@tern-secure/nextjs 5.1.8 → 5.1.10

package/dist/cjs/server/node/ternSecureNodeMiddleware.js

@@ -0,0 +1,182 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var ternSecureNodeMiddleware_exports = {};
+__export(ternSecureNodeMiddleware_exports, {
+  createRouteMatcher: () => createRouteMatcher,
+  ternSecureMiddleware: () => ternSecureMiddleware
+});
+module.exports = __toCommonJS(ternSecureNodeMiddleware_exports);
+var import_backend = require("@tern-secure/backend");
+var import_admin = require("@tern-secure/backend/admin");
+var import_server = require("next/server");
+var import_constant = require("../constant");
+var import_nextErrors = require("../nextErrors");
+var import_redirect = require("../redirect");
+const createRouteMatcher = (patterns) => {
+  return (request) => {
+    const { pathname } = request.nextUrl;
+    return patterns.some((pattern) => {
+      const regexPattern = pattern.replace(/[.*+?^${}()|[\]\\]/g, "\\$&").replace(/\\\*/g, ".*");
+      return new RegExp(`^${regexPattern}$`).test(pathname);
+    });
+  };
+};
+const authenticateMiddlewareRequest = async (request) => {
+  try {
+    const requestState = await (0, import_admin.createBackendInstance)(request);
+    const authResult = requestState.requestState.auth();
+    return {
+      user: {
+        uid: authResult.session.uid,
+        email: authResult.session.email || null,
+        tenantId: authResult.session.firebase?.tenant || "default",
+        authTime: authResult.session.auth_time
+      },
+      session: requestState.requestState.token
+    };
+  } catch (error) {
+    console.error(
+      "Auth check error:",
+      error instanceof Error ? error.message : "Unknown error"
+    );
+    return {
+      user: null,
+      session: null
+    };
+  }
+};
+const ternSecureMiddleware = (...args) => {
+  const [request, event] = parseRequestAndEvent(args);
+  const [handler, params] = parseHandlerAndOptions(args);
+  const middleware = () => {
+    const withAuthNextMiddleware = async (request2, event2) => {
+      const resolvedParams = typeof params === "function" ? await params(request2) : params;
+      const signInUrl = resolvedParams.signInUrl || import_constant.SIGN_IN_URL;
+      const signUpUrl = resolvedParams.signUpUrl || import_constant.SIGN_UP_URL;
+      let handlerResult = import_server.NextResponse.next();
+      if (handler) {
+        const createAuthHandler = async () => {
+          const authObject = await authenticateMiddlewareRequest(request2);
+          const getAuth = async () => {
+            const ternSecureRequest = (0, import_backend.createTernSecureRequest)(request2);
+            const { redirectToSignIn, redirectToSignUp } = createMiddlewareRedirects(
+              ternSecureRequest,
+              signInUrl,
+              signUpUrl
+            );
+            return {
+              ...authObject,
+              redirectToSignIn,
+              redirectToSignUp
+            };
+          };
+          const protect = async () => {
+            if (!authObject.user || !authObject.session) {
+              const redirectUrl = new URL(signInUrl || "/sign-in", request2.url);
+              redirectUrl.searchParams.set(
+                "redirect",
+                request2.nextUrl.pathname
+              );
+              (0, import_nextErrors.redirectToSignInError)(redirectUrl.toString());
+            }
+          };
+          const authHandler = Object.assign(getAuth, {
+            protect,
+            user: authObject.user,
+            session: authObject.session
+          });
+          return authHandler;
+        };
+        try {
+          const auth = await createAuthHandler();
+          const userHandlerResult = await handler(auth, request2, event2);
+          handlerResult = userHandlerResult || handlerResult;
+        } catch (error) {
+          const ternSecureRequest = (0, import_backend.createTernSecureRequest)(request2);
+          handlerResult = handleControlError(error, ternSecureRequest, request2);
+        }
+        return handlerResult;
+      }
+      return handlerResult;
+    };
+    const nextMiddleware = async (request2, event2) => {
+      return withAuthNextMiddleware(request2, event2);
+    };
+    if (request && event) {
+      return nextMiddleware(request, event);
+    }
+    return nextMiddleware;
+  };
+  return middleware();
+};
+const parseRequestAndEvent = (args) => {
+  return [
+    args[0] instanceof Request ? args[0] : void 0,
+    args[0] instanceof Request ? args[1] : void 0
+  ];
+};
+const parseHandlerAndOptions = (args) => {
+  return [
+    typeof args[0] === "function" ? args[0] : void 0,
+    (args.length === 2 ? args[1] : typeof args[0] === "function" ? {} : args[0]) || {}
+  ];
+};
+const createMiddlewareRedirects = (ternSecureRequest, signInUrl, signUpUrl) => {
+  const redirectToSignIn = (opts = {}) => {
+    const url = signInUrl || ternSecureRequest.ternUrl.toString();
+    (0, import_nextErrors.redirectToSignInError)(url, opts.returnBackUrl);
+  };
+  const redirectToSignUp = (opts = {}) => {
+    const url = signUpUrl || ternSecureRequest.ternUrl.toString();
+    (0, import_nextErrors.redirectToSignUpError)(url, opts.returnBackUrl);
+  };
+  return { redirectToSignIn, redirectToSignUp };
+};
+const handleControlError = (error, ternSecureRequest, nextrequest) => {
+  if ((0, import_nextErrors.isNextjsNotFoundError)(error)) {
+    return import_server.NextResponse.rewrite(new URL("/404", nextrequest.url));
+  }
+  if ((0, import_nextErrors.isRedirectToSignInError)(error)) {
+    const redirectAdapter = (url) => import_server.NextResponse.redirect(new URL(url, nextrequest.url));
+    const { redirectToSignIn } = (0, import_redirect.createRedirect)({
+      redirectAdapter,
+      baseUrl: ternSecureRequest.ternUrl.origin,
+      signInUrl: import_constant.SIGN_IN_URL,
+      signUpUrl: import_constant.SIGN_UP_URL
+    });
+    return redirectToSignIn({ returnBackUrl: error.returnBackUrl });
+  }
+  if ((0, import_nextErrors.isRedirectToSignUpError)(error)) {
+    const redirectAdapter = (url) => import_server.NextResponse.redirect(new URL(url, nextrequest.url));
+    const { redirectToSignUp } = (0, import_redirect.createRedirect)({
+      redirectAdapter,
+      baseUrl: ternSecureRequest.ternUrl.origin,
+      signInUrl: import_constant.SIGN_IN_URL,
+      signUpUrl: import_constant.SIGN_UP_URL
+    });
+    return redirectToSignUp({ returnBackUrl: error.returnBackUrl });
+  }
+  throw error;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createRouteMatcher,
+  ternSecureMiddleware
+});
+//# sourceMappingURL=ternSecureNodeMiddleware.js.map

