@tern-secure/nextjs 3.2.31 → 3.2.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/server/auth.js +3 -3
- package/dist/cjs/app-router/server/auth.js.map +1 -1
- package/dist/cjs/app-router/server/sessionTernSecure.js +21 -10
- package/dist/cjs/app-router/server/sessionTernSecure.js.map +1 -1
- package/dist/cjs/boundary/TernSecureClientProvider.js +42 -26
- package/dist/cjs/boundary/TernSecureClientProvider.js.map +1 -1
- package/dist/cjs/boundary/TernSecureCtx.js.map +1 -1
- package/dist/cjs/boundary/hooks/useAuth.js +24 -6
- package/dist/cjs/boundary/hooks/useAuth.js.map +1 -1
- package/dist/esm/app-router/server/auth.js +4 -4
- package/dist/esm/app-router/server/auth.js.map +1 -1
- package/dist/esm/app-router/server/sessionTernSecure.js +20 -9
- package/dist/esm/app-router/server/sessionTernSecure.js.map +1 -1
- package/dist/esm/boundary/TernSecureClientProvider.js +43 -27
- package/dist/esm/boundary/TernSecureClientProvider.js.map +1 -1
- package/dist/esm/boundary/TernSecureCtx.js.map +1 -1
- package/dist/esm/boundary/hooks/useAuth.js +24 -6
- package/dist/esm/boundary/hooks/useAuth.js.map +1 -1
- package/dist/types/app-router/server/sessionTernSecure.d.ts +5 -5
- package/dist/types/app-router/server/sessionTernSecure.d.ts.map +1 -1
- package/dist/types/boundary/TernSecureClientProvider.d.ts +2 -1
- package/dist/types/boundary/TernSecureClientProvider.d.ts.map +1 -1
- package/dist/types/boundary/TernSecureCtx.d.ts +6 -3
- package/dist/types/boundary/TernSecureCtx.d.ts.map +1 -1
- package/dist/types/boundary/hooks/useAuth.d.ts +5 -1
- package/dist/types/boundary/hooks/useAuth.d.ts.map +1 -1
- package/package.json +1 -1
|
@@ -25,7 +25,7 @@ module.exports = __toCommonJS(auth_exports);
|
|
|
25
25
|
var import_headers = require("next/headers");
|
|
26
26
|
var import_sessionTernSecure = require("./sessionTernSecure");
|
|
27
27
|
async function auth() {
|
|
28
|
-
var _a, _b;
|
|
28
|
+
var _a, _b, _c;
|
|
29
29
|
try {
|
|
30
30
|
const cookieStore = await (0, import_headers.cookies)();
|
|
31
31
|
const sessionCookie = (_a = cookieStore.get("_session_cookie")) == null ? void 0 : _a.value;
|
|
@@ -41,10 +41,10 @@ async function auth() {
|
|
|
41
41
|
}
|
|
42
42
|
const idToken = (_b = cookieStore.get("_session_token")) == null ? void 0 : _b.value;
|
|
43
43
|
if (idToken) {
|
|
44
|
-
const tokenResult = await (0, import_sessionTernSecure.
|
|
44
|
+
const tokenResult = await (0, import_sessionTernSecure.verifyTernIdToken)(idToken);
|
|
45
45
|
if (tokenResult.valid) {
|
|
46
46
|
return {
|
|
47
|
-
userId: tokenResult.uid,
|
|
47
|
+
userId: (_c = tokenResult.uid) != null ? _c : null,
|
|
48
48
|
token: idToken,
|
|
49
49
|
error: null
|
|
50
50
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport { verifyTernIdToken, verifyTernSessionCookie } from './sessionTernSecure';\r\n\r\nexport interface AuthResult {\r\n userId: string | null;\r\n token: string | null;\r\n error: Error | null;\r\n}\r\n\r\nexport async function auth(): Promise<AuthResult> {\r\n try {\r\n const cookieStore = await cookies();\r\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n if (sessionCookie) {\r\n const sessionResult = await verifyTernSessionCookie(sessionCookie);\r\n if (sessionResult.valid) {\r\n return {\r\n userId: sessionResult.uid,\r\n token: sessionCookie,\r\n error: null\r\n };\r\n }\r\n }\r\n\r\n // If session cookie is not present or invalid, try the ID token\r\n const idToken = cookieStore.get('_session_token')?.value;\r\n if (idToken) {\r\n const tokenResult = await verifyTernIdToken(idToken);\r\n if (tokenResult.valid) {\r\n return {\r\n userId: tokenResult.uid ?? null,\r\n token: idToken,\r\n error: null\r\n };\r\n }\r\n }\r\n\r\n // If both checks fail, return null values\r\n return {\r\n userId: null,\r\n token: null,\r\n error: new Error('No valid session or token found')\r\n };\r\n } catch (error) {\r\n console.error('Error in auth function:', error);\r\n return {\r\n userId: null,\r\n token: null,\r\n error: error instanceof Error ? error : new Error('An unknown error occurred')\r\n };\r\n }\r\n}\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAwB;AACxB,+BAA4D;AAQ5D,eAAsB,OAA4B;AAXlD;AAYE,MAAI;AACF,UAAM,cAAc,UAAM,wBAAQ;AAClC,UAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAC1D,QAAI,eAAe;AACjB,YAAM,gBAAgB,UAAM,kDAAwB,aAAa;AACjE,UAAI,cAAc,OAAO;AACvB,eAAO;AAAA,UACL,QAAQ,cAAc;AAAA,UACtB,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,UAAM,WAAU,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AACnD,QAAI,SAAS;AACX,YAAM,cAAc,UAAM,4CAAkB,OAAO;AACnD,UAAI,YAAY,OAAO;AACrB,eAAO;AAAA,UACL,SAAQ,iBAAY,QAAZ,YAAmB;AAAA,UAC3B,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,IAAI,MAAM,iCAAiC;AAAA,IACpD;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAC9C,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,2BAA2B;AAAA,IAC/E;AAAA,EACF;AACF;","names":[]}
|
|
@@ -23,7 +23,7 @@ __export(sessionTernSecure_exports, {
|
|
|
23
23
|
getIdToken: () => getIdToken,
|
|
24
24
|
getServerSessionCookie: () => getServerSessionCookie,
|
|
25
25
|
setServerSession: () => setServerSession,
|
|
26
|
-
|
|
26
|
+
verifyTernIdToken: () => verifyTernIdToken,
|
|
27
27
|
verifyTernSessionCookie: () => verifyTernSessionCookie
|
|
28
28
|
});
|
|
29
29
|
module.exports = __toCommonJS(sessionTernSecure_exports);
|
|
@@ -92,16 +92,27 @@ async function setServerSession(token) {
|
|
|
92
92
|
path: "/"
|
|
93
93
|
});
|
|
94
94
|
}
|
|
95
|
-
async function
|
|
95
|
+
async function verifyTernIdToken(token) {
|
|
96
96
|
try {
|
|
97
|
-
const
|
|
98
|
-
|
|
99
|
-
return { valid: true, uid: res.uid };
|
|
100
|
-
} else {
|
|
101
|
-
return { valid: false, error: "Invalid token" };
|
|
102
|
-
}
|
|
97
|
+
const decodedToken = await import_admin_init.adminTernSecureAuth.verifyIdToken(token);
|
|
98
|
+
return { valid: true, uid: decodedToken.uid };
|
|
103
99
|
} catch (error) {
|
|
104
|
-
|
|
100
|
+
if (error instanceof Error) {
|
|
101
|
+
const firebaseError = error;
|
|
102
|
+
if (error.name === "FirebaseAuthError") {
|
|
103
|
+
switch (firebaseError.code) {
|
|
104
|
+
case "auth/id-token-expired":
|
|
105
|
+
return { valid: false, error: "Token has expired" };
|
|
106
|
+
case "auth/id-token-revoked":
|
|
107
|
+
return { valid: false, error: "Token has been revoked" };
|
|
108
|
+
case "auth/user-disabled":
|
|
109
|
+
return { valid: false, error: "User account has been disabled" };
|
|
110
|
+
default:
|
|
111
|
+
return { valid: false, error: "Invalid token" };
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
return { valid: false, error: "Error verifying token" };
|
|
105
116
|
}
|
|
106
117
|
}
|
|
107
118
|
async function verifyTernSessionCookie(session) {
|
|
@@ -122,7 +133,7 @@ async function verifyTernSessionCookie(session) {
|
|
|
122
133
|
getIdToken,
|
|
123
134
|
getServerSessionCookie,
|
|
124
135
|
setServerSession,
|
|
125
|
-
|
|
136
|
+
verifyTernIdToken,
|
|
126
137
|
verifyTernSessionCookie
|
|
127
138
|
});
|
|
128
139
|
