@spfn/auth 0.1.0-alpha.88 → 0.2.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1385 -1199
- package/dist/config.d.ts +409 -0
- package/dist/config.js +244 -0
- package/dist/config.js.map +1 -0
- package/dist/dto-CRlgoCP5.d.ts +645 -0
- package/dist/errors.d.ts +196 -0
- package/dist/errors.js +173 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +287 -14
- package/dist/index.js +511 -6665
- package/dist/index.js.map +1 -1
- package/dist/nextjs/api.js +345 -0
- package/dist/nextjs/api.js.map +1 -0
- package/dist/{adapters/nextjs → nextjs}/server.d.ts +47 -65
- package/dist/nextjs/server.js +178 -0
- package/dist/nextjs/server.js.map +1 -0
- package/dist/server.d.ts +4444 -514
- package/dist/server.js +7977 -1210
- package/dist/server.js.map +1 -1
- package/migrations/0000_premium_famine.sql +292 -0
- package/migrations/meta/0000_snapshot.json +281 -46
- package/migrations/meta/_journal.json +2 -2
- package/package.json +37 -33
- package/dist/adapters/nextjs/api.d.ts +0 -446
- package/dist/adapters/nextjs/api.js +0 -3279
- package/dist/adapters/nextjs/api.js.map +0 -1
- package/dist/adapters/nextjs/server.js +0 -3645
- package/dist/adapters/nextjs/server.js.map +0 -1
- package/dist/lib/api/auth-codes-verify.d.ts +0 -37
- package/dist/lib/api/auth-codes-verify.js +0 -2949
- package/dist/lib/api/auth-codes-verify.js.map +0 -1
- package/dist/lib/api/auth-codes.d.ts +0 -37
- package/dist/lib/api/auth-codes.js +0 -2949
- package/dist/lib/api/auth-codes.js.map +0 -1
- package/dist/lib/api/auth-exists.d.ts +0 -38
- package/dist/lib/api/auth-exists.js +0 -2949
- package/dist/lib/api/auth-exists.js.map +0 -1
- package/dist/lib/api/auth-invitations-accept.d.ts +0 -38
- package/dist/lib/api/auth-invitations-accept.js +0 -2883
- package/dist/lib/api/auth-invitations-accept.js.map +0 -1
- package/dist/lib/api/auth-invitations-cancel.d.ts +0 -37
- package/dist/lib/api/auth-invitations-cancel.js +0 -2883
- package/dist/lib/api/auth-invitations-cancel.js.map +0 -1
- package/dist/lib/api/auth-invitations-delete.d.ts +0 -36
- package/dist/lib/api/auth-invitations-delete.js +0 -2883
- package/dist/lib/api/auth-invitations-delete.js.map +0 -1
- package/dist/lib/api/auth-invitations-resend.d.ts +0 -37
- package/dist/lib/api/auth-invitations-resend.js +0 -2883
- package/dist/lib/api/auth-invitations-resend.js.map +0 -1
- package/dist/lib/api/auth-invitations.d.ts +0 -109
- package/dist/lib/api/auth-invitations.js +0 -2887
- package/dist/lib/api/auth-invitations.js.map +0 -1
- package/dist/lib/api/auth-keys-rotate.d.ts +0 -37
- package/dist/lib/api/auth-keys-rotate.js +0 -2949
- package/dist/lib/api/auth-keys-rotate.js.map +0 -1
- package/dist/lib/api/auth-login.d.ts +0 -39
- package/dist/lib/api/auth-login.js +0 -2949
- package/dist/lib/api/auth-login.js.map +0 -1
- package/dist/lib/api/auth-logout.d.ts +0 -36
- package/dist/lib/api/auth-logout.js +0 -2949
- package/dist/lib/api/auth-logout.js.map +0 -1
- package/dist/lib/api/auth-me.d.ts +0 -50
- package/dist/lib/api/auth-me.js +0 -2949
- package/dist/lib/api/auth-me.js.map +0 -1
- package/dist/lib/api/auth-password.d.ts +0 -36
- package/dist/lib/api/auth-password.js +0 -2949
- package/dist/lib/api/auth-password.js.map +0 -1
- package/dist/lib/api/auth-register.d.ts +0 -38
- package/dist/lib/api/auth-register.js +0 -2949
- package/dist/lib/api/auth-register.js.map +0 -1
- package/dist/lib/api/index.d.ts +0 -356
- package/dist/lib/api/index.js +0 -3261
- package/dist/lib/api/index.js.map +0 -1
- package/dist/lib/config.d.ts +0 -70
- package/dist/lib/config.js +0 -64
- package/dist/lib/config.js.map +0 -1
