@tern-secure/nextjs 5.1.8 → 5.1.9

package/dist/cjs/__tests__/gemini_fnTernSecureNextHandler.bench.js

@@ -0,0 +1,31 @@
+"use strict";
+var import_vitest = require("vitest");
+var import_server = require("next/server");
+var import_gemini_fnTernSecureNextHandler = require("../../examples/gemini_fnTernSecureNextHandler");
+var import_sessionHandlers = require("../app-router/admin/sessionHandlers");
+import_vitest.vi.mock("../sessionHandlers", () => ({
+  SessionEndpointHandler: {
+    handle: import_vitest.vi.fn()
+  }
+}));
+const authHandlerOptions = {
+  cors: {
+    allowedOrigins: ["http://localhost:3000", "https://ternsecure.com"],
+    allowedMethods: ["GET", "POST"]
+  },
+  security: {
+    requireCSRF: true,
+    allowedReferers: ["http://localhost:3000", "https://ternsecure.com"]
+  },
+  debug: false
+};
+(0, import_vitest.bench)("handler performance for a valid request", async () => {
+  const handler = (0, import_gemini_fnTernSecureNextHandler.geminiCreateTernSecureNextJsHandlerFn)(authHandlerOptions);
+  const request = new import_server.NextRequest("http://localhost/api/auth/sessions/verify", {
+    method: "GET",
+    headers: { origin: "http://localhost:3000" }
+  });
+  import_sessionHandlers.SessionEndpointHandler.handle.mockResolvedValue(new import_server.NextResponse(null, { status: 200 }));
+  await handler.GET(request);
+});
+//# sourceMappingURL=gemini_fnTernSecureNextHandler.bench.js.map

package/dist/cjs/__tests__/gemini_fnTernSecureNextHandler.bench.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/__tests__/gemini_fnTernSecureNextHandler.bench.ts"],"sourcesContent":["import { bench, vi } from 'vitest';\nimport { NextRequest, NextResponse } from 'next/server';\nimport { geminiCreateTernSecureNextJsHandlerFn } from '../../examples/gemini_fnTernSecureNextHandler';\nimport { SessionEndpointHandler } from '../app-router/admin/sessionHandlers';\n\nvi.mock('../sessionHandlers', () => ({\n  SessionEndpointHandler: {\n    handle: vi.fn(),\n  },\n}));\n\nconst authHandlerOptions = {\n  cors: {\n    allowedOrigins: ['http://localhost:3000', 'https://ternsecure.com'],\n    allowedMethods: ['GET', 'POST'],\n  },\n  security: {\n    requireCSRF: true,\n    allowedReferers: ['http://localhost:3000', 'https://ternsecure.com'],\n  },\n  debug: false,\n};\n\nbench('handler performance for a valid request', async () => {\n  const handler = geminiCreateTernSecureNextJsHandlerFn(authHandlerOptions);\n  const request = new NextRequest('http://localhost/api/auth/sessions/verify', {\n    method: 'GET',\n    headers: { origin: 'http://localhost:3000' },\n  });\n  (SessionEndpointHandler.handle as any).mockResolvedValue(new NextResponse(null, { status: 200 }));\n\n  await handler.GET(request);\n});\n"],"mappings":";AAAA,oBAA0B;AAC1B,oBAA0C;AAC1C,4CAAsD;AACtD,6BAAuC;AAEvC,iBAAG,KAAK,sBAAsB,OAAO;AAAA,EACnC,wBAAwB;AAAA,IACtB,QAAQ,iBAAG,GAAG;AAAA,EAChB;AACF,EAAE;AAEF,MAAM,qBAAqB;AAAA,EACzB,MAAM;AAAA,IACJ,gBAAgB,CAAC,yBAAyB,wBAAwB;AAAA,IAClE,gBAAgB,CAAC,OAAO,MAAM;AAAA,EAChC;AAAA,EACA,UAAU;AAAA,IACR,aAAa;AAAA,IACb,iBAAiB,CAAC,yBAAyB,wBAAwB;AAAA,EACrE;AAAA,EACA,OAAO;AACT;AAAA,IAEA,qBAAM,2CAA2C,YAAY;AAC3D,QAAM,cAAU,6EAAsC,kBAAkB;AACxE,QAAM,UAAU,IAAI,0BAAY,6CAA6C;AAAA,IAC3E,QAAQ;AAAA,IACR,SAAS,EAAE,QAAQ,wBAAwB;AAAA,EAC7C,CAAC;AACD,EAAC,8CAAuB,OAAe,kBAAkB,IAAI,2BAAa,MAAM,EAAE,QAAQ,IAAI,CAAC,CAAC;AAEhG,QAAM,QAAQ,IAAI,OAAO;AAC3B,CAAC;","names":[]}

package/dist/cjs/app-router/admin/actions.js

@@ -0,0 +1,62 @@
+"use strict";
+"use server";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var actions_exports = {};
+__export(actions_exports, {
+  clearNextSessionCookie: () => clearNextSessionCookie,
+  clearSessionCookieServer: () => clearSessionCookieServer,
+  createNextSessionCookie: () => createNextSessionCookie,
+  createSessionCookieServer: () => createSessionCookieServer,
+  setNextServerSession: () => setNextServerSession,
+  setNextServerToken: () => setNextServerToken
+});
+module.exports = __toCommonJS(actions_exports);
+var import_admin = require("@tern-secure/backend/admin");
+var import_NextCookieAdapter = require("../../utils/NextCookieAdapter");
+var import_constants = require("./constants");
+async function createSessionCookieServer(idToken) {
+  const cookieStore = new import_NextCookieAdapter.NextCookieStore();
+  return (0, import_admin.createSessionCookie)(idToken, cookieStore);
+}
+async function clearSessionCookieServer() {
+  const cookieStore = new import_NextCookieAdapter.NextCookieStore();
+  return (0, import_admin.clearSessionCookie)(cookieStore);
+}
+async function clearNextSessionCookie() {
+  return (0, import_admin.ClearNextSessionCookie)(import_constants.TENANT_ID);
+}
+async function setNextServerSession(idToken) {
+  return (0, import_admin.SetNextServerSession)(idToken);
+}
+async function setNextServerToken(token) {
+  return (0, import_admin.SetNextServerToken)(token);
+}
+async function createNextSessionCookie(idToken) {
+  return (0, import_admin.CreateNextSessionCookie)(idToken);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  clearNextSessionCookie,
+  clearSessionCookieServer,
+  createNextSessionCookie,
+  createSessionCookieServer,
+  setNextServerSession,
+  setNextServerToken
+});
+//# sourceMappingURL=actions.js.map