//# sourceMappingURL=sessionTernSecure.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/sessionTernSecure.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport { adminTernSecureAuth as adminAuth } from '../../utils/admin-init';\r\n\r\n\r\nexport interface User {\r\n uid: string;\r\n email: string;\r\n }\r\n\r\nexport interface Session {\r\n user: User | null;\r\n token: string | null;\r\n error: Error | null;\r\n}\r\n\r\nexport async function createSessionCookie(idToken: string) {\r\n try {\r\n const expiresIn = 60 * 60 * 24 * 5 * 1000;\r\n const sessionCookie = await adminAuth.createSessionCookie(idToken, { expiresIn });\r\n\r\n const cookieStore = await cookies();\r\n cookieStore.set('_session_cookie', sessionCookie, {\r\n maxAge: expiresIn,\r\n httpOnly: true,\r\n secure: process.env.NODE_ENV === 'production',\r\n path: '/',\r\n });\r\n return { success: true, message: 'Session created' };\r\n } catch (error) {\r\n return { success: false, message: 'Failed to create session' };\r\n }\r\n}\r\n\r\n\r\n\r\nexport async function getServerSessionCookie() {\r\n const cookieStore = await cookies();\r\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n\r\n if (!sessionCookie) {\r\n throw new Error('No session cookie found')\r\n }\r\n \r\n try {\r\n const decondeClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n return {\r\n token: sessionCookie,\r\n userId: decondeClaims.uid\r\n }\r\n } catch (error) {\r\n console.error('Error verifying session:', error)\r\n throw new Error('Invalid Session')\r\n }\r\n}\r\n\r\n\r\nexport async function getIdToken() {\r\n const cookieStore = await cookies();\r\n const token = cookieStore.get('_session_token')?.value;\r\n\r\n if (!token) {\r\n throw new Error('No session cookie found')\r\n }\r\n \r\n try {\r\n const decodedClaims = await adminAuth.verifyIdToken(token)\r\n return {\r\n token: token,\r\n userId: decodedClaims.uid\r\n }\r\n } catch (error) {\r\n console.error('Error verifying session:', error)\r\n throw new Error('Invalid Session')\r\n }\r\n}\r\n\r\nexport async function setServerSession(token: string) {\r\n const cookieStore = await cookies();\r\n cookieStore.set('_session', token, {\r\n httpOnly: true,\r\n secure: process.env.NODE_ENV === 'production',\r\n sameSite: 'strict',\r\n maxAge: 60 * 60, // 1 hour\r\n path: '/',\r\n });\r\n }\r\n\r\n export async function
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/sessionTernSecure.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport { adminTernSecureAuth as adminAuth } from '../../utils/admin-init';\r\n\r\ninterface FirebaseAuthError extends Error {\r\n code?: string;\r\n}\r\n\r\nexport interface User {\r\n uid: string | null;\r\n email: string | null;\r\n }\r\n\r\nexport interface Session {\r\n user: User | null;\r\n token: string | null;\r\n error: Error | null;\r\n}\r\n\r\nexport async function createSessionCookie(idToken: string) {\r\n try {\r\n const expiresIn = 60 * 60 * 24 * 5 * 1000;\r\n const sessionCookie = await adminAuth.createSessionCookie(idToken, { expiresIn });\r\n\r\n const cookieStore = await cookies();\r\n cookieStore.set('_session_cookie', sessionCookie, {\r\n maxAge: expiresIn,\r\n httpOnly: true,\r\n secure: process.env.NODE_ENV === 'production',\r\n path: '/',\r\n });\r\n return { success: true, message: 'Session created' };\r\n } catch (error) {\r\n return { success: false, message: 'Failed to create session' };\r\n }\r\n}\r\n\r\n\r\n\r\nexport async function getServerSessionCookie() {\r\n const cookieStore = await cookies();\r\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n\r\n if (!sessionCookie) {\r\n throw new Error('No session cookie found')\r\n }\r\n \r\n try {\r\n const decondeClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n return {\r\n token: sessionCookie,\r\n userId: decondeClaims.uid\r\n }\r\n } catch (error) {\r\n console.error('Error verifying session:', error)\r\n throw new Error('Invalid Session')\r\n }\r\n}\r\n\r\n\r\nexport async function getIdToken() {\r\n const cookieStore = await cookies();\r\n const token = cookieStore.get('_session_token')?.value;\r\n\r\n if (!token) {\r\n throw new Error('No session cookie found')\r\n }\r\n \r\n try {\r\n const decodedClaims = await adminAuth.verifyIdToken(token)\r\n return {\r\n token: token,\r\n userId: decodedClaims.uid\r\n }\r\n } catch (error) {\r\n console.error('Error verifying session:', error)\r\n throw new Error('Invalid Session')\r\n }\r\n}\r\n\r\nexport async function setServerSession(token: string) {\r\n const cookieStore = await cookies();\r\n cookieStore.set('_session', token, {\r\n httpOnly: true,\r\n secure: process.env.NODE_ENV === 'production',\r\n sameSite: 'strict',\r\n maxAge: 60 * 60, // 1 hour\r\n path: '/',\r\n });\r\n }\r\n\r\n export async function verifyTernIdToken(token: string): Promise<{ valid: boolean; uid?: string; error?: string }> {\r\n try {\r\n const decodedToken = await adminAuth.verifyIdToken(token);\r\n return { valid: true, uid: decodedToken.uid };\r\n } catch (error) {\r\n if (error instanceof Error) {\r\n const firebaseError = error as FirebaseAuthError;\r\n if (error.name === 'FirebaseAuthError') {\r\n // Handle specific Firebase Auth errors\r\n switch (firebaseError.code) {\r\n case 'auth/id-token-expired':\r\n return { valid: false, error: 'Token has expired' };\r\n case 'auth/id-token-revoked':\r\n return { valid: false, error: 'Token has been revoked' };\r\n case 'auth/user-disabled':\r\n return { valid: false, error: 'User account has been disabled' };\r\n default:\r\n return { valid: false, error: 'Invalid token' };\r\n }\r\n }\r\n }\r\n return { valid: false, error: 'Error verifying token' };\r\n }\r\n }\r\n \r\n\r\n export async function verifyTernSessionCookie(session: string): Promise<{ valid: boolean; uid?: any; error?: any }>{\r\n try {\r\n const res = await adminAuth.verifySessionCookie(session, true);\r\n if (res) {\r\n return { valid: true, uid: res.uid };\r\n } else {\r\n return { valid: false, error: 'Invalid session'};\r\n }\r\n } catch (error) {\r\n return {error: error, valid: false}\r\n }\r\n }\r\n\r\n\r\n\r\n/*\r\n export async function GET(request: NextRequest) {\r\n const cookieStore = await cookies();\r\n const sessionCookie = cookieStore.get('session')?.value\r\n \r\n if (!sessionCookie) {\r\n return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n }\r\n \r\n try {\r\n const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n return NextResponse.json({ isAuthenticated: true, user: decodedClaims }, { status: 200 })\r\n } catch (error) {\r\n console.error('Error verifying session cookie:', error)\r\n return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n }\r\n }\r\n\r\n*/"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAwB;AACxB,wBAAiD;AAiBjD,eAAsB,oBAAoB,SAAiB;AACzD,MAAI;AACF,UAAM,YAAY,KAAK,KAAK,KAAK,IAAI;AACnC,UAAM,gBAAgB,MAAM,kBAAAA,oBAAU,oBAAoB,SAAS,EAAE,UAAU,CAAC;AAEhF,UAAM,cAAc,UAAM,wBAAQ;AAClC,gBAAY,IAAI,mBAAmB,eAAe;AAAA,MAC9C,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,MAAM;AAAA,IACV,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACvD,SAAS,OAAO;AACZ,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EACjE;AACF;AAIA,eAAsB,yBAAyB;AAxC/C;AAyCE,QAAM,cAAc,UAAM,wBAAQ;AAClC,QAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAE1D,MAAI,CAAC,eAAe;AAClB,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,kBAAAA,oBAAU,oBAAoB,eAAe,IAAI;AAC7E,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAGA,eAAsB,aAAa;AA7DnC;AA8DE,QAAM,cAAc,UAAM,wBAAQ;AAClC,QAAM,SAAQ,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AAEjD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,kBAAAA,oBAAU,cAAc,KAAK;AACzD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAEA,eAAsB,iBAAiB,OAAe;AAClD,QAAM,cAAc,UAAM,wBAAQ;AAClC,cAAY,IAAI,YAAY,OAAO;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ,KAAK;AAAA;AAAA,IACb,MAAM;AAAA,EACR,CAAC;AACH;AAEA,eAAsB,kBAAkB,OAA0E;AAChH,MAAI;AACF,UAAM,eAAe,MAAM,kBAAAA,oBAAU,cAAc,KAAK;AACxD,WAAO,EAAE,OAAO,MAAM,KAAK,aAAa,IAAI;AAAA,EAC9C,SAAS,OAAO;AACd,QAAI,iBAAiB,OAAO;AAC1B,YAAM,gBAAgB;AACtB,UAAI,MAAM,SAAS,qBAAqB;AAEtC,gBAAQ,cAAc,MAAM;AAAA,UAC1B,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,oBAAoB;AAAA,UACpD,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,yBAAyB;AAAA,UACzD,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,iCAAiC;AAAA,UACjE;AACE,mBAAO,EAAE,OAAO,OAAO,OAAO,gBAAgB;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,OAAO,OAAO,wBAAwB;AAAA,EACxD;AACF;AAGA,eAAsB,wBAAwB,SAAqE;AACjH,MAAI;AACF,UAAM,MAAM,MAAM,kBAAAA,oBAAU,oBAAoB,SAAS,IAAI;AAC7D,QAAI,KAAK;AACP,aAAO,EAAE,OAAO,MAAM,KAAK,IAAI,IAAI;AAAA,IACrC,OAAO;AACL,aAAO,EAAE,OAAO,OAAO,OAAO,kBAAiB;AAAA,IACjD;AAAA,EACF,SAAS,OAAO;AACd,WAAO,EAAC,OAAc,OAAO,MAAK;AAAA,EACpC;AACF;","names":["adminAuth"]}
|
|
@@ -27,8 +27,16 @@ var import_react = require("react");
|
|
|
27
27
|
var import_client_init = require("../utils/client-init");
|
|
28
28
|
var import_auth = require("firebase/auth");
|
|
29
29
|
var import_TernSecureCtx = require("./TernSecureCtx");
