@tern-secure/backend 1.0.1 → 1.1.2

package/dist/esm/admin/sessionTernSecure.js

@@ -0,0 +1,226 @@
+"use server";
+import { cookies } from "next/headers";
+import { adminTernSecureAuth as adminAuth } from "../utils/admin-init";
+import { handleFirebaseAuthError } from "@tern-secure/types";
+const SESSION_CONSTANTS = {
+  COOKIE_NAME: "_session_cookie",
+  DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1e3,
+  // 5 days
+  DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5
+};
+const COOKIE_OPTIONS = {
+  httpOnly: true,
+  secure: process.env.NODE_ENV === "production",
+  sameSite: "strict",
+  path: "/"
+};
+async function createSessionCookie(params) {
+  try {
+    const idToken = typeof params === "string" ? params : params.idToken;
+    if (!idToken) {
+      const error = new Error("ID token is required for session creation");
+      console.error("[createSessionCookie] Missing ID token:", error);
+      return {
+        success: false,
+        message: "ID token is required",
+        error: "INVALID_TOKEN",
+        cookieSet: false
+      };
+    }
+    let decodedToken;
+    try {
+      decodedToken = await adminAuth.verifyIdToken(idToken);
+    } catch (verifyError) {
+      console.error("[createSessionCookie] ID token verification failed:", verifyError);
+      const authError = handleFirebaseAuthError(verifyError);
+      return {
+        success: false,
+        message: authError.message,
+        error: authError.code,
+        cookieSet: false
+      };
+    }
+    if (!decodedToken) {
+      const error = new Error("Invalid ID token - verification returned null");
+      console.error("[createSessionCookie] Token verification returned null:", error);
+      return {
+        success: false,
+        message: "Invalid ID token",
+        error: "INVALID_TOKEN",
+        cookieSet: false
+      };
+    }
+    let sessionCookie;
+    try {
+      sessionCookie = await adminAuth.createSessionCookie(idToken, {
+        expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_MS
+      });
+    } catch (sessionError) {
+      console.error("[createSessionCookie] Firebase session cookie creation failed:", sessionError);
+      const authError = handleFirebaseAuthError(sessionError);
+      return {
+        success: false,
+        message: authError.message,
+        error: authError.code,
+        cookieSet: false
+      };
+    }
+    let cookieSetSuccessfully = false;
+    try {
+      const cookieStore = await cookies();
+      cookieStore.set(SESSION_CONSTANTS.COOKIE_NAME, sessionCookie, {
+        maxAge: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,
+        ...COOKIE_OPTIONS
+      });
+      const verifySetCookie = cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);
+      cookieSetSuccessfully = !!(verifySetCookie == null ? void 0 : verifySetCookie.value);
+      if (!cookieSetSuccessfully) {
+        const error = new Error("Session cookie was not set successfully");
+        console.error("[createSessionCookie] Cookie verification failed:", error);
+        throw error;
+      }
+    } catch (cookieError) {
+      console.error("[createSessionCookie] Failed to set session cookie:", cookieError);
+      return {
+        success: false,
+        message: "Failed to set session cookie",
+        error: "COOKIE_SET_FAILED",
+        cookieSet: false
+      };
+    }
+    console.log(`[createSessionCookie] Session cookie created successfully for user: ${decodedToken.uid}`);
+    return {
+      success: true,
+      message: "Session created successfully",
+      expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,
+      cookieSet: cookieSetSuccessfully
+    };
+  } catch (error) {
+    console.error("[createSessionCookie] Unexpected error:", error);
+    const authError = handleFirebaseAuthError(error);
+    return {
+      success: false,
+      message: authError.message || "Failed to create session",
+      error: authError.code || "INTERNAL_ERROR",
+      cookieSet: false
+    };
+  }
+}
+async function getServerSessionCookie() {
+  var _a;
+  const cookieStore = await cookies();
+  const sessionCookie = (_a = cookieStore.get("_session_cookie")) == null ? void 0 : _a.value;
+  if (!sessionCookie) {
+    throw new Error("No session cookie found");
+  }
+  try {
+    const decondeClaims = await adminAuth.verifySessionCookie(sessionCookie, true);
+    return {
+      token: sessionCookie,
+      userId: decondeClaims.uid
+    };
+  } catch (error) {
+    console.error("Error verifying session:", error);
+    throw new Error("Invalid Session");
+  }
+}
+async function getIdToken() {
+  var _a;
+  const cookieStore = await cookies();
+  const token = (_a = cookieStore.get("_session_token")) == null ? void 0 : _a.value;
+  if (!token) {
+    throw new Error("No session cookie found");
+  }
+  try {
+    const decodedClaims = await adminAuth.verifyIdToken(token);
+    return {
+      token,
+      userId: decodedClaims.uid
+    };
+  } catch (error) {
+    console.error("Error verifying session:", error);
+    throw new Error("Invalid Session");
+  }
+}
+async function setServerSession(token) {
+  try {
+    const cookieStore = await cookies();
+    cookieStore.set("_session_token", token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "strict",
+      maxAge: 60 * 60,
+      // 1 hour
+      path: "/"
+    });
+    return { success: true, message: "Session created" };
+  } catch {
+    return { success: false, message: "Failed to create session" };
+  }
+}
+async function verifyTernIdToken(token) {
+  try {
+    const decodedToken = await adminAuth.verifyIdToken(token);
+    return {
+      valid: true,
+      uid: decodedToken.uid,
+      email: decodedToken.email || null,
+      authTime: decodedToken.auth_time
+    };
+  } catch (error) {
+    const errorResponse = handleFirebaseAuthError(error);
+    return {
+      valid: false,
+      uid: null,
+      email: null,
+      error: errorResponse
+    };
+  }
+}
+async function verifyTernSessionCookie(session) {
+  try {
+    const res = await adminAuth.verifySessionCookie(session);
+    return {
+      valid: true,
+      uid: res.uid,
+      email: res.email || null,
+      authTime: res.auth_time
+    };
+  } catch (error) {
+    const errorResponse = handleFirebaseAuthError(error);
+    return {
+      valid: false,
+      uid: null,
+      email: null,
+      error: errorResponse
+    };
+  }
+}
+async function clearSessionCookie() {
+  var _a;
+  const cookieStore = await cookies();
+  cookieStore.delete("_session_cookie");
+  cookieStore.delete("_session_token");
+  cookieStore.delete("_session");
+  try {
+    const sessionCookie = (_a = cookieStore.get("_session_cookie")) == null ? void 0 : _a.value;
+    if (sessionCookie) {
+      const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie);
+      await adminAuth.revokeRefreshTokens(decodedClaims.uid);
+    }
+    return { success: true, message: "Session cleared successfully" };
+  } catch (error) {
+    console.error("Error clearing session:", error);
+    return { success: true, message: "Session cookies cleared" };
+  }
+}
+export {
+  clearSessionCookie,
+  createSessionCookie,
+  getIdToken,
+  getServerSessionCookie,
+  setServerSession,
+  verifyTernIdToken,
+  verifyTernSessionCookie
+};
+//# sourceMappingURL=sessionTernSecure.js.map

