@tern-secure/nextjs 4.0.0 → 4.2.0

package/dist/esm/app-router/client/actions.js

@@ -1,6 +1,14 @@
 import { TernSecureAuth } from "../../utils/client-init";
-import { signInWithEmailAndPassword, signInWithRedirect, getRedirectResult, GoogleAuthProvider, OAuthProvider, createUserWithEmailAndPassword, sendEmailVerification } from "firebase/auth";
-import { ERRORS } from "../../errors";
+import {
+  signInWithEmailAndPassword,
+  signInWithRedirect,
+  getRedirectResult,
+  GoogleAuthProvider,
+  OAuthProvider,
+  createUserWithEmailAndPassword,
+  sendEmailVerification
+} from "firebase/auth";
+import { handleFirebaseAuthError } from "../../errors";
 async function createUser(email, password) {
   const auth = TernSecureAuth();
   try {
@@ -10,27 +18,19 @@ async function createUser(email, password) {
     };
     const userCredential = await createUserWithEmailAndPassword(auth, email, password);
     await sendEmailVerification(userCredential.user, actionCodeSettings);
-    return { success: true, message: "Account created successfully.", user: userCredential.user };
+    return {
+      success: true,
+      message: "Account created successfully. Please check your email for verification",
+      user: userCredential.user
+    };
   } catch (error) {
-    if (error instanceof Error) {
-      switch (error.message) {
-        case "auth/too-many-requests":
-          throw new Error("Too many attempts. Please try again later.");
-        case "auth/network-request-failed":
-          throw new Error("Network disconnected. Please try again later.");
-        case "auth/email-already-in-use":
-          throw new Error("Email is already registered.");
-        case "auth/invalid-email":
-          throw new Error("Invalid email address.");
-        case "auth/operation-not-allowed":
-          throw new Error("Email/password accounts are not enabled.");
-        case "auth/weak-password":
-          throw new Error("Password is too weak.");
-        default:
-          throw new Error(error.message);
-      }
-    }
-    throw new Error("Failed to create account");
+    const authError = handleFirebaseAuthError(error);
+    return {
+      success: false,
+      message: authError.message,
+      error: authError.code,
+      user: null
+    };
   }
 }
 async function signInWithEmail(email, password) {
@@ -41,12 +41,17 @@ async function signInWithEmail(email, password) {
     return {
       success: true,
       message: "Authentication successful",
-      user: UserCredential.user,
-      error: !user.emailVerified ? ERRORS.REQUIRES_VERIFICATION : void 0
+      user,
+      error: !user.emailVerified ? "REQUIRES_VERIFICATION" : "AUTHENTICATED"
     };
   } catch (error) {
-    const errorMessage = error instanceof Error ? error.message : "Failed to sign in";
-    throw new Error(errorMessage);
+    const authError = handleFirebaseAuthError(error);
+    return {
+      success: false,
+      message: authError.message,
+      error: authError.code,
+      user: null
+    };
   }
 }
 async function signInWithRedirectGoogle() {
@@ -60,8 +65,13 @@ async function signInWithRedirectGoogle() {
     await signInWithRedirect(auth, provider);
     return { success: true, message: "Redirect initiated" };
   } catch (error) {
-    console.error("Error during Google sign-in:", error);
-    return { success: false, error: "Failed to sign in with Google" };
+    const authError = handleFirebaseAuthError(error);
+    return {
+      success: false,
+      message: authError.message,
+      error: authError.code,
+      user: null
+    };
   }
 }
 async function signInWithMicrosoft() {
@@ -74,8 +84,13 @@ async function signInWithMicrosoft() {
     await signInWithRedirect(auth, provider);
     return { success: true, message: "Redirect initiated" };
   } catch (error) {
-    console.error("Error during Google sign-in:", error);
-    return { success: false, error: "Failed to sign in with Google" };
+    const authError = handleFirebaseAuthError(error);
+    return {
+      success: false,
+      message: authError.message,
+      error: authError.code,
+      user: null
+    };
   }
 }
 async function handleAuthRedirectResult() {
@@ -89,8 +104,13 @@ async function handleAuthRedirectResult() {
       return { success: false, error: "No redirect result" };
     }
   } catch (error) {
-    console.error("Error handling auth redirect result:", error);
-    return { success: false, error: error.message || "Failed to handle auth redirect", code: error.code };
+    const authError = handleFirebaseAuthError(error);
+    return {
+      success: false,
+      message: authError.message,
+      error: authError.code,
+      user: null
+    };
   }
 }
 async function resendEmailVerification() {
@@ -119,25 +139,13 @@ async function resendEmailVerification() {
       isVerified: false
     };
   } catch (error) {
-    if (error instanceof Error) {
-      switch (error.message) {
-        case "auth/too-many-requests":
-          throw new Error("Too many attempts. Please try again later.");
-        case "auth/network-request-failed":
-          throw new Error("Network disconnected. Please try again later.");
-        case "auth/email-already-in-use":
-          throw new Error("Email is already registered.");
-        case "auth/invalid-email":
-          throw new Error("Invalid email address.");
-        case "auth/operation-not-allowed":
-          throw new Error("Email/password accounts are not enabled.");
-        case "auth/weak-password":
-          throw new Error("Password is too weak.");
-        default:
-          throw new Error(error.message);
-      }
-    }
-    throw new Error("Failed to resend verification email.");
+    const authError = handleFirebaseAuthError(error);
+    return {
+      success: false,
+      message: authError.message,
+      error: authError.code,
+      user: null
+    };
   }
 }
 export {