- package/dist/lib/contracts/auth.d.ts +0 -302
- package/dist/lib/contracts/auth.js +0 -2951
- package/dist/lib/contracts/auth.js.map +0 -1
- package/dist/lib/contracts/index.d.ts +0 -3
- package/dist/lib/contracts/index.js +0 -3190
- package/dist/lib/contracts/index.js.map +0 -1
- package/dist/lib/contracts/invitation.d.ts +0 -243
- package/dist/lib/contracts/invitation.js +0 -2883
- package/dist/lib/contracts/invitation.js.map +0 -1
- package/dist/lib/crypto.d.ts +0 -76
- package/dist/lib/crypto.js +0 -127
- package/dist/lib/crypto.js.map +0 -1
- package/dist/lib/index.d.ts +0 -4
- package/dist/lib/index.js +0 -313
- package/dist/lib/index.js.map +0 -1
- package/dist/lib/session.d.ts +0 -68
- package/dist/lib/session.js +0 -126
- package/dist/lib/session.js.map +0 -1
- package/dist/lib/types/api.d.ts +0 -45
- package/dist/lib/types/api.js +0 -1
- package/dist/lib/types/api.js.map +0 -1
- package/dist/lib/types/index.d.ts +0 -3
- package/dist/lib/types/index.js +0 -2647
- package/dist/lib/types/index.js.map +0 -1
- package/dist/lib/types/schemas.d.ts +0 -45
- package/dist/lib/types/schemas.js +0 -2647
- package/dist/lib/types/schemas.js.map +0 -1
- package/dist/lib.js +0 -1
- package/dist/lib.js.map +0 -1
- package/dist/plugin.d.ts +0 -12
- package/dist/plugin.js +0 -9083
- package/dist/plugin.js.map +0 -1
- package/dist/server/entities/index.d.ts +0 -11
- package/dist/server/entities/index.js +0 -395
- package/dist/server/entities/index.js.map +0 -1
- package/dist/server/entities/invitations.d.ts +0 -241
- package/dist/server/entities/invitations.js +0 -184
- package/dist/server/entities/invitations.js.map +0 -1
- package/dist/server/entities/permissions.d.ts +0 -196
- package/dist/server/entities/permissions.js +0 -49
- package/dist/server/entities/permissions.js.map +0 -1
- package/dist/server/entities/role-permissions.d.ts +0 -107
- package/dist/server/entities/role-permissions.js +0 -115
- package/dist/server/entities/role-permissions.js.map +0 -1
- package/dist/server/entities/roles.d.ts +0 -196
- package/dist/server/entities/roles.js +0 -50
- package/dist/server/entities/roles.js.map +0 -1
- package/dist/server/entities/schema.d.ts +0 -14
- package/dist/server/entities/schema.js +0 -7
- package/dist/server/entities/schema.js.map +0 -1
- package/dist/server/entities/user-permissions.d.ts +0 -163
- package/dist/server/entities/user-permissions.js +0 -193
- package/dist/server/entities/user-permissions.js.map +0 -1
- package/dist/server/entities/user-public-keys.d.ts +0 -227
- package/dist/server/entities/user-public-keys.js +0 -156
- package/dist/server/entities/user-public-keys.js.map +0 -1
- package/dist/server/entities/user-social-accounts.d.ts +0 -189
- package/dist/server/entities/user-social-accounts.js +0 -149
- package/dist/server/entities/user-social-accounts.js.map +0 -1
- package/dist/server/entities/users.d.ts +0 -235
- package/dist/server/entities/users.js +0 -117
- package/dist/server/entities/users.js.map +0 -1
- package/dist/server/entities/verification-codes.d.ts +0 -191
- package/dist/server/entities/verification-codes.js +0 -49
- package/dist/server/entities/verification-codes.js.map +0 -1
- package/dist/server/routes/auth/index.d.ts +0 -10
- package/dist/server/routes/auth/index.js +0 -4460
- package/dist/server/routes/auth/index.js.map +0 -1
- package/dist/server/routes/index.d.ts +0 -6
- package/dist/server/routes/index.js +0 -6584
- package/dist/server/routes/index.js.map +0 -1
- package/dist/server/routes/invitations/index.d.ts +0 -10
- package/dist/server/routes/invitations/index.js +0 -4395