|
|
30
|
-
|
|
30
|
+
var import_navigation = require("next/navigation");
|
|
31
|
+
var import_sessionTernSecure = require("../app-router/server/sessionTernSecure");
|
|
32
|
+
function TernSecureClientProvider({
|
|
33
|
+
children,
|
|
34
|
+
onUserChanged,
|
|
35
|
+
loginPath = "/sign-in"
|
|
36
|
+
}) {
|
|
31
37
|
const auth = (0, import_react.useMemo)(() => import_client_init.ternSecureAuth, []);
|
|
38
|
+
const router = (0, import_navigation.useRouter)();
|
|
39
|
+
const pathname = (0, import_navigation.usePathname)();
|
|
32
40
|
const [authState, setAuthState] = (0, import_react.useState)(() => ({
|
|
33
41
|
userId: null,
|
|
34
42
|
isLoaded: false,
|
|
@@ -45,52 +53,60 @@ function TernSecureClientProvider({ children, onUserChanged }) {
|
|
|
45
53
|
isValid: false,
|
|
46
54
|
token: null
|
|
47
55
|
});
|
|
48
|
-
|
|
56
|
+
router.push(loginPath);
|
|
57
|
+
}, [auth, router, loginPath]);
|
|
49
58
|
const checkTokenValidity = (0, import_react.useCallback)(async (user) => {
|
|
50
59
|
if (user) {
|
|
51
60
|
try {
|
|
52
61
|
const token = await user.getIdToken(true);
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
userId: user.uid
|
|
57
|
-
|
|
58
|
-
token,
|
|
59
|
-
error: null
|
|
60
|
-
}));
|
|
62
|
+
const decodedToken = await (0, import_sessionTernSecure.verifyTernIdToken)(token);
|
|
63
|
+
const isValid = decodedToken.valid;
|
|
64
|
+
if (isValid) {
|
|
65
|
+
return { isValid: true, token, userId: user.uid };
|
|
66
|
+
}
|
|
61
67
|
} catch (error) {
|
|
62
68
|
console.error("Token validation error:", error);
|
|
63
69
|
await handleSignOut(error instanceof Error ? error : new Error("Authentication token is invalid"));
|
|
70
|
+
return { isValid: false, token: null, userId: null };
|
|
64
71
|
}
|
|
65
|
-
} else {
|
|
66
|
-
setAuthState((prev) => ({
|
|
67
|
-
...prev,
|
|
68
|
-
isLoaded: true,
|
|
69
|
-
userId: null,
|
|
70
|
-
isValid: false,
|
|
71
|
-
token: null,
|
|
72
|
-
error: null
|
|
73
|
-
}));
|
|
74
72
|
}
|
|
73
|
+
return { isValid: false, token: null, userId: null };
|
|
75
74
|
}, [handleSignOut]);
|
|
76
75
|
const handleAuthStateChange = (0, import_react.useCallback)(async (user) => {
|
|
77
|
-
await checkTokenValidity(user);
|
|
76
|
+
const { isValid, token, userId } = await checkTokenValidity(user);
|
|
77
|
+
setAuthState({
|
|
78
|
+
isLoaded: true,
|
|
79
|
+
userId,
|
|
80
|
+
isValid,
|
|
81
|
+
token,
|
|
82
|
+
error: null
|
|
83
|
+
});
|
|
78
84
|
if (onUserChanged) {
|
|
79
85
|
await onUserChanged(user);
|
|
80
86
|
}
|
|
81
|
-
|
|
87
|
+
if (!isValid && pathname !== loginPath) {
|
|
88
|
+
router.push(loginPath);
|
|
89
|
+
}
|
|
90
|
+
}, [checkTokenValidity, onUserChanged, router, loginPath, pathname]);
|
|
82
91
|
(0, import_react.useEffect)(() => {
|
|
83
92
|
const unsubscribeAuthState = (0, import_auth.onAuthStateChanged)(auth, handleAuthStateChange);
|
|
84
|
-
const
|
|
93
|
+
const intervalId = setInterval(() => {
|
|
94
|
+
handleAuthStateChange(auth.currentUser);
|
|
95
|
+
}, 6e4);
|
|
85
96
|
return () => {
|
|
86
97
|
unsubscribeAuthState();
|
|
87
|
-
|
|
98
|
+
clearInterval(intervalId);
|
|
88
99
|
};
|
|
89
|
-
}, [auth, handleAuthStateChange
|
|
100
|
+
}, [auth, handleAuthStateChange]);
|
|
101
|
+
const contextValue = (0, import_react.useMemo)(() => ({
|
|
102
|
+
...authState,
|
|
103
|
+
checkTokenValidity: () => handleAuthStateChange(auth.currentUser),
|
|
104
|
+
signOut: handleSignOut
|
|
105
|
+
}), [authState, handleAuthStateChange, auth, handleSignOut]);
|
|
90
106
|
if (!authState.isLoaded) {
|
|
91
|
-
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_TernSecureCtx.TernSecureCtx.Provider, { value:
|
|
107
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_TernSecureCtx.TernSecureCtx.Provider, { value: contextValue, children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { "aria-live": "polite", "aria-busy": "true", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { className: "sr-only", children: "Loading authentication state..." }) }) });
|
|
92
108
|
}
|
|
93
|
-
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_TernSecureCtx.TernSecureCtx.Provider, { value:
|
|
109
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_TernSecureCtx.TernSecureCtx.Provider, { value: contextValue, children });
|
|
94
110
|
}
|
|
95
111
|
// Annotate the CommonJS export names for ESM import in node:
|
|
96
112
|
0 && (module.exports = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport React, { useState, useEffect, useMemo, useCallback } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init'\r\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport React, { useState, useEffect, useMemo, useCallback } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init'\r\nimport { User, onAuthStateChanged } from \"firebase/auth\"\r\nimport { TernSecureCtx, TernSecureState, TernSecureCtxValue } from './TernSecureCtx'\r\nimport { useRouter, usePathname } from 'next/navigation'\r\nimport { verifyTernIdToken } from '../app-router/server/sessionTernSecure'\r\n\r\ninterface TernSecureClientProviderProps {\r\n children: React.ReactNode;\r\n onUserChanged?: (user: User | null) => Promise<void>;\r\n loginPath?: string;\r\n}\r\n\r\nexport function TernSecureClientProvider({ \r\n children, \r\n onUserChanged,\r\n loginPath = '/sign-in'\r\n}: TernSecureClientProviderProps) {\r\n const auth = useMemo(() => ternSecureAuth, []);\r\n const router = useRouter();\r\n const pathname = usePathname();\r\n\r\n const [authState, setAuthState] = useState<TernSecureState>(() => ({\r\n userId: null,\r\n isLoaded: false,\r\n error: null,\r\n isValid: false,\r\n token: null\r\n }));\r\n\r\n const handleSignOut = useCallback(async (error?: Error) => {\r\n await auth.signOut();\r\n setAuthState({\r\n isLoaded: true,\r\n userId: null,\r\n error: error || null,\r\n isValid: false,\r\n token: null\r\n });\r\n router.push(loginPath);\r\n }, [auth, router, loginPath]);\r\n\r\n const checkTokenValidity = useCallback(async (user: User | null) => {\r\n if (user) {\r\n try {\r\n // Force token refresh\r\n const token = await user.getIdToken(true);\r\n \r\n const decodedToken = await verifyTernIdToken(token);\r\n const isValid = decodedToken.valid\r\n\r\n if(isValid) {\r\n return { isValid: true, token, userId: user.uid };\r\n }\r\n } catch (error) {\r\n console.error('Token validation error:', error);\r\n await handleSignOut(error instanceof Error ? error : new Error('Authentication token is invalid'));\r\n return { isValid: false, token: null, userId: null };\r\n }\r\n }\r\n return { isValid: false, token: null, userId: null };\r\n }, [handleSignOut]);\r\n\r\n const handleAuthStateChange = useCallback(async (user: User | null) => {\r\n const { isValid, token, userId } = await checkTokenValidity(user);\r\n \r\n setAuthState({\r\n isLoaded: true,\r\n userId,\r\n isValid,\r\n token,\r\n error: null\r\n });\r\n\r\n if (onUserChanged) {\r\n await onUserChanged(user);\r\n }\r\n\r\n if (!isValid && pathname !== loginPath) {\r\n router.push(loginPath);\r\n }\r\n }, [checkTokenValidity, onUserChanged, router, loginPath, pathname]);\r\n\r\n useEffect(() => {\r\n const unsubscribeAuthState = onAuthStateChanged(auth, handleAuthStateChange);\r\n \r\n // Set up an interval to periodically check token validity\r\n const intervalId = setInterval(() => {\r\n handleAuthStateChange(auth.currentUser);\r\n }, 60000); // Check every minute\r\n\r\n return () => {\r\n unsubscribeAuthState();\r\n clearInterval(intervalId);\r\n };\r\n }, [auth, handleAuthStateChange]);\r\n\r\n const contextValue: TernSecureCtxValue = useMemo(() => ({\r\n ...authState,\r\n checkTokenValidity: () => handleAuthStateChange(auth.currentUser),\r\n signOut: handleSignOut,\r\n }), [authState, handleAuthStateChange, auth, handleSignOut]);\r\n\r\n if (!authState.isLoaded) {\r\n return (\r\n <TernSecureCtx.Provider value={contextValue}>\r\n <div aria-live=\"polite\" aria-busy=\"true\">\r\n <span className=\"sr-only\">Loading authentication state...