@tern-secure/nextjs 3.2.42 → 3.3.2

package/README.md

@@ -0,0 +1,34 @@
+# @tern-secure/nextjs
+
+A comprehensive Firebase authentication solution for Next.js applications, providing seamless integration with Firebase Auth, including email/password, Google, and Microsoft authentication methods.
+
+[![npm version](https://badge.fury.io/js/@tern-secure%2Fnextjs.svg)](https://www.npmjs.com/package/@tern-secure/nextjs)
+[![License: ISC](https://img.shields.io/badge/License-ISC-blue.svg)](https://opensource.org/licenses/ISC)
+
+## Features
+
+- 🔐 Multiple authentication methods:
+  - Email/Password authentication
+  - Google OAuth
+  - Microsoft OAuth
+- 🔄 Session management with cookies
+- ⚡ Server-side and client-side components
+- 🎨 Customizable UI components
+- 📦 TypeScript support
+- 🚀 Next.js App Router compatible
+
+## Installation 
+
+## Environment Variables
+
+Required environment variables:
+```
+NEXT_PUBLIC_FIREBASE_API_KEY=
+NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN=
+NEXT_PUBLIC_FIREBASE_PROJECT_ID=
+NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET=
+NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID=
+NEXT_PUBLIC_FIREBASE_APP_ID=
+FIREBASE_ADMIN_CLIENT_EMAIL=
+FIREBASE_ADMIN_PRIVATE_KEY=
+``` 

package/dist/cjs/app-router/client/TernSecureProvider.js

@@ -23,7 +23,7 @@ __export(TernSecureProvider_exports, {
 module.exports = __toCommonJS(TernSecureProvider_exports);
 var import_jsx_runtime = require("react/jsx-runtime");
 var import_TernSecureClientProvider = require("../../boundary/TernSecureClientProvider");
-function TernSecureProvider({ children }) {
+async function TernSecureProvider({ children }) {
   return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_TernSecureClientProvider.TernSecureClientProvider, { children });
 }
 // Annotate the CommonJS export names for ESM import in node:

package/dist/cjs/app-router/client/TernSecureProvider.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/app-router/client/TernSecureProvider.tsx"],"sourcesContent":["import React from \"react\"\r\nimport { TernSecureClientProvider } from \"../../boundary/TernSecureClientProvider\"\r\n\r\n\r\n// Loading fallback component\r\n/*function TernSecureLoadingFallback() {\r\n  return (\r\n    <div>\r\n      <span className=\"sr-only\">Loading...</span>\r\n    </div>\r\n  )\r\n}*/\r\n/**\r\n * Root Provider for TernSecure\r\n * Use this in your Next.js App Router root layout\r\n * Automatically handles client/server boundary and authentication state\r\n * \r\n * @example\r\n * // app/layout.tsx\r\n * import { TernSecureProvider } from '@tern/secure'\r\n * \r\n * export default function RootLayout({ children }) {\r\n *   return (\r\n *     <html>\r\n *       <body>\r\n *         <TernSecureProvider>\r\n *           {children}\r\n *         </TernSecureProvider>\r\n *       </body>\r\n *     </html>\r\n *   )\r\n * }\r\n */\r\nexport function TernSecureProvider({ children }: { children: React.ReactNode }) {\r\n  return (\r\n    <TernSecureClientProvider>\r\n        {children}\r\n    </TernSecureClientProvider>\r\n  )\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAmCI;AAlCJ,sCAAyC;AAgClC,SAAS,mBAAmB,EAAE,SAAS,GAAkC;AAC9E,SACE,4CAAC,4DACI,UACL;AAEJ;","names":[]}
+{"version":3,"sources":["../../../../src/app-router/client/TernSecureProvider.tsx"],"sourcesContent":["import React from \"react\"\r\nimport { TernSecureClientProvider } from \"../../boundary/TernSecureClientProvider\"\r\n\r\n\r\n// Loading fallback component\r\n/*function TernSecureLoadingFallback() {\r\n  return (\r\n    <div>\r\n      <span className=\"sr-only\">Loading...</span>\r\n    </div>\r\n  )\r\n}*/\r\n/**\r\n * Root Provider for TernSecure\r\n * Use this in your Next.js App Router root layout\r\n * Automatically handles client/server boundary and authentication state\r\n * \r\n * @example\r\n * /// app/layout.tsx\r\n * import { TernSecureProvider } from '@tern/secure'\r\n * \r\n * export default function RootLayout({ children }) {\r\n *   return (\r\n *     <html>\r\n *       <body>\r\n *         <TernSecureProvider>\r\n *           {children}\r\n *         </TernSecureProvider>\r\n *       </body>\r\n *     </html>\r\n *   )\r\n * }\r\n */\r\nexport async function TernSecureProvider({ children }: { children: React.ReactNode }) {\r\n  return (\r\n    <TernSecureClientProvider>\r\n        {children}\r\n    </TernSecureClientProvider>\r\n  )\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAmCI;AAlCJ,sCAAyC;AAgCzC,eAAsB,mBAAmB,EAAE,SAAS,GAAkC;AACpF,SACE,4CAAC,4DACI,UACL;AAEJ;","names":[]}

package/dist/cjs/app-router/client/actions.js

@@ -18,7 +18,10 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var actions_exports = {};
 __export(actions_exports, {
-  signInWithEmail: () => signInWithEmail
+  handleAuthRedirectResult: () => handleAuthRedirectResult,
+  signInWithEmail: () => signInWithEmail,
+  signInWithMicrosoft: () => signInWithMicrosoft,
+  signInWithRedirectGoogle: () => signInWithRedirectGoogle
 });
 module.exports = __toCommonJS(actions_exports);
 var import_client_init = require("../../utils/client-init");
@@ -40,8 +43,55 @@ async function signInWithEmail(email, password) {
     throw new Error(errorMessage);
   }
 }
+async function signInWithRedirectGoogle() {
+  const auth = (0, import_client_init.TernSecureAuth)();
+  const provider = new import_auth.GoogleAuthProvider();
+  provider.setCustomParameters({
+    login_hint: "user@example.com",
+    prompt: "select_account"
+  });
+  try {
+    await (0, import_auth.signInWithRedirect)(auth, provider);
+    return { success: true, message: "Redirect initiated" };
+  } catch (error) {
+    console.error("Error during Google sign-in:", error);
+    return { success: false, error: "Failed to sign in with Google" };
+  }
+}
+async function signInWithMicrosoft() {
+  const auth = (0, import_client_init.TernSecureAuth)();
+  const provider = new import_auth.OAuthProvider("microsoft.com");
+  provider.setCustomParameters({
+    prompt: "consent"
+  });
+  try {
+    await (0, import_auth.signInWithRedirect)(auth, provider);
+    return { success: true, message: "Redirect initiated" };
+  } catch (error) {
+    console.error("Error during Google sign-in:", error);
+    return { success: false, error: "Failed to sign in with Google" };
+  }
+}
+async function handleAuthRedirectResult() {
+  const auth = (0, import_client_init.TernSecureAuth)();
+  try {
+    const result = await (0, import_auth.getRedirectResult)(auth);
+    if (result) {
+      const user = result.user;
+      return { success: true, user };
+    } else {
+      return { success: false, error: "No redirect result" };
+    }
+  } catch (error) {
+    console.error("Error handling auth redirect result:", error);
+    return { success: false, error: error.message || "Failed to handle auth redirect", code: error.code };
+  }
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  signInWithEmail
+  handleAuthRedirectResult,
+  signInWithEmail,
+  signInWithMicrosoft,
+  signInWithRedirectGoogle
 });
 //# sourceMappingURL=actions.js.map

