@tern-secure/backend 1.2.0-canary.v20250919134427 → 1.2.0-canary.v20251002175916

package/dist/admin/index.mjs

@@ -1,493 +1,26 @@
 import {
-  createTernSecureRequest,
-  getCookieOptions,
-  getSessionConfig
-} from "../chunk-ZIO4EKS5.mjs";
-
-// src/admin/sessionTernSecure.ts
-import { handleFirebaseAuthError } from "@tern-secure/shared/errors";
-
-// src/utils/admin-init.ts
-import admin from "firebase-admin";
-
-// src/utils/config.ts
-var loadAdminConfig = () => ({
-  projectId: process.env.FIREBASE_PROJECT_ID || "",
-  clientEmail: process.env.FIREBASE_CLIENT_EMAIL || "",
-  privateKey: process.env.FIREBASE_PRIVATE_KEY || ""
-});
-var validateAdminConfig = (config) => {
-  const requiredFields = [
-    "projectId",
-    "clientEmail",
-    "privateKey"
-  ];
-  const errors = [];
-  requiredFields.forEach((field) => {
-    if (!config[field]) {
-      errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`);
-    }
-  });
-  return {
-    isValid: errors.length === 0,
-    errors,
-    config
-  };
-};
-var initializeAdminConfig = () => {
-  const config = loadAdminConfig();
-  const validationResult = validateAdminConfig(config);
-  if (!validationResult.isValid) {
-    throw new Error(
-      `Firebase Admin configuration validation failed:
-${validationResult.errors.join("\n")}`
-    );
-  }
-  return config;
-};
-
-// src/utils/admin-init.ts
-if (!admin.apps.length) {
-  try {
-    const config = initializeAdminConfig();
-    admin.initializeApp({
-      credential: admin.credential.cert({
-        ...config,
-        privateKey: config.privateKey.replace(/\\n/g, "\n")
-      })
-    });
-  } catch (error) {
-    console.error("Firebase admin initialization error", error);
-  }
-}
-var adminTernSecureAuth = admin.auth();
-var adminTernSecureDb = admin.firestore();
-var TernSecureTenantManager = admin.auth().tenantManager();
-function getAuthForTenant(tenantId) {
-  if (tenantId) {
-    return TernSecureTenantManager.authForTenant(tenantId);
-  }
-  return admin.auth();
-}
-
-// src/admin/sessionTernSecure.ts
-var SESSION_CONSTANTS = {
-  COOKIE_NAME: "_session_cookie",
-  //DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1000, // 5 days
-  //DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5, // 5days
-  DEFAULT_EXPIRES_IN_MS: 5 * 60 * 1e3,
-  // 5 minutes
-  DEFAULT_EXPIRES_IN_SECONDS: 5 * 60,
-  REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
-};
-var COOKIE_OPTIONS = {
-  httpOnly: true,
-  secure: process.env.NODE_ENV === "production",
-  sameSite: "strict",
-  path: "/"
-};
-async function createSessionCookie(params, cookieStore, options) {
-  try {
-    const tenantAuth = getAuthForTenant(options?.tenantId);
-    const sessionConfig = getSessionConfig(options);
-    const cookieOptions = getCookieOptions(options);
-    let decodedToken;
-    let sessionCookie;
-    const idToken = typeof params === "string" ? params : params.idToken;
-    if (!idToken) {
-      const error = new Error("ID token is required for session creation");
-      console.error("[createSessionCookie] Missing ID token:", error);
-      return {
-        success: false,
-        message: "ID token is required",
-        error: "INVALID_TOKEN",
-        cookieSet: false
-      };
-    }
-    try {
-      console.log("Verifying ID token for tenant:", options?.tenantId);
-      decodedToken = await tenantAuth.verifyIdToken(idToken);
-    } catch (verifyError) {
-      console.error(
-        "[createSessionCookie] ID token verification failed:",
-        verifyError
-      );
-      const authError = handleFirebaseAuthError(verifyError);
-      return {
-        success: false,
-        message: authError.message,
-        error: authError.code,
-        cookieSet: false
-      };
-    }
-    if (!decodedToken) {
-      const error = new Error("Invalid ID token - verification returned null");
-      console.error(
-        "[createSessionCookie] Token verification returned null:",
-        error
-      );
-      return {
-        success: false,
-        message: "Invalid ID token",
-        error: "INVALID_TOKEN",
-        cookieSet: false
-      };
-    }
-    try {
-      sessionCookie = await tenantAuth.createSessionCookie(idToken, {
-        expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_MS
-      });
-    } catch (sessionError) {
-      console.error(
-        "[createSessionCookie] Firebase session cookie creation failed:",
-        sessionError
-      );
-      const authError = handleFirebaseAuthError(sessionError);
-      return {
-        success: false,
-        message: authError.message,
-        error: authError.code,
-        cookieSet: false
-      };
-    }
-    let cookieSetSuccessfully = false;
-    try {
-      cookieStore.set(SESSION_CONSTANTS.COOKIE_NAME, sessionCookie, {
-        maxAge: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,
-        ...COOKIE_OPTIONS
-      });
-      const verifySetCookie = await cookieStore.get(
-        SESSION_CONSTANTS.COOKIE_NAME
-      );
-      cookieSetSuccessfully = !!verifySetCookie?.value;
-      if (!cookieSetSuccessfully) {
-        const error = new Error("Session cookie was not set successfully");
-        console.error(
-          "[createSessionCookie] Cookie verification failed:",
-          error
-        );
-        throw error;
-      }
-    } catch (cookieError) {
-      console.error(
-        "[createSessionCookie] Failed to set session cookie:",
-        cookieError
-      );
-      return {
-        success: false,
-        message: "Failed to set session cookie",
-        error: "COOKIE_SET_FAILED",
-        cookieSet: false
-      };
-    }
-    console.log(
-      `[createSessionCookie] Session cookie created successfully for user: ${decodedToken.uid}`
-    );
-    return {
-      success: true,
-      message: "Session created successfully",
-      expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,
-      cookieSet: cookieSetSuccessfully
-    };
-  } catch (error) {
-    console.error("[createSessionCookie] Unexpected error:", error);
-    const authError = handleFirebaseAuthError(error);
-    return {
-      success: false,
-      message: authError.message || "Failed to create session",
-      error: authError.code || "INTERNAL_ERROR",
-      cookieSet: false
-    };
-  }
-}
-async function clearSessionCookie(cookieStore, options) {
-  try {
-    const adminAuth = getAuthForTenant(options?.tenantId);
-    const sessionCookie = await cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);
-    await cookieStore.delete(SESSION_CONSTANTS.COOKIE_NAME);
-    await cookieStore.delete("_session_token");
-    await cookieStore.delete("_session");
