@tern-secure/nextjs 5.1.8 → 5.1.9

package/dist/cjs/app-router/admin/sessionHandlers.js

@@ -0,0 +1,167 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sessionHandlers_exports = {};
+__export(sessionHandlers_exports, {
+  SessionEndpointHandler: () => SessionEndpointHandler,
+  SessionGetHandler: () => SessionGetHandler,
+  SessionPostHandler: () => SessionPostHandler
+});
+module.exports = __toCommonJS(sessionHandlers_exports);
+var import_admin = require("@tern-secure/backend/admin");
+var import_jwt = require("@tern-secure/backend/jwt");
+var import_NextCookieAdapter = require("../../utils/NextCookieAdapter");
+var import_responses = require("./responses");
+var import_validators = require("./validators");
+class SessionGetHandler {
+  static async handle(request, subEndpoint, _config) {
+    switch (subEndpoint) {
+      case "verify":
+        return this.handleVerify(request);
+      default:
+        return import_responses.HttpResponseHelper.createNotFoundResponse();
+    }
+  }
+  static async handleVerify(request) {
+    try {
+      const sessionCookie = request.cookies.get("_session_cookie")?.value;
+      if (!sessionCookie) {
+        return import_responses.SessionResponseHelper.createUnauthorizedResponse();
+      }
+      const decodedSession = (0, import_jwt.ternDecodeJwtUnguarded)(sessionCookie);
+      if (decodedSession.errors) {
+        return import_responses.SessionResponseHelper.createUnauthorizedResponse();
+      }
+      return import_responses.SessionResponseHelper.createVerificationResponse(decodedSession);
+    } catch (error) {
+      return import_responses.SessionResponseHelper.createUnauthorizedResponse();
+    }
+  }
+}
+class SessionPostHandler {
+  static async handle(request, subEndpoint, _config) {
+    const cookieStore = new import_NextCookieAdapter.NextCookieStore();
+    const { idToken, csrfToken, error } = await import_validators.RequestValidator.validateSessionRequest(request);
+    if (error) return error;
+    const csrfCookieValue = request.cookies.get("_session_terncf")?.value;
+    const csrfValidationError = import_validators.CsrfValidator.validate(csrfToken || "", csrfCookieValue);
+    if (csrfValidationError) return csrfValidationError;
+    const options = {
+      tenantId: _config.tenantId
+    };
+    switch (subEndpoint) {
+      case "createsession":
+        return this.handleCreateSession(options, idToken, cookieStore);
+      case "refresh":
+        return this.handleRefreshSession(request, cookieStore);
+      case "revoke":
+        return this.handleRevokeSession(cookieStore);
+      default:
+        return import_responses.HttpResponseHelper.createSubEndpointNotSupportedResponse();
+    }
+  }
+  static async handleCreateSession(options, idToken, cookieStore) {
+    const validationError = import_validators.RequestValidator.validateIdToken(idToken);
+    if (validationError) return validationError;
+    if (!idToken) {
+      return (0, import_responses.createApiErrorResponse)("ID_TOKEN_REQUIRED", "ID token is required", 400);
+    }
+    try {
+      const res = await (0, import_admin.createSessionCookie)(idToken, cookieStore, options);
+      return import_responses.SessionResponseHelper.createSessionCreationResponse(res);
+    } catch (error) {
+      return (0, import_responses.createApiErrorResponse)("SESSION_CREATION_FAILED", "Session creation failed", 500);
+    }
+  }
+  static async handleRefreshSession(request, cookieStore) {