- package/dist/server/routes/invitations/index.js.map +0 -1
- package/migrations/0000_skinny_christian_walker.sql +0 -167
- /package/dist/{lib.d.ts → nextjs/api.d.ts} +0 -0
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
// src/nextjs/server.ts
|
|
2
|
+
import "server-only";
|
|
3
|
+
|
|
4
|
+
// src/nextjs/guards/require-auth.tsx
|
|
5
|
+
import { redirect } from "next/navigation";
|
|
6
|
+
|
|
7
|
+
// src/nextjs/session-helpers.ts
|
|
8
|
+
import { cookies } from "next/headers.js";
|
|
9
|
+
import { sealSession, unsealSession, COOKIE_NAMES, getSessionTtl, parseDuration } from "@spfn/auth/server";
|
|
10
|
+
import { logger } from "@spfn/core/logger";
|
|
11
|
+
async function saveSession(data, options) {
|
|
12
|
+
let maxAge;
|
|
13
|
+
if (options?.maxAge !== void 0) {
|
|
14
|
+
maxAge = typeof options.maxAge === "number" ? options.maxAge : parseDuration(options.maxAge);
|
|
15
|
+
} else {
|
|
16
|
+
maxAge = getSessionTtl();
|
|
17
|
+
}
|
|
18
|
+
const token = await sealSession(data, maxAge);
|
|
19
|
+
const cookieStore = await cookies();
|
|
20
|
+
cookieStore.set(COOKIE_NAMES.SESSION, token, {
|
|
21
|
+
httpOnly: true,
|
|
22
|
+
secure: process.env.NODE_ENV === "production",
|
|
23
|
+
sameSite: "strict",
|
|
24
|
+
path: "/",
|
|
25
|
+
maxAge
|
|
26
|
+
});
|
|
27
|
+
}
|
|
28
|
+
async function getSession() {
|
|
29
|
+
const cookieStore = await cookies();
|
|
30
|
+
const sessionCookie = cookieStore.get(COOKIE_NAMES.SESSION);
|
|
31
|
+
if (!sessionCookie) {
|
|
32
|
+
return null;
|
|
33
|
+
}
|
|
34
|
+
try {
|
|
35
|
+
logger.debug("Validating session cookie", { cookie: sessionCookie.value });
|
|
36
|
+
const session = await unsealSession(sessionCookie.value);
|
|
37
|
+
return {
|
|
38
|
+
userId: session.userId
|
|
39
|
+
};
|
|
40
|
+
} catch (error) {
|
|
41
|
+
console.error(error);
|
|
42
|
+
logger.debug("Session validation failed", {
|
|
43
|
+
error: error instanceof Error ? error.message : String(error)
|
|
44
|
+
});
|
|
45
|
+
return null;
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
async function clearSession() {
|
|
49
|
+
const cookieStore = await cookies();
|
|
50
|
+
cookieStore.delete(COOKIE_NAMES.SESSION);
|
|
51
|
+
cookieStore.delete(COOKIE_NAMES.SESSION_KEY_ID);
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
// src/nextjs/guards/require-auth.tsx
|
|
55
|
+
import { Fragment, jsx } from "react/jsx-runtime";
|
|
56
|
+
async function RequireAuth({
|
|
57
|
+
children,
|
|
58
|
+
redirectTo = "/auth/login",
|
|
59
|
+
fallback
|
|
60
|
+
}) {
|
|
61
|
+
const session = await getSession();
|
|
62
|
+
if (!session) {
|
|
63
|
+
if (fallback) {
|
|
64
|
+
return /* @__PURE__ */ jsx(Fragment, { children: fallback });
|
|
65
|
+
}
|
|
66
|
+
redirect(redirectTo);
|
|
67
|
+
}
|
|
68
|
+
return /* @__PURE__ */ jsx(Fragment, { children });
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
// src/nextjs/guards/require-role.tsx
|
|
72
|
+
import { redirect as redirect2 } from "next/navigation";
|
|
73
|
+
|
|
74
|
+
// src/nextjs/guards/auth-utils.ts
|
|
75
|
+
import { authApi } from "@spfn/auth";
|
|
76
|
+
import { authLogger } from "@spfn/auth/server";
|
|
77
|
+
async function getAuthSessionData() {
|
|
78
|
+
try {
|
|
79
|
+
const session = await authApi.getAuthSession.call();
|
|
80
|
+
authLogger.middleware.debug("Auth session retrieved", { name: session.role?.name });
|
|
81
|
+
return session;
|
|
82
|
+
} catch (error) {
|
|
83
|
+
authLogger.middleware.error("Failed to get auth session", { error });
|
|
84
|
+
return null;