-    if (SESSION_CONSTANTS.REVOKE_REFRESH_TOKENS_ON_SIGNOUT && sessionCookie?.value) {
-      try {
-        const decodedClaims = await adminAuth.verifySessionCookie(
-          sessionCookie.value
-        );
-        await adminAuth.revokeRefreshTokens(decodedClaims.sub);
-        console.log(
-          `[clearSessionCookie] Successfully revoked tokens for user: ${decodedClaims.sub}`
-        );
-      } catch (revokeError) {
-        console.error(
-          "[clearSessionCookie] Failed to revoke refresh tokens:",
-          revokeError
-        );
-      }
-    }
-    console.log("[clearSessionCookie] Session cookies cleared successfully");
-    return {
-      success: true,
-      message: "Session cleared successfully",
-      cookieSet: false
-    };
-  } catch (error) {
-    console.error("[clearSessionCookie] Unexpected error:", error);
-    const authError = handleFirebaseAuthError(error);
-    return {
-      success: false,
-      message: authError.message || "Failed to clear session",
-      error: authError.code || "INTERNAL_ERROR",
-      cookieSet: false
-    };
-  }
-}
-
-// src/admin/tenant.ts
-async function createTenant(displayName, emailSignInConfig, multiFactorConfig) {
-  try {
-    const tenantConfig = {
-      displayName,
-      emailSignInConfig,
-      ...multiFactorConfig && { multiFactorConfig }
-    };
-    const tenant = await TernSecureTenantManager.createTenant(tenantConfig);
-    return {
-      success: true,
-      tenantId: tenant.tenantId,
-      displayName: tenant.displayName
-    };
-  } catch (error) {
-    console.error("Error creating tenant:", error);
-    throw new Error("Failed to create tenant");
-  }
-}
-async function createTenantUser(email, password, tenantId) {
-  try {
-    const tenantAuth = TernSecureTenantManager.authForTenant(tenantId);
-    const userRecord = await tenantAuth.createUser({
-      email,
-      password,
-      emailVerified: false,
-      disabled: false
-    });
-    return {
-      success: true,
-      message: "Tenant user created successfully",
-      user: userRecord.uid
-    };
-  } catch (error) {
-    console.error("Error creating tenant user:", error);
-    throw new Error("Failed to create tenant user");
-  }
-}
-
-// src/admin/nextSessionTernSecure.ts
-import { handleFirebaseAuthError as handleFirebaseAuthError2 } from "@tern-secure/shared/errors";
-import { cookies } from "next/headers";
-var SESSION_CONSTANTS2 = {
-  COOKIE_NAME: "_session_cookie",
-  DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1e3,
-  // 5 days
-  DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5,
-  REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
-};
-async function CreateNextSessionCookie(idToken) {
-  try {
-    const expiresIn = 60 * 60 * 24 * 5 * 1e3;
-    const sessionCookie = await adminTernSecureAuth.createSessionCookie(idToken, {
-      expiresIn
-    });
-    const cookieStore = await cookies();
-    cookieStore.set("_session_cookie", sessionCookie, {
-      maxAge: expiresIn,
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      path: "/"
-    });
-    return { success: true, message: "Session created" };
-  } catch (error) {
-    return { success: false, message: "Failed to create session" };
-  }
-}
-async function GetNextServerSessionCookie() {
-  const cookieStore = await cookies();
-  const sessionCookie = cookieStore.get("_session_cookie")?.value;
-  if (!sessionCookie) {
-    throw new Error("No session cookie found");
-  }
-  try {
-    const decondeClaims = await adminTernSecureAuth.verifySessionCookie(
-      sessionCookie,
-      true
-    );
-    return {
-      token: sessionCookie,
-      userId: decondeClaims.uid
-    };
-  } catch (error) {
-    console.error("Error verifying session:", error);
-    throw new Error("Invalid Session");
-  }
-}
-async function GetNextIdToken() {
-  const cookieStore = await cookies();
-  const token = cookieStore.get("_session_token")?.value;
-  if (!token) {
-    throw new Error("No session cookie found");
-  }
-  try {
-    const decodedClaims = await adminTernSecureAuth.verifyIdToken(token);
-    return {
-      token,
-      userId: decodedClaims.uid
-    };
-  } catch (error) {
-    console.error("Error verifying session:", error);
-    throw new Error("Invalid Session");
-  }
-}
-async function SetNextServerSession(token) {
-  try {
-    const cookieStore = await cookies();
-    cookieStore.set("_session_token", token, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      sameSite: "strict",
-      maxAge: 60 * 60,
-      // 1 hour
-      path: "/"
-    });
-    return { success: true, message: "Session created" };
-  } catch {
-    return { success: false, message: "Failed to create session" };
-  }
-}
-async function SetNextServerToken(token) {
-  try {
-    const cookieStore = await cookies();
-    cookieStore.set("_tern", token, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      sameSite: "strict",
-      maxAge: 60 * 60,
-      // 1 hour
-      path: "/"
-    });
-    return { success: true, message: "Session created" };
-  } catch {
-    return { success: false, message: "Failed to create session" };
-  }
-}
-async function VerifyNextTernIdToken(token) {
-  try {
-    const decodedToken = await adminTernSecureAuth.verifyIdToken(token);
-    return {
-      ...decodedToken,
-      valid: true
-    };
-  } catch (error) {
-    console.error("[VerifyNextTernIdToken] Error verifying session:", error);
-    const authError = handleFirebaseAuthError2(error);
-    return {
-      valid: false,
-      error: authError
-    };
-  }
-}
-async function VerifyNextTernSessionCookie(session) {
-  try {
-    const res = await adminTernSecureAuth.verifySessionCookie(session);
-    console.warn(
-      "[VerifyNextTernSessionCookie] uid in Decoded Token:",
-      res.uid
-    );
-    return {
-      valid: true,
-      ...res
-    };
-  } catch (error) {
-    console.error(
-      "[VerifyNextTernSessionCookie] Error verifying session:",
-      error
-    );
-    const authError = handleFirebaseAuthError2(error);
-    return {
-      valid: false,
-      error: authError
-    };
-  }
-}
-async function ClearNextSessionCookie(tenantId) {
-  try {
-    console.log("[clearSessionCookie] Clearing session for tenant:", tenantId);
-    const tenantAuth = getAuthForTenant(tenantId);
-    const cookieStore = await cookies();
-    const sessionCookie = cookieStore.get(SESSION_CONSTANTS2.COOKIE_NAME);
-    cookieStore.delete(SESSION_CONSTANTS2.COOKIE_NAME);
-    cookieStore.delete("_session_token");
-    cookieStore.delete("_session");
