@tern-secure/backend 1.2.0-canary.v20251202164451 → 1.2.0-canary.v20251202172616
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/app-check/package.json +5 -0
- package/dist/admin/index.mjs +561 -23
- package/dist/admin/index.mjs.map +1 -1
- package/dist/app-check/index.js +4 -119
- package/dist/app-check/index.js.map +1 -1
- package/dist/app-check/index.mjs +2 -2
- package/dist/app-check/serverAppCheck.d.ts.map +1 -1
- package/dist/auth/index.js +3 -148
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/index.mjs +2 -2
- package/dist/chunk-4NYVEI6S.mjs +142 -0
- package/dist/chunk-4NYVEI6S.mjs.map +1 -0
- package/dist/chunk-PYNFU7M3.mjs +71 -0
- package/dist/chunk-PYNFU7M3.mjs.map +1 -0
- package/dist/{chunk-UCSJDX6Y.mjs → chunk-ZGZR5TER.mjs} +7 -6
- package/dist/chunk-ZGZR5TER.mjs.map +1 -0
- package/dist/index.js +8 -102
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +6 -4
- package/dist/index.mjs.map +1 -1
- package/package.json +5 -3
- package/dist/chunk-34QENCWP.mjs +0 -784
- package/dist/chunk-34QENCWP.mjs.map +0 -1
- package/dist/chunk-UCSJDX6Y.mjs.map +0 -1
package/dist/admin/index.mjs
CHANGED
|
@@ -1,27 +1,565 @@
|
|
|
1
1
|
import {
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
}
|
|
2
|
+
createTernSecureRequest
|
|
3
|
+
} from "../chunk-PYNFU7M3.mjs";
|
|
4
|
+
import {
|
|
5
|
+
constants,
|
|
6
|
+
initializeAdminConfig
|
|
7
|
+
} from "../chunk-4NYVEI6S.mjs";
|
|
8
|
+
|
|
9
|
+
// src/admin/sessionTernSecure.ts
|
|
10
|
+
import { handleFirebaseAuthError } from "@tern-secure/shared/errors";
|
|
11
|
+
|
|
12
|
+
// src/utils/admin-init.ts
|
|
13
|
+
import admin from "firebase-admin";
|
|
14
|
+
import { getAppCheck } from "firebase-admin/app-check";
|
|
15
|
+
if (!admin.apps.length) {
|
|
16
|
+
try {
|
|
17
|
+
const config = initializeAdminConfig();
|
|
18
|
+
admin.initializeApp({
|
|
19
|
+
credential: admin.credential.cert({
|
|
20
|
+
...config,
|
|
21
|
+
privateKey: config.privateKey.replace(/\\n/g, "\n")
|
|
22
|
+
})
|
|
23
|
+
});
|
|
24
|
+
} catch (error) {
|
|
25
|
+
console.error("Firebase admin initialization error", error);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
var adminTernSecureAuth = admin.auth();
|
|
29
|
+
var adminTernSecureDb = admin.firestore();
|
|
30
|
+
var TernSecureTenantManager = admin.auth().tenantManager();
|
|
31
|
+
var appCheckAdmin = getAppCheck();
|
|
32
|
+
function getAuthForTenant(tenantId) {
|
|
33
|
+
if (tenantId) {
|
|
34
|
+
return TernSecureTenantManager.authForTenant(tenantId);
|
|
35
|
+
}
|
|
36
|
+
return admin.auth();
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
// src/admin/sessionTernSecure.ts
|
|
40
|
+
var DEFAULT_COOKIE_CONFIG = {
|
|
41
|
+
DEFAULT_EXPIRES_IN_MS: 5 * 60 * 1e3,
|
|
42
|
+
// 5 minutes
|
|
43
|
+
DEFAULT_EXPIRES_IN_SECONDS: 5 * 60,
|
|
44
|
+
REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
|
|
45
|
+
};
|
|
46
|
+
var DEFAULT_COOKIE_OPTIONS = {
|
|
47
|
+
httpOnly: true,
|
|
48
|
+
secure: process.env.NODE_ENV === "production",
|
|
49
|
+
sameSite: "strict",
|
|
50
|
+
path: "/"
|
|
51
|
+
};
|
|
52
|
+
var getCookieName = (baseName, prefix) => {
|
|
53
|
+
return prefix ? `${prefix}${baseName}` : baseName;
|
|
54
|
+
};
|
|
55
|
+
var createCookieOptions = (maxAge, overrides) => {
|
|
56
|
+
return {
|
|
57
|
+
maxAge,
|
|
58
|
+
httpOnly: overrides?.httpOnly ?? DEFAULT_COOKIE_OPTIONS.httpOnly,
|
|
59
|
+
secure: overrides?.secure ?? DEFAULT_COOKIE_OPTIONS.secure,
|
|
60
|
+
sameSite: overrides?.sameSite ?? DEFAULT_COOKIE_OPTIONS.sameSite,
|
|
61
|
+
path: overrides?.path ?? DEFAULT_COOKIE_OPTIONS.path
|
|
62
|
+
};
|
|
63
|
+
};
|
|
64
|
+
var getCookiePrefix = () => {
|
|
65
|
+
const isProduction = process.env.NODE_ENV === "production";
|
|
66
|
+
return isProduction ? "__HOST-" : "__dev_";
|
|
67
|
+
};
|
|
68
|
+
async function createSessionCookie(params, cookieStore, options) {
|
|
69
|
+
try {
|
|
70
|
+
const tenantAuth = getAuthForTenant(options?.tenantId || "");
|
|
71
|
+
const idToken = typeof params === "string" ? params : params.idToken;
|
|
72
|
+
const refreshToken = typeof params === "string" ? void 0 : params.refreshToken;
|
|
73
|
+
if (!idToken) {
|
|
74
|
+
return {
|
|
75
|
+
success: false,
|
|
76
|
+
message: "ID token is required",
|
|
77
|
+
error: "INVALID_TOKEN"
|
|
78
|
+
};
|
|
79
|
+
}
|
|
80
|
+
let decodedToken;
|
|
81
|
+
try {
|
|
82
|
+
decodedToken = await tenantAuth.verifyIdToken(idToken);
|
|
83
|
+
} catch (verifyError) {
|
|
84
|
+
const authError = handleFirebaseAuthError(verifyError);
|
|
85
|
+
return {
|
|
86
|
+
success: false,
|
|
87
|
+
message: authError.message,
|
|
88
|
+
error: authError.code
|
|
89
|
+
};
|
|
90
|
+
}
|
|
91
|
+
const cookiePromises = [];
|
|
92
|
+
const cookiePrefix = getCookiePrefix();
|
|
93
|
+
const idTokenCookieName = getCookieName(constants.Cookies.IdToken, cookiePrefix);
|
|
94
|
+
cookiePromises.push(
|
|
95
|
+
cookieStore.set(
|
|
96
|
+
idTokenCookieName,
|
|
97
|
+
idToken,
|
|
98
|
+
createCookieOptions(DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS)
|
|
99
|
+
)
|
|
100
|
+
);
|
|
101
|
+
if (refreshToken) {
|
|
102
|
+
const refreshTokenCookieName = getCookieName(constants.Cookies.Refresh, cookiePrefix);
|
|
103
|
+
cookiePromises.push(
|
|
104
|
+
cookieStore.set(
|
|
105
|
+
refreshTokenCookieName,
|
|
106
|
+
refreshToken,
|
|
107
|
+
createCookieOptions(DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS)
|
|
108
|
+
)
|
|
109
|
+
);
|
|
110
|
+
}
|
|
111
|
+
if (options?.cookies) {
|
|
112
|
+
const sessionOptions = options.cookies;
|
|
113
|
+
const sessionCookieName = getCookieName(constants.Cookies.Session);
|
|
114
|
+
const expiresIn = sessionOptions.maxAge ? sessionOptions.maxAge * 1e3 : DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_MS;
|
|
115
|
+
try {
|
|
116
|
+
const sessionCookie = await tenantAuth.createSessionCookie(idToken, { expiresIn });
|
|
117
|
+
cookiePromises.push(
|
|
118
|
+
cookieStore.set(
|
|
119
|
+
sessionCookieName,
|
|
120
|
+
sessionCookie,
|
|
121
|
+
createCookieOptions(
|
|
122
|
+
sessionOptions.maxAge || DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS,
|
|
123
|
+
{
|
|
124
|
+
httpOnly: sessionOptions.httpOnly,
|
|
125
|
+
sameSite: sessionOptions.sameSite,
|
|
126
|
+
path: sessionOptions.path
|
|
127
|
+
}
|
|
128
|
+
)
|
|
129
|
+
)
|
|
130
|
+
);
|
|
131
|
+
} catch (sessionError) {
|
|
132
|
+
console.error(
|
|
133
|
+
"[createSessionCookie] Firebase session cookie creation failed:",
|
|
134
|
+
sessionError
|
|
135
|
+
);
|
|
136
|
+
const authError = handleFirebaseAuthError(sessionError);
|
|
137
|
+
return {
|
|
138
|
+
success: false,
|
|
139
|
+
message: authError.message,
|
|
140
|
+
error: authError.code
|
|
141
|
+
};
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
if (options?.enableCustomToken && decodedToken?.uid) {
|
|
145
|
+
const customTokenCookieName = getCookieName(constants.Cookies.Custom, cookiePrefix);
|
|
146
|
+
const customToken = await createCustomToken(decodedToken.uid, options);
|
|
147
|
+
if (customToken) {
|
|
148
|
+
cookiePromises.push(
|
|
149
|
+
cookieStore.set(
|
|
150
|
+
customTokenCookieName,
|
|
151
|
+
customToken,
|
|
152
|
+
createCookieOptions(DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS)
|
|
153
|
+
)
|
|
154
|
+
);
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
await Promise.all(cookiePromises);
|
|
158
|
+
return {
|
|
159
|
+
success: true,
|
|
160
|
+
message: "Session created successfully",