package/dist/cjs/server/node/ternSecureNodeMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/server/node/ternSecureNodeMiddleware.ts"],"sourcesContent":["import {createTernSecureRequest,  type TernSecureRequest } from \"@tern-secure/backend\";\nimport {\n  createBackendInstance,\n} from \"@tern-secure/backend/admin\";\nimport type { NextMiddleware,NextRequest } from \"next/server\";\nimport {NextResponse } from \"next/server\";\n\nimport { SIGN_IN_URL, SIGN_UP_URL } from \"../constant\";\nimport {\n  isNextjsNotFoundError,\n  isRedirectToSignInError,\n  isRedirectToSignUpError,\n  redirectToSignInError,\n  redirectToSignUpError,\n} from \"../nextErrors\";\nimport { createRedirect } from \"../redirect\";\nimport type { BaseUser ,\n  NextMiddlewareEvtParam,\n  NextMiddlewareRequestParam,\n  NextMiddlewareReturn,\n} from \"../types\";\n\ntype RedirectToParams = { returnBackUrl?: string | URL | null };\nexport type RedirectFun<ReturnType> = (params?: RedirectToParams) => ReturnType;\n\nexport type AuthObject = {\n  user: BaseUser | null;\n  session: string | null;\n};\n\nexport interface MiddlewareAuth extends AuthObject {\n  (): Promise<MiddlewareAuthObject>;\n  protect: () => Promise<void>;\n}\n\ntype MiddlewareHandler = (\n  auth: MiddlewareAuth,\n  request: NextMiddlewareRequestParam,\n  event: NextMiddlewareEvtParam\n) => NextMiddlewareReturn;\n\nexport type MiddlewareAuthObject = AuthObject & {\n  redirectToSignIn: RedirectFun<Response>;\n  redirectToSignUp: RedirectFun<Response>;\n};\n\n/**\n * Create a route matcher function for public paths\n */\nexport const createRouteMatcher = (patterns: string[]) => {\n  return (request: NextRequest): boolean => {\n    const { pathname } = request.nextUrl;\n    return patterns.some((pattern) => {\n      const regexPattern = pattern\n        .replace(/[.*+?^${}()|[\\]\\\\]/g, \"\\\\$&\")\n        .replace(/\\\\\\*/g, \".*\");\n\n      return new RegExp(`^${regexPattern}$`).test(pathname);\n    });\n  };\n};\n\nconst authenticateMiddlewareRequest = async (\n  request: NextRequest\n): Promise<AuthObject> => {\n  try {\n    const requestState = await createBackendInstance(request);\n    const authResult = requestState.requestState.auth();\n\n    return {\n      user: {\n        uid: authResult.session.uid,\n        email: authResult.session.email || null,\n        tenantId: authResult.session.firebase?.tenant || \"default\",\n        authTime: authResult.session.auth_time,\n      },\n      session: requestState.requestState.token,\n    };\n  } catch (error) {\n    console.error(\n      \"Auth check error:\",\n      error instanceof Error ? error.message : \"Unknown error\"\n    );\n    return {\n      user: null,\n      session: null,\n    };\n  }\n};\n\nexport interface MiddlewareOptions {\n  signInUrl?: string;\n  signUpUrl?: string;\n  debug?: boolean;\n}\ntype MiddlewareOptionsCallback = (\n  req: NextRequest\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\n\ninterface TernSecureMiddleware {\n  /**\n   * @example\n   * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\n   */\n  (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\n\n  /**\n   * @example\n   * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\n   */\n  (\n    handler: MiddlewareHandler,\n    options?: MiddlewareOptionsCallback\n  ): NextMiddleware;\n\n  /**\n   * @example\n   * export default ternSecureMiddleware(options);\n   */\n  (options?: MiddlewareOptions): NextMiddleware;\n  /**\n   * @example\n   * export default ternSecureMiddleware;\n   */\n  (\n    request: NextMiddlewareRequestParam,\n    event: NextMiddlewareEvtParam\n  ): NextMiddlewareReturn;\n}\n\nexport const ternSecureMiddleware = ((\n  ...args: unknown[]\n): NextMiddleware | NextMiddlewareReturn => {\n  const [request, event] = parseRequestAndEvent(args);\n  const [handler, params] = parseHandlerAndOptions(args);\n\n  const middleware = () => {\n    const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\n      const resolvedParams =\n        typeof params === \"function\" ? await params(request) : params;\n\n      const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\n      const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\n\n      let handlerResult: Response = NextResponse.next();\n\n      if (handler) {\n        const createAuthHandler = async (): Promise<MiddlewareAuth> => {\n          const authObject = await authenticateMiddlewareRequest(request);\n\n          const getAuth = async (): Promise<MiddlewareAuthObject> => {\n            const ternSecureRequest = createTernSecureRequest(request);\n            const { redirectToSignIn, redirectToSignUp } =\n              createMiddlewareRedirects(\n                ternSecureRequest,\n                signInUrl,\n                signUpUrl\n              );\n\n            return {\n              ...authObject,\n              redirectToSignIn,\n              redirectToSignUp,\n            };\n          };\n\n          const protect = async (): Promise<void> => {\n            if (!authObject.user || !authObject.session) {\n              const redirectUrl = new URL(signInUrl || \"/sign-in\", request.url);\n              redirectUrl.searchParams.set(\n                \"redirect\",\n                request.nextUrl.pathname\n              );\n              redirectToSignInError(redirectUrl.toString());\n            }\n          };\n\n          // Return the MiddlewareAuth object with direct property access\n          const authHandler = Object.assign(getAuth, {\n            protect,\n            user: authObject.user,\n            session: authObject.session,\n          });\n\n          return authHandler as MiddlewareAuth;\n        };\n\n        try {\n          const auth = await createAuthHandler();\n          const userHandlerResult = await handler(auth, request, event);\n          handlerResult = userHandlerResult || handlerResult;\n        } catch (error) {\n          const ternSecureRequest = createTernSecureRequest(request);\n          handlerResult = handleControlError(error, ternSecureRequest, request);\n        }\n\n        return handlerResult;\n      }\n\n      return handlerResult;\n    };\n\n    const nextMiddleware: NextMiddleware = async (request, event) => {\n      return withAuthNextMiddleware(request, event);\n    };\n\n    if (request && event) {\n      return nextMiddleware(request, event);\n    }\n\n    return nextMiddleware;\n  };\n  return middleware();\n}) as TernSecureMiddleware;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n  return [\n    args[0] instanceof Request ? args[0] : undefined,\n    args[0] instanceof Request ? args[1] : undefined,\n  ] as [\n    NextMiddlewareRequestParam | undefined,\n    NextMiddlewareEvtParam | undefined,\n  ];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n  return [\n    typeof args[0] === \"function\" ? args[0] : undefined,\n    (args.length === 2\n      ? args[1]\n      : typeof args[0] === \"function\"\n        ? {}\n        : args[0]) || {},\n  ] as [\n    MiddlewareHandler | undefined,\n    MiddlewareOptions | MiddlewareOptionsCallback,\n  ];\n};\n\n/**\n * Create middleware redirect functions\n */\nconst createMiddlewareRedirects = (\n  ternSecureRequest: TernSecureRequest,\n  signInUrl: string,\n  signUpUrl: string\n) => {\n  const redirectToSignIn: MiddlewareAuthObject[\"redirectToSignIn\"] = (\n    opts = {}\n  ) => {\n    const url = signInUrl || ternSecureRequest.ternUrl.toString();\n    redirectToSignInError(url, opts.returnBackUrl);\n  };\n\n  const redirectToSignUp: MiddlewareAuthObject[\"redirectToSignUp\"] = (\n    opts = {}\n  ) => {\n    const url = signUpUrl || ternSecureRequest.ternUrl.toString();\n    redirectToSignUpError(url, opts.returnBackUrl);\n  };\n\n  return { redirectToSignIn, redirectToSignUp };\n};\n\n/**\n * Handle control flow errors in middleware\n */\nconst handleControlError = (\n  error: any,\n  ternSecureRequest: TernSecureRequest,\n  nextrequest: NextRequest\n): Response => {\n  if (isNextjsNotFoundError(error)) {\n    return NextResponse.rewrite(new URL(\"/404\", nextrequest.url));\n  }\n\n  // Handle redirect to sign in errors\n  if (isRedirectToSignInError(error)) {\n    const redirectAdapter = (url: string) =>\n      NextResponse.redirect(new URL(url, nextrequest.url));\n    const { redirectToSignIn } = createRedirect({\n      redirectAdapter,\n      baseUrl: ternSecureRequest.ternUrl.origin,\n      signInUrl: SIGN_IN_URL,\n      signUpUrl: SIGN_UP_URL,\n    });\n\n    return redirectToSignIn({ returnBackUrl: error.returnBackUrl });\n  }\n\n  // Handle redirect to sign up errors\n  if (isRedirectToSignUpError(error)) {\n    const redirectAdapter = (url: string) =>\n      NextResponse.redirect(new URL(url, nextrequest.url));\n    const { redirectToSignUp } = createRedirect({\n      redirectAdapter,\n      baseUrl: ternSecureRequest.ternUrl.origin,\n      signInUrl: SIGN_IN_URL,\n      signUpUrl: SIGN_UP_URL,\n    });\n\n    return redirectToSignUp({ returnBackUrl: error.returnBackUrl });\n  }\n\n  throw error;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAAgE;AAChE,mBAEO;AAEP,oBAA4B;AAE5B,sBAAyC;AACzC,wBAMO;AACP,sBAA+B;AAkCxB,MAAM,qBAAqB,CAAC,aAAuB;AACxD,SAAO,CAAC,YAAkC;AACxC,UAAM,EAAE,SAAS,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,YAAY;AAChC,YAAM,eAAe,QAClB,QAAQ,uBAAuB,MAAM,EACrC,QAAQ,SAAS,IAAI;AAExB,aAAO,IAAI,OAAO,IAAI,YAAY,GAAG,EAAE,KAAK,QAAQ;AAAA,IACtD,CAAC;AAAA,EACH;AACF;AAEA,MAAM,gCAAgC,OACpC,YACwB;AACxB,MAAI;AACF,UAAM,eAAe,UAAM,oCAAsB,OAAO;AACxD,UAAM,aAAa,aAAa,aAAa,KAAK;AAElD,WAAO;AAAA,MACL,MAAM;AAAA,QACJ,KAAK,WAAW,QAAQ;AAAA,QACxB,OAAO,WAAW,QAAQ,SAAS;AAAA,QACnC,UAAU,WAAW,QAAQ,UAAU,UAAU;AAAA,QACjD,UAAU,WAAW,QAAQ;AAAA,MAC/B;AAAA,MACA,SAAS,aAAa,aAAa;AAAA,IACrC;AAAA,EACF,SAAS,OAAO;AACd,YAAQ;AAAA,MACN;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAC3C;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF;AACF;AA0CO,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBACJ,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAEzD,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,UAAI,gBAA0B,2BAAa,KAAK;AAEhD,UAAI,SAAS;AACX,cAAM,oBAAoB,YAAqC;AAC7D,gBAAM,aAAa,MAAM,8BAA8BA,QAAO;AAE9D,gBAAM,UAAU,YAA2C;AACzD,kBAAM,wBAAoB,wCAAwBA,QAAO;AACzD,kBAAM,EAAE,kBAAkB,iBAAiB,IACzC;AAAA,cACE;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAEF,mBAAO;AAAA,cACL,GAAG;AAAA,cACH;AAAA,cACA;AAAA,YACF;AAAA,UACF;AAEA,gBAAM,UAAU,YAA2B;AACzC,gBAAI,CAAC,WAAW,QAAQ,CAAC,WAAW,SAAS;AAC3C,oBAAM,cAAc,IAAI,IAAI,aAAa,YAAYA,SAAQ,GAAG;AAChE,0BAAY,aAAa;AAAA,gBACvB;AAAA,gBACAA,SAAQ,QAAQ;AAAA,cAClB;AACA,2DAAsB,YAAY,SAAS,CAAC;AAAA,YAC9C;AAAA,UACF;AAGA,gBAAM,cAAc,OAAO,OAAO,SAAS;AAAA,YACzC;AAAA,YACA,MAAM,WAAW;AAAA,YACjB,SAAS,WAAW;AAAA,UACtB,CAAC;AAED,iBAAO;AAAA,QACT;AAEA,YAAI;AACF,gBAAM,OAAO,MAAM,kBAAkB;AACrC,gBAAM,oBAAoB,MAAM,QAAQ,MAAMA,UAASC,MAAK;AAC5D,0BAAgB,qBAAqB;AAAA,QACvC,SAAS,OAAO;AACd,gBAAM,wBAAoB,wCAAwBD,QAAO;AACzD,0BAAgB,mBAAmB,OAAO,mBAAmBA,QAAO;AAAA,QACtE;AAEA,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AAIF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IACb,KAAK,CAAC,IACN,OAAO,KAAK,CAAC,MAAM,aACjB,CAAC,IACD,KAAK,CAAC,MAAM,CAAC;AAAA,EACrB;AAIF;AAKA,MAAM,4BAA4B,CAChC,mBACA,WACA,cACG;AACH,QAAM,mBAA6D,CACjE,OAAO,CAAC,MACL;AACH,UAAM,MAAM,aAAa,kBAAkB,QAAQ,SAAS;AAC5D,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CACjE,OAAO,CAAC,MACL;AACH,UAAM,MAAM,aAAa,kBAAkB,QAAQ,SAAS;AAC5D,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,UAAI,yCAAsB,KAAK,GAAG;AAChC,WAAO,2BAAa,QAAQ,IAAI,IAAI,QAAQ,YAAY,GAAG,CAAC;AAAA,EAC9D;AAGA,UAAI,2CAAwB,KAAK,GAAG;AAClC,UAAM,kBAAkB,CAAC,QACvB,2BAAa,SAAS,IAAI,IAAI,KAAK,YAAY,GAAG,CAAC;AACrD,UAAM,EAAE,iBAAiB,QAAI,gCAAe;AAAA,MAC1C;AAAA,MACA,SAAS,kBAAkB,QAAQ;AAAA,MACnC,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,WAAO,iBAAiB,EAAE,eAAe,MAAM,cAAc,CAAC;AAAA,EAChE;AAGA,UAAI,2CAAwB,KAAK,GAAG;AAClC,UAAM,kBAAkB,CAAC,QACvB,2BAAa,SAAS,IAAI,IAAI,KAAK,YAAY,GAAG,CAAC;AACrD,UAAM,EAAE,iBAAiB,QAAI,gCAAe;AAAA,MAC1C;AAAA,MACA,SAAS,kBAAkB,QAAQ;AAAA,MACnC,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,WAAO,iBAAiB,EAAE,eAAe,MAAM,cAAc,CAAC;AAAA,EAChE;AAEA,QAAM;AACR;","names":["request","event"]}