package/dist/esm/app-router/client/actions.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/app-router/client/actions.ts"],"sourcesContent":["import { TernSecureAuth } from '../../utils/client-init'\nimport { signInWithEmailAndPassword, signInWithRedirect, getRedirectResult, GoogleAuthProvider, OAuthProvider, createUserWithEmailAndPassword, sendEmailVerification } from 'firebase/auth'\nimport { ERRORS } from '../../errors'\n\nexport interface SignInResponse {\n  success: boolean;\n  message?: string;\n  error?: typeof ERRORS[keyof typeof ERRORS];\n  user?: any;\n}\n\nexport async function createUser(email: string, password: string) {\n  const auth = TernSecureAuth()\n  try {\n    \n    const actionCodeSettings = {\n      url: `${window.location.origin}/sign-in`,\n      handleCodeInApp: true\n    };\n\n    const userCredential = await createUserWithEmailAndPassword(auth, email, password);\n\n    await sendEmailVerification(userCredential.user, actionCodeSettings)\n    \n    return { success: true, message: 'Account created successfully.', user: userCredential.user };\n\n  } catch (error) {\n    // Handle specific Firebase auth errors\n    if (error instanceof Error) {\n      switch (error.message) {\n        case 'auth/too-many-requests':\n          throw new Error('Too many attempts. Please try again later.');\n        case 'auth/network-request-failed':\n            throw new Error('Network disconnected. Please try again later.');\n        case 'auth/email-already-in-use':\n          throw new Error('Email is already registered.');\n        case 'auth/invalid-email':\n          throw new Error('Invalid email address.');\n        case 'auth/operation-not-allowed':\n          throw new Error('Email/password accounts are not enabled.');\n        case 'auth/weak-password':\n          throw new Error('Password is too weak.');\n        default:\n          throw new Error(error.message);\n      }\n    }\n    throw new Error('Failed to create account');\n  }\n}\n\n\nexport async function signInWithEmail(email: string, password: string): Promise<SignInResponse> {\n  const auth = TernSecureAuth()\n  try {\n  const UserCredential = await signInWithEmailAndPassword(auth, email, password)\n  const user = UserCredential.user\n  return { \n      success: true, \n      message: 'Authentication successful',\n      user: UserCredential.user,\n      error: !user.emailVerified ? ERRORS.REQUIRES_VERIFICATION : undefined\n    };\n  \n} catch (error){\n  const errorMessage = error instanceof Error ? error.message : 'Failed to sign in';\n  throw new Error(errorMessage);\n}\n} \n\nexport async function signInWithRedirectGoogle() {\n  const auth = TernSecureAuth()\n  const provider = new GoogleAuthProvider()\n  provider.setCustomParameters({\n    login_hint: 'user@example.com',\n    prompt: 'select_account'\n  })\n\n  try {\n    await signInWithRedirect(auth, provider)\n    return { success: true, message: 'Redirect initiated' }\n  } catch (error) {\n    console.error('Error during Google sign-in:', error)\n    return { success: false, error: 'Failed to sign in with Google' }\n  }\n}\n\n\nexport async function signInWithMicrosoft() {\n  const auth = TernSecureAuth()\n  const provider = new OAuthProvider('microsoft.com')\n  provider.setCustomParameters({\n    prompt: 'consent'\n  })\n\n  try {\n    await signInWithRedirect(auth, provider)\n    return { success: true, message: 'Redirect initiated' }\n  } catch (error) {\n    console.error('Error during Google sign-in:', error)\n    return { success: false, error: 'Failed to sign in with Google' }\n  }\n}\n\n\nexport async function handleAuthRedirectResult() {\n  const auth = TernSecureAuth()\n  try {\n    const result = await getRedirectResult(auth)\n    if (result) {\n      const user = result.user\n      return { success: true, user }\n    } else {\n      return { success: false, error: 'No redirect result' }\n    }\n  } catch (error: any) {\n    console.error('Error handling auth redirect result:', error)\n    return { success: false, error: error.message || 'Failed to handle auth redirect', code: error.code }\n  }\n}\n\n\nexport async function resendEmailVerification() {\n  const auth = TernSecureAuth()\n  try {\n    const user = auth.currentUser;\n    if (!user) {\n      throw new Error('No user found. Please try signing up again.');\n    }\n\n    await user.reload();\n\n    if (user.emailVerified) {\n      return { \n        success: true, \n        message: 'Email is already verified. You can sign in.',\n        isVerified: true \n      };\n    }\n\n    const actionCodeSettings = {\n      url: `${window.location.origin}/sign-in`,\n      handleCodeInApp: true,\n    };\n\n    await sendEmailVerification(user, actionCodeSettings);\n    return { \n      success: true, \n      message: 'Verification email sent successfully.',\n      isVerified: false\n     };\n    } catch (error) {\n      if (error instanceof Error) {\n        switch (error.message) {\n          case 'auth/too-many-requests':\n            throw new Error('Too many attempts. Please try again later.');\n          case 'auth/network-request-failed':\n              throw new Error('Network disconnected. Please try again later.');\n          case 'auth/email-already-in-use':\n            throw new Error('Email is already registered.');\n          case 'auth/invalid-email':\n            throw new Error('Invalid email address.');\n          case 'auth/operation-not-allowed':\n            throw new Error('Email/password accounts are not enabled.');\n          case 'auth/weak-password':\n            throw new Error('Password is too weak.');\n          default:\n            throw new Error(error.message);\n        }\n      }\n      throw new Error('Failed to resend verification email.');\n    }\n}"],"mappings":"AAAA,SAAS,sBAAsB;AAC/B,SAAS,4BAA4B,oBAAoB,mBAAmB,oBAAoB,eAAe,gCAAgC,6BAA6B;AAC5K,SAAS,cAAc;AASvB,eAAsB,WAAW,OAAe,UAAkB;AAChE,QAAM,OAAO,eAAe;AAC5B,MAAI;AAEF,UAAM,qBAAqB;AAAA,MACzB,KAAK,GAAG,OAAO,SAAS,MAAM;AAAA,MAC9B,iBAAiB;AAAA,IACnB;AAEA,UAAM,iBAAiB,MAAM,+BAA+B,MAAM,OAAO,QAAQ;AAEjF,UAAM,sBAAsB,eAAe,MAAM,kBAAkB;AAEnE,WAAO,EAAE,SAAS,MAAM,SAAS,iCAAiC,MAAM,eAAe,KAAK;AAAA,EAE9F,SAAS,OAAO;AAEd,QAAI,iBAAiB,OAAO;AAC1B,cAAQ,MAAM,SAAS;AAAA,QACrB,KAAK;AACH,gBAAM,IAAI,MAAM,4CAA4C;AAAA,QAC9D,KAAK;AACD,gBAAM,IAAI,MAAM,+CAA+C;AAAA,QACnE,KAAK;AACH,gBAAM,IAAI,MAAM,8BAA8B;AAAA,QAChD,KAAK;AACH,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C,KAAK;AACH,gBAAM,IAAI,MAAM,0CAA0C;AAAA,QAC5D,KAAK;AACH,gBAAM,IAAI,MAAM,uBAAuB;AAAA,QACzC;AACE,gBAAM,IAAI,MAAM,MAAM,OAAO;AAAA,MACjC;AAAA,IACF;AACA,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC5C;AACF;AAGA,eAAsB,gBAAgB,OAAe,UAA2C;AAC9F,QAAM,OAAO,eAAe;AAC5B,MAAI;AACJ,UAAM,iBAAiB,MAAM,2BAA2B,MAAM,OAAO,QAAQ;AAC7E,UAAM,OAAO,eAAe;AAC5B,WAAO;AAAA,MACH,SAAS;AAAA,MACT,SAAS;AAAA,MACT,MAAM,eAAe;AAAA,MACrB,OAAO,CAAC,KAAK,gBAAgB,OAAO,wBAAwB;AAAA,IAC9D;AAAA,EAEJ,SAAS,OAAM;AACb,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU;AAC9D,UAAM,IAAI,MAAM,YAAY;AAAA,EAC9B;AACA;AAEA,eAAsB,2BAA2B;AAC/C,QAAM,OAAO,eAAe;AAC5B,QAAM,WAAW,IAAI,mBAAmB;AACxC,WAAS,oBAAoB;AAAA,IAC3B,YAAY;AAAA,IACZ,QAAQ;AAAA,EACV,CAAC;AAED,MAAI;AACF,UAAM,mBAAmB,MAAM,QAAQ;AACvC,WAAO,EAAE,SAAS,MAAM,SAAS,qBAAqB;AAAA,EACxD,SAAS,OAAO;AACd,YAAQ,MAAM,gCAAgC,KAAK;AACnD,WAAO,EAAE,SAAS,OAAO,OAAO,gCAAgC;AAAA,EAClE;AACF;AAGA,eAAsB,sBAAsB;AAC1C,QAAM,OAAO,eAAe;AAC5B,QAAM,WAAW,IAAI,cAAc,eAAe;AAClD,WAAS,oBAAoB;AAAA,IAC3B,QAAQ;AAAA,EACV,CAAC;AAED,MAAI;AACF,UAAM,mBAAmB,MAAM,QAAQ;AACvC,WAAO,EAAE,SAAS,MAAM,SAAS,qBAAqB;AAAA,EACxD,SAAS,OAAO;AACd,YAAQ,MAAM,gCAAgC,KAAK;AACnD,WAAO,EAAE,SAAS,OAAO,OAAO,gCAAgC;AAAA,EAClE;AACF;AAGA,eAAsB,2BAA2B;AAC/C,QAAM,OAAO,eAAe;AAC5B,MAAI;AACF,UAAM,SAAS,MAAM,kBAAkB,IAAI;AAC3C,QAAI,QAAQ;AACV,YAAM,OAAO,OAAO;AACpB,aAAO,EAAE,SAAS,MAAM,KAAK;AAAA,IAC/B,OAAO;AACL,aAAO,EAAE,SAAS,OAAO,OAAO,qBAAqB;AAAA,IACvD;AAAA,EACF,SAAS,OAAY;AACnB,YAAQ,MAAM,wCAAwC,KAAK;AAC3D,WAAO,EAAE,SAAS,OAAO,OAAO,MAAM,WAAW,kCAAkC,MAAM,MAAM,KAAK;AAAA,EACtG;AACF;AAGA,eAAsB,0BAA0B;AAC9C,QAAM,OAAO,eAAe;AAC5B,MAAI;AACF,UAAM,OAAO,KAAK;AAClB,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,6CAA6C;AAAA,IAC/D;AAEA,UAAM,KAAK,OAAO;AAElB,QAAI,KAAK,eAAe;AACtB,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,YAAY;AAAA,MACd;AAAA,IACF;AAEA,UAAM,qBAAqB;AAAA,MACzB,KAAK,GAAG,OAAO,SAAS,MAAM;AAAA,MAC9B,iBAAiB;AAAA,IACnB;AAEA,UAAM,sBAAsB,MAAM,kBAAkB;AACpD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,YAAY;AAAA,IACb;AAAA,EACD,SAAS,OAAO;AACd,QAAI,iBAAiB,OAAO;AAC1B,cAAQ,MAAM,SAAS;AAAA,QACrB,KAAK;AACH,gBAAM,IAAI,MAAM,4CAA4C;AAAA,QAC9D,KAAK;AACD,gBAAM,IAAI,MAAM,+CAA+C;AAAA,QACnE,KAAK;AACH,gBAAM,IAAI,MAAM,8BAA8B;AAAA,QAChD,KAAK;AACH,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C,KAAK;AACH,gBAAM,IAAI,MAAM,0CAA0C;AAAA,QAC5D,KAAK;AACH,gBAAM,IAAI,MAAM,uBAAuB;AAAA,QACzC;AACE,gBAAM,IAAI,MAAM,MAAM,OAAO;AAAA,MACjC;AAAA,IACF;AACA,UAAM,IAAI,MAAM,sCAAsC;AAAA,EACxD;AACJ;","names":[]}