|
|
161
|
+
expiresIn: DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS
|
|
162
|
+
};
|
|
163
|
+
} catch (error) {
|
|
164
|
+
console.error("[createSessionCookie] Unexpected error:", error);
|
|
165
|
+
const authError = handleFirebaseAuthError(error);
|
|
166
|
+
return {
|
|
167
|
+
success: false,
|
|
168
|
+
message: authError.message || "Failed to create session",
|
|
169
|
+
error: authError.code || "INTERNAL_ERROR"
|
|
170
|
+
};
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
async function clearSessionCookie(cookieStore, options) {
|
|
174
|
+
try {
|
|
175
|
+
const adminAuth = getAuthForTenant(options?.tenantId || "");
|
|
176
|
+
const cookiePrefix = getCookiePrefix();
|
|
177
|
+
const sessionCookieName = getCookieName(constants.Cookies.Session, cookiePrefix);
|
|
178
|
+
const sessionCookie = await cookieStore.get(sessionCookieName);
|
|
179
|
+
const deletionPromises = [];
|
|
180
|
+
if (options?.cookies) {
|
|
181
|
+
deletionPromises.push(cookieStore.delete(sessionCookieName));
|
|
182
|
+
}
|
|
183
|
+
const idTokenCookieName = getCookieName(constants.Cookies.IdToken, cookiePrefix);
|
|
184
|
+
deletionPromises.push(cookieStore.delete(idTokenCookieName));
|
|
185
|
+
const refreshTokenCookieName = getCookieName(constants.Cookies.Refresh, cookiePrefix);
|
|
186
|
+
deletionPromises.push(cookieStore.delete(refreshTokenCookieName));
|
|
187
|
+
const customTokenCookieName = getCookieName(constants.Cookies.Custom, cookiePrefix);
|
|
188
|
+
deletionPromises.push(cookieStore.delete(customTokenCookieName));
|
|
189
|
+
const authTimeCookieName = constants.Cookies.TernAut;
|
|
190
|
+
deletionPromises.push(cookieStore.delete(authTimeCookieName));
|
|
191
|
+
deletionPromises.push(cookieStore.delete(constants.Cookies.Session));
|
|
192
|
+
await Promise.all(deletionPromises);
|
|
193
|
+
if (DEFAULT_COOKIE_CONFIG.REVOKE_REFRESH_TOKENS_ON_SIGNOUT && sessionCookie?.value) {
|
|
194
|
+
try {
|
|
195
|
+
const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie.value);
|
|
196
|
+
await adminAuth.revokeRefreshTokens(decodedClaims.sub);
|
|
197
|
+
} catch (revokeError) {
|
|
198
|
+
console.error("[clearSessionCookie] Failed to revoke refresh tokens:", revokeError);
|
|
199
|
+
}
|
|
200
|
+
}
|
|
201
|
+
return {
|
|
202
|
+
success: true,
|
|
203
|
+
message: "Session cleared successfully"
|
|
204
|
+
};
|
|
205
|
+
} catch (error) {
|
|
206
|
+
const authError = handleFirebaseAuthError(error);
|
|
207
|
+
return {
|
|
208
|
+
success: false,
|
|
209
|
+
message: authError.message || "Failed to clear session",
|
|
210
|
+
error: authError.code || "INTERNAL_ERROR"
|
|
211
|
+
};
|
|
212
|
+
}
|
|
213
|
+
}
|
|
214
|
+
async function createCustomToken(uid, options) {
|
|
215
|
+
const adminAuth = getAuthForTenant(options?.tenantId || "");
|
|
216
|
+
try {
|
|
217
|
+
const customToken = await adminAuth.createCustomToken(uid);
|
|
218
|
+
return customToken;
|
|
219
|
+
} catch (error) {
|
|
220
|
+
console.error("[createCustomToken] Error creating custom token:", error);
|
|
221
|
+
return null;
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
async function createCustomTokenClaims(uid, developerClaims) {
|
|
225
|
+
const adminAuth = getAuthForTenant();
|
|
226
|
+
try {
|
|
227
|
+
const customToken = await adminAuth.createCustomToken(uid, developerClaims);
|
|
228
|
+
return customToken;
|
|
229
|
+
} catch (error) {
|
|
230
|
+
console.error("[createCustomToken] Error creating custom token:", error);
|
|
231
|
+
return "";
|
|
232
|
+
}
|
|
233
|
+
}
|
|
234
|
+
|
|
235
|
+
// src/admin/tenant.ts
|
|
236
|
+
async function createTenant(displayName, emailSignInConfig, multiFactorConfig) {
|
|
237
|
+
try {
|
|
238
|
+
const tenantConfig = {
|
|
239
|
+
displayName,
|
|
240
|
+
emailSignInConfig,
|
|
241
|
+
...multiFactorConfig && { multiFactorConfig }
|
|
242
|
+
};
|
|
243
|
+
const tenant = await TernSecureTenantManager.createTenant(tenantConfig);
|
|
244
|
+
return {
|
|
245
|
+
success: true,
|
|
246
|
+
tenantId: tenant.tenantId,
|
|
247
|
+
displayName: tenant.displayName
|
|
248
|
+
};
|
|
249
|
+
} catch (error) {
|
|
250
|
+
console.error("Error creating tenant:", error);
|
|
251
|
+
throw new Error("Failed to create tenant");
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
async function createTenantUser(email, password, tenantId) {
|
|
255
|
+
try {
|
|
256
|
+
const tenantAuth = TernSecureTenantManager.authForTenant(tenantId);
|
|
257
|
+
const userRecord = await tenantAuth.createUser({
|
|
258
|
+
email,
|
|
259
|
+
password,
|
|
260
|
+
emailVerified: false,
|
|
261
|
+
disabled: false
|
|
262
|
+
});
|
|
263
|
+
return {
|
|
264
|
+
status: "success",
|
|
265
|
+
user: userRecord,
|
|
266
|
+
message: "Tenant user created successfully"
|
|
267
|
+
};
|
|
268
|
+
} catch (error) {
|
|
269
|
+
console.error("Error creating tenant user:", error);
|
|
270
|
+
throw new Error("Failed to create tenant user");
|
|
271
|
+
}
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
// src/admin/nextSessionTernSecure.ts
|
|
275
|
+
import { getCookieName as getCookieName2, getCookiePrefix as getCookiePrefix2 } from "@tern-secure/shared/cookie";
|
|
276
|
+
import { handleFirebaseAuthError as handleFirebaseAuthError2 } from "@tern-secure/shared/errors";
|
|
277
|
+
import { cookies } from "next/headers";
|
|
278
|
+
var SESSION_CONSTANTS = {
|
|
279
|
+
COOKIE_NAME: constants.Cookies.Session,
|
|
280
|
+
DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1e3,
|
|
281
|
+
// 5 days
|
|
282
|
+
DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5,
|
|
283
|
+
REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
|
|
284
|
+
};
|
|
285
|
+
var debugLog = {
|
|
286
|
+
log: (...args) => {
|
|
287
|
+
if (process.env.NODE_ENV === "development") {
|
|
288
|
+
console.log(...args);
|
|
289
|
+
}
|
|
290
|
+
},
|
|
291
|
+
warn: (...args) => {
|
|
292
|
+
if (process.env.NODE_ENV === "development") {
|
|
293
|
+
console.warn(...args);
|
|
294
|
+
}
|
|
295
|
+
},
|
|
296
|
+
error: (...args) => {
|
|
297
|
+
console.error(...args);
|
|
298
|
+
}
|
|
299
|
+
};
|
|
300
|
+
async function CreateNextSessionCookie(idToken) {
|
|
301
|
+
try {
|
|
302
|
+
const expiresIn = 60 * 60 * 24 * 5 * 1e3;
|
|
303
|
+
const sessionCookie = await adminTernSecureAuth.createSessionCookie(idToken, {
|
|
304
|
+
expiresIn
|
|
305
|
+
});
|
|
306
|
+
const cookieStore = await cookies();
|
|
307
|
+
cookieStore.set(constants.Cookies.Session, sessionCookie, {
|
|
308
|
+
maxAge: expiresIn,
|
|
309
|
+
httpOnly: true,
|
|
310
|
+
secure: process.env.NODE_ENV === "production",
|
|
311
|
+
path: "/"
|
|
312
|
+
});
|
|
313
|
+
return { success: true, message: "Session created" };
|
|
314
|
+
} catch (error) {
|
|
315
|
+
return { success: false, message: "Failed to create session" };
|
|
316
|
+
}
|
|
317
|
+
}
|
|
318
|
+
async function GetNextServerSessionCookie() {
|
|
319
|
+
const cookieStore = await cookies();
|
|
320
|
+
const sessionCookie = cookieStore.get("_session_cookie")?.value;
|
|
321
|
+
if (!sessionCookie) {
|
|
322
|
+
throw new Error("No session cookie found");
|
|
323
|
+
}
|
|
324
|
+
try {
|
|
325
|
+
const decondeClaims = await adminTernSecureAuth.verifySessionCookie(sessionCookie, true);
|
|
326
|
+
return {
|
|
327
|
+
token: sessionCookie,
|
|
328
|
+
userId: decondeClaims.uid
|
|
329
|
+
};
|
|
330
|
+
} catch (error) {
|
|
331
|
+
console.error("Error verifying session:", error);
|
|
332
|
+