package/dist/esm/admin/sessionTernSecure.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/admin/sessionTernSecure.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport { adminTernSecureAuth as adminAuth } from '../utils/admin-init';\r\nimport { handleFirebaseAuthError, type AuthErrorResponse, type SessionParams, type SessionResult } from '@tern-secure/types';\r\n\r\ninterface FirebaseAuthError extends Error {\r\n  code?: string;\r\n}\r\n\r\nexport interface User {\r\n    uid: string | null;\r\n    email: string | null;\r\n  }\r\n\r\nexport interface Session {\r\n    user: User | null;\r\n    token: string | null;\r\n    error: Error | null;\r\n}\r\n\r\ninterface TernVerificationResult extends User {\r\n  valid: boolean\r\n  authTime?: number\r\n  error?: AuthErrorResponse\r\n}\r\n\r\n\r\n// DRY Constants\r\nconst SESSION_CONSTANTS = {\r\n  COOKIE_NAME: '_session_cookie',\r\n  DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1000, // 5 days\r\n  DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5,\r\n} as const;\r\n\r\nconst COOKIE_OPTIONS = {\r\n  httpOnly: true,\r\n  secure: process.env.NODE_ENV === 'production',\r\n  sameSite: 'strict' as const,\r\n  path: '/',\r\n} as const;\r\n\r\n\r\n\r\nexport async function createSessionCookie(params: SessionParams | string): Promise<SessionResult> {\r\n  try {\r\n    // Handle both old string format and new object format for backward compatibility\r\n    const idToken = typeof params === 'string' ? params : params.idToken;\r\n    \r\n    if (!idToken) {\r\n      const error = new Error('ID token is required for session creation');\r\n      console.error('[createSessionCookie] Missing ID token:', error);\r\n      return {\r\n        success: false,\r\n        message: 'ID token is required',\r\n        error: 'INVALID_TOKEN',\r\n        cookieSet: false\r\n      };\r\n    }\r\n\r\n    // Verify the ID token first\r\n    let decodedToken;\r\n    try {\r\n      decodedToken = await adminAuth.verifyIdToken(idToken);\r\n    } catch (verifyError) {\r\n      console.error('[createSessionCookie] ID token verification failed:', verifyError);\r\n      const authError = handleFirebaseAuthError(verifyError);\r\n      return {\r\n        success: false,\r\n        message: authError.message,\r\n        error: authError.code,\r\n        cookieSet: false\r\n      };\r\n    }\r\n    \r\n    if (!decodedToken) {\r\n      const error = new Error('Invalid ID token - verification returned null');\r\n      console.error('[createSessionCookie] Token verification returned null:', error);\r\n      return {\r\n        success: false,\r\n        message: 'Invalid ID token',\r\n        error: 'INVALID_TOKEN',\r\n        cookieSet: false\r\n      };\r\n    }\r\n\r\n    // Create session cookie\r\n    let sessionCookie;\r\n    try {\r\n      sessionCookie = await adminAuth.createSessionCookie(idToken, { \r\n        expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_MS \r\n      });\r\n    } catch (sessionError) {\r\n      console.error('[createSessionCookie] Firebase session cookie creation failed:', sessionError);\r\n      const authError = handleFirebaseAuthError(sessionError);\r\n      return {\r\n        success: false,\r\n        message: authError.message,\r\n        error: authError.code,\r\n        cookieSet: false\r\n      };\r\n    }\r\n\r\n    // Set the cookie and verify it was set\r\n    let cookieSetSuccessfully = false;\r\n    try {\r\n      const cookieStore = await cookies();\r\n      cookieStore.set(SESSION_CONSTANTS.COOKIE_NAME, sessionCookie, {\r\n        maxAge: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,\r\n        ...COOKIE_OPTIONS,\r\n      });\r\n\r\n      // Verify the cookie was actually set\r\n      const verifySetCookie = cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);\r\n      cookieSetSuccessfully = !!verifySetCookie?.value;\r\n      \r\n      if (!cookieSetSuccessfully) {\r\n        const error = new Error('Session cookie was not set successfully');\r\n        console.error('[createSessionCookie] Cookie verification failed:', error);\r\n        throw error;\r\n      }\r\n\r\n    } catch (cookieError) {\r\n      console.error('[createSessionCookie] Failed to set session cookie:', cookieError);\r\n      return {\r\n        success: false,\r\n        message: 'Failed to set session cookie',\r\n        error: 'COOKIE_SET_FAILED',\r\n        cookieSet: false\r\n      };\r\n    }\r\n\r\n    console.log(`[createSessionCookie] Session cookie created successfully for user: ${decodedToken.uid}`);\r\n    return {\r\n      success: true,\r\n      message: 'Session created successfully',\r\n      expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,\r\n      cookieSet: cookieSetSuccessfully\r\n    };\r\n\r\n  } catch (error) {\r\n    console.error('[createSessionCookie] Unexpected error:', error);\r\n    const authError = handleFirebaseAuthError(error);\r\n    return {\r\n      success: false,\r\n      message: authError.message || 'Failed to create session',\r\n      error: authError.code || 'INTERNAL_ERROR',\r\n      cookieSet: false\r\n    };\r\n  }\r\n}\r\n\r\n\r\n\r\nexport async function getServerSessionCookie() {\r\n  const cookieStore = await cookies();\r\n  const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n\r\n  if (!sessionCookie) {\r\n    throw new Error('No session cookie found')\r\n  }\r\n    \r\n  try {\r\n    const decondeClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n    return {\r\n      token: sessionCookie,\r\n      userId: decondeClaims.uid\r\n    }\r\n  } catch (error) {\r\n    console.error('Error verifying session:', error)\r\n    throw new Error('Invalid Session')\r\n  }\r\n}\r\n\r\n\r\nexport async function getIdToken() {\r\n  const cookieStore = await cookies();\r\n  const token = cookieStore.get('_session_token')?.value;\r\n\r\n  if (!token) {\r\n    throw new Error('No session cookie found')\r\n  }\r\n    \r\n  try {\r\n    const decodedClaims = await adminAuth.verifyIdToken(token)\r\n    return {\r\n      token: token,\r\n      userId: decodedClaims.uid\r\n    }\r\n  } catch (error) {\r\n    console.error('Error verifying session:', error)\r\n    throw new Error('Invalid Session')\r\n  }\r\n}\r\n\r\nexport async function setServerSession(token: string) {\r\n  try {\r\n    const cookieStore = await cookies();\r\n    cookieStore.set('_session_token', token, {\r\n      httpOnly: true,\r\n      secure: process.env.NODE_ENV === 'production',\r\n      sameSite: 'strict',\r\n      maxAge: 60 * 60, // 1 hour\r\n      path: '/',\r\n    });\r\n    return { success: true, message: 'Session created' };\r\n  } catch {\r\n    return { success: false, message: 'Failed to create session' };\r\n  }\r\n}\r\n\r\n  export async function verifyTernIdToken(token: string): Promise<TernVerificationResult> {\r\n    try {\r\n      const decodedToken = await adminAuth.verifyIdToken(token);\r\n      return {\r\n        valid: true,\r\n        uid: decodedToken.uid,\r\n        email: decodedToken.email || null,\r\n        authTime: decodedToken.auth_time\r\n      };\r\n    } catch (error) {\r\n      const errorResponse = handleFirebaseAuthError(error)\r\n      return {\r\n        valid: false,\r\n        uid: null,\r\n        email: null,\r\n        error: errorResponse\r\n      };\r\n    }\r\n  }\r\n  \r\n\r\n  export async function verifyTernSessionCookie(session: string): Promise<TernVerificationResult>{\r\n    try {\r\n      const res = await adminAuth.verifySessionCookie(session);\r\n      return { \r\n          valid: true, \r\n          uid: res.uid,\r\n          email: res.email || null,\r\n          authTime: res.auth_time\r\n        };\r\n    } catch (error) {\r\n      const errorResponse = handleFirebaseAuthError(error)\r\n      return {\r\n        valid: false, \r\n        uid: null,\r\n        email: null,\r\n        error: errorResponse\r\n      };\r\n    }\r\n  }\r\n\r\n\r\n  export async function clearSessionCookie() {\r\n    const cookieStore = await cookies()\r\n    \r\n    cookieStore.delete('_session_cookie')\r\n    cookieStore.delete('_session_token')\r\n    cookieStore.delete('_session')\r\n  \r\n    try {\r\n      // Verify if there's an active session before revoking\r\n      const sessionCookie = cookieStore.get('_session_cookie')?.value\r\n      if (sessionCookie) {\r\n        // Get the decoded claims to get the user's ID\r\n        const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie)\r\n        \r\n        // Revoke all sessions for the user\r\n        await adminAuth.revokeRefreshTokens(decodedClaims.uid)\r\n      }\r\n      \r\n      return { success: true, message: 'Session cleared successfully' }\r\n    } catch (error) {\r\n      console.error('Error clearing session:', error)\r\n      // Still return success even if revoking fails, as cookies are cleared\r\n      return { success: true, message: 'Session cookies cleared' }\r\n    }\r\n  }\r\n\r\n\r\n\r\n/*\r\n  export async function GET(request: NextRequest) {\r\n    const cookieStore = await cookies();\r\n    const sessionCookie = cookieStore.get('session')?.value\r\n  \r\n    if (!sessionCookie) {\r\n      return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n    }\r\n  \r\n    try {\r\n      const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n      return NextResponse.json({ isAuthenticated: true, user: decodedClaims }, { status: 200 })\r\n    } catch (error) {\r\n      console.error('Error verifying session cookie:', error)\r\n      return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n    }\r\n  }\r\n\r\n*/"],"mappings":";AAEA,SAAS,eAAe;AACxB,SAAS,uBAAuB,iBAAiB;AACjD,SAAS,+BAA+F;AAyBxG,MAAM,oBAAoB;AAAA,EACxB,aAAa;AAAA,EACb,uBAAuB,KAAK,KAAK,KAAK,IAAI;AAAA;AAAA,EAC1C,4BAA4B,KAAK,KAAK,KAAK;AAC7C;AAEA,MAAM,iBAAiB;AAAA,EACrB,UAAU;AAAA,EACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,MAAM;AACR;AAIA,eAAsB,oBAAoB,QAAwD;AAChG,MAAI;AAEF,UAAM,UAAU,OAAO,WAAW,WAAW,SAAS,OAAO;AAE7D,QAAI,CAAC,SAAS;AACZ,YAAM,QAAQ,IAAI,MAAM,2CAA2C;AACnE,cAAQ,MAAM,2CAA2C,KAAK;AAC9D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,OAAO;AAAA,QACP,WAAW;AAAA,MACb;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,qBAAe,MAAM,UAAU,cAAc,OAAO;AAAA,IACtD,SAAS,aAAa;AACpB,cAAQ,MAAM,uDAAuD,WAAW;AAChF,YAAM,YAAY,wBAAwB,WAAW;AACrD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,QACjB,WAAW;AAAA,MACb;AAAA,IACF;AAEA,QAAI,CAAC,cAAc;AACjB,YAAM,QAAQ,IAAI,MAAM,+CAA+C;AACvE,cAAQ,MAAM,2DAA2D,KAAK;AAC9E,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,OAAO;AAAA,QACP,WAAW;AAAA,MACb;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,sBAAgB,MAAM,UAAU,oBAAoB,SAAS;AAAA,QAC3D,WAAW,kBAAkB;AAAA,MAC/B,CAAC;AAAA,IACH,SAAS,cAAc;AACrB,cAAQ,MAAM,kEAAkE,YAAY;AAC5F,YAAM,YAAY,wBAAwB,YAAY;AACtD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,QACjB,WAAW;AAAA,MACb;AAAA,IACF;AAGA,QAAI,wBAAwB;AAC5B,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ;AAClC,kBAAY,IAAI,kBAAkB,aAAa,eAAe;AAAA,QAC5D,QAAQ,kBAAkB;AAAA,QAC1B,GAAG;AAAA,MACL,CAAC;AAGD,YAAM,kBAAkB,YAAY,IAAI,kBAAkB,WAAW;AACrE,8BAAwB,CAAC,EAAC,mDAAiB;AAE3C,UAAI,CAAC,uBAAuB;AAC1B,cAAM,QAAQ,IAAI,MAAM,yCAAyC;AACjE,gBAAQ,MAAM,qDAAqD,KAAK;AACxE,cAAM;AAAA,MACR;AAAA,IAEF,SAAS,aAAa;AACpB,cAAQ,MAAM,uDAAuD,WAAW;AAChF,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,OAAO;AAAA,QACP,WAAW;AAAA,MACb;AAAA,IACF;AAEA,YAAQ,IAAI,uEAAuE,aAAa,GAAG,EAAE;AACrG,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,WAAW,kBAAkB;AAAA,MAC7B,WAAW;AAAA,IACb;AAAA,EAEF,SAAS,OAAO;AACd,YAAQ,MAAM,2CAA2C,KAAK;AAC9D,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU,WAAW;AAAA,MAC9B,OAAO,UAAU,QAAQ;AAAA,MACzB,WAAW;AAAA,IACb;AAAA,EACF;AACF;AAIA,eAAsB,yBAAyB;AA1J/C;AA2JE,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAE1D,MAAI,CAAC,eAAe;AAClB,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,UAAU,oBAAoB,eAAe,IAAI;AAC7E,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAGA,eAAsB,aAAa;AA/KnC;AAgLE,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,SAAQ,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AAEjD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,UAAU,cAAc,KAAK;AACzD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAEA,eAAsB,iBAAiB,OAAe;AACpD,MAAI;AACF,UAAM,cAAc,MAAM,QAAQ;AAClC,gBAAY,IAAI,kBAAkB,OAAO;AAAA,MACvC,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,UAAU;AAAA,MACV,QAAQ,KAAK;AAAA;AAAA,MACb,MAAM;AAAA,IACR,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACrD,QAAQ;AACN,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EAC/D;AACF;AAEE,eAAsB,kBAAkB,OAAgD;AACtF,MAAI;AACF,UAAM,eAAe,MAAM,UAAU,cAAc,KAAK;AACxD,WAAO;AAAA,MACL,OAAO;AAAA,MACP,KAAK,aAAa;AAAA,MAClB,OAAO,aAAa,SAAS;AAAA,MAC7B,UAAU,aAAa;AAAA,IACzB;AAAA,EACF,SAAS,OAAO;AACd,UAAM,gBAAgB,wBAAwB,KAAK;AACnD,WAAO;AAAA,MACL,OAAO;AAAA,MACP,KAAK;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAGA,eAAsB,wBAAwB,SAAiD;AAC7F,MAAI;AACF,UAAM,MAAM,MAAM,UAAU,oBAAoB,OAAO;AACvD,WAAO;AAAA,MACH,OAAO;AAAA,MACP,KAAK,IAAI;AAAA,MACT,OAAO,IAAI,SAAS;AAAA,MACpB,UAAU,IAAI;AAAA,IAChB;AAAA,EACJ,SAAS,OAAO;AACd,UAAM,gBAAgB,wBAAwB,KAAK;AACnD,WAAO;AAAA,MACL,OAAO;AAAA,MACP,KAAK;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAGA,eAAsB,qBAAqB;AA7P7C;AA8PI,QAAM,cAAc,MAAM,QAAQ;AAElC,cAAY,OAAO,iBAAiB;AACpC,cAAY,OAAO,gBAAgB;AACnC,cAAY,OAAO,UAAU;AAE7B,MAAI;AAEF,UAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAC1D,QAAI,eAAe;AAEjB,YAAM,gBAAgB,MAAM,UAAU,oBAAoB,aAAa;AAGvE,YAAM,UAAU,oBAAoB,cAAc,GAAG;AAAA,IACvD;AAEA,WAAO,EAAE,SAAS,MAAM,SAAS,+BAA+B;AAAA,EAClE,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAE9C,WAAO,EAAE,SAAS,MAAM,SAAS,0BAA0B;AAAA,EAC7D;AACF;","names":[]}

