npm - @tern-secure/backend - Versions diffs - 1.2.0-canary.v20251202164451 → 1.2.0-canary.v20251202175855 - Mend

@tern-secure/backend 1.2.0-canary.v20251202164451 → 1.2.0-canary.v20251202175855

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/app-check/package.json +5 -0
package/dist/admin/index.mjs +561 -23
package/dist/admin/index.mjs.map +1 -1
package/dist/app-check/index.js +4 -119
package/dist/app-check/index.js.map +1 -1
package/dist/app-check/index.mjs +2 -2
package/dist/app-check/serverAppCheck.d.ts.map +1 -1
package/dist/auth/index.js +3 -148
package/dist/auth/index.js.map +1 -1
package/dist/auth/index.mjs +2 -2
package/dist/chunk-4NYVEI6S.mjs +142 -0
package/dist/chunk-4NYVEI6S.mjs.map +1 -0
package/dist/chunk-PYNFU7M3.mjs +71 -0
package/dist/chunk-PYNFU7M3.mjs.map +1 -0
package/dist/{chunk-UCSJDX6Y.mjs → chunk-ZGZR5TER.mjs} +7 -6
package/dist/chunk-ZGZR5TER.mjs.map +1 -0
package/dist/fireRestApi/endpoints/SignInApi.d.ts +4 -1
package/dist/fireRestApi/endpoints/SignInApi.d.ts.map +1 -1
package/dist/index.js +15 -104
package/dist/index.js.map +1 -1
package/dist/index.mjs +13 -6
package/dist/index.mjs.map +1 -1
package/package.json +5 -3
package/dist/chunk-34QENCWP.mjs +0 -784
package/dist/chunk-34QENCWP.mjs.map +0 -1
package/dist/chunk-UCSJDX6Y.mjs.map +0 -1

package/dist/chunk-34QENCWP.mjs DELETED Viewed

@@ -1,784 +0,0 @@
-// src/admin/sessionTernSecure.ts
-import { handleFirebaseAuthError } from "@tern-secure/shared/errors";
-// src/constants.ts
-var GOOGLE_PUBLIC_KEYS_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
-var FIREBASE_APP_CHECK_AUDIENCE = "https://firebaseappcheck.googleapis.com/google.firebase.appcheck.v1.TokenExchangeService";
-var MAX_CACHE_LAST_UPDATED_AT_SECONDS = 5 * 60;
-var DEFAULT_CACHE_DURATION = 3600 * 1e3;
-var CACHE_CONTROL_REGEX = /max-age=(\d+)/;
-var TOKEN_EXPIRY_THRESHOLD_MILLIS = 5 * 60 * 1e3;
-var GOOGLE_TOKEN_AUDIENCE = "https://accounts.google.com/o/oauth2/token";
-var GOOGLE_AUTH_TOKEN_HOST = "accounts.google.com";
-var GOOGLE_AUTH_TOKEN_PATH = "/o/oauth2/token";
-var ONE_HOUR_IN_SECONDS = 60 * 60;
-var ONE_MINUTE_IN_SECONDS = 60;
-var ONE_MINUTE_IN_MILLIS = ONE_MINUTE_IN_SECONDS * 1e3;
-var ONE_DAY_IN_MILLIS = 24 * 60 * 60 * 1e3;
-var Attributes = {
-  AuthToken: "__ternsecureAuthToken",
-  AuthSignature: "__ternsecureAuthSignature",
-  AuthStatus: "__ternsecureAuthStatus",
-  AuthReason: "__ternsecureAuthReason",
-  AuthMessage: "__ternsecureAuthMessage",
-  TernSecureUrl: "__ternsecureUrl"
-};
-var Cookies = {
-  Session: "__session",
-  CsrfToken: "__terncf",
-  IdToken: "TernSecure_[DEFAULT]",
-  Refresh: "TernSecureID_[DEFAULT]",
-  Custom: "__custom",
-  TernAut: "tern_aut",
-  Handshake: "__ternsecure_handshake",
-  DevBrowser: "__ternsecure_db_jwt",
-  RedirectCount: "__ternsecure_redirect_count",
-  HandshakeNonce: "__ternsecure_handshake_nonce"
-};
-var QueryParameters = {
-  TernSynced: "__tern_synced",
-  SuffixedCookies: "suffixed_cookies",
-  TernRedirectUrl: "__tern_redirect_url",
-  // use the reference to Cookies to indicate that it's the same value
-  DevBrowser: Cookies.DevBrowser,
-  Handshake: Cookies.Handshake,
-  HandshakeHelp: "__tern_help",
-  LegacyDevBrowser: "__dev_session",
-  HandshakeReason: "__tern_hs_reason",
-  HandshakeNonce: Cookies.HandshakeNonce
-};
-var Headers2 = {
-  Accept: "accept",
-  AppCheckToken: "x-ternsecure-appcheck",
-  AuthMessage: "x-ternsecure-auth-message",
