@tern-secure/backend 1.2.0-canary.v20251202162458 → 1.2.0-canary.v20251202164451
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin/index.mjs +19 -533
- package/dist/admin/index.mjs.map +1 -1
- package/dist/app-check/index.js +83 -0
- package/dist/app-check/index.js.map +1 -1
- package/dist/app-check/index.mjs +2 -2
- package/dist/auth/index.js +83 -0
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/index.mjs +2 -2
- package/dist/chunk-34QENCWP.mjs +784 -0
- package/dist/chunk-34QENCWP.mjs.map +1 -0
- package/dist/{chunk-IEJQ7F4A.mjs → chunk-UCSJDX6Y.mjs} +2 -2
- package/dist/chunk-UCSJDX6Y.mjs.map +1 -0
- package/dist/index.js +37 -5
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +4 -6
- package/dist/index.mjs.map +1 -1
- package/package.json +3 -3
- package/dist/chunk-3OGMNIOJ.mjs +0 -174
- package/dist/chunk-3OGMNIOJ.mjs.map +0 -1
- package/dist/chunk-AW5OXT7N.mjs +0 -71
- package/dist/chunk-AW5OXT7N.mjs.map +0 -1
- package/dist/chunk-IEJQ7F4A.mjs.map +0 -1
package/dist/auth/index.js
CHANGED
|
@@ -742,6 +742,14 @@ var ONE_HOUR_IN_SECONDS = 60 * 60;
|
|
|
742
742
|
var ONE_MINUTE_IN_SECONDS = 60;
|
|
743
743
|
var ONE_MINUTE_IN_MILLIS = ONE_MINUTE_IN_SECONDS * 1e3;
|
|
744
744
|
var ONE_DAY_IN_MILLIS = 24 * 60 * 60 * 1e3;
|
|
745
|
+
var Attributes = {
|
|
746
|
+
AuthToken: "__ternsecureAuthToken",
|
|
747
|
+
AuthSignature: "__ternsecureAuthSignature",
|
|
748
|
+
AuthStatus: "__ternsecureAuthStatus",
|
|
749
|
+
AuthReason: "__ternsecureAuthReason",
|
|
750
|
+
AuthMessage: "__ternsecureAuthMessage",
|
|
751
|
+
TernSecureUrl: "__ternsecureUrl"
|
|
752
|
+
};
|
|
745
753
|
var Cookies = {
|
|
746
754
|
Session: "__session",
|
|
747
755
|
CsrfToken: "__terncf",
|
|
@@ -766,6 +774,46 @@ var QueryParameters = {
|
|
|
766
774
|
HandshakeReason: "__tern_hs_reason",
|
|
767
775
|
HandshakeNonce: Cookies.HandshakeNonce
|
|
768
776
|
};
|
|
777
|
+
var Headers2 = {
|
|
778
|
+
Accept: "accept",
|
|
779
|
+
AppCheckToken: "x-ternsecure-appcheck",
|
|
780
|
+
AuthMessage: "x-ternsecure-auth-message",
|
|
781
|
+
Authorization: "authorization",
|
|
782
|
+
AuthReason: "x-ternsecure-auth-reason",
|
|
783
|
+
AuthSignature: "x-ternsecure-auth-signature",
|
|
784
|
+
AuthStatus: "x-ternsecure-auth-status",
|
|
785
|
+
AuthToken: "x-ternsecure-auth-token",
|
|
786
|
+
CacheControl: "cache-control",
|
|
787
|
+
TernSecureRedirectTo: "x-ternsecure-redirect-to",
|
|
788
|
+
TernSecureRequestData: "x-ternsecure-request-data",
|
|
789
|
+
TernSecureUrl: "x-ternsecure-url",
|
|
790
|
+
CloudFrontForwardedProto: "cloudfront-forwarded-proto",
|
|
791
|
+
ContentType: "content-type",
|
|
792
|
+
ContentSecurityPolicy: "content-security-policy",
|
|
793
|
+
ContentSecurityPolicyReportOnly: "content-security-policy-report-only",
|
|
794
|
+
EnableDebug: "x-ternsecure-debug",
|
|
795
|
+
ForwardedHost: "x-forwarded-host",
|
|
796
|
+
ForwardedPort: "x-forwarded-port",
|
|
797
|
+
ForwardedProto: "x-forwarded-proto",
|