+{"version":3,"sources":["../../../../src/app-router/client/actions.ts"],"sourcesContent":["import { TernSecureAuth } from '../../utils/client-init'\nimport { \n  signInWithEmailAndPassword, \n  signInWithRedirect, \n  getRedirectResult, \n  GoogleAuthProvider, \n  OAuthProvider, \n  createUserWithEmailAndPassword, \n  sendEmailVerification } from 'firebase/auth'\nimport type { SignInResponse } from '../../types'\nimport { handleFirebaseAuthError } from '../../errors'\n\n\nexport async function createUser(email: string, password: string): Promise<SignInResponse> {\n  const auth = TernSecureAuth()\n  try {\n    \n    const actionCodeSettings = {\n      url: `${window.location.origin}/sign-in`,\n      handleCodeInApp: true\n    };\n\n    const userCredential = await createUserWithEmailAndPassword(auth, email, password);\n\n    await sendEmailVerification(userCredential.user, actionCodeSettings)\n    \n    return { \n      success: true, \n      message: 'Account created successfully. Please check your email for verification', \n      user: userCredential.user \n    };\n\n  } catch (error) {\n    const authError = handleFirebaseAuthError(error)\n    return { \n      success: false, \n      message: authError.message, \n      error: authError.code,\n      user: null\n     }\n  }\n}\n\n\nexport async function signInWithEmail(email: string, password: string): Promise<SignInResponse> {\n  const auth = TernSecureAuth()\n  try {\n  const UserCredential = await signInWithEmailAndPassword(auth, email, password)\n  const user = UserCredential.user\n  \n  return { \n    success: true, \n    message: 'Authentication successful',\n    user: user,\n    error: !user.emailVerified ? 'REQUIRES_VERIFICATION' : 'AUTHENTICATED'\n  };\n\n} catch (error){\n  const authError = handleFirebaseAuthError(error)\n  return { \n    success: false,\n    message: authError.message,\n    error: authError.code,\n    user: null\n  }\n}\n}\n\nexport async function signInWithRedirectGoogle() {\n  const auth = TernSecureAuth()\n  const provider = new GoogleAuthProvider()\n  provider.setCustomParameters({\n    login_hint: 'user@example.com',\n    prompt: 'select_account'\n  })\n\n  try {\n    await signInWithRedirect(auth, provider)\n    return { success: true, message: 'Redirect initiated' }\n  } catch (error) {\n    const authError = handleFirebaseAuthError(error)\n    return {\n      success: false,\n      message: authError.message,\n      error: authError.code,\n      user: null\n    }\n  }\n}\n\n\nexport async function signInWithMicrosoft() {\n  const auth = TernSecureAuth()\n  const provider = new OAuthProvider('microsoft.com')\n  provider.setCustomParameters({\n    prompt: 'consent'\n  })\n\n  try {\n    await signInWithRedirect(auth, provider)\n    return { success: true, message: 'Redirect initiated' }\n  } catch (error) {\n    const authError = handleFirebaseAuthError(error)\n    return {\n      success: false, \n      message: authError.message,\n      error: authError.code,\n      user: null\n    }\n  }\n}\n\n\nexport async function handleAuthRedirectResult() {\n  const auth = TernSecureAuth()\n  try {\n    const result = await getRedirectResult(auth)\n    if (result) {\n      const user = result.user\n      return { success: true, user }\n    } else {\n      return { success: false, error: 'No redirect result' }\n    }\n  } catch (error: any) {\n    const authError = handleFirebaseAuthError(error)\n    return {\n      success: false,\n      message: authError.message,\n      error: authError.code,\n      user: null\n    }\n  }\n}\n\n\nexport async function resendEmailVerification() {\n  const auth = TernSecureAuth()\n  try {\n    const user = auth.currentUser;\n    if (!user) {\n      throw new Error('No user found. Please try signing up again.');\n    }\n\n    await user.reload();\n\n    if (user.emailVerified) {\n      return { \n        success: true, \n        message: 'Email is already verified. You can sign in.',\n        isVerified: true \n      };\n    }\n\n    const actionCodeSettings = {\n      url: `${window.location.origin}/sign-in`,\n      handleCodeInApp: true,\n    };\n\n    await sendEmailVerification(user, actionCodeSettings);\n    return { \n      success: true, \n      message: 'Verification email sent successfully.',\n      isVerified: false\n     };\n    } catch (error) {\n      const authError = handleFirebaseAuthError(error)\n      return {\n        success: false,\n        message: authError.message,\n        error: authError.code,\n        user: null\n      }\n    }\n}"],"mappings":"AAAA,SAAS,sBAAsB;AAC/B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAA6B;AAE/B,SAAS,+BAA+B;AAGxC,eAAsB,WAAW,OAAe,UAA2C;AACzF,QAAM,OAAO,eAAe;AAC5B,MAAI;AAEF,UAAM,qBAAqB;AAAA,MACzB,KAAK,GAAG,OAAO,SAAS,MAAM;AAAA,MAC9B,iBAAiB;AAAA,IACnB;AAEA,UAAM,iBAAiB,MAAM,+BAA+B,MAAM,OAAO,QAAQ;AAEjF,UAAM,sBAAsB,eAAe,MAAM,kBAAkB;AAEnE,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,MAAM,eAAe;AAAA,IACvB;AAAA,EAEF,SAAS,OAAO;AACd,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU;AAAA,MACnB,OAAO,UAAU;AAAA,MACjB,MAAM;AAAA,IACP;AAAA,EACH;AACF;AAGA,eAAsB,gBAAgB,OAAe,UAA2C;AAC9F,QAAM,OAAO,eAAe;AAC5B,MAAI;AACJ,UAAM,iBAAiB,MAAM,2BAA2B,MAAM,OAAO,QAAQ;AAC7E,UAAM,OAAO,eAAe;AAE5B,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT;AAAA,MACA,OAAO,CAAC,KAAK,gBAAgB,0BAA0B;AAAA,IACzD;AAAA,EAEF,SAAS,OAAM;AACb,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU;AAAA,MACnB,OAAO,UAAU;AAAA,MACjB,MAAM;AAAA,IACR;AAAA,EACF;AACA;AAEA,eAAsB,2BAA2B;AAC/C,QAAM,OAAO,eAAe;AAC5B,QAAM,WAAW,IAAI,mBAAmB;AACxC,WAAS,oBAAoB;AAAA,IAC3B,YAAY;AAAA,IACZ,QAAQ;AAAA,EACV,CAAC;AAED,MAAI;AACF,UAAM,mBAAmB,MAAM,QAAQ;AACvC,WAAO,EAAE,SAAS,MAAM,SAAS,qBAAqB;AAAA,EACxD,SAAS,OAAO;AACd,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU;AAAA,MACnB,OAAO,UAAU;AAAA,MACjB,MAAM;AAAA,IACR;AAAA,EACF;AACF;AAGA,eAAsB,sBAAsB;AAC1C,QAAM,OAAO,eAAe;AAC5B,QAAM,WAAW,IAAI,cAAc,eAAe;AAClD,WAAS,oBAAoB;AAAA,IAC3B,QAAQ;AAAA,EACV,CAAC;AAED,MAAI;AACF,UAAM,mBAAmB,MAAM,QAAQ;AACvC,WAAO,EAAE,SAAS,MAAM,SAAS,qBAAqB;AAAA,EACxD,SAAS,OAAO;AACd,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU;AAAA,MACnB,OAAO,UAAU;AAAA,MACjB,MAAM;AAAA,IACR;AAAA,EACF;AACF;AAGA,eAAsB,2BAA2B;AAC/C,QAAM,OAAO,eAAe;AAC5B,MAAI;AACF,UAAM,SAAS,MAAM,kBAAkB,IAAI;AAC3C,QAAI,QAAQ;AACV,YAAM,OAAO,OAAO;AACpB,aAAO,EAAE,SAAS,MAAM,KAAK;AAAA,IAC/B,OAAO;AACL,aAAO,EAAE,SAAS,OAAO,OAAO,qBAAqB;AAAA,IACvD;AAAA,EACF,SAAS,OAAY;AACnB,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU;AAAA,MACnB,OAAO,UAAU;AAAA,MACjB,MAAM;AAAA,IACR;AAAA,EACF;AACF;AAGA,eAAsB,0BAA0B;AAC9C,QAAM,OAAO,eAAe;AAC5B,MAAI;AACF,UAAM,OAAO,KAAK;AAClB,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,6CAA6C;AAAA,IAC/D;AAEA,UAAM,KAAK,OAAO;AAElB,QAAI,KAAK,eAAe;AACtB,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,YAAY;AAAA,MACd;AAAA,IACF;AAEA,UAAM,qBAAqB;AAAA,MACzB,KAAK,GAAG,OAAO,SAAS,MAAM;AAAA,MAC9B,iBAAiB;AAAA,IACnB;AAEA,UAAM,sBAAsB,MAAM,kBAAkB;AACpD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,YAAY;AAAA,IACb;AAAA,EACD,SAAS,OAAO;AACd,UAAM,YAAY,wBAAwB,KAAK;AAC/C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,UAAU;AAAA,MACnB,OAAO,UAAU;AAAA,MACjB,MAAM;AAAA,IACR;AAAA,EACF;AACJ;","names":[]}