+    const currentSessionCookie = request.cookies.get("__session")?.value;
+    if (!currentSessionCookie) {
+      return (0, import_responses.createApiErrorResponse)("NO_SESSION", "No session to refresh", 401);
+    }
+    try {
+      const decodedSession = (0, import_jwt.ternDecodeJwtUnguarded)(currentSessionCookie);
+      if (decodedSession.errors) {
+        return (0, import_responses.createApiErrorResponse)("INVALID_SESSION", "Invalid session for refresh", 401);
+      }
+      const refreshRes = await (0, import_admin.createSessionCookie)(
+        decodedSession.data?.payload?.sub || "",
+        cookieStore
+      );
+      return import_responses.SessionResponseHelper.createRefreshResponse(refreshRes);
+    } catch (error) {
+      return (0, import_responses.createApiErrorResponse)("REFRESH_FAILED", "Session refresh failed", 500);
+    }
+  }
+  static async handleRevokeSession(cookieStore) {
+    const res = await (0, import_admin.clearSessionCookie)(cookieStore);
+    return import_responses.SessionResponseHelper.createRevokeResponse(res);
+  }
+}
+class SessionEndpointHandler {
+  static async handle(request, method, subEndpoint, config) {
+    const sessionsConfig = config.endpoints.sessions;
+    if (!subEndpoint) {
+      return (0, import_responses.createApiErrorResponse)("SUB_ENDPOINT_REQUIRED", "Session sub-endpoint required", 400);
+    }
+    const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];
+    const subEndpointValidation = this.validateSubEndpoint(subEndpoint, subEndpointConfig, method);
+    if (subEndpointValidation) return subEndpointValidation;
+    if (subEndpointConfig?.security) {
+      const { SecurityValidator } = await import("./validators.js");
+      const securityResult = await SecurityValidator.validate(request, subEndpointConfig.security);
+      if (securityResult) return securityResult;
+    }
+    switch (method) {
+      case "GET":
+        return SessionGetHandler.handle(request, subEndpoint, config);
+      case "POST":
+        return SessionPostHandler.handle(request, subEndpoint, config);
+      default:
+        return import_responses.HttpResponseHelper.createMethodNotAllowedResponse();
+    }
+  }
+  static validateSubEndpoint(subEndpoint, subEndpointConfig, method) {
+    if (!subEndpoint) {
+      return (0, import_responses.createApiErrorResponse)("SUB_ENDPOINT_REQUIRED", "Session sub-endpoint required", 400);
+    }
+    if (!subEndpointConfig || !subEndpointConfig.enabled) {
+      return (0, import_responses.createApiErrorResponse)("ENDPOINT_NOT_FOUND", "Endpoint not found", 404);
+    }
+    if (!subEndpointConfig.methods?.includes(method)) {
+      return (0, import_responses.createApiErrorResponse)("METHOD_NOT_ALLOWED", "Method not allowed", 405);
+    }
+    return null;
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  SessionEndpointHandler,
+  SessionGetHandler,
+  SessionPostHandler
+});
+//# sourceMappingURL=sessionHandlers.js.map

package/dist/cjs/app-router/admin/sessionHandlers.