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
async function getUserRole() {
|
|
88
|
+
const session = await getAuthSessionData();
|
|
89
|
+
return session?.role?.name || null;
|
|
90
|
+
}
|
|
91
|
+
async function getUserPermissions() {
|
|
92
|
+
const session = await getAuthSessionData();
|
|
93
|
+
if (!session) {
|
|
94
|
+
return [];
|
|
95
|
+
}
|
|
96
|
+
return session.permissions?.map((p) => p.name) || [];
|
|
97
|
+
}
|
|
98
|
+
async function hasAnyRole(requiredRoles) {
|
|
99
|
+
const session = await getAuthSessionData();
|
|
100
|
+
if (!session) {
|
|
101
|
+
return false;
|
|
102
|
+
}
|
|
103
|
+
return requiredRoles.includes(session.role?.name);
|
|
104
|
+
}
|
|
105
|
+
async function hasAnyPermission(requiredPermissions) {
|
|
106
|
+
const session = await getAuthSessionData();
|
|
107
|
+
if (!session) {
|
|
108
|
+
return false;
|
|
109
|
+
}
|
|
110
|
+
const userPermissionNames = session.permissions?.map((p) => p.name) || [];
|
|
111
|
+
return requiredPermissions.some((permission) => userPermissionNames.includes(permission));
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
// src/nextjs/guards/require-role.tsx
|
|
115
|
+
import { Fragment as Fragment2, jsx as jsx2 } from "react/jsx-runtime";
|
|
116
|
+
async function RequireRole({
|
|
117
|
+
roles,
|
|
118
|
+
children,
|
|
119
|
+
redirectTo = "/unauthorized",
|
|
120
|
+
fallback
|
|
121
|
+
}) {
|
|
122
|
+
const session = await getSession();
|
|
123
|
+
if (!session) {
|
|
124
|
+
if (fallback) {
|
|
125
|
+
return /* @__PURE__ */ jsx2(Fragment2, { children: fallback });
|
|
126
|
+
}
|
|
127
|
+
redirect2("/login");
|
|
128
|
+
}
|
|
129
|
+
const requiredRoles = Array.isArray(roles) ? roles : [roles];
|
|
130
|
+
const hasRole = await hasAnyRole(requiredRoles);
|
|
131
|
+
if (!hasRole) {
|
|
132
|
+
if (fallback) {
|
|
133
|
+
return /* @__PURE__ */ jsx2(Fragment2, { children: fallback });
|
|
134
|
+
}
|
|
135
|
+
redirect2(redirectTo);
|
|
136
|
+
}
|
|
137
|
+
return /* @__PURE__ */ jsx2(Fragment2, { children });
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
// src/nextjs/guards/require-permission.tsx
|
|
141
|
+
import { redirect as redirect3 } from "next/navigation";
|
|
142
|
+
import { Fragment as Fragment3, jsx as jsx3 } from "react/jsx-runtime";
|
|
143
|
+
async function RequirePermission({
|
|
144
|
+
permissions,
|
|
145
|
+
children,
|
|
146
|
+
redirectTo = "/unauthorized",
|
|
147
|
+
fallback
|
|
148
|
+
}) {
|
|
149
|
+
const session = await getSession();
|
|
150
|
+
if (!session) {
|
|
151
|
+
if (fallback) {
|
|
152
|
+
return /* @__PURE__ */ jsx3(Fragment3, { children: fallback });
|
|
153
|
+
}
|
|
154
|
+
redirect3("/login");
|
|
155
|
+
}
|
|
156
|
+
const requiredPermissions = Array.isArray(permissions) ? permissions : [permissions];
|
|
157
|
+
const hasPermission = await hasAnyPermission(requiredPermissions);
|
|
158
|
+
if (!hasPermission) {
|
|
159
|
+
if (fallback) {
|
|
160
|
+
return /* @__PURE__ */ jsx3(Fragment3, { children: fallback });
|
|
161
|
+
}
|
|
162
|
+
redirect3(redirectTo);
|
|
163
|
+
}
|
|
164
|
+
return /* @__PURE__ */ jsx3(Fragment3, { children });
|
|
165
|
+
}
|
|
166
|
+
export {
|
|
167
|
+
RequireAuth,
|
|
168
|
+
RequirePermission,
|
|
169
|
+
RequireRole,
|
|
170
|
+
clearSession,
|
|
171
|
+
getSession,
|
|
172
|
+
getUserPermissions,
|
|
173
|
+
getUserRole,
|
|
174
|
+
hasAnyPermission,
|
|
175
|
+
hasAnyRole,
|
|
176
|
+
saveSession
|
|
177
|
+
};
|
|
178
|
+
