@tern-secure/nextjs 4.2.11 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -33
- package/dist/cjs/app-router/admin/index.js +5 -8
- package/dist/cjs/app-router/admin/index.js.map +1 -1
- package/dist/cjs/app-router/admin/sessionTernSecure.js +3 -6
- package/dist/cjs/app-router/admin/sessionTernSecure.js.map +1 -1
- package/dist/cjs/app-router/client/TernSecureProvider.js +10 -18
- package/dist/cjs/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/cjs/app-router/client/actions.js +1 -177
- package/dist/cjs/app-router/client/actions.js.map +1 -1
- package/dist/cjs/app-router/route-handler/internal-route.js +4 -35
- package/dist/cjs/app-router/route-handler/internal-route.js.map +1 -1
- package/dist/cjs/boundary/{hooks/useSignUp.js → components.js} +16 -16
- package/dist/cjs/boundary/components.js.map +1 -0
- package/dist/cjs/{lib/utils.js → boundary/hooks.js} +9 -11
- package/dist/cjs/boundary/hooks.js.map +1 -0
- package/dist/cjs/{boundary/TernSecureCtx.js → components/uiComponents.js} +17 -24
- package/dist/cjs/components/uiComponents.js.map +1 -0
- package/dist/cjs/errors.js +1 -0
- package/dist/cjs/errors.js.map +1 -1
- package/dist/cjs/index.js +13 -27
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/server/auth.js +4 -5
- package/dist/cjs/server/auth.js.map +1 -1
- package/dist/cjs/server/crypto.js.map +1 -1
- package/dist/cjs/server/ctx-store.js +1 -2
- package/dist/cjs/server/ctx-store.js.map +1 -1
- package/dist/cjs/server/edge-session.js +6 -7
- package/dist/cjs/server/edge-session.js.map +1 -1
- package/dist/cjs/server/index.js.map +1 -1
- package/dist/cjs/server/jwt-edge.js.map +1 -1
- package/dist/cjs/server/jwt.js.map +1 -1
- package/dist/cjs/server/session-store.js +3 -1
- package/dist/cjs/server/session-store.js.map +1 -1
- package/dist/cjs/server/ternSecureMiddleware.js.map +1 -1
- package/dist/cjs/server/types.js.map +1 -1
- package/dist/cjs/server/utils.js.map +1 -1
- package/dist/cjs/types.js.map +1 -1
- package/dist/cjs/utils/admin-init.js +3 -0
- package/dist/cjs/utils/admin-init.js.map +1 -1
- package/dist/cjs/utils/allNextProviderProps.js +108 -0
- package/dist/cjs/utils/allNextProviderProps.js.map +1 -0
- package/dist/cjs/utils/client-init.js +2 -47
- package/dist/cjs/utils/client-init.js.map +1 -1
- package/dist/cjs/utils/config.js.map +1 -1
- package/dist/cjs/utils/construct.js.map +1 -1
- package/dist/cjs/utils/create-styles.js.map +1 -1
- package/dist/cjs/utils/redirect.js.map +1 -1
- package/dist/cjs/{components/ui/separator.js → utils/tern-ui-script.js} +41 -24
- package/dist/cjs/utils/tern-ui-script.js.map +1 -0
- package/dist/esm/app-router/admin/index.js +6 -4
- package/dist/esm/app-router/admin/index.js.map +1 -1
- package/dist/esm/app-router/admin/sessionTernSecure.js +3 -6
- package/dist/esm/app-router/admin/sessionTernSecure.js.map +1 -1
- package/dist/esm/app-router/client/TernSecureProvider.js +13 -19
- package/dist/esm/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/esm/app-router/client/actions.js +1 -157
- package/dist/esm/app-router/client/actions.js.map +1 -1
- package/dist/esm/app-router/route-handler/internal-route.js +5 -30
- package/dist/esm/app-router/route-handler/internal-route.js.map +1 -1
- package/dist/esm/boundary/components.js +18 -0
- package/dist/esm/boundary/components.js.map +1 -0
- package/dist/esm/boundary/hooks.js +9 -0
- package/dist/esm/boundary/hooks.js.map +1 -0
- package/dist/esm/components/uiComponents.js +21 -0
- package/dist/esm/components/uiComponents.js.map +1 -0
- package/dist/esm/errors.js +1 -0
- package/dist/esm/errors.js.map +1 -1
- package/dist/esm/index.js +15 -16
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/server/auth.js +4 -5
- package/dist/esm/server/auth.js.map +1 -1
- package/dist/esm/server/crypto.js.map +1 -1
- package/dist/esm/server/ctx-store.js +1 -2
- package/dist/esm/server/ctx-store.js.map +1 -1
- package/dist/esm/server/edge-session.js +6 -7
- package/dist/esm/server/edge-session.js.map +1 -1
- package/dist/esm/server/index.js.map +1 -1
- package/dist/esm/server/jwt-edge.js.map +1 -1
- package/dist/esm/server/jwt.js.map +1 -1
- package/dist/esm/server/session-store.js +3 -1
- package/dist/esm/server/session-store.js.map +1 -1
- package/dist/esm/server/ternSecureMiddleware.js.map +1 -1
- package/dist/esm/server/utils.js.map +1 -1
- package/dist/esm/types.js.map +1 -1
- package/dist/esm/utils/admin-init.js +2 -0
- package/dist/esm/utils/admin-init.js.map +1 -1
- package/dist/esm/utils/allNextProviderProps.js +84 -0
- package/dist/esm/utils/allNextProviderProps.js.map +1 -0
- package/dist/esm/utils/client-init.js +2 -21
- package/dist/esm/utils/client-init.js.map +1 -1
- package/dist/esm/utils/config.js.map +1 -1
- package/dist/esm/utils/construct.js.map +1 -1
- package/dist/esm/utils/create-styles.js.map +1 -1
- package/dist/esm/utils/redirect.js.map +1 -1
- package/dist/esm/utils/tern-ui-script.js +42 -0
- package/dist/esm/utils/tern-ui-script.js.map +1 -0
- package/dist/types/app-router/admin/index.d.ts +1 -2
- package/dist/types/app-router/admin/index.d.ts.map +1 -1
- package/dist/types/app-router/client/TernSecureProvider.d.ts +2 -14
- package/dist/types/app-router/client/TernSecureProvider.d.ts.map +1 -1
- package/dist/types/app-router/client/actions.d.ts +1 -54
- package/dist/types/app-router/client/actions.d.ts.map +1 -1
- package/dist/types/app-router/route-handler/internal-route.d.ts +1 -15
- package/dist/types/app-router/route-handler/internal-route.d.ts.map +1 -1
- package/dist/types/boundary/components.d.ts +2 -0
- package/dist/types/boundary/components.d.ts.map +1 -0
- package/dist/types/boundary/hooks.d.ts +2 -0
- package/dist/types/boundary/hooks.d.ts.map +1 -0
- package/dist/types/components/uiComponents.d.ts +6 -0
- package/dist/types/components/uiComponents.d.ts.map +1 -0
- package/dist/types/errors.d.ts +1 -1
- package/dist/types/errors.d.ts.map +1 -1
- package/dist/types/index.d.ts +3 -9
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/server/ternSecureMiddleware.d.ts.map +1 -1
- package/dist/types/types.d.ts +6 -13
- package/dist/types/types.d.ts.map +1 -1
- package/dist/types/utils/admin-init.d.ts +2 -1
- package/dist/types/utils/admin-init.d.ts.map +1 -1
- package/dist/types/utils/allNextProviderProps.d.ts +6 -0
- package/dist/types/utils/allNextProviderProps.d.ts.map +1 -0
- package/dist/types/utils/client-init.d.ts +1 -4
- package/dist/types/utils/client-init.d.ts.map +1 -1
- package/dist/types/utils/config.d.ts +1 -1
- package/dist/types/utils/config.d.ts.map +1 -1
- package/dist/types/utils/construct.d.ts.map +1 -1
- package/dist/types/utils/tern-ui-script.d.ts +8 -0
- package/dist/types/utils/tern-ui-script.d.ts.map +1 -0
- package/package.json +41 -52
- package/dist/cjs/boundary/TernSecureClientProvider.js +0 -240
- package/dist/cjs/boundary/TernSecureClientProvider.js.map +0 -1
- package/dist/cjs/boundary/TernSecureCtx.js.map +0 -1
- package/dist/cjs/boundary/hooks/useAuth.js +0 -63
- package/dist/cjs/boundary/hooks/useAuth.js.map +0 -1
- package/dist/cjs/boundary/hooks/useSignUp.js.map +0 -1
- package/dist/cjs/components/background.js +0 -65
- package/dist/cjs/components/background.js.map +0 -1
- package/dist/cjs/components/sign-in.js +0 -368
- package/dist/cjs/components/sign-in.js.map +0 -1
- package/dist/cjs/components/sign-out-button.js +0 -84
- package/dist/cjs/components/sign-out-button.js.map +0 -1
- package/dist/cjs/components/sign-out.js +0 -99
- package/dist/cjs/components/sign-out.js.map +0 -1
- package/dist/cjs/components/sign-up.js +0 -332
- package/dist/cjs/components/sign-up.js.map +0 -1
- package/dist/cjs/components/ui/alert.js +0 -88
- package/dist/cjs/components/ui/alert.js.map +0 -1
- package/dist/cjs/components/ui/button.js +0 -84
- package/dist/cjs/components/ui/button.js.map +0 -1
- package/dist/cjs/components/ui/card.js +0 -101
- package/dist/cjs/components/ui/card.js.map +0 -1
- package/dist/cjs/components/ui/input.js +0 -58
- package/dist/cjs/components/ui/input.js.map +0 -1
- package/dist/cjs/components/ui/label.js +0 -55
- package/dist/cjs/components/ui/label.js.map +0 -1
- package/dist/cjs/components/ui/separator.js.map +0 -1
- package/dist/cjs/components/verify.js +0 -195
- package/dist/cjs/components/verify.js.map +0 -1
- package/dist/cjs/lib/utils.d.js +0 -17
- package/dist/cjs/lib/utils.d.js.map +0 -1
- package/dist/cjs/lib/utils.js.map +0 -1
- package/dist/esm/boundary/TernSecureClientProvider.js +0 -216
- package/dist/esm/boundary/TernSecureClientProvider.js.map +0 -1
- package/dist/esm/boundary/TernSecureCtx.js +0 -23
- package/dist/esm/boundary/TernSecureCtx.js.map +0 -1
- package/dist/esm/boundary/hooks/useAuth.js +0 -39
- package/dist/esm/boundary/hooks/useAuth.js.map +0 -1
- package/dist/esm/boundary/hooks/useSignUp.js +0 -16
- package/dist/esm/boundary/hooks/useSignUp.js.map +0 -1
- package/dist/esm/components/background.js +0 -41
- package/dist/esm/components/background.js.map +0 -1
- package/dist/esm/components/sign-in.js +0 -344
- package/dist/esm/components/sign-in.js.map +0 -1
- package/dist/esm/components/sign-out-button.js +0 -60
- package/dist/esm/components/sign-out-button.js.map +0 -1
- package/dist/esm/components/sign-out.js +0 -65
- package/dist/esm/components/sign-out.js.map +0 -1
- package/dist/esm/components/sign-up.js +0 -298
- package/dist/esm/components/sign-up.js.map +0 -1
- package/dist/esm/components/ui/alert.js +0 -52
- package/dist/esm/components/ui/alert.js.map +0 -1
- package/dist/esm/components/ui/button.js +0 -49
- package/dist/esm/components/ui/button.js.map +0 -1
- package/dist/esm/components/ui/card.js +0 -62
- package/dist/esm/components/ui/card.js.map +0 -1
- package/dist/esm/components/ui/input.js +0 -24
- package/dist/esm/components/ui/input.js.map +0 -1
- package/dist/esm/components/ui/label.js +0 -21
- package/dist/esm/components/ui/label.js.map +0 -1
- package/dist/esm/components/ui/separator.js +0 -25
- package/dist/esm/components/ui/separator.js.map +0 -1
- package/dist/esm/components/verify.js +0 -161
- package/dist/esm/components/verify.js.map +0 -1
- package/dist/esm/lib/utils.d.js +0 -1
- package/dist/esm/lib/utils.d.js.map +0 -1
- package/dist/esm/lib/utils.js +0 -9
- package/dist/esm/lib/utils.js.map +0 -1
- package/dist/types/boundary/TernSecureClientProvider.d.ts +0 -27
- package/dist/types/boundary/TernSecureClientProvider.d.ts.map +0 -1
- package/dist/types/boundary/TernSecureCtx.d.ts +0 -11
- package/dist/types/boundary/TernSecureCtx.d.ts.map +0 -1
- package/dist/types/boundary/hooks/useAuth.d.ts +0 -15
- package/dist/types/boundary/hooks/useAuth.d.ts.map +0 -1
- package/dist/types/boundary/hooks/useSignUp.d.ts +0 -5
- package/dist/types/boundary/hooks/useSignUp.d.ts.map +0 -1
- package/dist/types/components/background.d.ts +0 -2
- package/dist/types/components/background.d.ts.map +0 -1
- package/dist/types/components/sign-in.d.ts +0 -18
- package/dist/types/components/sign-in.d.ts.map +0 -1
- package/dist/types/components/sign-out-button.d.ts +0 -14
- package/dist/types/components/sign-out-button.d.ts.map +0 -1
- package/dist/types/components/sign-out.d.ts +0 -12
- package/dist/types/components/sign-out.d.ts.map +0 -1
- package/dist/types/components/sign-up.d.ts +0 -11
- package/dist/types/components/sign-up.d.ts.map +0 -1
- package/dist/types/components/ui/alert.d.ts +0 -9
- package/dist/types/components/ui/alert.d.ts.map +0 -1
- package/dist/types/components/ui/button.d.ts +0 -12
- package/dist/types/components/ui/button.d.ts.map +0 -1
- package/dist/types/components/ui/card.d.ts +0 -9
- package/dist/types/components/ui/card.d.ts.map +0 -1
- package/dist/types/components/ui/input.d.ts +0 -4
- package/dist/types/components/ui/input.d.ts.map +0 -1
- package/dist/types/components/ui/label.d.ts +0 -6
- package/dist/types/components/ui/label.d.ts.map +0 -1
- package/dist/types/components/ui/separator.d.ts +0 -5
- package/dist/types/components/ui/separator.d.ts.map +0 -1
- package/dist/types/components/verify.d.ts +0 -2
- package/dist/types/components/verify.d.ts.map +0 -1
- package/dist/types/lib/utils.d.ts +0 -3
- package/dist/types/lib/utils.d.ts.map +0 -1
- package/server/package.json +0 -5
package/dist/cjs/errors.js
CHANGED
|
@@ -63,6 +63,7 @@ const ERROR_PATTERNS = {
|
|
|
63
63
|
WEAK_PASSWORD: /weak.*password|password.*weak|Firebase:.*Error.*auth\/weak-password/i
|
|
64
64
|
};
|
|
65
65
|
class TernSecureError extends Error {
|
|
66
|
+
code;
|
|
66
67
|
constructor(code, message) {
|
|
67
68
|
super(message || code);
|
|
68
69
|
this.name = "TernSecureError";
|
package/dist/cjs/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/errors.ts"],"sourcesContent":["import { SignInResponse } from \"./types\"\n\nexport type ErrorCode = keyof typeof ERRORS\n\nexport interface AuthErrorResponse {\n success: false\n message: string\n code: ErrorCode\n}\n\nexport const ERRORS = {\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\n AUTHENTICATED: \"AUTHENTICATED\",\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\n UNVERIFIED: \"UNVERIFIED\",\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\n USER_DISABLED: \"USER_DISABLED\",\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\n NETWORK_ERROR: \"NETWORK_ERROR\",\n INVALID_EMAIL: \"INVALID_EMAIL\",\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\n INVALID_TOKEN: \"INVALID_TOKEN\",\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\n} as const\n\n// Firebase Auth Error Code patterns\nconst ERROR_PATTERNS = {\n INVALID_EMAIL: /auth.*invalid.*email|invalid.*email.*auth|Firebase:.*Error.*auth\\/invalid-email/i,\n INVALID_CREDENTIALS:\n /auth.*invalid.*credential|invalid.*password|wrong.*password|Firebase:.*Error.*auth\\/(invalid-credential|wrong-password|user-not-found)/i,\n USER_DISABLED: /user.*disabled|disabled.*user|Firebase:.*Error.*auth\\/user-disabled/i,\n TOO_MANY_ATTEMPTS: /too.*many.*attempts|too.*many.*requests|Firebase:.*Error.*auth\\/too-many-requests/i,\n NETWORK_ERROR: /network.*request.*failed|failed.*network|Firebase:.*Error.*auth\\/network-request-failed/i,\n OPERATION_NOT_ALLOWED: /operation.*not.*allowed|method.*not.*allowed|Firebase:.*Error.*auth\\/operation-not-allowed/i,\n POPUP_BLOCKED: /popup.*blocked|blocked.*popup|Firebase:.*Error.*auth\\/popup-blocked/i,\n EMAIL_EXISTS: /email.*exists|email.*already.*use|Firebase:.*Error.*auth\\/email-already-in-use/i,\n EXPIRED_TOKEN: /token.*expired|expired.*token|Firebase:.*Error.*auth\\/expired-token/i,\n INVALID_TOKEN: /invalid.*token|token.*invalid|Firebase:.*Error.*auth\\/invalid-token/i,\n SESSION_EXPIRED: /session.*expired|expired.*session|Firebase:.*Error.*auth\\/session-expired/i,\n WEAK_PASSWORD: /weak.*password|password.*weak|Firebase:.*Error.*auth\\/weak-password/i,\n} as const\n\nexport class TernSecureError extends Error {\n code: ErrorCode\n\n constructor(code: ErrorCode, message?: string) {\n super(message || code)\n this.name = \"TernSecureError\"\n this.code = code\n }\n}\n\ninterface SerializedFirebaseError {\n name?: string\n code?: string\n message?: string\n stack?: string\n}\n\n/**\n * Determines if an object matches the shape of a Firebase Error\n */\nfunction isFirebaseErrorLike(error: unknown): error is SerializedFirebaseError {\n if (!error || typeof error !