package/dist/esm/admin/tenant.js

@@ -0,0 +1,43 @@
+import { TernSecureTenantManager } from "../utils/admin-init";
+async function createTenant(displayName, emailSignInConfig, multiFactorConfig) {
+  try {
+    const tenantConfig = {
+      displayName,
+      emailSignInConfig,
+      ...multiFactorConfig && { multiFactorConfig }
+    };
+    const tenant = await TernSecureTenantManager.createTenant(tenantConfig);
+    return {
+      success: true,
+      tenantId: tenant.tenantId,
+      displayName: tenant.displayName
+    };
+  } catch (error) {
+    console.error("Error creating tenant:", error);
+    throw new Error("Failed to create tenant");
+  }
+}
+async function createTenantUser(email, password, tenantId) {
+  try {
+    const tenantAuth = TernSecureTenantManager.authForTenant(tenantId);
+    const userRecord = await tenantAuth.createUser({
+      email,
+      password,
+      emailVerified: false,
+      disabled: false
+    });
+    return {
+      success: true,
+      message: "Tenant user created successfully",
+      user: userRecord.uid
+    };
+  } catch (error) {
+    console.error("Error creating tenant user:", error);
+    throw new Error("Failed to create tenant user");
+  }
+}
+export {
+  createTenant,
+  createTenantUser
+};
+//# sourceMappingURL=tenant.js.map