-    if (SESSION_CONSTANTS2.REVOKE_REFRESH_TOKENS_ON_SIGNOUT && sessionCookie?.value) {
-      try {
-        const decodedClaims = await tenantAuth.verifySessionCookie(
-          sessionCookie.value
-        );
-        await tenantAuth.revokeRefreshTokens(decodedClaims.sub);
-        console.log(
-          `[clearSessionCookie] Successfully revoked tokens for user: ${decodedClaims.sub}`
-        );
-      } catch (revokeError) {
-        console.error(
-          "[ClearNextSessionCookie] Failed to revoke refresh tokens:",
-          revokeError
-        );
-      }
-    }
-    return { success: true, message: "Session cleared successfully" };
-  } catch (error) {
-    console.error("Error clearing session:", error);
-    return { success: false, message: "Failed to clear session cookies" };
-  }
-}
-
-// src/instance/backendInstance.ts
-var createBackendInstance = async (request) => {
-  const ternSecureRequest = createTernSecureRequest(request);
-  const requestState = await authenticateRequest(request);
-  return {
-    ternSecureRequest,
-    requestState
-  };
-};
-async function authenticateRequest(request) {
-  const sessionCookie = request.headers.get("cookie");
-  const sessionToken = sessionCookie?.split(";").find((c) => c.trim().startsWith("_session_cookie="))?.split("=")[1];
-  if (!sessionToken) {
-    throw new Error("No session token found");
-  }
-  const verificationResult = await VerifyNextTernSessionCookie(sessionToken);
-  if (!verificationResult.valid) {
-    throw new Error("Invalid session token");
-  }
-  return signedIn(
-    verificationResult,
-    new Headers(request.headers),
-    sessionToken
-  );
-}
-function signInAuthObject(session) {
-  return {
-    session,
-    userId: session.uid,
-    has: {}
-  };
-}
-function signedIn(session, headers = new Headers(), token) {
-  const authObject = signInAuthObject(session);
-  return {
-    auth: () => authObject,
-    token,
-    headers
-  };
-}
+  ClearNextSessionCookie,
+  CreateNextSessionCookie,
+  GetNextIdToken,
+  GetNextServerSessionCookie,
+  SetNextServerSession,
+  SetNextServerToken,
+  TernSecureTenantManager,
+  VerifyNextTernIdToken,
+  VerifyNextTernSessionCookie,
+  adminTernSecureAuth,
+  adminTernSecureDb,
+  authenticateRequest,
+  clearSessionCookie,
+  createBackendInstance,
+  createCustomTokenClaims,
+  createSessionCookie,
+  createTenant,
+  createTenantUser,
+  initializeAdminConfig,
+  signedIn
+} from "../chunk-NEPV6OWI.mjs";
+import "../chunk-4SGWLAJG.mjs";
 export {
   ClearNextSessionCookie,
   CreateNextSessionCookie,
@@ -503,6 +36,7 @@ export {
   authenticateRequest,
   clearSessionCookie,
   createBackendInstance,
+  createCustomTokenClaims,
   createSessionCookie,
   createTenant,
   createTenantUser,

package/dist/admin/index.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/admin/sessionTernSecure.ts","../../src/utils/admin-init.ts","../../src/utils/config.ts","../../src/admin/tenant.ts","../../src/admin/nextSessionTernSecure.ts","../../src/instance/backendInstance.ts"],"sourcesContent":["\"use server\";\r\n\r\nimport { handleFirebaseAuthError } from \"@tern-secure/shared/errors\";\r\nimport type {\r\n  CookieStore,\r\n  SessionParams,\r\n  SessionResult,\r\n} from \"@tern-secure/types\";\r\n\r\nimport { getCookieOptions, getSessionConfig } from \"../tokens/sessionConfig\";\r\nimport type { RequestOptions } from \"../tokens/types\";\r\nimport {  getAuthForTenant } from \"../utils/admin-init\";\r\n\r\nconst SESSION_CONSTANTS = {\r\n  COOKIE_NAME: \"_session_cookie\",\r\n  //DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1000, // 5 days\r\n  //DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5, // 5days\r\n  DEFAULT_EXPIRES_IN_MS: 5 * 60 * 1000, // 5 minutes\r\n  DEFAULT_EXPIRES_IN_SECONDS: 5 * 60,\r\n  REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true,\r\n} as const;\r\n\r\nconst COOKIE_OPTIONS = {\r\n  httpOnly: true,\r\n  secure: process.env.NODE_ENV === \"production\",\r\n  sameSite: \"strict\" as const,\r\n  path: \"/\",\r\n} as const;\r\n\r\n\r\nexport async function createSessionCookie(\r\n  params: SessionParams | string,\r\n  cookieStore: CookieStore,\r\n  options?: RequestOptions\r\n): Promise<SessionResult> {\r\n  try {\r\n    const tenantAuth = getAuthForTenant(options?.tenantId);\r\n\r\n    const sessionConfig = getSessionConfig(options);\r\n    const cookieOptions = getCookieOptions(options);\r\n    \r\n    let decodedToken;\r\n    let sessionCookie;\r\n\r\n    const idToken = typeof params === \"string\" ? params : params.idToken;\r\n\r\n    if (!idToken) {\r\n      const error = new Error(\"ID token is required for session creation\");\r\n      console.error(\"[createSessionCookie] Missing ID token:\", error);\r\n      return {\r\n        success: false,\r\n        message: \"ID token is required\",\r\n        error: \"INVALID_TOKEN\",\r\n        cookieSet: false,\r\n      };\r\n    }\r\n\r\n    try {\r\n      console.log(\"Verifying ID token for tenant:\", options?.tenantId);\r\n      decodedToken = await tenantAuth.verifyIdToken(idToken);\r\n    } catch (verifyError) {\r\n      console.error(\r\n        \"[createSessionCookie] ID token verification failed:\",\r\n        verifyError\r\n      );\r\n      const authError = handleFirebaseAuthError(verifyError);\r\n      return {\r\n        success: false,\r\n        message: authError.message,\r\n        error: authError.code,\r\n        cookieSet: false,\r\n      };\r\n    }\r\n\r\n    if (!decodedToken) {\r\n      const error = new Error(\"Invalid ID token - verification returned null\");\r\n      console.error(\r\n        \"[createSessionCookie] Token verification returned null:\",\r\n        error\r\n      );\r\n      return {\r\n        success: false,\r\n        message: \"Invalid ID token\",\r\n        error: \"INVALID_TOKEN\",\r\n        cookieSet: false,\r\n      };\r\n    }\r\n\r\n    try {\r\n      sessionCookie = await tenantAuth.createSessionCookie(idToken, {\r\n        expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_MS,\r\n      });\r\n    } catch (sessionError) {\r\n      console.error(\r\n        \"[createSessionCookie] Firebase session cookie creation failed:\",\r\n        sessionError\r\n      );\r\n      const authError = handleFirebaseAuthError(sessionError);\r\n      return {\r\n        success: false,\r\n        message: authError.message,\r\n        error: authError.code,\r\n        cookieSet: false,\r\n      };\r\n    }\r\n\r\n    // Set the cookie and verify it was set\r\n    let cookieSetSuccessfully = false;\r\n    try {\r\n      //const cookieStore = await cookies();\r\n      cookieStore.set(SESSION_CONSTANTS.COOKIE_NAME, sessionCookie, {\r\n        