</span>\r\n </div>\r\n </TernSecureCtx.Provider>\r\n );\r\n }\r\n\r\n return (\r\n <TernSecureCtx.Provider value={contextValue}>\r\n {children}\r\n </TernSecureCtx.Provider>\r\n );\r\n}\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA6GU;AA3GV,mBAAiE;AACjE,yBAA+B;AAC/B,kBAAyC;AACzC,2BAAmE;AACnE,wBAAuC;AACvC,+BAAkC;AAQ3B,SAAS,yBAAyB;AAAA,EACvC;AAAA,EACA;AAAA,EACA,YAAY;AACd,GAAkC;AAChC,QAAM,WAAO,sBAAQ,MAAM,mCAAgB,CAAC,CAAC;AAC7C,QAAM,aAAS,6BAAU;AACzB,QAAM,eAAW,+BAAY;AAE7B,QAAM,CAAC,WAAW,YAAY,QAAI,uBAA0B,OAAO;AAAA,IACjE,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,OAAO;AAAA,IACP,SAAS;AAAA,IACT,OAAO;AAAA,EACT,EAAE;AAEF,QAAM,oBAAgB,0BAAY,OAAO,UAAkB;AACzD,UAAM,KAAK,QAAQ;AACnB,iBAAa;AAAA,MACX,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,OAAO,SAAS;AAAA,MAChB,SAAS;AAAA,MACT,OAAO;AAAA,IACT,CAAC;AACD,WAAO,KAAK,SAAS;AAAA,EACvB,GAAG,CAAC,MAAM,QAAQ,SAAS,CAAC;AAE5B,QAAM,yBAAqB,0BAAY,OAAO,SAAsB;AAClE,QAAI,MAAM;AACR,UAAI;AAEF,cAAM,QAAQ,MAAM,KAAK,WAAW,IAAI;AAExC,cAAM,eAAe,UAAM,4CAAkB,KAAK;AAClD,cAAM,UAAU,aAAa;AAE7B,YAAG,SAAS;AACV,iBAAO,EAAE,SAAS,MAAM,OAAO,QAAQ,KAAK,IAAI;AAAA,QAClD;AAAA,MACF,SAAS,OAAO;AACd,gBAAQ,MAAM,2BAA2B,KAAK;AAC9C,cAAM,cAAc,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,iCAAiC,CAAC;AACjG,eAAO,EAAE,SAAS,OAAO,OAAO,MAAM,QAAQ,KAAK;AAAA,MACrD;AAAA,IACF;AACA,WAAO,EAAE,SAAS,OAAO,OAAO,MAAM,QAAQ,KAAK;AAAA,EACrD,GAAG,CAAC,aAAa,CAAC;AAElB,QAAM,4BAAwB,0BAAY,OAAO,SAAsB;AACrE,UAAM,EAAE,SAAS,OAAO,OAAO,IAAI,MAAM,mBAAmB,IAAI;AAEhE,iBAAa;AAAA,MACX,UAAU;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AAED,QAAI,eAAe;AACjB,YAAM,cAAc,IAAI;AAAA,IAC1B;AAEA,QAAI,CAAC,WAAW,aAAa,WAAW;AACtC,aAAO,KAAK,SAAS;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,oBAAoB,eAAe,QAAQ,WAAW,QAAQ,CAAC;AAEnE,8BAAU,MAAM;AACd,UAAM,2BAAuB,gCAAmB,MAAM,qBAAqB;AAG3E,UAAM,aAAa,YAAY,MAAM;AACnC,4BAAsB,KAAK,WAAW;AAAA,IACxC,GAAG,GAAK;AAER,WAAO,MAAM;AACX,2BAAqB;AACrB,oBAAc,UAAU;AAAA,IAC1B;AAAA,EACF,GAAG,CAAC,MAAM,qBAAqB,CAAC;AAEhC,QAAM,mBAAmC,sBAAQ,OAAO;AAAA,IACtD,GAAG;AAAA,IACH,oBAAoB,MAAM,sBAAsB,KAAK,WAAW;AAAA,IAChE,SAAS;AAAA,EACX,IAAI,CAAC,WAAW,uBAAuB,MAAM,aAAa,CAAC;AAE3D,MAAI,CAAC,UAAU,UAAU;AACvB,WACE,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC7B,sDAAC,SAAI,aAAU,UAAS,aAAU,QAChC,sDAAC,UAAK,WAAU,WAAU,6CAA+B,GAC3D,GACF;AAAA,EAEJ;AAEA,SACE,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC5B,UACH;AAEJ;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/boundary/TernSecureCtx.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport { createContext, useContext } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init';\r\nimport { User } from 'firebase/auth';\r\n\r\nexport const TernSecureUser = (): User | null => {\r\n return ternSecureAuth.currentUser;\r\n}\r\n\r\nexport interface TernSecureState {\r\n userId: string | null\r\n isLoaded: boolean\r\n error: Error | null\r\n isValid: boolean\r\n token: string | null\r\n}\r\n\r\nexport
|
|
1
|
+
{"version":3,"sources":["../../../src/boundary/TernSecureCtx.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport { createContext, useContext } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init';\r\nimport { User } from 'firebase/auth';\r\n\r\nexport const TernSecureUser = (): User | null => {\r\n return ternSecureAuth.currentUser;\r\n}\r\n\r\nexport interface TernSecureState {\r\n userId: string | null\r\n isLoaded: boolean\r\n error: Error | null\r\n isValid: boolean\r\n token: string | null\r\n}\r\n\r\nexport interface TernSecureCtxValue extends TernSecureState {\r\n checkTokenValidity: () => Promise<void>;\r\n signOut: () => Promise<void>;\r\n}\r\n\r\nexport const TernSecureCtx = createContext<TernSecureCtxValue | null>(null)\r\n\r\nTernSecureCtx.displayName = 'TernSecureCtx'\r\n\r\nexport const useTernSecure = (hookName: string) => {\r\n const context = useContext(TernSecureCtx)\r\n \r\n if (!context) {\r\n throw new Error(\r\n `${hookName} must be used within TernSecureProvider`\r\n )\r\n }\r\n\r\n return context\r\n}\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAA0C;AAC1C,yBAA+B;AAGxB,MAAM,iBAAiB,MAAmB;AAC/C,SAAO,kCAAe;AACxB;AAeO,MAAM,oBAAgB,4BAAyC,IAAI;AAE1E,cAAc,cAAc;AAErB,MAAM,gBAAgB,CAAC,aAAqB;AACjD,QAAM,cAAU,yBAAW,aAAa;AAExC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI;AAAA,MACR,GAAG,QAAQ;AAAA,IACb;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
"use client";
|
|
2
3
|
var __defProp = Object.defineProperty;
|
|
3
4
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
5
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
@@ -21,15 +22,32 @@ __export(useAuth_exports, {
|
|
|
21
22
|
useAuth: () => useAuth
|
|
22
23
|
});
|
|
23
24
|
module.exports = __toCommonJS(useAuth_exports);
|
|
25
|
+
var import_react = require("react");
|
|
24
26
|
var import_TernSecureCtx = require("../TernSecureCtx");
|
|
27
|
+
var import_TernSecureCtx2 = require("../TernSecureCtx");
|
|
25
28
|
function useAuth() {
|
|
26
|
-
const
|
|
29
|
+
const {
|
|
30
|
+
userId,
|
|
31
|
+
isLoaded,
|
|
32
|
+
error,
|
|
33
|
+
isValid,
|
|
34
|
+
token,
|
|
35
|
+
checkTokenValidity,
|
|
36
|
+
signOut
|
|
37
|
+
} = (0, import_TernSecureCtx.useTernSecure)("useAuth");
|
|
38
|
+
const user = (0, import_TernSecureCtx2.TernSecureUser)();
|
|
39
|
+
const refreshToken = (0, import_react.useCallback)(async () => {
|
|
40
|
+
await checkTokenValidity();
|
|
41
|
+
}, [checkTokenValidity]);
|
|
27
42
|
return {
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
43
|
+
user,
|
|
44
|
+
userId,
|
|
45
|
+
isLoaded,
|
|
46
|
+
error,
|
|
47
|
+
isAuthenticated: isValid,
|
|
48
|
+
token,
|
|
49
|
+
refreshToken,
|
|
50
|
+
signOut
|
|
33
51
|
};
|
|
34
52
|
}
|
|
35
53
|
// Annotate the CommonJS export names for ESM import in node:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/boundary/hooks/useAuth.ts"],"sourcesContent":["
|
|
1
|
+
{"version":3,"sources":["../../../../src/boundary/hooks/useAuth.ts"],"sourcesContent":["\"use client\"\r\n\r\nimport { useCallback } from 'react'\r\nimport { useTernSecure } from '../TernSecureCtx'\r\nimport { User } from 'firebase/auth'\r\nimport { TernSecureUser } from '../TernSecureCtx'\r\n\r\nexport function useAuth() {\r\n const {\r\n userId,\r\n isLoaded,\r\n error,\r\n isValid,\r\n token,\r\n checkTokenValidity,\r\n signOut\r\n } = useTernSecure('useAuth')\r\n\r\n const user: User | null = TernSecureUser()\r\n\r\n const refreshToken = useCallback(async () => {\r\n await checkTokenValidity()\r\n }, [checkTokenValidity])\r\n\r\n return {\r\n user,\r\n userId,\r\n isLoaded,\r\n error,\r\n isAuthenticated: isValid,\r\n token,\r\n refreshToken,\r\n signOut\r\n }\r\n}\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAA4B;AAC5B,2BAA8B;AAE9B,IAAAA,wBAA+B;AAExB,SAAS,UAAU;AACxB,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,QAAI,oCAAc,SAAS;AAE3B,QAAM,WAAoB,sCAAe;AAEzC,QAAM,mBAAe,0BAAY,YAAY;AAC3C,UAAM,mBAAmB;AAAA,EAC3B,GAAG,CAAC,kBAAkB,CAAC;AAEvB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,iBAAiB;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["import_TernSecureCtx"]}
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
"use server";
|
|
2
2
|
import { cookies } from "next/headers";
|
|
3
|
-
import {
|
|
3
|
+
import { verifyTernIdToken, verifyTernSessionCookie } from "./sessionTernSecure";
|
|
4
4
|
async function auth() {
|
|
5
|
-
var _a, _b;
|
|
5
|
+
var _a, _b, _c;
|
|
6
6
|
try {
|
|
7
7
|
const cookieStore = await cookies();
|
|
8
8
|
const sessionCookie = (_a = cookieStore.get("_session_cookie")) == null ? void 0 : _a.value;
|
|
@@ -18,10 +18,10 @@ async function auth() {
|
|
|
18
18
|
}
|
|
19
19
|
const idToken = (_b = cookieStore.get("_session_token")) == null ? void 0 : _b.value;
|
|
20
20
|
if (idToken) {
|
|
21
|
-
const tokenResult = await
|
|
21
|
+
const tokenResult = await verifyTernIdToken(idToken);
|
|
22
22
|
if (tokenResult.valid) {
|
|
23
23
|
return {
|
|
24
|
-
userId: tokenResult.uid,
|
|
24
|
+
userId: (_c = tokenResult.uid) != null ? _c : null,
|
|
25
25
|
token: idToken,
