@tern-secure/nextjs 5.1.8 → 5.1.10

package/dist/cjs/server/ternSecureEdgeMiddleware.js

@@ -0,0 +1,298 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var ternSecureEdgeMiddleware_exports = {};
+__export(ternSecureEdgeMiddleware_exports, {
+  redirectAdapter: () => redirectAdapter,
+  ternSecureMiddleware: () => ternSecureMiddleware
+});
+module.exports = __toCommonJS(ternSecureEdgeMiddleware_exports);
+var import_backend = require("@tern-secure/backend");
+var import_navigation = require("next/navigation");
+var import_server = require("next/server");
+var import_response = require("../utils/response");
+var import_serverRedirectAuth = require("../utils/serverRedirectAuth");
+var import_withLogger = require("../utils/withLogger");
+var import_constant = require("./constant");
+var import_nextErrors = require("./nextErrors");
+var import_protect = require("./protect");
+var import_redirect = require("./redirect");
+var import_utils = require("./utils");
+const backendClientDefaultOptions = {
+  apiUrl: import_constant.API_URL,
+  apiVersion: import_constant.API_VERSION
+};
+const ternSecureBackendClient = async () => {
+  return createBackendClientWithOptions({});
+};
+const createBackendClientWithOptions = (options) => {
+  return (0, import_backend.createBackendInstanceClient)({
+    ...backendClientDefaultOptions,
+    ...options
+  });
+};
+const ternSecureMiddleware = (...args) => {
+  const [request, event] = parseRequestAndEvent(args);
+  const [handler, params] = parseHandlerAndOptions(args);
+  const middleware = () => {
+    const withAuthNextMiddleware = async (request2, event2) => {
+      const resolvedParams = typeof params === "function" ? await params(request2) : params;
+      const signInUrl = resolvedParams.signInUrl || import_constant.SIGN_IN_URL;
+      const signUpUrl = resolvedParams.signUpUrl || import_constant.SIGN_UP_URL;
+      const options = {
+        signInUrl,
+        signUpUrl,
+        ...resolvedParams
+      };
+      const logger = (0, import_withLogger.createEdgeCompatibleLogger)(options.debug);
+      if (options.debug) {
+        (0, import_backend.enableDebugLogging)();
+      }
+      const reqBackendClient = await ternSecureBackendClient();
+      const ternSecureRequest = (0, import_backend.createTernSecureRequest)(request2);
+      const requestStateClient = await reqBackendClient.authenticateRequest(
+        ternSecureRequest,
+        options
+      );
+      const authObjectClient = requestStateClient.auth();
+      const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);
+      const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);
+      const protect = await createMiddlewareProtect(
+        ternSecureRequest,
+        authObjectClient,
+        redirectToSignIn
+      );
+      const authObj = Object.assign(authObjectClient, {
+        redirectToSignIn,
+        redirectToSignUp
+      });
+      const authHandler = () => Promise.resolve(authObj);
+      authHandler.protect = protect;
+      let handlerResult = import_server.NextResponse.next();
+      try {
+        const userHandlerResult = await handler?.(authHandler, request2, event2);
+        handlerResult = userHandlerResult || handlerResult;
+      } catch (error) {
+        handlerResult = handleControlError(error, ternSecureRequest, request2);
+      }
+      if (requestStateClient.headers) {
+        requestStateClient.headers.forEach((value, key) => {
+          handlerResult.headers.append(key, value);
+        });
+      }
+      if ((0, import_response.isRedirect)(handlerResult)) {
+        return (0, import_serverRedirectAuth.serverRedirectWithAuth)(ternSecureRequest, handlerResult);
+      }
+      (0, import_utils.decorateRequest)(ternSecureRequest, handlerResult, requestStateClient);
+      return handlerResult;
+    };
+    const fireNextMiddleware = async (request2) => {
+      console.log("[TernSecureMiddleware] Firebase Request URL:", request2.url);
+      if (isFirebaseCookieRequest(request2)) {
+        const options = typeof params === "function" ? await params(request2) : params;
+        rewriteFirebaseRequest(options, request2);
+        return handleFirebaseAuthRequest(request2);
+      }
+    };
+    const nextMiddleware = async (request2, event2) => {
+      if (isFirebaseRequest(request2)) {
+        return fireNextMiddleware(request2, event2);
+      }
+      return withAuthNextMiddleware(request2, event2);
+    };
+    if (request && event) {
+      return nextMiddleware(request, event);
+    }
+    return nextMiddleware;
+  };
+  return middleware();
+};
+const parseRequestAndEvent = (args) => {
+  return [
+    args[0] instanceof Request ? args[0] : void 0,
+    args[0] instanceof Request ? args[1] : void 0
+  ];
+};
+const parseHandlerAndOptions = (args) => {
+  return [
+    typeof args[0] === "function" ? args[0] : void 0,
+    (args.length === 2 ? args[1] : typeof args[0] === "function" ? {} : args[0]) || {}
+  ];
+};
+const isFirebaseRequest = (request) => request.nextUrl.pathname.startsWith("/__/");
+const rewriteFirebaseRequest = (options, request) => {
+  const newUrl = new URL(request.url);
+  newUrl.host = options.firebaseOptions?.authDomain || "";
+  newUrl.port = "";
+  return import_server.NextResponse.rewrite(newUrl);
+};
+const finalTarget = (request) => {
+  const finalTargetUrl = request.nextUrl.searchParams.get("finalTarget");
+  return finalTargetUrl ? new URL(finalTargetUrl, request.url) : void 0;
+};
+const isFirebaseCookieRequest = (request) => request.nextUrl.pathname === "/__cookies__";
+const createMiddlewareRedirects = (ternSecureRequest) => {
+  const redirectToSignIn = (opts = {}) => {
+    const url = ternSecureRequest.ternUrl.toString();
+    (0, import_nextErrors.redirectToSignInError)(url, opts.returnBackUrl);
+  };
+  const redirectToSignUp = (opts = {}) => {
+    const url = ternSecureRequest.ternUrl.toString();
+    (0, import_nextErrors.redirectToSignUpError)(url, opts.returnBackUrl);
+  };
+  return { redirectToSignIn, redirectToSignUp };
+};
+const createMiddlewareProtect = (ternSecureRequest, authObject, redirectToSignIn) => {
+  return async (params, options) => {
+    const notFound = () => (0, import_navigation.notFound)();
+    const redirect = (url) => (0, import_nextErrors.nextjsRedirectError)(url, {