package/dist/esm/app-router/route-handler/internal-route.js

@@ -9,6 +9,15 @@ const internalRoutes = {
     component: Verify
   }
 };
+function isInternalRoute(pathname) {
+  return Object.values(internalRoutes).some((route) => route.pattern.test(pathname));
+}
+function isAuthRoute(pathname) {
+  return pathname.startsWith("/sign-in") || pathname.startsWith("/sign-up");
+}
+function isBaseAuthRoute(pathname) {
+  return pathname === "/sign-in" || pathname === "/sign-up";
+}
 function handleInternalRoute(pathname) {
   for (const [key, route] of Object.entries(internalRoutes)) {
     if (route.pattern.test(pathname)) {
@@ -19,6 +28,9 @@ function handleInternalRoute(pathname) {
 }
 export {
   handleInternalRoute,
-  internalRoutes
+  internalRoutes,
+  isAuthRoute,
+  isBaseAuthRoute,
+  isInternalRoute
 };
 //# sourceMappingURL=internal-route.js.map

package/dist/esm/app-router/route-handler/internal-route.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/app-router/route-handler/internal-route.tsx"],"sourcesContent":["import { Verify } from \"../../components/verify\"\n\n// Internal route mapping\nexport const internalRoutes = {\n  signUpVerify: {\n    pattern: /^\\/sign-up\\/verify$/,\n    component: Verify,\n  },\n  signInVerify: {\n    pattern: /^\\/sign-in\\/verify$/,\n    component: Verify,\n  },\n}\n\n// Internal route handler\nexport function handleInternalRoute(pathname: string) {\n  for (const [key, route] of Object.entries(internalRoutes)) {\n    if (route.pattern.test(pathname)) {\n      return route.component\n    }\n  }\n  return null\n}\n\n"],"mappings":"AAAA,SAAS,cAAc;AAGhB,MAAM,iBAAiB;AAAA,EAC5B,cAAc;AAAA,IACZ,SAAS;AAAA,IACT,WAAW;AAAA,EACb;AAAA,EACA,cAAc;AAAA,IACZ,SAAS;AAAA,IACT,WAAW;AAAA,EACb;AACF;AAGO,SAAS,oBAAoB,UAAkB;AACpD,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,cAAc,GAAG;AACzD,QAAI,MAAM,QAAQ,KAAK,QAAQ,GAAG;AAChC,aAAO,MAAM;AAAA,IACf;AAAA,EACF;AACA,SAAO;AACT;","names":[]}
+{"version":3,"sources":["../../../../src/app-router/route-handler/internal-route.tsx"],"sourcesContent":["import { Verify } from \"../../components/verify\"\n\n// Internal route mapping\nexport const internalRoutes = {\n  signUpVerify: {\n    pattern: /^\\/sign-up\\/verify$/,\n    component: Verify,\n  },\n  signInVerify: {\n    pattern: /^\\/sign-in\\/verify$/,\n    component: Verify,\n  },\n}\n\n// Check if path is an internal route\nexport function isInternalRoute(pathname: string): boolean {\n  return Object.values(internalRoutes).some((route) => route.pattern.test(pathname))\n}\n\n// Check if path is within auth routes\nexport function isAuthRoute(pathname: string): boolean {\n  return pathname.startsWith(\"/sign-in\") || pathname.startsWith(\"/sign-up\")\n}\n\n// Check if path is exactly the base auth route\nexport function isBaseAuthRoute(pathname: string): boolean {\n  return pathname === \"/sign-in\" || pathname === \"/sign-up\"\n}\n\n// Internal route handler\nexport function handleInternalRoute(pathname: string) {\n  for (const [key, route] of Object.entries(internalRoutes)) {\n    if (route.pattern.test(pathname)) {\n      return route.component\n    }\n  }\n  return null\n}"],"mappings":"AAAA,SAAS,cAAc;AAGhB,MAAM,iBAAiB;AAAA,EAC5B,cAAc;AAAA,IACZ,SAAS;AAAA,IACT,WAAW;AAAA,EACb;AAAA,EACA,cAAc;AAAA,IACZ,SAAS;AAAA,IACT,WAAW;AAAA,EACb;AACF;AAGO,SAAS,gBAAgB,UAA2B;AACzD,SAAO,OAAO,OAAO,cAAc,EAAE,KAAK,CAAC,UAAU,MAAM,QAAQ,KAAK,QAAQ,CAAC;AACnF;AAGO,SAAS,YAAY,UAA2B;AACrD,SAAO,SAAS,WAAW,UAAU,KAAK,SAAS,WAAW,UAAU;AAC1E;AAGO,SAAS,gBAAgB,UAA2B;AACzD,SAAO,aAAa,cAAc,aAAa;AACjD;AAGO,SAAS,oBAAoB,UAAkB;AACpD,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,cAAc,GAAG;AACzD,QAAI,MAAM,QAAQ,KAAK,QAAQ,GAAG;AAChC,aAAO,MAAM;AAAA,IACf;AAAA,EACF;AACA,SAAO;AACT;","names":[]}