package/dist/cjs/app-router/client/actions.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/app-router/client/actions.ts"],"sourcesContent":["import { TernSecureAuth } from '../../utils/client-init'\r\nimport { signInWithEmailAndPassword } from 'firebase/auth'\r\nimport { createSessionCookie } from '../server/sessionTernSecure'\r\n\r\n\r\nexport async function signInWithEmail(email: string, password: string){\r\n  const auth = TernSecureAuth()\r\n  try {\r\n  const UserCredential = await signInWithEmailAndPassword(auth, email, password)\r\n  const idToken = await UserCredential.user.getIdToken();\r\n\r\n  const res = await createSessionCookie(idToken);\r\n\r\n  if(res.success) {\r\n    return { success: true, message: 'Connected.' };\r\n  } else {\r\n    throw new Error(res.message);\r\n  }\r\n} catch (error){\r\n  const errorMessage = error instanceof Error ? error.message : 'Failed to sign in';\r\n  throw new Error(errorMessage);\r\n}\r\n} "],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA+B;AAC/B,kBAA2C;AAC3C,+BAAoC;AAGpC,eAAsB,gBAAgB,OAAe,UAAiB;AACpE,QAAM,WAAO,mCAAe;AAC5B,MAAI;AACJ,UAAM,iBAAiB,UAAM,wCAA2B,MAAM,OAAO,QAAQ;AAC7E,UAAM,UAAU,MAAM,eAAe,KAAK,WAAW;AAErD,UAAM,MAAM,UAAM,8CAAoB,OAAO;AAE7C,QAAG,IAAI,SAAS;AACd,aAAO,EAAE,SAAS,MAAM,SAAS,aAAa;AAAA,IAChD,OAAO;AACL,YAAM,IAAI,MAAM,IAAI,OAAO;AAAA,IAC7B;AAAA,EACF,SAAS,OAAM;AACb,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU;AAC9D,UAAM,IAAI,MAAM,YAAY;AAAA,EAC9B;AACA;","names":[]}
+{"version":3,"sources":["../../../../src/app-router/client/actions.ts"],"sourcesContent":["import { TernSecureAuth } from '../../utils/client-init'\r\nimport { signInWithEmailAndPassword, signInWithRedirect, getRedirectResult, GoogleAuthProvider, OAuthProvider } from 'firebase/auth'\r\nimport { createSessionCookie } from '../server/sessionTernSecure'\r\n\r\n\r\nexport async function signInWithEmail(email: string, password: string){\r\n  const auth = TernSecureAuth()\r\n  try {\r\n  const UserCredential = await signInWithEmailAndPassword(auth, email, password)\r\n  const idToken = await UserCredential.user.getIdToken();\r\n\r\n  const res = await createSessionCookie(idToken);\r\n\r\n  if(res.success) {\r\n    return { success: true, message: 'Connected.' };\r\n  } else {\r\n    throw new Error(res.message);\r\n  }\r\n} catch (error){\r\n  const errorMessage = error instanceof Error ? error.message : 'Failed to sign in';\r\n  throw new Error(errorMessage);\r\n}\r\n} \r\n\r\nexport async function signInWithRedirectGoogle() {\r\n  const auth = TernSecureAuth()\r\n  const provider = new GoogleAuthProvider()\r\n  provider.setCustomParameters({\r\n    login_hint: 'user@example.com',\r\n    prompt: 'select_account'\r\n  })\r\n\r\n  try {\r\n    await signInWithRedirect(auth, provider)\r\n    return { success: true, message: 'Redirect initiated' }\r\n  } catch (error) {\r\n    console.error('Error during Google sign-in:', error)\r\n    return { success: false, error: 'Failed to sign in with Google' }\r\n  }\r\n}\r\n\r\n\r\nexport async function signInWithMicrosoft() {\r\n  const auth = TernSecureAuth()\r\n  const provider = new OAuthProvider('microsoft.com')\r\n  provider.setCustomParameters({\r\n    prompt: 'consent'\r\n  })\r\n\r\n  try {\r\n    await signInWithRedirect(auth, provider)\r\n    return { success: true, message: 'Redirect initiated' }\r\n  } catch (error) {\r\n    console.error('Error during Google sign-in:', error)\r\n    return { success: false, error: 'Failed to sign in with Google' }\r\n  }\r\n}\r\n\r\n\r\nexport async function handleAuthRedirectResult() {\r\n  const auth = TernSecureAuth()\r\n  try {\r\n    const result = await getRedirectResult(auth)\r\n    if (result) {\r\n      const user = result.user\r\n      return { success: true, user }\r\n    } else {\r\n      return { success: false, error: 'No redirect result' }\r\n    }\r\n  } catch (error: any) {\r\n    console.error('Error handling auth redirect result:', error)\r\n    return { success: false, error: error.message || 'Failed to handle auth redirect', code: error.code }\r\n  }\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA+B;AAC/B,kBAAqH;AACrH,+BAAoC;AAGpC,eAAsB,gBAAgB,OAAe,UAAiB;AACpE,QAAM,WAAO,mCAAe;AAC5B,MAAI;AACJ,UAAM,iBAAiB,UAAM,wCAA2B,MAAM,OAAO,QAAQ;AAC7E,UAAM,UAAU,MAAM,eAAe,KAAK,WAAW;AAErD,UAAM,MAAM,UAAM,8CAAoB,OAAO;AAE7C,QAAG,IAAI,SAAS;AACd,aAAO,EAAE,SAAS,MAAM,SAAS,aAAa;AAAA,IAChD,OAAO;AACL,YAAM,IAAI,MAAM,IAAI,OAAO;AAAA,IAC7B;AAAA,EACF,SAAS,OAAM;AACb,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU;AAC9D,UAAM,IAAI,MAAM,YAAY;AAAA,EAC9B;AACA;AAEA,eAAsB,2BAA2B;AAC/C,QAAM,WAAO,mCAAe;AAC5B,QAAM,WAAW,IAAI,+BAAmB;AACxC,WAAS,oBAAoB;AAAA,IAC3B,YAAY;AAAA,IACZ,QAAQ;AAAA,EACV,CAAC;AAED,MAAI;AACF,cAAM,gCAAmB,MAAM,QAAQ;AACvC,WAAO,EAAE,SAAS,MAAM,SAAS,qBAAqB;AAAA,EACxD,SAAS,OAAO;AACd,YAAQ,MAAM,gCAAgC,KAAK;AACnD,WAAO,EAAE,SAAS,OAAO,OAAO,gCAAgC;AAAA,EAClE;AACF;AAGA,eAAsB,sBAAsB;AAC1C,QAAM,WAAO,mCAAe;AAC5B,QAAM,WAAW,IAAI,0BAAc,eAAe;AAClD,WAAS,oBAAoB;AAAA,IAC3B,QAAQ;AAAA,EACV,CAAC;AAED,MAAI;AACF,cAAM,gCAAmB,MAAM,QAAQ;AACvC,WAAO,EAAE,SAAS,MAAM,SAAS,qBAAqB;AAAA,EACxD,SAAS,OAAO;AACd,YAAQ,MAAM,gCAAgC,KAAK;AACnD,WAAO,EAAE,SAAS,OAAO,OAAO,gCAAgC;AAAA,EAClE;AACF;AAGA,eAAsB,2BAA2B;AAC/C,QAAM,WAAO,mCAAe;AAC5B,MAAI;AACF,UAAM,SAAS,UAAM,+BAAkB,IAAI;AAC3C,QAAI,QAAQ;AACV,YAAM,OAAO,OAAO;AACpB,aAAO,EAAE,SAAS,MAAM,KAAK;AAAA,IAC/B,OAAO;AACL,aAAO,EAAE,SAAS,OAAO,OAAO,qBAAqB;AAAA,IACvD;AAAA,EACF,SAAS,OAAY;AACnB,YAAQ,MAAM,wCAAwC,KAAK;AAC3D,WAAO,EAAE,SAAS,OAAO,OAAO,MAAM,WAAW,kCAAkC,MAAM,MAAM,KAAK;AAAA,EACtG;AACF;","names":[]}