+      redirectUrl: url
+    });
+    return (0, import_protect.createProtect)({
+      request: ternSecureRequest,
+      redirect,
+      notFound,
+      authObject,
+      redirectToSignIn
+    })(params, options);
+  };
+};
+const redirectAdapter = (url) => {
+  return import_server.NextResponse.redirect(url, {
+    headers: { [import_backend.constants.Headers.TernSecureRedirectTo]: "true" }
+  });
+};
+const handleControlError = (error, ternSecureRequest, nextrequest) => {
+  if ((0, import_nextErrors.isNextjsNotFoundError)(error)) {
+    return (0, import_response.setHeader)(
+      import_server.NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),
+      import_backend.constants.Headers.AuthReason,
+      "protect-rewrite"
+    );
+  }
+  const isRedirectToSignIn = (0, import_nextErrors.isRedirectToSignInError)(error);
+  const isRedirectToSignUp = (0, import_nextErrors.isRedirectToSignUpError)(error);
+  if (isRedirectToSignIn || isRedirectToSignUp) {
+    const redirect = (0, import_redirect.createRedirect)({
+      redirectAdapter,
+      baseUrl: ternSecureRequest.ternUrl,
+      signInUrl: import_constant.SIGN_IN_URL,
+      signUpUrl: import_constant.SIGN_UP_URL
+    });
+    const { returnBackUrl } = error;
+    return redirect[isRedirectToSignIn ? "redirectToSignIn" : "redirectToSignUp"]({
+      returnBackUrl
+    });
+  }
+  if ((0, import_nextErrors.isNextjsRedirectError)(error)) {
+    return redirectAdapter(error.redirectUrl);
+  }
+  throw error;
+};
+const handleFirebaseAuthRequest = async (request) => {
+  console.log("Checking for __cookies__ path");
+  const isDevMode = process.env.NODE_ENV === "development";
+  const ID_TOKEN_COOKIE_NAME = isDevMode ? `__dev_FIREBASE_[DEFAULT]` : `__HOST-FIREBASE_[DEFAULT]`;
+  const REFRESH_TOKEN_COOKIE_NAME = isDevMode ? "__dev_FIREBASEID_[DEFAULT]" : `__HOST-FIREBASEID_[DEFAULT]`;
+  const ID_TOKEN_COOKIE = {
+    path: "/",
+    secure: !isDevMode,
+    sameSite: "strict",
+    partitioned: true,
+    name: ID_TOKEN_COOKIE_NAME,
+    maxAge: 3456e4,
+    priority: "high"
+  };
+  const REFRESH_TOKEN_COOKIE = {
+    ...ID_TOKEN_COOKIE,
+    httpOnly: true,
+    name: REFRESH_TOKEN_COOKIE_NAME
+  };
+  if (request.nextUrl.pathname === "/__cookies__") {
+    console.log("Handling /__cookies__ request");
+    const method = request.method;
+    if (method === "DELETE") {
+      const response2 = new import_server.NextResponse("");
+      response2.cookies.delete({ ...ID_TOKEN_COOKIE, maxAge: 0 });
+      response2.cookies.delete({ ...REFRESH_TOKEN_COOKIE, maxAge: 0 });
+      return response2;
+    }
+    const headers = {};
+    const headerNames = [
+      "content-type",
+      "X-Firebase-Client",
+      "X-Firebase-gmpid",
+      "X-Firebase-AppCheck",
+      "X-Client-Version"
+    ];
+    headerNames.forEach((headerName) => {
+      const headerValue = request.headers.get(headerName);
+      if (headerValue) {
+        headers[headerName] = headerValue;
+      }
+    });
+    const finalTargetParam = request.nextUrl.searchParams.get("finalTarget");
+    const url = new URL(finalTargetParam || "");
+    let body = request.body;
+    const isTokenRequest = !!url.pathname.match(/^(\/securetoken\.googleapis\.com)?\/v1\/token/);
+    const isSignInRequest = !!url.pathname.match(
+      /^(\/identitytoolkit\.googleapis\.com)?\/v1\/accounts:signInWith/
+    );
+    if (!isTokenRequest && !isSignInRequest)
+      throw new Error("Could not determine the request type to proxy");
+    if (isTokenRequest) {
+      body = await request.text();
+      const bodyParams = new URLSearchParams(body.trim());
+      if (bodyParams.has("refresh_token")) {
+        const refreshToken2 = request.cookies.get(REFRESH_TOKEN_COOKIE.name)?.value;
+        if (refreshToken2) {
+          bodyParams.set("refresh_token", refreshToken2);
+          body = bodyParams.toString();
+        }
+      }
+    }
+    const response = await fetch(url, { method, body, headers });
+    const json = await response.json();
+    if (!response.ok) {
+      return import_server.NextResponse.json(json, { status: response.status, statusText: response.statusText });
+    }
+    let refreshToken, idToken, maxAge;
+    if (isSignInRequest) {
+      refreshToken = json.refreshToken;
+      idToken = json.idToken;
+      maxAge = json.expiresIn;
+      json.refreshToken = "REDACTED";
+    } else {
+      refreshToken = json.refresh_token;
+      idToken = json.id_token;
+      maxAge = json.expires_in;
+      json.refresh_token = "REDACTED";
+    }
+    const nextResponse = import_server.NextResponse.json(json);
+    if (idToken) nextResponse.cookies.set({ ...ID_TOKEN_COOKIE, maxAge, value: idToken });
+    if (refreshToken) nextResponse.cookies.set({ ...REFRESH_TOKEN_COOKIE, value: refreshToken });
+    return nextResponse;
+  }
+  return null;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  redirectAdapter,
+  ternSecureMiddleware
+});
+//# sourceMappingURL=ternSecureEdgeMiddleware.js.map

package/dist/cjs/server/ternSecureEdgeMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"sourcesContent":["import type {\r\n  AuthObject,\r\n  RequestOptions,\r\n  TernSecureRequest,\r\n} from '@tern-secure/backend';\r\nimport {\r\n  constants,\r\n  createBackendInstanceClient,\r\n  createTernSecureRequest,\r\n  enableDebugLogging,\r\n} from '@tern-secure/backend';\r\nimport type {\r\n  TernSecureConfig,\r\n} from '@tern-secure/types';\r\nimport { notFound as nextjsNotFound } from 'next/navigation';\r\nimport type { NextMiddleware,NextRequest } from 'next/server';\r\nimport { NextResponse } from 'next/server';\r\n\r\nimport { isRedirect, setHeader } from '../utils/response';\r\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\r\nimport { createEdgeCompatibleLogger } from '../utils/withLogger';\r\nimport { API_URL, API_VERSION,SIGN_IN_URL, SIGN_UP_URL } from './constant';\r\nimport {\r\n  isNextjsNotFoundError,\r\n  isNextjsRedirectError,\r\n  isRedirectToSignInError,\r\n  isRedirectToSignUpError,\r\n  nextjsRedirectError,\r\n  redirectToSignInError,\r\n  redirectToSignUpError,\r\n} from './nextErrors';\r\nimport { type AuthProtect,createProtect } from './protect';\r\nimport { createRedirect, type RedirectFun } from './redirect';\r\nimport type {\r\n  NextMiddlewareEvtParam,\r\n  