|
798
|
+
Host: "host",
|
|
799
|
+
Location: "location",
|
|
800
|
+
Nonce: "x-nonce",
|
|
801
|
+
Origin: "origin",
|
|
802
|
+
Referrer: "referer",
|
|
803
|
+
SecFetchDest: "sec-fetch-dest",
|
|
804
|
+
UserAgent: "user-agent",
|
|
805
|
+
ReportingEndpoints: "reporting-endpoints"
|
|
806
|
+
};
|
|
807
|
+
var ContentTypes = {
|
|
808
|
+
Json: "application/json"
|
|
809
|
+
};
|
|
810
|
+
var constants = {
|
|
811
|
+
Attributes,
|
|
812
|
+
Cookies,
|
|
813
|
+
Headers: Headers2,
|
|
814
|
+
ContentTypes,
|
|
815
|
+
QueryParameters
|
|
816
|
+
};
|
|
769
817
|
|
|
770
818
|
// src/app-check/generator.ts
|
|
771
819
|
function transformMillisecondsToSecondsString(milliseconds) {
|
|
@@ -827,6 +875,9 @@ var AppCheckTokenGenerator = class {
|
|
|
827
875
|
// src/app-check/serverAppCheck.ts
|
|
828
876
|
var import_redis = require("@upstash/redis");
|
|
829
877
|
|
|
878
|
+
// src/admin/sessionTernSecure.ts
|
|
879
|
+
var import_errors4 = require("@tern-secure/shared/errors");
|
|
880
|
+
|
|
830
881
|
// src/utils/admin-init.ts
|
|
831
882
|
var import_firebase_admin = __toESM(require("firebase-admin"));
|
|
832
883
|
var import_app_check = require("firebase-admin/app-check");
|
|
@@ -886,6 +937,38 @@ var adminTernSecureDb = import_firebase_admin.default.firestore();
|
|
|
886
937
|
var TernSecureTenantManager = import_firebase_admin.default.auth().tenantManager();
|
|
887
938
|
var appCheckAdmin = (0, import_app_check.getAppCheck)();
|
|
888
939
|
|
|
940
|
+
// src/admin/sessionTernSecure.ts
|
|
941
|
+
var DEFAULT_COOKIE_CONFIG = {
|
|
942
|
+
DEFAULT_EXPIRES_IN_MS: 5 * 60 * 1e3,
|
|
943
|
+
// 5 minutes
|
|
944
|
+
DEFAULT_EXPIRES_IN_SECONDS: 5 * 60,
|
|
945
|
+
REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
|
|
946
|
+
};
|
|
947
|
+
var DEFAULT_COOKIE_OPTIONS = {
|
|
948
|
+
httpOnly: true,
|
|
949
|
+
secure: process.env.NODE_ENV === "production",
|
|
950
|
+
sameSite: "strict",
|
|
951
|
+
path: "/"
|
|
952
|
+
};
|
|
953
|
+
|
|
954
|
+
// src/admin/nextSessionTernSecure.ts
|
|
955
|
+
var import_cookie = require("@tern-secure/shared/cookie");
|
|
956
|
+
var import_errors5 = require("@tern-secure/shared/errors");
|
|
957
|
+
var import_headers = require("next/headers");
|
|
958
|
+
var SESSION_CONSTANTS = {
|
|
959
|
+
COOKIE_NAME: constants.Cookies.Session,
|
|
960
|
+
DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1e3,
|
|
961
|
+
// 5 days
|
|
962
|
+
DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5,
|
|
963
|
+
REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
|
|
964
|
+
};
|
|
965
|
+
|
|
966
|
+
// src/tokens/ternSecureRequest.ts
|
|
967
|
+
var import_cookie2 = require("cookie");
|
|
968
|
+
|
|
969
|
+
// src/admin/user.ts
|
|
970
|
+
var import_errors6 = require("@tern-secure/shared/errors");
|
|
971
|
+
|
|
889
972
|
// src/app-check/verifier.ts
|
|
890
973
|
var import_jose6 = require("jose");
|
|
891
974
|
var getPublicKey = async (header, keyURL) => {
|