];
+export default initSupabaseAuthMiddleware;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAC5D,OAAO,KAAK,EACV,UAAU,EAGX,MAAM,wBAAwB,CAAA;AAI/B,MAAM,WAAW,6BAA6B;IAC5C,cAAc,EAAE,cAAc,CAAA;IAC9B,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,MAAM,EAAE,CAAA;CACtC;AAED;;GAEG;AACH,QAAA,MAAM,0BAA0B,kCAG7B,6BAA6B,KAAG,CAAC,UAAU,EAAE,GAAG,CAmElD,CAAA;AACD,eAAe,0BAA0B,CAAA"}

package/dist/index.js

@@ -0,0 +1,54 @@
+import { AUTH_PROVIDER_HEADER } from "@redmix/api";
+import { authDecoder } from "@redmix/auth-supabase-api";
+import { clearAuthState } from "./util.js";
+const initSupabaseAuthMiddleware = ({
+  getCurrentUser,
+  getRoles
+}) => {
+  const middleware = async (req, res) => {
+    const type = "supabase";
+    const cookieHeader = req.headers.get("cookie");
+    if (!cookieHeader) {
+      return res;
+    }
+    try {
+      const authProviderCookie = req.cookies.get(AUTH_PROVIDER_HEADER);
+      if (!authProviderCookie || authProviderCookie !== type) {
+        return res;
+      }
+      const decoded = await authDecoder(cookieHeader, type, {
+        event: req
+      });
+      const currentUser = await getCurrentUser(
+        decoded,
+        { type, token: cookieHeader, schema: "cookie" },
+        { event: req }
+      );
+      if (req.url.includes(`/middleware/supabase/currentUser`)) {
+        res.body = // Not sure how currentUser can be string.... but types say so
+        typeof currentUser === "string" ? currentUser : JSON.stringify({ currentUser });
+        return res;
+      }
+      const userMetadata = typeof currentUser === "string" ? null : currentUser?.["user_metadata"];
+      req.serverAuthState.set({
+        currentUser,
+        loading: false,
+        isAuthenticated: !!currentUser,
+        hasError: false,
+        userMetadata: userMetadata || currentUser,
+        cookieHeader,
+        roles: getRoles ? getRoles(decoded) : []
+      });
+    } catch (e) {
+      console.error(e, "Error in Supabase Auth Middleware");
+      clearAuthState(req, res);
+      return res;
+    }
+    return res;
+  };
+  return [middleware, "*"];
+};
+var index_default = initSupabaseAuthMiddleware;
+export {
+  index_default as default
+};

package/dist/util.d.ts

@@ -0,0 +1,16 @@
+import type { SupabaseClient } from '@supabase/supabase-js';
+import type { MiddlewareRequest, MiddlewareResponse } from '@redmix/web/middleware';
+/**
+ * Creates Supabase Server Client used to get the session cookie (only)
+ * from a given collection of auth cookies
+ */
+export declare const createSupabaseServerClient: (req: MiddlewareRequest, res: MiddlewareResponse) => {
+    cookieName: string | null;
+    supabase: SupabaseClient;
+};
+/**
+ * Clear the Supabase and auth cookies from the request and response
+ * and clear the auth context
+ */
+export declare const clearAuthState: (req: MiddlewareRequest, res: MiddlewareResponse) => void;
+//# sourceMappingURL=util.d.ts.map

package/dist/util.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAI3D,OAAO,KAAK,EACV,iBAAiB,EACjB,kBAAkB,EACnB,MAAM,wBAAwB,CAAA;AAC/B;;;GAGG;AACH,eAAO,MAAM,0BAA0B,QAChC,iBAAiB,OACjB,kBAAkB,KACtB;IAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,QAAQ,EAAE,cAAc,CAAA;CAmCvD,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,cAAc,QACpB,iBAAiB,OACjB,kBAAkB,SAgBxB,CAAA"}

package/dist/util.js

@@ -0,0 +1,47 @@
+import { createServerClient } from "@supabase/ssr";
+import { AUTH_PROVIDER_HEADER } from "@redmix/api";
+import { throwSupabaseSettingsError } from "@redmix/auth-supabase-api";
+const createSupabaseServerClient = (req, res) => {
+  let cookieName = null;
+  if (!process.env.SUPABASE_URL) {
+    throwSupabaseSettingsError("SUPABASE_URL");
+  }
+  if (!process.env.SUPABASE_KEY) {
+    throwSupabaseSettingsError("SUPABASE_KEY");
+  }
+  const supabase = createServerClient(
+    process.env.SUPABASE_URL || "",
+    process.env.SUPABASE_KEY || "",
+    {
+      cookies: {
+        get(name) {
+          cookieName = name;
+          return req.cookies.get(name)?.valueOf();
+        },
+        set(name, value, options) {
+          cookieName = name;
+          req.cookies.set(name, value, options);
+          res.cookies.set(name, value, options);
+        },
+        remove(name, options) {
+          cookieName = name;
+          req.cookies.set(name, "", options);
+          res.cookies.set(name, "", options);
+        }
+      }
+    }
+  );
+  return { cookieName, supabase };
+};
+const clearAuthState = (req, res) => {
+  req.serverAuthState.clear();
+  const { cookieName } = createSupabaseServerClient(req, res);
+  if (cookieName) {
+    res.cookies.unset(cookieName);
+  }
+  res.cookies.unset(AUTH_PROVIDER_HEADER);
+};
+export {
+  clearAuthState,
+  createSupabaseServerClient
+};

package/package.json

@@ -0,0 +1,63 @@
+{
+  "name": "@redmix/auth-supabase-middleware",
+  "version": "0.0.1",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/redmix-run/redmix.git",
+    "directory": "packages/auth-providers/supabase/middleware"
+  },
+  "license": "MIT",
+  "type": "module",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/cjs/index.d.ts",
+        "default": "./dist/cjs/index.js"
+      }
+    }
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "cjsWrappers"
+  ],
+  "scripts": {
+    "build": "tsx ./build.mts",
+    "build:pack": "yarn pack -o redmix-auth-supabase-middleware.tgz",
+    "build:types": "tsc --build --verbose ./tsconfig.build.json",
+    "build:types-cjs": "tsc --build --verbose ./tsconfig.cjs.json",
+    "check:attw": "yarn attw -P",
+    "check:package": "concurrently npm:check:attw yarn:publint",
+    "prepublishOnly": "NODE_ENV=production yarn build",
+    "test": "vitest run",
+    "test:watch": "vitest watch"
+  },
+  "dependencies": {
+    "@redmix/auth-supabase-api": "0.0.1",
+    "@redmix/web": "0.0.1",
+    "@supabase/ssr": "0.5.1"
+  },
+  "devDependencies": {
+    "@arethetypeswrong/cli": "0.16.4",
+    "@redmix/api": "0.0.1",
+    "@redmix/auth": "0.0.1",
+    "@redmix/framework-tools": "0.0.1",
+    "@redmix/graphql-server": "0.0.1",
+    "@types/aws-lambda": "8.10.145",
+    "concurrently": "8.2.2",
+    "publint": "0.3.11",
+    "ts-toolbelt": "9.6.0",
+    "tsx": "4.19.3",
+    "typescript": "5.6.2",
+    "vitest": "2.1.9"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "gitHead": "25a2481ac394049b7c864eda26381814a0124a79"
+}