|
|
26
26
|
error: null
|
|
27
27
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport { verifyTernIdToken, verifyTernSessionCookie } from './sessionTernSecure';\r\n\r\nexport interface AuthResult {\r\n userId: string | null;\r\n token: string | null;\r\n error: Error | null;\r\n}\r\n\r\nexport async function auth(): Promise<AuthResult> {\r\n try {\r\n const cookieStore = await cookies();\r\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n if (sessionCookie) {\r\n const sessionResult = await verifyTernSessionCookie(sessionCookie);\r\n if (sessionResult.valid) {\r\n return {\r\n userId: sessionResult.uid,\r\n token: sessionCookie,\r\n error: null\r\n };\r\n }\r\n }\r\n\r\n // If session cookie is not present or invalid, try the ID token\r\n const idToken = cookieStore.get('_session_token')?.value;\r\n if (idToken) {\r\n const tokenResult = await verifyTernIdToken(idToken);\r\n if (tokenResult.valid) {\r\n return {\r\n userId: tokenResult.uid ?? null,\r\n token: idToken,\r\n error: null\r\n };\r\n }\r\n }\r\n\r\n // If both checks fail, return null values\r\n return {\r\n userId: null,\r\n token: null,\r\n error: new Error('No valid session or token found')\r\n };\r\n } catch (error) {\r\n console.error('Error in auth function:', error);\r\n return {\r\n userId: null,\r\n token: null,\r\n error: error instanceof Error ? error : new Error('An unknown error occurred')\r\n };\r\n }\r\n}\r\n\r\n"],"mappings":";AAEA,SAAS,eAAe;AACxB,SAAU,mBAAmB,+BAA+B;AAQ5D,eAAsB,OAA4B;AAXlD;AAYE,MAAI;AACF,UAAM,cAAc,MAAM,QAAQ;AAClC,UAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAC1D,QAAI,eAAe;AACjB,YAAM,gBAAgB,MAAM,wBAAwB,aAAa;AACjE,UAAI,cAAc,OAAO;AACvB,eAAO;AAAA,UACL,QAAQ,cAAc;AAAA,UACtB,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,UAAM,WAAU,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AACnD,QAAI,SAAS;AACX,YAAM,cAAc,MAAM,kBAAkB,OAAO;AACnD,UAAI,YAAY,OAAO;AACrB,eAAO;AAAA,UACL,SAAQ,iBAAY,QAAZ,YAAmB;AAAA,UAC3B,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,IAAI,MAAM,iCAAiC;AAAA,IACpD;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAC9C,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,2BAA2B;AAAA,IAC/E;AAAA,EACF;AACF;","names":[]}
|
|
@@ -64,16 +64,27 @@ async function setServerSession(token) {
|
|
|
64
64
|
path: "/"
|
|
65
65
|
});
|
|
66
66
|
}
|
|
67
|
-
async function
|
|
67
|
+
async function verifyTernIdToken(token) {
|
|
68
68
|
try {
|
|
69
|
-
const
|
|
70
|
-
|
|
71
|
-
return { valid: true, uid: res.uid };
|
|
72
|
-
} else {
|
|
73
|
-
return { valid: false, error: "Invalid token" };
|
|
74
|
-
}
|
|
69
|
+
const decodedToken = await adminAuth.verifyIdToken(token);
|
|
70
|
+
return { valid: true, uid: decodedToken.uid };
|
|
75
71
|
} catch (error) {
|
|
76
|
-
|
|
72
|
+
if (error instanceof Error) {
|
|
73
|
+
const firebaseError = error;
|
|
74
|
+
if (error.name === "FirebaseAuthError") {
|
|
75
|
+
switch (firebaseError.code) {
|
|
76
|
+
case "auth/id-token-expired":
|
|
77
|
+
return { valid: false, error: "Token has expired" };
|
|
78
|
+
case "auth/id-token-revoked":
|
|
79
|
+
return { valid: false, error: "Token has been revoked" };
|
|
80
|
+
case "auth/user-disabled":
|
|
81
|
+
return { valid: false, error: "User account has been disabled" };
|
|
82
|
+
default:
|
|
83
|
+
return { valid: false, error: "Invalid token" };
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
return { valid: false, error: "Error verifying token" };
|
|
77
88
|
}
|
|
78
89
|
}
|
|
79
90
|
async function verifyTernSessionCookie(session) {
|
|
@@ -93,7 +104,7 @@ export {
|
|
|
93
104
|
getIdToken,
|
|
94
105
|
getServerSessionCookie,
|
|
95
106
|
setServerSession,
|
|
96
|
-
|
|
107
|
+
verifyTernIdToken,
|
|
97
108
|
verifyTernSessionCookie
|
|
98
109
|
};
|
|
99
110
|
//# sourceMappingURL=sessionTernSecure.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/sessionTernSecure.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport { adminTernSecureAuth as adminAuth } from '../../utils/admin-init';\r\n\r\n\r\nexport interface User {\r\n uid: string;\r\n email: string;\r\n }\r\n\r\nexport interface Session {\r\n user: User | null;\r\n token: string | null;\r\n error: Error | null;\r\n}\r\n\r\nexport async function createSessionCookie(idToken: string) {\r\n try {\r\n const expiresIn = 60 * 60 * 24 * 5 * 1000;\r\n const sessionCookie = await adminAuth.createSessionCookie(idToken, { expiresIn });\r\n\r\n const cookieStore = await cookies();\r\n cookieStore.set('_session_cookie', sessionCookie, {\r\n maxAge: expiresIn,\r\n httpOnly: true,\r\n secure: process.env.NODE_ENV === 'production',\r\n path: '/',\r\n });\r\n return { success: true, message: 'Session created' };\r\n } catch (error) {\r\n return { success: false, message: 'Failed to create session' };\r\n }\r\n}\r\n\r\n\r\n\r\nexport async function getServerSessionCookie() {\r\n const cookieStore = await cookies();\r\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n\r\n if (!sessionCookie) {\r\n throw new Error('No session cookie found')\r\n }\r\n \r\n try {\r\n const decondeClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n return {\r\n token: sessionCookie,\r\n userId: decondeClaims.uid\r\n }\r\n } catch (error) {\r\n console.error('Error verifying session:', error)\r\n throw new Error('Invalid Session')\r\n }\r\n}\r\n\r\n\r\nexport async function getIdToken() {\r\n const cookieStore = await cookies();\r\n const token = cookieStore.get('_session_token')?.value;\r\n\r\n if (!token) {\r\n throw new Error('No session cookie found')\r\n }\r\n \r\n try {\r\n const decodedClaims = await adminAuth.verifyIdToken(token)\r\n return {\r\n token: token,\r\n userId: decodedClaims.uid\r\n }\r\n } catch (error) {\r\n console.error('Error verifying session:', error)\r\n throw new Error('Invalid Session')\r\n }\r\n}\r\n\r\nexport async function setServerSession(token: string) {\r\n const cookieStore = await cookies();\r\n cookieStore.set('_session', token, {\r\n httpOnly: true,\r\n secure: process.env.NODE_ENV === 'production',\r\n sameSite: 'strict',\r\n maxAge: 60 * 60, // 1 hour\r\n path: '/',\r\n });\r\n }\r\n\r\n export async function
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/sessionTernSecure.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport { adminTernSecureAuth as adminAuth } from '../../utils/admin-init';\r\n\r\ninterface FirebaseAuthError extends Error {\r\n code?: string;\r\n}\r\n\r\nexport interface User {\r\n uid: string | null;\r\n email: string | null;\r\n }\r\n\r\nexport interface Session {\r\n user: User | null;\r\n token: string | null;\r\n error: Error | null;\r\n}\r\n\r\nexport async function createSessionCookie(idToken: string) {\r\n try {\r\n const expiresIn = 60 * 60 * 24 * 5 * 1000;\r\n const sessionCookie = await adminAuth.createSessionCookie(idToken, { expiresIn });\r\n\r\n const cookieStore = await cookies();\r\n cookieStore.set('_session_cookie', sessionCookie, {\r\n maxAge: expiresIn,\r\n httpOnly: true,\r\n secure: process.env.NODE_ENV === 'production',\r\n path: '/',\r\n });\r\n return { success: true, message: 'Session created' };\r\n } catch (error) {\r\n return { success: false, message: 'Failed to create session' };\r\n }\r\n}\r\n\r\n\r\n\r\nexport async function getServerSessionCookie() {\r\n const cookieStore = await cookies();\r\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n\r\n if (!sessionCookie) {\r\n throw new Error('No session cookie found')\r\n }\r\n \r\n try {\r\n const decondeClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n return {\r\n token: sessionCookie,\r\n userId: decondeClaims.uid\r\n }\r\n } catch (error) {\r\n console.error('Error verifying session:', error)\r\n throw new Error('Invalid Session')\r\n }\r\n}\r\n\r\n\r\nexport async function getIdToken() {\r\n const cookieStore = await cookies();\r\n const token = cookieStore.get('_session_token')?.value;\r\n\r\n if (!token) {\r\n throw new Error('No session cookie found')\r\n }\r\n \r\n try {\r\n const decodedClaims = await