npm - @stackwright-pro/auth-nextjs - Versions diffs - 0.1.0 - Mend

@stackwright-pro/auth-nextjs 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,69 @@
+# @stackwright-pro/auth-nextjs
+Next.js adapter for Stackwright Pro authentication.
+## Installation
+```bash
+pnpm add @stackwright-pro/auth-nextjs
+```
+## Usage
+### Middleware (Route Protection)
+```typescript
+// middleware.ts
+import { createAuthMiddleware } from '@stackwright-pro/auth-nextjs';
+import { sessionManager, rbacEngine, authConfig } from './lib/auth';
+export default createAuthMiddleware({
+  authConfig,
+  sessionManager,
+  rbacEngine,
+  cookieName: 'my_session',
+  loginUrl: '/login',
+  unauthorizedUrl: '/403',
+});
+export const config = {
+  matcher: ['/((?!_next|api/auth|login).*)'],
+};
+```
+### Protected API Routes
+```typescript
+// pages/api/equipment/[id].ts
+import { protectedRoute } from '@stackwright-pro/auth-nextjs';
+import { sessionManager } from '@/lib/auth';
+export default protectedRoute(
+  async (req, res, session) => {
+    const equipment = await getEquipment(req.query.id);
+    res.json(equipment);
+  },
+  {
+    sessionManager,
+    roles: ['ANALYST', 'ADMIN'],
+  }
+);
+```
+### Cookie Utilities
+```typescript
+// pages/api/auth/login.ts
+import { setSessionCookie } from '@stackwright-pro/auth-nextjs';
+export default async function handler(req, res) {
+  const session = await authenticateUser(req.body);
+  const jwt = await sessionManager.serialize(session);
+  setSessionCookie(res, jwt, {
+    maxAge: 900, // 15 minutes
+  });
+  res.json({ success: true });
+}
+```

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,104 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { AuthConfig, SessionManager, RBACEngine, AuthSession, CookieOptions } from '@stackwright-pro/auth';
+export { AuthConfig, AuthSession, AuthUser } from '@stackwright-pro/auth';
+import { NextApiRequest, NextApiResponse } from 'next';
+interface MiddlewareConfig {
+    /**
+     * Auth configuration
+     */
+    authConfig: AuthConfig;
+    /**
+     * Session manager instance
+     */
+    sessionManager: SessionManager;
+    /**
+     * RBAC engine instance
+     */
+    rbacEngine: RBACEngine;
+    /**
+     * Cookie name for session (default: 'stackwright_session')
+     */
+    cookieName?: string;
+    /**
+     * URL to redirect to when authentication fails (default: '/login')
+     */
+    loginUrl?: string;
+    /**
+     * URL to redirect to when authorization fails (default: '/unauthorized')
+     */
+    unauthorizedUrl?: string;
+}
+/**
+ * Create Next.js middleware for authentication and authorization
+ *
+ * @example
+ * ```typescript
+ * // middleware.ts
+ * import { createAuthMiddleware } from '@stackwright-pro/auth-nextjs';
+ *
+ * export default createAuthMiddleware({
+ *   authConfig,
+ *   sessionManager,
+ *   rbacEngine,
+ * });
+ *
+ * export const config = {
+ *   matcher: ['/((?!_next|api/auth).*)'],
+ * };
+ * ```
+ */
+declare function createAuthMiddleware(config: MiddlewareConfig): (request: NextRequest) => Promise<NextResponse | undefined>;
+interface ProtectedRouteConfig {
+    /**
+     * Session manager for validating sessions
+     */
+    sessionManager: SessionManager;
+    /**
+     * Required roles (user must have ANY of these)
+     */
+    roles?: string[];
+    /**
+     * Required permissions (user must have ALL of these)
+     */
+    permissions?: string[];
+    /**
+     * Cookie name (default: 'stackwright_session')
+     */
+    cookieName?: string;
+}
+/**
+ * Handler function with authenticated session
+ */
+type AuthenticatedHandler<T = any> = (req: NextApiRequest, res: NextApiResponse<T>, session: AuthSession) => void | Promise<void>;
+/**
+ * Wrap API route with authentication/authorization
+ *
+ * @example
+ * ```typescript
+ * // pages/api/equipment/[id].ts
+ * export default protectedRoute(
+ *   async (req, res, session) => {
+ *     const equipment = await getEquipment(req.query.id);
+ *     res.json(equipment);
+ *   },
+ *   {
+ *     sessionManager,
+ *     roles: ['ANALYST', 'ADMIN'],
+ *   }
+ * );
+ * ```
+ */
+declare function protectedRoute<T = any>(handler: AuthenticatedHandler<T>, config: ProtectedRouteConfig): (req: NextApiRequest, res: NextApiResponse) => Promise<void>;