== \"object\") return false\n\n const err = error as SerializedFirebaseError\n\n // Check for bundled Firebase error format: \"Firebase: Error (auth/error-code)\"\n if (typeof err.message === \"string\") {\n const bundledErrorMatch = err.message.match(/Firebase:\\s*Error\\s*$$auth\\/([^)]+)$$/)\n if (bundledErrorMatch) {\n // Add the extracted code to the error object\n err.code = `auth/${bundledErrorMatch[1]}`\n return true\n }\n }\n\n return (\n (typeof err.code === \"string\" && err.code.startsWith(\"auth/\")) ||\n (typeof err.name === \"string\" && err.name.includes(\"FirebaseError\"))\n )\n}\n\n/**\n * Extracts the error code from a Firebase-like error object\n */\nfunction extractFirebaseErrorCode(error: SerializedFirebaseError): string {\n // First try to extract from bundled error message format\n if (typeof error.message === \"string\") {\n const bundledErrorMatch = error.message.match(/Firebase:\\s*Error\\s*$$auth\\/([^)]+)$$/)\n if (bundledErrorMatch) {\n return bundledErrorMatch[1]\n }\n }\n\n // Then try the standard code property\n if (error.code) {\n return error.code.replace(\"auth/\", \"\")\n }\n\n // Finally try to extract from error message if it contains an error code\n if (typeof error.message === \"string\") {\n const messageCodeMatch = error.message.match(/auth\\/([a-z-]+)/)\n if (messageCodeMatch) {\n return messageCodeMatch[1]\n }\n }\n\n return \"\"\n}\n\n/**\n * Maps a Firebase error code to our internal error code\n */\nfunction mapFirebaseErrorCode(code: string): ErrorCode {\n // Direct mapping for known error codes\n const directMappings: Record<string, ErrorCode> = {\n \"invalid-email\": \"INVALID_EMAIL\",\n \"user-disabled\": \"USER_DISABLED\",\n \"too-many-requests\": \"TOO_MANY_ATTEMPTS\",\n \"network-request-failed\": \"NETWORK_ERROR\",\n \"operation-not-allowed\": \"OPERATION_NOT_ALLOWED\",\n \"popup-blocked\": \"POPUP_BLOCKED\",\n \"email-already-in-use\": \"EMAIL_EXISTS\",\n \"weak-password\": \"WEAK_PASSWORD\",\n \"invalid-credential\": \"INVALID_CREDENTIALS\",\n \"wrong-password\": \"INVALID_CREDENTIALS\",\n \"user-not-found\": \"INVALID_CREDENTIALS\",\n \"invalid-password\": \"INVALID_CREDENTIALS\",\n \"user-token-expired\": \"EXPIRED_TOKEN\",\n \"invalid-id-token\": \"INVALID_TOKEN\",\n }\n\n return directMappings[code] || \"INTERNAL_ERROR\"\n}\n\n/**\n * Determines error type based on error message pattern matching\n */\nfunction determineErrorTypeFromMessage(message: string): ErrorCode {\n // First check for bundled Firebase error format\n const bundledErrorMatch = message.match(/Firebase:\\s*Error\\s*$$auth\\/([^)]+)$$/)\n if (bundledErrorMatch) {\n const errorCode = bundledErrorMatch[1]\n const mappedCode = mapFirebaseErrorCode(errorCode)\n if (mappedCode) {\n return mappedCode\n }\n }\n\n // Then check standard patterns\n for (const [errorType, pattern] of Object.entries(ERROR_PATTERNS)) {\n if (pattern.test(message)) {\n return errorType as ErrorCode\n }\n }\n\n return \"INTERNAL_ERROR\"\n}\n\n/**\n * Creates a standardized error response\n */\nfunction createErrorResponse(code: ErrorCode, message: string): AuthErrorResponse {\n const defaultMessages: Record<ErrorCode, string> = {\n INVALID_EMAIL: \"Invalid email format\",\n INVALID_CREDENTIALS: \"Invalid email or password\",\n USER_DISABLED: \"This account has been disabled\",\n TOO_MANY_ATTEMPTS: \"Too many attempts. Please try again later\",\n NETWORK_ERROR: \"Network error. Please check your connection\",\n OPERATION_NOT_ALLOWED: \"This login method is not enabled\",\n POPUP_BLOCKED: \"Login popup was blocked. Please enable popups\",\n EMAIL_EXISTS: \"This email is already in use\",\n EXPIRED_TOKEN: \"Your session has expired. Please login again\",\n INVALID_TOKEN: \"Invalid authentication token\",\n SESSION_EXPIRED: \"Your session has expired\",\n WEAK_PASSWORD: \"Password is too weak\",\n EMAIL_NOT_VERIFIED: \"Email verification required\",\n INTERNAL_ERROR: \"An internal error occurred. Please try again\",\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\n REQUIRES_VERIFICATION: \"Email verification required\",\n AUTHENTICATED: \"Already authenticated\",\n UNAUTHENTICATED: \"Authentication required\",\n UNVERIFIED: \"Email verification required\",\n NOT_INITIALIZED: \"TernSecure services are not initialized\",\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\n }\n\n return {\n success: false,\n message: message || defaultMessages[code],\n code,\n }\n}\n\n/**\n * Handles Firebase authentication errors with multiple fallback mechanisms\n */\nexport function handleFirebaseAuthError(error: unknown): AuthErrorResponse {\n // Helper to extract clean error code from bundled format\n function extractErrorInfo(input: unknown): { code: string; message: string } | null {\n // Case 1: String input (direct Firebase error message)\n if (typeof input === 'string') {\n const match = input.match(/Firebase:\\s*Error\\s*\\(auth\\/([^)]+)\\)/);\n if (match) {\n return { code: match[1], message: input };\n }\n }\n\n // Case 2: Error object\n if (input && typeof input === 'object') {\n const err = input as { code?: string; message?: string };\n \n // Check for bundled message format first\n if (err.message) {\n const match = err.message.match(/Firebase:\\s*Error\\s*\\(auth\\/([^)]+)\\)/);\n if (match) {\n return { code: match[1], message: err.message };\n }\n }\n\n // Check for direct code\n if (err.code) {\n return {\n code: err.code.replace('auth/', ''),\n message: err.message || ''\n };\n }\n }\n\n return null;\n }\n\n // Map error codes to user-friendly messages\n const ERROR_MESSAGES: Record<string, { message: string; code: ErrorCode }> = {\n 'invalid-email': { message: 'Invalid email format', code: 'INVALID_EMAIL' },\n 'invalid-credential': { message: 'Invalid email or password', code: 'INVALID_CREDENTIALS' },\n 'invalid-login-credentials': { message: 'Invalid email or password', code: 'INVALID_CREDENTIALS' },\n 'wrong-password': { message: 'Invalid email or password', code: 'INVALID_CREDENTIALS' },\n 'user-not-found': { message: 'Invalid email or password', code: 'INVALID_CREDENTIALS' },\n 'user-disabled': { message: 'This account has been disabled', code: 'USER_DISABLED' },\n 'too-many-requests': { message: 'Too many attempts. Please try again later', code: 'TOO_MANY_ATTEMPTS' },\n 'network-request-failed': { message: 'Network error. Please check your connection', code: 'NETWORK_ERROR' },\n 'email-already-in-use': { message: 'This email is already in use', code: 'EMAIL_EXISTS' },\n 'weak-password': { message: 'Password is too weak', code: 'WEAK_PASSWORD' },\n 'operation-not-allowed': { message: 'This login method is not enabled', code: 'OPERATION_NOT_ALLOWED' },\n 'popup-blocked': { message: 'Login popup was blocked. Please enable popups', code: 'POPUP_BLOCKED' },\n 'expired-action-code': { message: 'Your session has expired. Please login again', code: 'EXPIRED_TOKEN' },\n 'user-token-expired': { message: 'Your session has expired. Please login again', code: 'EXPIRED_TOKEN' }\n };\n\n try {\n // Extract error information\n const errorInfo = extractErrorInfo(error);\n \n if (errorInfo) {\n const mappedError = ERROR_MESSAGES[errorInfo.code];\n if (mappedError) {\n return {\n success: false,\n message: mappedError.message,\n code: mappedError.code\n };\n }\n }\n\n // If we couldn't extract or map the error, try one last time with string conversion\n const errorString = String(error);\n const lastMatch = errorString.match(/Firebase:\\s*Error\\s*\\(auth\\/([^)]+)\\)/);\n if (lastMatch && ERROR_MESSAGES[lastMatch[1]]) {\n return {\n success: false,\n ...ERROR_MESSAGES[lastMatch[1]]\n };\n }\n\n } catch (e) {\n // Silent catch - we'll return the default error\n }\n\n // Default fallback\n return {\n success: false,\n message: 'An unexpected error occurred. Please try again later',\n code: 'INTERNAL_ERROR'\n };\n}\n\n/**\n * Type guard to check if a response is an AuthErrorResponse\n */\nexport function isAuthErrorResponse(response: unknown): response is AuthErrorResponse {\n return (\n typeof response === \"object\" &&\n response !== null &&\n \"success\" in response &&\n (response as { success: boolean }).success === false &&\n \"code\" in response &&\n \"message\" in response\n )\n}\n\n\n\nexport function getErrorAlertVariant(error: SignInResponse | undefined) {\n if (!error) return \"destructive\"\n\n switch (error.error) {\n case \"AUTHENTICATED\":\n return \"default\"\n case \"EMAIL_EXISTS\":\n case \"UNAUTHENTICATED\":\n case \"UNVERIFIED\":\n case \"REQUIRES_VERIFICATION\":\n case \"INVALID_EMAIL\":\n case \"INVALID_TOKEN\":\n case \"INTERNAL_ERROR\":\n case \"USER_DISABLED\":\n case \"TOO_MANY_ATTEMPTS\":\n case \"NETWORK_ERROR\":\n case \"SESSION_EXPIRED\":\n case \"EXPIRED_TOKEN\":\n case \"INVALID_CREDENTIALS\":\n default:\n return \"destructive\"\n }\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAUO,MAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAClB;AAGA,MAAM,iBAAiB;AAAA,EACrB,eAAe;AAAA,EACf,qBACE;AAAA,EACF,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,eAAe;AACjB;AAEO,MAAM,wBAAwB,MAAM;AAAA,EAGzC,YAAY,MAAiB,SAAkB;AAC7C,UAAM,WAAW,IAAI;AACrB,SAAK,OAAO;AACZ,SAAK,OAAO;AAAA,EACd;AACF;AAYA,SAAS,oBAAoB,OAAkD;AAC7E,MAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAEhD,QAAM,MAAM;AAGZ,MAAI,OAAO,IAAI,YAAY,UAAU;AACnC,UAAM,oBAAoB,IAAI,QAAQ,MAAM,uCAAuC;AACnF,QAAI,mBAAmB;AAErB,UAAI,OAAO,QAAQ,kBAAkB,CAAC,CAAC;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SACG,OAAO,IAAI,SAAS,YAAY,IAAI,KAAK,WAAW,OAAO,KAC3D,OAAO,IAAI,SAAS,YAAY,IAAI,KAAK,SAAS,eAAe;AAEtE;AAKA,SAAS,yBAAyB,OAAwC;AAExE,MAAI,OAAO,MAAM,YAAY,UAAU;AACrC,UAAM,oBAAoB,MAAM,QAAQ,MAAM,uCAAuC;AACrF,QAAI,mBAAmB;AACrB,aAAO,kBAAkB,CAAC;AAAA,IAC5B;AAAA,EACF;AAGA,MAAI,MAAM,MAAM;AACd,WAAO,MAAM,KAAK,QAAQ,SAAS,EAAE;AAAA,EACvC;AAGA,MAAI,OAAO,MAAM,YAAY,UAAU;AACrC,UAAM,mBAAmB,MAAM,QAAQ,MAAM,iBAAiB;AAC9D,QAAI,kBAAkB;AACpB,aAAO,iBAAiB,CAAC;AAAA,IAC3B;AAAA,EACF;AAEA,SAAO;AACT;AAKA,SAAS,qBAAqB,MAAyB;AAErD,QAAM,iBAA4C;AAAA,IAChD,iBAAiB;AAAA,IACjB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,0BAA0B;AAAA,IAC1B,yBAAyB;AAAA,IACzB,iBAAiB;AAAA,IACjB,wBAAwB;AAAA,IACxB,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,IACtB,kBAAkB;AAAA,IAClB,kBAAkB;AAAA,IAClB,oBAAoB;AAAA,IACpB,sBAAsB;AAAA,IACtB,oBAAoB;AAAA,EACtB;AAEA,SAAO,eAAe,IAAI,KAAK;AACjC;AAKA,SAAS,8BAA8B,SAA4B;AAEjE,QAAM,oBAAoB,QAAQ,MAAM,uCAAuC;AAC/E,MAAI,mBAAmB;AACrB,UAAM,YAAY,kBAAkB,CAAC;AACrC,UAAM,aAAa,qBAAqB,SAAS;AACjD,QAAI,YAAY;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAGA,aAAW,CAAC,WAAW,OAAO,KAAK,OAAO,QAAQ,cAAc,GAAG;AACjE,QAAI,QAAQ,KAAK,OAAO,GAAG;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAKA,SAAS,oBAAoB,MAAiB,SAAoC;AAChF,QAAM,kBAA6C;AAAA,IACjD,eAAe;AAAA,IACf,qBAAqB;AAAA,IACrB,eAAe;AAAA,IACf,mBAAmB;AAAA,IACnB,eAAe;AAAA,IACf,uBAAuB;AAAA,IACvB,eAAe;AAAA,IACf,cAAc;AAAA,IACd,eAAe;AAAA,IACf,eAAe;AAAA,IACf,iBAAiB;AAAA,IACjB,eAAe;AAAA,IACf,oBAAoB;AAAA,IACpB,gBAAgB;AAAA,IAChB,4BAA4B;AAAA,IAC5B,uBAAuB;AAAA,IACvB,eAAe;AAAA,IACf,iBAAiB;AAAA,IACjB,YAAY;AAAA,IACZ,iBAAiB;AAAA,IACjB,cAAc;AAAA,EAChB;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS,WAAW,gBAAgB,IAAI;AAAA,IACxC;AAAA,EACF;AACF;AAKO,SAAS,wBAAwB,OAAmC;AAEzE,WAAS,iBAAiB,OAA0D;AAElF,QAAI,OAAO,UAAU,UAAU;AAC7B,YAAM,QAAQ,MAAM,MAAM,uCAAuC;AACjE,UAAI,OAAO;AACT,eAAO,EAAE,MAAM,MAAM,CAAC,GAAG,SAAS,MAAM;AAAA,MAC1C;AAAA,IACF;AAGA,QAAI,SAAS,OAAO,UAAU,UAAU;AACtC,YAAM,MAAM;AAGZ,UAAI,IAAI,SAAS;AACf,cAAM,QAAQ,IAAI,QAAQ,MAAM,uCAAuC;AACvE,YAAI,OAAO;AACT,iBAAO,EAAE,MAAM,MAAM,CAAC,GAAG,SAAS,IAAI,QAAQ;AAAA,QAChD;AAAA,MACF;AAGA,UAAI,IAAI,MAAM;AACZ,eAAO;AAAA,UACL,MAAM,IAAI,KAAK,QAAQ,SAAS,EAAE;AAAA,UAClC,SAAS,IAAI,WAAW;AAAA,QAC1B;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAGA,QAAM,iBAAuE;AAAA,IAC3E,iBAAiB,EAAE,SAAS,wBAAwB,MAAM,gBAAgB;AAAA,IAC1E,sBAAsB,EAAE,SAAS,6BAA6B,MAAM,sBAAsB;AAAA,IAC1F,6BAA6B,EAAE,SAAS,6BAA6B,MAAM,sBAAsB;AAAA,IACjG,kBAAkB,EAAE,SAAS,6BAA6B,MAAM,sBAAsB;AAAA,IACtF,kBAAkB,EAAE,SAAS,6BAA6B,MAAM,sBAAsB;AAAA,IACtF,iBAAiB,EAAE,SAAS,kCAAkC,MAAM,gBAAgB;AAAA,IACpF,qBAAqB,EAAE,SAAS,6CAA6C,MAAM,oBAAoB;AAAA,IACvG,0BAA0B,EAAE,SAAS,+CAA+C,MAAM,gBAAgB;AAAA,IAC1G,wBAAwB,EAAE,SAAS,gCAAgC,MAAM,eAAe;AAAA,IACxF,iBAAiB,EAAE,SAAS,wBAAwB,MAAM,gBAAgB;AAAA,IAC1E,yBAAyB,EAAE,SAAS,oCAAoC,MAAM,wBAAwB;AAAA,IACtG,iBAAiB,EAAE,SAAS,iDAAiD,MAAM,gBAAgB;AAAA,IACnG,uBAAuB,EAAE,SAAS,gDAAgD,MAAM,gBAAgB;AAAA,IACxG,sBAAsB,EAAE,SAAS,gDAAgD,MAAM,gBAAgB;AAAA,EACzG;AAEA,MAAI;AAEF,UAAM,YAAY,iBAAiB,KAAK;AAExC,QAAI,WAAW;AACb,YAAM,cAAc,eAAe,UAAU,IAAI;AACjD,UAAI,aAAa;AACf,eAAO;AAAA,UACL,SAAS;AAAA,UACT,SAAS,YAAY;AAAA,UACrB,MAAM,YAAY;AAAA,QACpB;AAAA,MACF;AAAA,IACF;AAGA,UAAM,cAAc,OAAO,KAAK;AAChC,UAAM,YAAY,YAAY,MAAM,uCAAuC;AAC3E,QAAI,aAAa,eAAe,UAAU,CAAC,CAAC,GAAG;AAC7C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,GAAG,eAAe,UAAU,CAAC,CAAC;AAAA,MAChC;AAAA,IACF;AAAA,EAEF,SAAS,GAAG;AAAA,EAEZ;AAGA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT,MAAM;AAAA,EACR;AACF;AAKO,SAAS,oBAAoB,UAAkD;AACpF,SACE,OAAO,aAAa,YACpB,aAAa,QACb,aAAa,YACZ,SAAkC,YAAY,SAC/C,UAAU,YACV,aAAa;AAEjB;AAIO,SAAS,qBAAqB,OAAmC;AACvE,MAAI,CAAC,MAAO,QAAO;AAElB,UAAQ,MAAM,OAAO;AAAA,IACnB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL;AACE,aAAO;AAAA,EACX;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../src/errors.ts"],"sourcesContent":["import { SignInResponse } from \"@tern-secure/types\"\r\n\r\nexport type ErrorCode = keyof typeof ERRORS\r\n\r\nexport interface AuthErrorResponse {\r\n success: false\r\n message: string\r\n code: ErrorCode\r\n}\r\n\r\nexport const ERRORS = {\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"AUTH_REQUIRES_VERIFICATION\",\r\n AUTHENTICATED: \"AUTHENTICATED\",\r\n UNAUTHENTICATED: \"UNAUTHENTICATED\",\r\n UNVERIFIED: \"UNVERIFIED\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized. Call initializeTernSecure() first\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\r\n INVALID_CREDENTIALS: \"INVALID_CREDENTIALS\",\r\n USER_DISABLED: \"USER_DISABLED\",\r\n TOO_MANY_ATTEMPTS: \"TOO_MANY_ATTEMPTS\",\r\n NETWORK_ERROR: \"NETWORK_ERROR\",\r\n INVALID_EMAIL: \"INVALID_EMAIL\",\r\n WEAK_PASSWORD: \"WEAK_PASSWORD\",\r\n EMAIL_EXISTS: \"EMAIL_EXISTS\",\r\n POPUP_BLOCKED: \"POPUP_BLOCKED\",\r\n OPERATION_NOT_ALLOWED: \"OPERATION_NOT_ALLOWED\",\r\n EXPIRED_TOKEN: \"EXPIRED_TOKEN\",\r\n INVALID_TOKEN: \"INVALID_TOKEN\",\r\n SESSION_EXPIRED: \"SESSION_EXPIRED\",\r\n INTERNAL_ERROR: \"INTERNAL_ERROR\",\r\n} as const\r\n\r\n// Firebase Auth Error Code patterns\r\nconst ERROR_PATTERNS = {\r\n INVALID_EMAIL: /auth.*invalid.*email|invalid.*email.*auth|Firebase:.*Error.*auth\\/invalid-email/i,\r\n INVALID_CREDENTIALS:\r\n /auth.*invalid.*credential|invalid.*password|wrong.*password|Firebase:.*Error.*auth\\/(invalid-credential|wrong-password|user-not-found)/i,\r\n USER_DISABLED: /user.*disabled|disabled.*user|Firebase:.*Error.*auth\\/user-disabled/i,\r\n TOO_MANY_ATTEMPTS: /too.*many.*attempts|too.*many.*requests|Firebase:.*Error.*auth\\/too-many-requests/i,\r\n NETWORK_ERROR: /network.*request.*failed|failed.*network|Firebase:.*Error.*auth\\/network-request-failed/i,\r\n OPERATION_NOT_ALLOWED: /operation.*not.*allowed|method.*not.*allowed|Firebase:.*Error.*auth\\/operation-not-allowed/i,\r\n POPUP_BLOCKED: /popup.*blocked|blocked.*popup|Firebase:.*Error.*auth\\/popup-blocked/i,\r\n EMAIL_EXISTS: /email.*exists|email.*already.*use|Firebase:.*Error.*auth\\/email-already-in-use/i,\r\n EXPIRED_TOKEN: /token.