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import type { RequestOptions } from '@tern-secure/backend';\nimport { clearSessionCookie, createSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport type { NextRequest, NextResponse } from 'next/server';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type {\n  SessionSubEndpoint,\n  TernSecureHandlerOptions,\n  TernSecureInternalHandlerConfig,\n} from './types';\nimport { CsrfValidator, RequestValidator } from './validators';\n\n/**\n * Session GET request handlers\n */\nexport class SessionGetHandler {\n  static async handle(\n    request: NextRequest,\n    subEndpoint: SessionSubEndpoint,\n    _config: Required<TernSecureHandlerOptions>,\n  ): Promise<NextResponse> {\n    switch (subEndpoint) {\n      case 'verify':\n        return this.handleVerify(request);\n      default:\n        return HttpResponseHelper.createNotFoundResponse();\n    }\n  }\n\n  private static async handleVerify(request: NextRequest): Promise<NextResponse> {\n    try {\n      const sessionCookie = request.cookies.get('_session_cookie')?.value;\n      if (!sessionCookie) {\n        return SessionResponseHelper.createUnauthorizedResponse();\n      }\n\n      const decodedSession = ternDecodeJwtUnguarded(sessionCookie);\n      if (decodedSession.errors) {\n        return SessionResponseHelper.createUnauthorizedResponse();\n      }\n\n      return SessionResponseHelper.createVerificationResponse(decodedSession);\n    } catch (error) {\n      return SessionResponseHelper.createUnauthorizedResponse();\n    }\n  }\n}\n\n/**\n * Session POST request handlers\n */\nexport class SessionPostHandler {\n  static async handle(\n    request: NextRequest,\n    subEndpoint: SessionSubEndpoint,\n    _config: TernSecureInternalHandlerConfig,\n  ): Promise<NextResponse> {\n    const cookieStore = new NextCookieStore();\n\n    const { idToken, csrfToken, error } = await RequestValidator.validateSessionRequest(request);\n    if (error) return error;\n\n    const csrfCookieValue = request.cookies.get('_session_terncf')?.value;\n    const csrfValidationError = CsrfValidator.validate(csrfToken || '', csrfCookieValue);\n    if (csrfValidationError) return csrfValidationError;\n\n    const options = {\n      tenantId: _config.tenantId,\n    };\n\n    switch (subEndpoint) {\n      case 'createsession':\n        return this.handleCreateSession(options, idToken, cookieStore);\n      case 'refresh':\n        return this.handleRefreshSession(request, cookieStore);\n      case 'revoke':\n        return this.handleRevokeSession(cookieStore);\n      default:\n        return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n    }\n  }\n\n  private static async handleCreateSession(\n    options: RequestOptions,\n    idToken: string | undefined,\n    cookieStore: NextCookieStore,\n  ): Promise<NextResponse> {\n    const validationError = RequestValidator.validateIdToken(idToken);\n    if (validationError) return validationError;\n    if (!idToken) {\n      return createApiErrorResponse('ID_TOKEN_REQUIRED', 'ID token is required', 400);\n    }\n\n    try {\n      const res = await createSessionCookie(idToken, cookieStore, options);\n      return SessionResponseHelper.createSessionCreationResponse(res);\n    } catch (error) {\n      return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n    }\n  }\n\n  private static async handleRefreshSession(\n    request: NextRequest,\n    cookieStore: NextCookieStore,\n  ): Promise<NextResponse> {\n    const currentSessionCookie = request.cookies.get('__session')?.value;\n    if (!currentSessionCookie) {\n      return createApiErrorResponse('NO_SESSION', 'No session to refresh', 401);\n    }\n\n    try {\n      const decodedSession = ternDecodeJwtUnguarded(currentSessionCookie);\n      if (decodedSession.errors) {\n        return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n      }\n\n      const refreshRes = await createSessionCookie(\n        decodedSession.data?.payload?.sub || '',\n        cookieStore,\n      );\n\n      return SessionResponseHelper.createRefreshResponse(refreshRes);\n    } catch (error) {\n      return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n    }\n  }\n\n  private static async handleRevokeSession(cookieStore: NextCookieStore): Promise<NextResponse> {\n    const res = await clearSessionCookie(cookieStore);\n    return SessionResponseHelper.createRevokeResponse(res);\n  }\n}\n\n/**\n * Main session endpoint orchestrator\n */\nexport class SessionEndpointHandler {\n  static async handle(\n    request: NextRequest,\n    method: string,\n    subEndpoint: SessionSubEndpoint | undefined,\n    config: Required<TernSecureHandlerOptions>,\n  ): Promise<NextResponse> {\n    const sessionsConfig = config.endpoints.sessions;\n\n    if (!subEndpoint) {\n      return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n    }\n\n    const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n    const subEndpointValidation = this.validateSubEndpoint(subEndpoint, subEndpointConfig, method);\n    if (subEndpointValidation) return subEndpointValidation;\n\n    if (subEndpointConfig?.security) {\n      const { SecurityValidator } = await import('./validators.js');\n      const securityResult = await SecurityValidator.validate(request, subEndpointConfig.security);\n      if (securityResult) return securityResult;\n    }\n\n    switch (method) {\n      case 'GET':\n        return SessionGetHandler.handle(request, subEndpoint, config);\n      case 'POST':\n        return SessionPostHandler.handle(request, subEndpoint, config);\n      default:\n        return HttpResponseHelper.createMethodNotAllowedResponse();\n    }\n  }\n\n  private static validateSubEndpoint(\n    subEndpoint: SessionSubEndpoint | undefined,\n    subEndpointConfig: any,\n    method: string,\n  ): NextResponse | null {\n    if (!subEndpoint) {\n      return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n    }\n\n    if (!subEndpointConfig || !subEndpointConfig.enabled) {\n      return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Endpoint not found', 404);\n    }\n\n    if (!subEndpointConfig.methods?.includes(method as any)) {\n      return createApiErrorResponse('METHOD_NOT_ALLOWED', 'Method not allowed', 405);\n    }\n\n    return null;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,mBAAwD;AACxD,iBAAuC;AAGvC,+BAAgC;AAChC,uBAAkF;AAMlF,wBAAgD;AAKzC,MAAM,kBAAkB;AAAA,EAC7B,aAAa,OACX,SACA,aACA,SACuB;AACvB,YAAQ,aAAa;AAAA,MACnB,KAAK;AACH,eAAO,KAAK,aAAa,OAAO;AAAA,MAClC;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAAA,EAEA,aAAqB,aAAa,SAA6C;AAC7E,QAAI;AACF,YAAM,gBAAgB,QAAQ,QAAQ,IAAI,iBAAiB,GAAG;AAC9D,UAAI,CAAC,eAAe;AAClB,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAEA,YAAM,qBAAiB,mCAAuB,aAAa;AAC3D,UAAI,eAAe,QAAQ;AACzB,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAEA,aAAO,uCAAsB,2BAA2B,cAAc;AAAA,IACxE,SAAS,OAAO;AACd,aAAO,uCAAsB,2BAA2B;AAAA,IAC1D;AAAA,EACF;AACF;AAKO,MAAM,mBAAmB;AAAA,EAC9B,aAAa,OACX,SACA,aACA,SACuB;AACvB,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,mCAAiB,uBAAuB,OAAO;AAC3F,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,QAAQ,QAAQ,IAAI,iBAAiB,GAAG;AAChE,UAAM,sBAAsB,gCAAc,SAAS,aAAa,IAAI,eAAe;AACnF,QAAI,oBAAqB,QAAO;AAEhC,UAAM,UAAU;AAAA,MACd,UAAU,QAAQ;AAAA,IACpB;AAEA,YAAQ,aAAa;AAAA,MACnB,KAAK;AACH,eAAO,KAAK,oBAAoB,SAAS,SAAS,WAAW;AAAA,MAC/D,KAAK;AACH,eAAO,KAAK,qBAAqB,SAAS,WAAW;AAAA,MACvD,KAAK;AACH,eAAO,KAAK,oBAAoB,WAAW;AAAA,MAC7C;