adminAuth.verifyIdToken(token)\r\n return {\r\n token: token,\r\n userId: decodedClaims.uid\r\n }\r\n } catch (error) {\r\n console.error('Error verifying session:', error)\r\n throw new Error('Invalid Session')\r\n }\r\n}\r\n\r\nexport async function setServerSession(token: string) {\r\n const cookieStore = await cookies();\r\n cookieStore.set('_session', token, {\r\n httpOnly: true,\r\n secure: process.env.NODE_ENV === 'production',\r\n sameSite: 'strict',\r\n maxAge: 60 * 60, // 1 hour\r\n path: '/',\r\n });\r\n }\r\n\r\n export async function verifyTernIdToken(token: string): Promise<{ valid: boolean; uid?: string; error?: string }> {\r\n try {\r\n const decodedToken = await adminAuth.verifyIdToken(token);\r\n return { valid: true, uid: decodedToken.uid };\r\n } catch (error) {\r\n if (error instanceof Error) {\r\n const firebaseError = error as FirebaseAuthError;\r\n if (error.name === 'FirebaseAuthError') {\r\n // Handle specific Firebase Auth errors\r\n switch (firebaseError.code) {\r\n case 'auth/id-token-expired':\r\n return { valid: false, error: 'Token has expired' };\r\n case 'auth/id-token-revoked':\r\n return { valid: false, error: 'Token has been revoked' };\r\n case 'auth/user-disabled':\r\n return { valid: false, error: 'User account has been disabled' };\r\n default:\r\n return { valid: false, error: 'Invalid token' };\r\n }\r\n }\r\n }\r\n return { valid: false, error: 'Error verifying token' };\r\n }\r\n }\r\n \r\n\r\n export async function verifyTernSessionCookie(session: string): Promise<{ valid: boolean; uid?: any; error?: any }>{\r\n try {\r\n const res = await adminAuth.verifySessionCookie(session, true);\r\n if (res) {\r\n return { valid: true, uid: res.uid };\r\n } else {\r\n return { valid: false, error: 'Invalid session'};\r\n }\r\n } catch (error) {\r\n return {error: error, valid: false}\r\n }\r\n }\r\n\r\n\r\n\r\n/*\r\n export async function GET(request: NextRequest) {\r\n const cookieStore = await cookies();\r\n const sessionCookie = cookieStore.get('session')?.value\r\n \r\n if (!sessionCookie) {\r\n return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n }\r\n \r\n try {\r\n const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n return NextResponse.json({ isAuthenticated: true, user: decodedClaims }, { status: 200 })\r\n } catch (error) {\r\n console.error('Error verifying session cookie:', error)\r\n return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n }\r\n }\r\n\r\n*/"],"mappings":";AAEA,SAAS,eAAe;AACxB,SAAS,uBAAuB,iBAAiB;AAiBjD,eAAsB,oBAAoB,SAAiB;AACzD,MAAI;AACF,UAAM,YAAY,KAAK,KAAK,KAAK,IAAI;AACnC,UAAM,gBAAgB,MAAM,UAAU,oBAAoB,SAAS,EAAE,UAAU,CAAC;AAEhF,UAAM,cAAc,MAAM,QAAQ;AAClC,gBAAY,IAAI,mBAAmB,eAAe;AAAA,MAC9C,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,MAAM;AAAA,IACV,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACvD,SAAS,OAAO;AACZ,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EACjE;AACF;AAIA,eAAsB,yBAAyB;AAxC/C;AAyCE,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAE1D,MAAI,CAAC,eAAe;AAClB,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,UAAU,oBAAoB,eAAe,IAAI;AAC7E,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAGA,eAAsB,aAAa;AA7DnC;AA8DE,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,SAAQ,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AAEjD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,UAAU,cAAc,KAAK;AACzD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAEA,eAAsB,iBAAiB,OAAe;AAClD,QAAM,cAAc,MAAM,QAAQ;AAClC,cAAY,IAAI,YAAY,OAAO;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ,KAAK;AAAA;AAAA,IACb,MAAM;AAAA,EACR,CAAC;AACH;AAEA,eAAsB,kBAAkB,OAA0E;AAChH,MAAI;AACF,UAAM,eAAe,MAAM,UAAU,cAAc,KAAK;AACxD,WAAO,EAAE,OAAO,MAAM,KAAK,aAAa,IAAI;AAAA,EAC9C,SAAS,OAAO;AACd,QAAI,iBAAiB,OAAO;AAC1B,YAAM,gBAAgB;AACtB,UAAI,MAAM,SAAS,qBAAqB;AAEtC,gBAAQ,cAAc,MAAM;AAAA,UAC1B,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,oBAAoB;AAAA,UACpD,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,yBAAyB;AAAA,UACzD,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,iCAAiC;AAAA,UACjE;AACE,mBAAO,EAAE,OAAO,OAAO,OAAO,gBAAgB;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,OAAO,OAAO,wBAAwB;AAAA,EACxD;AACF;AAGA,eAAsB,wBAAwB,SAAqE;AACjH,MAAI;AACF,UAAM,MAAM,MAAM,UAAU,oBAAoB,SAAS,IAAI;AAC7D,QAAI,KAAK;AACP,aAAO,EAAE,OAAO,MAAM,KAAK,IAAI,IAAI;AAAA,IACrC,OAAO;AACL,aAAO,EAAE,OAAO,OAAO,OAAO,kBAAiB;AAAA,IACjD;AAAA,EACF,SAAS,OAAO;AACd,WAAO,EAAC,OAAc,OAAO,MAAK;AAAA,EACpC;AACF;","names":[]}
|
|
@@ -2,10 +2,18 @@
|
|
|
2
2
|
import { jsx } from "react/jsx-runtime";
|
|
3
3
|
import { useState, useEffect, useMemo, useCallback } from "react";
|
|
4
4
|
import { ternSecureAuth } from "../utils/client-init";
|
|
5
|
-
import { onAuthStateChanged
|
|
5
|
+
import { onAuthStateChanged } from "firebase/auth";
|
|
6
6
|
import { TernSecureCtx } from "./TernSecureCtx";
|
|
7
|
-
|
|
7
|
+
import { useRouter, usePathname } from "next/navigation";
|
|
8
|
+
import { verifyTernIdToken } from "../app-router/server/sessionTernSecure";
|
|
9
|
+
function TernSecureClientProvider({
|
|
10
|
+
children,
|
|
11
|
+
onUserChanged,
|
|
12
|
+
loginPath = "/sign-in"
|
|
13
|
+
}) {
|
|
8
14
|
const auth = useMemo(() => ternSecureAuth, []);
|
|
15
|
+
const router = useRouter();
|
|
16
|
+
const pathname = usePathname();
|
|
9
17
|
const [authState, setAuthState] = useState(() => ({
|
|
10
18
|
userId: null,
|
|
11
19
|
isLoaded: false,
|
|
@@ -22,52 +30,60 @@ function TernSecureClientProvider({ children, onUserChanged }) {
|
|
|
22
30
|
isValid: false,
|
|
23
31
|
token: null
|
|
24
32
|
});
|
|
25
|
-
|
|
33
|
+
router.push(loginPath);
|
|
34
|
+
}, [auth, router, loginPath]);
|
|
26
35
|
const checkTokenValidity = useCallback(async (user) => {
|
|
27
36
|
if (user) {
|
|
28
37
|
try {
|
|
29
38
|
const token = await user.getIdToken(true);
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
userId: user.uid
|
|
34
|
-
|
|
35
|
-
token,
|
|
36
|
-
error: null
|
|
37
|
-
}));
|
|
39
|
+
const decodedToken = await verifyTernIdToken(token);
|
|
40
|
+
const isValid = decodedToken.valid;
|
|
41
|
+
if (isValid) {
|
|
42
|
+
return { isValid: true, token, userId: user.uid };
|
|
43
|
+
}
|
|
38
44
|
} catch (error) {
|
|
39
45
|
console.error("Token validation error:", error);
|
|
40
46
|
await handleSignOut(error instanceof Error ? error : new Error("Authentication token is invalid"));
|
|
47
|
+
return { isValid: false, token: null, userId: null };
|
|
41
48
|
}
|
|
42
|
-
} else {
|
|
43
|
-
setAuthState((prev) => ({
|
|
44
|
-
...prev,
|
|
45
|
-
isLoaded: true,
|
|
46
|
-
userId: null,
|
|
47
|
-
isValid: false,
|
|
48
|
-
token: null,
|
|
49
|
-
error: null
|
|
50
|
-
}));
|
|
51
49
|
}
|
|
50
|
+
return { isValid: false, token: null, userId: null };
|
|
52
51
|
}, [handleSignOut]);
|
|
53
52
|
const handleAuthStateChange = useCallback(async (user) => {
|
|
54
|
-
await checkTokenValidity(user);
|
|
53
|
+
const { isValid, token, userId } = await checkTokenValidity(user);
|
|
54
|
+
setAuthState({
|
|
55
|
+
isLoaded: true,
|
|
56
|
+
userId,
|
|
57
|
+
isValid,
|
|
58
|
+
token,
|
|
59
|
+
error: null
|
|
60
|
+
});
|
|
55
61
|
if (onUserChanged) {
|
|
56
62
|
await onUserChanged(user);
|
|
57
63
|
}
|
|
58
|
-
|
|
64
|
+
if (!isValid && pathname !== loginPath) {
|
|
65
|
+
router.push(loginPath);
|
|
66
|
+
}
|
|
67
|
+
}, [checkTokenValidity, onUserChanged, router, loginPath, pathname]);
|
|
59
68
|
useEffect(() => {
|
|
60
69
|
const unsubscribeAuthState = onAuthStateChanged(auth, handleAuthStateChange);
|
|
61
|
-
const
|
|
70
|
+
const intervalId = setInterval(() => {
|
|
71
|
+
handleAuthStateChange(auth.currentUser);
|
|
72
|
+
}, 6e4);
|
|
62
73
|
return () => {
|
|
63
74
|
unsubscribeAuthState();
|
|
64
|
-
|
|
75
|
+
clearInterval(intervalId);
|
|
65
76
|
};
|
|
66
|
-
}, [auth, handleAuthStateChange
|
|
77
|
+
}, [auth, handleAuthStateChange]);
|
|
78
|
+
const contextValue = useMemo(() => ({
|
|
79
|
+
...authState,
|
|
80
|
+
checkTokenValidity: () => handleAuthStateChange(auth.currentUser),