*expired|expired.*token|Firebase:.*Error.*auth\\/expired-token/i,\r\n INVALID_TOKEN: /invalid.*token|token.*invalid|Firebase:.*Error.*auth\\/invalid-token/i,\r\n SESSION_EXPIRED: /session.*expired|expired.*session|Firebase:.*Error.*auth\\/session-expired/i,\r\n WEAK_PASSWORD: /weak.*password|password.*weak|Firebase:.*Error.*auth\\/weak-password/i,\r\n} as const\r\n\r\nexport class TernSecureError extends Error {\r\n code: ErrorCode\r\n\r\n constructor(code: ErrorCode, message?: string) {\r\n super(message || code)\r\n this.name = \"TernSecureError\"\r\n this.code = code\r\n }\r\n}\r\n\r\ninterface SerializedFirebaseError {\r\n name?: string\r\n code?: string\r\n message?: string\r\n stack?: string\r\n}\r\n\r\n/**\r\n * Determines if an object matches the shape of a Firebase Error\r\n */\r\nfunction isFirebaseErrorLike(error: unknown): error is SerializedFirebaseError {\r\n if (!error || typeof error !== \"object\") return false\r\n\r\n const err = error as SerializedFirebaseError\r\n\r\n // Check for bundled Firebase error format: \"Firebase: Error (auth/error-code)\"\r\n if (typeof err.message === \"string\") {\r\n const bundledErrorMatch = err.message.match(/Firebase:\\s*Error\\s*$$auth\\/([^)]+)$$/)\r\n if (bundledErrorMatch) {\r\n // Add the extracted code to the error object\r\n err.code = `auth/${bundledErrorMatch[1]}`\r\n return true\r\n }\r\n }\r\n\r\n return (\r\n (typeof err.code === \"string\" && err.code.startsWith(\"auth/\")) ||\r\n (typeof err.name === \"string\" && err.name.includes(\"FirebaseError\"))\r\n )\r\n}\r\n\r\n/**\r\n * Extracts the error code from a Firebase-like error object\r\n */\r\nfunction extractFirebaseErrorCode(error: SerializedFirebaseError): string {\r\n // First try to extract from bundled error message format\r\n if (typeof error.message === \"string\") {\r\n const bundledErrorMatch = error.message.match(/Firebase:\\s*Error\\s*$$auth\\/([^)]+)$$/)\r\n if (bundledErrorMatch) {\r\n return bundledErrorMatch[1]\r\n }\r\n }\r\n\r\n // Then try the standard code property\r\n if (error.code) {\r\n return error.code.replace(\"auth/\", \"\")\r\n }\r\n\r\n // Finally try to extract from error message if it contains an error code\r\n if (typeof error.message === \"string\") {\r\n const messageCodeMatch = error.message.match(/auth\\/([a-z-]+)/)\r\n if (messageCodeMatch) {\r\n return messageCodeMatch[1]\r\n }\r\n }\r\n\r\n return \"\"\r\n}\r\n\r\n/**\r\n * Maps a Firebase error code to our internal error code\r\n */\r\nfunction mapFirebaseErrorCode(code: string): ErrorCode {\r\n // Direct mapping for known error codes\r\n const directMappings: Record<string, ErrorCode> = {\r\n \"invalid-email\": \"INVALID_EMAIL\",\r\n \"user-disabled\": \"USER_DISABLED\",\r\n \"too-many-requests\": \"TOO_MANY_ATTEMPTS\",\r\n \"network-request-failed\": \"NETWORK_ERROR\",\r\n \"operation-not-allowed\": \"OPERATION_NOT_ALLOWED\",\r\n \"popup-blocked\": \"POPUP_BLOCKED\",\r\n \"email-already-in-use\": \"EMAIL_EXISTS\",\r\n \"weak-password\": \"WEAK_PASSWORD\",\r\n \"invalid-credential\": \"INVALID_CREDENTIALS\",\r\n \"wrong-password\": \"INVALID_CREDENTIALS\",\r\n \"user-not-found\": \"INVALID_CREDENTIALS\",\r\n \"invalid-password\": \"INVALID_CREDENTIALS\",\r\n \"user-token-expired\": \"EXPIRED_TOKEN\",\r\n \"invalid-id-token\": \"INVALID_TOKEN\",\r\n }\r\n\r\n return directMappings[code] || \"INTERNAL_ERROR\"\r\n}\r\n\r\n/**\r\n * Determines error type based on error message pattern matching\r\n */\r\nfunction determineErrorTypeFromMessage(message: string): ErrorCode {\r\n // First check for bundled Firebase error format\r\n const bundledErrorMatch = message.match(/Firebase:\\s*Error\\s*$$auth\\/([^)]+)$$/)\r\n if (bundledErrorMatch) {\r\n const errorCode = bundledErrorMatch[1]\r\n const mappedCode = mapFirebaseErrorCode(errorCode)\r\n if (mappedCode) {\r\n return mappedCode\r\n }\r\n }\r\n\r\n // Then check standard patterns\r\n for (const [errorType, pattern] of Object.entries(ERROR_PATTERNS)) {\r\n if (pattern.test(message)) {\r\n return errorType as ErrorCode\r\n }\r\n }\r\n\r\n return \"INTERNAL_ERROR\"\r\n}\r\n\r\n/**\r\n * Creates a standardized error response\r\n */\r\nfunction createErrorResponse(code: ErrorCode, message: string): AuthErrorResponse {\r\n const defaultMessages: Record<ErrorCode, string> = {\r\n INVALID_EMAIL: \"Invalid email format\",\r\n INVALID_CREDENTIALS: \"Invalid email or password\",\r\n USER_DISABLED: \"This account has been disabled\",\r\n TOO_MANY_ATTEMPTS: \"Too many attempts. Please try again later\",\r\n NETWORK_ERROR: \"Network error. Please check your connection\",\r\n OPERATION_NOT_ALLOWED: \"This login method is not enabled\",\r\n POPUP_BLOCKED: \"Login popup was blocked. Please enable popups\",\r\n EMAIL_EXISTS: \"This email is already in use\",\r\n EXPIRED_TOKEN: \"Your session has expired. Please login again\",\r\n INVALID_TOKEN: \"Invalid authentication token\",\r\n SESSION_EXPIRED: \"Your session has expired\",\r\n WEAK_PASSWORD: \"Password is too weak\",\r\n EMAIL_NOT_VERIFIED: \"Email verification required\",\r\n INTERNAL_ERROR: \"An internal error occurred. Please try again\",\r\n SERVER_SIDE_INITIALIZATION: \"TernSecure must be initialized on the client side\",\r\n REQUIRES_VERIFICATION: \"Email verification required\",\r\n AUTHENTICATED: \"Already authenticated\",\r\n UNAUTHENTICATED: \"Authentication required\",\r\n UNVERIFIED: \"Email verification required\",\r\n NOT_INITIALIZED: \"TernSecure services are not initialized\",\r\n HOOK_CONTEXT: \"Hook must be used within TernSecureProvider\",\r\n }\r\n\r\n return {\r\n success: false,\r\n message: message || defaultMessages[code],\r\n code,\r\n }\r\n}\r\n\r\n/**\r\n * Handles Firebase authentication errors with multiple fallback mechanisms\r\n */\r\nexport function handleFirebaseAuthError(error: unknown): AuthErrorResponse {\r\n // Helper to extract clean error code from bundled format\r\n function extractErrorInfo(input: unknown): { code: string; message: string } | null {\r\n // Case 1: String input (direct Firebase error message)\r\n if (typeof input === 'string') {\r\n const match = input.match(/Firebase:\\s*Error\\s*\\(auth\\/([^)]+)\\)/);\r\n if (match) {\r\n return { code: match[1], message: input };\r\n }\r\n }\r\n\r\n // Case 2: Error object\r\n if (input && typeof input === 'object') {\r\n const err = input as { code?: string; message?: string };\r\n \r\n // Check for bundled message format first\r\n if (err.message) {\r\n const match = err.message.match(/Firebase:\\s*Error\\s*\\(auth\\/([^)]+)\\)/);\r\n if (match) {\r\n return { code: match[1], message: err.message };\r\n }\r\n }\r\n\r\n // Check for direct code\r\n if (err.code) {\r\n return {\r\n code: err.code.replace('auth/', ''),\r\n message: err.message || ''\r\n };\r\n }\r\n }\r\n\r\n return null;\r\n }\r\n\r\n // Map error codes to user-friendly messages\r\n const ERROR_MESSAGES: Record<string, { message: string; code: ErrorCode }> = {\r\n 'invalid-email': { message: 'Invalid email format', code: 'INVALID_EMAIL' },\r\n 'invalid-credential': { message: 'Invalid email or password', code: 'INVALID_CREDENTIALS' },\r\n 'invalid-login-credentials': { message: 'Invalid email or password', code: 'INVALID_CREDENTIALS' },\r\n 'wrong-password': { message: 'Invalid email or password', code: 'INVALID_CREDENTIALS' },\r\n 'user-not-found': { message: 'Invalid email or password', code: 'INVALID_CREDENTIALS' },\r\n 'user-disabled': { message: 'This account has been disabled', code: 'USER_DISABLED' },\r\n 'too-many-requests': { message: 'Too many attempts. Please try again later', code: 'TOO_MANY_ATTEMPTS' },\r\n 'network-request-failed': { message: 'Network error. Please check your connection', code: 'NETWORK_ERROR' },\r\n 'email-already-in-use': { message: 'This email is already in use', code: 'EMAIL_EXISTS' },\r\n 'weak-password': { message: 'Password is too weak', code: 'WEAK_PASSWORD' },\r\n 'operation-not-allowed': { message: 'This login method is not enabled', code: 'OPERATION_NOT_ALLOWED' },\r\n 'popup-blocked': { message: 'Login popup was blocked. Please enable popups', code: 'POPUP_BLOCKED' },\r\n 'expired-action-code': { message: 'Your session has expired. Please login again', code: 'EXPIRED_TOKEN' },\r\n 'user-token-expired': { message: 'Your session has expired. Please login again', code: 'EXPIRED_TOKEN' }\r\n };\r\n\r\n try {\r\n // Extract error information\r\n const errorInfo = extractErrorInfo(error);\r\n \r\n if (errorInfo) {\r\n const mappedError = ERROR_MESSAGES[errorInfo.code];\r\n if (mappedError) {\r\n return {\r\n success: false,\r\n message: mappedError.message,\r\n code: mappedError.code\r\n };\r\n }\r\n }\r\n\r\n // If we couldn't extract or map the error, try one last time with string conversion\r\n const errorString = String(error);\r\n const lastMatch = errorString.match(/Firebase:\\s*Error\\s*\\(auth\\/([^)]+)\\)/);\r\n if (lastMatch && ERROR_MESSAGES[lastMatch[1]]) {\r\n return {\r\n success: false,\r\n ...ERROR_MESSAGES[lastMatch[1]]\r\n };\r\n }\r\n\r\n } catch (e) {\r\n // Silent catch - we'll return the default error\r\n }\r\n\r\n // Default fallback\r\n return {\r\n success: false,\r\n message: 'An unexpected error occurred. Please try again later',\r\n code: 'INTERNAL_ERROR'\r\n };\r\n}\r\n\r\n/**\r\n * Type guard to check if a response is an AuthErrorResponse\r\n */\r\nexport function isAuthErrorResponse(response: unknown): response is AuthErrorResponse {\r\n return (\r\n typeof response === \"object\" &&\r\n response !== null &&\r\n \"success\" in response &&\r\n (response as { success: boolean }).success === false &&\r\n \"code\" in response &&\r\n \"message\" in response\r\n )\r\n}\r\n\r\n\r\n\r\nexport function getErrorAlertVariant(error: SignInResponse | undefined) {\r\n if (!error) return \"destructive\"\r\n\r\n switch (error.error) {\r\n case \"AUTHENTICATED\":\r\n return \"default\"\r\n case \"EMAIL_EXISTS\":\r\n case \"UNAUTHENTICATED\":\r\n case \"UNVERIFIED\":\r\n case \"REQUIRES_VERIFICATION\":\r\n case \"INVALID_EMAIL\":\r\n case \"INVALID_TOKEN\":\r\n case \"INTERNAL_ERROR\":\r\n case \"USER_DISABLED\":\r\n case \"TOO_MANY_ATTEMPTS\":\r\n case \"NETWORK_ERROR\":\r\n case \"SESSION_EXPIRED\":\r\n case \"EXPIRED_TOKEN\":\r\n case \"INVALID_CREDENTIALS\":\r\n default:\r\n return \"destructive\"\r\n }\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAUO,MAAM,SAAS;AAAA,EACpB,4BAA4B;AAAA,EAC5B,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc;AAAA,EACd,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,gBAAgB;AAClB;AAGA,MAAM,iBAAiB;AAAA,EACrB,eAAe;AAAA,EACf,qBACE;AAAA,EACF,eAAe;AAAA,EACf,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,eAAe;AAAA,EACf,iBAAiB;AAAA,EACjB,eAAe;AACjB;AAEO,MAAM,wBAAwB,MAAM;AAAA,EACzC;AAAA,EAEA,YAAY,MAAiB,SAAkB;AAC7C,UAAM,WAAW,IAAI;AACrB,SAAK,OAAO;AACZ,SAAK,OAAO;AAAA,EACd;AACF;AAYA,SAAS,oBAAoB,OAAkD;AAC7E,MAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAEhD,QAAM,MAAM;AAGZ,MAAI,OAAO,IAAI,YAAY,UAAU;AACnC,UAAM,oBAAoB,IAAI,QAAQ,MAAM,uCAAuC;AACnF,QAAI,mBAAmB;AAErB,UAAI,OAAO,QAAQ,kBAAkB,CAAC,CAAC;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SACG,OAAO,IAAI,SAAS,YAAY,IAAI,KAAK,WAAW,OAAO,KAC3D,OAAO,IAAI,SAAS,YAAY,IAAI,KAAK,SAAS,eAAe;AAEtE;AAKA,SAAS,yBAAyB,OAAwC;AAExE,MAAI,OAAO,MAAM,YAAY,UAAU;AACrC,UAAM,oBAAoB,MAAM,QAAQ,MAAM,uCAAuC;AACrF,QAAI,mBAAmB;AACrB,aAAO,kBAAkB,CAAC;AAAA,IAC5B;AAAA,EACF;AAGA,MAAI,MAAM,MAAM;AACd,WAAO,MAAM,KAAK,QAAQ,SAAS,EAAE;AAAA,EACvC;AAGA,MAAI,OAAO,MAAM,YAAY,UAAU;AACrC,UAAM,mBAAmB,MAAM,QAAQ,MAAM,iBAAiB;AAC9D,QAAI,kBAAkB;AACpB,aAAO,iBAAiB,CAAC;AAAA,IAC3B;AAAA,EACF;AAEA,SAAO;AACT;AAKA,SAAS,qBAAqB,MAAyB;AAErD,QAAM,iBAA4C;AAAA,IAChD,iBAAiB;AAAA,IACjB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,0BAA0B;AAAA,IAC1B,yBAAyB;AAAA,IACzB,iBAAiB;AAAA,IACjB,wBAAwB;AAAA,IACxB,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,IACtB,kBAAkB;AAAA,IAClB,kBAAkB;AAAA,IAClB,oBAAoB;AAAA,IACpB,sBAAsB;AAAA,IACtB,oBAAoB;AAAA,EACtB;AAEA,SAAO,eAAe,IAAI,KAAK;AACjC;AAKA,SAAS,8BAA8B,SAA4B;AAEjE,QAAM,oBAAoB,QAAQ,MAAM,uCAAuC;AAC/E,MAAI,mBAAmB;AACrB,UAAM,YAAY,kBAAkB,CAAC;AACrC,UAAM,aAAa,qBAAqB,SAAS;AACjD,QAAI,YAAY;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAGA,aAAW,CAAC,WAAW,OAAO,KAAK,OAAO,QAAQ,cAAc,GAAG;AACjE,QAAI,QAAQ,KAAK,OAAO,GAAG;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAKA,SAAS,oBAAoB,MAAiB,SAAoC;AAChF,QAAM,kBAA6C;AAAA,IACjD,eAAe;AAAA,IACf,qBAAqB;AAAA,IACrB,eAAe;AAAA,IACf,mBAAmB;AAAA,IACnB,eAAe;AAAA,IACf,uBAAuB;AAAA,IACvB,eAAe;AAAA,IACf,cAAc;AAAA,IACd,eAAe;AAAA,IACf,eAAe;AAAA,IACf,iBAAiB;AAAA,IACjB,eAAe;AAAA,IACf,oBAAoB;AAAA,IACpB,gBAAgB;AAAA,IAChB,4BAA4B;AAAA,IAC5B,uBAAuB;AAAA,IACvB,eAAe;AAAA,IACf,iBAAiB;AAAA,IACjB,YAAY;AAAA,IACZ,iBAAiB;AAAA,IACjB,cAAc;AAAA,EAChB;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS,WAAW,gBAAgB,IAAI;AAAA,IACxC;AAAA,EACF;AACF;AAKO,SAAS,wBAAwB,OAAmC;AAEzE,WAAS,iBAAiB,OAA0D;AAElF,QAAI,OAAO,UAAU,UAAU;AAC7B,YAAM,QAAQ,MAAM,MAAM,uCAAuC;AACjE,UAAI,OAAO;AACT,eAAO,EAAE,MAAM,MAAM,CAAC,GAAG,SAAS,MAAM;AAAA,MAC1C;AAAA,IACF;AAGA,QAAI,SAAS,OAAO,UAAU,UAAU;AACtC,YAAM,MAAM;AAGZ,UAAI,IAAI,SAAS;AACf,cAAM,QAAQ,IAAI,QAAQ,MAAM,uCAAuC;AACvE,YAAI,OAAO;AACT,iBAAO,EAAE,MAAM,MAAM,CAAC,GAAG,SAAS,IAAI,QAAQ;AAAA,QAChD;AAAA,MACF;AAGA,UAAI,IAAI,MAAM;AACZ,eAAO;AAAA,UACL,MAAM,IAAI,KAAK,QAAQ,SAAS,EAAE;AAAA,UAClC,SAAS,IAAI,WAAW;AAAA,QAC1B;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAGA,QAAM,iBAAuE;AAAA,IAC3E,iBAAiB,EAAE,SAAS,wBAAwB,MAAM,gBAAgB;AAAA,IAC1E,sBAAsB,EAAE,SAAS,6BAA6B,MAAM,sBAAsB;AAAA,IAC1F,6BAA6B,EAAE,SAAS,6BAA6B,MAAM,sBAAsB;AAAA,IACjG,kBAAkB,EAAE,SAAS,6BAA6B,MAAM,sBAAsB;AAAA,IACtF,kBAAkB,EAAE,SAAS,6BAA6B,MAAM,sBAAsB;AAAA,IACtF,iBAAiB,EAAE,SAAS,kCAAkC,MAAM,gBAAgB;AAAA,IACpF,qBAAqB,EAAE,SAAS,6CAA6C,MAAM,oBAAoB;AAAA,IACvG,0BAA0B,EAAE,SAAS,+CAA+C,MAAM,gBAAgB;AAAA,IAC1G,wBAAwB,EAAE,SAAS,gCAAgC,MAAM,eAAe;AAAA,IACxF,iBAAiB,EAAE,SAAS,wBAAwB,MAAM,gBAAgB;AAAA,IAC1E,yBAAyB,EAAE,SAAS,oCAAoC,MAAM,wBAAwB;AAAA,IACtG,iBAAiB,EAAE,SAAS,iDAAiD,MAAM,gBAAgB;AAAA,IACnG,uBAAuB,EAAE,SAAS,gDAAgD,MAAM,gBAAgB;AAAA,IACxG,sBAAsB,EAAE,SAAS,gDAAgD,MAAM,gBAAgB;AAAA,EACzG;AAEA,MAAI;AAEF,UAAM,YAAY,iBAAiB,KAAK;AAExC,QAAI,WAAW;AACb,YAAM,cAAc,eAAe,UAAU,IAAI;AACjD,UAAI,aAAa;AACf,eAAO;AAAA,UACL,SAAS;AAAA,UACT,SAAS,YAAY;AAAA,UACrB,MAAM,YAAY;AAAA,QACpB;AAAA,MACF;AAAA,IACF;AAGA,UAAM,cAAc,OAAO,KAAK;AAChC,UAAM,YAAY,YAAY,MAAM,uCAAuC;AAC3E,QAAI,aAAa,eAAe,UAAU,CAAC,CAAC,GAAG;AAC7C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,GAAG,eAAe,UAAU,CAAC,CAAC;AAAA,MAChC;AAAA,IACF;AAAA,EAEF,SAAS,GAAG;AAAA,EAEZ;AAGA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT,MAAM;AAAA,EACR;AACF;AAKO,SAAS,oBAAoB,UAAkD;AACpF,SACE,OAAO,aAAa,YACpB,aAAa,QACb,aAAa,YACZ,SAAkC,YAAY,SAC/C,UAAU,YACV,aAAa;AAEjB;AAIO,SAAS,qBAAqB,OAAmC;AACvE,MAAI,CAAC,MAAO,QAAO;AAElB,UAAQ,MAAM,OAAO;AAAA,IACnB,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL;AACE,aAAO;AAAA,EACX;AACF;","names":[]}
|
package/dist/cjs/index.js
CHANGED
|
@@ -18,42 +18,28 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
19
|
var index_exports = {};
|
|
20
20
|
__export(index_exports, {
|
|
21
|
-
SignIn: () =>
|
|
22
|
-
|
|
23
|
-
SignOutButton: () => import_sign_out_button.SignOutButton,
|
|
24
|
-
SignUp: () => import_sign_up.SignUp,
|
|
25
|
-
TernSecureAuth: () => import_client_init.TernSecureAuth,
|
|
26
|
-
TernSecureFirestore: () => import_client_init.TernSecureFirestore,
|
|
21
|
+