+/**
+ * Set session cookie in Next.js API response
+ */
+declare function setSessionCookie(res: NextApiResponse, sessionJwt: string, options?: CookieOptions): void;
+/**
+ * Clear session cookie in Next.js API response
+ */
+declare function clearSessionCookie(res: NextApiResponse, options?: Pick<CookieOptions, 'name' | 'domain' | 'path'>): void;
+export { type AuthenticatedHandler, type MiddlewareConfig, type ProtectedRouteConfig, clearSessionCookie, createAuthMiddleware, protectedRoute, setSessionCookie };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,104 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { AuthConfig, SessionManager, RBACEngine, AuthSession, CookieOptions } from '@stackwright-pro/auth';
+export { AuthConfig, AuthSession, AuthUser } from '@stackwright-pro/auth';
+import { NextApiRequest, NextApiResponse } from 'next';
+interface MiddlewareConfig {
+    /**
+     * Auth configuration
+     */
+    authConfig: AuthConfig;
+    /**
+     * Session manager instance
+     */
+    sessionManager: SessionManager;
+    /**
+     * RBAC engine instance
+     */
+    rbacEngine: RBACEngine;
+    /**
+     * Cookie name for session (default: 'stackwright_session')
+     */
+    cookieName?: string;
+    /**
+     * URL to redirect to when authentication fails (default: '/login')
+     */
+    loginUrl?: string;
+    /**
+     * URL to redirect to when authorization fails (default: '/unauthorized')
+     */
+    unauthorizedUrl?: string;
+}
+/**
+ * Create Next.js middleware for authentication and authorization
+ *
+ * @example
+ * ```typescript
+ * // middleware.ts
+ * import { createAuthMiddleware } from '@stackwright-pro/auth-nextjs';
+ *
+ * export default createAuthMiddleware({
+ *   authConfig,
+ *   sessionManager,
+ *   rbacEngine,
+ * });
+ *
+ * export const config = {
+ *   matcher: ['/((?!_next|api/auth).*)'],
+ * };
+ * ```
+ */
+declare function createAuthMiddleware(config: MiddlewareConfig): (request: NextRequest) => Promise<NextResponse | undefined>;
+interface ProtectedRouteConfig {
+    /**
+     * Session manager for validating sessions
+     */
+    sessionManager: SessionManager;
+    /**
+     * Required roles (user must have ANY of these)
+     */
+    roles?: string[];
+    /**
+     * Required permissions (user must have ALL of these)
+     */
+    permissions?: string[];
+    /**
+     * Cookie name (default: 'stackwright_session')
+     */
+    cookieName?: string;
+}
+/**
+ * Handler function with authenticated session
+ */
+type AuthenticatedHandler<T = any> = (req: NextApiRequest, res: NextApiResponse<T>, session: AuthSession) => void | Promise<void>;
+/**
+ * Wrap API route with authentication/authorization
+ *
+ * @example
+ * ```typescript
+ * // pages/api/equipment/[id].ts
+ * export default protectedRoute(
+ *   async (req, res, session) => {
+ *     const equipment = await getEquipment(req.query.id);
+ *     res.json(equipment);
+ *   },
+ *   {
+ *     sessionManager,
+ *     roles: ['ANALYST', 'ADMIN'],
+ *   }
+ * );
+ * ```
+ */
+declare function protectedRoute<T = any>(handler: AuthenticatedHandler<T>, config: ProtectedRouteConfig): (req: NextApiRequest, res: NextApiResponse) => Promise<void>;
+/**
+ * Set session cookie in Next.js API response
+ */
+declare function setSessionCookie(res: NextApiResponse, sessionJwt: string, options?: CookieOptions): void;
+/**
+ * Clear session cookie in Next.js API response
+ */
+declare function clearSessionCookie(res: NextApiResponse, options?: Pick<CookieOptions, 'name' | 'domain' | 'path'>): void;
+export { type AuthenticatedHandler, type MiddlewareConfig, type ProtectedRouteConfig, clearSessionCookie, createAuthMiddleware, protectedRoute, setSessionCookie };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,143 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  clearSessionCookie: () => clearSessionCookie,
+  createAuthMiddleware: () => createAuthMiddleware,
+  protectedRoute: () => protectedRoute,
+  setSessionCookie: () => setSessionCookie
+});
+module.exports = __toCommonJS(index_exports);
+// src/middleware.ts
+var import_server = require("next/server");
+function createAuthMiddleware(config) {
+  const {
+    sessionManager,
+    rbacEngine,
+    cookieName = "stackwright_session",