|
|
81
|
+
signOut: handleSignOut
|
|
82
|
+
}), [authState, handleAuthStateChange, auth, handleSignOut]);
|
|
67
83
|
if (!authState.isLoaded) {
|
|
68
|
-
return /* @__PURE__ */ jsx(TernSecureCtx.Provider, { value:
|
|
84
|
+
return /* @__PURE__ */ jsx(TernSecureCtx.Provider, { value: contextValue, children: /* @__PURE__ */ jsx("div", { "aria-live": "polite", "aria-busy": "true", children: /* @__PURE__ */ jsx("span", { className: "sr-only", children: "Loading authentication state..." }) }) });
|
|
69
85
|
}
|
|
70
|
-
return /* @__PURE__ */ jsx(TernSecureCtx.Provider, { value:
|
|
86
|
+
return /* @__PURE__ */ jsx(TernSecureCtx.Provider, { value: contextValue, children });
|
|
71
87
|
}
|
|
72
88
|
export {
|
|
73
89
|
TernSecureClientProvider
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport React, { useState, useEffect, useMemo, useCallback } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init'\r\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport React, { useState, useEffect, useMemo, useCallback } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init'\r\nimport { User, onAuthStateChanged } from \"firebase/auth\"\r\nimport { TernSecureCtx, TernSecureState, TernSecureCtxValue } from './TernSecureCtx'\r\nimport { useRouter, usePathname } from 'next/navigation'\r\nimport { verifyTernIdToken } from '../app-router/server/sessionTernSecure'\r\n\r\ninterface TernSecureClientProviderProps {\r\n children: React.ReactNode;\r\n onUserChanged?: (user: User | null) => Promise<void>;\r\n loginPath?: string;\r\n}\r\n\r\nexport function TernSecureClientProvider({ \r\n children, \r\n onUserChanged,\r\n loginPath = '/sign-in'\r\n}: TernSecureClientProviderProps) {\r\n const auth = useMemo(() => ternSecureAuth, []);\r\n const router = useRouter();\r\n const pathname = usePathname();\r\n\r\n const [authState, setAuthState] = useState<TernSecureState>(() => ({\r\n userId: null,\r\n isLoaded: false,\r\n error: null,\r\n isValid: false,\r\n token: null\r\n }));\r\n\r\n const handleSignOut = useCallback(async (error?: Error) => {\r\n await auth.signOut();\r\n setAuthState({\r\n isLoaded: true,\r\n userId: null,\r\n error: error || null,\r\n isValid: false,\r\n token: null\r\n });\r\n router.push(loginPath);\r\n }, [auth, router, loginPath]);\r\n\r\n const checkTokenValidity = useCallback(async (user: User | null) => {\r\n if (user) {\r\n try {\r\n // Force token refresh\r\n const token = await user.getIdToken(true);\r\n \r\n const decodedToken = await verifyTernIdToken(token);\r\n const isValid = decodedToken.valid\r\n\r\n if(isValid) {\r\n return { isValid: true, token, userId: user.uid };\r\n }\r\n } catch (error) {\r\n console.error('Token validation error:', error);\r\n await handleSignOut(error instanceof Error ? error : new Error('Authentication token is invalid'));\r\n return { isValid: false, token: null, userId: null };\r\n }\r\n }\r\n return { isValid: false, token: null, userId: null };\r\n }, [handleSignOut]);\r\n\r\n const handleAuthStateChange = useCallback(async (user: User | null) => {\r\n const { isValid, token, userId } = await checkTokenValidity(user);\r\n \r\n setAuthState({\r\n isLoaded: true,\r\n userId,\r\n isValid,\r\n token,\r\n error: null\r\n });\r\n\r\n if (onUserChanged) {\r\n await onUserChanged(user);\r\n }\r\n\r\n if (!isValid && pathname !== loginPath) {\r\n router.push(loginPath);\r\n }\r\n }, [checkTokenValidity, onUserChanged, router, loginPath, pathname]);\r\n\r\n useEffect(() => {\r\n const unsubscribeAuthState = onAuthStateChanged(auth, handleAuthStateChange);\r\n \r\n // Set up an interval to periodically check token validity\r\n const intervalId = setInterval(() => {\r\n handleAuthStateChange(auth.currentUser);\r\n }, 60000); // Check every minute\r\n\r\n return () => {\r\n unsubscribeAuthState();\r\n clearInterval(intervalId);\r\n };\r\n }, [auth, handleAuthStateChange]);\r\n\r\n const contextValue: TernSecureCtxValue = useMemo(() => ({\r\n ...authState,\r\n checkTokenValidity: () => handleAuthStateChange(auth.currentUser),\r\n signOut: handleSignOut,\r\n }), [authState, handleAuthStateChange, auth, handleSignOut]);\r\n\r\n if (!authState.isLoaded) {\r\n return (\r\n <TernSecureCtx.Provider value={contextValue}>\r\n <div aria-live=\"polite\" aria-busy=\"true\">\r\n <span className=\"sr-only\">Loading authentication state...</span>\r\n </div>\r\n </TernSecureCtx.Provider>\r\n );\r\n }\r\n\r\n return (\r\n <TernSecureCtx.Provider value={contextValue}>\r\n {children}\r\n </TernSecureCtx.Provider>\r\n );\r\n}\r\n\r\n"],"mappings":";AA6GU;AA3GV,SAAgB,UAAU,WAAW,SAAS,mBAAmB;AACjE,SAAS,sBAAsB;AAC/B,SAAe,0BAA0B;AACzC,SAAS,qBAA0D;AACnE,SAAS,WAAW,mBAAmB;AACvC,SAAS,yBAAyB;AAQ3B,SAAS,yBAAyB;AAAA,EACvC;AAAA,EACA;AAAA,EACA,YAAY;AACd,GAAkC;AAChC,QAAM,OAAO,QAAQ,MAAM,gBAAgB,CAAC,CAAC;AAC7C,QAAM,SAAS,UAAU;AACzB,QAAM,WAAW,YAAY;AAE7B,QAAM,CAAC,WAAW,YAAY,IAAI,SAA0B,OAAO;AAAA,IACjE,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,OAAO;AAAA,IACP,SAAS;AAAA,IACT,OAAO;AAAA,EACT,EAAE;AAEF,QAAM,gBAAgB,YAAY,OAAO,UAAkB;AACzD,UAAM,KAAK,QAAQ;AACnB,iBAAa;AAAA,MACX,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,OAAO,SAAS;AAAA,MAChB,SAAS;AAAA,MACT,OAAO;AAAA,IACT,CAAC;AACD,WAAO,KAAK,SAAS;AAAA,EACvB,GAAG,CAAC,MAAM,QAAQ,SAAS,CAAC;AAE5B,QAAM,qBAAqB,YAAY,OAAO,SAAsB;AAClE,QAAI,MAAM;AACR,UAAI;AAEF,cAAM,QAAQ,MAAM,KAAK,WAAW,IAAI;AAExC,cAAM,eAAe,MAAM,kBAAkB,KAAK;AAClD,cAAM,UAAU,aAAa;AAE7B,YAAG,SAAS;AACV,iBAAO,EAAE,SAAS,MAAM,OAAO,QAAQ,KAAK,IAAI;AAAA,QAClD;AAAA,MACF,SAAS,OAAO;AACd,gBAAQ,MAAM,2BAA2B,KAAK;AAC9C,cAAM,cAAc,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,iCAAiC,CAAC;AACjG,eAAO,EAAE,SAAS,OAAO,OAAO,MAAM,QAAQ,KAAK;AAAA,MACrD;AAAA,IACF;AACA,WAAO,EAAE,SAAS,OAAO,OAAO,MAAM,QAAQ,KAAK;AAAA,EACrD,GAAG,CAAC,aAAa,CAAC;AAElB,QAAM,wBAAwB,YAAY,OAAO,SAAsB;AACrE,UAAM,EAAE,SAAS,OAAO,OAAO,IAAI,MAAM,mBAAmB,IAAI;AAEhE,iBAAa;AAAA,MACX,UAAU;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO;AAAA,IACT,CAAC;AAED,QAAI,eAAe;AACjB,YAAM,cAAc,IAAI;AAAA,IAC1B;AAEA,QAAI,CAAC,WAAW,aAAa,WAAW;AACtC,aAAO,KAAK,SAAS;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,oBAAoB,eAAe,QAAQ,WAAW,QAAQ,CAAC;AAEnE,YAAU,MAAM;AACd,UAAM,uBAAuB,mBAAmB,MAAM,qBAAqB;AAG3E,UAAM,aAAa,YAAY,MAAM;AACnC,4BAAsB,KAAK,WAAW;AAAA,IACxC,GAAG,GAAK;AAER,WAAO,MAAM;AACX,2BAAqB;AACrB,oBAAc,UAAU;AAAA,IAC1B;AAAA,EACF,GAAG,CAAC,MAAM,qBAAqB,CAAC;AAEhC,QAAM,eAAmC,QAAQ,OAAO;AAAA,IACtD,GAAG;AAAA,IACH,oBAAoB,MAAM,sBAAsB,KAAK,WAAW;AAAA,IAChE,SAAS;AAAA,EACX,IAAI,CAAC,WAAW,uBAAuB,MAAM,aAAa,CAAC;AAE3D,MAAI,CAAC,UAAU,UAAU;AACvB,WACE,oBAAC,cAAc,UAAd,EAAuB,OAAO,cAC7B,8BAAC,SAAI,aAAU,UAAS,aAAU,QAChC,8BAAC,UAAK,WAAU,WAAU,6CAA+B,GAC3D,GACF;AAAA,EAEJ;AAEA,SACE,oBAAC,cAAc,UAAd,EAAuB,OAAO,cAC5B,UACH;AAEJ;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/boundary/TernSecureCtx.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport { createContext, useContext } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init';\r\nimport { User } from 'firebase/auth';\r\n\r\nexport const TernSecureUser = (): User | null => {\r\n return ternSecureAuth.currentUser;\r\n}\r\n\r\nexport interface TernSecureState {\r\n userId: string | null\r\n isLoaded: boolean\r\n error: Error | null\r\n isValid: boolean\r\n token: string | null\r\n}\r\n\r\nexport
|
|
1
|
+
{"version":3,"sources":["../../../src/boundary/TernSecureCtx.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport { createContext, useContext } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init';\r\nimport { User } from 'firebase/auth';\r\n\r\nexport const TernSecureUser = (): User | null => {\r\n return ternSecureAuth.currentUser;\r\n}\r\n\r\nexport interface TernSecureState {\r\n userId: string | null\r\n isLoaded: boolean\r\n error: Error | null\r\n isValid: boolean\r\n token: string | null\r\n}\r\n\r\nexport interface TernSecureCtxValue extends TernSecureState {\r\n checkTokenValidity: () => Promise<void>;\r\n signOut: () => Promise<void>;\r\n}\r\n\r\nexport const TernSecureCtx = createContext<TernSecureCtxValue | null>(null)\r\n\r\nTernSecureCtx.displayName = 'TernSecureCtx'\r\n\r\nexport const useTernSecure = (hookName: string) => {\r\n const context = useContext(TernSecureCtx)\r\n \r\n if (!context) {\r\n throw new Error(\r\n `${hookName} must be used within TernSecureProvider`\r\n )\r\n }\r\n\r\n return context\r\n}\r\n\r\n"],"mappings":";AAEA,SAAS,eAAe,kBAAkB;AAC1C,SAAS,sBAAsB;AAGxB,MAAM,iBAAiB,MAAmB;AAC/C,SAAO,eAAe;AACxB;AAeO,MAAM,gBAAgB,cAAyC,IAAI;AAE1E,cAAc,cAAc;AAErB,MAAM,gBAAgB,CAAC,aAAqB;AACjD,QAAM,UAAU,WAAW,aAAa;AAExC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI;AAAA,MACR,GAAG,QAAQ;AAAA,IACb;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}