-  Authorization: "authorization",
-  AuthReason: "x-ternsecure-auth-reason",
-  AuthSignature: "x-ternsecure-auth-signature",
-  AuthStatus: "x-ternsecure-auth-status",
-  AuthToken: "x-ternsecure-auth-token",
-  CacheControl: "cache-control",
-  TernSecureRedirectTo: "x-ternsecure-redirect-to",
-  TernSecureRequestData: "x-ternsecure-request-data",
-  TernSecureUrl: "x-ternsecure-url",
-  CloudFrontForwardedProto: "cloudfront-forwarded-proto",
-  ContentType: "content-type",
-  ContentSecurityPolicy: "content-security-policy",
-  ContentSecurityPolicyReportOnly: "content-security-policy-report-only",
-  EnableDebug: "x-ternsecure-debug",
-  ForwardedHost: "x-forwarded-host",
-  ForwardedPort: "x-forwarded-port",
-  ForwardedProto: "x-forwarded-proto",
-  Host: "host",
-  Location: "location",
-  Nonce: "x-nonce",
-  Origin: "origin",
-  Referrer: "referer",
-  SecFetchDest: "sec-fetch-dest",
-  UserAgent: "user-agent",
-  ReportingEndpoints: "reporting-endpoints"
-};
-var ContentTypes = {
-  Json: "application/json"
-};
-var constants = {
-  Attributes,
-  Cookies,
-  Headers: Headers2,
-  ContentTypes,
-  QueryParameters
-};
-// src/utils/admin-init.ts
-import admin from "firebase-admin";
-import { getAppCheck } from "firebase-admin/app-check";
-// src/utils/config.ts
-var loadAdminConfig = () => ({
-  projectId: process.env.FIREBASE_PROJECT_ID || "",
-  clientEmail: process.env.FIREBASE_CLIENT_EMAIL || "",
-  privateKey: process.env.FIREBASE_PRIVATE_KEY || ""
-});
-var validateAdminConfig = (config) => {
-  const requiredFields = [
-    "projectId",
-    "clientEmail",
-    "privateKey"
-  ];
-  const errors = [];
-  requiredFields.forEach((field) => {
-    if (!config[field]) {
-      errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`);
-    }
-  });
-  return {
-    isValid: errors.length === 0,
-    errors,
-    config
-  };
-};
-var initializeAdminConfig = () => {
-  const config = loadAdminConfig();
-  const validationResult = validateAdminConfig(config);
-  if (!validationResult.isValid) {
-    throw new Error(
-      `Firebase Admin configuration validation failed:
-${validationResult.errors.join("\n")}`
-    );
-  }
-  return config;
-};
-// src/utils/admin-init.ts
-if (!admin.apps.length) {
-  try {
-    const config = initializeAdminConfig();
-    admin.initializeApp({
-      credential: admin.credential.cert({
-        ...config,
-        privateKey: config.privateKey.replace(/\\n/g, "\n")
-      })
-    });
-  } catch (error) {
-    console.error("Firebase admin initialization error", error);
-  }
-}
-var adminTernSecureAuth = admin.auth();
-var adminTernSecureDb = admin.firestore();
-var TernSecureTenantManager = admin.auth().tenantManager();
-var appCheckAdmin = getAppCheck();
-function getAuthForTenant(tenantId) {
-  if (tenantId) {
-    return TernSecureTenantManager.authForTenant(tenantId);
-  }
-  return admin.auth();
-}
-// src/admin/sessionTernSecure.ts
-var DEFAULT_COOKIE_CONFIG = {
-  DEFAULT_EXPIRES_IN_MS: 5 * 60 * 1e3,
-  // 5 minutes
-  DEFAULT_EXPIRES_IN_SECONDS: 5 * 60,
-  REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
-};
-var DEFAULT_COOKIE_OPTIONS = {
-  httpOnly: true,
-  secure: process.env.NODE_ENV === "production",
-  sameSite: "strict",
-  path: "/"
-};
-var getCookieName = (baseName, prefix) => {
-  return prefix ? `${prefix}${baseName}` : baseName;
-};
-var createCookieOptions = (maxAge, overrides) => {
-  return {
-    maxAge,