SignIn: () => import_uiComponents.SignIn,
|
|
22
|
+
SignUp: () => import_uiComponents.SignUp,
|
|
27
23
|
TernSecureProvider: () => import_TernSecureProvider.TernSecureProvider,
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
24
|
+
UserButton: () => import_uiComponents.UserButton,
|
|
25
|
+
useAuth: () => import_components.useAuth,
|
|
26
|
+
useIdToken: () => import_components.useIdToken,
|
|
27
|
+
useSession: () => import_components.useSession,
|
|
28
|
+
useSignUp: () => import_components.useSignUp
|
|
33
29
|
});
|
|
34
30
|
module.exports = __toCommonJS(index_exports);
|
|
35
|
-
var import_client_init = require("./utils/client-init");
|
|
36
|
-
var import_config = require("./utils/config");
|
|
37
|
-
var import_actions = require("./app-router/client/actions");
|
|
38
31
|
var import_TernSecureProvider = require("./app-router/client/TernSecureProvider");
|
|
39
|
-
var
|
|
40
|
-
var
|
|
41
|
-
var import_sign_out_button = require("./components/sign-out-button");
|
|
42
|
-
var import_sign_out = require("./components/sign-out");
|
|
43
|
-
var import_sign_up = require("./components/sign-up");
|
|
32
|
+
var import_components = require("./boundary/components");
|
|
33
|
+
var import_uiComponents = require("./components/uiComponents");
|
|
44
34
|
// Annotate the CommonJS export names for ESM import in node:
|
|
45
35
|
0 && (module.exports = {
|
|
46
36
|
SignIn,
|
|
47
|
-
SignOut,
|
|
48
|
-
SignOutButton,
|
|
49
37
|
SignUp,
|
|
50
|
-
TernSecureAuth,
|
|
51
|
-
TernSecureFirestore,
|
|
52
38
|
TernSecureProvider,
|
|
53
|
-
|
|
54
|
-
signInWithEmail,
|
|
55
|
-
ternSecureAuth,
|
|
39
|
+
UserButton,
|
|
56
40
|
useAuth,
|
|
57
|
-
|
|
41
|
+
useIdToken,
|
|
42
|
+
useSession,
|
|
43
|
+
useSignUp
|
|
58
44
|
});
|
|
59
45
|
//# sourceMappingURL=index.js.map
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["\n//import { TernSecureServerProvider } from './app-router/server/TernSecureServerProvider'\n//import type { TernSecureState } from './app-router/client/TernSecureProvider'\
|
|
1
|
+
{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["\r\n//import { TernSecureServerProvider } from './app-router/server/TernSecureServerProvider'\r\n//import type { TernSecureState } from './app-router/client/TernSecureProvider'\r\n//export { \r\n// TernSecureAuth, \r\n// TernSecureFirestore, \r\n// ternSecureAuth \r\n//} from '@tern-secure/react'\r\n//export { loadFireConfig, validateConfig } from './utils/config'\r\n//export { signInWithEmail } from '@tern-secure/next-backend'\r\n//export { useInternalContext } from './boundary/TernSecureCtx'\r\n//export { TernSecureClientProvider } from './app-router/client/TernSecureProvider'\r\nexport { TernSecureProvider } from './app-router/client/TernSecureProvider'\r\nexport {\r\n useAuth,\r\n useIdToken,\r\n useSignUp,\r\n useSession,\r\n //SignIn,\r\n //SignOut,\r\n //SignOutButton,\r\n //SignUp,\r\n} from './boundary/components'\r\n\r\nexport {\r\n SignIn,\r\n SignUp,\r\n UserButton,\r\n} from './components/uiComponents'\r\n\r\nexport type { TernSecureUser, TernSecureUserData } from '@tern-secure/types'\r\n\r\n//export const TernSecureProvider = TernSecureServerProvider\r\n//export type { TernSecureState }"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYA,gCAAmC;AACnC,wBASO;AAEP,0BAIO;","names":[]}
|
package/dist/cjs/server/auth.js
CHANGED
|
@@ -29,28 +29,27 @@ var import_headers = require("next/headers");
|
|
|
29
29
|
var import_jwt_edge = require("./jwt-edge");
|
|
30
30
|
var import_errors = require("../errors");
|
|
31
31
|
const auth = (0, import_react.cache)(async () => {
|
|
32
|
-
var _a, _b, _c, _d;
|
|
33
32
|
try {
|
|
34
33
|
console.log("auth: Starting auth check...");
|
|
35
34
|
const cookieStore = await (0, import_headers.cookies)();
|
|
36
|
-
const sessionCookie =
|
|
35
|
+
const sessionCookie = cookieStore.get("_session_cookie")?.value;
|
|
37
36
|
if (sessionCookie) {
|
|
38
37
|
const result = await (0, import_jwt_edge.verifyFirebaseToken)(sessionCookie, true);
|
|
39
38
|
if (result.valid) {
|
|
40
39
|
const user = {
|
|
41
|
-
uid:
|
|
40
|
+
uid: result.uid ?? "",
|
|
42
41
|
email: result.email || null,
|
|
43
42
|
authTime: result.authTime
|
|
44
43
|
};
|
|
45
44
|
return { user, error: null };
|
|
46
45
|
}
|
|
47
46
|
}
|
|
48
|
-
const idToken =
|
|
47
|
+
const idToken = cookieStore.get("_session_token")?.value;
|
|
49
48
|
if (idToken) {
|
|
50
49
|
const result = await (0, import_jwt_edge.verifyFirebaseToken)(idToken, false);
|
|
51
50
|
if (result.valid) {
|
|
52
51
|
const user = {
|
|
53
|
-
uid:
|
|
52
|
+
uid: result.uid ?? "",
|
|
54
53
|
email: result.email || null,
|
|
55
54
|
authTime: result.authTime
|
|
56
55
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/auth.ts"],"sourcesContent":["import { cache } from \"react\"\nimport { cookies } from \"next/headers\"\nimport type { User } from \"./types\"\nimport { verifyFirebaseToken } from \"./jwt-edge\"\nimport { TernSecureError } from \"../errors\"\n\n\n\nexport interface AuthResult {\n user: User | null\n error: Error | null\n}\n\n /**\n * Get the current authenticated user from the session or token\n */\nexport const auth = cache(async (): Promise<AuthResult> => {\n try {\n // Get all active sessions for debugging\n console.log(\"auth: Starting auth check...\")\n const cookieStore = await cookies()\n\n // First try session cookie as it's more secure\n const sessionCookie = cookieStore.get(\"_session_cookie\")?.value\n if (sessionCookie) {\n const result = await verifyFirebaseToken(sessionCookie, true)\n if (result.valid) {\n const user: User = {\n uid: result.uid ?? '',\n email: result.email || null,\n authTime: result.authTime\n }\n return { user, error: null }\n }\n }\n\n // Fallback to ID token\n const idToken = cookieStore.get(\"_session_token\")?.value\n if (idToken) {\n const result = await verifyFirebaseToken(idToken, false)\n if (result.valid) {\n const user: User = {\n uid: result.uid ?? '',\n email: result.email || null,\n authTime: result.authTime\n }\n return { user, error: null }\n }\n }\n\n return {\n user: null,\n error: new TernSecureError('UNAUTHENTICATED', 'No valid session found')\n }\n\n } catch (error) {\n console.error(\"Error in Auth:\", error)\n if (error instanceof TernSecureError) {\n return {\n user: null,\n error\n }\n }\n return {\n user: null,\n error: new TernSecureError('INTERNAL_ERROR', 'An unexpected error occurred')\n }\n }\n })\n\n/**\n * Type guard to check if user is authenticated\n */\nexport const isAuthenticated = cache(async (): Promise<boolean> => {\n const { user } = await auth()\n return user !== null\n})\n\n/**\n * Get user info from auth result\n */\nexport const getUser = cache(async (): Promise<User | null> => {\n const { user } = await auth()\n return user\n})\n\n/**\n * Require authentication\n * Throws error if not authenticated\n */\nexport const requireAuth = cache(async (): Promise<User> => {\n const { user, error } = await auth()\n\n if (!user) {\n throw error || new Error(\"Authentication required\")\n }\n\n return user\n})"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAsB;AACtB,qBAAwB;AAExB,sBAAoC;AACpC,oBAAgC;AAYzB,MAAM,WAAO,oBAAM,YAAiC;
|
|
1
|
+
{"version":3,"sources":["../../../src/server/auth.ts"],"sourcesContent":["import { cache } from \"react\"\r\nimport { cookies } from \"next/headers\"\r\nimport type { User } from \"./types\"\r\nimport { verifyFirebaseToken } from \"./jwt-edge\"\r\nimport { TernSecureError } from \"../errors\"\r\n\r\n\r\n\r\nexport interface AuthResult {\r\n user: User | null\r\n error: Error | null\r\n}\r\n\r\n /**\r\n * Get the current authenticated user from the session or token\r\n */\r\nexport const auth = cache(async (): Promise<AuthResult> => {\r\n try {\r\n // Get all active sessions for debugging\r\n console.log(\"auth: Starting auth check...\")\r\n const cookieStore = await cookies()\r\n\r\n // First try session cookie as it's more secure\r\n const sessionCookie = cookieStore.get(\"_session_cookie\")?.value\r\n if (sessionCookie) {\r\n const result = await verifyFirebaseToken(sessionCookie, true)\r\n if (result.valid) {\r\n const user: User = {\r\n uid: result.uid ?? '',\r\n email: result.email || null,\r\n authTime: result.authTime\r\n }\r\n return { user, error: null }\r\n }\r\n }\r\n\r\n // Fallback to ID token\r\n const idToken = cookieStore.get(\"_session_token\")?.value\r\n if (idToken) {\r\n const result = await verifyFirebaseToken(idToken, false)\r\n if (result.valid) {\r\n const user: User = {\r\n uid: result.uid ?? '',\r\n email: result.email || null,\r\n authTime: result.authTime\r\n }\r\n return { user, error: null }\r\n }\r\n }\r\n\r\n return {\r\n user: null,\r\n error: new TernSecureError('UNAUTHENTICATED', 'No valid session found')\r\n }\r\n\r\n } catch (error) {\r\n console.error(\"Error in Auth:\", error)\r\n if (error instanceof TernSecureError) {\r\n return {\r\n user: null,\r\n error\r\n }\r\n }\r\n return {\r\n user: null,\r\n error: new TernSecureError('INTERNAL_ERROR', 'An unexpected error occurred')\r\n }\r\n }\r\n })\r\n\r\n/**\r\n * Type guard to check if user is authenticated\r\n */\r\nexport const isAuthenticated = cache(async (): Promise<boolean> => {\r\n const { user } = await auth()\r\n return user !== null\r\n})\r\n\r\n/**\r\n * Get user info from auth result\r\n */\r\nexport const getUser = cache(async (): Promise<User | null> => {\r\n const { user } = await auth()\r\n return user\r\n})\r\n\r\n/**\r\n * Require authentication\r\n * Throws error if not authenticated\r\n */\r\nexport const requireAuth = cache(async (): Promise<User> => {\r\n const { user, error } = await auth()\r\n\r\n if (!user) {\r\n throw error || new Error(\"Authentication required\")\r\n }\r\n\r\n return user\r\n})"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAsB;AACtB,qBAAwB;AAExB,sBAAoC;AACpC,oBAAgC;AAYzB,MAAM,WAAO,oBAAM,YAAiC;AACzD,MAAI;AAEH,YAAQ,IAAI,8BAA8B;AAC1C,UAAM,cAAc,UAAM,wBAAQ;AAGjC,UAAM,gBAAgB,YAAY,IAAI,iBAAiB,GAAG;AAC1D,QAAI,eAAe;AACjB,YAAM,SAAS,UAAM,qCAAoB,eAAe,IAAI;AAC5D,UAAI,OAAO,OAAO;AAChB,cAAM,OAAa;AAAA,UACjB,KAAK,OAAO,OAAO;AAAA,UACnB,OAAO,OAAO,SAAS;AAAA,UACvB,UAAU,OAAO;AAAA,QACnB;AACA,eAAO,EAAE,MAAM,OAAO,KAAK;AAAA,MAC7B;AAAA,IACF;AAGA,UAAM,UAAU,YAAY,IAAI,gBAAgB,GAAG;AACnD,QAAI,SAAS;AACX,YAAM,SAAS,UAAM,qCAAoB,SAAS,KAAK;AACvD,UAAI,OAAO,OAAO;AAChB,cAAM,OAAa;AAAA,UACjB,KAAK,OAAO,OAAO;AAAA,UACnB,OAAO,OAAO,SAAS;AAAA,UACvB,UAAU,OAAO;AAAA,QACnB;AACA,eAAO,EAAE,MAAM,OAAO,KAAK;AAAA,MAC7B;AAAA,IACF;AAEE,WAAO;AAAA,MACH,MAAM;AAAA,MACN,OAAO,IAAI,8BAAgB,mBAAmB,wBAAwB;AAAA,IAC1E;AAAA,EAEF,SAAS,OAAO;AACd,YAAQ,MAAM,kBAAkB,KAAK;AACrC,QAAI,iBAAiB,+BAAiB;AACpC,aAAO;AAAA,QACL,MAAM;AAAA,QACN;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,OAAO,IAAI,8BAAgB,kBAAkB,8BAA8B;AAAA,IAC7E;AAAA,EACF;AACF,CAAC;AAKI,MAAM,sBAAkB,oBAAM,YAA+B;AAClE,QAAM,EAAE,KAAK,IAAI,MAAM,KAAK;AAC5B,SAAO,SAAS;AAClB,CAAC;AAKM,MAAM,cAAU,oBAAM,YAAkC;AAC7D,QAAM,EAAE,KAAK,IAAI,MAAM,KAAK;AAC5B,SAAO;AACT,CAAC;AAMM,MAAM,kBAAc,oBAAM,YAA2B;AAC1D,QAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK;AAEnC,MAAI,CAAC,MAAM;AACT,UAAM,SAAS,IAAI,MAAM,yBAAyB;AAAA,EACpD;AAEA,SAAO;AACT,CAAC;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/crypto.ts"],"sourcesContent":["const ENCRYPTION_KEY = process.env.TERN_ENCRYPTION_KEY || \"default-key-32-chars-exactly!!!!!\"\n\n// Simple encryption for cookie data\nexport function encrypt(text: string): string {\n const textBytes = new TextEncoder().encode(text)\n const encrypted = textBytes.map((byte, i) => byte ^ ENCRYPTION_KEY.charCodeAt(i % ENCRYPTION_KEY.length))\n return Buffer.from(encrypted).toString(\"base64url\")\n}\n\nexport function decrypt(encoded: string): string {\n const encrypted = Buffer.from(encoded, \"base64url\")\n const decrypted = new Uint8Array(encrypted).map(\n (byte, i) => byte ^ ENCRYPTION_KEY.charCodeAt(i % ENCRYPTION_KEY.length),\n )\n return new TextDecoder().decode(decrypted)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAAM,iBAAiB,QAAQ,IAAI,uBAAuB;AAGnD,SAAS,QAAQ,MAAsB;AAC5C,QAAM,YAAY,IAAI,YAAY,EAAE,OAAO,IAAI;AAC/C,QAAM,YAAY,UAAU,IAAI,CAAC,MAAM,MAAM,OAAO,eAAe,WAAW,IAAI,eAAe,MAAM,CAAC;AACxG,SAAO,OAAO,KAAK,SAAS,EAAE,SAAS,WAAW;AACpD;AAEO,SAAS,QAAQ,SAAyB;AAC/C,QAAM,YAAY,OAAO,KAAK,SAAS,WAAW;AAClD,QAAM,YAAY,IAAI,WAAW,SAAS,EAAE;AAAA,IAC1C,CAAC,MAAM,MAAM,OAAO,eAAe,WAAW,IAAI,eAAe,MAAM;AAAA,EACzE;AACA,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/crypto.ts"],"sourcesContent":["const ENCRYPTION_KEY = process.env.TERN_ENCRYPTION_KEY || \"default-key-32-chars-exactly!!!!!\"\r\n\r\n// Simple encryption for cookie data\r\nexport function encrypt(text: string): string {\r\n const textBytes = new TextEncoder().encode(text)\r\n const encrypted = textBytes.map((byte, i) => byte ^ ENCRYPTION_KEY.charCodeAt(i % ENCRYPTION_KEY.length))\r\n return Buffer.from(encrypted).toString(\"base64url\")\r\n}\r\n\r\nexport function decrypt(encoded: string): string {\r\n const encrypted = Buffer.from(encoded, \"base64url\")\r\n const decrypted = new Uint8Array(encrypted).map(\r\n (byte, i) => byte ^ ENCRYPTION_KEY.charCodeAt(i % ENCRYPTION_KEY.length),\r\n )\r\n return new TextDecoder().decode(decrypted)\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAAM,iBAAiB,QAAQ,IAAI,uBAAuB;AAGnD,SAAS,QAAQ,MAAsB;AAC5C,QAAM,YAAY,IAAI,YAAY,EAAE,OAAO,IAAI;AAC/C,QAAM,YAAY,UAAU,IAAI,CAAC,MAAM,MAAM,OAAO,eAAe,WAAW,IAAI,eAAe,MAAM,CAAC;AACxG,SAAO,OAAO,KAAK,SAAS,EAAE,SAAS,WAAW;AACpD;AAEO,SAAS,QAAQ,SAAyB;AAC/C,QAAM,YAAY,OAAO,KAAK,SAAS,WAAW;AAClD,QAAM,YAAY,IAAI,WAAW,SAAS,EAAE;AAAA,IAC1C,CAAC,MAAM,MAAM,OAAO,eAAe,WAAW,IAAI,eAAe,MAAM;AAAA,EACzE;AACA,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;","names":[]}
|
|
@@ -50,10 +50,9 @@ class ContextStore {
|
|
|
50
50
|
return user;
|
|
51
51
|
}
|
|
52
52
|
static debug() {
|
|
53
|
-
var _a;
|
|
54
53
|
return {
|
|
55
54
|
sessionsCount: global.__ternSecure.sessions.size,
|
|
56
|
-
currentSessionId:
|
|
55
|
+
currentSessionId: global.__ternSecure.context?.sessionId || null,
|
|
57
56
|
sessions: Array.from(global.__ternSecure.sessions.entries())
|
|
58
57
|
};
|
|
59
58
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/ctx-store.ts"],"sourcesContent":["import type { User } from \"./types\"\n\ninterface RequestContext {\n user: UserVerificationRequirement\n sessionId: string\n}\n\n// Use Node.js global for server-side persistence\ndeclare global {\n var __ternSecure: {\n context: RequestContext | null\n sessions: Map<string, User>\n }\n}\n\n// Initialize global state if not exists\nif (typeof global.__ternSecure === 'undefined') {\n global.__ternSecure = {\n context: null,\n sessions: new Map(),\n }\n console.log(\"ContextStore: Initialized global state\")\n}\n\nexport class ContextStore {\n static setContext(context: RequestContext) {\n console.log(\"ContextStore: Setting context:\", context)\n global.__ternSecure.context = context\n console.log(\"ContextStore: Context set successfully\")\n }\n\n static getContext(): RequestContext | null {\n const context = global.__ternSecure.context\n console.log(\"ContextStore: Getting context:\", context)\n return context\n }\n\n static setSession(sessionId: string, user: User) {\n console.log(\"ContextStore: Setting session:\", { sessionId, user })\n global.__ternSecure.sessions.set(sessionId, user)\n console.log(\"ContextStore: Session set successfully\")\n }\n\n static getSession(sessionId: string): User | null {\n const user = global.__ternSecure.sessions.get(sessionId) || null\n console.log(\"ContextStore: Getting session:\", { sessionId, user })\n return user\n }\n\n static debug() {\n return {\n sessionsCount: global.__ternSecure.sessions.size,\n currentSessionId: global.__ternSecure.context?.sessionId || null,\n sessions: Array.from(global.__ternSecure.sessions.entries()),\n }\n }\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAgBA,IAAI,OAAO,OAAO,iBAAiB,aAAa;AAC5C,SAAO,eAAe;AAAA,IACpB,SAAS;AAAA,IACT,UAAU,oBAAI,IAAI;AAAA,EACpB;AACF,UAAQ,IAAI,wCAAwC;AACtD;AAEO,MAAM,aAAa;AAAA,EACxB,OAAO,WAAW,SAAyB;AACzC,YAAQ,IAAI,kCAAkC,OAAO;AACrD,WAAO,aAAa,UAAU;AAC9B,YAAQ,IAAI,wCAAwC;AAAA,EACtD;AAAA,EAEA,OAAO,aAAoC;AACzC,UAAM,UAAU,OAAO,aAAa;AACpC,YAAQ,IAAI,kCAAkC,OAAO;AACrD,WAAO;AAAA,EACT;AAAA,EAEA,OAAO,WAAW,WAAmB,MAAY;AAC/C,YAAQ,IAAI,kCAAkC,EAAE,WAAW,KAAK,CAAC;AACjE,WAAO,aAAa,SAAS,IAAI,WAAW,IAAI;AAChD,YAAQ,IAAI,wCAAwC;AAAA,EACtD;AAAA,EAEA,OAAO,WAAW,WAAgC;AAChD,UAAM,OAAO,OAAO,aAAa,SAAS,IAAI,SAAS,KAAK;AAC5D,YAAQ,IAAI,kCAAkC,EAAE,WAAW,KAAK,CAAC;AACjE,WAAO;AAAA,EACT;AAAA,EAEA,OAAO,QAAQ;