NextMiddlewareRequestParam,\r\n  NextMiddlewareReturn,\r\n} from './types';\r\nimport { decorateRequest } from './utils';\r\n\r\nexport type MiddlewareAuthObject = AuthObject & {\r\n  redirectToSignIn: RedirectFun<Response>;\r\n  redirectToSignUp: RedirectFun<Response>;\r\n};\r\n\r\nexport interface MiddlewareAuth {\r\n  (): Promise<MiddlewareAuthObject>;\r\n\r\n  protect: AuthProtect;\r\n}\r\n\r\ntype MiddlewareHandler = (\r\n  auth: MiddlewareAuth,\r\n  request: NextMiddlewareRequestParam,\r\n  event: NextMiddlewareEvtParam,\r\n) => NextMiddlewareReturn;\r\n\r\nexport interface MiddlewareOptions extends RequestOptions {\r\n  debug?: boolean;\r\n  firebaseOptions?: TernSecureConfig;\r\n}\r\ntype MiddlewareOptionsCallback = (\r\n  req: NextRequest,\r\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\r\n\r\ninterface TernSecureMiddleware {\r\n  /**\r\n   * @example\r\n   * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\r\n   */\r\n  (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\r\n\r\n  /**\r\n   * @example\r\n   * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\r\n   */\r\n  (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\r\n\r\n  /**\r\n   * @example\r\n   * export default ternSecureMiddleware(options);\r\n   */\r\n  (options?: MiddlewareOptions): NextMiddleware;\r\n  /**\r\n   * @example\r\n   * export default ternSecureMiddleware;\r\n   */\r\n  (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\r\n}\r\n\r\nconst backendClientDefaultOptions = {\r\n  apiUrl: API_URL,\r\n  apiVersion: API_VERSION,\r\n};\r\n\r\nconst ternSecureBackendClient = async () => {\r\n  return createBackendClientWithOptions({});\r\n};\r\n\r\nconst createBackendClientWithOptions: typeof createBackendInstanceClient = options => {\r\n  return createBackendInstanceClient({\r\n    ...backendClientDefaultOptions,\r\n    ...options,\r\n  });\r\n};\r\n\r\nexport const ternSecureMiddleware = ((\r\n  ...args: unknown[]\r\n): NextMiddleware | NextMiddlewareReturn => {\r\n  const [request, event] = parseRequestAndEvent(args);\r\n  const [handler, params] = parseHandlerAndOptions(args);\r\n\r\n  const middleware = () => {\r\n    const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\r\n      const resolvedParams = typeof params === 'function' ? await params(request) : params;\r\n      const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\r\n      const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\r\n\r\n      const options = {\r\n        signInUrl,\r\n        signUpUrl,\r\n        ...resolvedParams,\r\n      };\r\n\r\n      const logger = createEdgeCompatibleLogger(options.debug);\r\n\r\n      if (options.debug) {\r\n        enableDebugLogging();\r\n      }\r\n\r\n      //const { authObject, headers: authHeaders } =\r\n      //  await authenticateMiddlewareRequest(request, checkRevoked, logger);\r\n\r\n      //const reqBackend = await createBackendInstanceEdge(request, checkRevoked);\r\n      const reqBackendClient = await ternSecureBackendClient();\r\n      //const requestState = reqBackend.requestState;\r\n      //const authObject = requestState.auth();\r\n      //const authHeaders = requestState.headers;\r\n\r\n      const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n      const requestStateClient = await reqBackendClient.authenticateRequest(\r\n        ternSecureRequest,\r\n        options,\r\n      );\r\n\r\n      const authObjectClient = requestStateClient.auth();\r\n\r\n      const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n      const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n      const protect = await createMiddlewareProtect(\r\n        ternSecureRequest,\r\n        authObjectClient,\r\n        redirectToSignIn,\r\n      );\r\n\r\n      const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\r\n        redirectToSignIn,\r\n        redirectToSignUp,\r\n      });\r\n\r\n      const authHandler = () => Promise.resolve(authObj);\r\n      authHandler.protect = protect;\r\n\r\n      let handlerResult: Response = NextResponse.next();\r\n\r\n      try {\r\n        const userHandlerResult = await handler?.(authHandler, request, event);\r\n        handlerResult = userHandlerResult || handlerResult;\r\n      } catch (error: any) {\r\n        handlerResult = handleControlError(error, ternSecureRequest, request);\r\n      }\r\n\r\n      if (requestStateClient.headers) {\r\n        requestStateClient.headers.forEach((value, key) => {\r\n          handlerResult.headers.append(key, value);\r\n        });\r\n      }\r\n\r\n      if (isRedirect(handlerResult)) {\r\n        return serverRedirectWithAuth(ternSecureRequest, handlerResult);\r\n      }\r\n\r\n      decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\r\n      return handlerResult;\r\n    };\r\n\r\n    const fireNextMiddleware: NextMiddleware = async (request) => {\r\n      console.log('[TernSecureMiddleware] Firebase Request URL:', request.url);\r\n      if (isFirebaseCookieRequest(request)) {\r\n        const options = typeof params === 'function' ? await params(request) : params;\r\n        rewriteFirebaseRequest(options, request);\r\n        return handleFirebaseAuthRequest(request);\r\n      }\r\n    };\r\n\r\n    const nextMiddleware: NextMiddleware = async (request, event) => {\r\n       if (isFirebaseRequest(request)) {\r\n        return fireNextMiddleware(request, event);\r\n       }\r\n      return withAuthNextMiddleware(request, event);\r\n    };\r\n\r\n    if (request && event) {\r\n      return nextMiddleware(request, event);\r\n    }\r\n\r\n    return nextMiddleware;\r\n  };\r\n  return middleware();\r\n}) as TernSecureMiddleware;\r\n\r\nconst parseRequestAndEvent = (args: unknown[]) => {\r\n  return [\r\n    args[0] instanceof Request ? args[0] : undefined,\r\n    args[0] instanceof Request ? args[1] : undefined,\r\n  ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\r\n};\r\n\r\nconst parseHandlerAndOptions = (args: unknown[]) => {\r\n  return [\r\n    typeof args[0] === 'function' ? args[0] : undefined,\r\n    (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\r\n  ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\r\n};\r\n\r\nconst isFirebaseRequest = (request: NextMiddlewareRequestParam) =>\r\n  request.nextUrl.pathname.startsWith('/__/');\r\n\r\nconst rewriteFirebaseRequest = (options: MiddlewareOptions, request: NextMiddlewareRequestParam) => {\r\n  const newUrl = new URL(request.url);\r\n  newUrl.host = options.firebaseOptions?.authDomain || '';\r\n  newUrl.port = '';\r\n  return NextResponse.rewrite(newUrl);\r\n}\r\n\r\nconst finalTarget = (request: NextMiddlewareRequestParam) => {\r\n  const finalTargetUrl = request.nextUrl.searchParams.get('finalTarget');\r\n  return finalTargetUrl ? new URL(finalTargetUrl, request.url) : undefined;\r\n};\r\n\r\nconst isFirebaseCookieRequest = (request: NextMiddlewareRequestParam) =>\r\n  request.nextUrl.pathname === '/__cookies__';\r\n\r\n/**\r\n * Create middleware redirect functions\r\n */\r\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\r\n  const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\r\n    const url = ternSecureRequest.ternUrl.toString();\r\n    redirectToSignInError(url, opts.returnBackUrl);\r\n  };\r\n\r\n  const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\r\n    const url = ternSecureRequest.ternUrl.toString();\r\n    redirectToSignUpError(url, opts.returnBackUrl);\r\n  };\r\n\r\n  return { redirectToSignIn, redirectToSignUp };\r\n};\r\n\r\nconst createMiddlewareProtect = (\r\n  ternSecureRequest: TernSecureRequest,\r\n  authObject: AuthObject,\r\n  redirectToSignIn: RedirectFun<Response>,\r\n) => {\r\n  return (async (params: any, options: any) => {\r\n    const notFound = () => nextjsNotFound();\r\n\r\n    const redirect = (url: string) =>\r\n      nextjsRedirectError(url, {\r\n        redirectUrl: url,\r\n      });\r\n\r\n    return createProtect({\r\n      request: ternSecureRequest,\r\n      redirect,\r\n      notFound,\r\n      authObject,\r\n      redirectToSignIn,\r\n    })(params, options);\r\n  }) as unknown as Promise<AuthProtect>;\r\n};\r\n\r\nexport const redirectAdapter = (url: string | URL) => {\r\n  return NextResponse.redirect(url, {\r\n    headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\r\n  });\r\n};\r\n\r\n/**\r\n * Handle control flow errors in middleware\r\n */\r\nconst handleControlError = (\r\n  error: any,\r\n  ternSecureRequest: TernSecureRequest,\r\n  nextrequest: NextRequest,\r\n): Response => {\r\n  if (isNextjsNotFoundError(error)) {\r\n    return setHeader(\r\n      NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\r\n      constants.Headers.AuthReason,\r\n      'protect-rewrite',\r\n    );\r\n  }\r\n\r\n  const isRedirectToSignIn = isRedirectToSignInError(error);\r\n  const isRedirectToSignUp = isRedirectToSignUpError(error);\r\n\r\n  if (isRedirectToSignIn || isRedirectToSignUp) {\r\n    const redirect = createRedirect({\r\n      redirectAdapter,\r\n      baseUrl: ternSecureRequest.ternUrl,\r\n      signInUrl: SIGN_IN_URL,\r\n      signUpUrl: SIGN_UP_URL,\r\n    });\r\n\r\n    const { returnBackUrl } = error;\r\n\r\n    return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\r\n      returnBackUrl,\r\n    });\r\n  }\r\n\r\n  if (isNextjsRedirectError(error)) {\r\n    return redirectAdapter(error.redirectUrl);\r\n  }\r\n\r\n  throw error;\r\n};\r\n\r\nconst handleFirebaseAuthRequest = async (\r\n  request: NextRequest,\r\n): Promise<NextResponse | null> => {\r\n\r\n  console.log('Checking for __cookies__ path');\r\n\r\n  const isDevMode = process.env.NODE_ENV === 'development';\r\n  const ID_TOKEN_COOKIE_NAME = isDevMode ? `__dev_FIREBASE_[DEFAULT]` : `__HOST-FIREBASE_[DEFAULT]`;\r\n  const REFRESH_TOKEN_COOKIE_NAME = isDevMode\r\n    ? '__dev_FIREBASEID_[DEFAULT]'\r\n    : `__HOST-FIREBASEID_[DEFAULT]`;\r\n  const ID_TOKEN_COOKIE = {\r\n    path: '/',\r\n    secure: !isDevMode,\r\n    sameSite: 'strict',\r\n    partitioned: true,\r\n    name: ID_TOKEN_COOKIE_NAME,\r\n    maxAge: 34560000,\r\n    priority: 'high',\r\n  } as const;\r\n  const REFRESH_TOKEN_COOKIE = {\r\n    ...ID_TOKEN_COOKIE,\r\n    httpOnly: true,\r\n    name: REFRESH_TOKEN_COOKIE_NAME,\r\n  } as const;\r\n\r\n  if (request.nextUrl.pathname === '/__cookies__') {\r\n    console.log('Handling /__cookies__ request');\r\n    const method = request.method;\r\n    if (method === 'DELETE') {\r\n      const response = new NextResponse('');\r\n      response.cookies.delete({ ...ID_TOKEN_COOKIE, maxAge: 0 });\r\n      response.cookies.delete({ ...REFRESH_TOKEN_COOKIE, maxAge: 0 });\r\n      return response;\r\n    }\r\n\r\n    const headers: Record<string, string> = {};\r\n        const headerNames = [\r\n      'content-type',\r\n      'X-Firebase-Client',\r\n      'X-Firebase-gmpid',\r\n      'X-Firebase-AppCheck',\r\n      'X-Client-Version',\r\n    ];\r\n\r\n    headerNames.forEach(headerName => {\r\n      const headerValue = request.headers.get(headerName);\r\n      if (headerValue) {\r\n        headers[headerName] = headerValue;\r\n      }\r\n    });\r\n\r\n    const finalTargetParam = request.nextUrl.searchParams.get('finalTarget');\r\n\r\n    const url = new URL(finalTargetParam || '');\r\n    let body: ReadableStream<any> | string | null = request.body;\r\n\r\n    const isTokenRequest = !!url.pathname.match(/^(\\/securetoken\\.googleapis\\.com)?\\/v1\\/token/);\r\n    const isSignInRequest = !!url.pathname.match(\r\n      /^(\\/identitytoolkit\\.googleapis\\.com)?\\/v1\\/accounts:signInWith/,\r\n    );\r\n\r\n    if (!isTokenRequest && !isSignInRequest)\r\n      throw new Error('Could not determine the request type to proxy');\r\n\r\n    if (isTokenRequest) {\r\n      body = await request.text();\r\n      const bodyParams = new URLSearchParams(body.trim());\r\n      if (bodyParams.has('refresh_token')) {\r\n        const refreshToken = request.cookies.get(REFRESH_TOKEN_COOKIE.name)?.value;\r\n        if (refreshToken) {\r\n          bodyParams.set('refresh_token', refreshToken);\r\n          body = bodyParams.toString();\r\n        }\r\n      }\r\n    }\r\n\r\n    const response = await fetch(url, { method, body, headers });\r\n    const json = await response.json();\r\n\r\n    if (!response.ok) {\r\n      return NextResponse.json(json, { status: response.status, statusText: response.statusText });\r\n    }\r\n\r\n    let refreshToken, idToken, maxAge;\r\n    if (isSignInRequest) {\r\n      refreshToken = json.refreshToken;\r\n      idToken = json.idToken;\r\n      maxAge = json.expiresIn;\r\n      json.refreshToken = 'REDACTED';\r\n    } else {\r\n      refreshToken = json.refresh_token;\r\n      