@tern-secure/backend 1.2.0-canary.v20251127221555 → 1.2.0-canary.v20251202162458

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (91) hide show
  1. package/dist/adapters/index.d.ts +1 -1
  2. package/dist/adapters/index.d.ts.map +1 -1
  3. package/dist/adapters/types.d.ts +42 -0
  4. package/dist/adapters/types.d.ts.map +1 -1
  5. package/dist/admin/index.d.ts +1 -1
  6. package/dist/admin/index.d.ts.map +1 -1
  7. package/dist/admin/index.js +8 -1
  8. package/dist/admin/index.js.map +1 -1
  9. package/dist/admin/index.mjs +10 -70
  10. package/dist/admin/index.mjs.map +1 -1
  11. package/dist/app-check/AppCheckApi.d.ts +14 -0
  12. package/dist/app-check/AppCheckApi.d.ts.map +1 -0
  13. package/dist/app-check/generator.d.ts +9 -0
  14. package/dist/app-check/generator.d.ts.map +1 -0
  15. package/dist/app-check/index.d.ts +18 -0
  16. package/dist/app-check/index.d.ts.map +1 -0
  17. package/dist/app-check/index.js +1052 -0
  18. package/dist/app-check/index.js.map +1 -0
  19. package/dist/app-check/index.mjs +13 -0
  20. package/dist/app-check/index.mjs.map +1 -0
  21. package/dist/app-check/serverAppCheck.d.ts +33 -0
  22. package/dist/app-check/serverAppCheck.d.ts.map +1 -0
  23. package/dist/app-check/types.d.ts +21 -0
  24. package/dist/app-check/types.d.ts.map +1 -0
  25. package/dist/app-check/verifier.d.ts +16 -0
  26. package/dist/app-check/verifier.d.ts.map +1 -0
  27. package/dist/auth/credential.d.ts +5 -5
  28. package/dist/auth/credential.d.ts.map +1 -1
  29. package/dist/auth/getauth.d.ts +2 -1
  30. package/dist/auth/getauth.d.ts.map +1 -1
  31. package/dist/auth/index.d.ts +2 -0
  32. package/dist/auth/index.d.ts.map +1 -1
  33. package/dist/auth/index.js +819 -394
  34. package/dist/auth/index.js.map +1 -1
  35. package/dist/auth/index.mjs +5 -3
  36. package/dist/chunk-3OGMNIOJ.mjs +174 -0
  37. package/dist/chunk-3OGMNIOJ.mjs.map +1 -0
  38. package/dist/{chunk-GFH5CXQR.mjs → chunk-AW5OXT7N.mjs} +2 -2
  39. package/dist/chunk-IEJQ7F4A.mjs +778 -0
  40. package/dist/chunk-IEJQ7F4A.mjs.map +1 -0
  41. package/dist/{chunk-NXYWC6YO.mjs → chunk-TUYCJY35.mjs} +182 -6
  42. package/dist/chunk-TUYCJY35.mjs.map +1 -0
  43. package/dist/constants.d.ts +10 -1
  44. package/dist/constants.d.ts.map +1 -1
  45. package/dist/fireRestApi/endpoints/AppCheckApi.d.ts.map +1 -1
  46. package/dist/index.d.ts +4 -1
  47. package/dist/index.d.ts.map +1 -1
  48. package/dist/index.js +1570 -1183
  49. package/dist/index.js.map +1 -1
  50. package/dist/index.mjs +97 -135
  51. package/dist/index.mjs.map +1 -1
  52. package/dist/jwt/crypto-signer.d.ts +21 -0
  53. package/dist/jwt/crypto-signer.d.ts.map +1 -0
  54. package/dist/jwt/index.d.ts +2 -1
  55. package/dist/jwt/index.d.ts.map +1 -1
  56. package/dist/jwt/index.js +119 -2
  57. package/dist/jwt/index.js.map +1 -1
  58. package/dist/jwt/index.mjs +7 -3
  59. package/dist/jwt/signJwt.d.ts +8 -2
  60. package/dist/jwt/signJwt.d.ts.map +1 -1
  61. package/dist/jwt/types.d.ts +6 -0
  62. package/dist/jwt/types.d.ts.map +1 -1
  63. package/dist/jwt/verifyJwt.d.ts +7 -1
  64. package/dist/jwt/verifyJwt.d.ts.map +1 -1
  65. package/dist/tokens/authstate.d.ts +2 -0
  66. package/dist/tokens/authstate.d.ts.map +1 -1
  67. package/dist/tokens/c-authenticateRequestProcessor.d.ts +2 -2
  68. package/dist/tokens/c-authenticateRequestProcessor.d.ts.map +1 -1
  69. package/dist/tokens/keys.d.ts.map +1 -1
  70. package/dist/tokens/request.d.ts.map +1 -1
  71. package/dist/tokens/types.d.ts +6 -4
  72. package/dist/tokens/types.d.ts.map +1 -1
  73. package/dist/utils/config.d.ts.map +1 -1