package/dist/cjs/app-router/server/auth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport {  verifyTernIdToken, verifyTernSessionCookie } from './sessionTernSecure';\r\n\r\nexport interface AuthResult {\r\n  userId: string | null;\r\n  token: string | null;\r\n  error: Error | null;\r\n}\r\n\r\nexport async function auth(): Promise<AuthResult> {\r\n  try {\r\n    const cookieStore = await cookies();\r\n    const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n    if (sessionCookie) {\r\n      const sessionResult = await verifyTernSessionCookie(sessionCookie);\r\n      if (sessionResult.valid) {\r\n        return {\r\n          userId: sessionResult.uid,\r\n          token: sessionCookie,\r\n          error: null\r\n        };\r\n      }\r\n    }\r\n\r\n    // If session cookie is not present or invalid, try the ID token\r\n    const idToken = cookieStore.get('_session_token')?.value;\r\n    if (idToken) {\r\n      const tokenResult = await verifyTernIdToken(idToken);\r\n      if (tokenResult.valid) {\r\n        return {\r\n          userId: tokenResult.uid ?? null,\r\n          token: idToken,\r\n          error: null\r\n        };\r\n      }\r\n    }\r\n\r\n    // If both checks fail, return null values\r\n    return {\r\n      userId: null,\r\n      token: null,\r\n      error: new Error('No valid session or token found')\r\n    };\r\n  } catch (error) {\r\n    console.error('Error in auth function:', error);\r\n    return {\r\n      userId: null,\r\n      token: null,\r\n      error: error instanceof Error ? error : new Error('An unknown error occurred')\r\n    };\r\n  }\r\n}\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAwB;AACxB,+BAA4D;AAQ5D,eAAsB,OAA4B;AAXlD;AAYE,MAAI;AACF,UAAM,cAAc,UAAM,wBAAQ;AAClC,UAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAC1D,QAAI,eAAe;AACjB,YAAM,gBAAgB,UAAM,kDAAwB,aAAa;AACjE,UAAI,cAAc,OAAO;AACvB,eAAO;AAAA,UACL,QAAQ,cAAc;AAAA,UACtB,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,UAAM,WAAU,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AACnD,QAAI,SAAS;AACX,YAAM,cAAc,UAAM,4CAAkB,OAAO;AACnD,UAAI,YAAY,OAAO;AACrB,eAAO;AAAA,UACL,SAAQ,iBAAY,QAAZ,YAAmB;AAAA,UAC3B,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,IAAI,MAAM,iCAAiC;AAAA,IACpD;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAC9C,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,2BAA2B;AAAA,IAC/E;AAAA,EACF;AACF;","names":[]}
+{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport {  verifyTernIdToken, verifyTernSessionCookie } from './sessionTernSecure';\r\n\r\nexport interface AuthResult {\r\n  userId: string | null;\r\n  token: string | null;\r\n  error: Error | null;\r\n}\r\n\r\nexport async function auth(): Promise<AuthResult> {\r\n  try {\r\n    const cookieStore = await cookies();\r\n    const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n    if (sessionCookie) {\r\n      const sessionResult = await verifyTernSessionCookie(sessionCookie);\r\n      if (sessionResult.valid) {\r\n        return {\r\n          userId: sessionResult.uid,\r\n          token: sessionCookie,\r\n          error: null\r\n        };\r\n      }\r\n    }\r\n\r\n    // If session cookie is not present or invalid, try the ID token\r\n    const idToken = cookieStore.get('_session_token')?.value;\r\n    if (idToken) {\r\n      const tokenResult = await verifyTernIdToken(idToken);\r\n      if (tokenResult.valid) {\r\n        return {\r\n          userId: tokenResult.uid ?? null,\r\n          token: idToken,\r\n          error: null\r\n        };\r\n      }\r\n    }\r\n\r\n    /// If both checks fail, return null values\r\n    return {\r\n      userId: null,\r\n      token: null,\r\n      error: new Error('No valid session or token found')\r\n    };\r\n  } catch (error) {\r\n    console.error('Error in auth function:', error);\r\n    return {\r\n      userId: null,\r\n      token: null,\r\n      error: error instanceof Error ? error : new Error('An unknown error occurred')\r\n    };\r\n  }\r\n}\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAwB;AACxB,+BAA4D;AAQ5D,eAAsB,OAA4B;AAXlD;AAYE,MAAI;AACF,UAAM,cAAc,UAAM,wBAAQ;AAClC,UAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAC1D,QAAI,eAAe;AACjB,YAAM,gBAAgB,UAAM,kDAAwB,aAAa;AACjE,UAAI,cAAc,OAAO;AACvB,eAAO;AAAA,UACL,QAAQ,cAAc;AAAA,UACtB,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,UAAM,WAAU,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AACnD,QAAI,SAAS;AACX,YAAM,cAAc,UAAM,4CAAkB,OAAO;AACnD,UAAI,YAAY,OAAO;AACrB,eAAO;AAAA,UACL,SAAQ,iBAAY,QAAZ,YAAmB;AAAA,UAC3B,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,IAAI,MAAM,iCAAiC;AAAA,IACpD;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAC9C,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,2BAA2B;AAAA,IAC/E;AAAA,EACF;AACF;","names":[]}

package/dist/cjs/app-router/server/sessionTernSecure.js

@@ -19,6 +19,7 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var sessionTernSecure_exports = {};
 __export(sessionTernSecure_exports, {
+  clearSessionCookie: () => clearSessionCookie,
   createSessionCookie: () => createSessionCookie,
   getIdToken: () => getIdToken,
   getServerSessionCookie: () => getServerSessionCookie,
@@ -94,7 +95,7 @@ async function setServerSession(token) {
 }
 async function verifyTernIdToken(token) {
   try {
-    const decodedToken = await import_admin_init.adminTernSecureAuth.verifyIdToken(token);
+    const decodedToken = await import_admin_init.adminTernSecureAuth.verifyIdToken(token, true);
     return { valid: true, uid: decodedToken.uid };
   } catch (error) {
     if (error instanceof Error) {
@@ -127,8 +128,27 @@ async function verifyTernSessionCookie(session) {
     return { error, valid: false };
   }
 }
+async function clearSessionCookie() {
+  var _a;
+  const cookieStore = await (0, import_headers.cookies)();
+  cookieStore.delete("_session_cookie");
+  cookieStore.delete("_session_token");
+  cookieStore.delete("_session");
+  try {
+    const sessionCookie = (_a = cookieStore.get("_session_cookie")) == null ? void 0 : _a.value;
+    if (sessionCookie) {
+      const decodedClaims = await import_admin_init.adminTernSecureAuth.verifySessionCookie(sessionCookie);
+      await import_admin_init.adminTernSecureAuth.revokeRefreshTokens(decodedClaims.uid);
+    }
+    return { success: true, message: "Session cleared successfully" };
+  } catch (error) {
+    console.error("Error clearing session:", error);
+    return { success: true, message: "Session cookies cleared" };
+  }
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  clearSessionCookie,
   createSessionCookie,
   getIdToken,
   getServerSessionCookie,