package/dist/esm/admin/tenant.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/admin/tenant.ts"],"sourcesContent":["import { TernSecureTenantManager } from \"../utils/admin-init\";\r\nimport type { SignInResponse } from '@tern-secure/types';\r\n\r\n\r\nexport async function createTenant(\r\n  displayName: string,\r\n  emailSignInConfig: {\r\n    enabled: boolean;\r\n    passwordRequired: boolean;\r\n  },\r\n  multiFactorConfig?: {\r\n    state: 'ENABLED' | 'DISABLED';\r\n    factorIds: \"phone\"[];\r\n    testPhoneNumbers?: {\r\n        [phoneNumber: string]: string;\r\n    }\r\n  }\r\n) {\r\n  try {\r\n    const tenantConfig = {\r\n      displayName,\r\n      emailSignInConfig,\r\n      ...(multiFactorConfig && { multiFactorConfig })\r\n    };\r\n\r\n    const tenant = await TernSecureTenantManager.createTenant(tenantConfig);\r\n    \r\n    return {\r\n      success: true,\r\n      tenantId: tenant.tenantId,\r\n      displayName: tenant.displayName,\r\n    };\r\n  } catch (error) {\r\n    console.error('Error creating tenant:', error);\r\n    throw new Error('Failed to create tenant');\r\n  }\r\n}\r\n\r\nexport async function createTenantUser(\r\n  email: string,\r\n  password: string,\r\n  tenantId: string\r\n): Promise<SignInResponse> {\r\n  try {\r\n    const tenantAuth = TernSecureTenantManager.authForTenant(tenantId);\r\n    \r\n    const userRecord = await tenantAuth.createUser({\r\n      email,\r\n      password,\r\n      emailVerified: false,\r\n      disabled: false\r\n    });\r\n\r\n    return {\r\n      success: true,\r\n      message: 'Tenant user created successfully',\r\n      user: userRecord.uid,\r\n    };\r\n  } catch (error) {\r\n    console.error('Error creating tenant user:', error);\r\n    throw new Error('Failed to create tenant user');\r\n  }\r\n}\r\n"],"mappings":"AAAA,SAAS,+BAA+B;AAIxC,eAAsB,aACpB,aACA,mBAIA,mBAOA;AACA,MAAI;AACF,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA,GAAI,qBAAqB,EAAE,kBAAkB;AAAA,IAC/C;AAEA,UAAM,SAAS,MAAM,wBAAwB,aAAa,YAAY;AAEtE,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,OAAO;AAAA,MACjB,aAAa,OAAO;AAAA,IACtB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,0BAA0B,KAAK;AAC7C,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AACF;AAEA,eAAsB,iBACpB,OACA,UACA,UACyB;AACzB,MAAI;AACF,UAAM,aAAa,wBAAwB,cAAc,QAAQ;AAEjE,UAAM,aAAa,MAAM,WAAW,WAAW;AAAA,MAC7C;AAAA,MACA;AAAA,MACA,eAAe;AAAA,MACf,UAAU;AAAA,IACZ,CAAC;AAED,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,MAAM,WAAW;AAAA,IACnB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACF;","names":[]}

package/dist/esm/index.js

@@ -0,0 +1,24 @@
+import {
+  verifyTernSessionCookie,
+  createSessionCookie,
+  clearSessionCookie
+} from "./admin/sessionTernSecure";
+import {
+  adminTernSecureAuth,
+  adminTernSecureDb,
+  TernSecureTenantManager
+} from "./utils/admin-init";
+import { initializeAdminConfig } from "./utils/config";
+import { createTenant, createTenantUser } from "./admin/tenant";
+export {
+  TernSecureTenantManager,
+  adminTernSecureAuth,
+  adminTernSecureDb,
+  clearSessionCookie,
+  createSessionCookie,
+  createTenant,
+  createTenantUser,
+  initializeAdminConfig,
+  verifyTernSessionCookie
+};
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { \n    verifyTernSessionCookie,\n    createSessionCookie, \n    clearSessionCookie \n} from './admin/sessionTernSecure'\nexport { \n    adminTernSecureAuth, \n    adminTernSecureDb, \n    TernSecureTenantManager \n} from './utils/admin-init'\nexport { initializeAdminConfig } from './utils/config'\nexport { createTenant, createTenantUser } from './admin/tenant'"],"mappings":"AAAA;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP,SAAS,6BAA6B;AACtC,SAAS,cAAc,wBAAwB;","names":[]}

package/dist/esm/ternsecureauth.js

@@ -0,0 +1,16 @@
+class TernSecureAuthProvider {
+  static instance;
+  static getOrCreateInstance() {
+    if (!TernSecureAuthProvider.instance) {
+      TernSecureAuthProvider.instance = new TernSecureAuthProvider();
+    }
+    return TernSecureAuthProvider.instance;
+  }
+  static clearInstance() {
+    TernSecureAuthProvider.instance = null;
+  }
+}
+export {
+  TernSecureAuthProvider
+};
+//# sourceMappingURL=ternsecureauth.js.map

package/dist/esm/ternsecureauth.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/ternsecureauth.ts"],"sourcesContent":["/**\n * Firebase implementation of the TernSecureAuthProvider interface\n */\nexport class TernSecureAuthProvider  {\n    private static instance: TernSecureAuthProvider | null;\n\n    public static getOrCreateInstance(): TernSecureAuthProvider {\n        if (!TernSecureAuthProvider.instance) {\n            TernSecureAuthProvider.instance = new TernSecureAuthProvider();\n        }\n        return TernSecureAuthProvider.instance;\n    }\n\n    static clearInstance() {\n        TernSecureAuthProvider.instance = null;\n    }\n\n}"],"mappings":"AAGO,MAAM,uBAAwB;AAAA,EACjC,OAAe;AAAA,EAEf,OAAc,sBAA8C;AACxD,QAAI,CAAC,uBAAuB,UAAU;AAClC,6BAAuB,WAAW,IAAI,uBAAuB;AAAA,IACjE;AACA,WAAO,uBAAuB;AAAA,EAClC;AAAA,EAEA,OAAO,gBAAgB;AACnB,2BAAuB,WAAW;AAAA,EACtC;AAEJ;","names":[]}