  74. package/dist/{auth/utils.d.ts → utils/fetcher.d.ts} +2 -1
  75. package/dist/utils/fetcher.d.ts.map +1 -0
  76. package/dist/utils/mapDecode.d.ts +2 -1
  77. package/dist/utils/mapDecode.d.ts.map +1 -1
  78. package/dist/utils/token-generator.d.ts +4 -0
  79. package/dist/utils/token-generator.d.ts.map +1 -0
  80. package/package.json +13 -3
  81. package/dist/auth/constants.d.ts +0 -6
  82. package/dist/auth/constants.d.ts.map +0 -1
  83. package/dist/auth/utils.d.ts.map +0 -1
  84. package/dist/chunk-DJLDUW7J.mjs +0 -414
  85. package/dist/chunk-DJLDUW7J.mjs.map +0 -1
  86. package/dist/chunk-NXYWC6YO.mjs.map +0 -1
  87. package/dist/chunk-WIVOBOZR.mjs +0 -86
  88. package/dist/chunk-WIVOBOZR.mjs.map +0 -1
  89. package/dist/utils/gemini_admin-init.d.ts +0 -10
  90. package/dist/utils/gemini_admin-init.d.ts.map +0 -1
  91. /package/dist/{chunk-GFH5CXQR.mjs.map → chunk-AW5OXT7N.mjs.map} +0 -0
package/dist/index.mjs CHANGED
@@ -1,20 +1,20 @@
1
1
  import {
2
2
  createTernSecureRequest
3
- } from "./chunk-GFH5CXQR.mjs";
3
+ } from "./chunk-AW5OXT7N.mjs";
4
4
  import {
5
5
  getAuth,
6
6
  verifyToken
7
- } from "./chunk-DJLDUW7J.mjs";
7
+ } from "./chunk-IEJQ7F4A.mjs";
8
8
  import {
9
9
  constants
10
- } from "./chunk-WIVOBOZR.mjs";
10
+ } from "./chunk-3OGMNIOJ.mjs";
11
11
  import {
12
12
  RefreshTokenErrorReason,
13
13
  TokenVerificationError,
14
14
  TokenVerificationErrorReason,
15
15
  mapJwtPayloadToDecodedIdToken,
16
16
  ternDecodeJwt
17
- } from "./chunk-NXYWC6YO.mjs";
17
+ } from "./chunk-TUYCJY35.mjs";
18
18
 
19
19
  // src/createRedirect.ts
20
20
  var buildUrl = (_baseUrl, _targetUrl, _returnBackUrl) => {
@@ -74,6 +74,82 @@ var createRedirect = (params) => {
74
74
  return { redirectToSignUp, redirectToSignIn };
75
75
  };
76
76
 
77
+ // src/tokens/c-authenticateRequestProcessor.ts
78
+ var RequestProcessorContext = class {
79
+ constructor(ternSecureRequest, options) {
80
+ this.ternSecureRequest = ternSecureRequest;
81
+ this.options = options;
82
+ this.initHeaderValues();
83
+ this.initCookieValues();
84
+ this.initHandshakeValues();
85
+ this.initUrlValues();
86
+ Object.assign(this, options);
87
+ this.ternUrl = this.ternSecureRequest.ternUrl;
88
+ }
89
+ get request() {
90
+ return this.ternSecureRequest;
91
+ }
92
+ initHeaderValues() {
93
+ this.sessionTokenInHeader = this.parseAuthorizationHeader(
94
+ this.getHeader(constants.Headers.Authorization)
95
+ );
96
+ this.origin = this.getHeader(constants.Headers.Origin);
97
+ this.host = this.getHeader(constants.Headers.Host);
98
+ this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);
99
+ this.forwardedProto = this.getHeader(constants.Headers.CloudFrontForwardedProto) || this.getHeader(constants.Headers.ForwardedProto);
100
+ this.referrer = this.getHeader(constants.Headers.Referrer);
101
+ this.userAgent = this.getHeader(constants.Headers.UserAgent);
102
+ this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);
103
+ this.accept = this.getHeader(constants.Headers.Accept);
104
+ this.appCheckToken = this.getHeader(constants.Headers.AppCheckToken);
105
+ }
106
+ initCookieValues() {
107
+ const isProduction = process.env.NODE_ENV === "production";
108
+ const defaultPrefix = isProduction ? "__HOST-" : "__dev_";
109
+ this.sessionTokenInCookie = this.getCookie(constants.Cookies.Session);
110
+ this.idTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.IdToken}`);
111
+ this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);
112
+ this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);
113