+    loginUrl = "/login",
+    unauthorizedUrl = "/unauthorized"
+  } = config;
+  return async function authMiddleware(request) {
+    const { pathname } = request.nextUrl;
+    if (rbacEngine.isPublicRoute(pathname)) {
+      return void 0;
+    }
+    const sessionCookie = request.cookies.get(cookieName);
+    let session = null;
+    if (sessionCookie) {
+      session = await sessionManager.deserialize(sessionCookie.value);
+    }
+    if (!session || sessionManager.isExpired(session)) {
+      const url = request.nextUrl.clone();
+      url.pathname = loginUrl;
+      url.searchParams.set("redirect", pathname);
+      return import_server.NextResponse.redirect(url);
+    }
+    if (!rbacEngine.canAccessRoute(session.user, pathname)) {
+      const url = request.nextUrl.clone();
+      url.pathname = unauthorizedUrl;
+      return import_server.NextResponse.redirect(url);
+    }
+    if (sessionManager.shouldRefresh(session)) {
+      const refreshed = await sessionManager.refreshSession(session);
+      const newJwt = await sessionManager.serialize(refreshed);
+      const response = import_server.NextResponse.next();
+      response.cookies.set(cookieName, newJwt, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        maxAge: 900
+        // 15 minutes
+      });
+      return response;
+    }
+    return void 0;
+  };
+}
+// src/api-helpers.ts
+function protectedRoute(handler, config) {
+  const {
+    sessionManager,
+    roles,
+    permissions,
+    cookieName = "stackwright_session"
+  } = config;
+  return async (req, res) => {
+    const sessionCookie = req.cookies[cookieName];
+    if (!sessionCookie) {
+      res.status(401).json({ error: "Not authenticated" });
+      return;
+    }
+    const session = await sessionManager.deserialize(sessionCookie);
+    if (!session || sessionManager.isExpired(session)) {
+      res.status(401).json({ error: "Session expired" });
+      return;
+    }
+    if (roles && roles.length > 0) {
+      const hasRole = roles.some((role) => session.user.roles.includes(role));
+      if (!hasRole) {
+        res.status(403).json({ error: "Insufficient permissions" });
+        return;
+      }
+    }
+    if (permissions && permissions.length > 0) {
+      const hasAllPermissions = permissions.every(
+        (permission) => session.user.permissions?.includes(permission)
+      );
+      if (!hasAllPermissions) {
+        res.status(403).json({ error: "Insufficient permissions" });
+        return;
+      }
+    }
+    await handler(req, res, session);
+  };
+}
+// src/cookie-utils.ts
+var import_auth = require("@stackwright-pro/auth");
+function setSessionCookie(res, sessionJwt, options = {}) {
+  const cookieName = options.name || "stackwright_session";
+  const maxAge = options.maxAge || 900;
+  const cookie = (0, import_auth.serializeCookie)(cookieName, sessionJwt, {
+    ...options,
+    maxAge,
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    sameSite: "lax"
+  });
+  res.setHeader("Set-Cookie", cookie);
+}
+function clearSessionCookie(res, options = {}) {
+  const cookieName = options.name || "stackwright_session";
+  const cookie = (0, import_auth.clearCookie)(cookieName, options);
+  res.setHeader("Set-Cookie", cookie);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  clearSessionCookie,
+  createAuthMiddleware,
+  protectedRoute,
+  setSessionCookie
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/middleware.ts","../src/api-helpers.ts","../src/cookie-utils.ts"],"sourcesContent":["export { createAuthMiddleware, type MiddlewareConfig } from './middleware.js';\nexport { \n protectedRoute, \n type ProtectedRouteConfig, \n type AuthenticatedHandler \n} from './api-helpers.js';\nexport { setSessionCookie, clearSessionCookie } from './cookie-utils.js';\n\n// Re-export commonly used types from core\nexport type { \n AuthUser, \n AuthSession, \n AuthConfig \n} from '@stackwright-pro/auth';\n","import { type NextRequest, NextResponse } from 'next/server';\nimport { SessionManager, RBACEngine, type AuthConfig, type AuthSession } from '@stackwright-pro/auth';\n\nexport interface MiddlewareConfig {\n /**\n * Auth configuration\n */\n authConfig: AuthConfig;\n \n /**\n * Session manager instance\n */\n sessionManager: SessionManager;\n \n /**\n * RBAC