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAAA,EAEA,aAAqB,oBACnB,SACA,SACA,aACuB;AACvB,UAAM,kBAAkB,mCAAiB,gBAAgB,OAAO;AAChE,QAAI,gBAAiB,QAAO;AAC5B,QAAI,CAAC,SAAS;AACZ,iBAAO,yCAAuB,qBAAqB,wBAAwB,GAAG;AAAA,IAChF;AAEA,QAAI;AACF,YAAM,MAAM,UAAM,kCAAoB,SAAS,aAAa,OAAO;AACnE,aAAO,uCAAsB,8BAA8B,GAAG;AAAA,IAChE,SAAS,OAAO;AACd,iBAAO,yCAAuB,2BAA2B,2BAA2B,GAAG;AAAA,IACzF;AAAA,EACF;AAAA,EAEA,aAAqB,qBACnB,SACA,aACuB;AACvB,UAAM,uBAAuB,QAAQ,QAAQ,IAAI,WAAW,GAAG;AAC/D,QAAI,CAAC,sBAAsB;AACzB,iBAAO,yCAAuB,cAAc,yBAAyB,GAAG;AAAA,IAC1E;AAEA,QAAI;AACF,YAAM,qBAAiB,mCAAuB,oBAAoB;AAClE,UAAI,eAAe,QAAQ;AACzB,mBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,MACrF;AAEA,YAAM,aAAa,UAAM;AAAA,QACvB,eAAe,MAAM,SAAS,OAAO;AAAA,QACrC;AAAA,MACF;AAEA,aAAO,uCAAsB,sBAAsB,UAAU;AAAA,IAC/D,SAAS,OAAO;AACd,iBAAO,yCAAuB,kBAAkB,0BAA0B,GAAG;AAAA,IAC/E;AAAA,EACF;AAAA,EAEA,aAAqB,oBAAoB,aAAqD;AAC5F,UAAM,MAAM,UAAM,iCAAmB,WAAW;AAChD,WAAO,uCAAsB,qBAAqB,GAAG;AAAA,EACvD;AACF;AAKO,MAAM,uBAAuB;AAAA,EAClC,aAAa,OACX,SACA,QACA,aACA,QACuB;AACvB,UAAM,iBAAiB,OAAO,UAAU;AAExC,QAAI,CAAC,aAAa;AAChB,iBAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,IAC7F;AAEA,UAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,UAAM,wBAAwB,KAAK,oBAAoB,aAAa,mBAAmB,MAAM;AAC7F,QAAI,sBAAuB,QAAO;AAElC,QAAI,mBAAmB,UAAU;AAC/B,YAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,iBAAiB;AAC5D,YAAM,iBAAiB,MAAM,kBAAkB,SAAS,SAAS,kBAAkB,QAAQ;AAC3F,UAAI,eAAgB,QAAO;AAAA,IAC7B;AAEA,YAAQ,QAAQ;AAAA,MACd,KAAK;AACH,eAAO,kBAAkB,OAAO,SAAS,aAAa,MAAM;AAAA,MAC9D,KAAK;AACH,eAAO,mBAAmB,OAAO,SAAS,aAAa,MAAM;AAAA,MAC/D;AACE,eAAO,oCAAmB,+BAA+B;AAAA,IAC7D;AAAA,EACF;AAAA,EAEA,OAAe,oBACb,aACA,mBACA,QACqB;AACrB,QAAI,CAAC,aAAa;AAChB,iBAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,IAC7F;AAEA,QAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,iBAAO,yCAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,QAAI,CAAC,kBAAkB,SAAS,SAAS,MAAa,GAAG;AACvD,iBAAO,yCAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/cjs/app-router/admin/ternsecureNextjsHandler.js

@@ -0,0 +1,84 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var ternsecureNextjsHandler_exports = {};
+__export(ternsecureNextjsHandler_exports, {
+  createTernSecureNextJsHandler: () => createTernSecureNextJsHandler
+});
+module.exports = __toCommonJS(ternsecureNextjsHandler_exports);
+var import_constants = require("./constants");
+var import_fnValidators = require("./fnValidators");
+var import_responses = require("./responses");
+var import_sessionHandlers = require("./sessionHandlers");
+var import_types = require("./types");
+var import_utils = require("./utils");
+async function applyGlobalValidations(config, context) {
+  const { validateCors, validateSecurity, createCorsOptionsResponse } = (0, import_fnValidators.createValidators)(context);
+  const corsError = await validateCors(config.cors);
+  if (corsError) return corsError;
+  if (context.method === "OPTIONS") {
+    return createCorsOptionsResponse(config.cors);
+  }
+  const securityError = await validateSecurity(config.security);
+  if (securityError) return securityError;
+  return null;
+}
+async function routeToEndpointHandler(request, endpoint, subEndpoint, config) {
+  switch (endpoint) {
+    case "sessions":
+      return import_sessionHandlers.SessionEndpointHandler.handle(request, request.method, subEndpoint, config);
+    default:
+      return (0, import_responses.createApiErrorResponse)("ENDPOINT_NOT_FOUND", "Endpoint not found", 404);
+  }
+}
+function createTernSecureNextJsHandler(options) {