package/dist/esm/app-router/server/auth.js

@@ -1,47 +1,59 @@
 "use server";
-import { cookies } from "next/headers";
-import { verifyTernIdToken, verifyTernSessionCookie } from "./sessionTernSecure";
+import { cookies, headers } from "next/headers";
 async function auth() {
-  var _a, _b, _c;
+  var _a, _b;
   try {
+    const headersList = await headers();
     const cookieStore = await cookies();
-    const sessionCookie = (_a = cookieStore.get("_session_cookie")) == null ? void 0 : _a.value;
-    if (sessionCookie) {
-      const sessionResult = await verifyTernSessionCookie(sessionCookie);
-      if (sessionResult.valid) {
-        return {
-          userId: sessionResult.uid,
-          token: sessionCookie,
-          error: null
-        };
-      }
-    }
-    const idToken = (_b = cookieStore.get("_session_token")) == null ? void 0 : _b.value;
-    if (idToken) {
-      const tokenResult = await verifyTernIdToken(idToken);
-      if (tokenResult.valid) {
-        return {
-          userId: (_c = tokenResult.uid) != null ? _c : null,
-          token: idToken,
-          error: null
-        };
-      }
+    const userId = headersList.get("x-user-id");
+    const authTime = headersList.get("x-auth-time");
+    const emailVerified = headersList.get("x-auth-verified") === "true";
+    if (userId) {
+      const token = ((_a = cookieStore.get("_session_cookie")) == null ? void 0 : _a.value) || ((_b = cookieStore.get("_session_token")) == null ? void 0 : _b.value) || null;
+      return {
+        user: {
+          uid: userId,
+          email: headersList.get("x-user-email") || null,
+          emailVerified,
+          authTime: authTime ? parseInt(authTime) : void 0
+        },
+        token,
+        error: null
+      };
     }
     return {
-      userId: null,
+      user: null,
       token: null,
       error: new Error("No valid session or token found")
     };
   } catch (error) {
-    console.error("Error in auth function:", error);
+    console.error("Error in getAuthResult:", error);
     return {
-      userId: null,
+      user: null,
       token: null,
       error: error instanceof Error ? error : new Error("An unknown error occurred")
     };
   }
 }
+async function isAuthenticated() {
+  const authResult = await auth();
+  return authResult.user !== null;
+}
+async function getUserInfo() {
+  const authResult = await auth();
+  if (!authResult.user) {
+    return null;
+  }
+  return {
+    uid: authResult.user.uid,
+    email: authResult.user.email,
+    emailVerified: authResult.user.emailVerified,
+    authTime: authResult.user.authTime
+  };
+}
 export {
-  auth
+  auth,
+  getUserInfo,
+  isAuthenticated
 };
 //# sourceMappingURL=auth.js.map

package/dist/esm/app-router/server/auth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["'use server'\n\nimport { cookies } from 'next/headers';\nimport {  verifyTernIdToken, verifyTernSessionCookie } from './sessionTernSecure';\n\nexport interface AuthResult {\n  userId: string | null;\n  token: string | null;\n  error: Error | null;\n}\n\nexport async function auth(): Promise<AuthResult> {\n  try {\n    const cookieStore = await cookies();\n    const sessionCookie = cookieStore.get('_session_cookie')?.value;\n    if (sessionCookie) {\n      const sessionResult = await verifyTernSessionCookie(sessionCookie);\n      if (sessionResult.valid) {\n        return {\n          userId: sessionResult.uid,\n          token: sessionCookie,\n          error: null\n        };\n      }\n    }\n\n    // If session cookie is not present or invalid, try the ID token\n    const idToken = cookieStore.get('_session_token')?.value;\n    if (idToken) {\n      const tokenResult = await verifyTernIdToken(idToken);\n      if (tokenResult.valid) {\n        return {\n          userId: tokenResult.uid ?? null,\n          token: idToken,\n          error: null\n        };\n      }\n    }\n\n    /// If both checks fail, return null values\n    return {\n      userId: null,\n      token: null,\n      error: new Error('No valid session or token found')\n    };\n  } catch (error) {\n    console.error('Error in auth function:', error);\n    return {\n      userId: null,\n      token: null,\n      error: error instanceof Error ? error : new Error('An unknown error occurred')\n    };\n  }\n}\n\n"],"mappings":";AAEA,SAAS,eAAe;AACxB,SAAU,mBAAmB,+BAA+B;AAQ5D,eAAsB,OAA4B;AAXlD;AAYE,MAAI;AACF,UAAM,cAAc,MAAM,QAAQ;AAClC,UAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAC1D,QAAI,eAAe;AACjB,YAAM,gBAAgB,MAAM,wBAAwB,aAAa;AACjE,UAAI,cAAc,OAAO;AACvB,eAAO;AAAA,UACL,QAAQ,cAAc;AAAA,UACtB,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,UAAM,WAAU,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AACnD,QAAI,SAAS;AACX,YAAM,cAAc,MAAM,kBAAkB,OAAO;AACnD,UAAI,YAAY,OAAO;AACrB,eAAO;AAAA,UACL,SAAQ,iBAAY,QAAZ,YAAmB;AAAA,UAC3B,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,IAAI,MAAM,iCAAiC;AAAA,IACpD;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAC9C,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,2BAA2B;AAAA,IAC/E;AAAA,EACF;AACF;","names":[]}
+{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["'use server'\nimport { cookies, headers } from \"next/headers\"\nimport type { UserInfo, SessionResult } from \"./edge-session\"\n\n\nexport interface AuthResult {\n  user: UserInfo | null\n  token: string | null\n  error: Error | null\n}\n\n\n  /**\n   * Get the current authenticated user from the session or token\n   */\n  export async function auth(): Promise<AuthResult> {\n    try {\n      const headersList = await headers()\n      const cookieStore = await cookies()\n\n      const userId = headersList.get('x-user-id')\n      const authTime = headersList.get('x-auth-time')\n      const emailVerified = headersList.get('x-auth-verified') === 'true'\n\n      if (userId) {\n        const token = cookieStore.get(\"_session_cookie\")?.value || \n                     cookieStore.get(\"_session_token\")?.value || \n                     null\n  \n        return {\n          user: {\n            uid: userId,\n            email: headersList.get('x-user-email') || null,\n            emailVerified,\n            authTime: authTime ? parseInt(authTime) : undefined\n          },\n          token,\n          error: null\n        }\n      }\n\n      return {\n        user: null,\n        token: null,\n        error: new Error(\"No valid session or token found\"),\n      }\n    } catch (error) {\n      console.error(\"Error in getAuthResult:\", error)\n      return {\n        user: null,\n        token: null,\n        error: error instanceof Error ? error : new Error(\"An unknown error occurred\"),\n      }\n    }\n}\n\n/**\n * Type guard to check if user is authenticated\n */\nexport async function isAuthenticated(): Promise<boolean> {\n  const authResult = await auth()\n  return authResult.user !== null\n}\n\n/**\n * Get user info from auth result\n */\nexport async function getUserInfo(): Promise<UserInfo | null> {\n  const authResult = await auth()\n  if (!authResult.user) {\n    return null\n  }\n\n  return {\n    uid: authResult.user.uid,\n    email: authResult.user.email,\n    emailVerified: authResult.user.emailVerified,\n    authTime: authResult.user.authTime\n  }\n  }\n\n\n"],"mappings":";AACA,SAAS,SAAS,eAAe;AAc/B,eAAsB,OAA4B;AAfpD;AAgBI,MAAI;AACF,UAAM,cAAc,MAAM,QAAQ;AAClC,UAAM,cAAc,MAAM,QAAQ;AAElC,UAAM,SAAS,YAAY,IAAI,WAAW;AAC1C,UAAM,WAAW,YAAY,IAAI,aAAa;AAC9C,UAAM,gBAAgB,YAAY,IAAI,iBAAiB,MAAM;AAE7D,QAAI,QAAQ;AACV,YAAM,UAAQ,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC,YACrC,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC,UACnC;AAEb,aAAO;AAAA,QACL,MAAM;AAAA,UACJ,KAAK;AAAA,UACL,OAAO,YAAY,IAAI,cAAc,KAAK;AAAA,UAC1C;AAAA,UACA,UAAU,WAAW,SAAS,QAAQ,IAAI;AAAA,QAC5C;AAAA,QACA;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,OAAO;AAAA,MACP,OAAO,IAAI,MAAM,iCAAiC;AAAA,IACpD;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAC9C,WAAO;AAAA,MACL,MAAM;AAAA,MACN,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,2BAA2B;AAAA,IAC/E;AAAA,EACF;AACJ;AAKA,eAAsB,kBAAoC;AACxD,QAAM,aAAa,MAAM,KAAK;AAC9B,SAAO,WAAW,SAAS;AAC7B;AAKA,eAAsB,cAAwC;AAC5D,QAAM,aAAa,MAAM,KAAK;AAC9B,MAAI,CAAC,WAAW,MAAM;AACpB,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,KAAK,WAAW,KAAK;AAAA,IACrB,OAAO,WAAW,KAAK;AAAA,IACvB,eAAe,WAAW,KAAK;AAAA,IAC/B,UAAU,WAAW,KAAK;AAAA,EAC5B;AACA;","names":[]}