//# sourceMappingURL=server.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../src/nextjs/server.ts","../../src/nextjs/guards/require-auth.tsx","../../src/nextjs/session-helpers.ts","../../src/nextjs/guards/require-role.tsx","../../src/nextjs/guards/auth-utils.ts","../../src/nextjs/guards/require-permission.tsx"],"sourcesContent":["import \"server-only\";\n\nexport { RequireAuth } from './guards/require-auth';\nexport type { RequireAuthProps } from './guards/require-auth';\n\nexport { RequireRole } from './guards/require-role';\nexport type { RequireRoleProps } from './guards/require-role';\n\nexport { RequirePermission } from './guards/require-permission';\nexport type { RequirePermissionProps } from './guards/require-permission';\n\nexport { getUserRole, getUserPermissions, hasAnyRole, hasAnyPermission } from './guards/auth-utils';\n\n// Session helpers\nexport {\n saveSession,\n getSession,\n clearSession,\n type SessionData,\n type PublicSession,\n type SaveSessionOptions\n} from './session-helpers';","/**\n * RequireAuth Guard Component\n *\n * Requires user to be authenticated\n */\n\nimport { redirect } from 'next/navigation';\nimport { getSession } from '../session-helpers';\nimport type { ReactNode } from 'react';\n\nexport interface RequireAuthProps\n{\n /**\n * Children to render if authenticated\n */\n children: ReactNode;\n\n /**\n * Path to redirect to if not authenticated\n * @default '/login'\n */\n redirectTo?: string;\n\n /**\n * Fallback UI to show instead of redirecting\n */\n fallback?: ReactNode;\n}\n\n/**\n * Require Authentication Guard\n *\n * Ensures user is logged in before rendering children\n *\n * @example\n * ```tsx\n * <RequireAuth redirectTo=\"/login\">\n * <DashboardContent />\n * </RequireAuth>\n * ```\n *\n * @example With fallback\n * ```tsx\n * <RequireAuth fallback={<LoginPrompt />}>\n * <PrivateContent />\n * </RequireAuth>\n * ```\n */\nexport async function RequireAuth({\n children,\n redirectTo = '/auth/login',\n fallback,\n}: RequireAuthProps)\n{\n const session = await getSession();\n\n if (!session)\n {\n if (fallback)\n {\n return <>{fallback}</>;\n }\n\n redirect(redirectTo);\n }\n\n return <>{children}</>;\n}","/**\n * Session helpers for Next.js\n *\n * Server-side only (uses next/headers)\n */\n\nimport { cookies } from 'next/headers.js';\nimport { sealSession, unsealSession, COOKIE_NAMES, getSessionTtl, parseDuration, type SessionData } from '@spfn/auth/server';\nimport { logger } from '@spfn/core/logger';\n\nexport type { SessionData };\n\n/**\n * Public session information (excludes sensitive data)\n */\nexport interface PublicSession\n{\n /** User ID */\n userId: string;\n}\n\n/**\n * Options for saveSession\n */\nexport interface SaveSessionOptions\n{\n /**\n * Session TTL (time to live)\n *\n * Supports:\n * - Number: seconds (e.g., 2592000)\n * - String: duration format ('30d', '12h', '45m', '3600s')\n *\n * If not provided, uses global configuration:\n * 1. Global config (configureAuth)\n * 2. Environment variable (SPFN_AUTH_SESSION_TTL)\n * 3. Default (7d)\n */\n maxAge?: number | string;\n\n /**\n * Remember me option\n *\n * When true, uses extended session duration (if configured)\n */\n remember?: boolean;\n}\n\n/**\n * Save session to HttpOnly cookie\n *\n * @param data - Session data to save\n * @param options - Session options (maxAge, remember)\n *\n * @example\n * ```typescript\n * // Use global configuration\n * await saveSession(sessionData);\n *\n * // Custom TTL with duration string\n * await saveSession(sessionData, { maxAge: '30d' });\n *\n * // Custom TTL in seconds\n * await saveSession(sessionData, { maxAge: 2592000 });\n *\n * // Remember me\n * await saveSession(sessionData, { remember: true });\n * ```\n */\nexport async function saveSession(\n data: SessionData,\n options?: SaveSessionOptions\n): Promise<void>\n{\n // Calculate maxAge\n let maxAge: number;\n\n if (options?.maxAge !== undefined)\n {\n // Custom maxAge provided\n maxAge = typeof options.maxAge === 'number'\n ? options.maxAge\n : parseDuration(options.maxAge);\n }\n else\n {\n // Use getSessionTtl for consistent configuration\n maxAge = getSessionTtl();\n }\n\n const token = await sealSession(data, maxAge);\n const cookieStore = await cookies();\n\n cookieStore.set(COOKIE_NAMES.SESSION, token, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n path: '/',\n maxAge\n });\n}\n\n/**\n * Get session from HttpOnly cookie\n *\n * Returns public session info only (excludes privateKey, algorithm, keyId)\n */\nexport async function getSession(): Promise<PublicSession | null>\n{\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get(COOKIE_NAMES.SESSION);\n\n if (!sessionCookie)\n {\n return null;\n }\n\n try\n {\n logger.debug('Validating session cookie', { cookie: sessionCookie.value });\n const session = await unsealSession(sessionCookie.value);\n // Return only public information\n return {\n userId: session.userId,\n };\n }\n catch (error)\n {\n console.error(error);\n\n // Session expired or invalid - log in dev mode\n // Note: Cannot delete cookies in Server Components (read-only)\n // Invalid cookies will be cleaned up on next login/logout via Route Handler or Server Action\n logger.debug('Session validation failed', {\n error: error instanceof Error ? error.message : String(error)\n });\n\n return null;\n }\n}\n\n/**\n * Clear session cookie\n */\nexport async function clearSession(): Promise<void>\n{\n const cookieStore = await cookies();\n cookieStore.delete(COOKIE_NAMES.SESSION);\n cookieStore.delete(COOKIE_NAMES.SESSION_KEY_ID);\n}\n","/**\n * RequireRole Guard Component\n *\n * Requires user to have at least one of the specified roles\n */\n\nimport { redirect } from 'next/navigation';\nimport { getSession } from '../session-helpers';\nimport { hasAnyRole } from './auth-utils';\nimport type { ReactNode } from 'react';\n\nexport interface RequireRoleProps\n{\n /**\n * Required role(s) - user must have at least one\n */\n roles: string | string[];\n\n /**\n * Children to render if user has required role\n */\n children: ReactNode;\n\n /**\n * Path to redirect to if user doesn't have role\n * @default '/unauthorized'\n */\n redirectTo?: string;\n\n /**\n * Fallback UI to show instead of redirecting\n */\n fallback?: ReactNode;\n}\n\n/**\n * Require Role Guard\n *\n * Ensures user has at least one of the specified roles\n *\n * @example Single role\n * ```tsx\n * <RequireRole roles=\"admin\">\n * <AdminPanel />\n * </RequireRole>\n * ```\n *\n * @example Multiple roles (OR condition)\n * ```tsx\n * <RequireRole roles={['admin', 'manager']}>\n * <ManagementDashboard />\n * </RequireRole>\n * ```\n *\n * @example With fallback\n * ```tsx\n * <RequireRole roles=\"admin\" fallback={<AccessDenied />}>\n * <AdminContent />\n * </RequireRole>\n * ```\n */\nexport async function RequireRole({\n roles,\n children,\n redirectTo = '/unauthorized',\n fallback,\n}: RequireRoleProps)\n{\n const session = await getSession();\n\n // Not authenticated\n if (!session)\n {\n if (fallback)\n {\n return <>{fallback}</>;\n }\n\n redirect('/login');\n }\n\n // Normalize to array\n const requiredRoles = Array.isArray(roles) ? roles : [roles];\n\n // Check if user has any of the required roles\n const hasRole = await