@tern-secure/backend 1.2.0-canary.v20250919134427 → 1.2.0-canary.v20250926170202

package/dist/index.js

@@ -54,11 +54,10 @@ var Attributes = {
 };
 var Cookies = {
   Session: "__session",
-  IdToken: "_tern",
-  CsrfToken: "_session_terncf",
-  SessionCookie: "_session_cookie",
-  SessionToken: "_session_token",
-  Refresh: "__refresh",
+  CsrfToken: "__session_terncf",
+  IdToken: "FIREBASE_[DEFAULT]",
+  Refresh: "FIREBASEID_[DEFAULT]",
+  Custom: "__custom",
   Handshake: "__ternsecure_handshake",
   DevBrowser: "__ternsecure_db_jwt",
   RedirectCount: "__ternsecure_redirect_count",
@@ -243,10 +242,11 @@ function signedIn(sessionClaims, headers = new Headers(), token) {
     headers
   };
 }
-function signedOut(reason, headers = new Headers()) {
+function signedOut(reason, message = "", headers = new Headers()) {
   return decorateHeaders({
     status: AuthStatus.SignedOut,
     reason,
+    message,
     isSignedIn: false,
     auth: () => signedOutAuthObject(),
     token: null,
@@ -271,17 +271,111 @@ var decorateHeaders = (requestState) => {
   return requestState;
 };
 
-// src/api/endpoints/SessionApi.ts
-var rootPath = "/sessions";
-var SessionApi = class {
+// src/fireRestApi/endpoints/AbstractApi.ts
+var AbstractAPI = class {
   constructor(request) {
     this.request = request;
   }
-  async createSession(params) {
+  requireApiKey(apiKey) {
+    if (!apiKey) {
+      throw new Error("A valid API key is required.");
+    }
+  }
+};
+
+// src/fireRestApi/endpoints/EmailApi.ts
+var rootPath = "/customTokens";
+var EmailApi = class extends AbstractAPI {
+  async verifyEmailVerification(apiKey, params) {
+    this.requireApiKey(apiKey);
+    const { ...restParams } = params;
+    return this.request({
+      method: "POST",
+      path: `${rootPath}`,
+      bodyParams: restParams
+    });
+  }
+  async confirmEmailVerification(apiKey, params) {
+    this.requireApiKey(apiKey);
+    const { ...restParams } = params;
+    return this.request({
+      method: "POST",
+      path: `${rootPath}`,
+      bodyParams: restParams
+    });
+  }
+};
+
+// src/fireRestApi/endpoints/PasswordApi.ts
+var rootPath2 = "/customTokens";
+var PasswordApi = class extends AbstractAPI {
+  async verifyPasswordResetCode(apiKey, params) {
+    this.requireApiKey(apiKey);
+    const { ...restParams } = params;
     return this.request({
       method: "POST",
-      path: rootPath,
-      bodyParams: params
+      path: `${rootPath2}`,
+      bodyParams: restParams
+    });
+  }
+  async confirmPasswordReset(apiKey, params) {
+    this.requireApiKey(apiKey);
+    const { ...restParams } = params;
+    return this.request({
+      method: "POST",
+      path: `${rootPath2}`,
+      bodyParams: restParams
+    });
+  }
+  async changePassword(apiKey, params) {
+    this.requireApiKey(apiKey);
+    const { ...restParams } = params;
+    return this.request({
+      method: "POST",
+      path: `${rootPath2}`,
+      bodyParams: restParams
+    });
+  }
+};
+
+// src/fireRestApi/endpoints/SignInTokenApi.ts
+var rootPath3 = "/customTokens";
+var SignInTokenApi = class extends AbstractAPI {
+  async createCustomToken(apiKey, params) {
+    this.requireApiKey(apiKey);
+    const { ...restParams } = params;
+    return this.request({
+      method: "POST",
+      path: `${rootPath3}`,
+      bodyParams: restParams
+    });
+  }
+};
+
+// src/fireRestApi/endpoints/SignUpApi.ts
+var rootPath4 = "/customTokens";
+var SignUpApi = class extends AbstractAPI {
+  async createCustomToken(apiKey, params) {
+    this.requireApiKey(apiKey);
+    const { ...restParams } = params;
+    return this.request({
+      method: "POST",
+      path: `${rootPath4}`,
+      bodyParams: restParams
+    });
+  }
+};
+
+// src/fireRestApi/endpoints/TokenApi.ts
+var rootPath5 = "/sessions";
+var TokenApi = class extends AbstractAPI {
+  async refreshToken(apiKey, params) {
+    this.requireApiKey(apiKey);
+    const { ...restParams } = params;
+    return this.request({
+      method: "POST",
+      path: `${rootPath5}/refresh`,
+      bodyParams: restParams
     });
   }
 };
@@ -309,10 +403,10 @@ function joinPaths(...args) {
   return args.filter((p) => p).join(SEPARATOR).replace(MULTIPLE_SEPARATOR_REGEX, SEPARATOR);
 }
 