package/dist/esm/utils/admin-init.js

@@ -0,0 +1,24 @@
+import admin from "firebase-admin";
+import { initializeAdminConfig } from "./config";
+if (!admin.apps.length) {
+  try {
+    const config = initializeAdminConfig();
+    admin.initializeApp({
+      credential: admin.credential.cert({
+        ...config,
+        privateKey: config.privateKey.replace(/\\n/g, "\n")
+      })
+    });
+  } catch (error) {
+    console.error("Firebase admin initialization error", error);
+  }
+}
+const adminTernSecureAuth = admin.auth();
+const adminTernSecureDb = admin.firestore();
+const TernSecureTenantManager = admin.auth().tenantManager();
+export {
+  TernSecureTenantManager,
+  adminTernSecureAuth,
+  adminTernSecureDb
+};
+//# sourceMappingURL=admin-init.js.map

package/dist/esm/utils/admin-init.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/admin-init.ts"],"sourcesContent":["import admin from 'firebase-admin';\r\nimport { initializeAdminConfig } from './config';\r\n\r\n// Initialize Firebase Admin if not already initialized\r\nif (!admin.apps.length) {\r\n  try {\r\n    const config = initializeAdminConfig();\r\n    admin.initializeApp({\r\n      credential: admin.credential.cert({\r\n        ...config,\r\n        privateKey: config.privateKey.replace(/\\\\n/g, '\\n'),\r\n      }),\r\n    });\r\n  } catch (error) {\r\n    console.error('Firebase admin initialization error', error);\r\n  }\r\n}\r\n\r\n// Add explicit type annotations using the types from the admin namespace\r\nexport const adminTernSecureAuth: admin.auth.Auth = admin.auth();\r\nexport const adminTernSecureDb: admin.firestore.Firestore = admin.firestore();\r\nexport const TernSecureTenantManager: admin.auth.TenantManager = admin.auth().tenantManager();"],"mappings":"AAAA,OAAO,WAAW;AAClB,SAAS,6BAA6B;AAGtC,IAAI,CAAC,MAAM,KAAK,QAAQ;AACtB,MAAI;AACF,UAAM,SAAS,sBAAsB;AACrC,UAAM,cAAc;AAAA,MAClB,YAAY,MAAM,WAAW,KAAK;AAAA,QAChC,GAAG;AAAA,QACH,YAAY,OAAO,WAAW,QAAQ,QAAQ,IAAI;AAAA,MACpD,CAAC;AAAA,IACH,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,uCAAuC,KAAK;AAAA,EAC5D;AACF;AAGO,MAAM,sBAAuC,MAAM,KAAK;AACxD,MAAM,oBAA+C,MAAM,UAAU;AACrE,MAAM,0BAAoD,MAAM,KAAK,EAAE,cAAc;","names":[]}

package/dist/esm/utils/config.js

@@ -0,0 +1,84 @@
+const loadFireConfig = () => ({
+  apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || "",
+  authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || "",
+  projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || "",
+  storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || "",
+  messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || "",
+  appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || "",
+  measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID || void 0
+});
+const validateConfig = (config) => {
+  const requiredFields = [
+    "apiKey",
+    "authDomain",
+    "projectId",
+    "storageBucket",
+    "messagingSenderId",
+    "appId"
+  ];
+  const errors = [];
+  requiredFields.forEach((field) => {
+    if (!config[field]) {
+      errors.push(`Missing required field: NEXT_PUBLIC_FIREBASE_${String(field).toUpperCase()}`);
+    }
+  });
+  return {
+    isValid: errors.length === 0,
+    errors,
+    config
+  };
+};
+const initializeConfig = () => {
+  const config = loadFireConfig();
+  const validationResult = validateConfig(config);
+  if (!validationResult.isValid) {
+    throw new Error(
+      `Firebase configuration validation failed:
+${validationResult.errors.join("\n")}`
+    );
+  }
+  return config;
+};
+const loadAdminConfig = () => ({
+  projectId: process.env.FIREBASE_PROJECT_ID || "",
+  clientEmail: process.env.FIREBASE_CLIENT_EMAIL || "",
+  privateKey: process.env.FIREBASE_PRIVATE_KEY || ""
+});
+const validateAdminConfig = (config) => {
+  const requiredFields = [
+    "projectId",
+    "clientEmail",
+    "privateKey"
+  ];
+  const errors = [];
+  requiredFields.forEach((field) => {
+    if (!config[field]) {
+      errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`);
+    }
+  });
+  return {
+    isValid: errors.length === 0,
+    errors,
+    config
+  };
+};
+const initializeAdminConfig = () => {
+  const config = loadAdminConfig();
+  const validationResult = validateAdminConfig(config);
+  if (!validationResult.isValid) {
+    throw new Error(
+      `Firebase Admin configuration validation failed:
+${validationResult.errors.join("\n")}`
+    );
+  }
+  return config;
+};
+export {
+  initializeAdminConfig,
+  initializeConfig,
+  loadAdminConfig,
+  loadFireConfig,
+  validateAdminConfig,
+  validateConfig
+};
+//# sourceMappingURL=config.js.map