package/dist/cjs/server/protect.js

@@ -0,0 +1,90 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var protect_exports = {};
+__export(protect_exports, {
+  createProtect: () => createProtect
+});
+module.exports = __toCommonJS(protect_exports);
+var import_backend = require("@tern-secure/backend");
+var import_constants = require("../constants");
+var import_nextFetcher = require("./nextFetcher");
+function createProtect(opts) {
+  const { redirectToSignIn, authObject, redirect, notFound, request } = opts;
+  return async (...args) => {
+    const optionValuesAsParam = args[0]?.unauthenticatedUrl || args[0]?.unauthorizedUrl;
+    const paramsOrFunction = optionValuesAsParam ? void 0 : args[0];
+    const unauthenticatedUrl = args[0]?.unauthenticatedUrl || args[1]?.unauthenticatedUrl;
+    const unauthorizedUrl = args[0]?.unauthorizedUrl || args[1]?.unauthorizedUrl;
+    const handleUnauthenticated = () => {
+      if (unauthenticatedUrl) {
+        redirect(unauthenticatedUrl);
+      }
+      if (isPageRequest(request)) {
+        return redirectToSignIn();
+      }
+      return notFound();
+    };
+    const handleUnauthorized = () => {
+      if (unauthorizedUrl) {
+        redirect(unauthorizedUrl);
+      }
+      notFound();
+    };
+    if (!authObject.userId) {
+      handleUnauthenticated();
+    }
+    if (!paramsOrFunction) {
+      return authObject;
+    }
+    if (typeof paramsOrFunction === "function") {
+      if (paramsOrFunction(authObject.require)) {
+        return authObject;
+      }
+      return handleUnauthorized();
+    }
+    if (authObject.require(paramsOrFunction)) {
+      return authObject;
+    }
+  };
+}
+const isServerActionRequest = (req) => {
+  return !!req.headers.get(import_constants.constants.Headers.NextUrl) && (req.headers.get(import_backend.constants.Headers.Accept)?.includes("text/x-component") || req.headers.get(import_backend.constants.Headers.ContentType)?.includes("multipart/form-data") || !!req.headers.get(import_constants.constants.Headers.NextAction));
+};
+const isPageRequest = (req) => {
+  return req.headers.get(import_backend.constants.Headers.SecFetchDest) === "document" || req.headers.get(import_backend.constants.Headers.SecFetchDest) === "iframe" || req.headers.get(import_backend.constants.Headers.Accept)?.includes("text/html") || isAppRouterInternalNavigation(req) || isPagesRouterInternalNavigation(req);
+};
+const isAppRouterInternalNavigation = (req) => !!req.headers.get(import_constants.constants.Headers.NextUrl) && !isServerActionRequest(req) || isPagePathAvailable();
+const isPagePathAvailable = () => {
+  const __fetch = globalThis.fetch;
+  if (!(0, import_nextFetcher.isNextFetcher)(__fetch)) {
+    return false;
+  }
+  const { page, pagePath } = __fetch.__nextGetStaticStore().getStore() || {};
+  return Boolean(
+    // available on next@14
+    pagePath || // available on next@15
+    page
+  );
+};
+const isPagesRouterInternalNavigation = (req) => !!req.headers.get(import_constants.constants.Headers.NextjsData);
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createProtect
+});
+//# sourceMappingURL=protect.js.map