package/dist/cjs/app-router/server/sessionTernSecure.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/app-router/server/sessionTernSecure.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport { adminTernSecureAuth as adminAuth } from '../../utils/admin-init';\r\n\r\ninterface FirebaseAuthError extends Error {\r\n  code?: string;\r\n}\r\n\r\nexport interface User {\r\n    uid: string | null;\r\n    email: string | null;\r\n  }\r\n\r\nexport interface Session {\r\n    user: User | null;\r\n    token: string | null;\r\n    error: Error | null;\r\n}\r\n\r\nexport async function createSessionCookie(idToken: string) {\r\n  try {\r\n    const expiresIn = 60 * 60 * 24 * 5 * 1000;\r\n      const sessionCookie = await adminAuth.createSessionCookie(idToken, { expiresIn });\r\n\r\n      const cookieStore = await cookies();\r\n      cookieStore.set('_session_cookie', sessionCookie, {\r\n          maxAge: expiresIn,\r\n          httpOnly: true,\r\n          secure: process.env.NODE_ENV === 'production',\r\n          path: '/',\r\n      });\r\n      return { success: true, message: 'Session created' };\r\n  } catch (error) {\r\n      return { success: false, message: 'Failed to create session' };\r\n  }\r\n}\r\n\r\n\r\n\r\nexport async function getServerSessionCookie() {\r\n  const cookieStore = await cookies();\r\n  const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n\r\n  if (!sessionCookie) {\r\n    throw new Error('No session cookie found')\r\n  }\r\n    \r\n  try {\r\n    const decondeClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n    return {\r\n      token: sessionCookie,\r\n      userId: decondeClaims.uid\r\n    }\r\n  } catch (error) {\r\n    console.error('Error verifying session:', error)\r\n    throw new Error('Invalid Session')\r\n  }\r\n}\r\n\r\n\r\nexport async function getIdToken() {\r\n  const cookieStore = await cookies();\r\n  const token = cookieStore.get('_session_token')?.value;\r\n\r\n  if (!token) {\r\n    throw new Error('No session cookie found')\r\n  }\r\n    \r\n  try {\r\n    const decodedClaims = await adminAuth.verifyIdToken(token)\r\n    return {\r\n      token: token,\r\n      userId: decodedClaims.uid\r\n    }\r\n  } catch (error) {\r\n    console.error('Error verifying session:', error)\r\n    throw new Error('Invalid Session')\r\n  }\r\n}\r\n\r\nexport async function setServerSession(token: string) {\r\n    const cookieStore = await cookies();\r\n    cookieStore.set('_session', token, {\r\n      httpOnly: true,\r\n      secure: process.env.NODE_ENV === 'production',\r\n      sameSite: 'strict',\r\n      maxAge: 60 * 60, // 1 hour\r\n      path: '/',\r\n    });\r\n  }\r\n\r\n  export async function verifyTernIdToken(token: string): Promise<{ valid: boolean; uid?: string; error?: string }> {\r\n    try {\r\n      const decodedToken = await adminAuth.verifyIdToken(token);\r\n      return { valid: true, uid: decodedToken.uid };\r\n    } catch (error) {\r\n      if (error instanceof Error) {\r\n        const firebaseError = error as FirebaseAuthError;\r\n        if (error.name === 'FirebaseAuthError') {\r\n          // Handle specific Firebase Auth errors\r\n          switch (firebaseError.code) {\r\n            case 'auth/id-token-expired':\r\n              return { valid: false, error: 'Token has expired' };\r\n            case 'auth/id-token-revoked':\r\n              return { valid: false, error: 'Token has been revoked' };\r\n            case 'auth/user-disabled':\r\n              return { valid: false, error: 'User account has been disabled' };\r\n            default:\r\n              return { valid: false, error: 'Invalid token' };\r\n          }\r\n        }\r\n      }\r\n      return { valid: false, error: 'Error verifying token' };\r\n    }\r\n  }\r\n  \r\n\r\n  export async function verifyTernSessionCookie(session: string): Promise<{ valid: boolean; uid?: any; error?: any }>{\r\n    try {\r\n      const res = await adminAuth.verifySessionCookie(session, true);\r\n      if (res) {\r\n        return { valid: true, uid: res.uid };\r\n      } else {\r\n        return { valid: false, error: 'Invalid session'};\r\n      }\r\n    } catch (error) {\r\n      return {error: error, valid: false}\r\n    }\r\n  }\r\n\r\n\r\n\r\n/*\r\n  export async function GET(request: NextRequest) {\r\n    const cookieStore = await cookies();\r\n    const sessionCookie = cookieStore.get('session')?.value\r\n  \r\n    if (!sessionCookie) {\r\n      return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n    }\r\n  \r\n    try {\r\n      const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n      return NextResponse.json({ isAuthenticated: true, user: decodedClaims }, { status: 200 })\r\n    } catch (error) {\r\n      console.error('Error verifying session cookie:', error)\r\n      return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n    }\r\n  }\r\n\r\n*/"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAwB;AACxB,wBAAiD;AAiBjD,eAAsB,oBAAoB,SAAiB;AACzD,MAAI;AACF,UAAM,YAAY,KAAK,KAAK,KAAK,IAAI;AACnC,UAAM,gBAAgB,MAAM,kBAAAA,oBAAU,oBAAoB,SAAS,EAAE,UAAU,CAAC;AAEhF,UAAM,cAAc,UAAM,wBAAQ;AAClC,gBAAY,IAAI,mBAAmB,eAAe;AAAA,MAC9C,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,MAAM;AAAA,IACV,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACvD,SAAS,OAAO;AACZ,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EACjE;AACF;AAIA,eAAsB,yBAAyB;AAxC/C;AAyCE,QAAM,cAAc,UAAM,wBAAQ;AAClC,QAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAE1D,MAAI,CAAC,eAAe;AAClB,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,kBAAAA,oBAAU,oBAAoB,eAAe,IAAI;AAC7E,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAGA,eAAsB,aAAa;AA7DnC;AA8DE,QAAM,cAAc,UAAM,wBAAQ;AAClC,QAAM,SAAQ,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AAEjD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,kBAAAA,oBAAU,cAAc,KAAK;AACzD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAEA,eAAsB,iBAAiB,OAAe;AAClD,QAAM,cAAc,UAAM,wBAAQ;AAClC,cAAY,IAAI,YAAY,OAAO;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ,KAAK;AAAA;AAAA,IACb,MAAM;AAAA,EACR,CAAC;AACH;AAEA,eAAsB,kBAAkB,OAA0E;AAChH,MAAI;AACF,UAAM,eAAe,MAAM,kBAAAA,oBAAU,cAAc,KAAK;AACxD,WAAO,EAAE,OAAO,MAAM,KAAK,aAAa,IAAI;AAAA,EAC9C,SAAS,OAAO;AACd,QAAI,iBAAiB,OAAO;AAC1B,YAAM,gBAAgB;AACtB,UAAI,MAAM,SAAS,qBAAqB;AAEtC,gBAAQ,cAAc,MAAM;AAAA,UAC1B,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,oBAAoB;AAAA,UACpD,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,yBAAyB;AAAA,UACzD,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,iCAAiC;AAAA,UACjE;AACE,mBAAO,EAAE,OAAO,OAAO,OAAO,gBAAgB;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,OAAO,OAAO,wBAAwB;AAAA,EACxD;AACF;AAGA,eAAsB,wBAAwB,SAAqE;AACjH,MAAI;AACF,UAAM,MAAM,MAAM,kBAAAA,oBAAU,oBAAoB,SAAS,IAAI;AAC7D,QAAI,KAAK;AACP,aAAO,EAAE,OAAO,MAAM,KAAK,IAAI,IAAI;AAAA,IACrC,OAAO;AACL,aAAO,EAAE,OAAO,OAAO,OAAO,kBAAiB;AAAA,IACjD;AAAA,EACF,SAAS,OAAO;AACd,WAAO,EAAC,OAAc,OAAO,MAAK;AAAA,EACpC;AACF;","names":["adminAuth"]}