+ this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);
114
+ this.ternAuth = Number.parseInt(this.getCookie(constants.Cookies.TernAut) || "0", 10);
115
+ }
116
+ initHandshakeValues() {
117
+ this.handshakeToken = this.getQueryParam(constants.QueryParameters.Handshake) || this.getCookie(constants.Cookies.Handshake);
118
+ this.handshakeNonce = this.getQueryParam(constants.QueryParameters.HandshakeNonce) || this.getCookie(constants.Cookies.HandshakeNonce);
119
+ }
120
+ initUrlValues() {
121
+ this.method = this.ternSecureRequest.method;
122
+ this.pathSegments = this.ternSecureRequest.ternUrl.pathname.split("/").filter(Boolean);
123
+ this.endpoint = this.pathSegments[2];
124
+ this.subEndpoint = this.pathSegments[3];
125
+ }
126
+ getQueryParam(name) {
127
+ return this.ternSecureRequest.ternUrl.searchParams.get(name);
128
+ }
129
+ getHeader(name) {
130
+ return this.ternSecureRequest.headers.get(name) || void 0;
131
+ }
132
+ getCookie(name) {
133
+ return this.ternSecureRequest.cookies.get(name) || void 0;
134
+ }
135
+ parseAuthorizationHeader(authorizationHeader) {
136
+ if (!authorizationHeader) {
137
+ return void 0;
138
+ }
139
+ const [scheme, token] = authorizationHeader.split(" ", 2);
140
+ if (!token) {
141
+ return scheme;
142
+ }
143
+ if (scheme === "Bearer") {
144
+ return token;
145
+ }
146
+ return void 0;
147
+ }
148
+ };
149
+ var createRequestProcessor = (ternSecureRequest, options) => {
150
+ return new RequestProcessorContext(ternSecureRequest, options);
151
+ };
152
+
77
153
  // src/tokens/authstate.ts
78
154
  var AuthStatus = {
79
155
  SignedIn: "signed-in",
@@ -162,6 +238,7 @@ function signedOut(authCtx, reason, message = "", headers = new Headers()) {
162
238
  isSignedIn: false,
163
239
  auth: () => signedOutAuthObject(),
164
240
  token: null,
241
+ appCheckToken: authCtx.appCheckToken,
165
242
  headers
166
243
  });
167
244
  }
@@ -185,6 +262,12 @@ var decorateHeaders = (requestState) => {
185
262
  } catch {
186
263
  }
187
264
  }
265
+ if (requestState.appCheckToken) {
266
+ try {
267
+ headers.set(constants.Headers.AppCheckToken, requestState.appCheckToken);
268
+ } catch {
269
+ }
270
+ }
188
271
  requestState.headers = headers;
189
272
  return requestState;
190
273
  };
@@ -219,15 +302,11 @@ var AppCheckApi = class extends AbstractAPI {
219
302
  "Content-Type": "application/json",
220
303
  "Authorization": `Bearer ${accessToken}`
221
304
  };
222
- const body = {
223
- customToken,
224
- limitedUse
225
- };
226
305
  try {
227
306
  const response = await fetch(endpoint, {
228
307
  method: "POST",
229
308
  headers,
230
- body: JSON.stringify(body)
309
+ body: JSON.stringify({ customToken, limitedUse })
231
310
  });
232
311
  if (!response.ok) {
233
312
  const errorText = await response.text();
@@ -690,82 +769,6 @@ function mergePreDefinedOptions(userOptions = {}) {
690
769
  // src/tokens/request.ts
691
770
  import { ms } from "@tern-secure/shared/ms";
692
771
 
693
- // src/tokens/c-authenticateRequestProcessor.ts
694
- var RequestProcessorContext = class {
695
- constructor(ternSecureRequest, options) {
696
- this.ternSecureRequest = ternSecureRequest;
697
- this.options = options;
698
- this.initHeaderValues();
699
- this.initCookieValues();
700
- this.initHandshakeValues();
701
- this.initUrlValues();
702
- Object.assign(this, options);
703
- this.ternUrl = this.ternSecureRequest.ternUrl;
704
- }
705
- get request() {
706
- return this.ternSecureRequest;
707
- }
708
- initHeaderValues() {
709
- this.sessionTokenInHeader = this.parseAuthorizationHeader(
710
- this.getHeader(constants.Headers.Authorization)