engine instance\n */\n rbacEngine: RBACEngine;\n \n /**\n * Cookie name for session (default: 'stackwright_session')\n */\n cookieName?: string;\n \n /**\n * URL to redirect to when authentication fails (default: '/login')\n */\n loginUrl?: string;\n \n /**\n * URL to redirect to when authorization fails (default: '/unauthorized')\n */\n unauthorizedUrl?: string;\n}\n\n/**\n * Create Next.js middleware for authentication and authorization\n * \n * @example\n * ```typescript\n * // middleware.ts\n * import { createAuthMiddleware } from '@stackwright-pro/auth-nextjs';\n * \n * export default createAuthMiddleware({\n * authConfig,\n * sessionManager,\n * rbacEngine,\n * });\n * \n * export const config = {\n * matcher: ['/((?!_next|api/auth).*)'],\n * };\n * ```\n */\nexport function createAuthMiddleware(config: MiddlewareConfig) {\n const {\n sessionManager,\n rbacEngine,\n cookieName = 'stackwright_session',\n loginUrl = '/login',\n unauthorizedUrl = '/unauthorized',\n } = config;\n \n return async function authMiddleware(\n request: NextRequest\n ): Promise<NextResponse | undefined> {\n const { pathname } = request.nextUrl;\n \n // Check if route is public\n if (rbacEngine.isPublicRoute(pathname)) {\n return undefined; // Continue to next middleware\n }\n \n // Extract session from cookie\n const sessionCookie = request.cookies.get(cookieName);\n let session: AuthSession | null = null;\n \n if (sessionCookie) {\n session = await sessionManager.deserialize(sessionCookie.value);\n }\n \n // Check if session is valid\n if (!session || sessionManager.isExpired(session)) {\n // Redirect to login\n const url = request.nextUrl.clone();\n url.pathname = loginUrl;\n url.searchParams.set('redirect', pathname);\n return NextResponse.redirect(url);\n }\n \n // Check if user can access route\n if (!rbacEngine.canAccessRoute(session.user, pathname)) {\n // Redirect to unauthorized\n const url = request.nextUrl.clone();\n url.pathname = unauthorizedUrl;\n return NextResponse.redirect(url);\n }\n \n // Refresh session if needed\n if (sessionManager.shouldRefresh(session)) {\n const refreshed = await sessionManager.refreshSession(session);\n const newJwt = await sessionManager.serialize(refreshed);\n \n const response = NextResponse.next();\n response.cookies.set(cookieName, newJwt, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'lax',\n maxAge: 900, // 15 minutes\n });\n \n return response;\n }\n \n // Allow request to continue\n return undefined;\n };\n}\n","import type { NextApiRequest, NextApiResponse } from 'next';\nimport { SessionManager, type AuthSession, type AuthUser } from '@stackwright-pro/auth';\n\nexport interface ProtectedRouteConfig {\n /**\n * Session manager for validating sessions\n */\n sessionManager: SessionManager;\n \n /**\n * Required roles (user must have ANY of these)\n */\n roles?: string[];\n \n /**\n * Required permissions (user must have ALL of these)\n */\n permissions?: string[];\n \n /**\n * Cookie name (default: 'stackwright_session')\n */\n cookieName?: string;\n}\n\n/**\n * Handler function with authenticated session\n */\nexport type AuthenticatedHandler<T = any> = (\n req: NextApiRequest,\n res: NextApiResponse<T>,\n session: AuthSession\n) => void | Promise<void>;\n\n/**\n * Wrap API route with authentication/authorization\n * \n * @example\n * ```typescript\n * // pages/api/equipment/[id].ts\n * export default protectedRoute(\n * async (req, res, session) => {\n * const equipment = await getEquipment(req.query.id);\n * res.json(equipment);\n * },\n * {\n * sessionManager,\n * roles: ['ANALYST', 'ADMIN'],\n * }\n * );\n * ```\n */\nexport function protectedRoute<T = any>(\n handler: AuthenticatedHandler<T>,\n config: ProtectedRouteConfig\n): (req: NextApiRequest, res: NextApiResponse) => Promise<void> {\n const {\n sessionManager,\n roles,\n permissions,\n cookieName = 'stackwright_session',\n } = config;\n \n return async (req: NextApiRequest, res: NextApiResponse) => {\n // Extract session from cookie\n const sessionCookie = req.cookies[cookieName];\n \n if (!sessionCookie) {\n res.status(401).json({ error: 'Not authenticated' } as any);\n return;\n }\n \n // Verify session\n const session = await sessionManager.deserialize(sessionCookie);\n \n if (!session || sessionManager.isExpired(session)) {\n res.status(401).json({ error: 'Session expired' } as any);\n return;\n }\n \n // Check roles\n if (roles && roles.length > 0) {\n const hasRole = roles.some(role => session.user.roles.includes(role));\n if (!hasRole) {\n res.status(403).json({ error: 'Insufficient permissions' } as any);\n return;\n }\n }\n \n // Check permissions\n if (permissions && permissions.length > 0) {\n const hasAllPermissions = permissions.every(permission =>\n session.user.permissions?.includes(permission)\n );\n if (!hasAllPermissions) {\n res.status(403).json({ error: 'Insufficient permissions' } as any);\n return;\n }\n }\n \n // Call handler with session\n await handler(req, res, session);\n };\n}\n","import type { NextApiResponse } from 'next';\nimport { serializeCookie, clearCookie, type CookieOptions } from '@stackwright-pro/auth';\n\n/**\n * Set session cookie in Next.js API response\n */\nexport function setSessionCookie(\n res: NextApiResponse,\n sessionJwt: string,\n options: CookieOptions = {}\n): void {\n const cookieName = options.name || 'stackwright_session';\n const maxAge = options.maxAge || 900; // 15 minutes default\n \n const cookie = serializeCookie(cookieName, sessionJwt, {\n ...options,\n maxAge,\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'lax',\n });\n \n res.setHeader('Set-Cookie', cookie);\n}\n\n/**\n * Clear session cookie in Next.js API response\n */\nexport function clearSessionCookie(\n res: NextApiResponse,\n options: Pick<CookieOptions, 'name' | 'domain' | 'path'> = {}\n): void {\n const cookieName = options.name || 'stackwright_session';\n \n const cookie = clearCookie(cookieName, options);\n \n res.setHeader('Set-Cookie', cookie);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,oBAA+C;AAsDxC,SAAS,qBAAqB,QAA0B;AAC7D,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,WAAW;AAAA,IACX,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,eAAe,eACpB,SACmC;AACnC,UAAM,EAAE,SAAS,IAAI,QAAQ;AAG7B,QAAI,WAAW,cAAc,QAAQ,GAAG;AACtC,aAAO;AAAA,IACT;AAGA,UAAM,gBAAgB,QAAQ,QAAQ,IAAI,UAAU;AACpD,QAAI,UAA8B;AAElC,QAAI,eAAe;AACjB,gBAAU,MAAM,eAAe,YAAY,cAAc,KAAK;AAAA,IAChE;AAGA,QAAI,CAAC,WAAW,eAAe,UAAU,OAAO,GAAG;AAEjD,YAAM,MAAM,QAAQ,QAAQ,MAAM;AAClC,UAAI,WAAW;AACf,UAAI,aAAa,IAAI,YAAY,QAAQ;AACzC,aAAO,2BAAa,SAAS,GAAG;AAAA,IAClC;AAGA,QAAI,CAAC,WAAW,eAAe,QAAQ,MAAM,QAAQ,GAAG;AAEtD,YAAM,MAAM,QAAQ,QAAQ,MAAM;AAClC,UAAI,WAAW;AACf,aAAO,2BAAa,SAAS,GAAG;AAAA,IAClC;AAGA,QAAI,eAAe,cAAc,OAAO,GAAG;AACzC,YAAM,YAAY,MAAM,eAAe,eAAe,OAAO;AAC7D,YAAM,SAAS,MAAM,eAAe,UAAU,SAAS;AAEvD,YAAM,WAAW,2BAAa,KAAK;AACnC,eAAS,QAAQ,IAAI,YAAY,QAAQ;AAAA,QACvC,UAAU;AAAA,QACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,QACjC,UAAU;AAAA,QACV,QAAQ;AAAA;AAAA,MACV,CAAC;AAED,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT;AACF;;;ACjEO,SAAS,eACd,SACA,QAC8D;AAC9D,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa;AAAA,EACf,IAAI;AAEJ,SAAO,OAAO,KAAqB,QAAyB;AAE1D,UAAM,gBAAgB,IAAI,QAAQ,UAAU;AAE5C,QAAI,CAAC,eAAe;AAClB,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,oBAAoB,CAAQ;AAC1D;AAAA,IACF;AAGA,UAAM,UAAU,MAAM,eAAe,YAAY,aAAa;AAE9D,QAAI,CAAC,WAAW,eAAe,UAAU,OAAO,GAAG;AACjD,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,kBAAkB,CAAQ;AACxD;AAAA,IACF;AAGA,QAAI,SAAS,MAAM,SAAS,GAAG;AAC7B,YAAM,UAAU,MAAM,KAAK,UAAQ,QAAQ,KAAK,MAAM,SAAS,IAAI,CAAC;AACpE,UAAI,CAAC,SAAS;AACZ,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,2BAA2B,CAAQ;AACjE;AAAA,MACF;AAAA,IACF;AAGA,QAAI,eAAe,YAAY,SAAS,GAAG;AACzC,YAAM,oBAAoB,YAAY;AAAA,QAAM,gBAC1C,QAAQ,KAAK,aAAa,SAAS,UAAU;AAAA,MAC/C;AACA,UAAI,CAAC,mBAAmB;AACtB,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,2BAA2B,CAAQ;AACjE;AAAA,MACF;AAAA,IACF;AAGA,UAAM,QAAQ,KAAK,KAAK,OAAO;AAAA,EACjC;AACF;;;ACtGA,kBAAiE;AAK1D,SAAS,iBACd,KACA,YACA,UAAyB,CAAC,GACpB;AACN,QAAM,aAAa,QAAQ,QAAQ;AACnC,QAAM,SAAS,QAAQ,UAAU;AAEjC,QAAM,aAAS,6BAAgB,YAAY,YAAY;AAAA,IACrD,GAAG;AAAA,IACH;AAAA,IACA,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,EACZ,CAAC;AAED,MAAI,UAAU,cAAc,MAAM;AACpC;AAKO,SAAS,mBACd,KACA,UAA2D,CAAC,GACtD;AACN,QAAM,aAAa,QAAQ,QAAQ;AAEnC,QAAM,aAAS,yBAAY,YAAY,OAAO;AAE9C,MAAI,UAAU,cAAc,MAAM;AACpC;","names":[]}

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,113 @@
+// src/middleware.ts
+import { NextResponse } from "next/server";
+function createAuthMiddleware(config) {
+  const {