package/dist/cjs/app-router/admin/actions.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/admin/actions.ts"],"sourcesContent":["'use server'\n\nimport {\n    ClearNextSessionCookie,\n    clearSessionCookie, \n    CreateNextSessionCookie,\n    createSessionCookie, \n    SetNextServerSession, \n    SetNextServerToken,\n} from \"@tern-secure/backend/admin\";\n\nimport { NextCookieStore } from \"../../utils/NextCookieAdapter\";\nimport { TENANT_ID } from \"./constants\";\n\nexport async function createSessionCookieServer(idToken: string) {\n    const cookieStore = new NextCookieStore();\n    return createSessionCookie(idToken, cookieStore);\n}\n\nexport async function clearSessionCookieServer() {\n    const cookieStore = new NextCookieStore();\n    return clearSessionCookie(cookieStore);\n}\n\nexport async function clearNextSessionCookie() {\n    return ClearNextSessionCookie(TENANT_ID);\n}\n\nexport async function setNextServerSession(idToken: string) {\n    return SetNextServerSession(idToken);\n}\n\nexport async function setNextServerToken(token: string) {\n    return SetNextServerToken(token);\n}\n\nexport async function createNextSessionCookie(idToken: string) {\n    return CreateNextSessionCookie(idToken);\n}"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAOO;AAEP,+BAAgC;AAChC,uBAA0B;AAE1B,eAAsB,0BAA0B,SAAiB;AAC7D,QAAM,cAAc,IAAI,yCAAgB;AACxC,aAAO,kCAAoB,SAAS,WAAW;AACnD;AAEA,eAAsB,2BAA2B;AAC7C,QAAM,cAAc,IAAI,yCAAgB;AACxC,aAAO,iCAAmB,WAAW;AACzC;AAEA,eAAsB,yBAAyB;AAC3C,aAAO,qCAAuB,0BAAS;AAC3C;AAEA,eAAsB,qBAAqB,SAAiB;AACxD,aAAO,mCAAqB,OAAO;AACvC;AAEA,eAAsB,mBAAmB,OAAe;AACpD,aAAO,iCAAmB,KAAK;AACnC;AAEA,eAAsB,wBAAwB,SAAiB;AAC3D,aAAO,sCAAwB,OAAO;AAC1C;","names":[]}

package/dist/cjs/app-router/admin/constants.js

@@ -0,0 +1,29 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var constants_exports = {};
+__export(constants_exports, {
+  TENANT_ID: () => TENANT_ID
+});
+module.exports = __toCommonJS(constants_exports);
+const TENANT_ID = process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || "";
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  TENANT_ID
+});
+//# sourceMappingURL=constants.js.map

package/dist/cjs/app-router/admin/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/admin/constants.ts"],"sourcesContent":["export const TENANT_ID = process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || '';"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,MAAM,YAAY,QAAQ,IAAI,kCAAkC;","names":[]}

package/dist/cjs/app-router/admin/fnValidators.js

@@ -0,0 +1,295 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var fnValidators_exports = {};
+__export(fnValidators_exports, {
+  createRequestContext: () => createRequestContext,
+  createValidators: () => createValidators
+});
+module.exports = __toCommonJS(fnValidators_exports);
+var import_server = require("next/server");
+var import_responses = require("./responses");
+function createRequestContext(request) {
+  const url = new URL(request.url);
+  const pathSegments = url.pathname.split("/").filter(Boolean);
+  return {
+    request,
+    origin: request.headers.get("origin"),
+    host: request.headers.get("host"),
+    referer: request.headers.get("referer"),
+    userAgent: request.headers.get("user-agent") || "",
+    method: request.method,
+    pathSegments
+  };
+}
+function createValidators(context) {
+  const { request, origin, host, referer, userAgent, method, pathSegments } = context;
+  async function validateCors(corsOptions) {
+    if (corsOptions.skipSameOrigin) {
+      if (!origin || host && origin.includes(host)) {
+        return null;
+      }
+    }
+    if (corsOptions.allowedOrigins !== "*") {
+      const isAllowed = corsOptions.allowedOrigins.some((allowedOrigin) => {
+        if (allowedOrigin.startsWith("*")) {
+          const domain = allowedOrigin.slice(1);
+          return origin?.endsWith(domain);
+        }
+        return origin === allowedOrigin;
+      });
+      if (!isAllowed) {
+        return (0, import_responses.createApiErrorResponse)("CORS_ORIGIN_NOT_ALLOWED", "Origin not allowed", 403);
+      }
+    }
+    return null;
+  }
+  function createCorsOptionsResponse(corsOptions) {
+    const response = new import_server.NextResponse(null, { status: 204 });
+    if (corsOptions.allowedOrigins === "*") {
+      response.headers.set("Access-Control-Allow-Origin", "*");
+    } else {
+      response.headers.set("Access-Control-Allow-Origin", corsOptions.allowedOrigins.join(","));
+    }
+    response.headers.set(
+      "Access-Control-Allow-Methods",
+      corsOptions.allowedMethods?.join(",") || "GET,POST"
+    );
+    response.headers.set(
+      "Access-Control-Allow-Headers",
+      corsOptions.allowedHeaders?.join(",") || "Content-Type,Authorization"
+    );
+    if (corsOptions.allowCredentials) {
+      response.headers.set("Access-Control-Allow-Credentials", "true");
+    }
+    if (corsOptions.maxAge) {
+      response.headers.set("Access-Control-Max-Age", corsOptions.maxAge.toString());
+    }
+    return response;
+  }
+  async function validateSecurity(securityOptions) {
+    const csrfResult = validateCsrf(securityOptions);
+    if (csrfResult) return csrfResult;
+    const headersResult = validateRequiredHeaders(securityOptions);
+    if (headersResult) return headersResult;
+    const userAgentResult = validateUserAgent(securityOptions);
+    if (userAgentResult) return userAgentResult;
+    return null;
+  }
+  function validateCsrf(securityOptions) {
+    if (securityOptions.requireCSRF && origin && host && !origin.includes(host)) {
+      const hasCSRFHeader = request.headers.get("x-requested-with") === "XMLHttpRequest";
+      const hasValidReferer = referer && host && referer.includes(host);
+      if (!hasCSRFHeader && !hasValidReferer) {
+        const isAllowedReferer = securityOptions.allowedReferers?.some(
+          (allowedRef) => referer?.includes(allowedRef)
+        );
+        if (!isAllowedReferer) {
+          return (0, import_responses.createApiErrorResponse)("CSRF_PROTECTION", "Access denied", 403);
+        }
+      }
+    }
+    return null;
+  }
+  function validateRequiredHeaders(securityOptions) {
+    if (securityOptions.requiredHeaders) {
+      for (const [headerName, expectedValue] of Object.entries(securityOptions.requiredHeaders)) {
+        const actualValue = request.headers.get(headerName);
+        if (actualValue !== expectedValue) {
+          return (0, import_responses.createApiErrorResponse)(
+            "INVALID_HEADERS",
+            "Required header missing or invalid",
+            400
+          );
+        }
+      }
+    }
+    return null;
+  }
+  function validateUserAgent(securityOptions) {
+    if (securityOptions.userAgent?.block?.length) {
+      const isBlocked = securityOptions.userAgent.block.some(
+        (blocked) => userAgent.toLowerCase().includes(blocked.toLowerCase())
+      );
+      if (isBlocked) {
+        return (0, import_responses.createApiErrorResponse)("USER_AGENT_BLOCKED", "Access denied", 403);
+      }
+    }
+    if (securityOptions.userAgent?.allow?.length) {
+      const isAllowed = securityOptions.userAgent.allow.some(
+        (allowed) => userAgent.toLowerCase().includes(allowed.toLowerCase())
+      );
+      if (!isAllowed) {
+        return (0, import_responses.createApiErrorResponse)("USER_AGENT_NOT_ALLOWED", "Access denied", 403);
+      }
+    }
+    return null;
+  }
+  function validateCsrfToken(csrfToken, csrfCookieValue) {
+    if (!csrfToken) {
+      return (0, import_responses.createApiErrorResponse)("INVALID_CSRF_TOKEN", "CSRF token is required", 400);
+    }
+    if (!csrfCookieValue) {
+      return (0, import_responses.createApiErrorResponse)("CSRF_COOKIE_MISSING", "CSRF token cookie not found", 403);
+    }
+    if (csrfToken !== csrfCookieValue) {
+      return (0, import_responses.createApiErrorResponse)("CSRF_TOKEN_MISMATCH", "CSRF token mismatch", 403);
+    }
+    return null;
+  }
+  function validatePathStructure() {
+    if (pathSegments.length < 3) {
+      return (0, import_responses.createApiErrorResponse)(
+        "INVALID_ROUTE",
+        "Invalid route structure. Expected: /api/auth/{endpoint}",
+        404
+      );
+    }
+    return null;
+  }
+  function validateEndpoint(_endpoint, endpointConfig) {
+    if (!endpointConfig || !endpointConfig.enabled) {
+      return (0, import_responses.createApiErrorResponse)("ENDPOINT_NOT_FOUND", "Endpoint not found", 404);
+    }
+    if (method !== "OPTIONS" && !endpointConfig.methods.includes(method)) {
+      return (0, import_responses.createApiErrorResponse)("METHOD_NOT_ALLOWED", "Method not allowed", 405);
+    }
+    return null;
+  }
+  function validateSubEndpoint(subEndpoint, subEndpointConfig) {
+    if (!subEndpoint) {
+      return (0, import_responses.createApiErrorResponse)("SUB_ENDPOINT_REQUIRED", "Session sub-endpoint required", 400);
+    }
+    if (!subEndpointConfig || !subEndpointConfig.enabled) {
+      return (0, import_responses.createApiErrorResponse)("ENDPOINT_NOT_FOUND", "Endpoint not found", 404);
+    }
+    if (!subEndpointConfig.methods?.includes(method)) {
+      return (0, import_responses.createApiErrorResponse)("METHOD_NOT_ALLOWED", "Method not allowed", 405);
+    }
+    return null;
+  }
+  async function validateSessionRequest() {
+    try {
+      const body = await request.json();
+      return { body, idToken: body.idToken, csrfToken: body.csrfToken };
+    } catch (error) {
+      return {
+        body: null,
+        error: (0, import_responses.createApiErrorResponse)("INVALID_REQUEST_FORMAT", "Invalid request format", 400)
+      };
+    }
+  }
+  function validateIdToken(idToken) {
+    if (!idToken) {
+      return (0, import_responses.createApiErrorResponse)(
+        "INVALID_TOKEN",
+        "ID token is required for creating session",
+        400
+      );
+    }
+    return null;
+  }
+  async function validateRequest(config) {
+    if (method === "OPTIONS" && config.cors) {
+      return {
+        isValid: true,
+        corsResponse: createCorsOptionsResponse(config.cors)
+      };
+    }
+    const pathError = validatePathStructure();
+    if (pathError) {
+      return { isValid: false, error: pathError };
+    }
+    if (config.cors) {
+      const corsError = await validateCors(config.cors);
+      if (corsError) {
+        return { isValid: false, error: corsError };
+      }
+    }
+    if (config.security) {
+      const securityError = await validateSecurity(config.security);
+      if (securityError) {
+        return { isValid: false, error: securityError };
+      }
+    }
+    if (config.endpoint) {
+      const endpointError = validateEndpoint(config.endpoint.name, config.endpoint.config);
+      if (endpointError) {
+        return { isValid: false, error: endpointError };
+      }
+    }
+    if (config.subEndpoint) {
+      const subEndpointError = validateSubEndpoint(
+        config.subEndpoint.name,
+        config.subEndpoint.config
+      );
+      if (subEndpointError) {
+        return { isValid: false, error: subEndpointError };
+      }
+    }
+    let sessionData;
+    if (method === "POST" && (config.requireIdToken || config.requireCsrfToken)) {
+      const sessionResult = await validateSessionRequest();
+      if (sessionResult.error) {
+        return { isValid: false, error: sessionResult.error };
+      }
+      sessionData = sessionResult;
+      if (config.requireIdToken) {
+        const idTokenError = validateIdToken(sessionData.idToken);
+        if (idTokenError) {
+          return { isValid: false, error: idTokenError };
+        }
+      }
+      if (config.requireCsrfToken && sessionData.csrfToken) {
+        const csrfCookieValue = request.cookies.get("csrfToken")?.value;
+        const csrfError = validateCsrfToken(sessionData.csrfToken, csrfCookieValue);
+        if (csrfError) {
+          return { isValid: false, error: csrfError };
+        }
+      }
+    }
+    return {
+      isValid: true,
+      sessionData
+    };
+  }
+  function createValidationConfig(overrides = {}) {
+    return {
+      ...overrides
+    };
+  }
+  return {
+    createValidationConfig,
+    validateRequest,
+    validateCors,
+    validateSecurity,
+    validatePathStructure,
+    validateEndpoint,
+    validateSubEndpoint,
+    validateSessionRequest,
+    validateIdToken,
+    validateCsrfToken,
+    createCorsOptionsResponse
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createRequestContext,
+  createValidators
+});
+//# sourceMappingURL=fnValidators.js.map

package/dist/cjs/app-router/admin/fnValidators.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/admin/fnValidators.ts"],"sourcesContent":["import { type NextRequest, NextResponse } from 'next/server';\n\nimport { createApiErrorResponse } from './responses';\nimport type {\n  AuthEndpoint,\n  ComprehensiveValidationResult,\n  CorsOptions,\n  EndpointConfig,\n  SecurityOptions,\n  SessionSubEndpoint,\n  ValidationConfig,\n} from './types';\n\nexport interface RequestContext {\n  request: NextRequest;\n  origin: string | null;\n  host: string | null;\n  referer: string | null;\n  userAgent: string;\n  method: string;\n  pathSegments: string[];\n}\n\nexport function createRequestContext(request: NextRequest): RequestContext {\n  const url = new URL(request.url);\n  const pathSegments = url.pathname.split('/').filter(Boolean);\n\n  return {\n    request,\n    origin: request.headers.get('origin'),\n    host: request.headers.get('host'),\n    referer: request.headers.get('referer'),\n    userAgent: request.headers.get('user-agent') || '',\n    method: request.method,\n    pathSegments,\n  };\n}\n\n/**\n * Main validators factory function\n * Returns an object containing all validator functions and utilities\n */\nexport function createValidators(context: RequestContext) {\n  const { request, origin, host, referer, userAgent, method, pathSegments } = context;\n\n  async function validateCors(corsOptions: CorsOptions): Promise<NextResponse | null> {\n    if (corsOptions.skipSameOrigin) {\n      if (!origin || (host && origin.includes(host))) {\n        return null;\n      }\n    }\n\n    if (corsOptions.allowedOrigins !== '*') {\n      const isAllowed = corsOptions.allowedOrigins.some(allowedOrigin => {\n        if (allowedOrigin.startsWith('*')) {\n          const domain = allowedOrigin.slice(1);\n          return origin?.endsWith(domain);\n        }\n        return origin === allowedOrigin;\n      });\n\n      if (!isAllowed) {\n        return createApiErrorResponse('CORS_ORIGIN_NOT_ALLOWED', 'Origin not allowed', 403);\n      }\n    }\n\n    return null;\n  }\n\n  function createCorsOptionsResponse(corsOptions: CorsOptions): NextResponse {\n    const response = new NextResponse(null, { status: 204 });\n\n    if (corsOptions.allowedOrigins === '*') {\n      response.headers.set('Access-Control-Allow-Origin', '*');\n    } else {\n      response.headers.set('Access-Control-Allow-Origin', corsOptions.allowedOrigins.join(','));\n    }\n\n    response.headers.set(\n      'Access-Control-Allow-Methods',\n      corsOptions.allowedMethods?.join(',') || 'GET,POST',\n    );\n    response.headers.set(\n      'Access-Control-Allow-Headers',\n      corsOptions.allowedHeaders?.join(',') || 'Content-Type,Authorization',\n    );\n\n    if (corsOptions.allowCredentials) {\n      response.headers.set('Access-Control-Allow-Credentials', 'true');\n    }\n\n    if (corsOptions.maxAge) {\n      response.headers.set('Access-Control-Max-Age', corsOptions.maxAge.toString());\n    }\n\n    return response;\n  }\n\n  async function validateSecurity(securityOptions: SecurityOptions): Promise<NextResponse | null> {\n    const csrfResult = validateCsrf(securityOptions);\n    if (csrfResult) return csrfResult;\n\n    const headersResult = validateRequiredHeaders(securityOptions);\n    if (headersResult) return headersResult;\n\n    const userAgentResult = validateUserAgent(securityOptions);\n    if (userAgentResult) return userAgentResult;\n\n    return null;\n  }\n\n  function validateCsrf(securityOptions: SecurityOptions): NextResponse | null {\n    if (securityOptions.requireCSRF && origin && host && !origin.includes(host)) {\n      const hasCSRFHeader = request.headers.get('x-requested-with') === 'XMLHttpRequest';\n      const hasValidReferer = referer && host && referer.includes(host);\n\n      if (!hasCSRFHeader && !hasValidReferer) {\n        const isAllowedReferer = securityOptions.allowedReferers?.some((allowedRef: string) =>\n          referer?.includes(allowedRef),\n        );\n\n        if (!isAllowedReferer) {\n          return createApiErrorResponse('CSRF_PROTECTION', 'Access denied', 403);\n        }\n      }\n    }\n    return null;\n  }\n\n  function validateRequiredHeaders(securityOptions: SecurityOptions): NextResponse | null {\n    if (securityOptions.requiredHeaders) {\n      for (const [headerName, expectedValue] of Object.entries(securityOptions.requiredHeaders)) {\n        const actualValue = request.headers.get(headerName);\n        if (actualValue !== expectedValue) {\n          return createApiErrorResponse(\n            'INVALID_HEADERS',\n            'Required header missing or invalid',\n            400,\n          );\n        }\n      }\n    }\n    return null;\n  }\n\n  function validateUserAgent(securityOptions: SecurityOptions): NextResponse | null {\n    if (securityOptions.userAgent?.block?.length) {\n      const isBlocked = securityOptions.userAgent.block.some((blocked: string) =>\n        userAgent.toLowerCase().includes(blocked.toLowerCase()),\n      );\n\n      if (isBlocked) {\n        return createApiErrorResponse('USER_AGENT_BLOCKED', 'Access denied', 403);\n      }\n    }\n\n    if (securityOptions.userAgent?.allow?.length) {\n      const isAllowed = securityOptions.userAgent.allow.some((allowed: string) =>\n        userAgent.toLowerCase().includes(allowed.toLowerCase()),\n      );\n\n      if (!isAllowed) {\n        return createApiErrorResponse('USER_AGENT_NOT_ALLOWED', 'Access denied', 403);\n      }\n    }\n\n    return null;\n  }\n\n  function validateCsrfToken(\n    csrfToken: string,\n    csrfCookieValue: string | undefined,\n  ): NextResponse | null {\n    if (!csrfToken) {\n      return createApiErrorResponse('INVALID_CSRF_TOKEN', 'CSRF token is required', 400);\n    }\n\n    if (!csrfCookieValue) {\n      return createApiErrorResponse('CSRF_COOKIE_MISSING', 'CSRF token cookie not found', 403);\n    }\n\n    if (csrfToken !== csrfCookieValue) {\n      return createApiErrorResponse('CSRF_TOKEN_MISMATCH', 'CSRF token mismatch', 403);\n    }\n\n    return null;\n  }\n\n  function validatePathStructure(): NextResponse | null {\n    if (pathSegments.length < 3) {\n      return createApiErrorResponse(\n        'INVALID_ROUTE',\n        'Invalid route structure. Expected: /api/auth/{endpoint}',\n        404,\n      );\n    }\n    return null;\n  }\n\n  function validateEndpoint(\n    _endpoint: AuthEndpoint,\n    endpointConfig: EndpointConfig,\n  ): NextResponse | null {\n    if (!endpointConfig || !endpointConfig.enabled) {\n      return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Endpoint not found', 404);\n    }\n\n    if (method !== 'OPTIONS' && !endpointConfig.methods.includes(method as any)) {\n      return createApiErrorResponse('METHOD_NOT_ALLOWED', 'Method not allowed', 405);\n    }\n\n    return null;\n  }\n\n  function validateSubEndpoint(\n    subEndpoint: SessionSubEndpoint | undefined,\n    subEndpointConfig: any,\n  ): NextResponse | null {\n    if (!subEndpoint) {\n      return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n    }\n\n    if (!subEndpointConfig || !subEndpointConfig.enabled) {\n      return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Endpoint not found', 404);\n    }\n\n    if (!subEndpointConfig.methods?.includes(method as any)) {\n      return createApiErrorResponse('METHOD_NOT_ALLOWED', 'Method not allowed', 405);\n    }\n\n    return null;\n  }\n\n  async function validateSessionRequest(): Promise<{\n    body: any;\n    idToken?: string;\n    csrfToken?: string;\n    error?: NextResponse;\n  }> {\n    try {\n      const body = await request.json();\n      return { body, idToken: body.idToken, csrfToken: body.csrfToken };\n    } catch (error) {\n      return {\n        body: null,\n        error: createApiErrorResponse('INVALID_REQUEST_FORMAT', 'Invalid request format', 400),\n      };\n    }\n  }\n\n  function validateIdToken(idToken: string | undefined): NextResponse | null {\n    if (!idToken) {\n      return createApiErrorResponse(\n        'INVALID_TOKEN',\n        'ID token is required for creating session',\n        400,\n      );\n    }\n    return null;\n  }\n\n  /**\n   * Main validation orchestrator function\n   * Runs all configured validations in the correct order\n   */\n  async function validateRequest(config: ValidationConfig): Promise<ComprehensiveValidationResult> {\n    if (method === 'OPTIONS' && config.cors) {\n      return {\n        isValid: true,\n        corsResponse: createCorsOptionsResponse(config.cors),\n      };\n    }\n    const pathError = validatePathStructure();\n    if (pathError) {\n      return { isValid: false, error: pathError };\n    }\n\n    if (config.cors) {\n      const corsError = await validateCors(config.cors);\n      if (corsError) {\n        return { isValid: false, error: corsError };\n      }\n    }\n\n    if (config.security) {\n      const securityError = await validateSecurity(config.security);\n      if (securityError) {\n        return { isValid: false, error: securityError };\n      }\n    }\n\n    if (config.endpoint) {\n      const endpointError = validateEndpoint(config.endpoint.name, config.endpoint.config);\n      if (endpointError) {\n        return { isValid: false, error: endpointError };\n      }\n    }\n\n    if (config.subEndpoint) {\n      const subEndpointError = validateSubEndpoint(\n        config.subEndpoint.name,\n        config.subEndpoint.config,\n      );\n      if (subEndpointError) {\n        return { isValid: false, error: subEndpointError };\n      }\n    }\n\n    let sessionData;\n    if (method === 'POST' && (config.requireIdToken || config.requireCsrfToken)) {\n      const sessionResult = await validateSessionRequest();\n      if (sessionResult.error) {\n        return { isValid: false, error: sessionResult.error };\n      }\n\n      sessionData = sessionResult;\n\n      if (config.requireIdToken) {\n        const idTokenError = validateIdToken(sessionData.idToken);\n        if (idTokenError) {\n          return { isValid: false, error: idTokenError };\n        }\n      }\n\n      if (config.requireCsrfToken && sessionData.csrfToken) {\n        const csrfCookieValue = request.cookies.get('csrfToken')?.value;\n        const csrfError = validateCsrfToken(sessionData.csrfToken, csrfCookieValue);\n        if (csrfError) {\n          return { isValid: false, error: csrfError };\n        }\n      }\n    }\n\n    return {\n      isValid: true,\n      sessionData,\n    };\n  }\n\n  /**\n   * Convenience function for quick validation setup\n   */\n  function createValidationConfig(overrides: Partial<ValidationConfig> = {}): ValidationConfig {\n    return {\n      ...overrides,\n    };\n  }\n\n  return {\n    createValidationConfig,\n\n    validateRequest,\n\n    validateCors,\n    validateSecurity,\n    validatePathStructure,\n    validateEndpoint,\n    validateSubEndpoint,\n    validateSessionRequest,\n    validateIdToken,\n    validateCsrfToken,\n\n    createCorsOptionsResponse,\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA+C;AAE/C,uBAAuC;AAqBhC,SAAS,qBAAqB,SAAsC;AACzE,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,QAAM,eAAe,IAAI,SAAS,MAAM,GAAG,EAAE,OAAO,OAAO;AAE3D,SAAO;AAAA,IACL;AAAA,IACA,QAAQ,QAAQ,QAAQ,IAAI,QAAQ;AAAA,IACpC,MAAM,QAAQ,QAAQ,IAAI,MAAM;AAAA,IAChC,SAAS,QAAQ,QAAQ,IAAI,SAAS;AAAA,IACtC,WAAW,QAAQ,QAAQ,IAAI,YAAY,KAAK;AAAA,IAChD,QAAQ,QAAQ;AAAA,IAChB;AAAA,EACF;AACF;AAMO,SAAS,iBAAiB,SAAyB;AACxD,QAAM,EAAE,SAAS,QAAQ,MAAM,SAAS,WAAW,QAAQ,aAAa,IAAI;AAE5E,iBAAe,aAAa,aAAwD;AAClF,QAAI,YAAY,gBAAgB;AAC9B,UAAI,CAAC,UAAW,QAAQ,OAAO,SAAS,IAAI,GAAI;AAC9C,eAAO;AAAA,MACT;AAAA,IACF;AAEA,QAAI,YAAY,mBAAmB,KAAK;AACtC,YAAM,YAAY,YAAY,eAAe,KAAK,mBAAiB;AACjE,YAAI,cAAc,WAAW,GAAG,GAAG;AACjC,gBAAM,SAAS,cAAc,MAAM,CAAC;AACpC,iBAAO,QAAQ,SAAS,MAAM;AAAA,QAChC;AACA,eAAO,WAAW;AAAA,MACpB,CAAC;AAED,UAAI,CAAC,WAAW;AACd,mBAAO,yCAAuB,2BAA2B,sBAAsB,GAAG;AAAA,MACpF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,WAAS,0BAA0B,aAAwC;AACzE,UAAM,WAAW,IAAI,2BAAa,MAAM,EAAE,QAAQ,IAAI,CAAC;AAEvD,QAAI,YAAY,mBAAmB,KAAK;AACtC,eAAS,QAAQ,IAAI,+BAA+B,GAAG;AAAA,IACzD,OAAO;AACL,eAAS,QAAQ,IAAI,+BAA+B,YAAY,eAAe,KAAK,GAAG,CAAC;AAAA,IAC1F;AAEA,aAAS,QAAQ;AAAA,MACf;AAAA,MACA,YAAY,gBAAgB,KAAK,GAAG,KAAK;AAAA,IAC3C;AACA,aAAS,QAAQ;AAAA,MACf;AAAA,MACA,YAAY,gBAAgB,KAAK,GAAG,KAAK;AAAA,IAC3C;AAEA,QAAI,YAAY,kBAAkB;AAChC,eAAS,QAAQ,IAAI,oCAAoC,MAAM;AAAA,IACjE;AAEA,QAAI,YAAY,QAAQ;AACtB,eAAS,QAAQ,IAAI,0BAA0B,YAAY,OAAO,SAAS,CAAC;AAAA,IAC9E;AAEA,WAAO;AAAA,EACT;AAEA,iBAAe,iBAAiB,iBAAgE;AAC9F,UAAM,aAAa,aAAa,eAAe;AAC/C,QAAI,WAAY,QAAO;AAEvB,UAAM,gBAAgB,wBAAwB,eAAe;AAC7D,QAAI,cAAe,QAAO;AAE1B,UAAM,kBAAkB,kBAAkB,eAAe;AACzD,QAAI,gBAAiB,QAAO;AAE5B,WAAO;AAAA,EACT;AAEA,WAAS,aAAa,iBAAuD;AAC3E,QAAI,gBAAgB,eAAe,UAAU,QAAQ,CAAC,OAAO,SAAS,IAAI,GAAG;AAC3E,YAAM,gBAAgB,QAAQ,QAAQ,IAAI,kBAAkB,MAAM;AAClE,YAAM,kBAAkB,WAAW,QAAQ,QAAQ,SAAS,IAAI;AAEhE,UAAI,CAAC,iBAAiB,CAAC,iBAAiB;AACtC,cAAM,mBAAmB,gBAAgB,iBAAiB;AAAA,UAAK,CAAC,eAC9D,SAAS,SAAS,UAAU;AAAA,QAC9B;AAEA,YAAI,CAAC,kBAAkB;AACrB,qBAAO,yCAAuB,mBAAmB,iBAAiB,GAAG;AAAA,QACvE;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,WAAS,wBAAwB,iBAAuD;AACtF,QAAI,gBAAgB,iBAAiB;AACnC,iBAAW,CAAC,YAAY,aAAa,KAAK,OAAO,QAAQ,gBAAgB,eAAe,GAAG;AACzF,cAAM,cAAc,QAAQ,QAAQ,IAAI,UAAU;AAClD,YAAI,gBAAgB,eAAe;AACjC,qBAAO;AAAA,YACL;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,WAAS,kBAAkB,iBAAuD;AAChF,QAAI,gBAAgB,WAAW,OAAO,QAAQ;AAC5C,YAAM,YAAY,gBAAgB,UAAU,MAAM;AAAA,QAAK,CAAC,YACtD,UAAU,YAAY,EAAE,SAAS,QAAQ,YAAY,CAAC;AAAA,MACxD;AAEA,UAAI,WAAW;AACb,mBAAO,yCAAuB,sBAAsB,iBAAiB,GAAG;AAAA,MAC1E;AAAA,IACF;AAEA,QAAI,gBAAgB,WAAW,OAAO,QAAQ;AAC5C,YAAM,YAAY,gBAAgB,UAAU,MAAM;AAAA,QAAK,CAAC,YACtD,UAAU,YAAY,EAAE,SAAS,QAAQ,YAAY,CAAC;AAAA,MACxD;AAEA,UAAI,CAAC,WAAW;AACd,mBAAO,yCAAuB,0BAA0B,iBAAiB,GAAG;AAAA,MAC9E;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,WAAS,kBACP,WACA,iBACqB;AACrB,QAAI,CAAC,WAAW;AACd,iBAAO,yCAAuB,sBAAsB,0BAA0B,GAAG;AAAA,IACnF;AAEA,QAAI,CAAC,iBAAiB;AACpB,iBAAO,yCAAuB,uBAAuB,+BAA+B,GAAG;AAAA,IACzF;AAEA,QAAI,cAAc,iBAAiB;AACjC,iBAAO,yCAAuB,uBAAuB,uBAAuB,GAAG;AAAA,IACjF;AAEA,WAAO;AAAA,EACT;AAEA,WAAS,wBAA6C;AACpD,QAAI,aAAa,SAAS,GAAG;AAC3B,iBAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,WAAS,iBACP,WACA,gBACqB;AACrB,QAAI,CAAC,kBAAkB,CAAC,eAAe,SAAS;AAC9C,iBAAO,yCAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,QAAI,WAAW,aAAa,CAAC,eAAe,QAAQ,SAAS,MAAa,GAAG;AAC3E,iBAAO,yCAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,WAAO;AAAA,EACT;AAEA,WAAS,oBACP,aACA,mBACqB;AACrB,QAAI,CAAC,aAAa;AAChB,iBAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,IAC7F;AAEA,QAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,iBAAO,yCAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,QAAI,CAAC,kBAAkB,SAAS,SAAS,MAAa,GAAG;AACvD,iBAAO,yCAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,WAAO;AAAA,EACT;AAEA,iBAAe,yBAKZ;AACD,QAAI;AACF,YAAM,OAAO,MAAM,QAAQ,KAAK;AAChC,aAAO,EAAE,MAAM,SAAS,KAAK,SAAS,WAAW,KAAK,UAAU;AAAA,IAClE,SAAS,OAAO;AACd,aAAO;AAAA,QACL,MAAM;AAAA,QACN,WAAO,yCAAuB,0BAA0B,0BAA0B,GAAG;AAAA,MACvF;AAAA,IACF;AAAA,EACF;AAEA,WAAS,gBAAgB,SAAkD;AACzE,QAAI,CAAC,SAAS;AACZ,iBAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAMA,iBAAe,gBAAgB,QAAkE;AAC/F,QAAI,WAAW,aAAa,OAAO,MAAM;AACvC,aAAO;AAAA,QACL,SAAS;AAAA,QACT,cAAc,0BAA0B,OAAO,IAAI;AAAA,MACrD;AAAA,IACF;AACA,UAAM,YAAY,sBAAsB;AACxC,QAAI,WAAW;AACb,aAAO,EAAE,SAAS,OAAO,OAAO,UAAU;AAAA,IAC5C;AAEA,QAAI,OAAO,MAAM;AACf,YAAM,YAAY,MAAM,aAAa,OAAO,IAAI;AAChD,UAAI,WAAW;AACb,eAAO,EAAE,SAAS,OAAO,OAAO,UAAU;AAAA,MAC5C;AAAA,IACF;AAEA,QAAI,OAAO,UAAU;AACnB,YAAM,gBAAgB,MAAM,iBAAiB,OAAO,QAAQ;AAC5D,UAAI,eAAe;AACjB,eAAO,EAAE,SAAS,OAAO,OAAO,cAAc;AAAA,MAChD;AAAA,IACF;AAEA,QAAI,OAAO,UAAU;AACnB,YAAM,gBAAgB,iBAAiB,OAAO,SAAS,MAAM,OAAO,SAAS,MAAM;AACnF,UAAI,eAAe;AACjB,eAAO,EAAE,SAAS,OAAO,OAAO,cAAc;AAAA,MAChD;AAAA,IACF;AAEA,QAAI,OAAO,aAAa;AACtB,YAAM,mBAAmB;AAAA,QACvB,OAAO,YAAY;AAAA,QACnB,OAAO,YAAY;AAAA,MACrB;AACA,UAAI,kBAAkB;AACpB,eAAO,EAAE,SAAS,OAAO,OAAO,iBAAiB;AAAA,MACnD;AAAA,IACF;AAEA,QAAI;AACJ,QAAI,WAAW,WAAW,OAAO,kBAAkB,OAAO,mBAAmB;AAC3E,YAAM,gBAAgB,MAAM,uBAAuB;AACnD,UAAI,cAAc,OAAO;AACvB,eAAO,EAAE,SAAS,OAAO,OAAO,cAAc,MAAM;AAAA,MACtD;AAEA,oBAAc;AAEd,UAAI,OAAO,gBAAgB;AACzB,cAAM,eAAe,gBAAgB,YAAY,OAAO;AACxD,YAAI,cAAc;AAChB,iBAAO,EAAE,SAAS,OAAO,OAAO,aAAa;AAAA,QAC/C;AAAA,MACF;AAEA,UAAI,OAAO,oBAAoB,YAAY,WAAW;AACpD,cAAM,kBAAkB,QAAQ,QAAQ,IAAI,WAAW,GAAG;AAC1D,cAAM,YAAY,kBAAkB,YAAY,WAAW,eAAe;AAC1E,YAAI,WAAW;AACb,iBAAO,EAAE,SAAS,OAAO,OAAO,UAAU;AAAA,QAC5C;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,SAAS;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAKA,WAAS,uBAAuB,YAAuC,CAAC,GAAqB;AAC3F,WAAO;AAAA,MACL,GAAG;AAAA,IACL;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IAEA;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IAEA;AAAA,EACF;AACF;","names":[]}

package/dist/cjs/app-router/admin/index.js

@@ -18,12 +18,25 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var admin_exports = {};
 __export(admin_exports, {
-  createSessionHandler: () => import_sessionHandler.createSessionHandler
+  clearNextSessionCookie: () => import_actions.clearNextSessionCookie,
+  clearSessionCookieServer: () => import_actions.clearSessionCookieServer,
+  createNextSessionCookie: () => import_actions.createNextSessionCookie,
+  createSessionCookieServer: () => import_actions.createSessionCookieServer,
+  createTernSecureNextJsHandler: () => import_ternsecureNextjsHandler.createTernSecureNextJsHandler,
+  setNextServerSession: () => import_actions.setNextServerSession,
+  setNextServerToken: () => import_actions.setNextServerToken
 });
 module.exports = __toCommonJS(admin_exports);
-var import_sessionHandler = require("./sessionHandler");
+var import_ternsecureNextjsHandler = require("./ternsecureNextjsHandler");
+var import_actions = require("./actions");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  createSessionHandler
+  clearNextSessionCookie,
+  clearSessionCookieServer,
+  createNextSessionCookie,
+  createSessionCookieServer,
+  createTernSecureNextJsHandler,
+  setNextServerSession,
+  setNextServerToken
 });
 //# sourceMappingURL=index.js.map

package/dist/cjs/app-router/admin/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/app-router/admin/index.ts"],"sourcesContent":["export { createSessionHandler } from './sessionHandler'"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAqC;","names":[]}
+{"version":3,"sources":["../../../../src/app-router/admin/index.ts"],"sourcesContent":["export { createTernSecureNextJsHandler } from './ternsecureNextjsHandler'\n\nexport { \n    clearSessionCookieServer,\n    clearNextSessionCookie,\n    createSessionCookieServer,\n    createNextSessionCookie,\n    setNextServerSession,\n    setNextServerToken\n} from './actions'\n\nexport type { TernSecureHandlerOptions } from './types'"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qCAA8C;AAE9C,qBAOO;","names":[]}

package/dist/cjs/app-router/admin/responses.js

@@ -0,0 +1,120 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var responses_exports = {};
+__export(responses_exports, {
+  HttpResponseHelper: () => HttpResponseHelper,
+  SessionResponseHelper: () => SessionResponseHelper,
+  createApiErrorResponse: () => createApiErrorResponse,
+  createApiSuccessResponse: () => createApiSuccessResponse
+});
+module.exports = __toCommonJS(responses_exports);
+var import_server = require("next/server");
+function createApiErrorResponse(code, message, status) {
+  const errors = [
+    {
+      code,
+      message
+    }
+  ];
+  return import_server.NextResponse.json(
+    {
+      success: false,
+      message,
+      error: code,
+      errors
+      // Include both formats for compatibility
+    },
+    { status }
+  );
+}
+function createApiSuccessResponse(data, status = 200) {
+  return import_server.NextResponse.json(
+    {
+      success: true,
+      ...data
+    },
+    { status }
+  );
+}
+class SessionResponseHelper {
+  static createVerificationResponse(decodedSession) {
+    return createApiSuccessResponse({
+      valid: true,
+      uid: decodedSession.data?.payload?.sub,
+      exp: decodedSession.data?.payload?.exp
+    });
+  }
+  static createUnauthorizedResponse() {
+    return createApiErrorResponse("UNAUTHORIZED", "Authentication required", 401);
+  }
+  static createSessionCreationResponse(res) {
+    if (!res.success) {
+      console.error("[TernSecureAuthHandler] Error creating session:", {
+        error: res.error,
+        message: res.message,
+        cookieSet: res.cookieSet
+      });
+    }
+    const statusCode = res.success ? 200 : res.error === "INVALID_TOKEN" ? 400 : res.error === "EXPIRED_TOKEN" ? 401 : 500;
+    return import_server.NextResponse.json(res, { status: statusCode });
+  }
+  static createRefreshResponse(refreshRes) {
+    if (!refreshRes.success) {
+      console.error("[TernSecureAuthHandler] Error refreshing session:", {
+        error: refreshRes.error,
+        message: refreshRes.message
+      });
+    }
+    const statusCode = refreshRes.success ? 200 : 401;
+    return import_server.NextResponse.json(refreshRes, { status: statusCode });
+  }
+  static createRevokeResponse(res) {
+    if (!res.success) {
+      console.error("[TernSecureAuthHandler] Error revoking session:", {
+        error: res.error,
+        message: res.message
+      });
+    }
+    const statusCode = res.success ? 200 : 500;
+    return import_server.NextResponse.json(res, { status: statusCode });
+  }
+}
+class HttpResponseHelper {
+  static createMethodNotAllowedResponse() {
+    return createApiErrorResponse("METHOD_NOT_ALLOWED", "Method not allowed", 405);
+  }
+  static createNotFoundResponse() {
+    return createApiErrorResponse("NOT_FOUND", "Endpoint not found", 404);
+  }
+  static createSubEndpointNotSupportedResponse() {
+    return createApiErrorResponse(
+      "SUB_ENDPOINT_NOT_SUPPORTED",
+      "Sub-endpoint not supported for POST method",
+      400
+    );
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  HttpResponseHelper,
+  SessionResponseHelper,
+  createApiErrorResponse,
+  createApiSuccessResponse
+});
+//# sourceMappingURL=responses.js.map

package/dist/cjs/app-router/admin/responses.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/admin/responses.ts"],"sourcesContent":["import type { TernSecureApiErrorJSON } from '@tern-secure/types';\nimport { NextResponse } from 'next/server';\n\n/**\n * Standardized error response creation\n */\nexport function createApiErrorResponse(\n  code: string,\n  message: string,\n  status: number,\n): NextResponse {\n  const errors: TernSecureApiErrorJSON[] = [\n    {\n      code,\n      message,\n    },\n  ];\n\n  return NextResponse.json(\n    {\n      success: false,\n      message,\n      error: code,\n      errors, // Include both formats for compatibility\n    },\n    { status },\n  );\n}\n\n/**\n * Standardized success response creation\n */\nexport function createApiSuccessResponse<T>(data: T, status: number = 200): NextResponse {\n  return NextResponse.json(\n    {\n      success: true,\n      ...data,\n    },\n    { status },\n  );\n}\n\n/**\n * Session verification response utilities\n */\nexport class SessionResponseHelper {\n  static createVerificationResponse(decodedSession: any): NextResponse {\n    return createApiSuccessResponse({\n      valid: true,\n      uid: decodedSession.data?.payload?.sub,\n      exp: decodedSession.data?.payload?.exp,\n    });\n  }\n\n  static createUnauthorizedResponse(): NextResponse {\n    return createApiErrorResponse('UNAUTHORIZED', 'Authentication required', 401);\n  }\n\n  static createSessionCreationResponse(res: any): NextResponse {\n    if (!res.success) {\n      console.error('[TernSecureAuthHandler] Error creating session:', {\n        error: res.error,\n        message: res.message,\n        cookieSet: res.cookieSet,\n      });\n    }\n\n    const statusCode = res.success\n      ? 200\n      : res.error === 'INVALID_TOKEN'\n        ? 400\n        : res.error === 'EXPIRED_TOKEN'\n          ? 401\n          : 500;\n\n    return NextResponse.json(res, { status: statusCode });\n  }\n\n  static createRefreshResponse(refreshRes: any): NextResponse {\n    if (!refreshRes.success) {\n      console.error('[TernSecureAuthHandler] Error refreshing session:', {\n        error: refreshRes.error,\n        message: refreshRes.message,\n      });\n    }\n\n    const statusCode = refreshRes.success ? 200 : 401;\n    return NextResponse.json(refreshRes, { status: statusCode });\n  }\n\n  static createRevokeResponse(res: any): NextResponse {\n    if (!res.success) {\n      console.error('[TernSecureAuthHandler] Error revoking session:', {\n        error: res.error,\n        message: res.message,\n      });\n    }\n    const statusCode = res.success ? 200 : 500;\n    return NextResponse.json(res, { status: statusCode });\n  }\n}\n\n/**\n * HTTP method response utilities\n */\nexport class HttpResponseHelper {\n  static createMethodNotAllowedResponse(): NextResponse {\n    return createApiErrorResponse('METHOD_NOT_ALLOWED', 'Method not allowed', 405);\n  }\n\n  static createNotFoundResponse(): NextResponse {\n    return createApiErrorResponse('NOT_FOUND', 'Endpoint not found', 404);\n  }\n\n  static createSubEndpointNotSupportedResponse(): NextResponse {\n    return createApiErrorResponse(\n      'SUB_ENDPOINT_NOT_SUPPORTED',\n      'Sub-endpoint not supported for POST method',\n      400,\n    );\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,oBAA6B;AAKtB,SAAS,uBACd,MACA,SACA,QACc;AACd,QAAM,SAAmC;AAAA,IACvC;AAAA,MACE;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO,2BAAa;AAAA,IAClB;AAAA,MACE,SAAS;AAAA,MACT;AAAA,MACA,OAAO;AAAA,MACP;AAAA;AAAA,IACF;AAAA,IACA,EAAE,OAAO;AAAA,EACX;AACF;AAKO,SAAS,yBAA4B,MAAS,SAAiB,KAAmB;AACvF,SAAO,2BAAa;AAAA,IAClB;AAAA,MACE,SAAS;AAAA,MACT,GAAG;AAAA,IACL;AAAA,IACA,EAAE,OAAO;AAAA,EACX;AACF;AAKO,MAAM,sBAAsB;AAAA,EACjC,OAAO,2BAA2B,gBAAmC;AACnE,WAAO,yBAAyB;AAAA,MAC9B,OAAO;AAAA,MACP,KAAK,eAAe,MAAM,SAAS;AAAA,MACnC,KAAK,eAAe,MAAM,SAAS;AAAA,IACrC,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,6BAA2C;AAChD,WAAO,uBAAuB,gBAAgB,2BAA2B,GAAG;AAAA,EAC9E;AAAA,EAEA,OAAO,8BAA8B,KAAwB;AAC3D,QAAI,CAAC,IAAI,SAAS;AAChB,cAAQ,MAAM,mDAAmD;AAAA,QAC/D,OAAO,IAAI;AAAA,QACX,SAAS,IAAI;AAAA,QACb,WAAW,IAAI;AAAA,MACjB,CAAC;AAAA,IACH;AAEA,UAAM,aAAa,IAAI,UACnB,MACA,IAAI,UAAU,kBACZ,MACA,IAAI,UAAU,kBACZ,MACA;AAER,WAAO,2BAAa,KAAK,KAAK,EAAE,QAAQ,WAAW,CAAC;AAAA,EACtD;AAAA,EAEA,OAAO,sBAAsB,YAA+B;AAC1D,QAAI,CAAC,WAAW,SAAS;AACvB,cAAQ,MAAM,qDAAqD;AAAA,QACjE,OAAO,WAAW;AAAA,QAClB,SAAS,WAAW;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,UAAM,aAAa,WAAW,UAAU,MAAM;AAC9C,WAAO,2BAAa,KAAK,YAAY,EAAE,QAAQ,WAAW,CAAC;AAAA,EAC7D;AAAA,EAEA,OAAO,qBAAqB,KAAwB;AAClD,QAAI,CAAC,IAAI,SAAS;AAChB,cAAQ,MAAM,mDAAmD;AAAA,QAC/D,OAAO,IAAI;AAAA,QACX,SAAS,IAAI;AAAA,MACf,CAAC;AAAA,IACH;AACA,UAAM,aAAa,IAAI,UAAU,MAAM;AACvC,WAAO,2BAAa,KAAK,KAAK,EAAE,QAAQ,WAAW,CAAC;AAAA,EACtD;AACF;AAKO,MAAM,mBAAmB;AAAA,EAC9B,OAAO,iCAA+C;AACpD,WAAO,uBAAuB,sBAAsB,sBAAsB,GAAG;AAAA,EAC/E;AAAA,EAEA,OAAO,yBAAuC;AAC5C,WAAO,uBAAuB,aAAa,sBAAsB,GAAG;AAAA,EACtE;AAAA,EAEA,OAAO,wCAAsD;AAC3D,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;","names":[]}