-    httpOnly: overrides?.httpOnly ?? DEFAULT_COOKIE_OPTIONS.httpOnly,
-    secure: overrides?.secure ?? DEFAULT_COOKIE_OPTIONS.secure,
-    sameSite: overrides?.sameSite ?? DEFAULT_COOKIE_OPTIONS.sameSite,
-    path: overrides?.path ?? DEFAULT_COOKIE_OPTIONS.path
-  };
-};
-var getCookiePrefix = () => {
-  const isProduction = process.env.NODE_ENV === "production";
-  return isProduction ? "__HOST-" : "__dev_";
-};
-async function createSessionCookie(params, cookieStore, options) {
-  try {
-    const tenantAuth = getAuthForTenant(options?.tenantId || "");
-    const idToken = typeof params === "string" ? params : params.idToken;
-    const refreshToken = typeof params === "string" ? void 0 : params.refreshToken;
-    if (!idToken) {
-      return {
-        success: false,
-        message: "ID token is required",
-        error: "INVALID_TOKEN"
-      };
-    }
-    let decodedToken;
-    try {
-      decodedToken = await tenantAuth.verifyIdToken(idToken);
-    } catch (verifyError) {
-      const authError = handleFirebaseAuthError(verifyError);
-      return {
-        success: false,
-        message: authError.message,
-        error: authError.code
-      };
-    }
-    const cookiePromises = [];
-    const cookiePrefix = getCookiePrefix();
-    const idTokenCookieName = getCookieName(constants.Cookies.IdToken, cookiePrefix);
-    cookiePromises.push(
-      cookieStore.set(
-        idTokenCookieName,
-        idToken,
-        createCookieOptions(DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS)
-      )
-    );
-    if (refreshToken) {
-      const refreshTokenCookieName = getCookieName(constants.Cookies.Refresh, cookiePrefix);
-      cookiePromises.push(
-        cookieStore.set(
-          refreshTokenCookieName,
-          refreshToken,
-          createCookieOptions(DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS)
-        )
-      );
-    }
-    if (options?.cookies) {
-      const sessionOptions = options.cookies;
-      const sessionCookieName = getCookieName(constants.Cookies.Session);
-      const expiresIn = sessionOptions.maxAge ? sessionOptions.maxAge * 1e3 : DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_MS;
-      try {
-        const sessionCookie = await tenantAuth.createSessionCookie(idToken, { expiresIn });
-        cookiePromises.push(
-          cookieStore.set(
-            sessionCookieName,
-            sessionCookie,
-            createCookieOptions(
-              sessionOptions.maxAge || DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS,
-              {
-                httpOnly: sessionOptions.httpOnly,
-                sameSite: sessionOptions.sameSite,
-                path: sessionOptions.path
-              }
-            )
-          )
-        );
-      } catch (sessionError) {
-        console.error(
-          "[createSessionCookie] Firebase session cookie creation failed:",
-          sessionError
-        );
-        const authError = handleFirebaseAuthError(sessionError);
-        return {
-          success: false,
-          message: authError.message,
-          error: authError.code
-        };
-      }
-    }
-    if (options?.enableCustomToken && decodedToken?.uid) {
-      const customTokenCookieName = getCookieName(constants.Cookies.Custom, cookiePrefix);
-      const customToken = await createCustomToken(decodedToken.uid, options);
-      if (customToken) {
-        cookiePromises.push(