|
|
1
|
+
{"version":3,"sources":["../../../src/server/ctx-store.ts"],"sourcesContent":["import type { User } from \"./types\"\r\n\r\ninterface RequestContext {\r\n user: UserVerificationRequirement\r\n sessionId: string\r\n}\r\n\r\n// Use Node.js global for server-side persistence\r\ndeclare global {\r\n var __ternSecure: {\r\n context: RequestContext | null\r\n sessions: Map<string, User>\r\n }\r\n}\r\n\r\n// Initialize global state if not exists\r\nif (typeof global.__ternSecure === 'undefined') {\r\n global.__ternSecure = {\r\n context: null,\r\n sessions: new Map(),\r\n }\r\n console.log(\"ContextStore: Initialized global state\")\r\n}\r\n\r\nexport class ContextStore {\r\n static setContext(context: RequestContext) {\r\n console.log(\"ContextStore: Setting context:\", context)\r\n global.__ternSecure.context = context\r\n console.log(\"ContextStore: Context set successfully\")\r\n }\r\n\r\n static getContext(): RequestContext | null {\r\n const context = global.__ternSecure.context\r\n console.log(\"ContextStore: Getting context:\", context)\r\n return context\r\n }\r\n\r\n static setSession(sessionId: string, user: User) {\r\n console.log(\"ContextStore: Setting session:\", { sessionId, user })\r\n global.__ternSecure.sessions.set(sessionId, user)\r\n console.log(\"ContextStore: Session set successfully\")\r\n }\r\n\r\n static getSession(sessionId: string): User | null {\r\n const user = global.__ternSecure.sessions.get(sessionId) || null\r\n console.log(\"ContextStore: Getting session:\", { sessionId, user })\r\n return user\r\n }\r\n\r\n static debug() {\r\n return {\r\n sessionsCount: global.__ternSecure.sessions.size,\r\n currentSessionId: global.__ternSecure.context?.sessionId || null,\r\n sessions: Array.from(global.__ternSecure.sessions.entries()),\r\n }\r\n }\r\n}\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAgBA,IAAI,OAAO,OAAO,iBAAiB,aAAa;AAC5C,SAAO,eAAe;AAAA,IACpB,SAAS;AAAA,IACT,UAAU,oBAAI,IAAI;AAAA,EACpB;AACF,UAAQ,IAAI,wCAAwC;AACtD;AAEO,MAAM,aAAa;AAAA,EACxB,OAAO,WAAW,SAAyB;AACzC,YAAQ,IAAI,kCAAkC,OAAO;AACrD,WAAO,aAAa,UAAU;AAC9B,YAAQ,IAAI,wCAAwC;AAAA,EACtD;AAAA,EAEA,OAAO,aAAoC;AACzC,UAAM,UAAU,OAAO,aAAa;AACpC,YAAQ,IAAI,kCAAkC,OAAO;AACrD,WAAO;AAAA,EACT;AAAA,EAEA,OAAO,WAAW,WAAmB,MAAY;AAC/C,YAAQ,IAAI,kCAAkC,EAAE,WAAW,KAAK,CAAC;AACjE,WAAO,aAAa,SAAS,IAAI,WAAW,IAAI;AAChD,YAAQ,IAAI,wCAAwC;AAAA,EACtD;AAAA,EAEA,OAAO,WAAW,WAAgC;AAChD,UAAM,OAAO,OAAO,aAAa,SAAS,IAAI,SAAS,KAAK;AAC5D,YAAQ,IAAI,kCAAkC,EAAE,WAAW,KAAK,CAAC;AACjE,WAAO;AAAA,EACT;AAAA,EAEA,OAAO,QAAQ;AACb,WAAO;AAAA,MACL,eAAe,OAAO,aAAa,SAAS;AAAA,MAC5C,kBAAkB,OAAO,aAAa,SAAS,aAAa;AAAA,MAC5D,UAAU,MAAM,KAAK,OAAO,aAAa,SAAS,QAAQ,CAAC;AAAA,IAC7D;AAAA,EACF;AACF;","names":[]}
|
|
@@ -23,17 +23,16 @@ __export(edge_session_exports, {
|
|
|
23
23
|
module.exports = __toCommonJS(edge_session_exports);
|
|
24
24
|
var import_jwt_edge = require("./jwt-edge");
|
|
25
25
|
async function verifySession(request) {
|
|
26
|
-
var _a, _b, _c, _d, _e, _f;
|
|
27
26
|
try {
|
|
28
|
-
const sessionCookie =
|
|
29
|
-
const idToken =
|
|
27
|
+
const sessionCookie = request.cookies.get("_session_cookie")?.value;
|
|
28
|
+
const idToken = request.cookies.get("_session_token")?.value;
|
|
30
29
|
if (sessionCookie) {
|
|
31
30
|
const result = await (0, import_jwt_edge.verifyFirebaseToken)(sessionCookie, true);
|
|
32
31
|
if (result.valid) {
|
|
33
32
|
const user = {
|
|
34
|
-
uid:
|
|
33
|
+
uid: result.uid ?? "",
|
|
35
34
|
email: result.email || null,
|
|
36
|
-
emailVerified:
|
|
35
|
+
emailVerified: result.emailVerified ?? false,
|
|
37
36
|
authTime: result.authTime
|
|
38
37
|
};
|
|
39
38
|
return {
|
|
@@ -47,9 +46,9 @@ async function verifySession(request) {
|
|
|
47
46
|
const result = await (0, import_jwt_edge.verifyFirebaseToken)(idToken, false);
|
|
48
47
|
if (result.valid) {
|
|
49
48
|
const user = {
|
|
50
|
-
uid:
|
|
49
|
+
uid: result.uid ?? "",
|
|
51
50
|
email: result.email || null,
|
|
52
|
-
emailVerified:
|
|
51
|
+
emailVerified: result.emailVerified ?? false,
|
|
53
52
|
authTime: result.authTime
|
|
54
53
|
};
|
|
55
54
|
return {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/edge-session.ts"],"sourcesContent":["import { verifyFirebaseToken } from \"./jwt-edge\"\nimport type { NextRequest } from \"next/server\"\nimport type { SessionResult, User } from \"./types\"\n\n\n\nexport async function verifySession(request: NextRequest): Promise<SessionResult> {\n try {\n //const cookieStore = await cookies()\n\n // First try session cookie\n\n const sessionCookie = request.cookies.get(\"_session_cookie\")?.value\n const idToken = request.cookies.get(\"_session_token\")?.value\n\n //const sessionCookie = request.cookies.get(\"_session_cookie\")?.value\n if (sessionCookie) {\n const result = await verifyFirebaseToken(sessionCookie, true)\n if (result.valid) {\n const user: User = {\n uid: result.uid ?? '',\n email: result.email || null,\n emailVerified: result.emailVerified ?? false,\n authTime: result.authTime,\n }\n\n return {\n user,\n token: sessionCookie,\n sessionId: sessionCookie,\n }\n }\n }\n\n // Then try ID token\n //const idToken = request.cookies.get(\"_session_token\")?.value\n if (idToken) {\n const result = await verifyFirebaseToken(idToken, false)\n if (result.valid) {\n const user: User = {\n uid: result.uid ?? '',\n email: result.email || null,\n emailVerified: result.emailVerified ?? false,\n authTime: result.authTime,\n }\n\n\n return {\n user,\n token: idToken,\n sessionId: idToken,\n }\n }\n }\n\n return {\n user: null,\n token: null,\n sessionId: null,\n error: \"No valid session found\",\n }\n } catch (error) {\n console.error(\"Session verification error:\", error)\n return {\n user: null,\n token: null,\n sessionId: null,\n error: error instanceof Error ? error.message : \"Session verification failed\",\n }\n }\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAoC;AAMpC,eAAsB,cAAc,SAA8C;
|
|
1
|
+
{"version":3,"sources":["../../../src/server/edge-session.ts"],"sourcesContent":["import { verifyFirebaseToken } from \"./jwt-edge\"\r\nimport type { NextRequest } from \"next/server\"\r\nimport type { SessionResult, User } from \"./types\"\r\n\r\n\r\n\r\nexport async function verifySession(request: NextRequest): Promise<SessionResult> {\r\n try {\r\n //const cookieStore = await cookies()\r\n\r\n // First try session cookie\r\n\r\n const sessionCookie = request.cookies.get(\"_session_cookie\")?.value\r\n const idToken = request.cookies.get(\"_session_token\")?.value\r\n\r\n //const sessionCookie = request.cookies.get(\"_session_cookie\")?.value\r\n if (sessionCookie) {\r\n const result = await verifyFirebaseToken(sessionCookie, true)\r\n if (result.valid) {\r\n const user: User = {\r\n uid: result.uid ?? '',\r\n email: result.email || null,\r\n emailVerified: result.emailVerified ?? false,\r\n authTime: result.authTime,\r\n }\r\n\r\n return {\r\n user,\r\n token: sessionCookie,\r\n sessionId: sessionCookie,\r\n }\r\n }\r\n }\r\n\r\n // Then try ID token\r\n //const idToken = request.cookies.get(\"_session_token\")?.value\r\n if (idToken) {\r\n const result = await verifyFirebaseToken(idToken, false)\r\n if (result.valid) {\r\n const user: User = {\r\n uid: result.uid ?? '',\r\n email: result.email || null,\r\n emailVerified: result.emailVerified ?? false,\r\n authTime: result.authTime,\r\n }\r\n\r\n\r\n return {\r\n user,\r\n token: idToken,\r\n sessionId: idToken,\r\n }\r\n }\r\n }\r\n\r\n return {\r\n user: null,\r\n token: null,\r\n sessionId: null,\r\n error: \"No valid session found\",\r\n }\r\n } catch (error) {\r\n console.error(\"Session verification error:\", error)\r\n return {\r\n user: null,\r\n token: null,\r\n sessionId: null,\r\n error: error instanceof Error ? error.message : \"Session verification failed\",\r\n }\r\n }\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAoC;AAMpC,eAAsB,cAAc,SAA8C;AAChF,MAAI;AAKF,UAAM,gBAAgB,QAAQ,QAAQ,IAAI,iBAAiB,GAAG;AAC9D,UAAM,UAAU,QAAQ,QAAQ,IAAI,gBAAgB,GAAG;AAGvD,QAAI,eAAe;AACjB,YAAM,SAAS,UAAM,qCAAoB,eAAe,IAAI;AAC5D,UAAI,OAAO,OAAO;AACd,cAAM,OAAa;AAAA,UACjB,KAAK,OAAO,OAAO;AAAA,UACnB,OAAO,OAAO,SAAS;AAAA,UACvB,eAAe,OAAO,iBAAiB;AAAA,UACvC,UAAU,OAAO;AAAA,QACrB;AAEA,eAAO;AAAA,UACL;AAAA,UACA,OAAO;AAAA,UACP,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF;AAIA,QAAI,SAAS;AACX,YAAM,SAAS,UAAM,qCAAoB,SAAS,KAAK;AACvD,UAAI,OAAO,OAAO;AAChB,cAAM,OAAc;AAAA,UAChB,KAAK,OAAO,OAAO;AAAA,UACnB,OAAO,OAAO,SAAS;AAAA,UACvB,eAAe,OAAO,iBAAiB;AAAA,UACvC,UAAU,OAAO;AAAA,QACrB;AAGA,eAAO;AAAA,UACL;AAAA,UACA,OAAO;AAAA,UACP,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,OAAO;AAAA,MACP,WAAW;AAAA,MACX,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO;AAAA,MACL,MAAM;AAAA,MACN,OAAO;AAAA,MACP,WAAW;AAAA,MACX,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export { ternSecureMiddleware, createRouteMatcher } from './ternSecureMiddleware'\nexport { auth, getUser, type AuthResult } from './auth'\nexport type { User, SessionResult } from './types'"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kCAAyD;AACzD,kBAA+C;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export { ternSecureMiddleware, createRouteMatcher } from './ternSecureMiddleware'\r\nexport { auth, getUser, type AuthResult } from './auth'\r\nexport type { User, SessionResult } from './types'"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kCAAyD;AACzD,kBAA+C;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/jwt-edge.ts"],"sourcesContent":["import { jwtVerify, createRemoteJWKSet } from \"jose\"\nimport { cache } from \"react\"\n\ninterface FirebaseIdTokenPayload {\n iss: string\n aud: string\n auth_time: number\n user_id: string\n sub: string\n iat: number\n exp: number\n email?: string\n email_verified?: boolean\n firebase: {\n identities: {\n [key: string]: any\n }\n sign_in_provider: string\n }\n}\n\n// Firebase public key endpoints\nconst FIREBASE_ID_TOKEN_URL = \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\"\nconst FIREBASE_SESSION_CERT_URL = \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\"\n\n// Cache the JWKS using React cache\nconst getIdTokenJWKS = cache(() => {\n return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\n cacheMaxAge: 3600000, // 1 hour\n timeoutDuration: 5000, // 5 seconds\n cooldownDuration: 30000, // 30 seconds between retries\n })\n})\n\nconst getSessionJWKS = cache(() => {\n return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\n cacheMaxAge: 3600000, // 1 hour\n timeoutDuration: 5000, // 5 seconds\n cooldownDuration: 30000, // 30 seconds between retries\n })\n})\n\n// Helper to decode JWT without verification\nfunction decodeJwt(token: string) {\n try {\n const [headerB64, payloadB64] = token.split(\".\")\n const header = JSON.parse(Buffer.from(headerB64, \"base64\").toString())\n const payload = JSON.parse(Buffer.from(payloadB64, \"base64\").toString())\n return { header, payload }\n } catch (error) {\n console.error(\"Error decoding JWT:\", error)\n return null\n }\n}\n\nexport async function verifyFirebaseToken(token: string, isSessionCookie = false) {\n try {\n const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID\n if (!projectId) {\n throw new Error(\"Firebase Project ID is not configured\")\n }\n\n // Decode token for debugging and type checking\n const decoded = decodeJwt(token)\n if (!decoded) {\n throw new Error(\"Invalid token format\")\n }\n\n console.log(\"Token details:\", {\n header: decoded.header,\n type: isSessionCookie ? \"session_cookie\" : \"id_token\",\n })\n\n\n // Use different JWKS based on token type\n const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS()\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: isSessionCookie\n ? \"https://session.firebase.google.com/\" + projectId\n : \"https://securetoken.google.com/\" + projectId,\n audience: projectId,\n algorithms: [\"RS256\"],\n })\n\n const firebasePayload = payload as unknown as FirebaseIdTokenPayload\n const now = Math.floor(Date.now() / 1000)\n\n\n if (!firebasePayload.sub) {\n throw new Error(\"Token subject is empty\")\n }\n\n return {\n valid: true,\n uid: firebasePayload.sub,\n email: firebasePayload.email,\n emailVerified: firebasePayload.email_verified,\n authTime: firebasePayload.auth_time,\n issuedAt: firebasePayload.iat,\n expiresAt: firebasePayload.exp,\n }\n } catch (error) {\n console.error(\"Token verification details:\", {\n error:\n error instanceof Error\n ? {\n name: error.name,\n message: error.message,\n stack: error.stack,\n }\n : error,\n decoded: decodeJwt(token),\n //projectId,\n isSessionCookie,\n })\n \n return {\n valid: false,\n error: error instanceof Error ? error.message : \"Invalid token\",\n }\n }\n }"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA8C;AAC9C,mBAAsB;AAqBtB,MAAM,wBAAwB;AAC9B,MAAM,4BAA4B;AAGlC,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,IACxD,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAED,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,IAC5D,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAGD,SAAS,UAAU,OAAe;AAChC,MAAI;AACF,UAAM,CAAC,WAAW,UAAU,IAAI,MAAM,MAAM,GAAG;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO,KAAK,WAAW,QAAQ,EAAE,SAAS,CAAC;AACrE,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,CAAC;AACvE,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B,SAAS,OAAO;AACd,YAAQ,MAAM,uBAAuB,KAAK;AAC1C,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,oBAAoB,OAAe,kBAAkB,OAAO;AAChF,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAGA,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,YAAQ,IAAI,kBAAkB;AAAA,MAC5B,QAAQ,QAAQ;AAAA,MAChB,MAAM,kBAAkB,mBAAmB;AAAA,IAC7C,CAAC;AAID,UAAM,OAAO,kBAAkB,MAAM,eAAe,IAAI,MAAM,eAAe;AAE7E,UAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,OAAO,MAAM;AAAA,MAC3C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,MACxC,UAAU;AAAA,MACV,YAAY,CAAC,OAAO;AAAA,IAC1B,CAAC;AAED,UAAM,kBAAkB;AACxB,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAGxC,QAAI,CAAC,gBAAgB,KAAK;AACpB,YAAM,IAAI,MAAM,wBAAwB;AAAA,IAC9C;AAEA,WAAO;AAAA,MACD,OAAO;AAAA,MACP,KAAK,gBAAgB;AAAA,MACrB,OAAO,gBAAgB;AAAA,MACvB,eAAe,gBAAgB;AAAA,MAC/B,UAAU,gBAAgB;AAAA,MAC1B,UAAU,gBAAgB;AAAA,MAC1B,WAAW,gBAAgB;AAAA,IAC7B;AAAA,EACJ,SAAS,OAAO;AACZ,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,SAAS,UAAU,KAAK;AAAA;AAAA,MAExB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/jwt-edge.ts"],"sourcesContent":["import { jwtVerify, createRemoteJWKSet } from \"jose\"\r\nimport { cache } from \"react\"\r\n\r\ninterface FirebaseIdTokenPayload {\r\n iss: string\r\n aud: string\r\n auth_time: number\r\n user_id: string\r\n sub: string\r\n iat: number\r\n exp: number\r\n email?: string\r\n email_verified?: boolean\r\n firebase: {\r\n identities: {\r\n [key: string]: any\r\n }\r\n sign_in_provider: string\r\n }\r\n}\r\n\r\n// Firebase public key endpoints\r\nconst FIREBASE_ID_TOKEN_URL = \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\"\r\nconst FIREBASE_SESSION_CERT_URL = \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\"\r\n\r\n// Cache the JWKS using React cache\r\nconst getIdTokenJWKS = cache(() => {\r\n return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\r\n cacheMaxAge: 3600000, // 1 hour\r\n timeoutDuration: 5000, // 5 seconds\r\n cooldownDuration: 30000, // 30 seconds between retries\r\n })\r\n})\r\n\r\nconst getSessionJWKS = cache(() => {\r\n return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\r\n cacheMaxAge: 3600000, // 1 hour\r\n timeoutDuration: 5000, // 5 seconds\r\n cooldownDuration: 30000, // 30 seconds between retries\r\n })\r\n})\r\n\r\n// Helper to decode JWT without verification\r\nfunction decodeJwt(token: string) {\r\n try {\r\n const [headerB64, payloadB64] = token.split(\".