idToken = json.id_token;\r\n      maxAge = json.expires_in;\r\n      json.refresh_token = 'REDACTED';\r\n    }\r\n\r\n    const nextResponse = NextResponse.json(json);\r\n    if (idToken) nextResponse.cookies.set({ ...ID_TOKEN_COOKIE, maxAge, value: idToken });\r\n    if (refreshToken) nextResponse.cookies.set({ ...REFRESH_TOKEN_COOKIE, value: refreshToken });\r\n    return nextResponse;\r\n  }\r\n  return null;\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,qBAKO;AAIP,wBAA2C;AAE3C,oBAA6B;AAE7B,sBAAsC;AACtC,gCAAuC;AACvC,wBAA2C;AAC3C,sBAA8D;AAC9D,wBAQO;AACP,qBAA+C;AAC/C,sBAAiD;AAMjD,mBAAgC;AAoDhC,MAAM,8BAA8B;AAAA,EAClC,QAAQ;AAAA,EACR,YAAY;AACd;AAEA,MAAM,0BAA0B,YAAY;AAC1C,SAAO,+BAA+B,CAAC,CAAC;AAC1C;AAEA,MAAM,iCAAqE,aAAW;AACpF,aAAO,4CAA4B;AAAA,IACjC,GAAG;AAAA,IACH,GAAG;AAAA,EACL,CAAC;AACH;AAEO,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAC9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,aAAS,8CAA2B,QAAQ,KAAK;AAEvD,UAAI,QAAQ,OAAO;AACjB,+CAAmB;AAAA,MACrB;AAMA,YAAM,mBAAmB,MAAM,wBAAwB;AAKvD,YAAM,wBAAoB,wCAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,2BAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,QAAO;AAAA,MACtE;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,cAAI,4BAAW,aAAa,GAAG;AAC7B,mBAAO,kDAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,wCAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAEA,UAAM,qBAAqC,OAAOA,aAAY;AAC5D,cAAQ,IAAI,gDAAgDA,SAAQ,GAAG;AACvE,UAAI,wBAAwBA,QAAO,GAAG;AACpC,cAAM,UAAU,OAAO,WAAW,aAAa,MAAM,OAAOA,QAAO,IAAI;AACvE,+BAAuB,SAASA,QAAO;AACvC,eAAO,0BAA0BA,QAAO;AAAA,MAC1C;AAAA,IACF;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC9D,UAAI,kBAAkBD,QAAO,GAAG;AAC/B,eAAO,mBAAmBA,UAASC,MAAK;AAAA,MACzC;AACD,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAEA,MAAM,oBAAoB,CAAC,YACzB,QAAQ,QAAQ,SAAS,WAAW,MAAM;AAE5C,MAAM,yBAAyB,CAAC,SAA4B,YAAwC;AAClG,QAAM,SAAS,IAAI,IAAI,QAAQ,GAAG;AAClC,SAAO,OAAO,QAAQ,iBAAiB,cAAc;AACrD,SAAO,OAAO;AACd,SAAO,2BAAa,QAAQ,MAAM;AACpC;AAEA,MAAM,cAAc,CAAC,YAAwC;AAC3D,QAAM,iBAAiB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AACrE,SAAO,iBAAiB,IAAI,IAAI,gBAAgB,QAAQ,GAAG,IAAI;AACjE;AAEA,MAAM,0BAA0B,CAAC,YAC/B,QAAQ,QAAQ,aAAa;AAK/B,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,UAAM,kBAAAC,UAAe;AAEtC,UAAM,WAAW,CAAC,YAChB,uCAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,eAAO,8BAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,2BAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,yBAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,UAAI,yCAAsB,KAAK,GAAG;AAChC,eAAO;AAAA,MACL,2BAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,yBAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,yBAAqB,2CAAwB,KAAK;AACxD,QAAM,yBAAqB,2CAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,eAAW,gCAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,UAAI,yCAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;AAEA,MAAM,4BAA4B,OAChC,YACiC;AAEjC,UAAQ,IAAI,+BAA+B;AAE3C,QAAM,YAAY,QAAQ,IAAI,aAAa;AAC3C,QAAM,uBAAuB,YAAY,6BAA6B;AACtE,QAAM,4BAA4B,YAC9B,+BACA;AACJ,QAAM,kBAAkB;AAAA,IACtB,MAAM;AAAA,IACN,QAAQ,CAAC;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,EACZ;AACA,QAAM,uBAAuB;AAAA,IAC3B,GAAG;AAAA,IACH,UAAU;AAAA,IACV,MAAM;AAAA,EACR;AAEA,MAAI,QAAQ,QAAQ,aAAa,gBAAgB;AAC/C,YAAQ,IAAI,+BAA+B;AAC3C,UAAM,SAAS,QAAQ;AACvB,QAAI,WAAW,UAAU;AACvB,YAAMC,YAAW,IAAI,2BAAa,EAAE;AACpC,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,iBAAiB,QAAQ,EAAE,CAAC;AACzD,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,sBAAsB,QAAQ,EAAE,CAAC;AAC9D,aAAOA;AAAA,IACT;AAEA,UAAM,UAAkC,CAAC;AACrC,UAAM,cAAc;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,gBAAY,QAAQ,gBAAc;AAChC,YAAM,cAAc,QAAQ,QAAQ,IAAI,UAAU;AAClD,UAAI,aAAa;AACf,gBAAQ,UAAU,IAAI;AAAA,MACxB;AAAA,IACF,CAAC;AAED,UAAM,mBAAmB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AAEvE,UAAM,MAAM,IAAI,IAAI,oBAAoB,EAAE;AAC1C,QAAI,OAA4C,QAAQ;AAExD,UAAM,iBAAiB,CAAC,CAAC,IAAI,SAAS,MAAM,+CAA+C;AAC3F,UAAM,kBAAkB,CAAC,CAAC,IAAI,SAAS;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,CAAC,kBAAkB,CAAC;AACtB,YAAM,IAAI,MAAM,+CAA+C;AAEjE,QAAI,gBAAgB;AAClB,aAAO,MAAM,QAAQ,KAAK;AAC1B,YAAM,aAAa,IAAI,gBAAgB,KAAK,KAAK,CAAC;AAClD,UAAI,WAAW,IAAI,eAAe,GAAG;AACnC,cAAMC,gBAAe,QAAQ,QAAQ,IAAI,qBAAqB,IAAI,GAAG;AACrE,YAAIA,eAAc;AAChB,qBAAW,IAAI,iBAAiBA,aAAY;AAC5C,iBAAO,WAAW,SAAS;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK,EAAE,QAAQ,MAAM,QAAQ,CAAC;AAC3D,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,CAAC,SAAS,IAAI;AAChB,aAAO,2BAAa,KAAK,MAAM,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,WAAW,CAAC;AAAA,IAC7F;AAEA,QAAI,cAAc,SAAS;AAC3B,QAAI,iBAAiB;AACnB,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,eAAe;AAAA,IACtB,OAAO;AACL,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,gBAAgB;AAAA,IACvB;AAEA,UAAM,eAAe,2BAAa,KAAK,IAAI;AAC3C,QAAI,QAAS,cAAa,QAAQ,IAAI,EAAE,GAAG,iBAAiB,QAAQ,OAAO,QAAQ,CAAC;AACpF,QAAI,aAAc,cAAa,QAAQ,IAAI,EAAE,GAAG,sBAAsB,OAAO,aAAa,CAAC;AAC3F,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":["request","event","nextjsNotFound","response","refreshToken"]}

package/dist/cjs/server/ternSecureFireMiddleware.js

@@ -0,0 +1,192 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var ternSecureFireMiddleware_exports = {};
+__export(ternSecureFireMiddleware_exports, {
+  redirectAdapter: () => redirectAdapter,
+  ternSecureMiddleware: () => ternSecureMiddleware
+});
+module.exports = __toCommonJS(ternSecureFireMiddleware_exports);
+var import_backend = require("@tern-secure/backend");
+var import_navigation = require("next/navigation");
+var import_server = require("next/server");
+var import_response = require("../utils/response");
+var import_serverRedirectAuth = require("../utils/serverRedirectAuth");
+var import_constant = require("./constant");
+var import_nextErrors = require("./nextErrors");
+var import_protect = require("./protect");
+var import_redirect = require("./redirect");
+var import_utils = require("./utils");
+const backendClientDefaultOptions = {
+  apiUrl: import_constant.API_URL,
+  apiVersion: import_constant.API_VERSION
+};
+const ternSecureFireClient = async () => {
+  return createFireClientWithOptions({});
+};
+const createFireClientWithOptions = (options) => {
+  return (0, import_backend.createFireClient)({
+    ...backendClientDefaultOptions,
+    ...options
+  });
+};
+const ternSecureMiddleware = (...args) => {