package/dist/esm/utils/config.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/config.ts"],"sourcesContent":["import { \r\n  TernSecureConfig, \r\n  ConfigValidationResult, \r\n  TernSecureAdminConfig, \r\n  AdminConfigValidationResult \r\n} from '@tern-secure/types'\r\n\r\n/**\r\n * Loads Firebase configuration from environment variables\r\n * @returns {TernSecureConfig} Firebase configuration object\r\n */\r\nexport const loadFireConfig = (): TernSecureConfig => ({\r\n  apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\r\n  authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\r\n  projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\r\n  storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\r\n  messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\r\n  appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\r\n  measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID || undefined,\r\n})\r\n\r\n/**\r\n * Validates Firebase configuration\r\n * @param {TernSecureConfig} config - Firebase configuration object\r\n * @throws {Error} If required configuration values are missing\r\n * @returns {TernSecureConfig} Validated configuration object\r\n */\r\nexport const validateConfig = (config: TernSecureConfig): ConfigValidationResult => {\r\n  const requiredFields: (keyof TernSecureConfig)[] = [\r\n    'apiKey',\r\n    'authDomain',\r\n    'projectId',\r\n    'storageBucket',\r\n    'messagingSenderId',\r\n    'appId'\r\n  ]\r\n\r\n  const errors: string[] = []\r\n  \r\n  requiredFields.forEach(field => {\r\n    if (!config[field]) {\r\n      errors.push(`Missing required field: NEXT_PUBLIC_FIREBASE_${String(field).toUpperCase()}`)\r\n    }\r\n  })\r\n\r\n  return {\r\n    isValid: errors.length === 0,\r\n    errors,\r\n    config\r\n  }\r\n}\r\n\r\n/**\r\n * Initializes configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeConfig = (): TernSecureConfig => {\r\n  const config = loadFireConfig()\r\n  const validationResult = validateConfig(config)\r\n\r\n  if (!validationResult.isValid) {\r\n    throw new Error(\r\n      `Firebase configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n    )\r\n  }\r\n\r\n  return config\r\n}\r\n\r\n/**\r\n * Loads Firebase Admin configuration from environment variables\r\n * @returns {AdminConfig} Firebase Admin configuration object\r\n */\r\nexport const loadAdminConfig = (): TernSecureAdminConfig => ({\r\n  projectId: process.env.FIREBASE_PROJECT_ID || '',\r\n  clientEmail: process.env.FIREBASE_CLIENT_EMAIL || '',\r\n  privateKey: process.env.FIREBASE_PRIVATE_KEY || '',\r\n})\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateAdminConfig = (config: TernSecureAdminConfig): AdminConfigValidationResult => {\r\n  const requiredFields: (keyof TernSecureAdminConfig)[] = [\r\n    'projectId',\r\n    'clientEmail',\r\n    'privateKey'\r\n  ]\r\n\r\n  const errors: string[] = []\r\n  \r\n  requiredFields.forEach(field => {\r\n    if (!config[field]) {\r\n      errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`)\r\n    }\r\n  })\r\n\r\n  return {\r\n    isValid: errors.length === 0,\r\n    errors,\r\n    config\r\n  }\r\n}\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeAdminConfig = (): TernSecureAdminConfig => {\r\n  const config = loadAdminConfig()\r\n  const validationResult = validateAdminConfig(config)\r\n\r\n  if (!validationResult.isValid) {\r\n    throw new Error(\r\n      `Firebase Admin configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n    )\r\n  }\r\n\r\n  return config\r\n}"],"mappings":"AAWO,MAAM,iBAAiB,OAAyB;AAAA,EACrD,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,EACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,EAC5D,WAAW,QAAQ,IAAI,mCAAmC;AAAA,EAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,EAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,EAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,EAClD,eAAe,QAAQ,IAAI,uCAAuC;AACpE;AAQO,MAAM,iBAAiB,CAAC,WAAqD;AAClF,QAAM,iBAA6C;AAAA,IACjD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,gDAAgD,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC3F;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,mBAAmB,MAAwB;AACtD,QAAM,SAAS,eAAe;AAC9B,QAAM,mBAAmB,eAAe,MAAM;AAE9C,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAA8C,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IAClF;AAAA,EACF;AAEA,SAAO;AACT;AAMO,MAAM,kBAAkB,OAA8B;AAAA,EAC3D,WAAW,QAAQ,IAAI,uBAAuB;AAAA,EAC9C,aAAa,QAAQ,IAAI,yBAAyB;AAAA,EAClD,YAAY,QAAQ,IAAI,wBAAwB;AAClD;AAOO,MAAM,sBAAsB,CAAC,WAA+D;AACjG,QAAM,iBAAkD;AAAA,IACtD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,oCAAoC,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC/E;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,wBAAwB,MAA6B;AAChE,QAAM,SAAS,gBAAgB;AAC/B,QAAM,mBAAmB,oBAAoB,MAAM;AAEnD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAoD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACxF;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}

package/dist/types/admin/sessionTernSecure.d.ts

@@ -0,0 +1,36 @@
+import { type AuthErrorResponse, type SessionParams, type SessionResult } from '@tern-secure/types';
+export interface User {
+    uid: string | null;
+    email: string | null;
+}
+export interface Session {
+    user: User | null;
+    token: string | null;
+    error: Error | null;
+}
+interface TernVerificationResult extends User {
+    valid: boolean;
+    authTime?: number;
+    error?: AuthErrorResponse;
+}
+export declare function createSessionCookie(params: SessionParams | string): Promise<SessionResult>;
+export declare function getServerSessionCookie(): Promise<{
+    token: string;
+    userId: string;
+}>;
+export declare function getIdToken(): Promise<{
+    token: string;
+    userId: string;
+}>;
+export declare function setServerSession(token: string): Promise<{
+    success: boolean;
+    message: string;
+}>;
+export declare function verifyTernIdToken(token: string): Promise<TernVerificationResult>;
+export declare function verifyTernSessionCookie(session: string): Promise<TernVerificationResult>;
+export declare function clearSessionCookie(): Promise<{
+    success: boolean;
+    message: string;
+}>;
+export {};
+//# sourceMappingURL=sessionTernSecure.d.ts.map

package/dist/types/admin/sessionTernSecure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessionTernSecure.d.ts","sourceRoot":"","sources":["../../../src/admin/sessionTernSecure.ts"],"names":[],"mappings":"AAIA,OAAO,EAA2B,KAAK,iBAAiB,EAAE,KAAK,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAM7H,MAAM,WAAW,IAAI;IACjB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAEH,MAAM,WAAW,OAAO;IACpB,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACvB;AAED,UAAU,sBAAuB,SAAQ,IAAI;IAC3C,KAAK,EAAE,OAAO,CAAA;IACd,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,KAAK,CAAC,EAAE,iBAAiB,CAAA;CAC1B;AAmBD,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CA0GhG;AAID,wBAAsB,sBAAsB;;;GAkB3C;AAGD,wBAAsB,UAAU;;;GAkB/B;AAED,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM;;;GAcnD;AAEC,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAkBtF;AAGD,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAkB9F;AAGD,wBAAsB,kBAAkB;;;GAwBvC"}

package/dist/types/admin/tenant.d.ts

@@ -0,0 +1,17 @@
+import type { SignInResponse } from '@tern-secure/types';
+export declare function createTenant(displayName: string, emailSignInConfig: {
+    enabled: boolean;
+    passwordRequired: boolean;
+}, multiFactorConfig?: {
+    state: 'ENABLED' | 'DISABLED';
+    factorIds: "phone"[];
+    testPhoneNumbers?: {
+        [phoneNumber: string]: string;
+    };
+}): Promise<{
+    success: boolean;
+    tenantId: string;
+    displayName: string | undefined;
+}>;
+export declare function createTenantUser(email: string, password: string, tenantId: string): Promise<SignInResponse>;
+//# sourceMappingURL=tenant.d.ts.map

package/dist/types/admin/tenant.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenant.d.ts","sourceRoot":"","sources":["../../../src/admin/tenant.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAGzD,wBAAsB,YAAY,CAChC,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,EAAE,OAAO,CAAC;CAC3B,EACD,iBAAiB,CAAC,EAAE;IAClB,KAAK,EAAE,SAAS,GAAG,UAAU,CAAC;IAC9B,SAAS,EAAE,OAAO,EAAE,CAAC;IACrB,gBAAgB,CAAC,EAAE;QACf,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;KACjC,CAAA;CACF;;;;GAoBF;AAED,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,CAAC,CAoBzB"}

package/dist/types/index.d.ts

@@ -0,0 +1,5 @@
+export { verifyTernSessionCookie, createSessionCookie, clearSessionCookie } from './admin/sessionTernSecure';
+export { adminTernSecureAuth, adminTernSecureDb, TernSecureTenantManager } from './utils/admin-init';
+export { initializeAdminConfig } from './utils/config';
+export { createTenant, createTenantUser } from './admin/tenant';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,uBAAuB,EACvB,mBAAmB,EACnB,kBAAkB,EACrB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EACH,mBAAmB,EACnB,iBAAiB,EACjB,uBAAuB,EAC1B,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AACtD,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA"}

package/dist/types/ternsecureauth.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Firebase implementation of the TernSecureAuthProvider interface
+ */
+export declare class TernSecureAuthProvider {
+    private static instance;
+    static getOrCreateInstance(): TernSecureAuthProvider;
+    static clearInstance(): void;
+}
+//# sourceMappingURL=ternsecureauth.d.ts.map

package/dist/types/ternsecureauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ternsecureauth.d.ts","sourceRoot":"","sources":["../../src/ternsecureauth.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,sBAAsB;IAC/B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAgC;WAEzC,mBAAmB,IAAI,sBAAsB;IAO3D,MAAM,CAAC,aAAa;CAIvB"}

package/dist/types/utils/admin-init.d.ts

@@ -0,0 +1,5 @@
+import admin from 'firebase-admin';
+export declare const adminTernSecureAuth: admin.auth.Auth;
+export declare const adminTernSecureDb: admin.firestore.Firestore;
+export declare const TernSecureTenantManager: admin.auth.TenantManager;
+//# sourceMappingURL=admin-init.d.ts.map

package/dist/types/utils/admin-init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-init.d.ts","sourceRoot":"","sources":["../../../src/utils/admin-init.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,gBAAgB,CAAC;AAmBnC,eAAO,MAAM,mBAAmB,EAAE,KAAK,CAAC,IAAI,CAAC,IAAmB,CAAC;AACjE,eAAO,MAAM,iBAAiB,EAAE,KAAK,CAAC,SAAS,CAAC,SAA6B,CAAC;AAC9E,eAAO,MAAM,uBAAuB,EAAE,KAAK,CAAC,IAAI,CAAC,aAA4C,CAAC"}

package/dist/types/utils/config.d.ts

@@ -0,0 +1,35 @@
+import { TernSecureConfig, ConfigValidationResult, TernSecureAdminConfig, AdminConfigValidationResult } from '@tern-secure/types';
+/**
+ * Loads Firebase configuration from environment variables
+ * @returns {TernSecureConfig} Firebase configuration object
+ */
+export declare const loadFireConfig: () => TernSecureConfig;
+/**
+ * Validates Firebase configuration
+ * @param {TernSecureConfig} config - Firebase configuration object
+ * @throws {Error} If required configuration values are missing
+ * @returns {TernSecureConfig} Validated configuration object
+ */
+export declare const validateConfig: (config: TernSecureConfig) => ConfigValidationResult;
+/**
+ * Initializes configuration with validation
+ * @throws {Error} If configuration is invalid
+ */
+export declare const initializeConfig: () => TernSecureConfig;
+/**
+ * Loads Firebase Admin configuration from environment variables
+ * @returns {AdminConfig} Firebase Admin configuration object
+ */
+export declare const loadAdminConfig: () => TernSecureAdminConfig;
+/**
+ * Validates Firebase Admin configuration
+ * @param {AdminConfig} config - Firebase Admin configuration object
+ * @returns {ConfigValidationResult} Validation result
+ */
+export declare const validateAdminConfig: (config: TernSecureAdminConfig) => AdminConfigValidationResult;
+/**
+ * Initializes admin configuration with validation
+ * @throws {Error} If configuration is invalid
+ */
+export declare const initializeAdminConfig: () => TernSecureAdminConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/types/utils/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,qBAAqB,EACrB,2BAA2B,EAC5B,MAAM,oBAAoB,CAAA;AAE3B;;;GAGG;AACH,eAAO,MAAM,cAAc,QAAO,gBAQhC,CAAA;AAEF;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,QAAQ,gBAAgB,KAAG,sBAuBzD,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,gBAAgB,QAAO,gBAWnC,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,eAAe,QAAO,qBAIjC,CAAA;AAEF;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,GAAI,QAAQ,qBAAqB,KAAG,2BAoBnE,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,qBAAqB,QAAO,qBAWxC,CAAA"}