\")\r\n const header = JSON.parse(Buffer.from(headerB64, \"base64\").toString())\r\n const payload = JSON.parse(Buffer.from(payloadB64, \"base64\").toString())\r\n return { header, payload }\r\n } catch (error) {\r\n console.error(\"Error decoding JWT:\", error)\r\n return null\r\n }\r\n}\r\n\r\nexport async function verifyFirebaseToken(token: string, isSessionCookie = false) {\r\n try {\r\n const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID\r\n if (!projectId) {\r\n throw new Error(\"Firebase Project ID is not configured\")\r\n }\r\n\r\n // Decode token for debugging and type checking\r\n const decoded = decodeJwt(token)\r\n if (!decoded) {\r\n throw new Error(\"Invalid token format\")\r\n }\r\n\r\n console.log(\"Token details:\", {\r\n header: decoded.header,\r\n type: isSessionCookie ? \"session_cookie\" : \"id_token\",\r\n })\r\n\r\n\r\n // Use different JWKS based on token type\r\n const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS()\r\n\r\n const { payload } = await jwtVerify(token, JWKS, {\r\n issuer: isSessionCookie\r\n ? \"https://session.firebase.google.com/\" + projectId\r\n : \"https://securetoken.google.com/\" + projectId,\r\n audience: projectId,\r\n algorithms: [\"RS256\"],\r\n })\r\n\r\n const firebasePayload = payload as unknown as FirebaseIdTokenPayload\r\n const now = Math.floor(Date.now() / 1000)\r\n\r\n\r\n if (!firebasePayload.sub) {\r\n throw new Error(\"Token subject is empty\")\r\n }\r\n\r\n return {\r\n valid: true,\r\n uid: firebasePayload.sub,\r\n email: firebasePayload.email,\r\n emailVerified: firebasePayload.email_verified,\r\n authTime: firebasePayload.auth_time,\r\n issuedAt: firebasePayload.iat,\r\n expiresAt: firebasePayload.exp,\r\n }\r\n } catch (error) {\r\n console.error(\"Token verification details:\", {\r\n error:\r\n error instanceof Error\r\n ? {\r\n name: error.name,\r\n message: error.message,\r\n stack: error.stack,\r\n }\r\n : error,\r\n decoded: decodeJwt(token),\r\n //projectId,\r\n isSessionCookie,\r\n })\r\n \r\n return {\r\n valid: false,\r\n error: error instanceof Error ? error.message : \"Invalid token\",\r\n }\r\n }\r\n }"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA8C;AAC9C,mBAAsB;AAqBtB,MAAM,wBAAwB;AAC9B,MAAM,4BAA4B;AAGlC,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,IACxD,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAED,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,IAC5D,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAGD,SAAS,UAAU,OAAe;AAChC,MAAI;AACF,UAAM,CAAC,WAAW,UAAU,IAAI,MAAM,MAAM,GAAG;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO,KAAK,WAAW,QAAQ,EAAE,SAAS,CAAC;AACrE,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,CAAC;AACvE,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B,SAAS,OAAO;AACd,YAAQ,MAAM,uBAAuB,KAAK;AAC1C,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,oBAAoB,OAAe,kBAAkB,OAAO;AAChF,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAGA,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,YAAQ,IAAI,kBAAkB;AAAA,MAC5B,QAAQ,QAAQ;AAAA,MAChB,MAAM,kBAAkB,mBAAmB;AAAA,IAC7C,CAAC;AAID,UAAM,OAAO,kBAAkB,MAAM,eAAe,IAAI,MAAM,eAAe;AAE7E,UAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,OAAO,MAAM;AAAA,MAC3C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,MACxC,UAAU;AAAA,MACV,YAAY,CAAC,OAAO;AAAA,IAC1B,CAAC;AAED,UAAM,kBAAkB;AACxB,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAGxC,QAAI,CAAC,gBAAgB,KAAK;AACpB,YAAM,IAAI,MAAM,wBAAwB;AAAA,IAC9C;AAEA,WAAO;AAAA,MACD,OAAO;AAAA,MACP,KAAK,gBAAgB;AAAA,MACrB,OAAO,gBAAgB;AAAA,MACvB,eAAe,gBAAgB;AAAA,MAC/B,UAAU,gBAAgB;AAAA,MAC1B,UAAU,gBAAgB;AAAA,MAC1B,WAAW,gBAAgB;AAAA,IAC7B;AAAA,EACJ,SAAS,OAAO;AACZ,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,SAAS,UAAU,KAAK;AAAA;AAAA,MAExB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/jwt.ts"],"sourcesContent":["import { jwtVerify, createRemoteJWKSet } from \"jose\"\nimport { cache } from \"react\"\n\ninterface FirebaseIdTokenPayload {\n iss: string\n aud: string\n auth_time: number\n user_id: string\n sub: string\n iat: number\n exp: number\n email?: string\n email_verified?: boolean\n firebase: {\n identities: {\n [key: string]: any\n }\n sign_in_provider: string\n }\n}\n\n// Firebase public key endpoints\nconst FIREBASE_ID_TOKEN_URL = \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\"\nconst FIREBASE_SESSION_CERT_URL = \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\"\n\n// Cache the JWKS using React cache\nconst getIdTokenJWKS = cache(() => {\n return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\n cacheMaxAge: 3600000, // 1 hour\n timeoutDuration: 5000, // 5 seconds\n cooldownDuration: 30000, // 30 seconds between retries\n })\n})\n\nconst getSessionJWKS = cache(() => {\n return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\n cacheMaxAge: 3600000, // 1 hour\n timeoutDuration: 5000, // 5 seconds\n cooldownDuration: 30000, // 30 seconds between retries\n })\n})\n\n// Helper to decode JWT without verification\nfunction decodeJwt(token: string) {\n try {\n const [headerB64, payloadB64] = token.split(\".\")\n const header = JSON.parse(Buffer.from(headerB64, \"base64\").toString())\n const payload = JSON.parse(Buffer.from(payloadB64, \"base64\").toString())\n return { header, payload }\n } catch (error) {\n console.error(\"Error decoding JWT:\", error)\n return null\n }\n}\n\nexport async function verifyFirebaseToken(token: string, isSessionCookie = false) {\n try {\n const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID\n if (!projectId) {\n throw new Error(\"Firebase Project ID is not configured\")\n }\n\n // Decode token for debugging and type checking\n const decoded = decodeJwt(token)\n if (!decoded) {\n throw new Error(\"Invalid token format\")\n }\n\n console.log(\"Token details:\", {\n header: decoded.header,\n type: isSessionCookie ? \"session_cookie\" : \"id_token\",\n })\n\n let retries = 3\n let lastError: Error | null = null\n\n while (retries > 0) {\n try {\n // Use different JWKS based on token type\n const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS()\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: isSessionCookie\n ? \"https://session.firebase.google.com/\" + projectId\n : \"https://securetoken.google.com/\" + projectId,\n audience: projectId,\n algorithms: [\"RS256\"],\n })\n\n const firebasePayload = payload as unknown as FirebaseIdTokenPayload\n\n if (!firebasePayload.sub) {\n throw new Error(\"Token subject is empty\")\n }\n\n return {\n valid: true,\n uid: firebasePayload.sub,\n email: firebasePayload.email,\n emailVerified: firebasePayload.email_verified,\n authTime: firebasePayload.auth_time,\n issuedAt: firebasePayload.iat,\n expiresAt: firebasePayload.exp,\n }\n } catch (error) {\n lastError = error as Error\n if (error instanceof Error && error.name === \"JWKSNoMatchingKey\") {\n console.warn(`JWKS retry attempt ${4 - retries}:`, error.message)\n retries--\n if (retries > 0) {\n await new Promise((resolve) => setTimeout(resolve, 1000))\n continue\n }\n }\n throw error\n }\n }\n\n throw lastError || new Error(\"Failed to verify token after retries\")\n } catch (error) {\n console.error(\"Token verification details:\", {\n error:\n error instanceof Error\n ? {\n name: error.name,\n message: error.message,\n stack: error.stack,\n }\n : error,\n decoded: decodeJwt(token),\n //projectId,\n isSessionCookie,\n })\n\n return {\n valid: false,\n error: error instanceof Error ? error.message : \"Invalid token\",\n }\n }\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA8C;AAC9C,mBAAsB;AAqBtB,MAAM,wBAAwB;AAC9B,MAAM,4BAA4B;AAGlC,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,IACxD,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAED,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,IAC5D,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAGD,SAAS,UAAU,OAAe;AAChC,MAAI;AACF,UAAM,CAAC,WAAW,UAAU,IAAI,MAAM,MAAM,GAAG;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO,KAAK,WAAW,QAAQ,EAAE,SAAS,CAAC;AACrE,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,CAAC;AACvE,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B,SAAS,OAAO;AACd,YAAQ,MAAM,uBAAuB,KAAK;AAC1C,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,oBAAoB,OAAe,kBAAkB,OAAO;AAChF,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAGA,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,YAAQ,IAAI,kBAAkB;AAAA,MAC5B,QAAQ,QAAQ;AAAA,MAChB,MAAM,kBAAkB,mBAAmB;AAAA,IAC7C,CAAC;AAED,QAAI,UAAU;AACd,QAAI,YAA0B;AAE9B,WAAO,UAAU,GAAG;AAClB,UAAI;AAEF,cAAM,OAAO,kBAAkB,MAAM,eAAe,IAAI,MAAM,eAAe;AAE7E,cAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,OAAO,MAAM;AAAA,UAC/C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,UACxC,UAAU;AAAA,UACV,YAAY,CAAC,OAAO;AAAA,QACtB,CAAC;AAED,cAAM,kBAAkB;AAExB,YAAI,CAAC,gBAAgB,KAAK;AACxB,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C;AAEA,eAAO;AAAA,UACL,OAAO;AAAA,UACP,KAAK,gBAAgB;AAAA,UACrB,OAAO,gBAAgB;AAAA,UACvB,eAAe,gBAAgB;AAAA,UAC/B,UAAU,gBAAgB;AAAA,UAC1B,UAAU,gBAAgB;AAAA,UAC1B,WAAW,gBAAgB;AAAA,QAC7B;AAAA,MACF,SAAS,OAAO;AACd,oBAAY;AACZ,YAAI,iBAAiB,SAAS,MAAM,SAAS,qBAAqB;AAChE,kBAAQ,KAAK,sBAAsB,IAAI,OAAO,KAAK,MAAM,OAAO;AAChE;AACA,cAAI,UAAU,GAAG;AACf,kBAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,GAAI,CAAC;AACxD;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,sCAAsC;AAAA,EACrE,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,SAAS,UAAU,KAAK;AAAA;AAAA,MAExB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/jwt.ts"],"sourcesContent":["import { jwtVerify, createRemoteJWKSet } from \"jose\"\r\nimport { cache } from \"react\"\r\n\r\ninterface FirebaseIdTokenPayload {\r\n iss: string\r\n aud: string\r\n auth_time: number\r\n user_id: string\r\n sub: string\r\n iat: number\r\n exp: number\r\n email?: string\r\n email_verified?: boolean\r\n firebase: {\r\n identities: {\r\n [key: string]: any\r\n }\r\n sign_in_provider: string\r\n }\r\n}\r\n\r\n// Firebase public key endpoints\r\nconst FIREBASE_ID_TOKEN_URL = \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\"\r\nconst FIREBASE_SESSION_CERT_URL = \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\"\r\n\r\n// Cache the JWKS using React cache\r\nconst getIdTokenJWKS = cache(() => {\r\n return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\r\n cacheMaxAge: 3600000, // 1 hour\r\n timeoutDuration: 5000, // 5 seconds\r\n cooldownDuration: 30000, // 30 seconds between retries\r\n })\r\n})\r\n\r\nconst getSessionJWKS = cache(() => {\r\n return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\r\n cacheMaxAge: 3600000, // 1 hour\r\n timeoutDuration: 5000, // 5 seconds\r\n cooldownDuration: 30000, // 30 seconds between retries\r\n })\r\n})\r\n\r\n// Helper to decode JWT without verification\r\nfunction decodeJwt(token: string) {\r\n try {\r\n const [headerB64, payloadB64] = token.split(\".\")\r\n const header = JSON.parse(Buffer.from(headerB64, \"base64\").toString())\r\n const payload = JSON.parse(Buffer.from(payloadB64, \"base64\").toString())\r\n return { header, payload }\r\n } catch (error) {\r\n console.error(\"Error decoding JWT:\", error)\r\n return null\r\n }\r\n}\r\n\r\nexport async function verifyFirebaseToken(token: string, isSessionCookie = false) {\r\n try {\r\n const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID\r\n if (!projectId) {\r\n throw new Error(\"Firebase Project ID is not configured\")\r\n }\r\n\r\n // Decode token for debugging and type checking\r\n const decoded = decodeJwt(token)\r\n if (!decoded) {\r\n throw new Error(\"Invalid token format\")\r\n }\r\n\r\n console.log(\"Token details:\", {\r\n header: decoded.header,\r\n type: isSessionCookie ? \"session_cookie\" : \"id_token\",\r\n })\r\n\r\n let retries = 3\r\n let lastError: Error | null = null\r\n\r\n while (retries > 0) {\r\n try {\r\n // Use different JWKS based on token type\r\n const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS()\r\n\r\n const { payload } = await jwtVerify(token, JWKS, {\r\n issuer: isSessionCookie\r\n ? \"https://session.firebase.google.com/\" + projectId\r\n : \"https://securetoken.google.com/\" + projectId,\r\n audience: projectId,\r\n algorithms: [\"RS256\"],\r\n })\r\n\r\n const firebasePayload = payload as unknown as FirebaseIdTokenPayload\r\n\r\n if (!firebasePayload.sub) {\r\n throw new Error(\"Token subject is empty\")\r\n }\r\n\r\n return {\r\n valid: true,\r\n uid: firebasePayload.sub,\r\n email: firebasePayload.email,\r\n emailVerified: firebasePayload.email_verified,\r\n authTime: firebasePayload.auth_time,\r\n issuedAt: firebasePayload.iat,\r\n expiresAt: firebasePayload.exp,\r\n }\r\n } catch (error) {\r\n lastError = error as Error\r\n if (error instanceof Error && error.name === \"JWKSNoMatchingKey\") {\r\n console.warn(`JWKS retry attempt ${4 - retries}:`, error.message)\r\n retries--\r\n if (retries > 0) {\r\n await new Promise((resolve) => setTimeout(resolve, 1000))\r\n continue\r\n }\r\n }\r\n throw error\r\n }\r\n }\r\n\r\n throw lastError || new Error(\"Failed to verify token after retries\")\r\n } catch (error) {\r\n console.error(\"Token verification details:\", {\r\n error:\r\n error instanceof Error\r\n ? {\r\n name: error.name,\r\n message: error.message,\r\n stack: error.stack,\r\n }\r\n : error,\r\n decoded: decodeJwt(token),\r\n //projectId,\r\n isSessionCookie,\r\n })\r\n\r\n return {\r\n valid: false,\r\n error: error instanceof Error ? error.message : \"Invalid token\",\r\n }\r\n }\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA8C;AAC9C,mBAAsB;AAqBtB,MAAM,wBAAwB;AAC9B,MAAM,4BAA4B;AAGlC,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,IACxD,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAED,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,IAC5D,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAGD,SAAS,UAAU,OAAe;AAChC,MAAI;AACF,UAAM,CAAC,WAAW,UAAU,IAAI,MAAM,MAAM,GAAG;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO,KAAK,WAAW,QAAQ,EAAE,SAAS,CAAC;AACrE,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,CAAC;AACvE,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B,SAAS,OAAO;AACd,YAAQ,MAAM,uBAAuB,KAAK;AAC1C,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,oBAAoB,OAAe,kBAAkB,OAAO;AAChF,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAGA,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,YAAQ,IAAI,kBAAkB;AAAA,MAC5B,QAAQ,QAAQ;AAAA,MAChB,MAAM,kBAAkB,mBAAmB;AAAA,IAC7C,CAAC;AAED,QAAI,UAAU;AACd,QAAI,YAA0B;AAE9B,WAAO,UAAU,GAAG;AAClB,UAAI;AAEF,cAAM,OAAO,kBAAkB,MAAM,eAAe,IAAI,MAAM,eAAe;AAE7E,cAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,OAAO,MAAM;AAAA,UAC/C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,UACxC,UAAU;AAAA,UACV,YAAY,CAAC,OAAO;AAAA,QACtB,CAAC;AAED,cAAM,kBAAkB;AAExB,YAAI,CAAC,gBAAgB,KAAK;AACxB,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C;AAEA,eAAO;AAAA,UACL,OAAO;AAAA,UACP,KAAK,gBAAgB;AAAA,UACrB,OAAO,gBAAgB;AAAA,UACvB,eAAe,gBAAgB;AAAA,UAC/B,UAAU,gBAAgB;AAAA,UAC1B,UAAU,gBAAgB;AAAA,UAC1B,WAAW,gBAAgB;AAAA,QAC7B;AAAA,MACF,SAAS,OAAO;AACd,oBAAY;AACZ,YAAI,iBAAiB,SAAS,MAAM,SAAS,qBAAqB;AAChE,kBAAQ,KAAK,sBAAsB,IAAI,OAAO,KAAK,MAAM,OAAO;AAChE;AACA,cAAI,UAAU,GAAG;AACf,kBAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,GAAI,CAAC;AACxD;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,sCAAsC;AAAA,EACrE,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,SAAS,UAAU,KAAK;AAAA;AAAA,MAExB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}