-          cookieStore.set(
-            customTokenCookieName,
-            customToken,
-            createCookieOptions(DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS)
-          )
-        );
-      }
-    }
-    await Promise.all(cookiePromises);
-    return {
-      success: true,
-      message: "Session created successfully",
-      expiresIn: DEFAULT_COOKIE_CONFIG.DEFAULT_EXPIRES_IN_SECONDS
-    };
-  } catch (error) {
-    console.error("[createSessionCookie] Unexpected error:", error);
-    const authError = handleFirebaseAuthError(error);
-    return {
-      success: false,
-      message: authError.message || "Failed to create session",
-      error: authError.code || "INTERNAL_ERROR"
-    };
-  }
-}
-async function clearSessionCookie(cookieStore, options) {
-  try {
-    const adminAuth = getAuthForTenant(options?.tenantId || "");
-    const cookiePrefix = getCookiePrefix();
-    const sessionCookieName = getCookieName(constants.Cookies.Session, cookiePrefix);
-    const sessionCookie = await cookieStore.get(sessionCookieName);
-    const deletionPromises = [];
-    if (options?.cookies) {
-      deletionPromises.push(cookieStore.delete(sessionCookieName));
-    }
-    const idTokenCookieName = getCookieName(constants.Cookies.IdToken, cookiePrefix);
-    deletionPromises.push(cookieStore.delete(idTokenCookieName));
-    const refreshTokenCookieName = getCookieName(constants.Cookies.Refresh, cookiePrefix);
-    deletionPromises.push(cookieStore.delete(refreshTokenCookieName));
-    const customTokenCookieName = getCookieName(constants.Cookies.Custom, cookiePrefix);
-    deletionPromises.push(cookieStore.delete(customTokenCookieName));
-    const authTimeCookieName = constants.Cookies.TernAut;
-    deletionPromises.push(cookieStore.delete(authTimeCookieName));
-    deletionPromises.push(cookieStore.delete(constants.Cookies.Session));
-    await Promise.all(deletionPromises);
-    if (DEFAULT_COOKIE_CONFIG.REVOKE_REFRESH_TOKENS_ON_SIGNOUT && sessionCookie?.value) {
-      try {
-        const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie.value);
-        await adminAuth.revokeRefreshTokens(decodedClaims.sub);
-      } catch (revokeError) {
-        console.error("[clearSessionCookie] Failed to revoke refresh tokens:", revokeError);
-      }
-    }
-    return {
-      success: true,
-      message: "Session cleared successfully"
-    };
-  } catch (error) {
-    const authError = handleFirebaseAuthError(error);
-    return {
-      success: false,
-      message: authError.message || "Failed to clear session",
-      error: authError.code || "INTERNAL_ERROR"
-    };
-  }
-}
-async function createCustomToken(uid, options) {
-  const adminAuth = getAuthForTenant(options?.tenantId || "");
-  try {
-    const customToken = await adminAuth.createCustomToken(uid);
-    return customToken;
-  } catch (error) {
-    console.error("[createCustomToken] Error creating custom token:", error);
-    return null;
-  }
-}
-async function createCustomTokenClaims(uid, developerClaims) {
-  const adminAuth = getAuthForTenant();
-  try {
-    const customToken = await adminAuth.createCustomToken(uid, developerClaims);
-    return customToken;
-  } catch (error) {
-    console.error("[createCustomToken] Error creating custom token:", error);
-    return "";
-  }
-}
-// src/admin/tenant.ts
-async function createTenant(displayName, emailSignInConfig, multiFactorConfig) {
-  try {