maxAge: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,\r\n        ...COOKIE_OPTIONS,\r\n      });\r\n\r\n      // Verify the cookie was actually set\r\n      const verifySetCookie = await cookieStore.get(\r\n        SESSION_CONSTANTS.COOKIE_NAME\r\n      );\r\n      cookieSetSuccessfully = !!verifySetCookie?.value;\r\n\r\n      if (!cookieSetSuccessfully) {\r\n        const error = new Error(\"Session cookie was not set successfully\");\r\n        console.error(\r\n          \"[createSessionCookie] Cookie verification failed:\",\r\n          error\r\n        );\r\n        throw error;\r\n      }\r\n    } catch (cookieError) {\r\n      console.error(\r\n        \"[createSessionCookie] Failed to set session cookie:\",\r\n        cookieError\r\n      );\r\n      return {\r\n        success: false,\r\n        message: \"Failed to set session cookie\",\r\n        error: \"COOKIE_SET_FAILED\",\r\n        cookieSet: false,\r\n      };\r\n    }\r\n\r\n    console.log(\r\n      `[createSessionCookie] Session cookie created successfully for user: ${decodedToken.uid}`\r\n    );\r\n    return {\r\n      success: true,\r\n      message: \"Session created successfully\",\r\n      expiresIn: SESSION_CONSTANTS.DEFAULT_EXPIRES_IN_SECONDS,\r\n      cookieSet: cookieSetSuccessfully,\r\n    };\r\n  } catch (error) {\r\n    console.error(\"[createSessionCookie] Unexpected error:\", error);\r\n    const authError = handleFirebaseAuthError(error);\r\n    return {\r\n      success: false,\r\n      message: authError.message || \"Failed to create session\",\r\n      error: authError.code || \"INTERNAL_ERROR\",\r\n      cookieSet: false,\r\n    };\r\n  }\r\n}\r\n\r\nexport async function clearSessionCookie(\r\n  cookieStore: CookieStore,\r\n  options?: RequestOptions\r\n): Promise<SessionResult> {\r\n  try {\r\n    const adminAuth = getAuthForTenant(options?.tenantId);\r\n    const sessionCookie = await cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);\r\n\r\n    await cookieStore.delete(SESSION_CONSTANTS.COOKIE_NAME);\r\n    await cookieStore.delete(\"_session_token\");\r\n    await cookieStore.delete(\"_session\");\r\n\r\n    if (\r\n      SESSION_CONSTANTS.REVOKE_REFRESH_TOKENS_ON_SIGNOUT &&\r\n      sessionCookie?.value\r\n    ) {\r\n      try {\r\n        const decodedClaims = await adminAuth.verifySessionCookie(\r\n          sessionCookie.value\r\n        );\r\n        await adminAuth.revokeRefreshTokens(decodedClaims.sub);\r\n        console.log(\r\n          `[clearSessionCookie] Successfully revoked tokens for user: ${decodedClaims.sub}`\r\n        );\r\n      } catch (revokeError) {\r\n        console.error(\r\n          \"[clearSessionCookie] Failed to revoke refresh tokens:\",\r\n          revokeError\r\n        );\r\n      }\r\n    }\r\n\r\n    console.log(\"[clearSessionCookie] Session cookies cleared successfully\");\r\n    return {\r\n      success: true,\r\n      message: \"Session cleared successfully\",\r\n      cookieSet: false,\r\n    };\r\n  } catch (error) {\r\n    console.error(\"[clearSessionCookie] Unexpected error:\", error);\r\n    const authError = handleFirebaseAuthError(error);\r\n    return {\r\n      success: false,\r\n      message: authError.message || \"Failed to clear session\",\r\n      error: authError.code || \"INTERNAL_ERROR\",\r\n      cookieSet: false,\r\n    };\r\n  }\r\n}\r\n\r\nexport async function createCustomToken(uid: string, options?: RequestOptions): Promise<string | null> {\r\n  const adminAuth = getAuthForTenant(options?.tenantId);\r\n  try {\r\n    const customToken = await adminAuth.createCustomToken(uid);\r\n    return customToken;\r\n  } catch (error) {\r\n    console.error(\"[createCustomToken] Error creating custom token:\", error);\r\n    return null;\r\n  }\r\n}\r\n","import admin from 'firebase-admin';\r\n\r\nimport { initializeAdminConfig } from './config';\r\n\r\nif (!admin.apps.length) {\r\n  try {\r\n    const config = initializeAdminConfig();\r\n    admin.initializeApp({\r\n      credential: admin.credential.cert({\r\n        ...config,\r\n        privateKey: config.privateKey.replace(/\\\\n/g, '\\n'),\r\n      }),\r\n    });\r\n  } catch (error) {\r\n    console.error('Firebase admin initialization error', error);\r\n  }\r\n}\r\n\r\nexport const adminTernSecureAuth: admin.auth.Auth = admin.auth();\r\nexport const adminTernSecureDb: admin.firestore.Firestore = admin.firestore();\r\nexport const TernSecureTenantManager: admin.auth.TenantManager = admin.auth().tenantManager();\r\n\r\n/**\r\n * Gets the appropriate Firebase Auth instance.\r\n * If a tenantId is provided, it returns the Auth instance for that tenant.\r\n * Otherwise, it returns the default project-level Auth instance.\r\n * @param tenantId - The optional tenant ID.\r\n * @returns An admin.auth.Auth instance.\r\n */\r\nexport function getAuthForTenant(tenantId?: string): admin.auth.Auth {\r\n  if (tenantId) {\r\n    return TernSecureTenantManager.authForTenant(tenantId) as unknown as admin.auth.Auth;\r\n  }\r\n  return admin.auth();\r\n}","import type { \r\n  AdminConfigValidationResult, \r\n  ConfigValidationResult, \r\n  TernSecureAdminConfig, \r\n  TernSecureConfig} from '@tern-secure/types'\r\n\r\n/**\r\n * Loads Firebase configuration from environment variables\r\n * @returns {TernSecureConfig} Firebase configuration object\r\n */\r\nexport const loadFireConfig = (): TernSecureConfig => ({\r\n  apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\r\n  authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\r\n  projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\r\n  storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\r\n  messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\r\n  appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\r\n  measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID || undefined,\r\n})\r\n\r\n/**\r\n * Validates Firebase configuration\r\n * @param {TernSecureConfig} config - Firebase configuration object\r\n * @throws {Error} If required configuration values are missing\r\n * @returns {TernSecureConfig} Validated configuration object\r\n */\r\nexport const validateConfig = (config: TernSecureConfig): ConfigValidationResult => {\r\n  const requiredFields: (keyof TernSecureConfig)[] = [\r\n    'apiKey',\r\n    'authDomain',\r\n    'projectId',\r\n    'storageBucket',\r\n    'messagingSenderId',\r\n    'appId'\r\n  ]\r\n\r\n  const errors: string[] = []\r\n  \r\n  requiredFields.forEach(field => {\r\n    if (!config[field]) {\r\n      errors.push(`Missing required field: NEXT_PUBLIC_FIREBASE_${String(field).toUpperCase()}`)\r\n    }\r\n  })\r\n\r\n  return {\r\n    isValid: errors.length === 0,\r\n    errors,\r\n    config\r\n  }\r\n}\r\n\r\n/**\r\n * Initializes configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeConfig = (): TernSecureConfig => {\r\n  const config = loadFireConfig()\r\n  const validationResult = validateConfig(config)\r\n\r\n  if (!validationResult.isValid) {\r\n    throw new Error(\r\n      `Firebase configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n    )\r\n  }\r\n\r\n  return config\r\n}\r\n\r\n/**\r\n * Loads Firebase Admin configuration from environment variables\r\n * @returns {AdminConfig} Firebase Admin configuration object\r\n */\r\nexport const loadAdminConfig = (): TernSecureAdminConfig => ({\r\n  projectId: process.env.FIREBASE_PROJECT_ID || '',\r\n  clientEmail: process.env.FIREBASE_CLIENT_EMAIL || '',\r\n  privateKey: process.env.FIREBASE_PRIVATE_KEY || '',\r\n})\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateAdminConfig = (config: TernSecureAdminConfig): AdminConfigValidationResult => {\r\n  const requiredFields: (keyof TernSecureAdminConfig)[] = [\r\n    'projectId',\r\n    'clientEmail',\r\n    'privateKey'\r\n  ]\r\n\r\n  const errors: string[] = []\r\n  \r\n  requiredFields.forEach(field => {\r\n    if (!config[field]) {\r\n      errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`)\r\n    }\r\n  })\r\n\r\n  return {\r\n    isValid: errors.length === 0,\r\n    errors,\r\n    config\r\n  }\r\n}\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeAdminConfig = (): TernSecureAdminConfig => {\r\n  const config = loadAdminConfig()\r\n  const validationResult = validateAdminConfig(config)\r\n\r\n  if (!validationResult.isValid) {\r\n    throw new Error(\r\n      `Firebase Admin configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n    )\r\n  }\r\n\r\n  return config\r\n}","import type { SignInResponse } from '@tern-secure/types';\r\n\r\nimport { TernSecureTenantManager } from \"../utils/admin-init\";\r\n\r\n\r\nexport async function createTenant(\r\n  displayName: string,\r\n  emailSignInConfig: {\r\n    enabled: boolean;\r\n    passwordRequired: boolean;\r\n  },\r\n  multiFactorConfig?: {\r\n    state: 'ENABLED' | 'DISABLED';\r\n    factorIds: \"phone\"[];\r\n    testPhoneNumbers?: {\r\n        [phoneNumber: string]: string;\r\n    }\r\n  }\r\n) {\r\n  try {\r\n    const tenantConfig = {\r\n      displayName,\r\n      emailSignInConfig,\r\n      ...(multiFactorConfig && { multiFactorConfig })\r\n    };\r\n\r\n    const tenant = await TernSecureTenantManager.createTenant(tenantConfig);\r\n    \r\n    return {\r\n      success: true,\r\n      tenantId: tenant.tenantId,\r\n      displayName: tenant.displayName,\r\n    };\r\n  } catch (error) {\r\n    console.error('Error creating tenant:', error);\r\n    throw new Error('Failed to create tenant');\r\n  }\r\n}\r\n\r\nexport async function createTenantUser(\r\n  email: string,\r\n  password: string,\r\n  tenantId: string\r\n): Promise<SignInResponse> {\r\n  try {\r\n    const tenantAuth = TernSecureTenantManager.authForTenant(tenantId);\r\n    \r\n    const userRecord = await tenantAuth.createUser({\r\n      email,\r\n      password,\r\n      emailVerified: false,\r\n      disabled: false\r\n    });\r\n\r\n    return {\r\n      success: true,\r\n      message: 'Tenant user created successfully',\r\n      user: userRecord.uid,\r\n    };\r\n  } catch (error) {\r\n    console.error('Error creating tenant user:', error);\r\n    throw new Error('Failed to create tenant user');\r\n  }\r\n}\r\n","\"use server\";\n\nimport { handleFirebaseAuthError } from \"@tern-secure/shared/errors\";\nimport type { TernVerificationResult } from \"@tern-secure/types\";\nimport { cookies } from \"next/headers\";\n\nimport { adminTernSecureAuth as adminAuth, getAuthForTenant } from \"../utils/admin-init\";\n\n\nconst SESSION_CONSTANTS = {\n  COOKIE_NAME: \"_session_cookie\",\n  DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1000, // 5 days\n  DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5,\n  REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true,\n} as const;\n\nexport async function CreateNextSessionCookie(idToken: string) {\n  try {\n    const expiresIn = 60 * 60 * 24 * 5 * 1000;\n    const sessionCookie = await adminAuth.createSessionCookie(idToken, {\n      expiresIn,\n    });\n\n    const cookieStore = await cookies();\n    cookieStore.set(\"_session_cookie\", sessionCookie, {\n      maxAge: expiresIn,\n      httpOnly: true,\n      secure: process.env.NODE_ENV === \"production\",\n      path: \"/\",\n    });\n    return { success: true, message: \"Session created\" };\n  } catch (error) {\n    return { success: false, message: \"Failed to create session\" };\n  }\n}\n\nexport async function GetNextServerSessionCookie() {\n  const cookieStore = await cookies();\n  const sessionCookie = cookieStore.get(\"_session_cookie\")?.value;\n\n  if (!sessionCookie) {\n    throw new Error(\"No session cookie found\");\n  }\n\n  try {\n    const decondeClaims = await adminAuth.verifySessionCookie(\n      sessionCookie,\n      true\n    );\n    return {\n      token: sessionCookie,\n      userId: decondeClaims.uid,\n    };\n  } catch (error) {\n    console.error(\"Error verifying session:\", error);\n    throw new Error(\"Invalid Session\");\n  }\n}\n\nexport async function GetNextIdToken() {\n  const cookieStore = await cookies();\n  const token = cookieStore.get(\"_session_token\")?.value;\n\n  if (!token) {\n    throw new Error(\"No session cookie found\");\n  }\n\n  try {\n    const decodedClaims = await adminAuth.verifyIdToken(token);\n    return {\n      token: token,\n      userId: decodedClaims.uid,\n    };\n  } catch (error) {\n    console.error(\"Error verifying session:\", error);\n    throw new Error(\"Invalid Session\");\n  }\n}\n\nexport async function SetNextServerSession(token: string) {\n  try {\n    const cookieStore = await cookies();\n    cookieStore.set(\"_session_token\", token, {\n      httpOnly: true,\n      secure: process.env.NODE_ENV === \"production\",\n      sameSite: \"strict\",\n      maxAge: 60 * 60, // 1 hour\n      path: \"/\",\n    });\n    return { success: true, message: \"Session created\" };\n  } catch {\n    return { success: false, message: \"Failed to create session\" };\n  }\n}\n\nexport async function SetNextServerToken(token: string) {\n  try {\n    const cookieStore = await cookies();\n    cookieStore.set(\"_tern\", token, {\n      httpOnly: true,\n      secure: process.env.NODE_ENV === \"production\",\n      sameSite: \"strict\",\n      maxAge: 60 * 60, // 1 hour\n      path: \"/\",\n    });\n    return { success: true, message: \"Session created\" };\n  } catch {\n    return { success: false, message: \"Failed to create session\" };\n  }\n}\n\nexport async function VerifyNextTernIdToken(\n  token: string\n): Promise<TernVerificationResult> {\n  try {\n    const decodedToken = await adminAuth.verifyIdToken(token);\n    return {\n      ...decodedToken,\n      valid: true,\n    };\n  } catch (error) {\n    console.error(\"[VerifyNextTernIdToken] Error verifying session:\", error);\n    const authError = handleFirebaseAuthError(error);\n    return {\n      valid: false,\n      error: authError,\n    };\n  }\n}\n\nexport async function VerifyNextTernSessionCookie(\n  session: string\n): Promise<TernVerificationResult> {\n  try {\n    const res = await adminAuth.verifySessionCookie(session);\n    console.warn(\n      \"[VerifyNextTernSessionCookie] uid in Decoded Token:\",\n      res.uid\n    );\n    return {\n      valid: true,\n      ...res,\n    };\n  } catch (error) {\n    console.error(\n      \"[VerifyNextTernSessionCookie] Error verifying session:\",\n      error\n    );\n    const authError = handleFirebaseAuthError(error);\n    return {\n      valid: false,\n      error: authError,\n    };\n  }\n}\n\nexport async function ClearNextSessionCookie(tenantId?: string) {\n  try {\n    console.log(\"[clearSessionCookie] Clearing session for tenant:\", tenantId);\n    const tenantAuth = getAuthForTenant(tenantId);\n    const cookieStore = await cookies();\n    const sessionCookie = cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);\n\n    cookieStore.delete(SESSION_CONSTANTS.COOKIE_NAME);\n    cookieStore.delete(\"_session_token\");\n    cookieStore.delete(\"_session\");\n\n    if (\n      SESSION_CONSTANTS.REVOKE_REFRESH_TOKENS_ON_SIGNOUT &&\n      sessionCookie?.value\n    ) {\n      try {\n        const decodedClaims = await tenantAuth.verifySessionCookie(\n          sessionCookie.value\n        );\n        await tenantAuth.revokeRefreshTokens(decodedClaims.sub);\n        console.log(\n          `[clearSessionCookie] Successfully revoked tokens for user: ${decodedClaims.sub}`\n        );\n      } catch (revokeError) {\n        console.error(\n          \"[ClearNextSessionCookie] Failed to revoke refresh tokens:\",\n          revokeError\n        );\n      }\n    }\n    return { success: true, message: \"Session cleared successfully\" };\n  } catch (error) {\n    console.error(\"Error clearing session:\", error);\n    return { success: false, message: \"Failed to clear session cookies\" };\n  }\n}\n","import type { CheckCustomClaims, DecodedIdToken,SharedSignInAuthObjectProperties } from \"@tern-secure/types\";\n\nimport { VerifyNextTernSessionCookie } from \"../admin/nextSessionTernSecure\";\nimport type { TernSecureRequest} from \"../tokens/ternSecureRequest\";\nimport { createTernSecureRequest } from \"../tokens/ternSecureRequest\";\n\nexport type SignInAuthObject = SharedSignInAuthObjectProperties & {\n  has: CheckCustomClaims\n}\n\nexport type SignInState = {\n  auth: () => SignInAuthObject\n  token: string\n  headers: Headers\n}\n\nexport type RequestState = SignInState\n\nexport interface BackendInstance {\n  ternSecureRequest: TernSecureRequest;\n  requestState: RequestState;\n}\n\nexport const createBackendInstance = async (request: Request): Promise<BackendInstance> => {\n  const ternSecureRequest = createTernSecureRequest(request);\n  const requestState = await authenticateRequest(request);\n  \n  return {\n    ternSecureRequest,\n    requestState,\n  };\n};\n\nexport async function authenticateRequest(request: Request): Promise<RequestState> {\n  const sessionCookie = request.headers.get('cookie');\n  const sessionToken = sessionCookie?.split(';')\n    .find(c => c.trim().startsWith('_session_cookie='))\n    ?.split('=')[1];\n  \n  if (!sessionToken) {\n    throw new Error(\"No session token found\");\n  }\n\n  const verificationResult = await VerifyNextTernSessionCookie(sessionToken);\n\n  if (!verificationResult.valid) {\n    throw new Error(\"Invalid session token\");\n  }\n\n  return signedIn(\n    verificationResult as DecodedIdToken,\n    new Headers(request.headers),\n    sessionToken\n  );\n}\n\nexport function signInAuthObject(\n  session: DecodedIdToken,\n): SignInAuthObject {\n  return {\n    session,\n    userId: session.uid,\n    has: {} as CheckCustomClaims,\n  };\n}\n\nexport function signedIn(\n  session: DecodedIdToken,\n  headers: Headers = new Headers(),\n  token: string\n): SignInState {\n  const authObject = signInAuthObject(session);\n  return {\n    auth: () => authObject,\n    token,\n    headers,\n  };\n}\n"],"mappings":";;;;;;;AAEA,SAAS,+BAA+B;;;ACFxC,OAAO,WAAW;;;ACwEX,IAAM,kBAAkB,OAA8B;AAAA,EAC3D,WAAW,QAAQ,IAAI,uBAAuB;AAAA,EAC9C,aAAa,QAAQ,IAAI,yBAAyB;AAAA,EAClD,YAAY,QAAQ,IAAI,wBAAwB;AAClD;AAOO,IAAM,sBAAsB,CAAC,WAA+D;AACjG,QAAM,iBAAkD;AAAA,IACtD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,oCAAoC,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC/E;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,IAAM,wBAAwB,MAA6B;AAChE,QAAM,SAAS,gBAAgB;AAC/B,QAAM,mBAAmB,oBAAoB,MAAM;AAEnD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAoD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACxF;AAAA,EACF;AAEA,SAAO;AACT;;;ADpHA,IAAI,CAAC,MAAM,KAAK,QAAQ;AACtB,MAAI;AACF,UAAM,SAAS,sBAAsB;AACrC,UAAM,cAAc;AAAA,MAClB,YAAY,MAAM,WAAW,KAAK;AAAA,QAChC,GAAG;AAAA,QACH,YAAY,OAAO,WAAW,QAAQ,QAAQ,IAAI;AAAA,MACpD,CAAC;AAAA,IACH,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,uCAAuC,KAAK;AAAA,EAC5D;AACF;AAEO,IAAM,sBAAuC,MAAM,KAAK;AACxD,IAAM,oBAA+C,MAAM,UAAU;AACrE,IAAM,0BAAoD,MAAM,KAAK,EAAE,cAAc;AASrF,SAAS,iBAAiB,UAAoC;AACnE,MAAI,UAAU;AACZ,WAAO,wBAAwB,cAAc,QAAQ;AAAA,EACvD;AACA,SAAO,MAAM,KAAK;AACpB;;;ADrBA,IAAM,oBAAoB;AAAA,EACxB,aAAa;AAAA;AAAA;AAAA,EAGb,uBAAuB,IAAI,KAAK;AAAA;AAAA,EAChC,4BAA4B,IAAI;AAAA,EAChC,kCAAkC;AACpC;AAEA,IAAM,iBAAiB;AAAA,EACrB,UAAU;AAAA,EACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,MAAM;AACR;AAGA,eAAsB,oBACpB,QACA,aACA,SACwB;AACxB,MAAI;AACF,UAAM,aAAa,iBAAiB,SAAS,QAAQ;AAErD,UAAM,gBAAgB,iBAAiB,OAAO;AAC9C,UAAM,gBAAgB,iBAAiB,OAAO;AAE9C,QAAI;AACJ,QAAI;AAEJ,UAAM,UAAU,OAAO,WAAW,WAAW,SAAS,OAAO;AAE7D,QAAI,CAAC,SAAS;AACZ,YAAM,QAAQ,IAAI,MAAM,2CAA2C;AACnE,cAAQ,MAAM,2CAA2C,KAAK;AAC9D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,OAAO;AAAA,QACP,WAAW;AAAA,MACb;AAAA,IACF;AAEA,QAAI;AACF,cAAQ,IAAI,kCAAkC,SAAS,QAAQ;AAC/D,qBAAe,MAAM,WAAW,cAAc,OAAO;AAAA,IACvD,SAAS,aAAa;AACpB,cAAQ;AAAA,QACN;AAAA,QACA;AAAA,MACF;AACA,YAAM,YAAY,wBAAwB,WAAW;AACrD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,QACjB,WAAW;AAAA,MACb;AAAA,IACF;AAEA,QAAI,CAAC,cAAc;AACjB,YAAM,QAAQ,IAAI,MAAM,+CAA+C;AACvE,cAAQ;AAAA,QACN;AAAA,QACA;AAAA,MACF;AACA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,OAAO;AAAA,QACP,WAAW;AAAA,MACb;AAAA,IACF;AAEA,QAAI;AACF,sBAAgB,MAAM,WAAW,oBAAoB,SAAS;AAAA,QAC5D,WAAW,kBAAkB;AAAA,MAC/B,CAAC;AAAA,IACH,SAAS,cAAc;AACrB,cAAQ;AAAA,QACN;AAAA,QACA;AAAA,MACF;AACA,YAAM,YAAY,wBAAwB,YAAY;AACtD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,QACjB,WAAW;AAAA,MACb;AAAA,IACF;AAGA,QAAI,wBAAwB;AAC5B,QAAI;AAEF,kBAAY,IAAI,kBAAkB,aAAa,eAAe;AAAA,QAC5D,QAAQ,kBAAkB;AAAA,QAC1B,GAAG;AAAA,MACL,CAAC;AAGD,YAAM,kBAAkB,MAAM,YAAY;AAAA,QACxC,kBAAkB;AAAA,MACpB;AACA,8BAAwB,CAAC,CAAC,iBAAiB;AAE3C,UAAI,CAAC,uBAAuB;AAC1B,cAAM,QAAQ,IAAI,MAAM,yCAAyC;AACjE,gBAAQ;AAAA,UACN;AAAA,UACA;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF,SAAS,aAAa;AACpB,cAAQ;AAAA,QACN;AAAA,QACA;AAAA,MACF;AACA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,OAAO;AAAA,QACP,WAAW;AAAA,MACb;AAAA,IACF;AAEA,YAAQ;AAAA,MACN,uEAAuE,aAAa,GAAG;AAAA,IACzF;AACA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,WAAW,kBAAkB;AAAA,MAC7B,WAAW;AAAA,IACb;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,2CAA2C,KAAK;AAC9D,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU,WAAW;AAAA,MAC9B,OAAO,UAAU,QAAQ;AAAA,MACzB,WAAW;AAAA,IACb;AAAA,EACF;AACF;AAEA,eAAsB,mBACpB,aACA,SACwB;AACxB,MAAI;AACF,UAAM,YAAY,iBAAiB,SAAS,QAAQ;AACpD,UAAM,gBAAgB,MAAM,YAAY,IAAI,kBAAkB,WAAW;AAEzE,UAAM,YAAY,OAAO,kBAAkB,WAAW;AACtD,UAAM,YAAY,OAAO,gBAAgB;AACzC,UAAM,YAAY,OAAO,UAAU;AAEnC,QACE,kBAAkB,oCAClB,eAAe,OACf;AACA,UAAI;AACF,cAAM,gBAAgB,MAAM,UAAU;AAAA,UACpC,cAAc;AAAA,QAChB;AACA,cAAM,UAAU,oBAAoB,cAAc,GAAG;AACrD,gBAAQ;AAAA,UACN,8DAA8D,cAAc,GAAG;AAAA,QACjF;AAAA,MACF,SAAS,aAAa;AACpB,gBAAQ;AAAA,UACN;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,YAAQ,IAAI,2DAA2D;AACvE,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,WAAW;AAAA,IACb;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,0CAA0C,KAAK;AAC7D,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU,WAAW;AAAA,MAC9B,OAAO,UAAU,QAAQ;AAAA,MACzB,WAAW;AAAA,IACb;AAAA,EACF;AACF;;;AG9MA,eAAsB,aACpB,aACA,mBAIA,mBAOA;AACA,MAAI;AACF,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA,GAAI,qBAAqB,EAAE,kBAAkB;AAAA,IAC/C;AAEA,UAAM,SAAS,MAAM,wBAAwB,aAAa,YAAY;AAEtE,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,OAAO;AAAA,MACjB,aAAa,OAAO;AAAA,IACtB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,0BAA0B,KAAK;AAC7C,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AACF;AAEA,eAAsB,iBACpB,OACA,UACA,UACyB;AACzB,MAAI;AACF,UAAM,aAAa,wBAAwB,cAAc,QAAQ;AAEjE,UAAM,aAAa,MAAM,WAAW,WAAW;AAAA,MAC7C;AAAA,MACA;AAAA,MACA,eAAe;AAAA,MACf,UAAU;AAAA,IACZ,CAAC;AAED,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,MAAM,WAAW;AAAA,IACnB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACF;;;AC7DA,SAAS,2BAAAA,gCAA+B;AAExC,SAAS,eAAe;AAKxB,IAAMC,qBAAoB;AAAA,EACxB,aAAa;AAAA,EACb,uBAAuB,KAAK,KAAK,KAAK,IAAI;AAAA;AAAA,EAC1C,4BAA4B,KAAK,KAAK,KAAK;AAAA,EAC3C,kCAAkC;AACpC;AAEA,eAAsB,wBAAwB,SAAiB;AAC7D,MAAI;AACF,UAAM,YAAY,KAAK,KAAK,KAAK,IAAI;AACrC,UAAM,gBAAgB,MAAM,oBAAU,oBAAoB,SAAS;AAAA,MACjE;AAAA,IACF,CAAC;AAED,UAAM,cAAc,MAAM,QAAQ;AAClC,gBAAY,IAAI,mBAAmB,eAAe;AAAA,MAChD,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,MAAM;AAAA,IACR,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACrD,SAAS,OAAO;AACd,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EAC/D;AACF;AAEA,eAAsB,6BAA6B;AACjD,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,gBAAgB,YAAY,IAAI,iBAAiB,GAAG;AAE1D,MAAI,CAAC,eAAe;AAClB,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,oBAAU;AAAA,MACpC;AAAA,MACA;AAAA,IACF;AACA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAEA,eAAsB,iBAAiB;AACrC,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,QAAQ,YAAY,IAAI,gBAAgB,GAAG;AAEjD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,oBAAU,cAAc,KAAK;AACzD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAEA,eAAsB,qBAAqB,OAAe;AACxD,MAAI;AACF,UAAM,cAAc,MAAM,QAAQ;AAClC,gBAAY,IAAI,kBAAkB,OAAO;AAAA,MACvC,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,UAAU;AAAA,MACV,QAAQ,KAAK;AAAA;AAAA,MACb,MAAM;AAAA,IACR,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACrD,QAAQ;AACN,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EAC/D;AACF;AAEA,eAAsB,mBAAmB,OAAe;AACtD,MAAI;AACF,UAAM,cAAc,MAAM,QAAQ;AAClC,gBAAY,IAAI,SAAS,OAAO;AAAA,MAC9B,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,UAAU;AAAA,MACV,QAAQ,KAAK;AAAA;AAAA,MACb,MAAM;AAAA,IACR,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACrD,QAAQ;AACN,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EAC/D;AACF;AAEA,eAAsB,sBACpB,OACiC;AACjC,MAAI;AACF,UAAM,eAAe,MAAM,oBAAU,cAAc,KAAK;AACxD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,oDAAoD,KAAK;AACvE,UAAM,YAAYC,yBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAsB,4BACpB,SACiC;AACjC,MAAI;AACF,UAAM,MAAM,MAAM,oBAAU,oBAAoB,OAAO;AACvD,YAAQ;AAAA,MACN;AAAA,MACA,IAAI;AAAA,IACN;AACA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,GAAG;AAAA,IACL;AAAA,EACF,SAAS,OAAO;AACd,YAAQ;AAAA,MACN;AAAA,MACA;AAAA,IACF;AACA,UAAM,YAAYA,yBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAsB,uBAAuB,UAAmB;AAC9D,MAAI;AACF,YAAQ,IAAI,qDAAqD,QAAQ;AACzE,UAAM,aAAa,iBAAiB,QAAQ;AAC5C,UAAM,cAAc,MAAM,QAAQ;AAClC,UAAM,gBAAgB,YAAY,IAAID,mBAAkB,WAAW;AAEnE,gBAAY,OAAOA,mBAAkB,WAAW;AAChD,gBAAY,OAAO,gBAAgB;AACnC,gBAAY,OAAO,UAAU;AAE7B,QACEA,mBAAkB,oCAClB,eAAe,OACf;AACA,UAAI;AACF,cAAM,gBAAgB,MAAM,WAAW;AAAA,UACrC,cAAc;AAAA,QAChB;AACA,cAAM,WAAW,oBAAoB,cAAc,GAAG;AACtD,gBAAQ;AAAA,UACN,8DAA8D,cAAc,GAAG;AAAA,QACjF;AAAA,MACF,SAAS,aAAa;AACpB,gBAAQ;AAAA,UACN;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,SAAS,MAAM,SAAS,+BAA+B;AAAA,EAClE,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAC9C,WAAO,EAAE,SAAS,OAAO,SAAS,kCAAkC;AAAA,EACtE;AACF;;;ACxKO,IAAM,wBAAwB,OAAO,YAA+C;AACzF,QAAM,oBAAoB,wBAAwB,OAAO;AACzD,QAAM,eAAe,MAAM,oBAAoB,OAAO;AAEtD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,oBAAoB,SAAyC;AACjF,QAAM,gBAAgB,QAAQ,QAAQ,IAAI,QAAQ;AAClD,QAAM,eAAe,eAAe,MAAM,GAAG,EAC1C,KAAK,OAAK,EAAE,KAAK,EAAE,WAAW,kBAAkB,CAAC,GAChD,MAAM,GAAG,EAAE,CAAC;AAEhB,MAAI,CAAC,cAAc;AACjB,UAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AAEA,QAAM,qBAAqB,MAAM,4BAA4B,YAAY;AAEzE,MAAI,CAAC,mBAAmB,OAAO;AAC7B,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACzC;AAEA,SAAO;AAAA,IACL;AAAA,IACA,IAAI,QAAQ,QAAQ,OAAO;AAAA,IAC3B;AAAA,EACF;AACF;AAEO,SAAS,iBACd,SACkB;AAClB,SAAO;AAAA,IACL;AAAA,IACA,QAAQ,QAAQ;AAAA,IAChB,KAAK,CAAC;AAAA,EACR;AACF;AAEO,SAAS,SACd,SACA,UAAmB,IAAI,QAAQ,GAC/B,OACa;AACb,QAAM,aAAa,iBAAiB,OAAO;AAC3C,SAAO;AAAA,IACL,MAAM,MAAM;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AACF;","names":["handleFirebaseAuthError","SESSION_CONSTANTS","handleFirebaseAuthError"]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/admin/nextSessionTernSecure.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"nextSessionTernSecure.d.ts","sourceRoot":"","sources":["../../src/admin/nextSessionTernSecure.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAajE,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,MAAM;;;GAkB5D;AAED,wBAAsB,0BAA0B;;;GAqB/C;AAED,wBAAsB,cAAc;;;GAkBnC;AAED,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM;;;GAcvD;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,MAAM;;;GAcrD;AAED,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,sBAAsB,CAAC,CAejC;AAED,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,sBAAsB,CAAC,CAsBjC;AAED,wBAAsB,sBAAsB,CAAC,QAAQ,CAAC,EAAE,MAAM;;;GAmC7D"}