throw new Error("Invalid Session");
|
|
333
|
+
}
|
|
334
|
+
}
|
|
335
|
+
async function GetNextIdToken() {
|
|
336
|
+
const cookieStore = await cookies();
|
|
337
|
+
const token = cookieStore.get("_session_token")?.value;
|
|
338
|
+
if (!token) {
|
|
339
|
+
throw new Error("No session cookie found");
|
|
340
|
+
}
|
|
341
|
+
try {
|
|
342
|
+
const decodedClaims = await adminTernSecureAuth.verifyIdToken(token);
|
|
343
|
+
return {
|
|
344
|
+
token,
|
|
345
|
+
userId: decodedClaims.uid
|
|
346
|
+
};
|
|
347
|
+
} catch (error) {
|
|
348
|
+
console.error("Error verifying session:", error);
|
|
349
|
+
throw new Error("Invalid Session");
|
|
350
|
+
}
|
|
351
|
+
}
|
|
352
|
+
async function SetNextServerSession(token) {
|
|
353
|
+
try {
|
|
354
|
+
const cookieStore = await cookies();
|
|
355
|
+
cookieStore.set("_session_token", token, {
|
|
356
|
+
httpOnly: true,
|
|
357
|
+
secure: process.env.NODE_ENV === "production",
|
|
358
|
+
sameSite: "strict",
|
|
359
|
+
maxAge: 60 * 60,
|
|
360
|
+
// 1 hour
|
|
361
|
+
path: "/"
|
|
362
|
+
});
|
|
363
|
+
return { success: true, message: "Session created" };
|
|
364
|
+
} catch {
|
|
365
|
+
return { success: false, message: "Failed to create session" };
|
|
366
|
+
}
|
|
367
|
+
}
|
|
368
|
+
async function SetNextServerToken(token) {
|
|
369
|
+
try {
|
|
370
|
+
const cookieStore = await cookies();
|
|
371
|
+
cookieStore.set("_tern", token, {
|
|
372
|
+
httpOnly: true,
|
|
373
|
+
secure: process.env.NODE_ENV === "production",
|
|
374
|
+
sameSite: "strict",
|
|
375
|
+
maxAge: 60 * 60,
|
|
376
|
+
// 1 hour
|
|
377
|
+
path: "/"
|
|
378
|
+
});
|
|
379
|
+
return { success: true, message: "Session created" };
|
|
380
|
+
} catch {
|
|
381
|
+
return { success: false, message: "Failed to create session" };
|
|
382
|
+
}
|
|
383
|
+
}
|
|
384
|
+
async function VerifyNextTernIdToken(token) {
|
|
385
|
+
try {
|
|
386
|
+
const decodedToken = await adminTernSecureAuth.verifyIdToken(token);
|
|
387
|
+
return {
|
|
388
|
+
...decodedToken,
|
|
389
|
+
valid: true
|
|
390
|
+
};
|
|
391
|
+
} catch (error) {
|
|
392
|
+
console.error("[VerifyNextTernIdToken] Error verifying session:", error);
|
|
393
|
+
const authError = handleFirebaseAuthError2(error);
|
|
394
|
+
return {
|
|
395
|
+
valid: false,
|
|
396
|
+
error: authError
|
|
397
|
+
};
|
|
398
|
+
}
|
|
399
|
+
}
|
|
400
|
+
async function VerifyNextTernSessionCookie(session) {
|
|
401
|
+
try {
|
|
402
|
+
const res = await adminTernSecureAuth.verifySessionCookie(session);
|
|
403
|
+
console.warn("[VerifyNextTernSessionCookie] uid in Decoded Token:", res.uid);
|
|
404
|
+
return {
|
|
405
|
+
valid: true,
|
|
406
|
+
...res
|
|
407
|
+
};
|
|
408
|
+
} catch (error) {
|
|
409
|
+
console.error("[VerifyNextTernSessionCookie] Error verifying session:", error);
|
|
410
|
+
const authError = handleFirebaseAuthError2(error);
|
|
411
|
+
return {
|
|
412
|
+
valid: false,
|
|
413
|
+
error: authError
|
|
414
|
+
};
|
|
415
|
+
}
|
|
416
|
+
}
|
|
417
|
+
async function ClearNextSessionCookie(tenantId, deleteOptions) {
|
|
418
|
+
try {
|
|
419
|
+
const tenantAuth = getAuthForTenant(tenantId || "");
|
|
420
|
+
const cookieStore = await cookies();
|
|
421
|
+
const sessionCookie = cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);
|
|
422
|
+
const cookiePrefix = getCookiePrefix2();
|
|
423
|
+
const idTokenCookieName = getCookieName2(constants.Cookies.IdToken, cookiePrefix);
|
|
424
|
+
const idTokenCookie = cookieStore.get(idTokenCookieName);
|
|
425
|
+
const finalDeleteOptions = {
|
|
426
|
+
path: deleteOptions?.path,
|
|
427
|
+
domain: deleteOptions?.domain,
|
|
428
|
+
httpOnly: deleteOptions?.httpOnly,
|
|
429
|
+
secure: deleteOptions?.secure,
|
|
430
|
+
sameSite: deleteOptions?.sameSite
|
|
431
|
+
};
|
|
432
|
+
const idRefreshCustomTokenDeleteOptions = {
|
|
433
|
+
path: "/",
|
|
434
|
+
httpOnly: true,
|
|
435
|
+
secure: process.env.NODE_ENV === "production",
|
|
436
|
+
sameSite: "strict"
|
|
437
|
+
};
|
|
438
|
+
cookieStore.delete({ name: SESSION_CONSTANTS.COOKIE_NAME, ...finalDeleteOptions });
|
|
439
|
+
cookieStore.delete({ name: constants.Cookies.TernAut });
|
|
440
|
+
cookieStore.delete({ name: idTokenCookieName, ...idRefreshCustomTokenDeleteOptions });
|
|
441
|
+
cookieStore.delete({
|
|
442
|
+
name: getCookieName2(constants.Cookies.Refresh, cookiePrefix),
|
|
443
|
+
...idRefreshCustomTokenDeleteOptions
|
|
444
|
+
});
|
|
445
|
+
cookieStore.delete({ name: constants.Cookies.Custom, ...idRefreshCustomTokenDeleteOptions });
|
|
446
|
+
const shouldRevokeTokens = deleteOptions?.revokeRefreshTokensOnSignOut ?? SESSION_CONSTANTS.REVOKE_REFRESH_TOKENS_ON_SIGNOUT;
|
|
447
|
+
if (shouldRevokeTokens) {
|
|
448
|
+
try {
|
|
449
|
+
let userSub;
|
|
450
|
+
if (sessionCookie?.value) {
|
|
451
|
+
try {
|
|
452
|
+
const decodedClaims = await tenantAuth.verifySessionCookie(sessionCookie.value);
|
|
453
|
+
userSub = decodedClaims.sub;
|
|
454
|
+
} catch (sessionError) {
|
|
455
|
+
debugLog.warn(
|
|
456
|
+
"[ClearNextSessionCookie] Session cookie verification failed:",
|
|
457
|
+
sessionError
|
|
458
|
+
);
|
|
459
|
+
}
|
|
460
|
+
}
|
|
461
|
+
if (!userSub) {
|
|
462
|
+
if (idTokenCookie?.value) {
|
|
463
|
+
try {
|
|
464
|
+
const decodedIdToken = await tenantAuth.verifyIdToken(idTokenCookie.value);
|
|
465
|
+
userSub = decodedIdToken.sub;
|
|
466
|
+
} catch (idTokenError) {
|
|
467
|
+
debugLog.warn("[ClearNextSessionCookie] ID token verification failed:", idTokenError);
|
|
468
|
+
}
|
|
469
|
+
}
|
|
470
|
+
}
|
|
471
|
+
if (userSub) {
|
|
472
|
+
await tenantAuth.revokeRefreshTokens(userSub);
|
|
473
|
+
debugLog.log(`[ClearNextSessionCookie] Successfully revoked tokens for user: ${userSub}`);
|
|
474
|
+
} else {
|
|
475
|
+
debugLog.warn("[ClearNextSessionCookie] No valid token found for revocation");
|
|
476
|
+
}
|
|
477
|
+
} catch (revokeError) {
|
|
478
|
+
debugLog.error("[ClearNextSessionCookie] Failed to revoke refresh tokens:", revokeError);
|
|
479
|
+
}
|
|
480
|
+
}
|
|
481
|
+
return { success: true, message: "Session cleared successfully" };
|
|
482
|
+
} catch (error) {
|
|
483
|
+
debugLog.error("Error clearing session:", error);
|
|
484
|
+
return { success: false, message: "Failed to clear session cookies" };
|
|
485
|
+
}
|
|
486
|
+
}
|
|
487
|
+
|
|
488
|
+
// src/instance/backendInstance.ts
|
|
489
|
+
var createBackendInstance = async (request) => {
|
|
490
|
+
const ternSecureRequest = createTernSecureRequest(request);
|
|
491
|
+
const requestState = await authenticateRequest(request);
|
|
492
|
+
return {
|
|
493
|
+
ternSecureRequest,
|
|
494
|
+
requestState
|
|
495
|
+
};
|
|
496
|
+
};
|
|
497
|
+
async function authenticateRequest(request) {
|
|
498
|
+
const sessionCookie = request.headers.get("cookie");
|
|
499
|
+
const sessionToken = sessionCookie?.split(";").find((c) => c.trim().startsWith("_session_cookie="))?.split("=")[1];
|
|
500
|
+
if (!sessionToken) {
|
|
501
|
+
throw new Error("No session token found");
|
|
502
|
+
}
|
|
503
|
+
const verificationResult = await VerifyNextTernSessionCookie(sessionToken);
|
|
504
|
+
if (!verificationResult.valid) {
|
|
505
|
+
throw new Error("Invalid session token");
|
|
506
|
+
}
|
|
507
|
+
return signedIn(
|
|
508
|
+
verificationResult,
|
|
509
|
+
new Headers(request.headers),
|
|
510
|
+
sessionToken
|
|
511
|
+
);
|
|
512
|
+
}
|
|
513
|
+
function signInAuthObject(session) {
|
|
514
|
+
return {
|
|
515
|
+
session,
|
|
516