package/dist/cjs/server/protect.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/protect.ts"],"sourcesContent":["import type { AuthObject, SignedInAuthObject } from \"@tern-secure/backend\";\nimport { constants } from \"@tern-secure/backend\";\nimport type { CheckAuthorizationFromSessionClaims } from \"@tern-secure/types\";\n\nimport { constants as nextConstants } from \"../constants\";\nimport { isNextFetcher } from \"./nextFetcher\";\nimport type { RedirectFun } from \"./redirect\";\n\ntype AuthProtectOptions = {\n  /**\n   * The URL to redirect the user to if they are not authorized.\n   */\n  unauthorizedUrl?: string;\n  /**\n   * The URL to redirect the user to if they are not authenticated.\n   */\n  unauthenticatedUrl?: string;\n};\n\nexport interface AuthProtect {\n  (\n    params?: (require: CheckAuthorizationFromSessionClaims) => boolean,\n    options?: AuthProtectOptions\n  ): Promise<SignedInAuthObject>;\n  (options?: AuthProtectOptions): Promise<SignedInAuthObject>;\n}\n\nexport function createProtect(opts: {\n  request: Request;\n  authObject: AuthObject;\n  notFound: () => never;\n  redirect: (url: string) => void;\n  redirectToSignIn: RedirectFun<unknown>;\n}): AuthProtect {\n  const { redirectToSignIn, authObject, redirect, notFound, request } = opts;\n\n  return (async (...args: any[]) => {\n    const optionValuesAsParam =\n      args[0]?.unauthenticatedUrl || args[0]?.unauthorizedUrl;\n    const paramsOrFunction = optionValuesAsParam ? undefined : (args[0] as \n      | CheckAuthorizationFromSessionClaims\n      | ((require: CheckAuthorizationFromSessionClaims) => boolean));\n    const unauthenticatedUrl = (args[0]?.unauthenticatedUrl ||\n      args[1]?.unauthenticatedUrl) as string | undefined;\n    const unauthorizedUrl = (args[0]?.unauthorizedUrl ||\n      args[1]?.unauthorizedUrl) as string | undefined;\n\n    const handleUnauthenticated = () => {\n      if (unauthenticatedUrl) {\n        redirect(unauthenticatedUrl);\n      }\n      if (isPageRequest(request)) {\n        return redirectToSignIn();\n      }\n      return notFound();\n    };\n\n    const handleUnauthorized = () => {\n      if (unauthorizedUrl) {\n        redirect(unauthorizedUrl);\n      }\n      notFound();\n    };\n\n    if (!authObject.userId) {\n      handleUnauthenticated();\n    }\n\n    if (!paramsOrFunction) {\n      return authObject;\n    }\n\n    if (typeof paramsOrFunction === \"function\") {\n      if (paramsOrFunction(authObject.require)) {\n        return authObject;\n      }\n      return handleUnauthorized();\n    }\n\n    if (authObject.require(paramsOrFunction)) {\n      return authObject;\n    }\n  }) as AuthProtect;\n}\n\nconst isServerActionRequest = (req: Request) => {\n  return (\n    !!req.headers.get(nextConstants.Headers.NextUrl) &&\n    (req.headers.get(constants.Headers.Accept)?.includes(\"text/x-component\") ||\n      req.headers\n        .get(constants.Headers.ContentType)\n        ?.includes(\"multipart/form-data\") ||\n      !!req.headers.get(nextConstants.Headers.NextAction))\n  );\n};\n\nconst isPageRequest = (req: Request): boolean => {\n  return (\n    req.headers.get(constants.Headers.SecFetchDest) === \"document\" ||\n    req.headers.get(constants.Headers.SecFetchDest) === \"iframe\" ||\n    req.headers.get(constants.Headers.Accept)?.includes(\"text/html\") ||\n    isAppRouterInternalNavigation(req) ||\n    isPagesRouterInternalNavigation(req)\n  );\n};\n\nconst isAppRouterInternalNavigation = (req: Request) =>\n  (!!req.headers.get(nextConstants.Headers.NextUrl) &&\n    !isServerActionRequest(req)) ||\n  isPagePathAvailable();\n\nconst isPagePathAvailable = () => {\n  const __fetch = globalThis.fetch;\n\n  if (!isNextFetcher(__fetch)) {\n    return false;\n  }\n\n  const { page, pagePath } = __fetch.__nextGetStaticStore().getStore() || {};\n\n  return Boolean(\n    // available on next@14\n    pagePath ||\n      // available on next@15\n      page\n  );\n};\n\nconst isPagesRouterInternalNavigation = (req: Request) =>\n  !!req.headers.get(nextConstants.Headers.NextjsData);\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAA0B;AAG1B,uBAA2C;AAC3C,yBAA8B;AAsBvB,SAAS,cAAc,MAMd;AACd,QAAM,EAAE,kBAAkB,YAAY,UAAU,UAAU,QAAQ,IAAI;AAEtE,SAAQ,UAAU,SAAgB;AAChC,UAAM,sBACJ,KAAK,CAAC,GAAG,sBAAsB,KAAK,CAAC,GAAG;AAC1C,UAAM,mBAAmB,sBAAsB,SAAa,KAAK,CAAC;AAGlE,UAAM,qBAAsB,KAAK,CAAC,GAAG,sBACnC,KAAK,CAAC,GAAG;AACX,UAAM,kBAAmB,KAAK,CAAC,GAAG,mBAChC,KAAK,CAAC,GAAG;AAEX,UAAM,wBAAwB,MAAM;AAClC,UAAI,oBAAoB;AACtB,iBAAS,kBAAkB;AAAA,MAC7B;AACA,UAAI,cAAc,OAAO,GAAG;AAC1B,eAAO,iBAAiB;AAAA,MAC1B;AACA,aAAO,SAAS;AAAA,IAClB;AAEA,UAAM,qBAAqB,MAAM;AAC/B,UAAI,iBAAiB;AACnB,iBAAS,eAAe;AAAA,MAC1B;AACA,eAAS;AAAA,IACX;AAEA,QAAI,CAAC,WAAW,QAAQ;AACtB,4BAAsB;AAAA,IACxB;AAEA,QAAI,CAAC,kBAAkB;AACrB,aAAO;AAAA,IACT;AAEA,QAAI,OAAO,qBAAqB,YAAY;AAC1C,UAAI,iBAAiB,WAAW,OAAO,GAAG;AACxC,eAAO;AAAA,MACT;AACA,aAAO,mBAAmB;AAAA,IAC5B;AAEA,QAAI,WAAW,QAAQ,gBAAgB,GAAG;AACxC,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,MAAM,wBAAwB,CAAC,QAAiB;AAC9C,SACE,CAAC,CAAC,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,OAAO,MAC9C,IAAI,QAAQ,IAAI,yBAAU,QAAQ,MAAM,GAAG,SAAS,kBAAkB,KACrE,IAAI,QACD,IAAI,yBAAU,QAAQ,WAAW,GAChC,SAAS,qBAAqB,KAClC,CAAC,CAAC,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,UAAU;AAExD;AAEA,MAAM,gBAAgB,CAAC,QAA0B;AAC/C,SACE,IAAI,QAAQ,IAAI,yBAAU,QAAQ,YAAY,MAAM,cACpD,IAAI,QAAQ,IAAI,yBAAU,QAAQ,YAAY,MAAM,YACpD,IAAI,QAAQ,IAAI,yBAAU,QAAQ,MAAM,GAAG,SAAS,WAAW,KAC/D,8BAA8B,GAAG,KACjC,gCAAgC,GAAG;AAEvC;AAEA,MAAM,gCAAgC,CAAC,QACpC,CAAC,CAAC,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,OAAO,KAC9C,CAAC,sBAAsB,GAAG,KAC5B,oBAAoB;AAEtB,MAAM,sBAAsB,MAAM;AAChC,QAAM,UAAU,WAAW;AAE3B,MAAI,KAAC,kCAAc,OAAO,GAAG;AAC3B,WAAO;AAAA,EACT;AAEA,QAAM,EAAE,MAAM,SAAS,IAAI,QAAQ,qBAAqB,EAAE,SAAS,KAAK,CAAC;AAEzE,SAAO;AAAA;AAAA,IAEL;AAAA,IAEE;AAAA,EACJ;AACF;AAEA,MAAM,kCAAkC,CAAC,QACvC,CAAC,CAAC,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,UAAU;","names":["nextConstants"]}