711
- );
712
- this.origin = this.getHeader(constants.Headers.Origin);
713
- this.host = this.getHeader(constants.Headers.Host);
714
- this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);
715
- this.forwardedProto = this.getHeader(constants.Headers.CloudFrontForwardedProto) || this.getHeader(constants.Headers.ForwardedProto);
716
- this.referrer = this.getHeader(constants.Headers.Referrer);
717
- this.userAgent = this.getHeader(constants.Headers.UserAgent);
718
- this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);
719
- this.accept = this.getHeader(constants.Headers.Accept);
720
- this.appCheckToken = this.getHeader(constants.Headers.AppCheckToken);
721
- }
722
- initCookieValues() {
723
- const isProduction = process.env.NODE_ENV === "production";
724
- const defaultPrefix = isProduction ? "__HOST-" : "__dev_";
725
- this.sessionTokenInCookie = this.getCookie(constants.Cookies.Session);
726
- this.idTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.IdToken}`);
727
- this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);
728
- this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);
729
- this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);
730
- this.ternAuth = Number.parseInt(this.getCookie(constants.Cookies.TernAut) || "0", 10);
731
- }
732
- initHandshakeValues() {
733
- this.handshakeToken = this.getQueryParam(constants.QueryParameters.Handshake) || this.getCookie(constants.Cookies.Handshake);
734
- this.handshakeNonce = this.getQueryParam(constants.QueryParameters.HandshakeNonce) || this.getCookie(constants.Cookies.HandshakeNonce);
735
- }
736
- initUrlValues() {
737
- this.method = this.ternSecureRequest.method;
738
- this.pathSegments = this.ternSecureRequest.ternUrl.pathname.split("/").filter(Boolean);
739
- this.endpoint = this.pathSegments[2];
740
- this.subEndpoint = this.pathSegments[3];
741
- }
742
- getQueryParam(name) {
743
- return this.ternSecureRequest.ternUrl.searchParams.get(name);
744
- }
745
- getHeader(name) {
746
- return this.ternSecureRequest.headers.get(name) || void 0;
747
- }
748
- getCookie(name) {
749
- return this.ternSecureRequest.cookies.get(name) || void 0;
750
- }
751
- parseAuthorizationHeader(authorizationHeader) {
752
- if (!authorizationHeader) {
753
- return void 0;
754
- }
755
- const [scheme, token] = authorizationHeader.split(" ", 2);
756
- if (!token) {
757
- return scheme;
758
- }
759
- if (scheme === "Bearer") {
760
- return token;
761
- }
762
- return void 0;
763
- }
764
- };
765
- var createRequestProcessor = (ternSecureRequest, options) => {
766
- return new RequestProcessorContext(ternSecureRequest, options);
767
- };
768
-
769
772
  // src/tokens/cookie.ts
770
773
  import { getCookieName as getCookieNameEnvironment, getCookiePrefix } from "@tern-secure/shared/cookie";
771
774
 
@@ -781,7 +784,7 @@ function isRequestForRefresh(error, context, request) {
781
784
  }
782
785
  async function authenticateRequest(request, options) {
783
786
  const context = createRequestProcessor(createTernSecureRequest(request), options);
784
- const { refreshTokenInCookie, appCheckToken } = context;
787
+ const { refreshTokenInCookie } = context;
785
788
  const { refreshExpiredIdToken } = getAuth(options);
786
789
  function checkSessionTimeout(authTimeValue) {
787
790
  const defaultMaxAgeSeconds = convertToSeconds("5 days");
@@ -804,8 +807,7 @@ async function authenticateRequest(request, options) {
804
807
  };
805
808
  }
806
809
  return await refreshExpiredIdToken(refreshTokenInCookie, {
807
- referer: context.ternUrl.origin,