|
|
@@ -24,8 +24,10 @@ __export(session_store_exports, {
|
|
|
24
24
|
module.exports = __toCommonJS(session_store_exports);
|
|
25
25
|
var import_react = require("react");
|
|
26
26
|
class SessionStore {
|
|
27
|
+
static instance;
|
|
28
|
+
sessions;
|
|
29
|
+
currentSessionId = null;
|
|
27
30
|
constructor() {
|
|
28
|
-
this.currentSessionId = null;
|
|
29
31
|
this.sessions = /* @__PURE__ */ new Map();
|
|
30
32
|
}
|
|
31
33
|
static getInstance() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/session-store.ts"],"sourcesContent":["import { cache } from \"react\"\nimport type { User } from \"./types\"\n\n/**\n * Simple in-memory session store\n * In a real app, this would be backed by Redis/etc\n */\nclass SessionStore {\n private static instance: SessionStore\n private sessions: Map<string, User>\n private currentSessionId: string | null = null\n\n private constructor() {\n this.sessions = new Map()\n }\n\n static getInstance(): SessionStore {\n if (!SessionStore.instance) {\n SessionStore.instance = new SessionStore()\n }\n return SessionStore.instance\n }\n\n setUser(sessionId: string, user: User) {\n console.log(\"SessionStore: Setting user:\", { sessionId, user })\n this.sessions.set(sessionId, user)\n this.currentSessionId = sessionId\n }\n\n getUser(sessionId: string): User | null {\n return this.sessions.get(sessionId) || null\n }\n\n getCurrentUser(): User | null {\n if (!this.currentSessionId) return null\n return this.sessions.get(this.currentSessionId) || null\n }\n\n removeUser(sessionId: string) {\n this.sessions.delete(sessionId)\n }\n\n clear() {\n this.sessions.clear()\n }\n\n debug() {\n return {\n sessionsCount: this.sessions.size,\n currentSessionId: this.currentSessionId,\n sessions: Array.from(this.sessions.entries())\n }\n}\n}\n\n// Export singleton instance\nexport const sessionStore = SessionStore.getInstance()\n\n/**\n * Cached function to get user from session store\n * Uses React cache for SSR optimization\n */\nexport const getVerifiedUser = cache((sessionId: string): User | null => {\n return sessionStore.getUser(sessionId)\n})\n\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAsB;AAOtB,MAAM,aAAa;AAAA,
|
|
1
|
+
{"version":3,"sources":["../../../src/server/session-store.ts"],"sourcesContent":["import { cache } from \"react\"\r\nimport type { User } from \"./types\"\r\n\r\n/**\r\n * Simple in-memory session store\r\n * In a real app, this would be backed by Redis/etc\r\n */\r\nclass SessionStore {\r\n private static instance: SessionStore\r\n private sessions: Map<string, User>\r\n private currentSessionId: string | null = null\r\n\r\n private constructor() {\r\n this.sessions = new Map()\r\n }\r\n\r\n static getInstance(): SessionStore {\r\n if (!SessionStore.instance) {\r\n SessionStore.instance = new SessionStore()\r\n }\r\n return SessionStore.instance\r\n }\r\n\r\n setUser(sessionId: string, user: User) {\r\n console.log(\"SessionStore: Setting user:\", { sessionId, user })\r\n this.sessions.set(sessionId, user)\r\n this.currentSessionId = sessionId\r\n }\r\n\r\n getUser(sessionId: string): User | null {\r\n return this.sessions.get(sessionId) || null\r\n }\r\n\r\n getCurrentUser(): User | null {\r\n if (!this.currentSessionId) return null\r\n return this.sessions.get(this.currentSessionId) || null\r\n }\r\n\r\n removeUser(sessionId: string) {\r\n this.sessions.delete(sessionId)\r\n }\r\n\r\n clear() {\r\n this.sessions.clear()\r\n }\r\n\r\n debug() {\r\n return {\r\n sessionsCount: this.sessions.size,\r\n currentSessionId: this.currentSessionId,\r\n sessions: Array.from(this.sessions.entries())\r\n }\r\n}\r\n}\r\n\r\n// Export singleton instance\r\nexport const sessionStore = SessionStore.getInstance()\r\n\r\n/**\r\n * Cached function to get user from session store\r\n * Uses React cache for SSR optimization\r\n */\r\nexport const getVerifiedUser = cache((sessionId: string): User | null => {\r\n return sessionStore.getUser(sessionId)\r\n})\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAsB;AAOtB,MAAM,aAAa;AAAA,EACjB,OAAe;AAAA,EACP;AAAA,EACA,mBAAkC;AAAA,EAElC,cAAc;AACpB,SAAK,WAAW,oBAAI,IAAI;AAAA,EAC1B;AAAA,EAEA,OAAO,cAA4B;AACjC,QAAI,CAAC,aAAa,UAAU;AAC1B,mBAAa,WAAW,IAAI,aAAa;AAAA,IAC3C;AACA,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,QAAQ,WAAmB,MAAY;AACrC,YAAQ,IAAI,+BAA+B,EAAE,WAAW,KAAK,CAAC;AAC9D,SAAK,SAAS,IAAI,WAAW,IAAI;AACjC,SAAK,mBAAmB;AAAA,EAC1B;AAAA,EAEA,QAAQ,WAAgC;AACtC,WAAO,KAAK,SAAS,IAAI,SAAS,KAAK;AAAA,EACzC;AAAA,EAEA,iBAA8B;AAC5B,QAAI,CAAC,KAAK,iBAAkB,QAAO;AACnC,WAAO,KAAK,SAAS,IAAI,KAAK,gBAAgB,KAAK;AAAA,EACrD;AAAA,EAEA,WAAW,WAAmB;AAC5B,SAAK,SAAS,OAAO,SAAS;AAAA,EAChC;AAAA,EAEA,QAAQ;AACN,SAAK,SAAS,MAAM;AAAA,EACtB;AAAA,EAEA,QAAQ;AACN,WAAO;AAAA,MACL,eAAe,KAAK,SAAS;AAAA,MAC7B,kBAAkB,KAAK;AAAA,MACvB,UAAU,MAAM,KAAK,KAAK,SAAS,QAAQ,CAAC;AAAA,IAC9C;AAAA,EACJ;AACA;AAGO,MAAM,eAAe,aAAa,YAAY;AAM9C,MAAM,sBAAkB,oBAAM,CAAC,cAAmC;AACvE,SAAO,aAAa,QAAQ,SAAS;AACvC,CAAC;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/ternSecureMiddleware.ts"],"sourcesContent":["import { NextResponse, type NextMiddleware, type NextRequest } from 'next/server';\nimport type { User } from './types'\n\nexport const runtime = \"edge\"\n\ninterface Auth {\n user: User | null\n sessionId: string | null\n protect: () => Promise<void | Response>\n}\n\ntype MiddlewareCallback = (\n auth: Auth,\n request: NextRequest\n) => Promise<void | Response>\n\n\n/**\n * Create a route matcher function for public paths\n */\nexport function createRouteMatcher(patterns: string[]) {\n return (request: NextRequest): boolean => {\n const { pathname } = request.nextUrl\n return patterns.some((pattern) => {\n // Convert route pattern to regex\n const regexPattern = new RegExp(`^${pattern.replace(/\\*/g, \".*\").replace(/$$(.*)$$/, \"(?:$1)?\")}$`)\n return regexPattern.test(pathname)\n })\n }\n}\n\n\n/**\n * Middleware factory that handles authentication and custom logic\n * @param customHandler Optional function for additional custom logic\n */\n\nexport function ternSecureMiddleware(callback?: MiddlewareCallback): NextMiddleware {\n return async function middleware(request: NextRequest) {\n try {\n\n const sessionCookie = request.cookies.get(\"_session_cookie\")\n const idToken = request.cookies.get(\"_session_token\")\n const hasCookies = !!sessionCookie || !!idToken\n\n const auth: Auth = {\n user: null,\n sessionId: null,\n protect: async () => {\n if (!hasCookies) {\n const currentPath = request.nextUrl.pathname\n if (currentPath !== '/sign-in') {\n const redirectUrl = new URL('/sign-in', request.url)\n redirectUrl.searchParams.set('redirect', currentPath)\n return NextResponse.redirect(redirectUrl)\n }\n }\n },\n }\n\n if (callback) {\n const result = await callback(auth, request)\n if (result instanceof Response) {\n return result\n }\n }\n\n\n // Continue to the next middleware or route handler\n return NextResponse.next()\n } catch (error) {\n console.error(\"Middleware error:\", error)\n const redirectUrl = new URL(\"/sign-in\", request.url)\n return NextResponse.redirect(redirectUrl)\n }\n }\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAoE;AAG7D,MAAM,UAAU;AAiBhB,SAAS,mBAAmB,UAAoB;AACrD,SAAO,CAAC,YAAkC;AACxC,UAAM,EAAE,SAAS,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,YAAY;AAEhC,YAAM,eAAe,IAAI,OAAO,IAAI,QAAQ,QAAQ,OAAO,IAAI,EAAE,QAAQ,YAAY,SAAS,CAAC,GAAG;AAClG,aAAO,aAAa,KAAK,QAAQ;AAAA,IACnC,CAAC;AAAA,EACH;AACF;AAQO,SAAS,qBAAqB,UAA+C;AAClF,SAAO,eAAe,WAAW,SAAsB;AACrD,QAAI;AAEF,YAAM,gBAAgB,QAAQ,QAAQ,IAAI,iBAAiB;AAC3D,YAAM,UAAU,QAAQ,QAAQ,IAAI,gBAAgB;AACpD,YAAM,aAAa,CAAC,CAAC,iBAAiB,CAAC,CAAC;AAExC,YAAM,OAAa;AAAA,QACjB,MAAM;AAAA,QACN,WAAW;AAAA,QACX,SAAS,YAAY;AACnB,cAAI,CAAC,YAAY;AACf,kBAAM,cAAc,QAAQ,QAAQ;AACpC,gBAAI,gBAAgB,YAAY;AAC9B,oBAAM,cAAc,IAAI,IAAI,YAAY,QAAQ,GAAG;AACnD,0BAAY,aAAa,IAAI,YAAY,WAAW;AACpD,qBAAO,2BAAa,SAAS,WAAW;AAAA,YAC1C;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAEF,UAAI,UAAU;AACV,cAAM,SAAS,MAAM,SAAS,MAAM,OAAO;AAC3C,YAAI,kBAAkB,UAAU;AAC9B,iBAAO;AAAA,QACT;AAAA,MACJ;AAIE,aAAQ,2BAAa,KAAK;AAAA,IAC5B,SAAS,OAAO;AACd,cAAQ,MAAM,qBAAqB,KAAK;AACxC,YAAM,cAAc,IAAI,IAAI,YAAY,QAAQ,GAAG;AACnD,aAAO,2BAAa,SAAS,WAAW;AAAA,IAC1C;AAAA,EACF;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/ternSecureMiddleware.ts"],"sourcesContent":["import { NextResponse, type NextMiddleware, type NextRequest } from 'next/server';\r\nimport type { User } from './types'\r\n\r\nexport const runtime = \"edge\"\r\n\r\ninterface Auth {\r\n user: User | null\r\n sessionId: string | null\r\n protect: () => Promise<void | Response>\r\n}\r\n\r\ntype MiddlewareCallback = (\r\n auth: Auth,\r\n request: NextRequest\r\n) => Promise<void | Response>\r\n\r\n\r\n/**\r\n * Create a route matcher function for public paths\r\n */\r\nexport function createRouteMatcher(patterns: string[]) {\r\n return (request: NextRequest): boolean => {\r\n const { pathname } = request.nextUrl\r\n return patterns.some((pattern) => {\r\n // Convert route pattern to regex\r\n const regexPattern = new RegExp(`^${pattern.replace(/\\*/g, \".*\").replace(/$$(.*)$$/, \"(?:$1)?\")}$`)\r\n return regexPattern.test(pathname)\r\n })\r\n }\r\n}\r\n\r\n\r\n/**\r\n * Middleware factory that handles authentication and custom logic\r\n * @param customHandler Optional function for additional custom logic\r\n */\r\n\r\nexport function ternSecureMiddleware(callback?: MiddlewareCallback): NextMiddleware {\r\n return async function middleware(request: NextRequest) {\r\n try {\r\n\r\n const sessionCookie = request.cookies.get(\"_session_cookie\")\r\n const idToken = request.cookies.get(\"_session_token\")\r\n const hasCookies = !!sessionCookie || !!idToken\r\n\r\n const auth: Auth = {\r\n user: null,\r\n sessionId: null,\r\n protect: async () => {\r\n if (!hasCookies) {\r\n const currentPath = request.nextUrl.pathname\r\n if (currentPath !== '/sign-in') {\r\n const redirectUrl = new URL('/sign-in', request.url)\r\n redirectUrl.searchParams.set('redirect', currentPath)\r\n return NextResponse.redirect(redirectUrl)\r\n }\r\n }\r\n },\r\n }\r\n\r\n if (callback) {\r\n const result = await callback(auth, request)\r\n if (result instanceof Response) {\r\n return result\r\n }\r\n }\r\n\r\n\r\n // Continue to the next middleware or route handler\r\n return NextResponse.next()\r\n } catch (error) {\r\n console.error(\"Middleware error:\", error)\r\n const redirectUrl = new URL(\"/sign-in\", request.url)\r\n return NextResponse.redirect(redirectUrl)\r\n }\r\n }\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAoE;AAG7D,MAAM,UAAU;AAiBhB,SAAS,mBAAmB,UAAoB;AACrD,SAAO,CAAC,YAAkC;AACxC,UAAM,EAAE,SAAS,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,YAAY;AAEhC,YAAM,eAAe,IAAI,OAAO,IAAI,QAAQ,QAAQ,OAAO,IAAI,EAAE,QAAQ,YAAY,SAAS,CAAC,GAAG;AAClG,aAAO,aAAa,KAAK,QAAQ;AAAA,IACnC,CAAC;AAAA,EACH;AACF;AAQO,SAAS,qBAAqB,UAA+C;AAClF,SAAO,eAAe,WAAW,SAAsB;AACrD,QAAI;AAEF,YAAM,gBAAgB,QAAQ,QAAQ,IAAI,iBAAiB;AAC3D,YAAM,UAAU,QAAQ,QAAQ,IAAI,gBAAgB;AACpD,YAAM,aAAa,CAAC,CAAC,iBAAiB,CAAC,CAAC;AAExC,YAAM,OAAa;AAAA,QACjB,MAAM;AAAA,QACN,WAAW;AAAA,QACX,SAAS,YAAY;AACnB,cAAI,CAAC,YAAY;AACf,kBAAM,cAAc,QAAQ,QAAQ;AACpC,gBAAI,gBAAgB,YAAY;AAC9B,oBAAM,cAAc,IAAI,IAAI,YAAY,QAAQ,GAAG;AACnD,0BAAY,aAAa,IAAI,YAAY,WAAW;AACpD,qBAAO,2BAAa,SAAS,WAAW;AAAA,YAC1C;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAEF,UAAI,UAAU;AACV,cAAM,SAAS,MAAM,SAAS,MAAM,OAAO;AAC3C,YAAI,kBAAkB,UAAU;AAC9B,iBAAO;AAAA,QACT;AAAA,MACJ;AAIE,aAAQ,2BAAa,KAAK;AAAA,IAC5B,SAAS,OAAO;AACd,cAAQ,MAAM,qBAAqB,KAAK;AACxC,YAAM,cAAc,IAAI,IAAI,YAAY,QAAQ,GAAG;AACnD,aAAO,2BAAa,SAAS,WAAW;AAAA,IAC1C;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/types.ts"],"sourcesContent":["export interface User {\n uid: string\n email: string | null\n emailVerified?: boolean\n authTime?: number\n disabled?: boolean\n}\n \n \n export interface SessionResult {\n user: User | null\n token: string | null\n sessionId: string | null\n error?: string\n }"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/types.ts"],"sourcesContent":["export interface User {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n authTime?: number\r\n disabled?: boolean\r\n}\r\n \r\n \r\n export interface SessionResult {\r\n user: User | null\r\n token: string | null\r\n sessionId: string | null\r\n error?: string\r\n }"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import type { User } from \"./types\"\n\ninterface RequestContext {\n user: User\n sessionId: string\n}\n\n// Use process.env in Node.js and globalThis in Edge\nconst getGlobalObject = () => {\n if (typeof process !