package/dist/esm/app-router/server/edge-session.js

@@ -0,0 +1,56 @@
+import { cookies } from "next/headers";
+import { verifyFirebaseToken } from "./jwt";
+async function verifySession(request) {
+  var _a, _b, _c, _d, _e, _f;
+  try {
+    const cookieStore = await cookies();
+    const sessionCookie = (_a = cookieStore.get("_session_cookie")) == null ? void 0 : _a.value;
+    if (sessionCookie) {
+      const result = await verifyFirebaseToken(sessionCookie, true);
+      if (result.valid) {
+        return {
+          isAuthenticated: true,
+          user: {
+            uid: (_b = result.uid) != null ? _b : "",
+            email: result.email || null,
+            emailVerified: (_c = result.emailVerified) != null ? _c : false,
+            disabled: false
+          }
+        };
+      }
+      console.log("Session cookie verification failed:", result.error);
+    }
+    const idToken = (_d = cookieStore.get("_session_token")) == null ? void 0 : _d.value;
+    if (idToken) {
+      const result = await verifyFirebaseToken(idToken, false);
+      if (result.valid) {
+        return {
+          isAuthenticated: true,
+          user: {
+            uid: (_e = result.uid) != null ? _e : "",
+            email: result.email || null,
+            emailVerified: (_f = result.emailVerified) != null ? _f : false,
+            disabled: false
+          }
+        };
+      }
+      console.log("ID token verification failed:", result.error);
+    }
+    return {
+      isAuthenticated: false,
+      user: null,
+      error: "No valid session found"
+    };
+  } catch (error) {
+    console.error("Session verification error:", error);
+    return {
+      isAuthenticated: false,
+      user: null,
+      error: error instanceof Error ? error.message : "Session verification failed"
+    };
+  }
+}
+export {
+  verifySession
+};
+//# sourceMappingURL=edge-session.js.map

package/dist/esm/app-router/server/edge-session.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/server/edge-session.ts"],"sourcesContent":["import { cookies } from \"next/headers\"\nimport { verifyFirebaseToken } from \"./jwt\"\nimport type { NextRequest } from \"next/server\"\n\nexport interface UserInfo {\n  uid: string\n  email: string | null\n  emailVerified?: boolean\n  authTime?: number\n  disabled?: boolean\n}\n\n\nexport interface SessionResult {\n  isAuthenticated: boolean\n  user: UserInfo | null\n  error?: string\n}\n\nexport async function verifySession(request: NextRequest): Promise<SessionResult> {\n  try {\n    const cookieStore = await cookies()\n\n    // First try session cookie\n    const sessionCookie = cookieStore.get(\"_session_cookie\")?.value\n    if (sessionCookie) {\n      const result = await verifyFirebaseToken(sessionCookie, true)\n      if (result.valid) {\n        return {\n          isAuthenticated: true,\n          user: {\n            uid: result.uid ?? '',\n            email: result.email || null,\n            emailVerified: result.emailVerified ?? false,\n            disabled: false,\n          },\n        }\n      }\n      console.log(\"Session cookie verification failed:\", result.error)\n    }\n\n    // Then try ID token\n    const idToken = cookieStore.get(\"_session_token\")?.value\n    if (idToken) {\n      const result = await verifyFirebaseToken(idToken, false)\n      if (result.valid) {\n        return {\n          isAuthenticated: true,\n          user: {\n            uid: result.uid ?? '',\n            email: result.email || null,\n            emailVerified: result.emailVerified ?? false,\n            disabled: false,\n          },\n        }\n      }\n      console.log(\"ID token verification failed:\", result.error)\n    }\n\n    return {\n      isAuthenticated: false,\n      user: null,\n      error: \"No valid session found\",\n    }\n  } catch (error) {\n    console.error(\"Session verification error:\", error)\n    return {\n      isAuthenticated: false,\n      user: null,\n      error: error instanceof Error ? error.message : \"Session verification failed\",\n    }\n  }\n}"],"mappings":"AAAA,SAAS,eAAe;AACxB,SAAS,2BAA2B;AAkBpC,eAAsB,cAAc,SAA8C;AAnBlF;AAoBE,MAAI;AACF,UAAM,cAAc,MAAM,QAAQ;AAGlC,UAAM,iBAAgB,iBAAY,IAAI,iBAAiB,MAAjC,mBAAoC;AAC1D,QAAI,eAAe;AACjB,YAAM,SAAS,MAAM,oBAAoB,eAAe,IAAI;AAC5D,UAAI,OAAO,OAAO;AAChB,eAAO;AAAA,UACL,iBAAiB;AAAA,UACjB,MAAM;AAAA,YACJ,MAAK,YAAO,QAAP,YAAc;AAAA,YACnB,OAAO,OAAO,SAAS;AAAA,YACvB,gBAAe,YAAO,kBAAP,YAAwB;AAAA,YACvC,UAAU;AAAA,UACZ;AAAA,QACF;AAAA,MACF;AACA,cAAQ,IAAI,uCAAuC,OAAO,KAAK;AAAA,IACjE;AAGA,UAAM,WAAU,iBAAY,IAAI,gBAAgB,MAAhC,mBAAmC;AACnD,QAAI,SAAS;AACX,YAAM,SAAS,MAAM,oBAAoB,SAAS,KAAK;AACvD,UAAI,OAAO,OAAO;AAChB,eAAO;AAAA,UACL,iBAAiB;AAAA,UACjB,MAAM;AAAA,YACJ,MAAK,YAAO,QAAP,YAAc;AAAA,YACnB,OAAO,OAAO,SAAS;AAAA,YACvB,gBAAe,YAAO,kBAAP,YAAwB;AAAA,YACvC,UAAU;AAAA,UACZ;AAAA,QACF;AAAA,MACF;AACA,cAAQ,IAAI,iCAAiC,OAAO,KAAK;AAAA,IAC3D;AAEA,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}