-    const tenantConfig = {
-      displayName,
-      emailSignInConfig,
-      ...multiFactorConfig && { multiFactorConfig }
-    };
-    const tenant = await TernSecureTenantManager.createTenant(tenantConfig);
-    return {
-      success: true,
-      tenantId: tenant.tenantId,
-      displayName: tenant.displayName
-    };
-  } catch (error) {
-    console.error("Error creating tenant:", error);
-    throw new Error("Failed to create tenant");
-  }
-}
-async function createTenantUser(email, password, tenantId) {
-  try {
-    const tenantAuth = TernSecureTenantManager.authForTenant(tenantId);
-    const userRecord = await tenantAuth.createUser({
-      email,
-      password,
-      emailVerified: false,
-      disabled: false
-    });
-    return {
-      status: "success",
-      user: userRecord,
-      message: "Tenant user created successfully"
-    };
-  } catch (error) {
-    console.error("Error creating tenant user:", error);
-    throw new Error("Failed to create tenant user");
-  }
-}
-// src/admin/nextSessionTernSecure.ts
-import { getCookieName as getCookieName2, getCookiePrefix as getCookiePrefix2 } from "@tern-secure/shared/cookie";
-import { handleFirebaseAuthError as handleFirebaseAuthError2 } from "@tern-secure/shared/errors";
-import { cookies } from "next/headers";
-var SESSION_CONSTANTS = {
-  COOKIE_NAME: constants.Cookies.Session,
-  DEFAULT_EXPIRES_IN_MS: 60 * 60 * 24 * 5 * 1e3,
-  // 5 days
-  DEFAULT_EXPIRES_IN_SECONDS: 60 * 60 * 24 * 5,
-  REVOKE_REFRESH_TOKENS_ON_SIGNOUT: true
-};
-var debugLog = {
-  log: (...args) => {
-    if (process.env.NODE_ENV === "development") {
-      console.log(...args);
-    }
-  },
-  warn: (...args) => {
-    if (process.env.NODE_ENV === "development") {
-      console.warn(...args);
-    }
-  },
-  error: (...args) => {
-    console.error(...args);
-  }
-};
-async function CreateNextSessionCookie(idToken) {
-  try {
-    const expiresIn = 60 * 60 * 24 * 5 * 1e3;
-    const sessionCookie = await adminTernSecureAuth.createSessionCookie(idToken, {
-      expiresIn
-    });
-    const cookieStore = await cookies();
-    cookieStore.set(constants.Cookies.Session, sessionCookie, {
-      maxAge: expiresIn,
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      path: "/"
-    });
-    return { success: true, message: "Session created" };
-  } catch (error) {
-    return { success: false, message: "Failed to create session" };
-  }
-}
-async function GetNextServerSessionCookie() {
-  const cookieStore = await cookies();
-  const sessionCookie = cookieStore.get("_session_cookie")?.value;
-  if (!sessionCookie) {
-    throw new Error("No session cookie found");
-  }
-  try {
-    const decondeClaims = await adminTernSecureAuth.verifySessionCookie(sessionCookie, true);
-    return {
-      token: sessionCookie,
-      userId: decondeClaims.uid
-    };
-  } catch (error) {
-    console.error("Error verifying session:", error);
-    throw new Error("Invalid Session");
-  }
-}
-async function GetNextIdToken() {
-  const cookieStore = await cookies();
-  const token = cookieStore.get("_session_token")?.value;
-  if (!token) {
-    throw new Error("No session cookie found");
-  }
-  try {
-    const decodedClaims = await adminTernSecureAuth.verifyIdToken(token);
-    return {
-      token,
-      userId: decodedClaims.uid
-    };
-  } catch (error) {
-    console.error("Error verifying session:", error);
-    throw new Error("Invalid Session");