package/dist/cjs/server/redirect.js

@@ -0,0 +1,84 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var redirect_exports = {};
+__export(redirect_exports, {
+  createRedirect: () => createRedirect
+});
+module.exports = __toCommonJS(redirect_exports);
+const buildUrl = (_baseUrl, _targetUrl, _returnBackUrl) => {
+  if (_baseUrl === "") {
+    return legacyBuildUrl(_targetUrl.toString(), _returnBackUrl?.toString());
+  }
+  const baseUrl = new URL(_baseUrl);
+  const returnBackUrl = _returnBackUrl ? new URL(_returnBackUrl, baseUrl) : void 0;
+  const res = new URL(_targetUrl, baseUrl);
+  if (returnBackUrl) {
+    res.searchParams.set("redirect_url", returnBackUrl.toString());
+  }
+  return res.toString();
+};
+const legacyBuildUrl = (targetUrl, redirectUrl) => {
+  let url;
+  if (!targetUrl.startsWith("http")) {
+    if (!redirectUrl || !redirectUrl.startsWith("http")) {
+      throw new Error("destination url or return back url should be an absolute path url!");
+    }
+    const baseURL = new URL(redirectUrl);
+    url = new URL(targetUrl, baseURL.origin);
+  } else {
+    url = new URL(targetUrl);
+  }
+  if (redirectUrl) {
+    url.searchParams.set("redirect_url", redirectUrl);
+  }
+  return url.toString();
+};
+const createRedirect = (params) => {
+  const { redirectAdapter, signInUrl, signUpUrl, baseUrl } = params;
+  const redirectToSignUp = ({ returnBackUrl } = {}) => {
+    if (!signUpUrl) {
+      throw new Error("SignUp URL is not defined");
+    }
+    const pathToSignUpUrl = `${baseUrl}/sign-up`;
+    function buildSignUpUrl(signIn) {
+      if (!signIn) {
+        return;
+      }
+      const url = new URL(signIn, baseUrl);
+      url.pathname = `${url.pathname}/create`;
+      return url.toString();
+    }
+    const targetUrl = signUpUrl || buildSignUpUrl(signInUrl) || pathToSignUpUrl;
+    return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));
+  };
+  const redirectToSignIn = ({ returnBackUrl } = {}) => {
+    if (!signInUrl) {
+      throw new Error("SignIn URL is not defined");
+    }
+    const pathToSignInUrl = `${baseUrl}/sign-in`;
+    const targetUrl = signInUrl || pathToSignInUrl;
+    return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));
+  };
+  return { redirectToSignUp, redirectToSignIn };
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createRedirect
+});
+//# sourceMappingURL=redirect.js.map

package/dist/cjs/server/redirect.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/redirect.ts"],"sourcesContent":["\nconst buildUrl = (\n  _baseUrl: string | URL,\n  _targetUrl: string | URL,\n  _returnBackUrl?: string | URL | null,\n) => {\n  if (_baseUrl === '') {\n    return legacyBuildUrl(_targetUrl.toString(), _returnBackUrl?.toString());\n  }\n\n  const baseUrl = new URL(_baseUrl);\n  const returnBackUrl = _returnBackUrl ? new URL(_returnBackUrl, baseUrl) : undefined;\n  const res = new URL(_targetUrl, baseUrl);\n\n  if (returnBackUrl) {\n    res.searchParams.set('redirect_url', returnBackUrl.toString());\n  }\n  return res.toString();\n};\n\n\n\nconst legacyBuildUrl = (targetUrl: string, redirectUrl?: string) => {\n  let url;\n  if (!targetUrl.startsWith('http')) {\n    if (!redirectUrl || !redirectUrl.startsWith('http')) {\n      throw new Error('destination url or return back url should be an absolute path url!');\n    }\n\n    const baseURL = new URL(redirectUrl);\n    url = new URL(targetUrl, baseURL.origin);\n  } else {\n    url = new URL(targetUrl);\n  }\n\n  if (redirectUrl) {\n    url.searchParams.set('redirect_url', redirectUrl);\n  }\n\n  return url.toString();\n};\n\n\ntype RedirectAdapter<RedirectReturn> = (url: string) => RedirectReturn;\ntype RedirectToParams = { returnBackUrl?: string | URL | null };\nexport type RedirectFun<ReturnType> = (params?: RedirectToParams) => ReturnType;\n\n/**\n * @internal\n */\ntype CreateRedirect = <ReturnType>(params: {\n  redirectAdapter: RedirectAdapter<ReturnType>;\n  baseUrl: URL | string;\n  signInUrl?: URL | string;\n  signUpUrl?: URL | string;\n}) => {\n  redirectToSignIn: RedirectFun<ReturnType>;\n  redirectToSignUp: RedirectFun<ReturnType>;\n};\n\n\nexport const createRedirect: CreateRedirect = params => {\n  const { redirectAdapter, signInUrl, signUpUrl, baseUrl } = params;\n\n  const redirectToSignUp = ({ returnBackUrl }: RedirectToParams = {}) => {\n    if (!signUpUrl) {\n        throw new Error(\"SignUp URL is not defined\");\n    }\n\n    const pathToSignUpUrl = `${baseUrl}/sign-up`;\n    \n    function buildSignUpUrl(signIn: string | URL | undefined) {\n      if (!signIn) {\n        return;\n      }\n      const url = new URL(signIn, baseUrl);\n      url.pathname = `${url.pathname}/create`;\n      return url.toString();\n    }\n\n    const targetUrl = signUpUrl || buildSignUpUrl(signInUrl) || pathToSignUpUrl;\n\n\n    return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));\n  };\n\n  const redirectToSignIn = ({ returnBackUrl }: RedirectToParams = {}) => {\n    if (!signInUrl) {\n      throw new Error(\"SignIn URL is not defined\");\n    }\n\n    const pathToSignInUrl = `${baseUrl}/sign-in`;\n    const targetUrl = signInUrl || pathToSignInUrl;\n\n    return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));\n  };\n\n  return { redirectToSignUp, redirectToSignIn };\n};"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,MAAM,WAAW,CACf,UACA,YACA,mBACG;AACH,MAAI,aAAa,IAAI;AACnB,WAAO,eAAe,WAAW,SAAS,GAAG,gBAAgB,SAAS,CAAC;AAAA,EACzE;AAEA,QAAM,UAAU,IAAI,IAAI,QAAQ;AAChC,QAAM,gBAAgB,iBAAiB,IAAI,IAAI,gBAAgB,OAAO,IAAI;AAC1E,QAAM,MAAM,IAAI,IAAI,YAAY,OAAO;AAEvC,MAAI,eAAe;AACjB,QAAI,aAAa,IAAI,gBAAgB,cAAc,SAAS,CAAC;AAAA,EAC/D;AACA,SAAO,IAAI,SAAS;AACtB;AAIA,MAAM,iBAAiB,CAAC,WAAmB,gBAAyB;AAClE,MAAI;AACJ,MAAI,CAAC,UAAU,WAAW,MAAM,GAAG;AACjC,QAAI,CAAC,eAAe,CAAC,YAAY,WAAW,MAAM,GAAG;AACnD,YAAM,IAAI,MAAM,oEAAoE;AAAA,IACtF;AAEA,UAAM,UAAU,IAAI,IAAI,WAAW;AACnC,UAAM,IAAI,IAAI,WAAW,QAAQ,MAAM;AAAA,EACzC,OAAO;AACL,UAAM,IAAI,IAAI,SAAS;AAAA,EACzB;AAEA,MAAI,aAAa;AACf,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAAA,EAClD;AAEA,SAAO,IAAI,SAAS;AACtB;AAqBO,MAAM,iBAAiC,YAAU;AACtD,QAAM,EAAE,iBAAiB,WAAW,WAAW,QAAQ,IAAI;AAE3D,QAAM,mBAAmB,CAAC,EAAE,cAAc,IAAsB,CAAC,MAAM;AACrE,QAAI,CAAC,WAAW;AACZ,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC/C;AAEA,UAAM,kBAAkB,GAAG,OAAO;AAElC,aAAS,eAAe,QAAkC;AACxD,UAAI,CAAC,QAAQ;AACX;AAAA,MACF;AACA,YAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,UAAI,WAAW,GAAG,IAAI,QAAQ;AAC9B,aAAO,IAAI,SAAS;AAAA,IACtB;AAEA,UAAM,YAAY,aAAa,eAAe,SAAS,KAAK;AAG5D,WAAO,gBAAgB,SAAS,SAAS,WAAW,aAAa,CAAC;AAAA,EACpE;AAEA,QAAM,mBAAmB,CAAC,EAAE,cAAc,IAAsB,CAAC,MAAM;AACrE,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM,kBAAkB,GAAG,OAAO;AAClC,UAAM,YAAY,aAAa;AAE/B,WAAO,gBAAgB,SAAS,SAAS,WAAW,aAAa,CAAC;AAAA,EACpE;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;","names":[]}