+  const [request, event] = parseRequestAndEvent(args);
+  const [handler, params] = parseHandlerAndOptions(args);
+  const middleware = () => {
+    const runMiddleware = async (request2, event2) => {
+      const resolvedParams = typeof params === "function" ? await params(request2) : params;
+      const signInUrl = resolvedParams.signInUrl || import_constant.SIGN_IN_URL;
+      const signUpUrl = resolvedParams.signUpUrl || import_constant.SIGN_UP_URL;
+      const options = {
+        signInUrl,
+        signUpUrl,
+        ...resolvedParams
+      };
+      const reqBackendClient = await ternSecureFireClient();
+      const ternSecureRequest = (0, import_backend.createTernSecureRequest)(request2);
+      const requestStateClient = await reqBackendClient.authenticateRequest(
+        ternSecureRequest,
+        options
+      );
+      const authObjectClient = requestStateClient.auth();
+      const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);
+      const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);
+      const protect = await createMiddlewareProtect(
+        ternSecureRequest,
+        authObjectClient,
+        redirectToSignIn
+      );
+      const authObj = Object.assign(authObjectClient, {
+        redirectToSignIn,
+        redirectToSignUp
+      });
+      const authHandler = () => Promise.resolve(authObj);
+      authHandler.protect = protect;
+      let handlerResult = import_server.NextResponse.next();
+      try {
+        const userHandlerResult = await handler?.(authHandler, request2, event2);
+        handlerResult = userHandlerResult || handlerResult;
+      } catch (error) {
+        handlerResult = handleControlError(error, ternSecureRequest, request2);
+      }
+      if (requestStateClient.headers) {
+        requestStateClient.headers.forEach((value, key) => {
+          handlerResult.headers.append(key, value);
+        });
+      }
+      if ((0, import_response.isRedirect)(handlerResult)) {
+        return (0, import_serverRedirectAuth.serverRedirectWithAuth)(ternSecureRequest, handlerResult);
+      }
+      (0, import_utils.decorateRequest)(ternSecureRequest, handlerResult, requestStateClient);
+      return handlerResult;
+    };
+    const nextMiddleware = async (request2, event2) => {
+      console.log("[TernSecureMiddleware] Request URL:", request2.url);
+      console.log("[TernSecureMiddleware] Request pathname:", request2.nextUrl.pathname);
+      return runMiddleware(request2, event2);
+    };
+    if (request && event) {
+      return nextMiddleware(request, event);
+    }
+    return nextMiddleware;
+  };
+  return middleware();
+};
+const parseRequestAndEvent = (args) => {
+  return [
+    args[0] instanceof Request ? args[0] : void 0,
+    args[0] instanceof Request ? args[1] : void 0
+  ];
+};
+const parseHandlerAndOptions = (args) => {
+  return [
+    typeof args[0] === "function" ? args[0] : void 0,
+    (args.length === 2 ? args[1] : typeof args[0] === "function" ? {} : args[0]) || {}
+  ];
+};
+const isFirebaseRequest = (request) => request.nextUrl.pathname.startsWith("/__/");
+const finalTarget = (request) => {
+  const finalTargetUrl = request.nextUrl.searchParams.get("finalTarget");
+  return finalTargetUrl ? new URL(finalTargetUrl, request.url) : void 0;
+};
+const isFirebaseCookieRequest = (request) => request.nextUrl.pathname === "/__cookies__";
+const createMiddlewareRedirects = (ternSecureRequest) => {
+  const redirectToSignIn = (opts = {}) => {
+    const url = ternSecureRequest.ternUrl.toString();
+    (0, import_nextErrors.redirectToSignInError)(url, opts.returnBackUrl);
+  };
+  const redirectToSignUp = (opts = {}) => {
+    const url = ternSecureRequest.ternUrl.toString();
+    (0, import_nextErrors.redirectToSignUpError)(url, opts.returnBackUrl);
+  };
+  return { redirectToSignIn, redirectToSignUp };
+};
+const createMiddlewareProtect = (ternSecureRequest, authObject, redirectToSignIn) => {
+  return async (params, options) => {
+    const notFound = () => (0, import_navigation.notFound)();
+    const redirect = (url) => (0, import_nextErrors.nextjsRedirectError)(url, {
+      redirectUrl: url
+    });
+    return (0, import_protect.createProtect)({
+      request: ternSecureRequest,
+      redirect,
+      notFound,
+      authObject,
+      redirectToSignIn
+    })(params, options);
+  };
+};
+const redirectAdapter = (url) => {
+  return import_server.NextResponse.redirect(url, {
+    headers: { [import_backend.constants.Headers.TernSecureRedirectTo]: "true" }
+  });
+};
+const handleControlError = (error, ternSecureRequest, nextrequest) => {
+  if ((0, import_nextErrors.isNextjsNotFoundError)(error)) {
+    return (0, import_response.setHeader)(
+      import_server.NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),
+      import_backend.constants.Headers.AuthReason,
+      "protect-rewrite"
+    );
+  }
+  const isRedirectToSignIn = (0, import_nextErrors.isRedirectToSignInError)(error);
+  const isRedirectToSignUp = (0, import_nextErrors.isRedirectToSignUpError)(error);
+  if (isRedirectToSignIn || isRedirectToSignUp) {
+    const redirect = (0, import_redirect.createRedirect)({
+      redirectAdapter,
+      baseUrl: ternSecureRequest.ternUrl,
+      signInUrl: import_constant.SIGN_IN_URL,
+      signUpUrl: import_constant.SIGN_UP_URL
+    });
+    const { returnBackUrl } = error;
+    return redirect[isRedirectToSignIn ? "redirectToSignIn" : "redirectToSignUp"]({
+      returnBackUrl
+    });
+  }
+  if ((0, import_nextErrors.isNextjsRedirectError)(error)) {
+    return redirectAdapter(error.redirectUrl);
+  }
+  throw error;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  redirectAdapter,
+  ternSecureMiddleware
+});
+//# sourceMappingURL=ternSecureFireMiddleware.js.map