-  }
-}
-async function SetNextServerSession(token) {
-  try {
-    const cookieStore = await cookies();
-    cookieStore.set("_session_token", token, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      sameSite: "strict",
-      maxAge: 60 * 60,
-      // 1 hour
-      path: "/"
-    });
-    return { success: true, message: "Session created" };
-  } catch {
-    return { success: false, message: "Failed to create session" };
-  }
-}
-async function SetNextServerToken(token) {
-  try {
-    const cookieStore = await cookies();
-    cookieStore.set("_tern", token, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      sameSite: "strict",
-      maxAge: 60 * 60,
-      // 1 hour
-      path: "/"
-    });
-    return { success: true, message: "Session created" };
-  } catch {
-    return { success: false, message: "Failed to create session" };
-  }
-}
-async function VerifyNextTernIdToken(token) {
-  try {
-    const decodedToken = await adminTernSecureAuth.verifyIdToken(token);
-    return {
-      ...decodedToken,
-      valid: true
-    };
-  } catch (error) {
-    console.error("[VerifyNextTernIdToken] Error verifying session:", error);
-    const authError = handleFirebaseAuthError2(error);
-    return {
-      valid: false,
-      error: authError
-    };
-  }
-}
-async function VerifyNextTernSessionCookie(session) {
-  try {
-    const res = await adminTernSecureAuth.verifySessionCookie(session);
-    console.warn("[VerifyNextTernSessionCookie] uid in Decoded Token:", res.uid);
-    return {
-      valid: true,
-      ...res
-    };
-  } catch (error) {
-    console.error("[VerifyNextTernSessionCookie] Error verifying session:", error);
-    const authError = handleFirebaseAuthError2(error);
-    return {
-      valid: false,
-      error: authError
-    };
-  }
-}
-async function ClearNextSessionCookie(tenantId, deleteOptions) {
-  try {
-    const tenantAuth = getAuthForTenant(tenantId || "");
-    const cookieStore = await cookies();
-    const sessionCookie = cookieStore.get(SESSION_CONSTANTS.COOKIE_NAME);
-    const cookiePrefix = getCookiePrefix2();
-    const idTokenCookieName = getCookieName2(constants.Cookies.IdToken, cookiePrefix);
-    const idTokenCookie = cookieStore.get(idTokenCookieName);
-    const finalDeleteOptions = {
-      path: deleteOptions?.path,
-      domain: deleteOptions?.domain,
-      httpOnly: deleteOptions?.httpOnly,
-      secure: deleteOptions?.secure,
-      sameSite: deleteOptions?.sameSite
-    };
-    const idRefreshCustomTokenDeleteOptions = {
-      path: "/",
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      sameSite: "strict"
-    };
-    cookieStore.delete({ name: SESSION_CONSTANTS.COOKIE_NAME, ...finalDeleteOptions });
-    cookieStore.delete({ name: constants.Cookies.TernAut });
-    cookieStore.delete({ name: idTokenCookieName, ...idRefreshCustomTokenDeleteOptions });
-    cookieStore.delete({
-      name: getCookieName2(constants.Cookies.Refresh, cookiePrefix),
-      ...idRefreshCustomTokenDeleteOptions
-    });
-    cookieStore.delete({ name: constants.Cookies.Custom, ...idRefreshCustomTokenDeleteOptions });
-    const shouldRevokeTokens = deleteOptions?.revokeRefreshTokensOnSignOut ?? SESSION_CONSTANTS.REVOKE_REFRESH_TOKENS_ON_SIGNOUT;
-    if (shouldRevokeTokens) {
-      try {
-        let userSub;
-        if (sessionCookie?.value) {
-          try {