|
+
userId: session.uid,
|
|
517
|
+
has: {}
|
|
518
|
+
};
|
|
519
|
+
}
|
|
520
|
+
function signedIn(session, headers = new Headers(), token) {
|
|
521
|
+
const authObject = signInAuthObject(session);
|
|
522
|
+
return {
|
|
523
|
+
auth: () => authObject,
|
|
524
|
+
token,
|
|
525
|
+
headers
|
|
526
|
+
};
|
|
527
|
+
}
|
|
528
|
+
|
|
529
|
+
// src/admin/user.ts
|
|
530
|
+
import { handleFirebaseAuthError as handleFirebaseAuthError3 } from "@tern-secure/shared/errors";
|
|
531
|
+
function RetrieveUser(tenantId) {
|
|
532
|
+
const auth = getAuthForTenant(tenantId);
|
|
533
|
+
async function getUserUid(uid) {
|
|
534
|
+
try {
|
|
535
|
+
const user = await auth.getUser(uid);
|
|
536
|
+
return { data: user, error: null };
|
|
537
|
+
} catch (error) {
|
|
538
|
+
return { data: null, error: handleFirebaseAuthError3(error) };
|
|
539
|
+
}
|
|
540
|
+
}
|
|
541
|
+
async function getUserByEmail(email) {
|
|
542
|
+
try {
|
|
543
|
+
const user = await auth.getUserByEmail(email);
|
|
544
|
+
return { data: user, error: null };
|
|
545
|
+
} catch (error) {
|
|
546
|
+
return { data: null, error: handleFirebaseAuthError3(error) };
|
|
547
|
+
}
|
|
548
|
+
}
|
|
549
|
+
async function getUserByPhoneNumber(phoneNumber) {
|
|
550
|
+
try {
|
|
551
|
+
const user = await auth.getUserByPhoneNumber(phoneNumber);
|
|
552
|
+
return { data: user, error: null };
|
|
553
|
+
} catch (error) {
|
|
554
|
+
return { data: null, error: handleFirebaseAuthError3(error) };
|
|
555
|
+
}
|
|
556
|
+
}
|
|
557
|
+
return {
|
|
558
|
+
getUserUid,
|
|
559
|
+
getUserByEmail,
|
|
560
|
+
getUserByPhoneNumber
|
|
561
|
+
};
|
|
562
|
+
}
|
|
25
563
|
export {
|
|
26
564
|
ClearNextSessionCookie,
|
|
27
565
|
CreateNextSessionCookie,
|
package/dist/admin/index.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../src/admin/sessionTernSecure.ts","../../src/utils/admin-init.ts","../../src/admin/tenant.ts","../../src/admin/nextSessionTernSecure.ts","../../src/instance/backendInstance.ts","../../src/admin/user.ts"],"sourcesContent":["'use server';\r\nimport { handleFirebaseAuthError } from '@tern-secure/shared/errors';\r\nimport type {\r\n CookieStore,\r\n SessionParams,\r\n SessionResult,\r\n TernSecureHandlerOptions,\r\n} from '@tern-secure/types';\r\n\r\nimport { constants } from '../constants';\r\nimport { getAuthForTenant } from '../utils/admin-init';\r\n\r\n\r\n/**\r\n * Generates cookie name with optional prefix\r\n */\r\n\r\nconst DEFAULT_COOKIE_CONFIG = {\r\n DEFAULT_EXPIRES_IN_MS: 5 * 60 * 1000, // 5 minutes\r\n DEFAULT_EXPIRES_IN_SECONDS: 5 * 60,\r\n REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true,\r\n} as const;\r\n\r\nconst DEFAULT_COOKIE_OPTIONS = {\r\n httpOnly: true,\r\n secure: process.env.NODE_ENV === 'production',\r\n sameSite: 'strict' as const,\r\n path: '/',\r\n} as const;\r\n\r\n/**\r\n * Generates cookie name with optional prefix\r\n */\r\nconst getCookieName = (baseName: string, prefix?: string): string => {\r\n return prefix ? `${prefix}${baseName}` : baseName;\r\n};\r\n\r\n/**\r\n * Creates standard cookie options with optional overrides\r\n */\r\nconst createCookieOptions = (\r\n maxAge: number,\r\n overrides?: {\r\n httpOnly?: boolean;\r\n secure?: boolean;\r\n sameSite?: 'strict' | 'lax' | 'none';\r\n path?: string;\r\n },\r\n) => {\r\n return {\r\n maxAge,\r\n httpOnly: overrides?.httpOnly ?? DEFAULT_COOKIE_OPTIONS.httpOnly,\r\n secure: overrides?.secure ?? DEFAULT_COOKIE_OPTIONS.secure,\r\n sameSite: overrides?.sameSite ?? DEFAULT_COOKIE_OPTIONS.sameSite,\r\n path: overrides?.path ?? DEFAULT_COOKIE_OPTIONS.path,\r\n };\r\n};\r\n\r\n/**\r\n * Determines the appropriate cookie prefix based on environment and options\r\n */\r\nconst getCookiePrefix = (): string => {\r\n const isProduction = process.env.NODE_ENV === 'production';\r\n return isProduction ? '__HOST-' : '__dev_';\r\n};\r\n\r\n/**\r\n * Creates cookies for user session management\r\n * @param params - Session parameters containing idToken and optional refreshToken\r\n * @param cookieStore - Cookie store interface for managing cookies\r\n * @param options - TernSecure handler options containing cookie configurations\r\n */\r\nexport async function createSessionCookie(\r\n params: SessionParams | string,\r\n cookieStore: CookieStore,\r\n options?: TernSecureHandlerOptions,\r\n): Promise<SessionResult> {\r\n try {\r\n const tenantAuth = getAuthForTenant(options?.tenantId || '');\r\n\r\n const idToken = typeof params === 'string' ? params : params.idToken;\r\n const refreshToken = typeof params === 'string' ? undefined : (params as any).refreshToken;\r\n\r\n if (!idToken) {\r\n return {\r\n success: false,\r\n message: 'ID token is required',\r\n error: 'INVALID_TOKEN',\r\n };\r\n }\r\n\r\n // Verify the ID token\r\n let decodedToken;\r\n try {\r\n decodedToken = await tenantAuth.verifyIdToken(idToken);\r\n } catch (verifyError) {\r\n const authError = handleFirebaseAuthError(verifyError);\r\n return {\r\n success: false,\r\n message: authError.message,\r\n error: authError.code,\r\n };\r\n }\r\n\r\n const cookiePromises: Promise<void>[] = [];\r\n const cookiePrefix = getCookiePrefix();\r\n\r\n // Always set idToken cookie by default\r\n const idTokenCookieName = getCookieName(constants.Cookies.IdToken, cookiePrefix);\r\n cookiePromises.push(\r\n cookieStore.set(\r\n idTokenCookieName,\r\n idToken,\r\n createCookieOptions(DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS),\r\n ),\r\n );\r\n\r\n // Always set refreshToken cookie by default if provided\r\n if (refreshToken) {\r\n const refreshTokenCookieName = getCookieName(constants.Cookies.Refresh, cookiePrefix);\r\n cookiePromises.push(\r\n cookieStore.set(\r\n refreshTokenCookieName,\r\n refreshToken,\r\n createCookieOptions(DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS),\r\n ),\r\n );\r\n }\r\n\r\n // Create and set session cookie only if session config is provided\r\n if (options?.cookies) {\r\n const sessionOptions = options.cookies;\r\n const sessionCookieName = getCookieName(constants.Cookies.Session);\r\n const expiresIn = sessionOptions.maxAge\r\n ? sessionOptions.maxAge * 1000\r\n : DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_MS;\r\n\r\n try {\r\n const sessionCookie = await tenantAuth.createSessionCookie(idToken, { expiresIn });\r\n cookiePromises.push(\r\n cookieStore.set(\r\n sessionCookieName,\r\n sessionCookie,\r\n createCookieOptions(\r\n sessionOptions.maxAge || DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS,\r\n {\r\n httpOnly: sessionOptions.httpOnly,\r\n sameSite: sessionOptions.sameSite,\r\n path: sessionOptions.path,\r\n },\r\n ),\r\n ),\r\n );\r\n } catch (sessionError) {\r\n console.error(\r\n '[createSessionCookie] Firebase session cookie creation failed:',\r\n sessionError,\r\n );\r\n const authError = handleFirebaseAuthError(sessionError);\r\n return {\r\n success: false,\r\n message: authError.message,\r\n error: authError.code,\r\n };\r\n }\r\n }\r\n\r\n // Create and set custom token cookie only if enableCustomToken is true\r\n if (options?.enableCustomToken && decodedToken?.uid) {\r\n const customTokenCookieName = getCookieName(constants.Cookies.Custom, cookiePrefix);\r\n const customToken = await createCustomToken(decodedToken.uid, options);\r\n if (customToken) {\r\n cookiePromises.push(\r\n cookieStore.set(\r\n customTokenCookieName,\r\n customToken,\r\n createCookieOptions(DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS),\r\n ),\r\n );\r\n }\r\n }\r\n\r\n await Promise.all(cookiePromises);\r\n\r\n return {\r\n success: true,\r\n message: 'Session created successfully',\r\n expiresIn: DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS,\r\n };\r\n } catch (error) {\r\n console.error('[createSessionCookie] Unexpected error:', error);\r\n const authError = handleFirebaseAuthError(error);\r\n return {\r\n success: false,\r\n message: authError.message || 'Failed to create session',\r\n error: authError.code || 'INTERNAL_ERROR',\r\n };\r\n }\r\n}\r\n\r\n/**\r\n * Clears user session cookies\r\n * @param cookieStore - Cookie store interface for managing cookies\r\n * @param options - TernSecure handler options containing cookie configurations\r\n */\r\nexport async function clearSessionCookie(\r\n cookieStore: CookieStore,\r\n options?: TernSecureHandlerOptions,\r\n): Promise<SessionResult> {\r\n try {\r\n const adminAuth = getAuthForTenant(options?.tenantId || '');\r\n const cookiePrefix = getCookiePrefix();\r\n\r\n // Get the session cookie name for revocation purposes\r\n const sessionCookieName = getCookieName(constants.Cookies.Session, cookiePrefix);\r\n const sessionCookie = await cookieStore.get(sessionCookieName);\r\n\r\n const deletionPromises: Promise<void>[] = [];\r\n\r\n // Delete all cookie types\r\n // Session cookie (only if it was configured)\r\n if (options?.cookies) {\r\n deletionPromises.push(cookieStore.delete(sessionCookieName));\r\n }\r\n\r\n // Always delete default cookies\r\n const idTokenCookieName = getCookieName(constants.Cookies.IdToken, cookiePrefix);\r\n deletionPromises.push(cookieStore.delete(idTokenCookieName));\r\n\r\n const refreshTokenCookieName = getCookieName(constants.Cookies.Refresh, cookiePrefix);\r\n deletionPromises.push(cookieStore.delete(refreshTokenCookieName));\r\n\r\n const customTokenCookieName = getCookieName(constants.Cookies.Custom, cookiePrefix);\r\n deletionPromises.push(cookieStore.delete(customTokenCookieName));\r\n\r\n // Delete auth_time cookie\r\n const authTimeCookieName = constants.Cookies.TernAut;\r\n deletionPromises.push(cookieStore.delete(authTimeCookieName));\r\n\r\n // Also delete legacy cookie names for backward compatibility\r\n deletionPromises.push(cookieStore.delete(constants.Cookies.Session));\r\n\r\n await Promise.all(deletionPromises);\r\n\r\n // Revoke refresh tokens if session cookie exists and revocation is enabled\r\n if (DEFAULT_COOKIE_CONFIG.REVOKE_REFRESH_TOKENS_ON_SIGNOUT && sessionCookie?.value) {\r\n try {\r\n const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie.value);\r\n await adminAuth.revokeRefreshTokens(decodedClaims.sub);\r\n } catch (revokeError) {\r\n console.error('[clearSessionCookie] Failed to revoke refresh tokens:', revokeError);\r\n }\r\n }\r\n\r\n return {\r\n success: true,\r\n message: 'Session cleared successfully',\r\n };\r\n } catch (error) {\r\n const authError = handleFirebaseAuthError(error);\r\n return {\r\n success: false,\r\n message: authError.message || 'Failed to clear session',\r\n error: authError.code || 'INTERNAL_ERROR',\r\n };\r\n }\r\n}\r\n\r\n/**\r\n * Creates a custom token for a user\r\n * @param uid - User ID to create the custom token for\r\n * @param options - TernSecure handler options\r\n * @returns Promise resolving to the custom token string or null if creation fails\r\n */\r\nexport async function createCustomToken(\r\n uid: string,\r\n options?: TernSecureHandlerOptions,\r\n): Promise<string | null> {\r\n const adminAuth = getAuthForTenant(options?.tenantId || '');\r\n try {\r\n const customToken = await adminAuth.createCustomToken(uid);\r\n return customToken;\r\n } catch (error) {\r\n console.error('[createCustomToken] Error creating custom token:', error);\r\n return null;\r\n }\r\n}\r\n\r\n\r\nexport async function createCustomTokenClaims(\r\n uid: string,\r\n developerClaims?: { [key: string]: unknown },\r\n): Promise<string> {\r\n const adminAuth = getAuthForTenant();\r\n try {\r\n const customToken = await adminAuth.createCustomToken(uid, developerClaims);\r\n return customToken;\r\n } catch (error) {\r\n console.error('[createCustomToken] Error creating custom token:', error);\r\n return '';\r\n }\r\n}\r\n","import admin from 'firebase-admin';\r\nimport { getAppCheck } from \"firebase-admin/app-check\";\r\n\r\nimport { initializeAdminConfig } from './config';\r\n\r\nif (!admin.apps.length) {\r\n try {\r\n const config = initializeAdminConfig();\r\n admin.initializeApp({\r\n credential: admin.credential.cert({\r\n ...config,\r\n privateKey: config.privateKey.replace(/\\\\n/g, '\\n'),\r\n }),\r\n });\r\n } catch (error) {\r\n console.error('Firebase admin initialization error', error);\r\n }\r\n}\r\n\r\nexport const adminTernSecureAuth: admin.auth.Auth = admin.auth();\r\nexport const adminTernSecureDb: admin.firestore.Firestore = admin.firestore();\r\nexport const TernSecureTenantManager: admin.auth.TenantManager = admin.auth().tenantManager();\r\nexport const appCheckAdmin: admin.appCheck.AppCheck = getAppCheck();\r\n\r\n/**\r\n * Gets the appropriate Firebase Auth instance.\r\n * If a tenantId is provided, it returns the Auth instance for that tenant.\r\n * Otherwise, it returns the default project-level Auth instance.\r\n * @param tenantId - The optional tenant ID.\r\n * @returns An admin.auth.Auth instance.\r\n */\r\nexport function getAuthForTenant(tenantId?: string): admin.auth.Auth {\r\n if (tenantId) {\r\n return TernSecureTenantManager.authForTenant(tenantId) as unknown as admin.auth.Auth;\r\n }\r\n return admin.auth();\r\n}","import type { SignInResponse } from '@tern-secure/types';\r\n\r\nimport { TernSecureTenantManager } from \"../utils/admin-init\";\r\n\r\n\r\nexport async function createTenant(\r\n displayName: string,\r\n emailSignInConfig: {\r\n enabled: boolean;\r\n passwordRequired: boolean;\r\n },\r\n multiFactorConfig?: {\r\n state: 'ENABLED' | 'DISABLED';\r\n factorIds: \"phone\"[];\r\n testPhoneNumbers?: {\r\n [phoneNumber: string]: string;\r\n }\r\n }\r\n) {\r\n try {\r\n const tenantConfig = {\r\n displayName,\r\n emailSignInConfig,\r\n ...(multiFactorConfig && { multiFactorConfig })\r\n };\r\n\r\n const tenant = await TernSecureTenantManager.createTenant(tenantConfig);\r\n \r\n return {\r\n success: true,\r\n tenantId: tenant.tenantId,\r\n displayName: tenant.displayName,\r\n };\r\n } catch (error) {\r\n console.error('Error creating tenant:', error);\r\n throw new Error('Failed to create tenant');\r\n }\r\n}\r\n\r\nexport async function createTenantUser(\r\n email: string,\r\n password: string,\r\n tenantId: string\r\n): Promise<SignInResponse> {\r\n try {\r\n const tenantAuth = TernSecureTenantManager.authForTenant(tenantId);\r\n \r\n const userRecord = await tenantAuth.createUser({\r\n email,\r\n password,\r\n emailVerified: false,\r\n disabled: false\r\n });\r\n\r\n return {\r\n status: 'success',\r\n user: userRecord,\r\n message: 'Tenant user created successfully',\r\n };\r\n } catch (error) {\r\n console.error('Error creating tenant user:', error);\r\n throw new Error('Failed to create tenant user');\r\n }\r\n}\r\n","'use server';\n\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\nimport { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport type { CookieStore, SessionResult, TernVerificationResult } from '@tern-secure/types';\nimport { cookies } from 'next/headers';\n\nimport { constants } from '../constants';\nimport { adminTernSecureAuth as adminAuth, getAuthForTenant } from '../utils/admin-init';\n\nconst