hasAnyRole(requiredRoles);\n\n if (!hasRole)\n {\n if (fallback)\n {\n return <>{fallback}</>;\n }\n\n redirect(redirectTo);\n }\n\n return <>{children}</>;\n}","/**\n * Server-side auth utilities for guards\n *\n * Uses authApi to check permissions in real-time\n */\n\nimport { authApi } from '@spfn/auth';\nimport { authLogger } from '@spfn/auth/server';\n\n/**\n * Get current auth session with roles and permissions via API\n */\nasync function getAuthSessionData()\n{\n try\n {\n const session = await authApi.getAuthSession.call();\n authLogger.middleware.debug('Auth session retrieved', { name: session.role?.name });\n\n return session;\n }\n catch (error)\n {\n authLogger.middleware.error('Failed to get auth session', { error });\n return null;\n }\n}\n\n/**\n * Get user role\n */\nexport async function getUserRole(): Promise<string | null>\n{\n const session = await getAuthSessionData();\n return session?.role?.name || null;\n}\n\n/**\n * Get user permissions\n */\nexport async function getUserPermissions(): Promise<string[]>\n{\n const session = await getAuthSessionData();\n\n if (!session)\n {\n return [];\n }\n\n return session.permissions?.map((p: any) => p.name) || [];\n}\n\n/**\n * Check if user has any of the specified roles\n */\nexport async function hasAnyRole(requiredRoles: string[]): Promise<boolean>\n{\n const session = await getAuthSessionData();\n if (!session)\n {\n return false;\n }\n\n return requiredRoles.includes(session.role?.name);\n}\n\n/**\n * Check if user has any of the specified permissions\n */\nexport async function hasAnyPermission(requiredPermissions: string[]): Promise<boolean>\n{\n const session = await getAuthSessionData();\n\n if (!session)\n {\n return false;\n }\n\n const userPermissionNames = session.permissions?.map((p: any) => p.name) || [];\n return requiredPermissions.some(permission => userPermissionNames.includes(permission));\n}\n","/**\n * RequirePermission Guard Component\n *\n * Requires user to have at least one of the specified permissions\n */\n\nimport { redirect } from 'next/navigation';\nimport { getSession } from '../session-helpers';\nimport { hasAnyPermission } from './auth-utils';\nimport type { ReactNode } from 'react';\n\nexport interface RequirePermissionProps\n{\n /**\n * Required permission(s) - user must have at least one\n */\n permissions: string | string[];\n\n /**\n * Children to render if user has required permission\n */\n children: ReactNode;\n\n /**\n * Path to redirect to if user doesn't have permission\n * @default '/unauthorized'\n */\n redirectTo?: string;\n\n /**\n * Fallback UI to show instead of redirecting\n */\n fallback?: ReactNode;\n}\n\n/**\n * Require Permission Guard\n *\n * Ensures user has at least one of the specified permissions\n *\n * @example Single permission\n * ```tsx\n * <RequirePermission permissions=\"user:delete\">\n * <DeleteUserButton />\n * </RequirePermission>\n * ```\n *\n * @example Multiple permissions (OR condition)\n * ```tsx\n * <RequirePermission permissions={['user:delete', 'user:update']}>\n * <UserManagement />\n * </RequirePermission>\n * ```\n *\n * @example With fallback\n * ```tsx\n * <RequirePermission permissions=\"project:create\" fallback={<UpgradePrompt />}>\n * <CreateProject />\n * </RequirePermission>\n * ```\n */\nexport async function RequirePermission({\n permissions,\n children,\n redirectTo = '/unauthorized',\n fallback,\n}: RequirePermissionProps)\n{\n const session = await getSession();\n\n // Not authenticated\n if (!session)\n {\n if (fallback)\n {\n return <>{fallback}</>;\n }\n\n redirect('/login');\n }\n\n // Normalize to array\n const requiredPermissions = Array.isArray(permissions) ? permissions : [permissions];\n\n // Check if user has any of the required permissions\n const hasPermission = await hasAnyPermission(requiredPermissions);\n\n if (!hasPermission)\n {\n if (fallback)\n {\n return <>{fallback}</>;\n }\n\n redirect(redirectTo);\n }\n\n return <>{children}</>;\n}"],"mappings":";AAAA,OAAO;;;ACMP,SAAS,gBAAgB;;;ACAzB,SAAS,eAAe;AACxB,SAAS,aAAa,eAAe,cAAc,eAAe,qBAAuC;AACzG,SAAS,cAAc;AA6DvB,eAAsB,YAClB,MACA,SAEJ;AAEI,MAAI;AAEJ,MAAI,SAAS,WAAW,QACxB;AAEI,aAAS,OAAO,QAAQ,WAAW,WAC7B,QAAQ,SACR,cAAc,QAAQ,MAAM;AAAA,EACtC,OAEA;AAEI,aAAS,cAAc;AAAA,EAC3B;AAEA,QAAM,QAAQ,MAAM,YAAY,MAAM,MAAM;AAC5C,QAAM,cAAc,MAAM,QAAQ;AAElC,cAAY,IAAI,aAAa,SAAS,OAAO;AAAA,IACzC,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,IACV,MAAM;AAAA,IACN;AAAA,EACJ,CAAC;AACL;AAOA,eAAsB,aACtB;AACI,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,gBAAgB,YAAY,IAAI,aAAa,OAAO;AAE1D,MAAI,CAAC,eACL;AACI,WAAO;AAAA,EACX;AAEA,MACA;AACI,WAAO,MAAM,6BAA6B,EAAE,QAAQ,cAAc,MAAM,CAAC;AACzE,UAAM,UAAU,MAAM,cAAc,cAAc,KAAK;AAEvD,WAAO;AAAA,MACH,QAAQ,QAAQ;AAAA,IACpB;AAAA,EACJ,SACO,OACP;AACI,YAAQ,MAAM,KAAK;AAKnB,WAAO,MAAM,6BAA6B;AAAA,MACtC,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAED,WAAO;AAAA,EACX;AACJ;AAKA,eAAsB,eACtB;AACI,QAAM,cAAc,MAAM,QAAQ;AAClC,cAAY,OAAO,aAAa,OAAO;AACvC,cAAY,OAAO,aAAa,cAAc;AAClD;;;ADzFmB;AAZnB,eAAsB,YAAY;AAAA,EAC9B;AAAA,EACA,aAAa;AAAA,EACb;AACJ,GACA;AACI,QAAM,UAAU,MAAM,WAAW;AAEjC,MAAI,CAAC,SACL;AACI,QAAI,UACJ;AACI,aAAO,gCAAG,oBAAS;AAAA,IACvB;AAEA,aAAS,UAAU;AAAA,EACvB;AAEA,SAAO,gCAAG,UAAS;AACvB;;;AE7DA,SAAS,YAAAA,iBAAgB;;;ACAzB,SAAS,eAAe;AACxB,SAAS,kBAAkB;AAK3B,eAAe,qBACf;AACI,MACA;AACI,UAAM,UAAU,MAAM,QAAQ,eAAe,KAAK;AAClD,eAAW,WAAW,MAAM,0BAA0B,EAAE,MAAM,QAAQ,MAAM,KAAK,CAAC;AAElF,WAAO;AAAA,EACX,SACO,OACP;AACI,eAAW,WAAW,MAAM,8BAA8B,EAAE,MAAM,CAAC;AACnE,WAAO;AAAA,EACX;AACJ;AAKA,eAAsB,cACtB;AACI,QAAM,UAAU,MAAM,mBAAmB;AACzC,SAAO,SAAS,MAAM,QAAQ;AAClC;AAKA,eAAsB,qBACtB;AACI,QAAM,UAAU,MAAM,mBAAmB;AAEzC,MAAI,CAAC,SACL;AACI,WAAO,CAAC;AAAA,EACZ;AAEA,SAAO,QAAQ,aAAa,IAAI,CAAC,MAAW,EAAE,IAAI,KAAK,CAAC;AAC5D;AAKA,eAAsB,WAAW,eACjC;AACI,QAAM,UAAU,MAAM,mBAAmB;AACzC,MAAI,CAAC,SACL;AACI,WAAO;AAAA,EACX;AAEA,SAAO,cAAc,SAAS,QAAQ,MAAM,IAAI;AACpD;AAKA,eAAsB,iBAAiB,qBACvC;AACI,QAAM,UAAU,MAAM,mBAAmB;AAEzC,MAAI,CAAC,SACL;AACI,WAAO;AAAA,EACX;AAEA,QAAM,sBAAsB,QAAQ,aAAa,IAAI,CAAC,MAAW,EAAE,IAAI,KAAK,CAAC;AAC7E,SAAO,oBAAoB,KAAK,gBAAc,oBAAoB,SAAS,UAAU,CAAC;AAC1F;;;ADLmB,qBAAAC,WAAA,OAAAC,YAAA;AAdnB,eAAsB,YAAY;AAAA,EAC9B;AAAA,EACA;AAAA,EACA,aAAa;AAAA,EACb;AACJ,GACA;AACI,QAAM,UAAU,MAAM,WAAW;AAGjC,MAAI,CAAC,SACL;AACI,QAAI,UACJ;AACI,aAAO,gBAAAA,KAAAD,WAAA,EAAG,oBAAS;AAAA,IACvB;AAEA,IAAAE,UAAS,QAAQ;AAAA,EACrB;AAGA,QAAM,gBAAgB,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAG3D,QAAM,UAAU,MAAM,WAAW,aAAa;AAE9C,MAAI,CAAC,SACL;AACI,QAAI,UACJ;AACI,aAAO,gBAAAD,KAAAD,WAAA,EAAG,oBAAS;AAAA,IACvB;AAEA,IAAAE,UAAS,UAAU;AAAA,EACvB;AAEA,SAAO,gBAAAD,KAAAD,WAAA,EAAG,UAAS;AACvB;;;AE5FA,SAAS,YAAAG,iBAAgB;AAqEN,qBAAAC,WAAA,OAAAC,YAAA;AAdnB,eAAsB,kBAAkB;AAAA,EACpC;AAAA,EACA;AAAA,EACA,aAAa;AAAA,EACb;AACJ,GACA;AACI,QAAM,UAAU,MAAM,WAAW;AAGjC,MAAI,CAAC,SACL;AACI,QAAI,UACJ;AACI,aAAO,gBAAAA,KAAAD,WAAA,EAAG,oBAAS;AAAA,IACvB;AAEA,IAAAE,UAAS,QAAQ;AAAA,EACrB;AAGA,QAAM,sBAAsB,MAAM,QAAQ,WAAW,IAAI,cAAc,CAAC,WAAW;AAGnF,QAAM,gBAAgB,MAAM,iBAAiB,mBAAmB;AAEhE,MAAI,CAAC,eACL;AACI,QAAI,UACJ;AACI,aAAO,gBAAAD,KAAAD,WAAA,EAAG,oBAAS;AAAA,IACvB;AAEA,IAAAE,UAAS,UAAU;AAAA,EACvB;AAEA,SAAO,gBAAAD,KAAAD,WAAA,EAAG,UAAS;AACvB;","names":["redirect","Fragment","jsx","redirect","redirect","Fragment","jsx","redirect"]}
|