-// src/api/request.ts
+// src/fireRestApi/request.ts
 function createRequest(options) {
   const requestFn = async (requestOptions) => {
-    const { apiUrl, apiVersion } = options;
+    const { apiKey, apiUrl, apiVersion = "v1" } = options;
     const { path, method, queryParams, headerParams, bodyParams, formData } = requestOptions;
     const url = joinPaths(apiUrl, apiVersion, path);
     const finalUrl = new URL(url);
@@ -394,40 +488,18 @@ function parseError(error) {
   };
 }
 
-// src/api/createBackendApi.ts
-function createBackendApi(options) {
+// src/fireRestApi/createFireApi.ts
+function createFireApi(options) {
   const request = createRequest(options);
   return {
-    sessions: new SessionApi(request)
+    email: new EmailApi(request),
+    password: new PasswordApi(request),
+    signIn: new SignInTokenApi(request),
+    signUp: new SignUpApi(request),
+    tokens: new TokenApi(request)
   };
 }
 
-// src/utils/options.ts
-var defaultOptions = {
-  apiUrl: void 0,
-  apiVersion: void 0
-};
-function mergePreDefinedOptions(userOptions = {}) {
-  return {
-    ...defaultOptions,
-    ...userOptions
-  };
-}
-
-// src/tokens/sessionConfig.ts
-var getSessionConfig = (options) => {
-  const cookieConfig = options?.cookies?.session_cookie;
-  return {
-    COOKIE_NAME: cookieConfig?.name,
-    DEFAULT_EXPIRES_IN_MS: cookieConfig?.attributes?.maxAge,
-    DEFAULT_EXPIRES_IN_SECONDS: Math.floor((cookieConfig?.attributes?.maxAge || 0) / 1e3),
-    REVOKE_REFRESH_TOKENS_ON_SIGNOUT: cookieConfig?.revokeRefreshTokensOnSignOut
-  };
-};
-
-// src/jwt/verifyJwt.ts
-var import_jose2 = require("jose");
-
 // src/utils/errors.ts
 var TokenVerificationErrorReason = {
   TokenExpired: "token-expired",
@@ -463,6 +535,21 @@ var TokenVerificationError = class _TokenVerificationError extends Error {
   }
 };
 
+// src/utils/options.ts
+var defaultOptions = {
+  apiUrl: void 0,
+  apiVersion: void 0
+};
+function mergePreDefinedOptions(userOptions = {}) {
+  return {
+    ...defaultOptions,
+    ...userOptions
+  };
+}
+
+// src/jwt/verifyJwt.ts
+var import_jose2 = require("jose");
+
 // src/utils/rfc4648.ts
 var base64url = {
   parse(string, opts) {
@@ -851,7 +938,6 @@ async function verifyToken(token, options) {
 