+    sessionManager,
+    rbacEngine,
+    cookieName = "stackwright_session",
+    loginUrl = "/login",
+    unauthorizedUrl = "/unauthorized"
+  } = config;
+  return async function authMiddleware(request) {
+    const { pathname } = request.nextUrl;
+    if (rbacEngine.isPublicRoute(pathname)) {
+      return void 0;
+    }
+    const sessionCookie = request.cookies.get(cookieName);
+    let session = null;
+    if (sessionCookie) {
+      session = await sessionManager.deserialize(sessionCookie.value);
+    }
+    if (!session || sessionManager.isExpired(session)) {
+      const url = request.nextUrl.clone();
+      url.pathname = loginUrl;
+      url.searchParams.set("redirect", pathname);
+      return NextResponse.redirect(url);
+    }
+    if (!rbacEngine.canAccessRoute(session.user, pathname)) {
+      const url = request.nextUrl.clone();
+      url.pathname = unauthorizedUrl;
+      return NextResponse.redirect(url);
+    }
+    if (sessionManager.shouldRefresh(session)) {
+      const refreshed = await sessionManager.refreshSession(session);
+      const newJwt = await sessionManager.serialize(refreshed);
+      const response = NextResponse.next();
+      response.cookies.set(cookieName, newJwt, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        maxAge: 900
+        // 15 minutes
+      });
+      return response;
+    }
+    return void 0;
+  };
+}
+// src/api-helpers.ts
+function protectedRoute(handler, config) {
+  const {
+    sessionManager,
+    roles,
+    permissions,
+    cookieName = "stackwright_session"
+  } = config;
+  return async (req, res) => {
+    const sessionCookie = req.cookies[cookieName];
+    if (!sessionCookie) {
+      res.status(401).json({ error: "Not authenticated" });
+      return;
+    }
+    const session = await sessionManager.deserialize(sessionCookie);
+    if (!session || sessionManager.isExpired(session)) {
+      res.status(401).json({ error: "Session expired" });
+      return;
+    }
+    if (roles && roles.length > 0) {
+      const hasRole = roles.some((role) => session.user.roles.includes(role));
+      if (!hasRole) {
+        res.status(403).json({ error: "Insufficient permissions" });
+        return;
+      }
+    }
+    if (permissions && permissions.length > 0) {
+      const hasAllPermissions = permissions.every(
+        (permission) => session.user.permissions?.includes(permission)
+      );
+      if (!hasAllPermissions) {
+        res.status(403).json({ error: "Insufficient permissions" });
+        return;
+      }
+    }
+    await handler(req, res, session);
+  };
+}
+// src/cookie-utils.ts
+import { serializeCookie, clearCookie } from "@stackwright-pro/auth";
+function setSessionCookie(res, sessionJwt, options = {}) {
+  const cookieName = options.name || "stackwright_session";
+  const maxAge = options.maxAge || 900;
+  const cookie = serializeCookie(cookieName, sessionJwt, {
+    ...options,
+    maxAge,
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    sameSite: "lax"
+  });
+  res.setHeader("Set-Cookie", cookie);
+}
+function clearSessionCookie(res, options = {}) {
+  const cookieName = options.name || "stackwright_session";
+  const cookie = clearCookie(cookieName, options);
+  res.setHeader("Set-Cookie", cookie);
+}
+export {
+  clearSessionCookie,
+  createAuthMiddleware,
+  protectedRoute,
+  setSessionCookie
+};
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/middleware.ts","../src/api-helpers.ts","../src/cookie-utils.ts"],"sourcesContent":["import { type NextRequest, NextResponse } from 'next/server';\nimport { SessionManager, RBACEngine, type AuthConfig, type AuthSession } from '@stackwright-pro/auth';\n\nexport interface MiddlewareConfig {\n /**\n * Auth configuration\n */\n authConfig: AuthConfig;\n \n /**\n * Session manager instance\n */\n sessionManager: SessionManager;\n \n /**\n * RBAC engine instance\n */\n rbacEngine: RBACEngine;\n \n /**\n * Cookie name for session (default: 'stackwright_session')\n */\n cookieName?: string;\n \n /**\n * URL to redirect to when authentication fails (default: '/login')\n */\n loginUrl?: string;\n \n /**\n * URL to redirect to when authorization fails (default: '/unauthorized')\n */\n unauthorizedUrl?: string;\n}\n\n/**\n * Create Next.js middleware for authentication and authorization\n * \n * @example\n * ```typescript\n * // middleware.ts\n * import { createAuthMiddleware } from '@stackwright-pro/auth-nextjs';\n * \n * export default createAuthMiddleware({\n * authConfig,\n * sessionManager,\n * rbacEngine,\n * });\n * \n * export const config = {\n * matcher: ['/((?!