package/dist/cjs/server/routeMatcher.js

@@ -0,0 +1,36 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var routeMatcher_exports = {};
+__export(routeMatcher_exports, {
+  createRouteMatcher: () => createRouteMatcher
+});
+module.exports = __toCommonJS(routeMatcher_exports);
+var import_pathMatcher = require("@tern-secure/shared/pathMatcher");
+const createRouteMatcher = (routes) => {
+  if (typeof routes === "function") {
+    return (request) => routes(request);
+  }
+  const pathMatcher = (0, import_pathMatcher.createPathMatcher)(routes);
+  return (request) => pathMatcher(request.nextUrl.pathname);
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createRouteMatcher
+});
+//# sourceMappingURL=routeMatcher.js.map

package/dist/cjs/server/routeMatcher.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/routeMatcher.ts"],"sourcesContent":["import { createPathMatcher, type WithPathPatternWildcard } from '@tern-secure/shared/pathMatcher';\nimport type { Autocomplete } from '@tern-secure/types';\nimport type Link from 'next/link';\nimport type { NextRequest } from 'next/server';\n\ntype NextTypedRoute<T = Parameters<typeof Link>['0']['href']> = T extends string ? T : never;\ntype RouteMatcherWithNextTypedRoutes = Autocomplete<\n  WithPathPatternWildcard<NextTypedRoute> | NextTypedRoute\n>;\n\nexport type RouteMatcherParams =\n  | Array<RegExp | RouteMatcherWithNextTypedRoutes>\n  | RouteMatcherWithNextTypedRoutes\n  | RegExp\n  | ((req: NextRequest) => boolean);\n/**\n * Create a route matcher function for public paths\n */\nexport const createRouteMatcher = (routes: RouteMatcherParams) => {\n  if (typeof routes === 'function') {\n    return (request: NextRequest) => routes(request);\n  }\n\n  const pathMatcher = createPathMatcher(routes);\n  return (request: NextRequest) => pathMatcher(request.nextUrl.pathname);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAgE;AAkBzD,MAAM,qBAAqB,CAAC,WAA+B;AAChE,MAAI,OAAO,WAAW,YAAY;AAChC,WAAO,CAAC,YAAyB,OAAO,OAAO;AAAA,EACjD;AAEA,QAAM,kBAAc,sCAAkB,MAAM;AAC5C,SAAO,CAAC,YAAyB,YAAY,QAAQ,QAAQ,QAAQ;AACvE;","names":[]}

package/dist/cjs/server/sdk-versions.js

@@ -0,0 +1,43 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sdk_versions_exports = {};
+__export(sdk_versions_exports, {
+  isNext13: () => isNext13,
+  isNextWithUnstableServerActions: () => isNextWithUnstableServerActions
+});
+module.exports = __toCommonJS(sdk_versions_exports);
+var import_package = __toESM(require("next/package.json"));
+const isNext13 = import_package.default.version.startsWith("13.");
+const isNextWithUnstableServerActions = isNext13 || import_package.default.version.startsWith("14.0");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  isNext13,
+  isNextWithUnstableServerActions
+});
+//# sourceMappingURL=sdk-versions.js.map

package/dist/cjs/server/sdk-versions.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/sdk-versions.ts"],"sourcesContent":["import nextPkg from 'next/package.json';\n\nconst isNext13 = nextPkg.version.startsWith('13.');\n\n/**\n * Those versions are affected by a bundling issue that will break the application if `node:fs` is used inside a server function.\n * The affected versions are >=next@13.5.4 and <=next@14.0.4\n */\nconst isNextWithUnstableServerActions = isNext13 || nextPkg.version.startsWith('14.0');\n\nexport { isNext13, isNextWithUnstableServerActions };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAAoB;AAEpB,MAAM,WAAW,eAAAA,QAAQ,QAAQ,WAAW,KAAK;AAMjD,MAAM,kCAAkC,YAAY,eAAAA,QAAQ,QAAQ,WAAW,MAAM;","names":["nextPkg"]}