|
|
@@ -1,12 +1,30 @@
|
|
|
1
|
+
"use client";
|
|
2
|
+
import { useCallback } from "react";
|
|
1
3
|
import { useTernSecure } from "../TernSecureCtx";
|
|
4
|
+
import { TernSecureUser } from "../TernSecureCtx";
|
|
2
5
|
function useAuth() {
|
|
3
|
-
const
|
|
6
|
+
const {
|
|
7
|
+
userId,
|
|
8
|
+
isLoaded,
|
|
9
|
+
error,
|
|
10
|
+
isValid,
|
|
11
|
+
token,
|
|
12
|
+
checkTokenValidity,
|
|
13
|
+
signOut
|
|
14
|
+
} = useTernSecure("useAuth");
|
|
15
|
+
const user = TernSecureUser();
|
|
16
|
+
const refreshToken = useCallback(async () => {
|
|
17
|
+
await checkTokenValidity();
|
|
18
|
+
}, [checkTokenValidity]);
|
|
4
19
|
return {
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
20
|
+
user,
|
|
21
|
+
userId,
|
|
22
|
+
isLoaded,
|
|
23
|
+
error,
|
|
24
|
+
isAuthenticated: isValid,
|
|
25
|
+
token,
|
|
26
|
+
refreshToken,
|
|
27
|
+
signOut
|
|
10
28
|
};
|
|
11
29
|
}
|
|
12
30
|
export {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/boundary/hooks/useAuth.ts"],"sourcesContent":["
|
|
1
|
+
{"version":3,"sources":["../../../../src/boundary/hooks/useAuth.ts"],"sourcesContent":["\"use client\"\r\n\r\nimport { useCallback } from 'react'\r\nimport { useTernSecure } from '../TernSecureCtx'\r\nimport { User } from 'firebase/auth'\r\nimport { TernSecureUser } from '../TernSecureCtx'\r\n\r\nexport function useAuth() {\r\n const {\r\n userId,\r\n isLoaded,\r\n error,\r\n isValid,\r\n token,\r\n checkTokenValidity,\r\n signOut\r\n } = useTernSecure('useAuth')\r\n\r\n const user: User | null = TernSecureUser()\r\n\r\n const refreshToken = useCallback(async () => {\r\n await checkTokenValidity()\r\n }, [checkTokenValidity])\r\n\r\n return {\r\n user,\r\n userId,\r\n isLoaded,\r\n error,\r\n isAuthenticated: isValid,\r\n token,\r\n refreshToken,\r\n signOut\r\n }\r\n}\r\n\r\n"],"mappings":";AAEA,SAAS,mBAAmB;AAC5B,SAAS,qBAAqB;AAE9B,SAAS,sBAAsB;AAExB,SAAS,UAAU;AACxB,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,cAAc,SAAS;AAE3B,QAAM,OAAoB,eAAe;AAEzC,QAAM,eAAe,YAAY,YAAY;AAC3C,UAAM,mBAAmB;AAAA,EAC3B,GAAG,CAAC,kBAAkB,CAAC;AAEvB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,iBAAiB;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export interface User {
|
|
2
|
-
uid: string;
|
|
3
|
-
email: string;
|
|
2
|
+
uid: string | null;
|
|
3
|
+
email: string | null;
|
|
4
4
|
}
|
|
5
5
|
export interface Session {
|
|
6
6
|
user: User | null;
|
|
@@ -20,10 +20,10 @@ export declare function getIdToken(): Promise<{
|
|
|
20
20
|
userId: string;
|
|
21
21
|
}>;
|
|
22
22
|
export declare function setServerSession(token: string): Promise<void>;
|
|
23
|
-
export declare function
|
|
23
|
+
export declare function verifyTernIdToken(token: string): Promise<{
|
|
24
24
|
valid: boolean;
|
|
25
|
-
uid?:
|
|
26
|
-
error?:
|
|
25
|
+
uid?: string;
|
|
26
|
+
error?: string;
|
|
27
27
|
}>;
|
|
28
28
|
export declare function verifyTernSessionCookie(session: string): Promise<{
|
|
29
29
|
valid: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sessionTernSecure.d.ts","sourceRoot":"","sources":["../../../../src/app-router/server/sessionTernSecure.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sessionTernSecure.d.ts","sourceRoot":"","sources":["../../../../src/app-router/server/sessionTernSecure.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,IAAI;IACjB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAEH,MAAM,WAAW,OAAO;IACpB,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACvB;AAED,wBAAsB,mBAAmB,CAAC,OAAO,EAAE,MAAM;;;GAgBxD;AAID,wBAAsB,sBAAsB;;;GAkB3C;AAGD,wBAAsB,UAAU;;;GAkB/B;AAED,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM,iBASjD;AAED,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAuBhH;AAGD,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,GAAG,CAAC,EAAE,GAAG,CAAC;IAAC,KAAK,CAAC,EAAE,GAAG,CAAA;CAAE,CAAC,CAWlH"}
|
|
@@ -3,7 +3,8 @@ import { User } from "firebase/auth";
|
|
|
3
3
|
interface TernSecureClientProviderProps {
|
|
4
4
|
children: React.ReactNode;
|
|
5
5
|
onUserChanged?: (user: User | null) => Promise<void>;
|
|
6
|
+
loginPath?: string;
|
|
6
7
|
}
|
|
7
|
-
export declare function TernSecureClientProvider({ children, onUserChanged }: TernSecureClientProviderProps): import("react/jsx-runtime").JSX.Element;
|
|
8
|
+
export declare function TernSecureClientProvider({ children, onUserChanged, loginPath }: TernSecureClientProviderProps): import("react/jsx-runtime").JSX.Element;
|
|
8
9
|
export {};
|
|
9
10
|
//# sourceMappingURL=TernSecureClientProvider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TernSecureClientProvider.d.ts","sourceRoot":"","sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAoD,MAAM,OAAO,CAAA;AAExE,OAAO,
|
|
1
|
+
{"version":3,"file":"TernSecureClientProvider.d.ts","sourceRoot":"","sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAoD,MAAM,OAAO,CAAA;AAExE,OAAO,EAAE,IAAI,EAAsB,MAAM,eAAe,CAAA;AAKxD,UAAU,6BAA6B;IACrC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,wBAAwB,CAAC,EACvC,QAAQ,EACR,aAAa,EACb,SAAsB,EACvB,EAAE,6BAA6B,2CAqG/B"}
|
|
@@ -7,7 +7,10 @@ export interface TernSecureState {
|
|
|
7
7
|
isValid: boolean;
|
|
8
8
|
token: string | null;
|
|
9
9
|
}
|
|
10
|
-
export
|
|
11
|
-
|
|
12
|
-
|
|
10
|
+
export interface TernSecureCtxValue extends TernSecureState {
|
|
11
|
+
checkTokenValidity: () => Promise<void>;
|
|
12
|
+
signOut: () => Promise<void>;
|
|
13
|
+
}
|
|
14
|
+
export declare const TernSecureCtx: import("react").Context<TernSecureCtxValue | null>;
|
|
15
|
+
export declare const useTernSecure: (hookName: string) => TernSecureCtxValue;
|
|
13
16
|
//# sourceMappingURL=TernSecureCtx.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TernSecureCtx.d.ts","sourceRoot":"","sources":["../../../src/boundary/TernSecureCtx.tsx"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAErC,eAAO,MAAM,cAAc,QAAO,IAAI,GAAG,IAExC,CAAA;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,QAAQ,EAAE,OAAO,CAAA;IACjB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;CACrB;AAED,MAAM,
|
|
1
|
+
{"version":3,"file":"TernSecureCtx.d.ts","sourceRoot":"","sources":["../../../src/boundary/TernSecureCtx.tsx"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAErC,eAAO,MAAM,cAAc,QAAO,IAAI,GAAG,IAExC,CAAA;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,QAAQ,EAAE,OAAO,CAAA;IACjB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;CACrB;AAED,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD,kBAAkB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,eAAO,MAAM,aAAa,oDAAiD,CAAA;AAI3E,eAAO,MAAM,aAAa,aAAc,MAAM,uBAU7C,CAAA"}
|
|
@@ -1,8 +1,12 @@
|
|
|
1
|
+
import { User } from 'firebase/auth';
|
|
1
2
|
export declare function useAuth(): {
|
|
3
|
+
user: User | null;
|
|
2
4
|
userId: string | null;
|
|
3
5
|
isLoaded: boolean;
|
|
4
6
|
error: Error | null;
|
|
5
|
-
|
|
7
|
+
isAuthenticated: boolean;
|
|
6
8
|
token: string | null;
|
|
9
|
+
refreshToken: () => Promise<void>;
|
|
10
|
+
signOut: () => Promise<void>;
|
|
7
11
|
};
|
|
8
12
|
//# sourceMappingURL=useAuth.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../src/boundary/hooks/useAuth.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"useAuth.d.ts","sourceRoot":"","sources":["../../../../src/boundary/hooks/useAuth.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAGpC,wBAAgB,OAAO;;;;;;;;;EA2BtB"}
|