_next|api/auth).*)'],\n * };\n * ```\n */\nexport function createAuthMiddleware(config: MiddlewareConfig) {\n const {\n sessionManager,\n rbacEngine,\n cookieName = 'stackwright_session',\n loginUrl = '/login',\n unauthorizedUrl = '/unauthorized',\n } = config;\n \n return async function authMiddleware(\n request: NextRequest\n ): Promise<NextResponse | undefined> {\n const { pathname } = request.nextUrl;\n \n // Check if route is public\n if (rbacEngine.isPublicRoute(pathname)) {\n return undefined; // Continue to next middleware\n }\n \n // Extract session from cookie\n const sessionCookie = request.cookies.get(cookieName);\n let session: AuthSession | null = null;\n \n if (sessionCookie) {\n session = await sessionManager.deserialize(sessionCookie.value);\n }\n \n // Check if session is valid\n if (!session || sessionManager.isExpired(session)) {\n // Redirect to login\n const url = request.nextUrl.clone();\n url.pathname = loginUrl;\n url.searchParams.set('redirect', pathname);\n return NextResponse.redirect(url);\n }\n \n // Check if user can access route\n if (!rbacEngine.canAccessRoute(session.user, pathname)) {\n // Redirect to unauthorized\n const url = request.nextUrl.clone();\n url.pathname = unauthorizedUrl;\n return NextResponse.redirect(url);\n }\n \n // Refresh session if needed\n if (sessionManager.shouldRefresh(session)) {\n const refreshed = await sessionManager.refreshSession(session);\n const newJwt = await sessionManager.serialize(refreshed);\n \n const response = NextResponse.next();\n response.cookies.set(cookieName, newJwt, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'lax',\n maxAge: 900, // 15 minutes\n });\n \n return response;\n }\n \n // Allow request to continue\n return undefined;\n };\n}\n","import type { NextApiRequest, NextApiResponse } from 'next';\nimport { SessionManager, type AuthSession, type AuthUser } from '@stackwright-pro/auth';\n\nexport interface ProtectedRouteConfig {\n /**\n * Session manager for validating sessions\n */\n sessionManager: SessionManager;\n \n /**\n * Required roles (user must have ANY of these)\n */\n roles?: string[];\n \n /**\n * Required permissions (user must have ALL of these)\n */\n permissions?: string[];\n \n /**\n * Cookie name (default: 'stackwright_session')\n */\n cookieName?: string;\n}\n\n/**\n * Handler function with authenticated session\n */\nexport type AuthenticatedHandler<T = any> = (\n req: NextApiRequest,\n res: NextApiResponse<T>,\n session: AuthSession\n) => void | Promise<void>;\n\n/**\n * Wrap API route with authentication/authorization\n * \n * @example\n * ```typescript\n * // pages/api/equipment/[id].ts\n * export default protectedRoute(\n * async (req, res, session) => {\n * const equipment = await getEquipment(req.query.id);\n * res.json(equipment);\n * },\n * {\n * sessionManager,\n * roles: ['ANALYST', 'ADMIN'],\n * }\n * );\n * ```\n */\nexport function protectedRoute<T = any>(\n handler: AuthenticatedHandler<T>,\n config: ProtectedRouteConfig\n): (req: NextApiRequest, res: NextApiResponse) => Promise<void> {\n const {\n sessionManager,\n roles,\n permissions,\n cookieName = 'stackwright_session',\n } = config;\n \n return async (req: NextApiRequest, res: NextApiResponse) => {\n // Extract session from cookie\n const sessionCookie = req.cookies[cookieName];\n \n if (!sessionCookie) {\n res.status(401).json({ error: 'Not authenticated' } as any);\n return;\n }\n \n // Verify session\n const session = await sessionManager.deserialize(sessionCookie);\n \n if (!session || sessionManager.isExpired(session)) {\n res.status(401).json({ error: 'Session expired' } as any);\n return;\n }\n \n // Check roles\n if (roles && roles.length > 0) {\n const hasRole = roles.some(role => session.user.roles.includes(role));\n if (!hasRole) {\n res.status(403).json({ error: 'Insufficient permissions' } as any);\n return;\n }\n }\n \n // Check permissions\n if (permissions && permissions.length > 0) {\n const