package/dist/esm/app-router/server/index.js

@@ -1,12 +1,14 @@
 import { adminTernSecureAuth, adminTernSecureDb } from "../../utils/admin-init";
-import { ternSecureMiddleware } from "./ternSecureMiddleware";
+import { ternSecureMiddleware, createRouteMatcher } from "./ternSecureMiddleware";
 import { verifyTernSessionCookie, createSessionCookie } from "./sessionTernSecure";
-import { auth } from "./auth";
+import { auth, getUserInfo } from "./auth";
 export {
   adminTernSecureAuth,
   adminTernSecureDb,
   auth,
+  createRouteMatcher,
   createSessionCookie,
+  getUserInfo,
   ternSecureMiddleware,
   verifyTernSessionCookie
 };

package/dist/esm/app-router/server/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/app-router/server/index.ts"],"sourcesContent":["export { adminTernSecureAuth, adminTernSecureDb } from '../../utils/admin-init'\nexport { ternSecureMiddleware } from './ternSecureMiddleware'\nexport { verifyTernSessionCookie, createSessionCookie } from './sessionTernSecure'\nexport { auth } from './auth'"],"mappings":"AAAA,SAAS,qBAAqB,yBAAyB;AACvD,SAAS,4BAA4B;AACrC,SAAS,yBAAyB,2BAA2B;AAC7D,SAAS,YAAY;","names":[]}
+{"version":3,"sources":["../../../../src/app-router/server/index.ts"],"sourcesContent":["export { adminTernSecureAuth, adminTernSecureDb } from '../../utils/admin-init'\nexport { ternSecureMiddleware, createRouteMatcher } from './ternSecureMiddleware'\nexport { verifyTernSessionCookie, createSessionCookie } from './sessionTernSecure'\nexport { auth, getUserInfo } from './auth'\nexport type { AuthResult } from './auth'"],"mappings":"AAAA,SAAS,qBAAqB,yBAAyB;AACvD,SAAS,sBAAsB,0BAA0B;AACzD,SAAS,yBAAyB,2BAA2B;AAC7D,SAAS,MAAM,mBAAmB;","names":[]}

package/dist/esm/app-router/server/jwt.js

@@ -0,0 +1,117 @@
+import { jwtVerify, createRemoteJWKSet } from "jose";
+import { cache } from "react";
+const FIREBASE_ID_TOKEN_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
+const FIREBASE_SESSION_CERT_URL = "https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys";
+const getIdTokenJWKS = cache(() => {
+  return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {
+    cacheMaxAge: 36e5,
+    // 1 hour
+    timeoutDuration: 5e3,
+    // 5 seconds
+    cooldownDuration: 3e4
+    // 30 seconds between retries
+  });
+});
+const getSessionJWKS = cache(() => {
+  return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {
+    cacheMaxAge: 36e5,
+    // 1 hour
+    timeoutDuration: 5e3,
+    // 5 seconds
+    cooldownDuration: 3e4
+    // 30 seconds between retries
+  });
+});
+function decodeJwt(token) {
+  try {
+    const [headerB64, payloadB64] = token.split(".");
+    const header = JSON.parse(Buffer.from(headerB64, "base64").toString());
+    const payload = JSON.parse(Buffer.from(payloadB64, "base64").toString());
+    return { header, payload };
+  } catch (error) {
+    console.error("Error decoding JWT:", error);
+    return null;
+  }
+}
+async function verifyFirebaseToken(token, isSessionCookie = false) {
+  try {
+    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID;
+    if (!projectId) {
+      throw new Error("Firebase Project ID is not configured");
+    }
+    const decoded = decodeJwt(token);
+    if (!decoded) {
+      throw new Error("Invalid token format");
+    }
+    console.log("Token details:", {
+      header: decoded.header,
+      type: isSessionCookie ? "session_cookie" : "id_token"
+    });
+    let retries = 3;
+    let lastError = null;
+    while (retries > 0) {
+      try {
+        const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS();
+        const { payload } = await jwtVerify(token, JWKS, {
+          issuer: isSessionCookie ? "https://session.firebase.google.com/" + projectId : "https://securetoken.google.com/" + projectId,
+          audience: projectId,
+          algorithms: ["RS256"]
+        });
+        const firebasePayload = payload;
+        const now = Math.floor(Date.now() / 1e3);
+        if (firebasePayload.exp <= now) {
+          throw new Error("Token has expired");
+        }
+        if (firebasePayload.iat > now) {
+          throw new Error("Token issued time is in the future");
+        }
+        if (!firebasePayload.sub) {
+          throw new Error("Token subject is empty");
+        }
+        if (firebasePayload.auth_time > now) {
+          throw new Error("Token auth time is in the future");
+        }
+        return {
+          valid: true,
+          uid: firebasePayload.sub,
+          email: firebasePayload.email,
+          emailVerified: firebasePayload.email_verified,
+          authTime: firebasePayload.auth_time,
+          issuedAt: firebasePayload.iat,
+          expiresAt: firebasePayload.exp
+        };
+      } catch (error) {
+        lastError = error;
+        if (error instanceof Error && error.name === "JWKSNoMatchingKey") {
+          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message);
+          retries--;
+          if (retries > 0) {
+            await new Promise((resolve) => setTimeout(resolve, 1e3));
+            continue;
+          }
+        }
+        throw error;
+      }
+    }
+    throw lastError || new Error("Failed to verify token after retries");
+  } catch (error) {
+    console.error("Token verification details:", {
+      error: error instanceof Error ? {
+        name: error.name,
+        message: error.message,
+        stack: error.stack
+      } : error,
+      decoded: decodeJwt(token),
+      //projectId,
+      isSessionCookie
+    });
+    return {
+      valid: false,
+      error: error instanceof Error ? error.message : "Invalid token"
+    };
+  }
+}
+export {
+  verifyFirebaseToken
+};
+//# sourceMappingURL=jwt.js.map