+{"version":3,"sources":["../../../../src/app-router/server/sessionTernSecure.ts"],"sourcesContent":["'use server'\r\n\r\nimport { cookies } from 'next/headers';\r\nimport { adminTernSecureAuth as adminAuth } from '../../utils/admin-init';\r\n\r\ninterface FirebaseAuthError extends Error {\r\n  code?: string;\r\n}\r\n\r\nexport interface User {\r\n    uid: string | null;\r\n    email: string | null;\r\n  }\r\n\r\nexport interface Session {\r\n    user: User | null;\r\n    token: string | null;\r\n    error: Error | null;\r\n}\r\n\r\nexport async function createSessionCookie(idToken: string) {\r\n  try {\r\n    const expiresIn = 60 * 60 * 24 * 5 * 1000;\r\n      const sessionCookie = await adminAuth.createSessionCookie(idToken, { expiresIn });\r\n\r\n      const cookieStore = await cookies();\r\n      cookieStore.set('_session_cookie', sessionCookie, {\r\n          maxAge: expiresIn,\r\n          httpOnly: true,\r\n          secure: process.env.NODE_ENV === 'production',\r\n          path: '/',\r\n      });\r\n      return { success: true, message: 'Session created' };\r\n  } catch (error) {\r\n      return { success: false, message: 'Failed to create session' };\r\n  }\r\n}\r\n\r\n\r\n\r\nexport async function getServerSessionCookie() {\r\n  const cookieStore = await cookies();\r\n  const sessionCookie = cookieStore.get('_session_cookie')?.value;\r\n\r\n  if (!sessionCookie) {\r\n    throw new Error('No session cookie found')\r\n  }\r\n    \r\n  try {\r\n    const decondeClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n    return {\r\n      token: sessionCookie,\r\n      userId: decondeClaims.uid\r\n    }\r\n  } catch (error) {\r\n    console.error('Error verifying session:', error)\r\n    throw new Error('Invalid Session')\r\n  }\r\n}\r\n\r\n\r\nexport async function getIdToken() {\r\n  const cookieStore = await cookies();\r\n  const token = cookieStore.get('_session_token')?.value;\r\n\r\n  if (!token) {\r\n    throw new Error('No session cookie found')\r\n  }\r\n    \r\n  try {\r\n    const decodedClaims = await adminAuth.verifyIdToken(token)\r\n    return {\r\n      token: token,\r\n      userId: decodedClaims.uid\r\n    }\r\n  } catch (error) {\r\n    console.error('Error verifying session:', error)\r\n    throw new Error('Invalid Session')\r\n  }\r\n}\r\n\r\nexport async function setServerSession(token: string) {\r\n    const cookieStore = await cookies();\r\n    cookieStore.set('_session', token, {\r\n      httpOnly: true,\r\n      secure: process.env.NODE_ENV === 'production',\r\n      sameSite: 'strict',\r\n      maxAge: 60 * 60, // 1 hour\r\n      path: '/',\r\n    });\r\n  }\r\n\r\n  export async function verifyTernIdToken(token: string): Promise<{ valid: boolean; uid?: string; error?: string }> {\r\n    try {\r\n      const decodedToken = await adminAuth.verifyIdToken(token, true);\r\n      return { valid: true, uid: decodedToken.uid };\r\n    } catch (error) {\r\n      if (error instanceof Error) {\r\n        const firebaseError = error as FirebaseAuthError;\r\n        if (error.name === 'FirebaseAuthError') {\r\n          // Handle specific Firebase Auth errors\r\n          switch (firebaseError.code) {\r\n            case 'auth/id-token-expired':\r\n              return { valid: false, error: 'Token has expired' };\r\n            case 'auth/id-token-revoked':\r\n              return { valid: false, error: 'Token has been revoked' };\r\n            case 'auth/user-disabled':\r\n              return { valid: false, error: 'User account has been disabled' };\r\n            default:\r\n              return { valid: false, error: 'Invalid token' };\r\n          }\r\n        }\r\n      }\r\n      return { valid: false, error: 'Error verifying token' };\r\n    }\r\n  }\r\n  \r\n\r\n  export async function verifyTernSessionCookie(session: string): Promise<{ valid: boolean; uid?: any; error?: any }>{\r\n    try {\r\n      const res = await adminAuth.verifySessionCookie(session, true);\r\n      if (res) {\r\n        return { valid: true, uid: res.uid };\r\n      } else {\r\n        return { valid: false, error: 'Invalid session'};\r\n      }\r\n    } catch (error) {\r\n      return {error: error, valid: false}\r\n    }\r\n  }\r\n\r\n\r\n  export async function clearSessionCookie() {\r\n    const cookieStore = await cookies()\r\n    \r\n    cookieStore.delete('_session_cookie')\r\n    cookieStore.delete('_session_token')\r\n    cookieStore.delete('_session')\r\n  \r\n    try {\r\n      // Verify if there's an active session before revoking\r\n      const sessionCookie = cookieStore.get('_session_cookie')?.value\r\n      if (sessionCookie) {\r\n        // Get the decoded claims to get the user's ID\r\n        const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie)\r\n        \r\n        // Revoke all sessions for the user\r\n        await adminAuth.revokeRefreshTokens(decodedClaims.uid)\r\n      }\r\n      \r\n      return { success: true, message: 'Session cleared successfully' }\r\n    } catch (error) {\r\n      console.error('Error clearing session:', error)\r\n      // Still return success even if revoking fails, as cookies are cleared\r\n      return { success: true, message: 'Session cookies cleared' }\r\n    }\r\n  }\r\n\r\n\r\n\r\n/*\r\n  export async function GET(request: NextRequest) {\r\n    const cookieStore = await cookies();\r\n    const sessionCookie = cookieStore.get('session')?.value\r\n  \r\n    if (!sessionCookie) {\r\n      return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n    }\r\n  \r\n    try {\r\n      const decodedClaims = await adminAuth.verifySessionCookie(sessionCookie, true)\r\n      return NextResponse.json({ isAuthenticated: true, user: decodedClaims }, { status: 200 })\r\n    } catch (error) {\r\n      console.error('Error verifying session cookie:', error)\r\n      return NextResponse.json({ isAuthenticated: false }, { status: 401 })\r\n    }\r\n  }\r\n\r\n*/"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAwB;AACxB,wBAAiD;AAiBjD,eAAsB,oBAAoB,SAAiB;AACzD,MAAI;AACF,UAAM,YAAY,KAAK,KAAK,KAAK,IAAI;AACnC,UAAM,gBAAgB,MAAM,kBAAAA,oBAAU,oBAAoB,SAAS,EAAE,UAAU,CAAC;AAEhF,UAAM,cAAc,UAAM,wBAAQ;AAClC,gBAAY,IAAI,mBAAmB,eAAe;AAAA,MAC9C,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,MAAM;AAAA,IACV,CAAC;AACD,WAAO,EAAE,SAAS,MAAM,SAAS,kBAAkB;AAAA,EACvD,SAAS,OAAO;AACZ,WAAO,EAAE,SAAS,OAAO,SAAS,2BAA2B;AAAA,EACjE;AACF;AAIA,eAAsB,yBAAyB;AAxC/C;AAyCE,QAAM,cAAc,UAAM,wBAAQ;AAClC,QAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAE1D,MAAI,CAAC,eAAe;AAClB,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,kBAAAA,oBAAU,oBAAoB,eAAe,IAAI;AAC7E,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAGA,eAAsB,aAAa;AA7DnC;AA8DE,QAAM,cAAc,UAAM,wBAAQ;AAClC,QAAM,SAAQ,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AAEjD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,MAAI;AACF,UAAM,gBAAgB,MAAM,kBAAAA,oBAAU,cAAc,KAAK;AACzD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ,cAAc;AAAA,IACxB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AACF;AAEA,eAAsB,iBAAiB,OAAe;AAClD,QAAM,cAAc,UAAM,wBAAQ;AAClC,cAAY,IAAI,YAAY,OAAO;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ,KAAK;AAAA;AAAA,IACb,MAAM;AAAA,EACR,CAAC;AACH;AAEA,eAAsB,kBAAkB,OAA0E;AAChH,MAAI;AACF,UAAM,eAAe,MAAM,kBAAAA,oBAAU,cAAc,OAAO,IAAI;AAC9D,WAAO,EAAE,OAAO,MAAM,KAAK,aAAa,IAAI;AAAA,EAC9C,SAAS,OAAO;AACd,QAAI,iBAAiB,OAAO;AAC1B,YAAM,gBAAgB;AACtB,UAAI,MAAM,SAAS,qBAAqB;AAEtC,gBAAQ,cAAc,MAAM;AAAA,UAC1B,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,oBAAoB;AAAA,UACpD,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,yBAAyB;AAAA,UACzD,KAAK;AACH,mBAAO,EAAE,OAAO,OAAO,OAAO,iCAAiC;AAAA,UACjE;AACE,mBAAO,EAAE,OAAO,OAAO,OAAO,gBAAgB;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,OAAO,OAAO,wBAAwB;AAAA,EACxD;AACF;AAGA,eAAsB,wBAAwB,SAAqE;AACjH,MAAI;AACF,UAAM,MAAM,MAAM,kBAAAA,oBAAU,oBAAoB,SAAS,IAAI;AAC7D,QAAI,KAAK;AACP,aAAO,EAAE,OAAO,MAAM,KAAK,IAAI,IAAI;AAAA,IACrC,OAAO;AACL,aAAO,EAAE,OAAO,OAAO,OAAO,kBAAiB;AAAA,IACjD;AAAA,EACF,SAAS,OAAO;AACd,WAAO,EAAC,OAAc,OAAO,MAAK;AAAA,EACpC;AACF;AAGA,eAAsB,qBAAqB;AApI7C;AAqII,QAAM,cAAc,UAAM,wBAAQ;AAElC,cAAY,OAAO,iBAAiB;AACpC,cAAY,OAAO,gBAAgB;AACnC,cAAY,OAAO,UAAU;AAE7B,MAAI;AAEF,UAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAC1D,QAAI,eAAe;AAEjB,YAAM,gBAAgB,MAAM,kBAAAA,oBAAU,oBAAoB,aAAa;AAGvE,YAAM,kBAAAA,oBAAU,oBAAoB,cAAc,GAAG;AAAA,IACvD;AAEA,WAAO,EAAE,SAAS,MAAM,SAAS,+BAA+B;AAAA,EAClE,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAE9C,WAAO,EAAE,SAAS,MAAM,SAAS,0BAA0B;AAAA,EAC7D;AACF;","names":["adminAuth"]}