SESSION_CONSTANTS = {\n COOKIE_NAME: constants.Cookies.Session,\n DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1000, // 5 days\n DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5,\n REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true,\n} as const;\n\n/**\n * Helper function to log debug messages only in development environment\n */\nconst debugLog = {\n log: (...args: unknown[]) => {\n if (process.env.NODE_ENV === 'development') {\n console.log(...args);\n }\n },\n warn: (...args: unknown[]) => {\n if (process.env.NODE_ENV === 'development') {\n console.warn(...args);\n }\n },\n error: (...args: unknown[]) => {\n console.error(...args);\n },\n};\n\nexport async function CreateNextSessionCookie(idToken: string) {\n try {\n const expiresIn = 60 * 60 * 24 * 5 * 1000;\n const sessionCookie = await adminAuth.createSessionCookie(idToken, {\n expiresIn,\n });\n\n const cookieStore = await cookies();\n cookieStore.set(constants.Cookies.Session, sessionCookie, {\n maxAge: expiresIn,\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n path: '/',\n });\n return { success: true, message: 'Session created' };\n } catch (error) {\n return { success: false, message: 'Failed to create session' };\n }\n}\n\nexport async function GetNextServerSessionCookie() {\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\n\n if (!sessionCookie) {\n throw new Error('No session cookie found');\n }\n\n try {\n const decondeClaims = await adminAuth.verifySessionCookie(sessionCookie, true);\n return {\n token: sessionCookie,\n userId: decondeClaims.uid,\n };\n } catch (error) {\n console.error('Error verifying session:', error);\n throw new Error('Invalid Session');\n }\n}\n\nexport async function GetNextIdToken() {\n const cookieStore = await cookies();\n const token = cookieStore.get('_session_token')?.value;\n\n if (!token) {\n throw new Error('No session cookie found');\n }\n\n try {\n const decodedClaims = await adminAuth.verifyIdToken(token);\n return {\n token: token,\n userId: decodedClaims.uid,\n };\n } catch (error) {\n console.error('Error verifying session:', error);\n throw new Error('Invalid Session');\n }\n}\n\nexport async function SetNextServerSession(token: string) {\n try {\n const cookieStore = await cookies();\n cookieStore.set('_session_token', token, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 60 * 60, // 1 hour\n path: '/',\n });\n return { success: true, message: 'Session created' };\n } catch {\n return { success: false, message: 'Failed to create session' };\n }\n}\n\nexport async function SetNextServerToken(token: string) {\n try {\n const cookieStore = await cookies();\n cookieStore.set('_tern', token, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 60 * 60, // 1 hour\n path: '/',\n });\n return { success: true, message: 'Session created' };\n } catch {\n return { success: false, message: 'Failed to create session' };\n }\n}\n\nexport async function VerifyNextTernIdToken(token: string): Promise<TernVerificationResult> {\n try {\n const decodedToken = await adminAuth.verifyIdToken(token);\n return {\n ...decodedToken,\n valid: true,\n };\n } catch (error) {\n console.error('[VerifyNextTernIdToken] Error verifying session:', error);\n const authError = handleFirebaseAuthError(error);\n return {\n valid: false,\n error: authError,\n };\n }\n}\n\nexport async function VerifyNextTernSessionCookie(\n session: string,\n): Promise<TernVerificationResult> {\n try {\n const res = await adminAuth.verifySessionCookie(session);\n console.warn('[VerifyNextTernSessionCookie] uid in Decoded Token:', res.uid);\n return {\n valid: true,\n ...res,\n };\n } catch (error) {\n console.error('[VerifyNextTernSessionCookie] Error verifying session:', error);\n const authError = handleFirebaseAuthError(error);\n return {\n valid: false,\n error: authError,\n };\n }\n}\n\nexport async function ClearNextSessionCookie(\n tenantId?: string,\n deleteOptions?: {\n path?: string;\n domain?: string;\n httpOnly?: boolean;\n secure?: boolean;\n sameSite?: 'lax' | 'strict' | 'none';\n revokeRefreshTokensOnSignOut?: boolean;\n },\n): Promise<SessionResult> {\n try {\n const tenantAuth = getAuthForTenant(tenantId || '');\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);\n const cookiePrefix = getCookiePrefix();\n const idTokenCookieName = getCookieName(constants.Cookies.IdToken, cookiePrefix);\n const idTokenCookie = cookieStore.get(idTokenCookieName);\n\n const finalDeleteOptions = {\n path: deleteOptions?.path,\n domain: deleteOptions?.domain,\n httpOnly: deleteOptions?.httpOnly,\n secure: deleteOptions?.secure,\n sameSite: deleteOptions?.sameSite,\n };\n\n const idRefreshCustomTokenDeleteOptions = {\n path: '/',\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict' as const,\n };\n\n cookieStore.delete({ name: SESSION_CONSTANTS.COOKIE_NAME, ...finalDeleteOptions });\n cookieStore.delete({ name: constants.Cookies.TernAut });\n \n cookieStore.delete({ name: idTokenCookieName, ...idRefreshCustomTokenDeleteOptions });\n cookieStore.delete({\n name: getCookieName(constants.Cookies.Refresh, cookiePrefix),\n ...idRefreshCustomTokenDeleteOptions,\n });\n cookieStore.delete({ name: constants.Cookies.Custom, ...idRefreshCustomTokenDeleteOptions });\n\n const shouldRevokeTokens =\n deleteOptions?.revokeRefreshTokensOnSignOut ??\n SESSION_CONSTANTS.REVOKE_REFRESH_TOKENS_ON_SIGNOUT;\n\n if (shouldRevokeTokens) {\n try {\n let userSub: string | undefined;\n\n // Try to get user sub from session cookie first\n if (sessionCookie?.value) {\n try {\n const decodedClaims = await tenantAuth.verifySessionCookie(sessionCookie.value);\n userSub = decodedClaims.sub;\n } catch (sessionError) {\n debugLog.warn(\n '[ClearNextSessionCookie] Session cookie verification failed:',\n sessionError,\n );\n }\n }\n\n // If no session cookie, try idToken cookie\n if (!userSub) {\n if (idTokenCookie?.value) {\n try {\n const decodedIdToken = await tenantAuth.verifyIdToken(idTokenCookie.value);\n userSub = decodedIdToken.sub;\n } catch (idTokenError) {\n debugLog.warn('[ClearNextSessionCookie] ID token verification failed:', idTokenError);\n }\n }\n }\n\n // Revoke tokens if we got a user sub\n if (userSub) {\n await tenantAuth.revokeRefreshTokens(userSub);\n debugLog.log(`[ClearNextSessionCookie] Successfully revoked tokens for user: ${userSub}`);\n } else {\n debugLog.warn('[ClearNextSessionCookie] No valid token found for revocation');\n }\n } catch (revokeError) {\n debugLog.error('[ClearNextSessionCookie] Failed to revoke refresh tokens:', revokeError);\n }\n }\n return { success: true, message: 'Session cleared successfully' };\n } catch (error) {\n debugLog.error('Error clearing session:', error);\n return { success: false, message: 'Failed to clear session cookies' };\n }\n}\n\nexport async function ClearNextSessionCookie_old(cookieStore: CookieStore): Promise<SessionResult> {\n try {\n const cookiePrefix = getCookiePrefix();\n\n const deletionPromises: Promise<void>[] = [];\n\n // Always delete default cookies\n const idTokenCookieName = getCookieName(constants.Cookies.IdToken, cookiePrefix);\n deletionPromises.push(cookieStore.delete(idTokenCookieName));\n\n const refreshTokenCookieName = getCookieName(constants.Cookies.Refresh, cookiePrefix);\n deletionPromises.push(cookieStore.delete(refreshTokenCookieName));\n\n const customTokenCookieName = getCookieName(constants.Cookies.Custom, cookiePrefix);\n deletionPromises.push(cookieStore.delete(customTokenCookieName));\n\n // Also delete