 // src/tokens/request.ts
 var BEARER_PREFIX = "Bearer ";
-var AUTH_COOKIE_NAME = "_session_cookie";
 function extractTokenFromHeader(request) {
   const authHeader = request.headers.get("Authorization");
   if (!authHeader || !authHeader.startsWith(BEARER_PREFIX)) {
@@ -859,9 +945,8 @@ function extractTokenFromHeader(request) {
   }
   return authHeader.slice(BEARER_PREFIX.length);
 }
-function extractTokenFromCookie(request, opts) {
+function extractTokenFromCookie(request) {
   const cookieHeader = request.headers.get("Cookie") || void 0;
-  const sessionName = getSessionConfig(opts).COOKIE_NAME;
   if (!cookieHeader) {
     return null;
   }
@@ -873,35 +958,63 @@ function extractTokenFromCookie(request, opts) {
     },
     {}
   );
-  return cookies[AUTH_COOKIE_NAME] || null;
+  return cookies[constants.Cookies.Session] || null;
 }
 function hasAuthorizationHeader(request) {
   return request.headers.has("Authorization");
 }
 async function authenticateRequest(request, options) {
+  async function refreshToken() {
+    try {
+      const response = await options.apiClient?.tokens.refreshToken(options.firebaseConfig?.apiKey || "", {
+        format: "cookie",
+        refresh_token: "",
+        expired_token: "",
+        request_origin: options.apiUrl || ""
+      });
+    } catch (error) {
+      console.error("Error refreshing token:", error);
+    }
+  }
   async function authenticateRequestWithTokenInCookie() {
-    const token = extractTokenFromCookie(request, options);
+    const token = extractTokenFromCookie(request);
     if (!token) {
       return signedOut(AuthErrorReason.SessionTokenMissing);
     }
-    const { data, errors } = await verifyToken(token, options);
-    if (errors) {
-      throw errors[0];
+    try {
+      const { data, errors } = await verifyToken(token, options);
+      if (errors) {
+        throw errors[0];
+      }
+      const signedInRequestState = signedIn(data, void 0, token);
+      return signedInRequestState;
+    } catch (err) {
+      return handleError(err, "cookie");
     }
-    const signedInRequestState = signedIn(data, void 0, token);
-    return signedInRequestState;
   }
   async function authenticateRequestWithTokenInHeader() {
     const token = extractTokenFromHeader(request);
     if (!token) {
-      return signedOut(AuthErrorReason.SessionTokenMissing);
+      return signedOut(AuthErrorReason.SessionTokenMissing, "");
     }
-    const { data, errors } = await verifyToken(token, options);
-    if (errors) {
-      throw errors[0];
+    try {
+      const { data, errors } = await verifyToken(token, options);
+      if (errors) {
+        throw errors[0];
+      }
+      const signedInRequestState = signedIn(data, void 0, token);
+      return signedInRequestState;
+    } catch (err) {
+      return handleError(err, "header");
     }
-    const signedInRequestState = signedIn(data, void 0, token);
-    return signedInRequestState;
+  }
+  async function handleError(err, tokenCarrier) {
+    if (!(err instanceof TokenVerificationError)) {
+      return signedOut(AuthErrorReason.UnexpectedError);
+    }
+    let refreshError;
+    err.tokenCarrier = tokenCarrier;
+    return signedOut(err.reason, err.getFullMessage());
   }
   if (hasAuthorizationHeader(request)) {
     return authenticateRequestWithTokenInHeader();
@@ -923,7 +1036,7 @@ function createAuthenticateRequest(params) {
 // src/instance/backendInstanceEdge.ts
 function createBackendInstanceClient(options) {
   const opts = { ...options };
-  const apiClient = createBackendApi(opts);
+  const apiClient = createFireApi(opts);
   const requestState = createAuthenticateRequest({ options: opts, apiClient });
   return {
     ...apiClient,
@@ -947,7 +1060,7 @@ function mergePreDefinedOptions2(preDefinedOptions, options) {
   );
 }
 var BEARER_PREFIX2 = "Bearer ";
-var AUTH_COOKIE_NAME2 = "_session_cookie";
+var AUTH_COOKIE_NAME = "_session_cookie";
 function extractTokenFromHeader2(request) {
   const authHeader = request.headers.get("Authorization");
   if (!authHeader || !authHeader.startsWith(BEARER_PREFIX2)) {
@@ -955,9 +1068,8 @@ function extractTokenFromHeader2(request) {
   }
   return authHeader.slice(BEARER_PREFIX2.length);
 }
-function extractTokenFromCookie2(request, opts) {
+function extractTokenFromCookie2(request) {
   const cookieHeader = request.headers.get("Cookie") || void 0;
-  const sessionName = getSessionConfig(opts).COOKIE_NAME;
   if (!cookieHeader) {
     return null;
   }
@@ -969,14 +1081,14 @@ function extractTokenFromCookie2(request, opts) {
     },
     {}
   );
-  return cookies[AUTH_COOKIE_NAME2] || null;
+  return cookies[AUTH_COOKIE_NAME] || null;
 }
 function hasAuthorizationHeader2(request) {
   return request.headers.has("Authorization");
 }
 async function authenticateRequest2(request, options) {
   async function authenticateRequestWithTokenInCookie() {
-    const token = extractTokenFromCookie2(request, options);
+    const token = extractTokenFromCookie2(request);
     if (!token) {
       return signedOut(AuthErrorReason.SessionTokenMissing);
     }
@@ -1018,7 +1130,7 @@ function createFireAuthenticateRequest(params) {
 // src/instance/backendFireInstance.ts
 function createFireClient(options) {
   const opts = { ...options };
-  const apiClient = createBackendApi(opts);
+  const apiClient = createFireApi(opts);
   const requestState = createFireAuthenticateRequest({ options: opts });
   return {
     ...apiClient,