package/dist/cjs/server/session-store.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/server/session-store.ts"],"sourcesContent":["import { cache } from \"react\"\r\nimport type { User } from \"./types\"\r\n\r\n/**\r\n * Simple in-memory session store\r\n * In a real app, this would be backed by Redis/etc\r\n */\r\nclass SessionStore {\r\n  private static instance: SessionStore\r\n  private sessions: Map<string, User>\r\n  private currentSessionId: string | null = null\r\n\r\n  private constructor() {\r\n    this.sessions = new Map()\r\n  }\r\n\r\n  static getInstance(): SessionStore {\r\n    if (!SessionStore.instance) {\r\n      SessionStore.instance = new SessionStore()\r\n    }\r\n    return SessionStore.instance\r\n  }\r\n\r\n  setUser(sessionId: string, user: User) {\r\n    console.log(\"SessionStore: Setting user:\", { sessionId, user })\r\n    this.sessions.set(sessionId, user)\r\n    this.currentSessionId = sessionId\r\n  }\r\n\r\n  getUser(sessionId: string): User | null {\r\n    return this.sessions.get(sessionId) || null\r\n  }\r\n\r\n  getCurrentUser(): User | null {\r\n    if (!this.currentSessionId) return null\r\n    return this.sessions.get(this.currentSessionId) || null\r\n  }\r\n\r\n  removeUser(sessionId: string) {\r\n    this.sessions.delete(sessionId)\r\n  }\r\n\r\n  clear() {\r\n    this.sessions.clear()\r\n  }\r\n\r\n  debug() {\r\n    return {\r\n      sessionsCount: this.sessions.size,\r\n      currentSessionId: this.currentSessionId,\r\n      sessions: Array.from(this.sessions.entries())\r\n    }\r\n}\r\n}\r\n\r\n// Export singleton instance\r\nexport const sessionStore = SessionStore.getInstance()\r\n\r\n/**\r\n * Cached function to get user from session store\r\n * Uses React cache for SSR optimization\r\n */\r\nexport const getVerifiedUser = cache((sessionId: string): User | null => {\r\n  return sessionStore.getUser(sessionId)\r\n})\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAsB;AAOtB,MAAM,aAAa;AAAA,EACjB,OAAe;AAAA,EACP;AAAA,EACA,mBAAkC;AAAA,EAElC,cAAc;AACpB,SAAK,WAAW,oBAAI,IAAI;AAAA,EAC1B;AAAA,EAEA,OAAO,cAA4B;AACjC,QAAI,CAAC,aAAa,UAAU;AAC1B,mBAAa,WAAW,IAAI,aAAa;AAAA,IAC3C;AACA,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,QAAQ,WAAmB,MAAY;AACrC,YAAQ,IAAI,+BAA+B,EAAE,WAAW,KAAK,CAAC;AAC9D,SAAK,SAAS,IAAI,WAAW,IAAI;AACjC,SAAK,mBAAmB;AAAA,EAC1B;AAAA,EAEA,QAAQ,WAAgC;AACtC,WAAO,KAAK,SAAS,IAAI,SAAS,KAAK;AAAA,EACzC;AAAA,EAEA,iBAA8B;AAC5B,QAAI,CAAC,KAAK,iBAAkB,QAAO;AACnC,WAAO,KAAK,SAAS,IAAI,KAAK,gBAAgB,KAAK;AAAA,EACrD;AAAA,EAEA,WAAW,WAAmB;AAC5B,SAAK,SAAS,OAAO,SAAS;AAAA,EAChC;AAAA,EAEA,QAAQ;AACN,SAAK,SAAS,MAAM;AAAA,EACtB;AAAA,EAEA,QAAQ;AACN,WAAO;AAAA,MACL,eAAe,KAAK,SAAS;AAAA,MAC7B,kBAAkB,KAAK;AAAA,MACvB,UAAU,MAAM,KAAK,KAAK,SAAS,QAAQ,CAAC;AAAA,IAC9C;AAAA,EACJ;AACA;AAGO,MAAM,eAAe,aAAa,YAAY;AAM9C,MAAM,sBAAkB,oBAAM,CAAC,cAAmC;AACvE,SAAO,aAAa,QAAQ,SAAS;AACvC,CAAC;","names":[]}
+{"version":3,"sources":["../../../src/server/session-store.ts"],"sourcesContent":["import { cache } from \"react\"\r\n\r\nimport type { User } from \"./types\"\r\n\r\n/**\r\n * Simple in-memory session store\r\n * In a real app, this would be backed by Redis/etc\r\n */\r\nclass SessionStore {\r\n  private static instance: SessionStore\r\n  private sessions: Map<string, User>\r\n  private currentSessionId: string | null = null\r\n\r\n  private constructor() {\r\n    this.sessions = new Map()\r\n  }\r\n\r\n  static getInstance(): SessionStore {\r\n    if (!SessionStore.instance) {\r\n      SessionStore.instance = new SessionStore()\r\n    }\r\n    return SessionStore.instance\r\n  }\r\n\r\n  setUser(sessionId: string, user: User) {\r\n    console.log(\"SessionStore: Setting user:\", { sessionId, user })\r\n    this.sessions.set(sessionId, user)\r\n    this.currentSessionId = sessionId\r\n  }\r\n\r\n  getUser(sessionId: string): User | null {\r\n    return this.sessions.get(sessionId) || null\r\n  }\r\n\r\n  getCurrentUser(): User | null {\r\n    if (!this.currentSessionId) return null\r\n    return this.sessions.get(this.currentSessionId) || null\r\n  }\r\n\r\n  removeUser(sessionId: string) {\r\n    this.sessions.delete(sessionId)\r\n  }\r\n\r\n  clear() {\r\n    this.sessions.clear()\r\n  }\r\n\r\n  debug() {\r\n    return {\r\n      sessionsCount: this.sessions.size,\r\n      currentSessionId: this.currentSessionId,\r\n      sessions: Array.from(this.sessions.entries())\r\n    }\r\n}\r\n}\r\n\r\n// Export singleton instance\r\nexport const sessionStore = SessionStore.getInstance()\r\n\r\n/**\r\n * Cached function to get user from session store\r\n * Uses React cache for SSR optimization\r\n */\r\nexport const getVerifiedUser = cache((sessionId: string): User | null => {\r\n  return sessionStore.getUser(sessionId)\r\n})\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAsB;AAQtB,MAAM,aAAa;AAAA,EACjB,OAAe;AAAA,EACP;AAAA,EACA,mBAAkC;AAAA,EAElC,cAAc;AACpB,SAAK,WAAW,oBAAI,IAAI;AAAA,EAC1B;AAAA,EAEA,OAAO,cAA4B;AACjC,QAAI,CAAC,aAAa,UAAU;AAC1B,mBAAa,WAAW,IAAI,aAAa;AAAA,IAC3C;AACA,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,QAAQ,WAAmB,MAAY;AACrC,YAAQ,IAAI,+BAA+B,EAAE,WAAW,KAAK,CAAC;AAC9D,SAAK,SAAS,IAAI,WAAW,IAAI;AACjC,SAAK,mBAAmB;AAAA,EAC1B;AAAA,EAEA,QAAQ,WAAgC;AACtC,WAAO,KAAK,SAAS,IAAI,SAAS,KAAK;AAAA,EACzC;AAAA,EAEA,iBAA8B;AAC5B,QAAI,CAAC,KAAK,iBAAkB,QAAO;AACnC,WAAO,KAAK,SAAS,IAAI,KAAK,gBAAgB,KAAK;AAAA,EACrD;AAAA,EAEA,WAAW,WAAmB;AAC5B,SAAK,SAAS,OAAO,SAAS;AAAA,EAChC;AAAA,EAEA,QAAQ;AACN,SAAK,SAAS,MAAM;AAAA,EACtB;AAAA,EAEA,QAAQ;AACN,WAAO;AAAA,MACL,eAAe,KAAK,SAAS;AAAA,MAC7B,kBAAkB,KAAK;AAAA,MACvB,UAAU,MAAM,KAAK,KAAK,SAAS,QAAQ,CAAC;AAAA,IAC9C;AAAA,EACJ;AACA;AAGO,MAAM,eAAe,aAAa,YAAY;AAM9C,MAAM,sBAAkB,oBAAM,CAAC,cAAmC;AACvE,SAAO,aAAa,QAAQ,SAAS;AACvC,CAAC;","names":[]}