package/dist/cjs/boundary/TernSecureClientProvider.js

@@ -56,7 +56,6 @@ function TernSecureClientProvider({
   (0, import_react.useEffect)(() => {
     const unsubscribe = (0, import_auth.onAuthStateChanged)(auth, async (user) => {
       if (user) {
-        await user.getIdToken();
         setAuthState({
           isLoaded: true,
           userId: user.uid,

package/dist/cjs/boundary/TernSecureClientProvider.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport React, { useState, useEffect, useMemo, useCallback } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init'\r\nimport { onAuthStateChanged, User } from \"firebase/auth\"\r\nimport { TernSecureCtx, TernSecureCtxValue, TernSecureState } from './TernSecureCtx'\r\nimport { useRouter } from 'next/navigation'\r\n\r\ninterface TernSecureClientProviderProps {\r\n  children: React.ReactNode;\r\n  onUserChanged?: (user: User | null) => Promise<void>;\r\n  loginPath?: string;\r\n  loadingComponent?: React.ReactNode;\r\n}\r\n\r\nexport function TernSecureClientProvider({ \r\n  children, \r\n  loginPath = '/sign-in',\r\n  loadingComponent\r\n}: TernSecureClientProviderProps) {\r\n  const auth = useMemo(() => ternSecureAuth, []);\r\n  const router = useRouter();\r\n  const [authState, setAuthState] = useState<TernSecureState>(() => ({\r\n    userId: null,\r\n    isLoaded: false,\r\n    error: null,\r\n    isValid: false,\r\n    token: null\r\n  }));\r\n\r\n  const handleSignOut = useCallback(async (error?: Error) => {\r\n    await auth.signOut();\r\n    setAuthState({\r\n      isLoaded: true,\r\n      userId: null,\r\n      error: error || null,\r\n      isValid: false,\r\n      token: null\r\n    });\r\n    router.push(loginPath);\r\n  }, [auth, router, loginPath]);\r\n\r\nuseEffect(() => {\r\n    const unsubscribe = onAuthStateChanged(auth, async (user: User | null) => {\r\n      if (user) {\r\n        await user.getIdToken()\r\n        setAuthState({\r\n          isLoaded: true,\r\n          userId: user.uid,\r\n          isValid: true,\r\n          token: user.getIdToken(),\r\n          error: null\r\n        })\r\n      } else {\r\n        setAuthState({\r\n          isLoaded: true,\r\n          userId: null,\r\n          isValid: false,\r\n          token: null,\r\n          error: new Error('User is not authenticated')\r\n        })\r\n        router.push(loginPath);\r\n      }\r\n    }, (error) => {\r\n      handleSignOut(error instanceof Error ? error : new Error('Authentication error occurred'));\r\n    })\r\n    \r\n    return () => unsubscribe()\r\n  }, [auth, handleSignOut, router, loginPath])\r\n\r\n  const contextValue: TernSecureCtxValue = useMemo(() => ({\r\n    ...authState,\r\n    signOut: handleSignOut,\r\n  }), [authState, auth, handleSignOut]);\r\n\r\n  if (!authState.isLoaded) {\r\n    return (\r\n      <TernSecureCtx.Provider value={contextValue}>\r\n        {loadingComponent || (\r\n          <div aria-live=\"polite\" aria-busy=\"true\">\r\n            <span className=\"sr-only\">Loading authentication state...</span>\r\n          </div>\r\n        )}\r\n      </TernSecureCtx.Provider>\r\n    );\r\n  }\r\n\r\n  return (\r\n      <TernSecureCtx.Provider value={contextValue}>\r\n       {children}\r\n      </TernSecureCtx.Provider>\r\n  )\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAgFY;AA9EZ,mBAAiE;AACjE,yBAA+B;AAC/B,kBAAyC;AACzC,2BAAmE;AACnE,wBAA0B;AASnB,SAAS,yBAAyB;AAAA,EACvC;AAAA,EACA,YAAY;AAAA,EACZ;AACF,GAAkC;AAChC,QAAM,WAAO,sBAAQ,MAAM,mCAAgB,CAAC,CAAC;AAC7C,QAAM,aAAS,6BAAU;AACzB,QAAM,CAAC,WAAW,YAAY,QAAI,uBAA0B,OAAO;AAAA,IACjE,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,OAAO;AAAA,IACP,SAAS;AAAA,IACT,OAAO;AAAA,EACT,EAAE;AAEF,QAAM,oBAAgB,0BAAY,OAAO,UAAkB;AACzD,UAAM,KAAK,QAAQ;AACnB,iBAAa;AAAA,MACX,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,OAAO,SAAS;AAAA,MAChB,SAAS;AAAA,MACT,OAAO;AAAA,IACT,CAAC;AACD,WAAO,KAAK,SAAS;AAAA,EACvB,GAAG,CAAC,MAAM,QAAQ,SAAS,CAAC;AAE9B,8BAAU,MAAM;AACZ,UAAM,kBAAc,gCAAmB,MAAM,OAAO,SAAsB;AACxE,UAAI,MAAM;AACR,cAAM,KAAK,WAAW;AACtB,qBAAa;AAAA,UACX,UAAU;AAAA,UACV,QAAQ,KAAK;AAAA,UACb,SAAS;AAAA,UACT,OAAO,KAAK,WAAW;AAAA,UACvB,OAAO;AAAA,QACT,CAAC;AAAA,MACH,OAAO;AACL,qBAAa;AAAA,UACX,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,OAAO;AAAA,UACP,OAAO,IAAI,MAAM,2BAA2B;AAAA,QAC9C,CAAC;AACD,eAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF,GAAG,CAAC,UAAU;AACZ,oBAAc,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,+BAA+B,CAAC;AAAA,IAC3F,CAAC;AAED,WAAO,MAAM,YAAY;AAAA,EAC3B,GAAG,CAAC,MAAM,eAAe,QAAQ,SAAS,CAAC;AAE3C,QAAM,mBAAmC,sBAAQ,OAAO;AAAA,IACtD,GAAG;AAAA,IACH,SAAS;AAAA,EACX,IAAI,CAAC,WAAW,MAAM,aAAa,CAAC;AAEpC,MAAI,CAAC,UAAU,UAAU;AACvB,WACE,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC5B,8BACC,4CAAC,SAAI,aAAU,UAAS,aAAU,QAChC,sDAAC,UAAK,WAAU,WAAU,6CAA+B,GAC3D,GAEJ;AAAA,EAEJ;AAEA,SACI,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC7B,UACF;AAEN;","names":[]}
+{"version":3,"sources":["../../../src/boundary/TernSecureClientProvider.tsx"],"sourcesContent":["\"use client\"\r\n\r\nimport React, { useState, useEffect, useMemo, useCallback } from 'react'\r\nimport { ternSecureAuth } from '../utils/client-init'\r\nimport { onAuthStateChanged, User } from \"firebase/auth\"\r\nimport { TernSecureCtx, TernSecureCtxValue, TernSecureState } from './TernSecureCtx'\r\nimport { useRouter } from 'next/navigation'\r\n\r\ninterface TernSecureClientProviderProps {\r\n  children: React.ReactNode;\r\n  onUserChanged?: (user: User | null) => Promise<void>;\r\n  loginPath?: string;\r\n  loadingComponent?: React.ReactNode;\r\n}\r\n\r\nexport function TernSecureClientProvider({ \r\n  children, \r\n  loginPath = '/sign-in',\r\n  loadingComponent\r\n}: TernSecureClientProviderProps) {\r\n  const auth = useMemo(() => ternSecureAuth, []);\r\n  const router = useRouter();\r\n  const [authState, setAuthState] = useState<TernSecureState>(() => ({\r\n    userId: null,\r\n    isLoaded: false,\r\n    error: null,\r\n    isValid: false,\r\n    token: null\r\n  }));\r\n\r\n  const handleSignOut = useCallback(async (error?: Error) => {\r\n    await auth.signOut();\r\n    setAuthState({\r\n      isLoaded: true,\r\n      userId: null,\r\n      error: error || null,\r\n      isValid: false,\r\n      token: null\r\n    });\r\n    router.push(loginPath);\r\n  }, [auth, router, loginPath]);\r\n\r\nuseEffect(() => {\r\n    const unsubscribe = onAuthStateChanged(auth, async (user: User | null) => {\r\n      if (user) {\r\n        setAuthState({\r\n          isLoaded: true,\r\n          userId: user.uid,\r\n          isValid: true,\r\n          token: user.getIdToken(),\r\n          error: null\r\n        })\r\n      } else {\r\n        setAuthState({\r\n          isLoaded: true,\r\n          userId: null,\r\n          isValid: false,\r\n          token: null,\r\n          error: new Error('User is not authenticated')\r\n        })\r\n        router.push(loginPath);\r\n      }\r\n    }, (error) => {\r\n      handleSignOut(error instanceof Error ? error : new Error('Authentication error occurred'));\r\n    })\r\n    \r\n    return () => unsubscribe()\r\n  }, [auth, handleSignOut, router, loginPath])\r\n\r\n  const contextValue: TernSecureCtxValue = useMemo(() => ({\r\n    ...authState,\r\n    signOut: handleSignOut,\r\n  }), [authState, auth, handleSignOut]);\r\n\r\n  if (!authState.isLoaded) {\r\n    return (\r\n      <TernSecureCtx.Provider value={contextValue}>\r\n        {loadingComponent || (\r\n          <div aria-live=\"polite\" aria-busy=\"true\">\r\n            <span className=\"sr-only\">Loading authentication state...</span>\r\n          </div>\r\n        )}\r\n      </TernSecureCtx.Provider>\r\n    );\r\n  }\r\n\r\n  return (\r\n      <TernSecureCtx.Provider value={contextValue}>\r\n       {children}\r\n      </TernSecureCtx.Provider>\r\n  )\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA+EY;AA7EZ,mBAAiE;AACjE,yBAA+B;AAC/B,kBAAyC;AACzC,2BAAmE;AACnE,wBAA0B;AASnB,SAAS,yBAAyB;AAAA,EACvC;AAAA,EACA,YAAY;AAAA,EACZ;AACF,GAAkC;AAChC,QAAM,WAAO,sBAAQ,MAAM,mCAAgB,CAAC,CAAC;AAC7C,QAAM,aAAS,6BAAU;AACzB,QAAM,CAAC,WAAW,YAAY,QAAI,uBAA0B,OAAO;AAAA,IACjE,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,OAAO;AAAA,IACP,SAAS;AAAA,IACT,OAAO;AAAA,EACT,EAAE;AAEF,QAAM,oBAAgB,0BAAY,OAAO,UAAkB;AACzD,UAAM,KAAK,QAAQ;AACnB,iBAAa;AAAA,MACX,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,OAAO,SAAS;AAAA,MAChB,SAAS;AAAA,MACT,OAAO;AAAA,IACT,CAAC;AACD,WAAO,KAAK,SAAS;AAAA,EACvB,GAAG,CAAC,MAAM,QAAQ,SAAS,CAAC;AAE9B,8BAAU,MAAM;AACZ,UAAM,kBAAc,gCAAmB,MAAM,OAAO,SAAsB;AACxE,UAAI,MAAM;AACR,qBAAa;AAAA,UACX,UAAU;AAAA,UACV,QAAQ,KAAK;AAAA,UACb,SAAS;AAAA,UACT,OAAO,KAAK,WAAW;AAAA,UACvB,OAAO;AAAA,QACT,CAAC;AAAA,MACH,OAAO;AACL,qBAAa;AAAA,UACX,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,OAAO;AAAA,UACP,OAAO,IAAI,MAAM,2BAA2B;AAAA,QAC9C,CAAC;AACD,eAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF,GAAG,CAAC,UAAU;AACZ,oBAAc,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,+BAA+B,CAAC;AAAA,IAC3F,CAAC;AAED,WAAO,MAAM,YAAY;AAAA,EAC3B,GAAG,CAAC,MAAM,eAAe,QAAQ,SAAS,CAAC;AAE3C,QAAM,mBAAmC,sBAAQ,OAAO;AAAA,IACtD,GAAG;AAAA,IACH,SAAS;AAAA,EACX,IAAI,CAAC,WAAW,MAAM,aAAa,CAAC;AAEpC,MAAI,CAAC,UAAU,UAAU;AACvB,WACE,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC5B,8BACC,4CAAC,SAAI,aAAU,UAAS,aAAU,QAChC,sDAAC,UAAK,WAAU,WAAU,6CAA+B,GAC3D,GAEJ;AAAA,EAEJ;AAEA,SACI,4CAAC,mCAAc,UAAd,EAAuB,OAAO,cAC7B,UACF;AAEN;","names":[]}