package/dist/esm/app-router/server/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/server/jwt.ts"],"sourcesContent":["import { jwtVerify, createRemoteJWKSet } from \"jose\"\nimport { cache } from \"react\"\n\ninterface FirebaseIdTokenPayload {\n  iss: string\n  aud: string\n  auth_time: number\n  user_id: string\n  sub: string\n  iat: number\n  exp: number\n  email?: string\n  email_verified?: boolean\n  firebase: {\n    identities: {\n      [key: string]: any\n    }\n    sign_in_provider: string\n  }\n}\n\n// Firebase public key endpoints\nconst FIREBASE_ID_TOKEN_URL = \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\"\nconst FIREBASE_SESSION_CERT_URL = \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\"\n\n// Cache the JWKS using React cache\nconst getIdTokenJWKS = cache(() => {\n  return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\n    cacheMaxAge: 3600000, // 1 hour\n    timeoutDuration: 5000, // 5 seconds\n    cooldownDuration: 30000, // 30 seconds between retries\n  })\n})\n\nconst getSessionJWKS = cache(() => {\n  return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\n    cacheMaxAge: 3600000, // 1 hour\n    timeoutDuration: 5000, // 5 seconds\n    cooldownDuration: 30000, // 30 seconds between retries\n  })\n})\n\n// Helper to decode JWT without verification\nfunction decodeJwt(token: string) {\n  try {\n    const [headerB64, payloadB64] = token.split(\".\")\n    const header = JSON.parse(Buffer.from(headerB64, \"base64\").toString())\n    const payload = JSON.parse(Buffer.from(payloadB64, \"base64\").toString())\n    return { header, payload }\n  } catch (error) {\n    console.error(\"Error decoding JWT:\", error)\n    return null\n  }\n}\n\nexport async function verifyFirebaseToken(token: string, isSessionCookie = false) {\n  try {\n    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID\n    if (!projectId) {\n      throw new Error(\"Firebase Project ID is not configured\")\n    }\n\n    // Decode token for debugging and type checking\n    const decoded = decodeJwt(token)\n    if (!decoded) {\n      throw new Error(\"Invalid token format\")\n    }\n\n    console.log(\"Token details:\", {\n      header: decoded.header,\n      type: isSessionCookie ? \"session_cookie\" : \"id_token\",\n    })\n\n    let retries = 3\n    let lastError: Error | null = null\n\n    while (retries > 0) {\n      try {\n        // Use different JWKS based on token type\n        const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS()\n\n        const { payload } = await jwtVerify(token, JWKS, {\n          issuer: isSessionCookie\n            ? \"https://session.firebase.google.com/\" + projectId\n            : \"https://securetoken.google.com/\" + projectId,\n          audience: projectId,\n          algorithms: [\"RS256\"],\n        })\n\n        const firebasePayload = payload as unknown as FirebaseIdTokenPayload\n        const now = Math.floor(Date.now() / 1000)\n\n        // Verify token claims\n        if (firebasePayload.exp <= now) {\n          throw new Error(\"Token has expired\")\n        }\n\n        if (firebasePayload.iat > now) {\n          throw new Error(\"Token issued time is in the future\")\n        }\n\n        if (!firebasePayload.sub) {\n          throw new Error(\"Token subject is empty\")\n        }\n\n        if (firebasePayload.auth_time > now) {\n          throw new Error(\"Token auth time is in the future\")\n        }\n\n        return {\n          valid: true,\n          uid: firebasePayload.sub,\n          email: firebasePayload.email,\n          emailVerified: firebasePayload.email_verified,\n          authTime: firebasePayload.auth_time,\n          issuedAt: firebasePayload.iat,\n          expiresAt: firebasePayload.exp,\n        }\n      } catch (error) {\n        lastError = error as Error\n        if (error instanceof Error && error.name === \"JWKSNoMatchingKey\") {\n          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message)\n          retries--\n          if (retries > 0) {\n            await new Promise((resolve) => setTimeout(resolve, 1000))\n            continue\n          }\n        }\n        throw error\n      }\n    }\n\n    throw lastError || new Error(\"Failed to verify token after retries\")\n  } catch (error) {\n    console.error(\"Token verification details:\", {\n      error:\n        error instanceof Error\n          ? {\n              name: error.name,\n              message: error.message,\n              stack: error.stack,\n            }\n          : error,\n      decoded: decodeJwt(token),\n      //projectId,\n      isSessionCookie,\n    })\n\n    return {\n      valid: false,\n      error: error instanceof Error ? error.message : \"Invalid token\",\n    }\n  }\n}\n\n"],"mappings":"AAAA,SAAS,WAAW,0BAA0B;AAC9C,SAAS,aAAa;AAqBtB,MAAM,wBAAwB;AAC9B,MAAM,4BAA4B;AAGlC,MAAM,iBAAiB,MAAM,MAAM;AACjC,SAAO,mBAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,IACxD,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAED,MAAM,iBAAiB,MAAM,MAAM;AACjC,SAAO,mBAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,IAC5D,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAGD,SAAS,UAAU,OAAe;AAChC,MAAI;AACF,UAAM,CAAC,WAAW,UAAU,IAAI,MAAM,MAAM,GAAG;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO,KAAK,WAAW,QAAQ,EAAE,SAAS,CAAC;AACrE,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,CAAC;AACvE,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B,SAAS,OAAO;AACd,YAAQ,MAAM,uBAAuB,KAAK;AAC1C,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,oBAAoB,OAAe,kBAAkB,OAAO;AAChF,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAGA,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,YAAQ,IAAI,kBAAkB;AAAA,MAC5B,QAAQ,QAAQ;AAAA,MAChB,MAAM,kBAAkB,mBAAmB;AAAA,IAC7C,CAAC;AAED,QAAI,UAAU;AACd,QAAI,YAA0B;AAE9B,WAAO,UAAU,GAAG;AAClB,UAAI;AAEF,cAAM,OAAO,kBAAkB,MAAM,eAAe,IAAI,MAAM,eAAe;AAE7E,cAAM,EAAE,QAAQ,IAAI,MAAM,UAAU,OAAO,MAAM;AAAA,UAC/C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,UACxC,UAAU;AAAA,UACV,YAAY,CAAC,OAAO;AAAA,QACtB,CAAC;AAED,cAAM,kBAAkB;AACxB,cAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAGxC,YAAI,gBAAgB,OAAO,KAAK;AAC9B,gBAAM,IAAI,MAAM,mBAAmB;AAAA,QACrC;AAEA,YAAI,gBAAgB,MAAM,KAAK;AAC7B,gBAAM,IAAI,MAAM,oCAAoC;AAAA,QACtD;AAEA,YAAI,CAAC,gBAAgB,KAAK;AACxB,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C;AAEA,YAAI,gBAAgB,YAAY,KAAK;AACnC,gBAAM,IAAI,MAAM,kCAAkC;AAAA,QACpD;AAEA,eAAO;AAAA,UACL,OAAO;AAAA,UACP,KAAK,gBAAgB;AAAA,UACrB,OAAO,gBAAgB;AAAA,UACvB,eAAe,gBAAgB;AAAA,UAC/B,UAAU,gBAAgB;AAAA,UAC1B,UAAU,gBAAgB;AAAA,UAC1B,WAAW,gBAAgB;AAAA,QAC7B;AAAA,MACF,SAAS,OAAO;AACd,oBAAY;AACZ,YAAI,iBAAiB,SAAS,MAAM,SAAS,qBAAqB;AAChE,kBAAQ,KAAK,sBAAsB,IAAI,OAAO,KAAK,MAAM,OAAO;AAChE;AACA,cAAI,UAAU,GAAG;AACf,kBAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,GAAI,CAAC;AACxD;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,sCAAsC;AAAA,EACrE,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,SAAS,UAAU,KAAK;AAAA;AAAA,MAExB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}

package/dist/esm/app-router/server/sessionTernSecure.js

@@ -54,15 +54,20 @@ async function getIdToken() {
   }
 }
 async function setServerSession(token) {
-  const cookieStore = await cookies();
-  cookieStore.set("_session", token, {
-    httpOnly: true,
-    secure: process.env.NODE_ENV === "production",
-    sameSite: "strict",
-    maxAge: 60 * 60,
-    // 1 hour
-    path: "/"
-  });
+  try {
+    const cookieStore = await cookies();
+    cookieStore.set("_session_token", token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "strict",
+      maxAge: 60 * 60,
+      // 1 hour
+      path: "/"
+    });
+    return { success: true, message: "Session created" };
+  } catch {
+    return { success: false, message: "Failed to create session" };
+  }
 }
 async function verifyTernIdToken(token) {
   try {