808
- appCheckToken
810
+ referer: context.ternUrl.origin
809
811
  });
810
812
  }
811
813
  async function handleRefresh() {
@@ -907,24 +909,7 @@ async function authenticateRequest(request, options) {
907
909
  if (errors) {
908
910
  throw errors[0];
909
911
  }
910
- const { exchangeAppCheckToken } = getAuth(options);
911
- let appCheckTokenValue;
912
- try {
913
- const idToken = context.idTokenInCookie || "";
914
- const appCheckResult = await exchangeAppCheckToken(idToken);
915
- console.log("[authenticateRequest] App Check exchange result:", appCheckResult);
916
- if (appCheckResult.data?.token) {
917
- appCheckTokenValue = appCheckResult.data.token;
918
- }
919
- } catch (error) {
920
- console.warn("App Check token exchange failed:", error);
921
- }
922
- const headers = new Headers();
923
- headers.set(
924
- constants.Headers.AppCheckToken,
925
- appCheckTokenValue || ""
926
- );
927
- const signedInRequestState = signedIn(context, data, headers, context.idTokenInCookie);
912
+ const signedInRequestState = signedIn(context, data, void 0, context.idTokenInCookie);
928
913
  return signedInRequestState;
929
914
  } catch (err) {
930
915
  return handleError(err, "cookie");
@@ -938,23 +923,7 @@ async function authenticateRequest(request, options) {
938
923
  if (errors) {
939
924
  throw errors[0];
940
925
  }
941
- const { exchangeAppCheckToken } = getAuth(options);
942
- let appCheckTokenValue;
943
- try {
944
- const token = sessionTokenInHeader || "";
945
- const appCheckResult = await exchangeAppCheckToken(token);
946
- if (appCheckResult.data?.token) {
947
- appCheckTokenValue = appCheckResult.data.token;
948
- }
949
- } catch (error) {
950
- console.warn("App Check token exchange failed:", error);
951
- }
952
- const headers = new Headers();
953
- headers.set(
954
- constants.Headers.AppCheckToken,
955
- appCheckTokenValue || ""
956
- );
957
- const signedInRequestState = signedIn(context, data, headers, sessionTokenInHeader);
926
+ const signedInRequestState = signedIn(context, data, void 0, sessionTokenInHeader);
958
927
  return signedInRequestState;
959
928
  } catch (err) {
960
929
  return handleError(err, "header");
@@ -968,17 +937,8 @@ async function authenticateRequest(request, options) {
968
937
  if (isRequestForRefresh(err, context, request)) {
969
938
  const { data, error } = await handleRefresh();
970
939
  if (data) {
971
- const { exchangeAppCheckToken } = getAuth(options);
972
- let appCheckTokenValue;
973
- try {
974
- const appCheckResult = await exchangeAppCheckToken(data.token);
975
- if (appCheckResult.data?.token) {
976
- appCheckTokenValue = appCheckResult.data.token;
977
- }
978
- } catch (error2) {
979
- console.warn("App Check token exchange failed in error handler:", error2);
980
- }
981
- return signedIn(context, data.decoded, data.headers, data.token);
940
+ const signedInState = signedIn(context, data.decoded, data.headers, data.token);
941
+ return signedInState;
982
942
  }
983
943
  if (error?.cause?.reason) {
984
944
  refreshError = error.cause.reason;
@@ -1294,6 +1254,7 @@ export {
1294
1254
  createAdapter,
1295
1255
  createBackendInstanceClient,
1296
1256
  createRedirect,
1257
+ createRequestProcessor,
1297
1258
  createTernSecureRequest,
1298
1259
  disableDebugLogging,
1299
1260
  enableDebugLogging,
@@ -1301,6 +1262,7 @@ export {
1301
1262
  signedIn,
1302
1263
  signedInAuthObject,
1303
1264
  signedOutAuthObject,
1304
- validateCheckRevokedOptions
1265
+ validateCheckRevokedOptions,
1266
+ verifyToken
1305
1267
  };
1306
1268
  //# sourceMappingURL=index.mjs.map