hasAllPermissions = permissions.every(permission =>\n session.user.permissions?.includes(permission)\n );\n if (!hasAllPermissions) {\n res.status(403).json({ error: 'Insufficient permissions' } as any);\n return;\n }\n }\n \n // Call handler with session\n await handler(req, res, session);\n };\n}\n","import type { NextApiResponse } from 'next';\nimport { serializeCookie, clearCookie, type CookieOptions } from '@stackwright-pro/auth';\n\n/**\n * Set session cookie in Next.js API response\n */\nexport function setSessionCookie(\n res: NextApiResponse,\n sessionJwt: string,\n options: CookieOptions = {}\n): void {\n const cookieName = options.name || 'stackwright_session';\n const maxAge = options.maxAge || 900; // 15 minutes default\n \n const cookie = serializeCookie(cookieName, sessionJwt, {\n ...options,\n maxAge,\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'lax',\n });\n \n res.setHeader('Set-Cookie', cookie);\n}\n\n/**\n * Clear session cookie in Next.js API response\n */\nexport function clearSessionCookie(\n res: NextApiResponse,\n options: Pick<CookieOptions, 'name' | 'domain' | 'path'> = {}\n): void {\n const cookieName = options.name || 'stackwright_session';\n \n const cookie = clearCookie(cookieName, options);\n \n res.setHeader('Set-Cookie', cookie);\n}\n"],"mappings":";AAAA,SAA2B,oBAAoB;AAsDxC,SAAS,qBAAqB,QAA0B;AAC7D,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,WAAW;AAAA,IACX,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,eAAe,eACpB,SACmC;AACnC,UAAM,EAAE,SAAS,IAAI,QAAQ;AAG7B,QAAI,WAAW,cAAc,QAAQ,GAAG;AACtC,aAAO;AAAA,IACT;AAGA,UAAM,gBAAgB,QAAQ,QAAQ,IAAI,UAAU;AACpD,QAAI,UAA8B;AAElC,QAAI,eAAe;AACjB,gBAAU,MAAM,eAAe,YAAY,cAAc,KAAK;AAAA,IAChE;AAGA,QAAI,CAAC,WAAW,eAAe,UAAU,OAAO,GAAG;AAEjD,YAAM,MAAM,QAAQ,QAAQ,MAAM;AAClC,UAAI,WAAW;AACf,UAAI,aAAa,IAAI,YAAY,QAAQ;AACzC,aAAO,aAAa,SAAS,GAAG;AAAA,IAClC;AAGA,QAAI,CAAC,WAAW,eAAe,QAAQ,MAAM,QAAQ,GAAG;AAEtD,YAAM,MAAM,QAAQ,QAAQ,MAAM;AAClC,UAAI,WAAW;AACf,aAAO,aAAa,SAAS,GAAG;AAAA,IAClC;AAGA,QAAI,eAAe,cAAc,OAAO,GAAG;AACzC,YAAM,YAAY,MAAM,eAAe,eAAe,OAAO;AAC7D,YAAM,SAAS,MAAM,eAAe,UAAU,SAAS;AAEvD,YAAM,WAAW,aAAa,KAAK;AACnC,eAAS,QAAQ,IAAI,YAAY,QAAQ;AAAA,QACvC,UAAU;AAAA,QACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,QACjC,UAAU;AAAA,QACV,QAAQ;AAAA;AAAA,MACV,CAAC;AAED,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT;AACF;;;ACjEO,SAAS,eACd,SACA,QAC8D;AAC9D,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa;AAAA,EACf,IAAI;AAEJ,SAAO,OAAO,KAAqB,QAAyB;AAE1D,UAAM,gBAAgB,IAAI,QAAQ,UAAU;AAE5C,QAAI,CAAC,eAAe;AAClB,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,oBAAoB,CAAQ;AAC1D;AAAA,IACF;AAGA,UAAM,UAAU,MAAM,eAAe,YAAY,aAAa;AAE9D,QAAI,CAAC,WAAW,eAAe,UAAU,OAAO,GAAG;AACjD,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,kBAAkB,CAAQ;AACxD;AAAA,IACF;AAGA,QAAI,SAAS,MAAM,SAAS,GAAG;AAC7B,YAAM,UAAU,MAAM,KAAK,UAAQ,QAAQ,KAAK,MAAM,SAAS,IAAI,CAAC;AACpE,UAAI,CAAC,SAAS;AACZ,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,2BAA2B,CAAQ;AACjE;AAAA,MACF;AAAA,IACF;AAGA,QAAI,eAAe,YAAY,SAAS,GAAG;AACzC,YAAM,oBAAoB,YAAY;AAAA,QAAM,gBAC1C,QAAQ,KAAK,aAAa,SAAS,UAAU;AAAA,MAC/C;AACA,UAAI,CAAC,mBAAmB;AACtB,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,2BAA2B,CAAQ;AACjE;AAAA,MACF;AAAA,IACF;AAGA,UAAM,QAAQ,KAAK,KAAK,OAAO;AAAA,EACjC;AACF;;;ACtGA,SAAS,iBAAiB,mBAAuC;AAK1D,SAAS,iBACd,KACA,YACA,UAAyB,CAAC,GACpB;AACN,QAAM,aAAa,QAAQ,QAAQ;AACnC,QAAM,SAAS,QAAQ,UAAU;AAEjC,QAAM,SAAS,gBAAgB,YAAY,YAAY;AAAA,IACrD,GAAG;AAAA,IACH;AAAA,IACA,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,EACZ,CAAC;AAED,MAAI,UAAU,cAAc,MAAM;AACpC;AAKO,SAAS,mBACd,KACA,UAA2D,CAAC,GACtD;AACN,QAAM,aAAa,QAAQ,QAAQ;AAEnC,QAAM,SAAS,YAAY,YAAY,OAAO;AAE9C,MAAI,UAAU,cAAc,MAAM;AACpC;","names":[]}

package/package.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "name": "@stackwright-pro/auth-nextjs",
+  "version": "0.1.0",
+  "description": "Next.js adapter for Stackwright Pro authentication",
+  "license": "PROPRIETARY",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@stackwright-pro/auth": "0.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^25.4.0",
+    "tsup": "^8.5.1",
+    "typescript": "^5.8.3",
+    "vitest": "^4.0.18"
+  },
+  "peerDependencies": {
+    "next": ">=14.0.0",
+    "react": "^19",
+    "react-dom": "^19"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  }
+}