package/dist/cjs/components/background.js

@@ -0,0 +1,65 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var background_exports = {};
+__export(background_exports, {
+  AuthBackground: () => AuthBackground
+});
+module.exports = __toCommonJS(background_exports);
+var import_jsx_runtime = require("react/jsx-runtime");
+function AuthBackground() {
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_jsx_runtime.Fragment, { children: [
+    /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+      "div",
+      {
+        className: "absolute inset-x-0 -top-40 -z-10 transform-gpu overflow-hidden blur-3xl sm:-top-80",
+        "aria-hidden": "true",
+        children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+          "div",
+          {
+            className: "relative left-[calc(50%-11rem)] aspect-[1155/678] w-[36.125rem] -translate-x-1/2 rotate-[30deg] bg-gradient-to-tr from-[#ff80b5] to-[#9089fc] opacity-30 sm:left-[calc(50%-30rem)] sm:w-[72.1875rem]",
+            style: {
+              clipPath: "polygon(74.1% 44.1%, 100% 61.6%, 97.5% 26.9%, 85.5% 0.1%, 80.7% 2%, 72.5% 32.5%, 60.2% 62.4%, 52.4% 68.1%, 47.5% 58.3%, 45.2% 34.5%, 27.5% 76.7%, 0.1% 64.9%, 17.9% 100%, 27.6% 76.8%, 76.1% 97.7%, 74.1% 44.1%)"
+            }
+          }
+        )
+      }
+    ),
+    /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+      "div",
+      {
+        className: "absolute inset-x-0 top-[calc(100%-13rem)] -z-10 transform-gpu overflow-hidden blur-3xl sm:top-[calc(100%-30rem)]",
+        "aria-hidden": "true",
+        children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+          "div",
+          {
+            className: "relative left-[calc(50%+3rem)] aspect-[1155/678] w-[36.125rem] -translate-x-1/2 bg-gradient-to-tr from-[hsl(var(--secondary)_/_0.3)] to-[hsl(var(--primary)_/_0.3)] opacity-30 sm:left-[calc(50%+36rem)] sm:w-[72.1875rem]",
+            style: {
+              clipPath: "polygon(74.1% 44.1%, 100% 61.6%, 97.5% 26.9%, 85.5% 0.1%, 80.7% 2%, 72.5% 32.5%, 60.2% 62.4%, 52.4% 68.1%, 47.5% 58.3%, 45.2% 34.5%, 27.5% 76.7%, 0.1% 64.9%, 17.9% 100%, 27.6% 76.8%, 76.1% 97.7%, 74.1% 44.1%)"
+            }
+          }
+        )
+      }
+    )
+  ] });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthBackground
+});
+//# sourceMappingURL=background.js.map

package/dist/cjs/components/background.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/components/background.tsx"],"sourcesContent":["export function AuthBackground() {\r\n    return (\r\n      <>\r\n        {/* Primary gradient blob */}\r\n        <div\r\n            className=\"absolute inset-x-0 -top-40 -z-10 transform-gpu overflow-hidden blur-3xl sm:-top-80\"\r\n            aria-hidden=\"true\"\r\n          >\r\n            <div\r\n              className=\"relative left-[calc(50%-11rem)] aspect-[1155/678] w-[36.125rem] -translate-x-1/2 rotate-[30deg] bg-gradient-to-tr from-[#ff80b5] to-[#9089fc] opacity-30 sm:left-[calc(50%-30rem)] sm:w-[72.1875rem]\"\r\n              style={{\r\n                clipPath:\r\n                  'polygon(74.1% 44.1%, 100% 61.6%, 97.5% 26.9%, 85.5% 0.1%, 80.7% 2%, 72.5% 32.5%, 60.2% 62.4%, 52.4% 68.1%, 47.5% 58.3%, 45.2% 34.5%, 27.5% 76.7%, 0.1% 64.9%, 17.9% 100%, 27.6% 76.8%, 76.1% 97.7%, 74.1% 44.1%)',\r\n              }}\r\n            />\r\n          </div>\r\n        \r\n        {/* Secondary gradient blob */}\r\n        <div\r\n          className=\"absolute inset-x-0 top-[calc(100%-13rem)] -z-10 transform-gpu overflow-hidden blur-3xl sm:top-[calc(100%-30rem)]\"\r\n          aria-hidden=\"true\"\r\n        >\r\n          <div\r\n            className=\"relative left-[calc(50%+3rem)] aspect-[1155/678] w-[36.125rem] -translate-x-1/2 bg-gradient-to-tr from-[hsl(var(--secondary)_/_0.3)] to-[hsl(var(--primary)_/_0.3)] opacity-30 sm:left-[calc(50%+36rem)] sm:w-[72.1875rem]\"\r\n            style={{\r\n              clipPath:\r\n                'polygon(74.1% 44.1%, 100% 61.6%, 97.5% 26.9%, 85.5% 0.1%, 80.7% 2%, 72.5% 32.5%, 60.2% 62.4%, 52.4% 68.1%, 47.5% 58.3%, 45.2% 34.5%, 27.5% 76.7%, 0.1% 64.9%, 17.9% 100%, 27.6% 76.8%, 76.1% 97.7%, 74.1% 44.1%)',\r\n            }}\r\n          />\r\n        </div>\r\n      </>\r\n    )\r\n  }\r\n  \r\n  "],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEM;AAFC,SAAS,iBAAiB;AAC7B,SACE,4EAEE;AAAA;AAAA,MAAC;AAAA;AAAA,QACG,WAAU;AAAA,QACV,eAAY;AAAA,QAEZ;AAAA,UAAC;AAAA;AAAA,YACC,WAAU;AAAA,YACV,OAAO;AAAA,cACL,UACE;AAAA,YACJ;AAAA;AAAA,QACF;AAAA;AAAA,IACF;AAAA,IAGF;AAAA,MAAC;AAAA;AAAA,QACC,WAAU;AAAA,QACV,eAAY;AAAA,QAEZ;AAAA,UAAC;AAAA;AAAA,YACC,WAAU;AAAA,YACV,OAAO;AAAA,cACL,UACE;AAAA,YACJ;AAAA;AAAA,QACF;AAAA;AAAA,IACF;AAAA,KACF;AAEJ;","names":[]}