+{"version":3,"file":"nextSessionTernSecure.d.ts","sourceRoot":"","sources":["../../src/admin/nextSessionTernSecure.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAcjE,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,MAAM;;;GAkB5D;AAED,wBAAsB,0BAA0B;;;GAqB/C;AAED,wBAAsB,cAAc;;;GAkBnC;AAED,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM;;;GAcvD;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,MAAM;;;GAcrD;AAED,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,sBAAsB,CAAC,CAejC;AAED,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,sBAAsB,CAAC,CAsBjC;AAED,wBAAsB,sBAAsB,CAAC,QAAQ,CAAC,EAAE,MAAM;;;GAkC7D"}

package/dist/admin/sessionTernSecure.d.ts

@@ -1,6 +1,28 @@
-import type { CookieStore, SessionParams, SessionResult } from "@tern-secure/types";
-import type { RequestOptions } from "../tokens/types";
-export declare function createSessionCookie(params: SessionParams | string, cookieStore: CookieStore, options?: RequestOptions): Promise<SessionResult>;
-export declare function clearSessionCookie(cookieStore: CookieStore, options?: RequestOptions): Promise<SessionResult>;
-export declare function createCustomToken(uid: string, options?: RequestOptions): Promise<string | null>;
+import type { CookieStore, SessionParams, SessionResult, TernSecureHandlerOptions } from '@tern-secure/types';
+export declare function createSessionCookie_old(params: SessionParams | string, cookieStore: CookieStore, options?: TernSecureHandlerOptions): Promise<SessionResult>;
+export declare function clearSessionCookie_old(cookieStore: CookieStore, options?: TernSecureHandlerOptions): Promise<SessionResult>;
+export declare function createCustomToken_old(uid: string, options?: TernSecureHandlerOptions): Promise<string | null>;
+/**
+ * Creates cookies for user session management
+ * @param params - Session parameters containing idToken and optional refreshToken
+ * @param cookieStore - Cookie store interface for managing cookies
+ * @param options - TernSecure handler options containing cookie configurations
+ */
+export declare function createSessionCookie(params: SessionParams | string, cookieStore: CookieStore, options?: TernSecureHandlerOptions): Promise<SessionResult>;
+/**
+ * Clears user session cookies
+ * @param cookieStore - Cookie store interface for managing cookies
+ * @param options - TernSecure handler options containing cookie configurations
+ */
+export declare function clearSessionCookie(cookieStore: CookieStore, options?: TernSecureHandlerOptions): Promise<SessionResult>;
+/**
+ * Creates a custom token for a user
+ * @param uid - User ID to create the custom token for
+ * @param options - TernSecure handler options
+ * @returns Promise resolving to the custom token string or null if creation fails
+ */
+export declare function createCustomToken(uid: string, options?: TernSecureHandlerOptions): Promise<string | null>;
+export declare function createCustomTokenClaims(uid: string, developerClaims?: {
+    [key: string]: unknown;
+}): Promise<string>;
 //# sourceMappingURL=sessionTernSecure.d.ts.map

package/dist/admin/sessionTernSecure.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sessionTernSecure.d.ts","sourceRoot":"","sources":["../../src/admin/sessionTernSecure.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,WAAW,EACX,aAAa,EACb,aAAa,EACd,MAAM,oBAAoB,CAAC;AAG5B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAoBtD,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,aAAa,GAAG,MAAM,EAC9B,WAAW,EAAE,WAAW,EACxB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CA+HxB;AAED,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,WAAW,EACxB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CA6CxB;AAED,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CASrG"}
+{"version":3,"file":"sessionTernSecure.d.ts","sourceRoot":"","sources":["../../src/admin/sessionTernSecure.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,aAAa,EACb,aAAa,EACb,wBAAwB,EACzB,MAAM,oBAAoB,CAAC;AAqB5B,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,aAAa,GAAG,MAAM,EAC9B,WAAW,EAAE,WAAW,EACxB,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,aAAa,CAAC,CAkFxB;AAED,wBAAsB,sBAAsB,CAC1C,WAAW,EAAE,WAAW,EACxB,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,aAAa,CAAC,CA+BxB;AAED,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CASxB;AAuDD;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,aAAa,GAAG,MAAM,EAC9B,WAAW,EAAE,WAAW,EACxB,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,aAAa,CAAC,CA0HxB;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,WAAW,EACxB,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,aAAa,CAAC,CAsDxB;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CASxB;AAGD,wBAAsB,uBAAuB,CAC3C,GAAG,EAAE,MAAM,EACX,eAAe,CAAC,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,GAC3C,OAAO,CAAC,MAAM,CAAC,CASjB"}

package/dist/auth/getauth.d.ts

@@ -0,0 +1,15 @@
+import type { AuthenticateRequestOptions } from '../tokens/types';
+export interface IdAndRefreshTokens {
+    idToken: string;
+    refreshToken: string;
+}
+export interface CustomTokens {
+    idToken: string;
+    refreshToken: string;
+    customToken: string;
+}
+export declare function getAuth(options: AuthenticateRequestOptions): {
+    customForIdAndRefreshToken: (customToken: string) => Promise<IdAndRefreshTokens>;
+    createCustomIdAndRefreshToken: (idToken: string) => Promise<CustomTokens>;
+};
+//# sourceMappingURL=getauth.d.ts.map

package/dist/auth/getauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"getauth.d.ts","sourceRoot":"","sources":["../../src/auth/getauth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAGlE,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAUD,wBAAgB,OAAO,CAAC,OAAO,EAAE,0BAA0B;8CAI1C,MAAM,KAClB,OAAO,CAAC,kBAAkB,CAAC;6CAiBwB,MAAM,KAAG,OAAO,CAAC,YAAY,CAAC;EA0BrF"}

package/dist/auth/index.d.ts

@@ -0,0 +1,2 @@
+export * from './getauth';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC"}