package/dist/cjs/server/ternSecureFireMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/ternSecureFireMiddleware.ts"],"sourcesContent":["import type {\n  AuthObject,\n  RequestOptions,\n  TernSecureRequest,\n} from '@tern-secure/backend';\nimport {\n  constants,\n  createFireClient,\n  createTernSecureRequest,\n} from '@tern-secure/backend';\nimport type {\n  TernSecureConfig,\n} from '@tern-secure/types';\nimport { notFound as nextjsNotFound } from 'next/navigation';\nimport type { NextMiddleware,NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\n\nimport { isRedirect, setHeader } from '../utils/response';\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\nimport { API_URL, API_VERSION,SIGN_IN_URL, SIGN_UP_URL } from './constant';\nimport {\n  isNextjsNotFoundError,\n  isNextjsRedirectError,\n  isRedirectToSignInError,\n  isRedirectToSignUpError,\n  nextjsRedirectError,\n  redirectToSignInError,\n  redirectToSignUpError,\n} from './nextErrors';\nimport { type AuthProtect,createProtect } from './protect';\nimport { createRedirect, type RedirectFun } from './redirect';\nimport type {\n  NextMiddlewareEvtParam,\n  NextMiddlewareRequestParam,\n  NextMiddlewareReturn,\n} from './types';\nimport { decorateRequest } from './utils';\n\nexport type MiddlewareAuthObject = AuthObject & {\n  redirectToSignIn: RedirectFun<Response>;\n  redirectToSignUp: RedirectFun<Response>;\n};\n\nexport interface MiddlewareAuth {\n  (): Promise<MiddlewareAuthObject>;\n\n  protect: AuthProtect;\n}\n\ntype MiddlewareHandler = (\n  auth: MiddlewareAuth,\n  request: NextMiddlewareRequestParam,\n  event: NextMiddlewareEvtParam,\n) => NextMiddlewareReturn;\n\nexport interface MiddlewareOptions extends RequestOptions {\n  debug?: boolean;\n  firebaseOptions?: TernSecureConfig;\n}\ntype MiddlewareOptionsCallback = (\n  req: NextRequest,\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\n\ninterface TernSecureMiddleware {\n  /**\n   * @example\n   * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\n   */\n  (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\n\n  /**\n   * @example\n   * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\n   */\n  (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\n\n  /**\n   * @example\n   * export default ternSecureMiddleware(options);\n   */\n  (options?: MiddlewareOptions): NextMiddleware;\n  /**\n   * @example\n   * export default ternSecureMiddleware;\n   */\n  (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\n}\n\nconst backendClientDefaultOptions = {\n  apiUrl: API_URL,\n  apiVersion: API_VERSION,\n};\n\nconst ternSecureFireClient = async () => {\n  return createFireClientWithOptions({});\n};\n\nconst createFireClientWithOptions: typeof createFireClient = options => {\n  return createFireClient({\n    ...backendClientDefaultOptions,\n    ...options,\n  });\n};\n\nexport const ternSecureMiddleware = ((\n  ...args: unknown[]\n): NextMiddleware | NextMiddlewareReturn => {\n  const [request, event] = parseRequestAndEvent(args);\n  const [handler, params] = parseHandlerAndOptions(args);\n\n  const middleware = () => {\n    const runMiddleware: NextMiddleware = async (request, event) => {\n      const resolvedParams = typeof params === 'function' ? await params(request) : params;\n      const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\n      const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\n\n      const options = {\n        signInUrl,\n        signUpUrl,\n        ...resolvedParams,\n      };\n\n      const reqBackendClient = await ternSecureFireClient();\n      const ternSecureRequest = createTernSecureRequest(request);\n\n      const requestStateClient = await reqBackendClient.authenticateRequest(\n        ternSecureRequest,\n        options,\n      );\n\n      const authObjectClient = requestStateClient.auth();\n\n      const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);\n\n      const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);\n\n      const protect = await createMiddlewareProtect(\n        ternSecureRequest,\n        authObjectClient,\n        redirectToSignIn,\n      );\n\n      const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\n        redirectToSignIn,\n        redirectToSignUp,\n      });\n\n      const authHandler = () => Promise.resolve(authObj);\n      authHandler.protect = protect;\n\n      let handlerResult: Response = NextResponse.next();\n\n      try {\n        const userHandlerResult = await handler?.(authHandler, request, event);\n        handlerResult = userHandlerResult || handlerResult;\n      } catch (error: any) {\n        handlerResult = handleControlError(error, ternSecureRequest, request);\n      }\n\n      if (requestStateClient.headers) {\n        requestStateClient.headers.forEach((value, key) => {\n          handlerResult.headers.append(key, value);\n        });\n      }\n\n      if (isRedirect(handlerResult)) {\n        return serverRedirectWithAuth(ternSecureRequest, handlerResult);\n      }\n\n      decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\n      return handlerResult;\n    };\n\n    const nextMiddleware: NextMiddleware = async (request, event) => {\n      console.log('[TernSecureMiddleware] Request URL:', request.url);\n      console.log('[TernSecureMiddleware] Request pathname:', request.nextUrl.pathname);\n      return runMiddleware(request, event);\n    };\n\n    if (request && event) {\n      return nextMiddleware(request, event);\n    }\n\n    return nextMiddleware;\n  };\n  return middleware();\n}) as TernSecureMiddleware;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n  return [\n    args[0] instanceof Request ? args[0] : undefined,\n    args[0] instanceof Request ? args[1] : undefined,\n  ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n  return [\n    typeof args[0] === 'function' ? args[0] : undefined,\n    (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\n  ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\n};\n\nconst isFirebaseRequest = (request: NextMiddlewareRequestParam) => \n    request.nextUrl.pathname.startsWith('/__/');\n\nconst finalTarget = (request: NextMiddlewareRequestParam) => {\n    const finalTargetUrl =  request.nextUrl.searchParams.get('finalTarget');\n    return finalTargetUrl ? new URL(finalTargetUrl, request.url) : undefined;\n}\n\nconst isFirebaseCookieRequest = (request: NextMiddlewareRequestParam) => \n    request.nextUrl.pathname === '/__cookies__';\n\n/**\n * Create middleware redirect functions\n */\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\n  const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\n    const url = ternSecureRequest.ternUrl.toString();\n    redirectToSignInError(url, opts.returnBackUrl);\n  };\n\n  const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\n    const url = ternSecureRequest.ternUrl.toString();\n    