package/dist/cjs/components/sign-in.js

@@ -23,28 +23,86 @@ __export(sign_in_exports, {
 });
 module.exports = __toCommonJS(sign_in_exports);
 var import_jsx_runtime = require("react/jsx-runtime");
-var import_react2 = require("react");
-var import_actions = require("../app-router/client/actions");
-var import_create_styles = require("../utils/create-styles");
+var import_react = require("react");
 var import_navigation = require("next/navigation");
+var import_actions = require("../app-router/client/actions");
+var import_card = require("./ui/card");
+var import_input = require("./ui/input");
+var import_label = require("./ui/label");
+var import_button = require("./ui/button");
+var import_alert = require("./ui/alert");
+var import_separator = require("./ui/separator");
+var import_utils = require("../lib/utils");
+var import_lucide_react = require("lucide-react");
+var import_auth = require("firebase/auth");
+var import_client_init = require("../utils/client-init");
+var import_sessionTernSecure = require("../app-router/server/sessionTernSecure");
+var import_background = require("./background");
+var import_construct = require("../utils/construct");
+const isLocalhost = typeof window !== "undefined" && (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1");
+const authDomain = process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN;
+const appName = process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || "TernSecure";
 function SignIn({
+  redirectUrl,
   onError,
+  onSuccess,
   className,
-  style,
   customStyles = {}
 }) {
-  const [loading, setLoading] = (0, import_react2.useState)(false);
-  const [error, setError] = (0, import_react2.useState)("");
-  const [email, setEmail] = (0, import_react2.useState)("");
-  const [password, setPassword] = (0, import_react2.useState)("");
-  const router = (0, import_navigation.useRouter)();
+  const [loading, setLoading] = (0, import_react.useState)(false);
+  const [checkingRedirect, setCheckingRedirect] = (0, import_react.useState)(true);
+  const [error, setError] = (0, import_react.useState)("");
+  const [email, setEmail] = (0, import_react.useState)("");
+  const [password, setPassword] = (0, import_react.useState)("");
+  const searchParams = (0, import_navigation.useSearchParams)();
+  const isRedirectSignIn = searchParams.get("signInRedirect") === "true";
+  const handleRedirectResult = (0, import_react.useCallback)(async () => {
+    if (!isRedirectSignIn) return false;
+    setCheckingRedirect(true);
+    try {
+      console.log("Checking redirect result...");
+      console.log("Current hostname:", window.location.hostname);
+      console.log("Auth domain hostname:", authDomain);
+      const isOnAuth = authDomain && window.location.hostname === authDomain.replace(/https?:\/\//, "");
+      console.log("Is on  AuthDomain:", isOnAuth);
+      const result = await (0, import_auth.getRedirectResult)(import_client_init.ternSecureAuth);
+      console.log("Redirect result:", result);
+      if (result) {
+        const idToken = await result.user.getIdToken();
+        const sessionResult = await (0, import_sessionTernSecure.createSessionCookie)(idToken);
+        if (!sessionResult.success) {
+          throw new Error("Failed to create session");
+        }
+        const storedRedirectUrl = sessionStorage.getItem("auth_return_url");
+        sessionStorage.removeItem("auth_redirect_url");
+        onSuccess == null ? void 0 : onSuccess();
+        window.location.href = storedRedirectUrl || (0, import_construct.getValidRedirectUrl)(redirectUrl, searchParams);
+        return true;
+      }
+      setCheckingRedirect(false);
+    } catch (err) {
+      console.error("Redirect result error:", err);
+      const errorMessage = err instanceof Error ? err.message : "Authentication failed";
+      setError(errorMessage);
+      onError == null ? void 0 : onError(err instanceof Error ? err : new Error(errorMessage));
+      sessionStorage.removeItem("auth_redirect_url");
+      return false;
+    }
+  }, [isRedirectSignIn, redirectUrl, searchParams, onSuccess, onError]);
+  (0, import_react.useEffect)(() => {
+    if (isRedirectSignIn) {
+      handleRedirectResult();
+    }
+    ;
+  }, [handleRedirectResult, isRedirectSignIn]);
   const handleSubmit = async (e) => {
     e.preventDefault();
     setLoading(true);
     try {
       const user = await (0, import_actions.signInWithEmail)(email, password);
       if (user.success) {
-        router.push("/");
+        onSuccess == null ? void 0 : onSuccess();
+        window.location.href = (0, import_construct.getValidRedirectUrl)(redirectUrl, searchParams);
       }
     } catch (err) {
       const errorMessage = err instanceof Error ? err.message : "Failed to sign in";
@@ -54,76 +112,128 @@ function SignIn({
       setLoading(false);
     }
   };
-  return /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: `${import_create_styles.styles.container} ${customStyles.container || ""}`, style, children: [
-    /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: `${import_create_styles.styles.header} ${customStyles.header || ""}`, children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("h2", { className: `${import_create_styles.styles.title} ${customStyles.title || ""}`, children: "Sign in to your account" }) }),
-    /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: `${import_create_styles.styles.formWrapper} ${customStyles.formWrapper || ""}`, children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: `${import_create_styles.styles.formContainer} ${customStyles.formContainer || ""}`, children: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(
-      "form",
-      {
-        onSubmit: handleSubmit,
-        className: `${import_create_styles.styles.form} ${customStyles.form || ""} ${className}`,
-        role: "form",
-        "aria-label": "Sign in form",
-        children: [
-          error && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
-            "div",
-            {
-              className: `${import_create_styles.styles.error} ${customStyles.errorText || ""}`,
-              role: "alert",
-              "aria-live": "polite",
-              children: error
-            }
-          ),
-          /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { children: [
-            /* @__PURE__ */ (0, import_jsx_runtime.jsx)("label", { htmlFor: "email", className: `${import_create_styles.styles.label} ${customStyles.label || ""}`, children: "Email" }),
+  const handleSocialSignIn = async (provider) => {
+    setLoading(true);
+    try {
+      const validRedirectUrl = (0, import_construct.getValidRedirectUrl)(redirectUrl, searchParams);
+      sessionStorage.setItem("auth_redirect_url", validRedirectUrl);
+      const currentUrl = new URL(window.location.href);
+      currentUrl.searchParams.set("signInRedirect", "true");
+      window.history.replaceState({}, "", currentUrl.toString());
+      const result = provider === "google" ? await (0, import_actions.signInWithRedirectGoogle)() : await (0, import_actions.signInWithMicrosoft)();
+      if (!result.success) {
+        throw new Error(result.error);
+      }
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : `Failed to sign in with ${provider}`;
+      setError(errorMessage);
+      onError == null ? void 0 : onError(err instanceof Error ? err : new Error(`Failed to sign in with ${provider}`));
+      setLoading(false);
+      sessionStorage.removeItem("auth_redirect_url");
+    }
+  };
+  if (checkingRedirect && isRedirectSignIn) {
+    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "flex min-h-screen items-center justify-center", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "text-center space-y-4", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "animate-spin rounded-full h-12 w-12 border-b-2 border-primary mx-auto" }) }) });
+  }
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "relative flex items-center justify-center", children: [
+    /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_background.AuthBackground, {}),
+    /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_card.Card, { className: (0, import_utils.cn)("w-full max-w-md mx-auto mt-8", className, customStyles.card), children: [
+      /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_card.CardHeader, { className: "space-y-1 text-center", children: [
+        /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_card.CardTitle, { className: (0, import_utils.cn)("font-bold", customStyles.title), children: [
+          "Sign in to ",
+          `${appName}`
+        ] }),
+        /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_card.CardDescription, { className: (0, import_utils.cn)("text-muted-foreground", customStyles.description), children: "Please sign in to continue" })
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_card.CardContent, { className: "space-y-4", children: [
+        /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("form", { onSubmit: handleSubmit, className: "space-y-4", children: [
+          error && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_alert.Alert, { variant: "destructive", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_alert.AlertDescription, { children: error }) }),
+          /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "space-y-2", children: [
+            /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_label.Label, { htmlFor: "email", className: (0, import_utils.cn)(customStyles.label), children: "Email" }),
             /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
-              "input",
+              import_input.Input,
               {
                 id: "email",
-                name: "email",
                 type: "email",
-                placeholder: "Enter your email",
-                required: true,
+                placeholder: "m@example.com",
                 value: email,
                 onChange: (e) => setEmail(e.target.value),
-                className: `${import_create_styles.styles.input} ${customStyles.input || ""}`,
                 disabled: loading,
-                "aria-required": "true",
-                "aria-invalid": !!error
+                className: (0, import_utils.cn)(customStyles.input),
+                required: true
               }
             )
           ] }),
-          /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { children: [
-            /* @__PURE__ */ (0, import_jsx_runtime.jsx)("label", { htmlFor: "password", className: `${import_create_styles.styles.label} ${customStyles.label || ""}`, children: "Password" }),
+          /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "space-y-2", children: [
+            /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_label.Label, { htmlFor: "password", className: (0, import_utils.cn)(customStyles.label), children: "Password" }),
             /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
-              "input",
+              import_input.Input,
               {
                 id: "password",
-                name: "password",
                 type: "password",
-                placeholder: "Enter your password",
-                required: true,
                 value: password,
                 onChange: (e) => setPassword(e.target.value),
-                className: `${import_create_styles.styles.input} ${customStyles.input || ""}`,
                 disabled: loading,
-                "aria-required": "true",
-                "aria-invalid": !!error
+                className: (0, import_utils.cn)(customStyles.input),
+                required: true
               }
             )
           ] }),
-          /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
-            "button",
+          /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_button.Button, { type: "submit", disabled: loading, className: (0, import_utils.cn)("w-full", customStyles.button), children: loading ? /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_jsx_runtime.Fragment, { children: [
+            /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_lucide_react.Loader2, { className: "mr-2 h-4 w-4 animate-spin" }),
+            "Signing in..."
+          ] }) : "Sign in" })
+        ] }),
+        /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "relative", children: [
+          /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_separator.Separator, { className: (0, import_utils.cn)(customStyles.separator) }),
+          /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { className: "absolute inset-0 flex items-center justify-center", children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)("span", { className: "bg-background px-2 text-muted-foreground text-sm", children: "Or continue with" }) })
+        ] }),
+        /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "grid grid-cols-2 gap-4", children: [
+          /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(
+            import_button.Button,
+            {
+              variant: "outline",
+              disabled: loading,
+              onClick: () => handleSocialSignIn("google"),
+              className: (0, import_utils.cn)("flex items-center justify-center", customStyles.socialButton),
+              children: [
+                /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("svg", { className: "w-5 h-5 mr-2", viewBox: "0 0 24 24", xmlns: "http://www.w3.org/2000/svg", children: [
+                  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("path", { d: "M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z", fill: "#4285F4" }),
+                  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("path", { d: "M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z", fill: "#34A853" }),
+                  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("path", { d: "M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z", fill: "#FBBC05" }),
+                  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("path", { d: "M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z", fill: "#EA4335" })
+                ] }),
+                "Google"
+              ]
+            }
+          ),
+          /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(
+            import_button.Button,
             {
-              type: "submit",
+              variant: "outline",
               disabled: loading,
-              className: `${import_create_styles.styles.button} ${customStyles.button || ""}`,
-              "data-testid": "sign-in-submit",
-              children: loading ? "Signing in..." : "Sign in"
+              onClick: () => handleSocialSignIn("microsoft"),
+              className: (0, import_utils.cn)("flex items-center justify-center", customStyles.socialButton),
+              children: [
+                /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("svg", { className: "w-5 h-5 mr-2", viewBox: "0 0 23 23", xmlns: "http://www.w3.org/2000/svg", children: [
+                  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("path", { fill: "#f3f3f3", d: "M0 0h23v23H0z" }),
+                  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("path", { fill: "#f35325", d: "M1 1h10v10H1z" }),
+                  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("path", { fill: "#81bc06", d: "M12 1h10v10H12z" }),
+                  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("path", { fill: "#05a6f0", d: "M1 12h10v10H1z" }),
+                  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("path", { fill: "#ffba08", d: "M12 12h10v10H12z" })
+                ] }),
+                "Microsoft"
+              ]
             }
           )
-        ]
-      }
-    ) }) })
+        ] })
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_card.CardFooter, { className: "flex justify-center", children: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("p", { className: "text-sm text-muted-foreground", children: [
+        "Don't have an account?",
+        " ",
+        /* @__PURE__ */ (0, import_jsx_runtime.jsx)("a", { href: "#", className: "text-primary hover:underline", children: "Sign up" })
+      ] }) })
+    ] })
   ] });
 }
 // Annotate the CommonJS export names for ESM import in node: