@tern-secure/backend 1.1.6 → 1.1.8

package/dist/admin/index.js

@@ -0,0 +1,705 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/admin/index.ts
+var admin_exports = {};
+__export(admin_exports, {
+  ClearNextSessionCookie: () => ClearNextSessionCookie,
+  CreateNextSessionCookie: () => CreateNextSessionCookie,
+  GetNextIdToken: () => GetNextIdToken,
+  GetNextServerSessionCookie: () => GetNextServerSessionCookie,
+  SetNextServerSession: () => SetNextServerSession,
+  SetNextServerToken: () => SetNextServerToken,
+  TernSecureTenantManager: () => TernSecureTenantManager,
+  VerifyNextTernIdToken: () => VerifyNextTernIdToken,
+  VerifyNextTernSessionCookie: () => VerifyNextTernSessionCookie,
+  adminTernSecureAuth: () => adminTernSecureAuth,
+  adminTernSecureDb: () => adminTernSecureDb,
+  authenticateRequest: () => authenticateRequest,
+  clearSessionCookie: () => clearSessionCookie,
+  createBackendInstance: () => createBackendInstance,
+  createSessionCookie: () => createSessionCookie,
+  createTenant: () => createTenant,
+  createTenantUser: () => createTenantUser,
+  initializeAdminConfig: () => initializeAdminConfig,
+  signedIn: () => signedIn
+});
+module.exports = __toCommonJS(admin_exports);
+
+// src/admin/sessionTernSecure.ts
+var import_errors = require("@tern-secure/shared/errors");
+
+// src/tokens/sessionConfig.ts
+var getSessionConfig = (options) => {
+  const cookieConfig = options?.cookies?.session_cookie;
+  return {
+    COOKIE_NAME: cookieConfig?.name,
+    DEFAULT_EXPIRES_IN_MS: cookieConfig?.attributes?.maxAge,
+    DEFAULT_EXPIRES_IN_SECONDS: Math.floor((cookieConfig?.attributes?.maxAge || 0) / 1e3),
+    REVOKE_REFRESH_TOKENS_ON_SIGNOUT: cookieConfig?.revokeRefreshTokensOnSignOut
+  };
+};
+var getCookieOptions = (options) => {
+  const cookieConfig = options?.cookies?.session_cookie;
+  return {
+    httpOnly: cookieConfig?.attributes?.httpOnly,
+    secure: cookieConfig?.attributes?.secure,
+    sameSite: cookieConfig?.attributes?.sameSite,
+    path: cookieConfig?.attributes?.path
+  };
+};
+
+// src/utils/admin-init.ts
+var import_firebase_admin = __toESM(require("firebase-admin"));
+
+// src/utils/config.ts
+var loadAdminConfig = () => ({
+  projectId: process.env.FIREBASE_PROJECT_ID || "",
+  clientEmail: process.env.FIREBASE_CLIENT_EMAIL || "",
+  privateKey: process.env.FIREBASE_PRIVATE_KEY || ""
+});
+var validateAdminConfig = (config) => {
+  const requiredFields = [
+    "projectId",
+    "clientEmail",
+    "privateKey"
+  ];
+  const errors = [];
+  requiredFields.forEach((field) => {
+    if (!config[field]) {
+      errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`);
+    }
+  });
+  return {
+    isValid: errors.length === 0,
+    errors,
+    config
+  };
+};
+var initializeAdminConfig = () => {
+  const config = loadAdminConfig();
+  const validationResult = validateAdminConfig(config);
+  if (!validationResult.isValid) {
+    throw new Error(
+      `Firebase Admin configuration validation failed:
+${validationResult.errors.join("\n")}`
+    );
+  }
+  return config;
+};
+
+// src/utils/admin-init.ts
+if (!import_firebase_admin.default.apps.length) {
+  try {
+    const config = initializeAdminConfig();
+    import_firebase_admin.default.initializeApp({
+      credential: import_firebase_admin.default.credential.cert({
+        ...config,
+        privateKey: config.privateKey.replace(/\\n/g, "\n")
+      })
+    });
+  } catch (error) {
+    console.error("Firebase admin initialization error", error);
+  }
+}
+var adminTernSecureAuth = import_firebase_admin.default.auth();
+var adminTernSecureDb = import_firebase_admin.default.firestore();
+var TernSecureTenantManager = import_firebase_admin.default.auth().tenantManager();
+function getAuthForTenant(tenantId) {
+  if (tenantId) {
+    return TernSecureTenantManager.authForTenant(tenantId);
+  }
+  return import_firebase_admin.default.auth();
+}
+
+// src/admin/sessionTernSecure.ts
+var SESSION_CONSTANTS = {
+  COOKIE_NAME: "_session_cookie",
+  //DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1000, // 5 days
+  //DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5, // 5days
+  DEFAULT_EXPIRES_IN_MS: 5 * 60 * 1e3,
+  // 5 minutes
+  DEFAULT_EXPIRES_IN_SECONDS: 5 * 60,
+  REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
+};
+var COOKIE_OPTIONS = {
+  httpOnly: true,
+  secure: process.env.NODE_ENV === "production",
+  sameSite: "strict",
+  path: "/"
+};
+async function createSessionCookie(params, cookieStore, options) {
+  try {
+    const tenantAuth = getAuthForTenant(options?.tenantId);
+    const sessionConfig = getSessionConfig(options);
+    const cookieOptions = getCookieOptions(options);
+    let decodedToken;
+    let sessionCookie;
+    const idToken = typeof params === "string" ? params : params.idToken;
+    if (!idToken) {
+      const error = new Error("ID token is required for session creation");
+      console.error("[createSessionCookie] Missing ID token:", error);
+      return {
+        success: false,
+        message: "ID token is required",
+        error: "INVALID_TOKEN",
+        cookieSet: false
+      };
+    }
+    try {
+      console.log("Verifying ID token for tenant:", options?.tenantId);
+      decodedToken = await tenantAuth.verifyIdToken(idToken);
+    } catch (verifyError) {
+      console.error(
+        "[createSessionCookie] ID token verification failed:",
+        verifyError
+      );
+      const authError = (0, import_errors.handleFirebaseAuthError)(verifyError);
+      return {
+        success: false,
+        message: authError.message,
+        error: authError.code,
+        cookieSet: false
+      };
+    }
+    if (!decodedToken) {
+      const error = new Error("Invalid ID token - verification returned null");
+      console.error(
+        "[createSessionCookie] Token verification returned null:",
+        error
+      );
+      return {
+        success: false,
+        message: "Invalid ID token",
+        error: "INVALID_TOKEN",
+        cookieSet: false
+      };
+    }
+    try {
+      sessionCookie = await tenantAuth.createSessionCookie(idToken, {
+        expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_MS
+      });
+    } catch (sessionError) {
+      console.error(
+        "[createSessionCookie] Firebase session cookie creation failed:",
+        sessionError
+      );
+      const authError = (0, import_errors.handleFirebaseAuthError)(sessionError);
+      return {
+        success: false,
+        message: authError.message,
+        error: authError.code,
+        cookieSet: false
+      };
+    }
+    let cookieSetSuccessfully = false;
+    try {
+      cookieStore.set(SESSION_CONSTANTS.COOKIE_NAME, sessionCookie, {
+        maxAge: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,
+        ...COOKIE_OPTIONS
+      });
+      const verifySetCookie = await cookieStore.get(
+        SESSION_CONSTANTS.COOKIE_NAME
+      );
+      cookieSetSuccessfully = !!verifySetCookie?.value;
+      if (!cookieSetSuccessfully) {
+        const error = new Error("Session cookie was not set successfully");
+        console.error(
+          "[createSessionCookie] Cookie verification failed:",
+          error
+        );
+        throw error;
+      }
+    } catch (cookieError) {
+      console.error(
+        "[createSessionCookie] Failed to set session cookie:",
+        cookieError
+      );
+      return {
+        success: false,
+        message: "Failed to set session cookie",
+        error: "COOKIE_SET_FAILED",
+        cookieSet: false
+      };
+    }
+    console.log(
+      `[createSessionCookie] Session cookie created successfully for user: ${decodedToken.uid}`
+    );
+    return {
+      success: true,
+      message: "Session created successfully",
+      expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,
+      cookieSet: cookieSetSuccessfully
+    };
+  } catch (error) {
+    console.error("[createSessionCookie] Unexpected error:", error);
+    const authError = (0, import_errors.handleFirebaseAuthError)(error);
+    return {
+      success: false,
+      message: authError.message || "Failed to create session",
+      error: authError.code || "INTERNAL_ERROR",
+      cookieSet: false
+    };
+  }
+}
+async function clearSessionCookie(cookieStore, options) {
+  try {
+    const adminAuth = getAuthForTenant(options?.tenantId);
+    const sessionCookie = await cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);
+    await cookieStore.delete(SESSION_CONSTANTS.COOKIE_NAME);
+    await cookieStore.delete("_session_token");
+    await cookieStore.delete("_session");
+    if (SESSION_CONSTANTS.REVOKE_REFRESH_TOKENS_ON_SIGNOUT && sessionCookie?.value) {
+      try {
+        const decodedClaims = await adminAuth.verifySessionCookie(
+          sessionCookie.value
+        );
+        await adminAuth.revokeRefreshTokens(decodedClaims.sub);
+        console.log(
+          `[clearSessionCookie] Successfully revoked tokens for user: ${decodedClaims.sub}`
+        );
+      } catch (revokeError) {
+        console.error(
+          "[clearSessionCookie] Failed to revoke refresh tokens:",
+          revokeError
+        );
+      }
+    }
+    console.log("[clearSessionCookie] Session cookies cleared successfully");
+    return {
+      success: true,
+      message: "Session cleared successfully",
+      cookieSet: false
+    };
+  } catch (error) {
+    console.error("[clearSessionCookie] Unexpected error:", error);
+    const authError = (0, import_errors.handleFirebaseAuthError)(error);
+    return {
+      success: false,
+      message: authError.message || "Failed to clear session",
+      error: authError.code || "INTERNAL_ERROR",
+      cookieSet: false
+    };
+  }
+}
+
+// src/admin/tenant.ts
+async function createTenant(displayName, emailSignInConfig, multiFactorConfig) {
+  try {
+    const tenantConfig = {
+      displayName,
+      emailSignInConfig,
+      ...multiFactorConfig && { multiFactorConfig }
+    };
+    const tenant = await TernSecureTenantManager.createTenant(tenantConfig);
+    return {
+      success: true,
+      tenantId: tenant.tenantId,
+      displayName: tenant.displayName
+    };
+  } catch (error) {
+    console.error("Error creating tenant:", error);
+    throw new Error("Failed to create tenant");
+  }
+}
+async function createTenantUser(email, password, tenantId) {
+  try {
+    const tenantAuth = TernSecureTenantManager.authForTenant(tenantId);
+    const userRecord = await tenantAuth.createUser({
+      email,
+      password,
+      emailVerified: false,
+      disabled: false
+    });
+    return {
+      success: true,
+      message: "Tenant user created successfully",
+      user: userRecord.uid
+    };
+  } catch (error) {
+    console.error("Error creating tenant user:", error);
+    throw new Error("Failed to create tenant user");
+  }
+}
+
+// src/admin/nextSessionTernSecure.ts
+var import_errors2 = require("@tern-secure/shared/errors");
+var import_headers = require("next/headers");
+var SESSION_CONSTANTS2 = {
+  COOKIE_NAME: "_session_cookie",
+  DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1e3,
+  // 5 days
+  DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5,
+  REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
+};
+async function CreateNextSessionCookie(idToken) {
+  try {
+    const expiresIn = 60 * 60 * 24 * 5 * 1e3;
+    const sessionCookie = await adminTernSecureAuth.createSessionCookie(idToken, {
+      expiresIn
+    });
+    const cookieStore = await (0, import_headers.cookies)();
+    cookieStore.set("_session_cookie", sessionCookie, {
+      maxAge: expiresIn,
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      path: "/"
+    });
+    return { success: true, message: "Session created" };
+  } catch (error) {
+    return { success: false, message: "Failed to create session" };
+  }
+}
+async function GetNextServerSessionCookie() {
+  const cookieStore = await (0, import_headers.cookies)();
+  const sessionCookie = cookieStore.get("_session_cookie")?.value;
+  if (!sessionCookie) {
+    throw new Error("No session cookie found");
+  }
+  try {
+    const decondeClaims = await adminTernSecureAuth.verifySessionCookie(
+      sessionCookie,
+      true
+    );
+    return {
+      token: sessionCookie,
+      userId: decondeClaims.uid
+    };
+  } catch (error) {
+    console.error("Error verifying session:", error);
+    throw new Error("Invalid Session");
+  }
+}
+async function GetNextIdToken() {
+  const cookieStore = await (0, import_headers.cookies)();
+  const token = cookieStore.get("_session_token")?.value;
+  if (!token) {
+    throw new Error("No session cookie found");
+  }
+  try {
+    const decodedClaims = await adminTernSecureAuth.verifyIdToken(token);
+    return {
+      token,
+      userId: decodedClaims.uid
+    };
+  } catch (error) {
+    console.error("Error verifying session:", error);
+    throw new Error("Invalid Session");
+  }
+}
+async function SetNextServerSession(token) {
+  try {
+    const cookieStore = await (0, import_headers.cookies)();
+    cookieStore.set("_session_token", token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "strict",
+      maxAge: 60 * 60,
+      // 1 hour
+      path: "/"
+    });
+    return { success: true, message: "Session created" };
+  } catch {
+    return { success: false, message: "Failed to create session" };
+  }
+}
+async function SetNextServerToken(token) {
+  try {
+    const cookieStore = await (0, import_headers.cookies)();
+    cookieStore.set("_tern", token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "strict",
+      maxAge: 60 * 60,
+      // 1 hour
+      path: "/"
+    });
+    return { success: true, message: "Session created" };
+  } catch {
+    return { success: false, message: "Failed to create session" };
+  }
+}
+async function VerifyNextTernIdToken(token) {
+  try {
+    const decodedToken = await adminTernSecureAuth.verifyIdToken(token);
+    return {
+      ...decodedToken,
+      valid: true
+    };
+  } catch (error) {
+    console.error("[VerifyNextTernIdToken] Error verifying session:", error);
+    const authError = (0, import_errors2.handleFirebaseAuthError)(error);
+    return {
+      valid: false,
+      error: authError
+    };
+  }
+}
+async function VerifyNextTernSessionCookie(session) {
+  try {
+    const res = await adminTernSecureAuth.verifySessionCookie(session);
+    console.warn(
+      "[VerifyNextTernSessionCookie] uid in Decoded Token:",
+      res.uid
+    );
+    return {
+      valid: true,
+      ...res
+    };
+  } catch (error) {
+    console.error(
+      "[VerifyNextTernSessionCookie] Error verifying session:",
+      error
+    );
+    const authError = (0, import_errors2.handleFirebaseAuthError)(error);
+    return {
+      valid: false,
+      error: authError
+    };
+  }
+}
+async function ClearNextSessionCookie(tenantId) {
+  try {
+    console.log("[clearSessionCookie] Clearing session for tenant:", tenantId);
+    const tenantAuth = getAuthForTenant(tenantId);
+    const cookieStore = await (0, import_headers.cookies)();
+    const sessionCookie = cookieStore.get(SESSION_CONSTANTS2.COOKIE_NAME);
+    cookieStore.delete(SESSION_CONSTANTS2.COOKIE_NAME);
+    cookieStore.delete("_session_token");
+    cookieStore.delete("_session");
+    if (SESSION_CONSTANTS2.REVOKE_REFRESH_TOKENS_ON_SIGNOUT && sessionCookie?.value) {
+      try {
+        const decodedClaims = await tenantAuth.verifySessionCookie(
+          sessionCookie.value
+        );
+        await tenantAuth.revokeRefreshTokens(decodedClaims.sub);
+        console.log(
+          `[clearSessionCookie] Successfully revoked tokens for user: ${decodedClaims.sub}`
+        );
+      } catch (revokeError) {
+        console.error(
+          "[ClearNextSessionCookie] Failed to revoke refresh tokens:",
+          revokeError
+        );
+      }
+    }
+    return { success: true, message: "Session cleared successfully" };
+  } catch (error) {
+    console.error("Error clearing session:", error);
+    return { success: false, message: "Failed to clear session cookies" };
+  }
+}
+
+// src/tokens/ternSecureRequest.ts
+var import_cookie = require("cookie");
+
+// src/constants.ts
+var MAX_CACHE_LAST_UPDATED_AT_SECONDS = 5 * 60;
+var DEFAULT_CACHE_DURATION = 3600 * 1e3;
+var Attributes = {
+  AuthToken: "__ternsecureAuthToken",
+  AuthSignature: "__ternsecureAuthSignature",
+  AuthStatus: "__ternsecureAuthStatus",
+  AuthReason: "__ternsecureAuthReason",
+  AuthMessage: "__ternsecureAuthMessage",
+  TernSecureUrl: "__ternsecureUrl"
+};
+var Cookies = {
+  Session: "__session",
+  IdToken: "_tern",
+  SessionCookie: "_session_cookie",
+  SessionToken: "_session_token",
+  Refresh: "__refresh",
+  Handshake: "__ternsecure_handshake",
+  DevBrowser: "__ternsecure_db_jwt",
+  RedirectCount: "__ternsecure_redirect_count",
+  HandshakeNonce: "__ternsecure_handshake_nonce"
+};
+var Headers2 = {
+  Accept: "accept",
+  AuthMessage: "x-ternsecure-auth-message",
+  Authorization: "authorization",
+  AuthReason: "x-ternsecure-auth-reason",
+  AuthSignature: "x-ternsecure-auth-signature",
+  AuthStatus: "x-ternsecure-auth-status",
+  AuthToken: "x-ternsecure-auth-token",
+  CacheControl: "cache-control",
+  TernSecureRedirectTo: "x-ternsecure-redirect-to",
+  TernSecureRequestData: "x-ternsecure-request-data",
+  TernSecureUrl: "x-ternsecure-url",
+  CloudFrontForwardedProto: "cloudfront-forwarded-proto",
+  ContentType: "content-type",
+  ContentSecurityPolicy: "content-security-policy",
+  ContentSecurityPolicyReportOnly: "content-security-policy-report-only",
+  EnableDebug: "x-ternsecure-debug",
+  ForwardedHost: "x-forwarded-host",
+  ForwardedPort: "x-forwarded-port",
+  ForwardedProto: "x-forwarded-proto",
+  Host: "host",
+  Location: "location",
+  Nonce: "x-nonce",
+  Origin: "origin",
+  Referrer: "referer",
+  SecFetchDest: "sec-fetch-dest",
+  UserAgent: "user-agent",
+  ReportingEndpoints: "reporting-endpoints"
+};
+var ContentTypes = {
+  Json: "application/json"
+};
+var constants = {
+  Attributes,
+  Cookies,
+  Headers: Headers2,
+  ContentTypes
+};
+
+// src/tokens/ternUrl.ts
+var TernUrl = class extends URL {
+  isCrossOrigin(other) {
+    return this.origin !== new URL(other.toString()).origin;
+  }
+};
+var createTernUrl = (...args) => {
+  return new TernUrl(...args);
+};
+
+// src/tokens/ternSecureRequest.ts
+var TernSecureRequest = class extends Request {
+  ternUrl;
+  cookies;
+  constructor(input, init) {
+    const url = typeof input !== "string" && "url" in input ? input.url : String(input);
+    super(url, init || typeof input === "string" ? void 0 : input);
+    this.ternUrl = this.deriveUrlFromHeaders(this);
+    this.cookies = this.parseCookies(this);
+  }
+  toJSON() {
+    return {
+      url: this.ternUrl.href,
+      method: this.method,
+      headers: JSON.stringify(Object.fromEntries(this.headers)),
+      ternUrl: this.ternUrl.toString(),
+      cookies: JSON.stringify(Object.fromEntries(this.cookies))
+    };
+  }
+  deriveUrlFromHeaders(req) {
+    const initialUrl = new URL(req.url);
+    const forwardedProto = req.headers.get(constants.Headers.ForwardedProto);
+    const forwardedHost = req.headers.get(constants.Headers.ForwardedHost);
+    const host = req.headers.get(constants.Headers.Host);
+    const protocol = initialUrl.protocol;
+    const resolvedHost = this.getFirstValueFromHeader(forwardedHost) ?? host;
+    const resolvedProtocol = this.getFirstValueFromHeader(forwardedProto) ?? protocol?.replace(/[:/]/, "");
+    const origin = resolvedHost && resolvedProtocol ? `${resolvedProtocol}://${resolvedHost}` : initialUrl.origin;
+    if (origin === initialUrl.origin) {
+      return createTernUrl(initialUrl);
+    }
+    return createTernUrl(initialUrl.pathname + initialUrl.search, origin);
+  }
+  getFirstValueFromHeader(value) {
+    return value?.split(",")[0];
+  }
+  parseCookies(req) {
+    const cookiesRecord = (0, import_cookie.parse)(
+      this.decodeCookieValue(req.headers.get("cookie") || "")
+    );
+    return new Map(Object.entries(cookiesRecord));
+  }
+  decodeCookieValue(str) {
+    return str ? str.replace(/(%[0-9A-Z]{2})+/g, decodeURIComponent) : str;
+  }
+};
+var createTernSecureRequest = (...args) => {
+  return args[0] instanceof TernSecureRequest ? args[0] : new TernSecureRequest(...args);
+};
+
+// src/instance/backendInstance.ts
+var createBackendInstance = async (request) => {
+  const ternSecureRequest = createTernSecureRequest(request);
+  const requestState = await authenticateRequest(request);
+  return {
+    ternSecureRequest,
+    requestState
+  };
+};
+async function authenticateRequest(request) {
+  const sessionCookie = request.headers.get("cookie");
+  const sessionToken = sessionCookie?.split(";").find((c) => c.trim().startsWith("_session_cookie="))?.split("=")[1];
+  if (!sessionToken) {
+    throw new Error("No session token found");
+  }
+  const verificationResult = await VerifyNextTernSessionCookie(sessionToken);
+  if (!verificationResult.valid) {
+    throw new Error("Invalid session token");
+  }
+  return signedIn(
+    verificationResult,
+    new Headers(request.headers),
+    sessionToken
+  );
+}
+function signInAuthObject(session) {
+  return {
+    session,
+    userId: session.uid,
+    has: {}
+  };
+}
+function signedIn(session, headers = new Headers(), token) {
+  const authObject = signInAuthObject(session);
+  return {
+    auth: () => authObject,
+    token,
+    headers
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ClearNextSessionCookie,
+  CreateNextSessionCookie,
+  GetNextIdToken,
+  GetNextServerSessionCookie,
+  SetNextServerSession,
+  SetNextServerToken,
+  TernSecureTenantManager,
+  VerifyNextTernIdToken,
+  VerifyNextTernSessionCookie,
+  adminTernSecureAuth,
+  adminTernSecureDb,
+  authenticateRequest,
+  clearSessionCookie,
+  createBackendInstance,
+  createSessionCookie,
+  createTenant,
+  createTenantUser,
+  initializeAdminConfig,
+  signedIn
+});
+//# sourceMappingURL=index.js.map