redirectToSignUpError(url, opts.returnBackUrl);\n  };\n\n  return { redirectToSignIn, redirectToSignUp };\n};\n\nconst createMiddlewareProtect = (\n  ternSecureRequest: TernSecureRequest,\n  authObject: AuthObject,\n  redirectToSignIn: RedirectFun<Response>,\n) => {\n  return (async (params: any, options: any) => {\n    const notFound = () => nextjsNotFound();\n\n    const redirect = (url: string) =>\n      nextjsRedirectError(url, {\n        redirectUrl: url,\n      });\n\n    return createProtect({\n      request: ternSecureRequest,\n      redirect,\n      notFound,\n      authObject,\n      redirectToSignIn,\n    })(params, options);\n  }) as unknown as Promise<AuthProtect>;\n};\n\nexport const redirectAdapter = (url: string | URL) => {\n  return NextResponse.redirect(url, {\n    headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\n  });\n};\n\n/**\n * Handle control flow errors in middleware\n */\nconst handleControlError = (\n  error: any,\n  ternSecureRequest: TernSecureRequest,\n  nextrequest: NextRequest,\n): Response => {\n  if (isNextjsNotFoundError(error)) {\n    return setHeader(\n      NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\n      constants.Headers.AuthReason,\n      'protect-rewrite',\n    );\n  }\n\n  const isRedirectToSignIn = isRedirectToSignInError(error);\n  const isRedirectToSignUp = isRedirectToSignUpError(error);\n\n  if (isRedirectToSignIn || isRedirectToSignUp) {\n    const redirect = createRedirect({\n      redirectAdapter,\n      baseUrl: ternSecureRequest.ternUrl,\n      signInUrl: SIGN_IN_URL,\n      signUpUrl: SIGN_UP_URL,\n    });\n\n    const { returnBackUrl } = error;\n\n    return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\n      returnBackUrl,\n    });\n  }\n\n  if (isNextjsRedirectError(error)) {\n    return redirectAdapter(error.redirectUrl);\n  }\n\n  throw error;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,qBAIO;AAIP,wBAA2C;AAE3C,oBAA6B;AAE7B,sBAAsC;AACtC,gCAAuC;AACvC,sBAA8D;AAC9D,wBAQO;AACP,qBAA+C;AAC/C,sBAAiD;AAMjD,mBAAgC;AAoDhC,MAAM,8BAA8B;AAAA,EAClC,QAAQ;AAAA,EACR,YAAY;AACd;AAEA,MAAM,uBAAuB,YAAY;AACvC,SAAO,4BAA4B,CAAC,CAAC;AACvC;AAEA,MAAM,8BAAuD,aAAW;AACtE,aAAO,iCAAiB;AAAA,IACtB,GAAG;AAAA,IACH,GAAG;AAAA,EACL,CAAC;AACH;AAEO,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,gBAAgC,OAAOA,UAASC,WAAU;AAC9D,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAC9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,mBAAmB,MAAM,qBAAqB;AACpD,YAAM,wBAAoB,wCAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,2BAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,QAAO;AAAA,MACtE;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,cAAI,4BAAW,aAAa,GAAG;AAC7B,mBAAO,kDAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,wCAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,cAAQ,IAAI,uCAAuCD,SAAQ,GAAG;AAC9D,cAAQ,IAAI,4CAA4CA,SAAQ,QAAQ,QAAQ;AAChF,aAAO,cAAcA,UAASC,MAAK;AAAA,IACrC;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAEA,MAAM,oBAAoB,CAAC,YACvB,QAAQ,QAAQ,SAAS,WAAW,MAAM;AAE9C,MAAM,cAAc,CAAC,YAAwC;AACzD,QAAM,iBAAkB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AACtE,SAAO,iBAAiB,IAAI,IAAI,gBAAgB,QAAQ,GAAG,IAAI;AACnE;AAEA,MAAM,0BAA0B,CAAC,YAC7B,QAAQ,QAAQ,aAAa;AAKjC,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,UAAM,kBAAAC,UAAe;AAEtC,UAAM,WAAW,CAAC,YAChB,uCAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,eAAO,8BAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,2BAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,yBAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,UAAI,yCAAsB,KAAK,GAAG;AAChC,eAAO;AAAA,MACL,2BAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,yBAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,yBAAqB,2CAAwB,KAAK;AACxD,QAAM,yBAAqB,2CAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,eAAW,gCAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,UAAI,yCAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;","names":["request","event","nextjsNotFound"]}

package/dist/cjs/server/types.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/server/types.ts"],"sourcesContent":["export interface User {\r\n    uid: string\r\n    email: string | null\r\n    emailVerified?: boolean\r\n    authTime?: number\r\n    disabled?: boolean\r\n}\r\n  \r\n\r\n\r\n  export interface UserInfo {\r\n    uid: string\r\n    email: string | null\r\n    emailVerified?: boolean\r\n    authTime?: number\r\n    disabled?: boolean\r\n  }\r\n  \r\n  export interface SessionUser {\r\n    uid: string\r\n    email: string | null\r\n    emailVerified: boolean\r\n    disabled?: boolean\r\n  }\r\n  \r\n  export interface SessionResult {\r\n    isAuthenticated: boolean\r\n    user: UserInfo | null\r\n    error?: string\r\n  }"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}
+{"version":3,"sources":["../../../src/server/types.ts"],"sourcesContent":["import type { TernSecureUser } from \"@tern-secure/types\"\r\nimport type { IncomingMessage } from \"http\";\r\nimport type { NextApiRequest } from \"next\";\r\nimport type { NextApiRequestCookies } from \"next/dist/server/api-utils\";\r\nimport type { NextMiddleware, NextRequest } from \"next/server\";\r\n\r\n// Request contained in GetServerSidePropsContext, has cookies but not query\r\ntype GsspRequest = IncomingMessage & { cookies: NextApiRequestCookies };\r\n\r\nexport type RequestLike = NextRequest | NextApiRequest | GsspRequest;\r\n\r\nexport type NextMiddlewareRequestParam = Parameters<NextMiddleware>[\"0\"];\r\nexport type NextMiddlewareReturn = ReturnType<NextMiddleware>;\r\nexport type NextMiddlewareEvtParam = Parameters<NextMiddleware>[\"1\"];\r\n\r\n\r\nexport interface User {\r\n    uid: string\r\n    email: string | null\r\n    emailVerified?: boolean\r\n    authTime?: number\r\n    disabled?: boolean\r\n}\r\n\r\nexport interface BaseUser {\r\n  uid: string\r\n  email: string | null\r\n  emailVerified?: boolean\r\n  tenantId: string | null\r\n  authTime?: number\r\n  disabled?: boolean\r\n}\r\n\r\nexport interface SessionUser {\r\n  uid: string\r\n  email: string | null\r\n  emailVerified: boolean\r\n  disabled?: boolean\r\n}\r\n\r\nexport interface SessionResult {\r\n  isAuthenticated: boolean\r\n  user: BaseUser | null\r\n  error?: string\r\n}\r\n\r\nexport type { TernSecureUser };"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}