legacy cookie names for backward compatibility\n deletionPromises.push(cookieStore.delete(constants.Cookies.Session));\n\n await Promise.all(deletionPromises);\n\n return {\n success: true,\n message: 'Session cleared successfully',\n };\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n success: false,\n message: authError.message || 'Failed to clear session',\n error: authError.code || 'INTERNAL_ERROR',\n };\n }\n}\n","import type { CheckCustomClaims, DecodedIdToken,SharedSignInAuthObjectProperties } from \"@tern-secure/types\";\n\nimport { VerifyNextTernSessionCookie } from \"../admin/nextSessionTernSecure\";\nimport type { TernSecureRequest} from \"../tokens/ternSecureRequest\";\nimport { createTernSecureRequest } from \"../tokens/ternSecureRequest\";\n\nexport type SignInAuthObject = SharedSignInAuthObjectProperties & {\n has: CheckCustomClaims\n}\n\nexport type SignInState = {\n auth: () => SignInAuthObject\n token: string\n headers: Headers\n}\n\nexport type RequestState = SignInState\n\nexport interface BackendInstance {\n ternSecureRequest: TernSecureRequest;\n requestState: RequestState;\n}\n\nexport const createBackendInstance = async (request: Request): Promise<BackendInstance> => {\n const ternSecureRequest = createTernSecureRequest(request);\n const requestState = await authenticateRequest(request);\n \n return {\n ternSecureRequest,\n requestState,\n };\n};\n\nexport async function authenticateRequest(request: Request): Promise<RequestState> {\n const sessionCookie = request.headers.get('cookie');\n const sessionToken = sessionCookie?.split(';')\n .find(c => c.trim().startsWith('_session_cookie='))\n ?.split('=')[1];\n \n if (!sessionToken) {\n throw new Error(\"No session token found\");\n }\n\n const verificationResult = await VerifyNextTernSessionCookie(sessionToken);\n\n if (!verificationResult.valid) {\n throw new Error(\"Invalid session token\");\n }\n\n return signedIn(\n verificationResult as DecodedIdToken,\n new Headers(request.headers),\n sessionToken\n );\n}\n\nexport function signInAuthObject(\n session: DecodedIdToken,\n): SignInAuthObject {\n return {\n session,\n userId: session.uid,\n has: {} as CheckCustomClaims,\n };\n}\n\nexport function signedIn(\n session: DecodedIdToken,\n headers: Headers = new Headers(),\n token: string\n): SignInState {\n const authObject = signInAuthObject(session);\n return {\n auth: () => authObject,\n token,\n headers,\n };\n}\n","import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport type { AuthErrorResponse } from '@tern-secure/types';\nimport type { UserRecord } from 'firebase-admin/auth';\n\nimport { getAuthForTenant } from '../utils/admin-init';\n\ntype RetrieveUserResult = {\n data: UserRecord;\n error: null;\n} | {\n data: null;\n error: AuthErrorResponse;\n}\n\nexport function RetrieveUser(tenantId?: string) {\n const auth = getAuthForTenant(tenantId);\n\n async function getUserUid(uid: string): Promise<RetrieveUserResult> {\n try {\n const user = await auth.getUser(uid);\n return { data: user, error: null };\n } catch (error) {\n return { data: null, error: handleFirebaseAuthError(error) };\n }\n }\n async function getUserByEmail(email: string): Promise<RetrieveUserResult> {\n try {\n const user = await auth.getUserByEmail(email);\n return { data: user, error: null };\n } catch (error) {\n return { data: null, error: handleFirebaseAuthError(error) };\n }\n }\n\n async function getUserByPhoneNumber(phoneNumber: string): Promise<RetrieveUserResult> {\n try {\n const user = await auth.getUserByPhoneNumber(phoneNumber);\n return { data: user, error: null };\n } catch (error) {\n return { data: null, error: handleFirebaseAuthError(error) };\n }\n }\n\n return {\n getUserUid,\n getUserByEmail,\n getUserByPhoneNumber,\n }\n}"],"mappings":";;;;;;;;;AACA,SAAS,+BAA+B;;;ACDxC,OAAO,WAAW;AAClB,SAAS,mBAAmB;AAI5B,IAAI,CAAC,MAAM,KAAK,QAAQ;AACtB,MAAI;AACF,UAAM,SAAS,sBAAsB;AACrC,UAAM,cAAc;AAAA,MAClB,YAAY,MAAM,WAAW,KAAK;AAAA,QAChC,GAAG;AAAA,QACH,YAAY,OAAO,WAAW,QAAQ,QAAQ,IAAI;AAAA,MACpD,CAAC;AAAA,IACH,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,uCAAuC,KAAK;AAAA,EAC5D;AACF;AAEO,IAAM,sBAAuC,MAAM,KAAK;AACxD,IAAM,oBAA+C,MAAM,UAAU;AACrE,IAAM,0BAAoD,MAAM,KAAK,EAAE,cAAc;AACrF,IAAM,gBAAyC,YAAY;AAS3D,SAAS,iBAAiB,UAAoC;AACnE,MAAI,UAAU;AACZ,WAAO,wBAAwB,cAAc,QAAQ;AAAA,EACvD;AACA,SAAO,MAAM,KAAK;AACpB;;;ADnBA,IAAM,wBAAwB;AAAA,EAC5B,uBAAuB,IAAI,KAAK;AAAA;AAAA,EAChC,4BAA4B,IAAI;AAAA,EAChC,kCAAkC;AACpC;AAEA,IAAM,yBAAyB;AAAA,EAC7B,UAAU;AAAA,EACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,MAAM;AACR;AAKA,IAAM,gBAAgB,CAAC,UAAkB,WAA4B;AACnE,SAAO,SAAS,GAAG,MAAM,GAAG,QAAQ,KAAK;AAC3C;AAKA,IAAM,sBAAsB,CAC1B,QACA,cAMG;AACH,SAAO;AAAA,IACL;AAAA,IACA,UAAU,WAAW,YAAY,uBAAuB;AAAA,IACxD,QAAQ,WAAW,UAAU,uBAAuB;AAAA,IACpD,UAAU,WAAW,YAAY,uBAAuB;AAAA,IACxD,MAAM,WAAW,QAAQ,uBAAuB;AAAA,EAClD;AACF;AAKA,IAAM,kBAAkB,MAAc;AACpC,QAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,SAAO,eAAe,YAAY;AACpC;AAQA,eAAsB,oBACpB,QACA,aACA,SACwB;AACxB,MAAI;AACF,UAAM,aAAa,iBAAiB,SAAS,YAAY,EAAE;AAE3D,UAAM,UAAU,OAAO,WAAW,WAAW,SAAS,OAAO;AAC7D,UAAM,eAAe,OAAO,WAAW,WAAW,SAAa,OAAe;AAE9E,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,OAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,qBAAe,MAAM,WAAW,cAAc,OAAO;AAAA,IACvD,SAAS,aAAa;AACpB,YAAM,YAAY,wBAAwB,WAAW;AACrD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAEA,UAAM,iBAAkC,CAAC;AACzC,UAAM,eAAe,gBAAgB;AAGrC,UAAM,oBAAoB,cAAc,UAAU,QAAQ,SAAS,YAAY;AAC/E,mBAAe;AAAA,MACb,YAAY;AAAA,QACV;AAAA,QACA;AAAA,QACA,oBAAoB,sBAAsB,0BAA0B;AAAA,MACtE;AAAA,IACF;AAGA,QAAI,cAAc;AAChB,YAAM,yBAAyB,cAAc,UAAU,QAAQ,SAAS,YAAY;AACpF,qBAAe;AAAA,QACb,YAAY;AAAA,UACV;AAAA,UACA;AAAA,UACA,oBAAoB,sBAAsB,0BAA0B;AAAA,QACtE;AAAA,MACF;AAAA,IACF;AAGA,QAAI,SAAS,SAAS;AACpB,YAAM,iBAAiB,QAAQ;AAC/B,YAAM,oBAAoB,cAAc,UAAU,QAAQ,OAAO;AACjE,YAAM,YAAY,eAAe,SAC7B,eAAe,SAAS,MACxB,sBAAsB;AAE1B,UAAI;AACF,cAAM,gBAAgB,MAAM,WAAW,oBAAoB,SAAS,EAAE,UAAU,CAAC;AACjF,uBAAe;AAAA,UACb,YAAY;AAAA,YACV;AAAA,YACA;AAAA,YACA;AAAA,cACE,eAAe,UAAU,sBAAsB;AAAA,cAC/C;AAAA,gBACE,UAAU,eAAe;AAAA,gBACzB,UAAU,eAAe;AAAA,gBACzB,MAAM,eAAe;AAAA,cACvB;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF,SAAS,cAAc;AACrB,gBAAQ;AAAA,UACN;AAAA,UACA;AAAA,QACF;AACA,cAAM,YAAY,wBAAwB,YAAY;AACtD,eAAO;AAAA,UACL,SAAS;AAAA,UACT,SAAS,UAAU;AAAA,UACnB,OAAO,UAAU;AAAA,QACnB;AAAA,MACF;AAAA,IACF;AAGA,QAAI,SAAS,qBAAqB,cAAc,KAAK;AACnD,YAAM,wBAAwB,cAAc,UAAU,QAAQ,QAAQ,YAAY;AAClF,YAAM,cAAc,MAAM,kBAAkB,aAAa,KAAK,OAAO;AACrE,UAAI,aAAa;AACf,uBAAe;AAAA,UACb,YAAY;AAAA,YACV;AAAA,YACA;AAAA,YACA,oBAAoB,sBAAsB,0BAA0B;AAAA,UACtE;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,UAAM,QAAQ,IAAI,cAAc;AAEhC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,WAAW,sBAAsB;AAAA,IACnC;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,2CAA2C,KAAK;AAC9D,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU,WAAW;AAAA,MAC9B,OAAO,UAAU,QAAQ;AAAA,IAC3B;AAAA,EACF;AACF;AAOA,eAAsB,mBACpB,aACA,SACwB;AACxB,MAAI;AACF,UAAM,YAAY,iBAAiB,SAAS,YAAY,EAAE;AAC1D,UAAM,eAAe,gBAAgB;AAGrC,UAAM,oBAAoB,cAAc,UAAU,QAAQ,SAAS,YAAY;AAC/E,UAAM,gBAAgB,MAAM,YAAY,IAAI,iBAAiB;AAE7D,UAAM,mBAAoC,CAAC;AAI3C,QAAI,SAAS,SAAS;AACpB,uBAAiB,KAAK,YAAY,OAAO,iBAAiB,CAAC;AAAA,IAC7D;AAGA,UAAM,oBAAoB,cAAc,UAAU,QAAQ,SAAS,YAAY;AAC/E,qBAAiB,KAAK,YAAY,OAAO,iBAAiB,CAAC;AAE3D,UAAM,yBAAyB,cAAc,UAAU,QAAQ,SAAS,YAAY;AACpF,qBAAiB,KAAK,YAAY,OAAO,sBAAsB,CAAC;AAEhE,UAAM,wBAAwB,cAAc,UAAU,QAAQ,QAAQ,YAAY;AAClF,qBAAiB,KAAK,YAAY,OAAO,qBAAqB,CAAC;AAG/D,UAAM,qBAAqB,UAAU,QAAQ;AAC7C,qBAAiB,KAAK,YAAY,OAAO,kBAAkB,CAAC;AAG5D,qBAAiB,KAAK,YAAY,OAAO,UAAU,QAAQ,OAAO,CAAC;AAEnE,UAAM,QAAQ,IAAI,gBAAgB;AAGlC,QAAI,sBAAsB,oCAAoC,eAAe,OAAO;AAClF,UAAI;AACF,cAAM,gBAAgB,MAAM,UAAU,oBAAoB,cAAc,KAAK;AAC7E,cAAM,UAAU,oBAAoB,cAAc,GAAG;AAAA,MACvD,SAAS,aAAa;AACpB,gBAAQ,MAAM,yDAAyD,WAAW;AAAA,MACpF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,IACX;AAAA,EACF,SAAS,OAAO;AACd,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU,WAAW;AAAA,MAC9B,OAAO,UAAU,QAAQ;AAAA,IAC3B;AAAA,EACF;AACF;AAQA,eAAsB,kBACpB,KACA,SACwB;AACxB,QAAM,YAAY,iBAAiB,SAAS,YAAY,EAAE;AAC1D,MAAI;AACF,UAAM,cAAc,MAAM,UAAU,kBAAkB,GAAG;AACzD,WAAO;AAAA,EACT,SAAS,OAAO;AACd,YAAQ,MAAM,oDAAoD,KAAK;AACvE,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,wBACpB,KACA,iBACiB;AACjB,QAAM,YAAY,iBAAiB;AACnC,MAAI;AACF,UAAM,cAAc,MAAM,UAAU,kBAAkB,KAAK,eAAe;AAC1E,WAAO;AAAA,EACT,SAAS,OAAO;AACd,YAAQ,MAAM,oDAAoD,KAAK;AACvE,WAAO;AAAA,EACT;AACF;;;AExSA,eAAsB,aACpB,aACA,mBAIA,mBAOA;AACA,MAAI;AACF,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA,GAAI,qBAAqB,EAAE,kBAAkB;AAAA,IAC/C;AAEA,UAAM,SAAS,MAAM,wBAAwB,aAAa,YAAY;AAEtE,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU,OAAO;AAAA,MACjB,aAAa,OAAO;AAAA,IACtB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,0BAA0B,KAAK;AAC7C,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AACF;AAEA,eAAsB,iBACpB,OACA,UACA,UACyB;AACzB,MAAI;AACF,UAAM,aAAa,wBAAwB,cAAc,QAAQ;AAEjE,UAAM,aAAa,MAAM,WAAW,WAAW;AAAA,MAC7C;AAAA,MACA;AAAA,MACA,eAAe;AAAA,MACf,UAAU;AAAA,IACZ,CAAC;AAED,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACF;;;AC7DA,SAAS,iBAAAA,gBAAe,mBAAAC,wBAAuB;AAC/C,SAAS,2BAAAC,gCAA+B;AAExC,SAAS,eAAe;AAKxB,IAAM,oBAAoB;AAAA,EACxB,aAAa,UAAU,QAAQ;AAAA,EAC/B,uBAAuB,KAAK,KAAK,KAAK,IAAI;AAAA;AAAA,EAC1C,4BAA4B,KAAK,KAAK,KAAK;AAAA,EAC3C,kCAAkC;AACpC;AAKA,IAAM,WAAW;AAAA,EACf,KAAK,IAAI,SAAoB;AAC3B,QAAI,QAAQ,IAAI,aAAa,eAAe;AAC1C,cAAQ,IAAI,GAAG,IAAI;AAAA,IACrB;AAAA,EACF;AAAA,EACA,MAAM,IAAI,SAAoB;AAC5B,QAAI,QAAQ,IAAI,aAAa,eAAe;AAC1C,cAAQ,KAAK,GAAG,IAAI;AAAA,IACtB;AAAA,EACF;AAAA,EACA,OAAO,IAAI,SAAoB;AAC7B,YAAQ,MAAM,GAAG,IAAI;AAAA,EACvB;AACF;AAEA,eAAsB,wBAAwB,SAAiB;AAC7D,MAAI;AACF,UAAM,YAAY,KAAK,KAAK,KAAK,IAAI;AACrC,UAAM,gBAAgB,MAAM,oBAAU,oBAAoB,SAAS;AAAA,MACjE;AAAA,IACF,CAAC;AAED,UAAM,cAAc,MAAM,QAAQ;AAClC,gBAAY,IAAI,UAAU,QAAQ,SAAS,eAAe;AAAA,MACxD,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,MAAM;AAAA,IACR,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACrD,SAAS,OAAO;AACd,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EAC/D;AACF;AAEA,eAAsB,6BAA6B;AACjD,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,gBAAgB,YAAY,IAAI,iBAAiB,GAAG;AAE1D,MAAI,CAAC,eAAe;AAClB,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,oBAAU,oBAAoB,eAAe,IAAI;AAC7E,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAEA,eAAsB,iBAAiB;AACrC,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,QAAQ,YAAY,IAAI,gBAAgB,GAAG;AAEjD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,oBAAU,cAAc,KAAK;AACzD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAEA,eAAsB,qBAAqB,OAAe;AACxD,MAAI;AACF,UAAM,cAAc,MAAM,QAAQ;AAClC,gBAAY,IAAI,kBAAkB,OAAO;AAAA,MACvC,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,UAAU;AAAA,MACV,QAAQ,KAAK;AAAA;AAAA,MACb,MAAM;AAAA,IACR,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACrD,QAAQ;AACN,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EAC/D;AACF;AAEA,eAAsB,mBAAmB,OAAe;AACtD,MAAI;AACF,UAAM,cAAc,MAAM,QAAQ;AAClC,gBAAY,IAAI,SAAS,OAAO;AAAA,MAC9B,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,UAAU;AAAA,MACV,QAAQ,KAAK;AAAA;AAAA,MACb,MAAM;AAAA,IACR,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACrD,QAAQ;AACN,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EAC/D;AACF;AAEA,eAAsB,sBAAsB,OAAgD;AAC1F,MAAI;AACF,UAAM,eAAe,MAAM,oBAAU,cAAc,KAAK;AACxD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,oDAAoD,KAAK;AACvE,UAAM,YAAYC,yBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAsB,4BACpB,SACiC;AACjC,MAAI;AACF,UAAM,MAAM,MAAM,oBAAU,oBAAoB,OAAO;AACvD,YAAQ,KAAK,uDAAuD,IAAI,GAAG;AAC3E,WAAO;AAAA,MACL,OAAO;AAAA,MACP,GAAG;AAAA,IACL;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,0DAA0D,KAAK;AAC7E,UAAM,YAAYA,yBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,eAAsB,uBACpB,UACA,eAQwB;AACxB,MAAI;AACF,UAAM,aAAa,iBAAiB,YAAY,EAAE;AAClD,UAAM,cAAc,MAAM,QAAQ;AAClC,UAAM,gBAAgB,YAAY,IAAI,kBAAkB,WAAW;AACnE,UAAM,eAAeC,iBAAgB;AACrC,UAAM,oBAAoBC,eAAc,UAAU,QAAQ,SAAS,YAAY;AAC/E,UAAM,gBAAgB,YAAY,IAAI,iBAAiB;AAEvD,UAAM,qBAAqB;AAAA,MACzB,MAAM,eAAe;AAAA,MACrB,QAAQ,eAAe;AAAA,MACvB,UAAU,eAAe;AAAA,MACzB,QAAQ,eAAe;AAAA,MACvB,UAAU,eAAe;AAAA,IAC3B;AAEA,UAAM,oCAAoC;AAAA,MACxC,MAAM;AAAA,MACN,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,UAAU;AAAA,IACZ;AAEA,gBAAY,OAAO,EAAE,MAAM,kBAAkB,aAAa,GAAG,mBAAmB,CAAC;AACjF,gBAAY,OAAO,EAAE,MAAM,UAAU,QAAQ,QAAQ,CAAC;AAEtD,gBAAY,OAAO,EAAE,MAAM,mBAAmB,GAAG,kCAAkC,CAAC;AACpF,gBAAY,OAAO;AAAA,MACjB,MAAMA,eAAc,UAAU,QAAQ,SAAS,YAAY;AAAA,MAC3D,GAAG;AAAA,IACL,CAAC;AACD,gBAAY,OAAO,EAAE,MAAM,UAAU,QAAQ,QAAQ,GAAG,kCAAkC,CAAC;AAE3F,UAAM,qBACJ,eAAe,gCACf,kBAAkB;AAEpB,QAAI,oBAAoB;AACtB,UAAI;AACF,YAAI;AAGJ,YAAI,eAAe,OAAO;AACxB,cAAI;AACF,kBAAM,gBAAgB,MAAM,WAAW,oBAAoB,cAAc,KAAK;AAC9E,sBAAU,cAAc;AAAA,UAC1B,SAAS,cAAc;AACrB,qBAAS;AAAA,cACP;AAAA,cACA;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAGA,YAAI,CAAC,SAAS;AACZ,cAAI,eAAe,OAAO;AACxB,gBAAI;AACF,oBAAM,iBAAiB,MAAM,WAAW,cAAc,cAAc,KAAK;AACzE,wBAAU,eAAe;AAAA,YAC3B,SAAS,cAAc;AACrB,uBAAS,KAAK,0DAA0D,YAAY;AAAA,YACtF;AAAA,UACF;AAAA,QACF;AAGA,YAAI,SAAS;AACX,gBAAM,WAAW,oBAAoB,OAAO;AAC5C,mBAAS,IAAI,kEAAkE,OAAO,EAAE;AAAA,QAC1F,OAAO;AACL,mBAAS,KAAK,8DAA8D;AAAA,QAC9E;AAAA,MACF,SAAS,aAAa;AACpB,iBAAS,MAAM,6DAA6D,WAAW;AAAA,MACzF;AAAA,IACF;AACA,WAAO,EAAE,SAAS,MAAM,SAAS,+BAA+B;AAAA,EAClE,SAAS,OAAO;AACd,aAAS,MAAM,2BAA2B,KAAK;AAC/C,WAAO,EAAE,SAAS,OAAO,SAAS,kCAAkC;AAAA,EACtE;AACF;;;AC3OO,IAAM,wBAAwB,OAAO,YAA+C;AACzF,QAAM,oBAAoB,wBAAwB,OAAO;AACzD,QAAM,eAAe,MAAM,oBAAoB,OAAO;AAEtD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,oBAAoB,SAAyC;AACjF,QAAM,gBAAgB,QAAQ,QAAQ,IAAI,QAAQ;AAClD,QAAM,eAAe,eAAe,MAAM,GAAG,EAC1C,KAAK,OAAK,EAAE,KAAK,EAAE,WAAW,kBAAkB,CAAC,GAChD,MAAM,GAAG,EAAE,CAAC;AAEhB,MAAI,CAAC,cAAc;AACjB,UAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AAEA,QAAM,qBAAqB,MAAM,4BAA4B,YAAY;AAEzE,MAAI,CAAC,mBAAmB,OAAO;AAC7B,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACzC;AAEA,SAAO;AAAA,IACL;AAAA,IACA,IAAI,QAAQ,QAAQ,OAAO;AAAA,IAC3B;AAAA,EACF;AACF;AAEO,SAAS,iBACd,SACkB;AAClB,SAAO;AAAA,IACL;AAAA,IACA,QAAQ,QAAQ;AAAA,IAChB,KAAK,CAAC;AAAA,EACR;AACF;AAEO,SAAS,SACd,SACA,UAAmB,IAAI,QAAQ,GAC/B,OACa;AACb,QAAM,aAAa,iBAAiB,OAAO;AAC3C,SAAO;AAAA,IACL,MAAM,MAAM;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AACF;;;AC7EA,SAAS,2BAAAC,gCAA+B;AAcjC,SAAS,aAAa,UAAmB;AAC5C,QAAM,OAAO,iBAAiB,QAAQ;AAEtC,iBAAe,WAAW,KAA0C;AAChE,QAAI;AACA,YAAM,OAAO,MAAM,KAAK,QAAQ,GAAG;AACnC,aAAO,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,IACrC,SAAS,OAAO;AACZ,aAAO,EAAE,MAAM,MAAM,OAAOC,yBAAwB,KAAK,EAAE;AAAA,IAC/D;AAAA,EACJ;AACA,iBAAe,eAAe,OAA4C;AACtE,QAAI;AACA,YAAM,OAAO,MAAM,KAAK,eAAe,KAAK;AAC5C,aAAO,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,IACrC,SAAS,OAAO;AACZ,aAAO,EAAE,MAAM,MAAM,OAAOA,yBAAwB,KAAK,EAAE;AAAA,IAC/D;AAAA,EACJ;AAEA,iBAAe,qBAAqB,aAAkD;AAClF,QAAI;AACA,YAAM,OAAO,MAAM,KAAK,qBAAqB,WAAW;AACxD,aAAO,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,IACrC,SAAS,OAAO;AACZ,aAAO,EAAE,MAAM,MAAM,OAAOA,yBAAwB,KAAK,EAAE;AAAA,IAC/D;AAAA,EACJ;AAEA,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;","names":["getCookieName","getCookiePrefix","handleFirebaseAuthError","handleFirebaseAuthError","getCookiePrefix","getCookieName","handleFirebaseAuthError","handleFirebaseAuthError"]}
|