-            const decodedClaims = await tenantAuth.verifySessionCookie(sessionCookie.value);
-            userSub = decodedClaims.sub;
-          } catch (sessionError) {
-            debugLog.warn(
-              "[ClearNextSessionCookie] Session cookie verification failed:",
-              sessionError
-            );
-          }
-        }
-        if (!userSub) {
-          if (idTokenCookie?.value) {
-            try {
-              const decodedIdToken = await tenantAuth.verifyIdToken(idTokenCookie.value);
-              userSub = decodedIdToken.sub;
-            } catch (idTokenError) {
-              debugLog.warn("[ClearNextSessionCookie] ID token verification failed:", idTokenError);
-            }
-          }
-        }
-        if (userSub) {
-          await tenantAuth.revokeRefreshTokens(userSub);
-          debugLog.log(`[ClearNextSessionCookie] Successfully revoked tokens for user: ${userSub}`);
-        } else {
-          debugLog.warn("[ClearNextSessionCookie] No valid token found for revocation");
-        }
-      } catch (revokeError) {
-        debugLog.error("[ClearNextSessionCookie] Failed to revoke refresh tokens:", revokeError);
-      }
-    }
-    return { success: true, message: "Session cleared successfully" };
-  } catch (error) {
-    debugLog.error("Error clearing session:", error);
-    return { success: false, message: "Failed to clear session cookies" };
-  }
-}
-// src/tokens/ternSecureRequest.ts
-import { parse } from "cookie";
-// src/tokens/ternUrl.ts
-var TernUrl = class extends URL {
-  isCrossOrigin(other) {
-    return this.origin !== new URL(other.toString()).origin;
-  }
-};
-var createTernUrl = (...args) => {
-  return new TernUrl(...args);
-};
-// src/tokens/ternSecureRequest.ts
-var TernSecureRequest = class extends Request {
-  ternUrl;
-  cookies;
-  constructor(input, init) {
-    const url = typeof input !== "string" && "url" in input ? input.url : String(input);
-    super(url, init || typeof input === "string" ? void 0 : input);
-    this.ternUrl = this.deriveUrlFromHeaders(this);
-    this.cookies = this.parseCookies(this);
-  }
-  toJSON() {
-    return {
-      url: this.ternUrl.href,
-      method: this.method,
-      headers: JSON.stringify(Object.fromEntries(this.headers)),
-      ternUrl: this.ternUrl.toString(),
-      cookies: JSON.stringify(Object.fromEntries(this.cookies))
-    };
-  }
-  deriveUrlFromHeaders(req) {
-    const initialUrl = new URL(req.url);
-    const forwardedProto = req.headers.get(constants.Headers.ForwardedProto);
-    const forwardedHost = req.headers.get(constants.Headers.ForwardedHost);
-    const host = req.headers.get(constants.Headers.Host);
-    const protocol = initialUrl.protocol;
-    const resolvedHost = this.getFirstValueFromHeader(forwardedHost) ?? host;
-    const resolvedProtocol = this.getFirstValueFromHeader(forwardedProto) ?? protocol?.replace(/[:/]/, "");
-    const origin = resolvedHost && resolvedProtocol ? `${resolvedProtocol}://${resolvedHost}` : initialUrl.origin;
-    if (origin === initialUrl.origin) {
-      return createTernUrl(initialUrl);
-    }
-    return createTernUrl(initialUrl.pathname + initialUrl.search, origin);
-  }
-  getFirstValueFromHeader(value) {
-    return value?.split(",")[0];
-  }
-  parseCookies(req) {
-    const cookiesRecord = parse(
-      this.decodeCookieValue(req.headers.get("cookie") || "")
-    );
-    return new Map(Object.entries(cookiesRecord));
-  }
-  decodeCookieValue(str) {