== 'undefined') {\n return process\n }\n return globalThis\n}\n\nconst STORE_KEY = '__TERN_AUTH_STORE__'\n\nexport class Store {\n private static getStore() {\n const global = getGlobalObject() as any\n \n if (!global[STORE_KEY]) {\n global[STORE_KEY] = {\n contexts: new Map<string, RequestContext>(),\n sessions: new Map<string, User>(),\n currentSession: null as RequestContext | null\n }\n }\n \n return global[STORE_KEY]\n }\n\n static setContext(context: RequestContext) {\n const store = this.getStore()\n const { user, sessionId } = context\n \n console.log(\"Store: Setting context:\", { sessionId, user })\n \n // Store in both maps\n store.contexts.set(sessionId, context)\n store.sessions.set(sessionId, user)\n \n // Set as current session\n store.currentSession = context\n \n console.log(\"Store: Updated state:\", {\n contextsSize: store.contexts.size,\n sessionsSize: store.sessions.size,\n currentSession: store.currentSession\n })\n }\n\n static getContext(): RequestContext | null {\n const store = this.getStore()\n \n // First try current session\n if (store.currentSession) {\n const session = this.getSession(store.currentSession.sessionId)\n if (session && session.uid === store.currentSession.user.uid) {\n return store.currentSession\n }\n }\n \n // Then try to find any valid context\n for (const [sessionId, user] of store.sessions.entries()) {\n const context = store.contexts.get(sessionId)\n if (context && context.user.uid === user.uid) {\n // Update current session\n store.currentSession = context\n return context\n }\n }\n \n return null\n }\n\n static setSession(sessionId: string, user: User) {\n const store = this.getStore()\n store.sessions.set(sessionId, user)\n }\n\n static getSession(sessionId: string): User | null {\n const store = this.getStore()\n return store.sessions.get(sessionId) || null\n }\n\n static debug() {\n const store = this.getStore()\n return {\n contextsSize: store.contexts.size,\n sessionsSize: store.sessions.size,\n currentSession: store.currentSession,\n contexts: Array.from(store.contexts.entries()),\n sessions: Array.from(store.sessions.entries())\n }\n }\n\n static cleanup() {\n const store = this.getStore()\n const MAX_ENTRIES = 1000\n \n if (store.contexts.size > MAX_ENTRIES) {\n const keys = Array.from(store.contexts.keys())\n const toDelete = keys.slice(0, keys.length - MAX_ENTRIES)\n \n toDelete.forEach(key => {\n store.contexts.delete(key)\n store.sessions.delete(key)\n })\n }\n }\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAQA,MAAM,kBAAkB,MAAM;AAC5B,MAAI,OAAO,YAAY,aAAa;AAClC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,MAAM,YAAY;AAEX,MAAM,MAAM;AAAA,EACjB,OAAe,WAAW;AACxB,UAAM,SAAS,gBAAgB;AAE/B,QAAI,CAAC,OAAO,SAAS,GAAG;AACtB,aAAO,SAAS,IAAI;AAAA,QAClB,UAAU,oBAAI,IAA4B;AAAA,QAC1C,UAAU,oBAAI,IAAkB;AAAA,QAChC,gBAAgB;AAAA,MAClB;AAAA,IACF;AAEA,WAAO,OAAO,SAAS;AAAA,EACzB;AAAA,EAEA,OAAO,WAAW,SAAyB;AACzC,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,EAAE,MAAM,UAAU,IAAI;AAE5B,YAAQ,IAAI,2BAA2B,EAAE,WAAW,KAAK,CAAC;AAG1D,UAAM,SAAS,IAAI,WAAW,OAAO;AACrC,UAAM,SAAS,IAAI,WAAW,IAAI;AAGlC,UAAM,iBAAiB;AAEvB,YAAQ,IAAI,yBAAyB;AAAA,MACnC,cAAc,MAAM,SAAS;AAAA,MAC7B,cAAc,MAAM,SAAS;AAAA,MAC7B,gBAAgB,MAAM;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,aAAoC;AACzC,UAAM,QAAQ,KAAK,SAAS;AAG5B,QAAI,MAAM,gBAAgB;AACxB,YAAM,UAAU,KAAK,WAAW,MAAM,eAAe,SAAS;AAC9D,UAAI,WAAW,QAAQ,QAAQ,MAAM,eAAe,KAAK,KAAK;AAC5D,eAAO,MAAM;AAAA,MACf;AAAA,IACF;AAGA,eAAW,CAAC,WAAW,IAAI,KAAK,MAAM,SAAS,QAAQ,GAAG;AACxD,YAAM,UAAU,MAAM,SAAS,IAAI,SAAS;AAC5C,UAAI,WAAW,QAAQ,KAAK,QAAQ,KAAK,KAAK;AAE5C,cAAM,iBAAiB;AACvB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,OAAO,WAAW,WAAmB,MAAY;AAC/C,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,SAAS,IAAI,WAAW,IAAI;AAAA,EACpC;AAAA,EAEA,OAAO,WAAW,WAAgC;AAChD,UAAM,QAAQ,KAAK,SAAS;AAC5B,WAAO,MAAM,SAAS,IAAI,SAAS,KAAK;AAAA,EAC1C;AAAA,EAEA,OAAO,QAAQ;AACb,UAAM,QAAQ,KAAK,SAAS;AAC5B,WAAO;AAAA,MACL,cAAc,MAAM,SAAS;AAAA,MAC7B,cAAc,MAAM,SAAS;AAAA,MAC7B,gBAAgB,MAAM;AAAA,MACtB,UAAU,MAAM,KAAK,MAAM,SAAS,QAAQ,CAAC;AAAA,MAC7C,UAAU,MAAM,KAAK,MAAM,SAAS,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF;AAAA,EAEA,OAAO,UAAU;AACf,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,cAAc;AAEpB,QAAI,MAAM,SAAS,OAAO,aAAa;AACrC,YAAM,OAAO,MAAM,KAAK,MAAM,SAAS,KAAK,CAAC;AAC7C,YAAM,WAAW,KAAK,MAAM,GAAG,KAAK,SAAS,WAAW;AAExD,eAAS,QAAQ,SAAO;AACtB,cAAM,SAAS,OAAO,GAAG;AACzB,cAAM,SAAS,OAAO,GAAG;AAAA,MAC3B,CAAC;AAAA,IACH;AAAA,EACF;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import type { User } from \"./types\"\r\n\r\ninterface RequestContext {\r\n user: User\r\n sessionId: string\r\n}\r\n\r\n// Use process.env in Node.js and globalThis in Edge\r\nconst getGlobalObject = () => {\r\n if (typeof process !== 'undefined') {\r\n return process\r\n }\r\n return globalThis\r\n}\r\n\r\nconst STORE_KEY = '__TERN_AUTH_STORE__'\r\n\r\nexport class Store {\r\n private static getStore() {\r\n const global = getGlobalObject() as any\r\n \r\n if (!global[STORE_KEY]) {\r\n global[STORE_KEY] = {\r\n contexts: new Map<string, RequestContext>(),\r\n sessions: new Map<string, User>(),\r\n currentSession: null as RequestContext | null\r\n }\r\n }\r\n \r\n return global[STORE_KEY]\r\n }\r\n\r\n static setContext(context: RequestContext) {\r\n const store = this.getStore()\r\n const { user, sessionId } = context\r\n \r\n console.log(\"Store: Setting context:\", { sessionId, user })\r\n \r\n // Store in both maps\r\n store.contexts.set(sessionId, context)\r\n store.sessions.set(sessionId, user)\r\n \r\n // Set as current session\r\n store.currentSession = context\r\n \r\n console.log(\"Store: Updated state:\", {\r\n contextsSize: store.contexts.size,\r\n sessionsSize: store.sessions.size,\r\n currentSession: store.currentSession\r\n })\r\n }\r\n\r\n static getContext(): RequestContext | null {\r\n const store = this.getStore()\r\n \r\n // First try current session\r\n if (store.currentSession) {\r\n const session = this.getSession(store.currentSession.sessionId)\r\n if (session && session.uid === store.currentSession.user.uid) {\r\n return store.currentSession\r\n }\r\n }\r\n \r\n // Then try to find any valid context\r\n for (const [sessionId, user] of store.sessions.entries()) {\r\n const context = store.contexts.get(sessionId)\r\n if (context && context.user.uid === user.uid) {\r\n // Update current session\r\n store.currentSession = context\r\n return context\r\n }\r\n }\r\n \r\n return null\r\n }\r\n\r\n static setSession(sessionId: string, user: User) {\r\n const store = this.getStore()\r\n store.sessions.set(sessionId, user)\r\n }\r\n\r\n static getSession(sessionId: string): User | null {\r\n const store = this.getStore()\r\n return store.sessions.get(sessionId) || null\r\n }\r\n\r\n static debug() {\r\n const store = this.getStore()\r\n return {\r\n contextsSize: store.contexts.size,\r\n sessionsSize: store.sessions.size,\r\n currentSession: store.currentSession,\r\n contexts: Array.from(store.contexts.entries()),\r\n sessions: Array.from(store.sessions.entries())\r\n }\r\n }\r\n\r\n static cleanup() {\r\n const store = this.getStore()\r\n const MAX_ENTRIES = 1000\r\n \r\n if (store.contexts.size > MAX_ENTRIES) {\r\n const keys = Array.from(store.contexts.keys())\r\n const toDelete = keys.slice(0, keys.length - MAX_ENTRIES)\r\n \r\n toDelete.forEach(key => {\r\n store.contexts.delete(key)\r\n store.sessions.delete(key)\r\n })\r\n }\r\n }\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAQA,MAAM,kBAAkB,MAAM;AAC5B,MAAI,OAAO,YAAY,aAAa;AAClC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,MAAM,YAAY;AAEX,MAAM,MAAM;AAAA,EACjB,OAAe,WAAW;AACxB,UAAM,SAAS,gBAAgB;AAE/B,QAAI,CAAC,OAAO,SAAS,GAAG;AACtB,aAAO,SAAS,IAAI;AAAA,QAClB,UAAU,oBAAI,IAA4B;AAAA,QAC1C,UAAU,oBAAI,IAAkB;AAAA,QAChC,gBAAgB;AAAA,MAClB;AAAA,IACF;AAEA,WAAO,OAAO,SAAS;AAAA,EACzB;AAAA,EAEA,OAAO,WAAW,SAAyB;AACzC,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,EAAE,MAAM,UAAU,IAAI;AAE5B,YAAQ,IAAI,2BAA2B,EAAE,WAAW,KAAK,CAAC;AAG1D,UAAM,SAAS,IAAI,WAAW,OAAO;AACrC,UAAM,SAAS,IAAI,WAAW,IAAI;AAGlC,UAAM,iBAAiB;AAEvB,YAAQ,IAAI,yBAAyB;AAAA,MACnC,cAAc,MAAM,SAAS;AAAA,MAC7B,cAAc,MAAM,SAAS;AAAA,MAC7B,gBAAgB,MAAM;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,aAAoC;AACzC,UAAM,QAAQ,KAAK,SAAS;AAG5B,QAAI,MAAM,gBAAgB;AACxB,YAAM,UAAU,KAAK,WAAW,MAAM,eAAe,SAAS;AAC9D,UAAI,WAAW,QAAQ,QAAQ,MAAM,eAAe,KAAK,KAAK;AAC5D,eAAO,MAAM;AAAA,MACf;AAAA,IACF;AAGA,eAAW,CAAC,WAAW,IAAI,KAAK,MAAM,SAAS,QAAQ,GAAG;AACxD,YAAM,UAAU,MAAM,SAAS,IAAI,SAAS;AAC5C,UAAI,WAAW,QAAQ,KAAK,QAAQ,KAAK,KAAK;AAE5C,cAAM,iBAAiB;AACvB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,OAAO,WAAW,WAAmB,MAAY;AAC/C,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,SAAS,IAAI,WAAW,IAAI;AAAA,EACpC;AAAA,EAEA,OAAO,WAAW,WAAgC;AAChD,UAAM,QAAQ,KAAK,SAAS;AAC5B,WAAO,MAAM,SAAS,IAAI,SAAS,KAAK;AAAA,EAC1C;AAAA,EAEA,OAAO,QAAQ;AACb,UAAM,QAAQ,KAAK,SAAS;AAC5B,WAAO;AAAA,MACL,cAAc,MAAM,SAAS;AAAA,MAC7B,cAAc,MAAM,SAAS;AAAA,MAC7B,gBAAgB,MAAM;AAAA,MACtB,UAAU,MAAM,KAAK,MAAM,SAAS,QAAQ,CAAC;AAAA,MAC7C,UAAU,MAAM,KAAK,MAAM,SAAS,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF;AAAA,EAEA,OAAO,UAAU;AACf,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,cAAc;AAEpB,QAAI,MAAM,SAAS,OAAO,aAAa;AACrC,YAAM,OAAO,MAAM,KAAK,MAAM,SAAS,KAAK,CAAC;AAC7C,YAAM,WAAW,KAAK,MAAM,GAAG,KAAK,SAAS,WAAW;AAExD,eAAS,QAAQ,SAAO;AACtB,cAAM,SAAS,OAAO,GAAG;AACzB,cAAM,SAAS,OAAO,GAAG;AAAA,MAC3B,CAAC;AAAA,IACH;AAAA,EACF;AACF;","names":[]}
|
package/dist/cjs/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/types.ts"],"sourcesContent":["import { FirebaseOptions } from 'firebase/app'\
|
|
1
|
+
{"version":3,"sources":["../../src/types.ts"],"sourcesContent":["//import { FirebaseOptions } from 'firebase/app'\r\n//import { User as FirebaseUser } from 'firebase/auth'\r\nimport { ERRORS } from './errors'\r\nimport type { TernSecureProviderProps } from '@tern-secure/react'\r\n\r\n\r\n/**\r\n * TernSecure User\r\n */\r\n//export type TernSecureUser = FirebaseUser\r\n\r\nexport type TernSecureUserData = {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n displayName?: string | null\r\n}\r\n\r\n\r\n/**\r\n * TernSecure Firebase configuration interface\r\n * Extends Firebase's base configuration options\r\n */\r\n//export interface TernSecureConfig extends FirebaseOptions {\r\n// apiKey: string\r\n// authDomain: string\r\n// projectId: string\r\n// storageBucket: string\r\n// messagingSenderId: string\r\n// appId: string\r\n// measurementId?: string // Optional for analytics\r\n//}\r\n\r\n/**\r\n * TernSecure initialization options\r\n */\r\nexport interface TernSecureOptions {\r\n /** Environment setting for different configurations */\r\n environment?: 'development' | 'production'\r\n /** Geographic region for data storage */\r\n region?: string\r\n /** Custom error handler */\r\n onError?: (error: Error) => void\r\n /** Debug mode flag */\r\n debug?: boolean\r\n}\r\n\r\n/**\r\n * Firebase initialization state\r\n */\r\nexport interface FirebaseState {\r\n /** Whether Firebase has been initialized */\r\n initialized: boolean\r\n /** Any initialization errors */\r\n error: Error | null\r\n /** Timestamp of last initialization attempt */\r\n lastInitAttempt?: number\r\n}\r\n\r\n/**\r\n * Configuration validation result\r\n */\r\nexport interface ConfigValidationResult {\r\n isValid: boolean\r\n errors: string[]\r\n //config: TernSecureConfig\r\n}\r\n\r\n/**\r\n * Firebase Admin configuration interface\r\n */\r\nexport interface TernSecureAdminConfig {\r\n projectId: string\r\n clientEmail: string\r\n privateKey: string\r\n}\r\n\r\n/**\r\n * Firebase Admin configuration validation result\r\n */\r\nexport interface AdminConfigValidationResult {\r\n isValid: boolean\r\n errors: string[]\r\n config: TernSecureAdminConfig\r\n}\r\n\r\n\r\nexport interface SignInResponse {\r\n success: boolean;\r\n message?: string;\r\n error?: keyof typeof ERRORS | undefined; \r\n user?: any;\r\n}\r\n\r\nexport interface AuthError extends Error {\r\n code?: string\r\n message: string\r\n response?: SignInResponse\r\n}\r\n\r\nexport function isSignInResponse(value: any): value is SignInResponse {\r\n return typeof value === \"object\" && \"success\" in value && typeof value.success === \"boolean\"\r\n}\r\n\r\n\r\nexport interface TernSecureState {\r\n userId: string | null\r\n isLoaded: boolean\r\n error: Error | null\r\n isValid: boolean\r\n isVerified: boolean\r\n isAuthenticated: boolean\r\n token: any | null\r\n email: string | null\r\n status: \"loading\" | \"authenticated\" | \"unauthenticated\" | \"unverified\"\r\n requiresVerification: boolean\r\n}\r\n\r\nexport interface RedirectConfig {\r\n // URL to redirect to after successful authentication\r\n redirectUrl?: string\r\n // Whether this is a return visit (e.g. after sign out)\r\n isReturn?: boolean\r\n // Priority of the redirect (higher number = higher priority)\r\n priority?: number\r\n}\r\n\r\n\r\nexport interface SignInProps extends RedirectConfig {\r\n onError?: (error: Error) => void\r\n onSuccess?: () => void\r\n className?: string\r\n customStyles?: {\r\n card?: string\r\n input?: string\r\n button?: string\r\n label?: string\r\n separator?: string\r\n title?: string\r\n description?: string\r\n socialButton?: string\r\n }\r\n}\r\n\r\n\r\nexport type TernSecureNextProps = TernSecureProviderProps & {\r\n apiKey?: string\r\n requiresVerification?: boolean\r\n loadingComponent?: React.ReactNode\r\n}\r\n\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAoGO,SAAS,iBAAiB,OAAqC;AACpE,SAAO,OAAO,UAAU,YAAY,aAAa,SAAS,OAAO,MAAM,YAAY;AACrF;","names":[]}
|
|
@@ -28,6 +28,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
|
|
|
28
28
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
29
|
var admin_init_exports = {};
|
|
30
30
|
__export(admin_init_exports, {
|
|
31
|
+
TernSecureTenantManager: () => TernSecureTenantManager,
|
|
31
32
|
adminTernSecureAuth: () => adminTernSecureAuth,
|
|
32
33
|
adminTernSecureDb: () => adminTernSecureDb
|
|
33
34
|
});
|
|
@@ -49,8 +50,10 @@ if (!import_firebase_admin.default.apps.length) {
|
|
|
49
50
|
}
|
|
50
51
|
const adminTernSecureAuth = import_firebase_admin.default.auth();
|
|
51
52
|
const adminTernSecureDb = import_firebase_admin.default.firestore();
|
|
53
|
+
const TernSecureTenantManager = import_firebase_admin.default.auth().tenantManager();
|
|
52
54
|
// Annotate the CommonJS export names for ESM import in node:
|
|
53
55
|
0 && (module.exports = {
|
|
56
|
+
TernSecureTenantManager,
|
|
54
57
|
adminTernSecureAuth,
|
|
55
58
|
adminTernSecureDb
|
|
56
59
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/utils/admin-init.ts"],"sourcesContent":["import admin from 'firebase-admin';\nimport { initializeAdminConfig } from './config';\n\nif (!admin.apps.length) {\n try {\n const config = initializeAdminConfig();\n admin.initializeApp({\n credential: admin.credential.cert({\n ...config,\n privateKey: config.privateKey.replace(/\\\\n/g, '\\n'),\n }),\n });\n } catch (error) {\n console.error('Firebase admin initialization error', error);\n }\n}\n\nexport const adminTernSecureAuth = admin.auth();\nexport const adminTernSecureDb = admin.firestore();"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAkB;AAClB,oBAAsC;
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/admin-init.ts"],"sourcesContent":["import admin from 'firebase-admin';\r\nimport { initializeAdminConfig } from './config';\r\n\r\n// Initialize Firebase Admin if not already initialized\r\nif (!admin.apps.length) {\r\n try {\r\n const config = initializeAdminConfig();\r\n admin.initializeApp({\r\n credential: admin.credential.cert({\r\n ...config,\r\n privateKey: config.privateKey.replace(/\\\\n/g, '\\n'),\r\n }),\r\n });\r\n } catch (error) {\r\n console.error('Firebase admin initialization error', error);\r\n }\r\n}\r\n\r\n// Add explicit type annotations using the types from the admin namespace\r\nexport const adminTernSecureAuth: admin.auth.Auth = admin.auth();\r\nexport const adminTernSecureDb: admin.firestore.Firestore = admin.firestore();\r\nexport const TernSecureTenantManager: admin.auth.TenantManager = admin.auth().tenantManager();"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAkB;AAClB,oBAAsC;AAGtC,IAAI,CAAC,sBAAAA,QAAM,KAAK,QAAQ;AACtB,MAAI;AACF,UAAM,aAAS,qCAAsB;AACrC,0BAAAA,QAAM,cAAc;AAAA,MAClB,YAAY,sBAAAA,QAAM,WAAW,KAAK;AAAA,QAChC,GAAG;AAAA,QACH,YAAY,OAAO,WAAW,QAAQ,QAAQ,IAAI;AAAA,MACpD,CAAC;AAAA,IACH,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,uCAAuC,KAAK;AAAA,EAC5D;AACF;AAGO,MAAM,sBAAuC,sBAAAA,QAAM,KAAK;AACxD,MAAM,oBAA+C,sBAAAA,QAAM,UAAU;AACrE,MAAM,0BAAoD,sBAAAA,QAAM,KAAK,EAAE,cAAc;","names":["admin"]}
|