-    return str ? str.replace(/(%[0-9A-Z]{2})+/g, decodeURIComponent) : str;
-  }
-};
-var createTernSecureRequest = (...args) => {
-  return args[0] instanceof TernSecureRequest ? args[0] : new TernSecureRequest(...args);
-};
-// src/instance/backendInstance.ts
-var createBackendInstance = async (request) => {
-  const ternSecureRequest = createTernSecureRequest(request);
-  const requestState = await authenticateRequest(request);
-  return {
-    ternSecureRequest,
-    requestState
-  };
-};
-async function authenticateRequest(request) {
-  const sessionCookie = request.headers.get("cookie");
-  const sessionToken = sessionCookie?.split(";").find((c) => c.trim().startsWith("_session_cookie="))?.split("=")[1];
-  if (!sessionToken) {
-    throw new Error("No session token found");
-  }
-  const verificationResult = await VerifyNextTernSessionCookie(sessionToken);
-  if (!verificationResult.valid) {
-    throw new Error("Invalid session token");
-  }
-  return signedIn(
-    verificationResult,
-    new Headers(request.headers),
-    sessionToken
-  );
-}
-function signInAuthObject(session) {
-  return {
-    session,
-    userId: session.uid,
-    has: {}
-  };
-}
-function signedIn(session, headers = new Headers(), token) {
-  const authObject = signInAuthObject(session);
-  return {
-    auth: () => authObject,
-    token,
-    headers
-  };
-}
-// src/admin/user.ts
-import { handleFirebaseAuthError as handleFirebaseAuthError3 } from "@tern-secure/shared/errors";
-function RetrieveUser(tenantId) {
-  const auth = getAuthForTenant(tenantId);
-  async function getUserUid(uid) {
-    try {
-      const user = await auth.getUser(uid);
-      return { data: user, error: null };
-    } catch (error) {
-      return { data: null, error: handleFirebaseAuthError3(error) };
-    }
-  }
-  async function getUserByEmail(email) {
-    try {
-      const user = await auth.getUserByEmail(email);
-      return { data: user, error: null };
-    } catch (error) {
-      return { data: null, error: handleFirebaseAuthError3(error) };
-    }
-  }
-  async function getUserByPhoneNumber(phoneNumber) {
-    try {
-      const user = await auth.getUserByPhoneNumber(phoneNumber);
-      return { data: user, error: null };
-    } catch (error) {
-      return { data: null, error: handleFirebaseAuthError3(error) };
-    }
-  }
-  return {
-    getUserUid,
-    getUserByEmail,
-    getUserByPhoneNumber
-  };
-}
-export {
-  GOOGLE_PUBLIC_KEYS_URL,
-  FIREBASE_APP_CHECK_AUDIENCE,
-  MAX_CACHE_LAST_UPDATED_AT_SECONDS,
-  DEFAULT_CACHE_DURATION,
-  CACHE_CONTROL_REGEX,
-  TOKEN_EXPIRY_THRESHOLD_MILLIS,
-  GOOGLE_TOKEN_AUDIENCE,
-  GOOGLE_AUTH_TOKEN_HOST,
-  GOOGLE_AUTH_TOKEN_PATH,
-  ONE_HOUR_IN_SECONDS,
-  ONE_MINUTE_IN_SECONDS,
-  ONE_MINUTE_IN_MILLIS,
-  ONE_DAY_IN_MILLIS,
-  constants,
-  createTernSecureRequest,
-  loadAdminConfig,
-  initializeAdminConfig,
-  adminTernSecureAuth,
-  adminTernSecureDb,
-  TernSecureTenantManager,
-  appCheckAdmin,
-  createSessionCookie,
-  clearSessionCookie,
-  createCustomTokenClaims,
-  createTenant,
-  createTenantUser,
-  CreateNextSessionCookie,
-  GetNextServerSessionCookie,
-  GetNextIdToken,
-  SetNextServerSession,
-  SetNextServerToken,
-  VerifyNextTernIdToken,
-  VerifyNextTernSessionCookie,
-  ClearNextSessionCookie,
-  createBackendInstance,
-  authenticateRequest,
-  signedIn,
-  RetrieveUser
-};
-//# sourceMappingURL=chunk-34QENCWP.mjs.map