+  const baseConfig = import_utils.ConfigUtils.mergeWithDefaults(
+    import_types.DEFAULT_HANDLER_OPTIONS,
+    options
+  );
+  const internalConfig = {
+    ...baseConfig,
+    tenantId: import_constants.TENANT_ID
+  };
+  const handler = async (request) => {
+    const context = (0, import_fnValidators.createRequestContext)(request);
+    const { pathSegments } = context;
+    const endpoint = pathSegments[2];
+    const subEndpoint = pathSegments[3];
+    import_utils.LoggingUtils.logRequest(request, "Handler");
+    try {
+      const validationResult = await applyGlobalValidations(internalConfig, context);
+      if (validationResult) {
+        return validationResult;
+      }
+      return await routeToEndpointHandler(request, endpoint, subEndpoint, internalConfig);
+    } catch (error) {
+      import_utils.LoggingUtils.logError(error, "Handler");
+      return (0, import_responses.createApiErrorResponse)("INTERNAL_SERVER_ERROR", "Internal server error", 500);
+    }
+  };
+  return {
+    GET: handler,
+    POST: handler
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createTernSecureNextJsHandler
+});
+//# sourceMappingURL=ternsecureNextjsHandler.js.map

package/dist/cjs/app-router/admin/ternsecureNextjsHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/admin/ternsecureNextjsHandler.ts"],"sourcesContent":["import type { NextRequest, NextResponse } from 'next/server';\n\nimport { TENANT_ID } from './constants';\nimport type { RequestContext } from './fnValidators';\nimport { createRequestContext, createValidators } from './fnValidators';\nimport { createApiErrorResponse } from './responses';\nimport { SessionEndpointHandler } from './sessionHandlers';\nimport type {\n  AuthEndpoint,\n  SessionSubEndpoint,\n  TernSecureHandlerOptions,\n  TernSecureInternalHandlerConfig} from './types';\nimport {\n  DEFAULT_HANDLER_OPTIONS\n} from './types';\nimport { ConfigUtils, LoggingUtils } from './utils';\n\n/**\n * Apply all global validations in a clean, sequential manner\n */\nasync function applyGlobalValidations(\n  config: Required<TernSecureHandlerOptions>,\n  context: RequestContext,\n): Promise<NextResponse | null> {\n  const { validateCors, validateSecurity, createCorsOptionsResponse } = createValidators(context);\n  const corsError = await validateCors(config.cors);\n  if (corsError) return corsError;\n\n  if (context.method === 'OPTIONS') {\n    return createCorsOptionsResponse(config.cors);\n  }\n\n  const securityError = await validateSecurity(config.security);\n  if (securityError) return securityError;\n\n  return null;\n}\n\n/**\n * Route to appropriate endpoint handler based on endpoint type\n */\nasync function routeToEndpointHandler(\n  request: NextRequest,\n  endpoint: AuthEndpoint,\n  subEndpoint: SessionSubEndpoint,\n  config: TernSecureInternalHandlerConfig,\n): Promise<NextResponse> {\n  switch (endpoint) {\n    case 'sessions':\n      return SessionEndpointHandler.handle(request, request.method, subEndpoint, config);\n    default:\n      return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Endpoint not found', 404);\n  }\n}\n\nexport function createTernSecureNextJsHandler(options?: TernSecureHandlerOptions) {\n  const baseConfig: Required<TernSecureHandlerOptions> = ConfigUtils.mergeWithDefaults(\n    DEFAULT_HANDLER_OPTIONS,\n    options,\n  );\n\n  const internalConfig: TernSecureInternalHandlerConfig = {\n    ...baseConfig,\n    tenantId: TENANT_ID,\n  };\n\n  const handler = async (request: NextRequest): Promise<NextResponse> => {\n    const context = createRequestContext(request);\n    const { pathSegments } = context;\n\n    const endpoint = pathSegments[2] as AuthEndpoint;\n    const subEndpoint = pathSegments[3] as SessionSubEndpoint;\n\n    LoggingUtils.logRequest(request, 'Handler');\n\n    try {\n      const validationResult = await applyGlobalValidations(internalConfig, context);\n      if (validationResult) {\n        return validationResult;\n      }\n\n      return await routeToEndpointHandler(request, endpoint, subEndpoint, internalConfig);\n    } catch (error) {\n      LoggingUtils.logError(error, 'Handler');\n      return createApiErrorResponse('INTERNAL_SERVER_ERROR', 'Internal server error', 500);\n    }\n  };\n\n  return {\n    GET: handler,\n    POST: handler,\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,uBAA0B;AAE1B,0BAAuD;AACvD,uBAAuC;AACvC,6BAAuC;AAMvC,mBAEO;AACP,mBAA0C;AAK1C,eAAe,uBACb,QACA,SAC8B;AAC9B,QAAM,EAAE,cAAc,kBAAkB,0BAA0B,QAAI,sCAAiB,OAAO;AAC9F,QAAM,YAAY,MAAM,aAAa,OAAO,IAAI;AAChD,MAAI,UAAW,QAAO;AAEtB,MAAI,QAAQ,WAAW,WAAW;AAChC,WAAO,0BAA0B,OAAO,IAAI;AAAA,EAC9C;AAEA,QAAM,gBAAgB,MAAM,iBAAiB,OAAO,QAAQ;AAC5D,MAAI,cAAe,QAAO;AAE1B,SAAO;AACT;AAKA,eAAe,uBACb,SACA,UACA,aACA,QACuB;AACvB,UAAQ,UAAU;AAAA,IAChB,KAAK;AACH,aAAO,8CAAuB,OAAO,SAAS,QAAQ,QAAQ,aAAa,MAAM;AAAA,IACnF;AACE,iBAAO,yCAAuB,sBAAsB,sBAAsB,GAAG;AAAA,EACjF;AACF;AAEO,SAAS,8BAA8B,SAAoC;AAChF,QAAM,aAAiD,yBAAY;AAAA,IACjE;AAAA,IACA;AAAA,EACF;AAEA,QAAM,iBAAkD;AAAA,IACtD,GAAG;AAAA,IACH,UAAU;AAAA,EACZ;AAEA,QAAM,UAAU,OAAO,YAAgD;AACrE,UAAM,cAAU,0CAAqB,OAAO;AAC5C,UAAM,EAAE,aAAa,IAAI;AAEzB,UAAM,WAAW,aAAa,CAAC;AAC/B,UAAM,cAAc,aAAa,CAAC;AAElC,8BAAa,WAAW,SAAS,SAAS;AAE1C,QAAI;AACF,YAAM,mBAAmB,MAAM,uBAAuB,gBAAgB,OAAO;AAC7E,UAAI,kBAAkB;AACpB,eAAO;AAAA,MACT;AAEA,aAAO,MAAM,uBAAuB,SAAS,UAAU,aAAa,cAAc;AAAA,IACpF,SAAS,OAAO;AACd,gCAAa,SAAS,OAAO,SAAS;AACtC,iBAAO,yCAAuB,yBAAyB,yBAAyB,GAAG;AAAA,IACrF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;","names":[]}

package/dist/cjs/app-router/admin/types.js

@@ -0,0 +1,127 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var types_exports = {};
+__export(types_exports, {
+  DEFAULT_COOKIE_OPTIONS: () => DEFAULT_COOKIE_OPTIONS,
+  DEFAULT_CORS_OPTIONS: () => DEFAULT_CORS_OPTIONS,
+  DEFAULT_ENDPOINT_CONFIG: () => DEFAULT_ENDPOINT_CONFIG,
+  DEFAULT_HANDLER_OPTIONS: () => DEFAULT_HANDLER_OPTIONS,
+  DEFAULT_SECURITY_OPTIONS: () => DEFAULT_SECURITY_OPTIONS,
+  DEFAULT_SESSIONS_CONFIG: () => DEFAULT_SESSIONS_CONFIG
+});
+module.exports = __toCommonJS(types_exports);
+const DEFAULT_CORS_OPTIONS = {
+  allowedOrigins: [],
+  allowedMethods: ["GET", "POST"],
+  allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With"],
+  allowCredentials: true,
+  maxAge: 86400
+  // 24 hours
+};
+const DEFAULT_COOKIE_OPTIONS = {
+  name: "__session",
+  path: "/",
+  secure: true,
+  httpOnly: true,
+  sameSite: "lax",
+  maxAge: 3600 * 24 * 7
+  // 7 days
+};
+const DEFAULT_SECURITY_OPTIONS = {
+  requireCSRF: true,
+  allowedReferers: [],
+  requiredHeaders: {},
+  ipWhitelist: [],
+  userAgent: {
+    block: [],
+    allow: []
+  }
+};
+const DEFAULT_ENDPOINT_CONFIG = {
+  enabled: true,
+  methods: ["GET", "POST"],
+  requireAuth: false,
+  security: DEFAULT_SECURITY_OPTIONS
+};
+const DEFAULT_SESSIONS_CONFIG = {
+  ...DEFAULT_ENDPOINT_CONFIG,
+  subEndpoints: {
+    verify: {
+      enabled: true,
+      methods: ["GET"],
+      requireAuth: false,
+      security: {
+        requireCSRF: true,
+        allowedReferers: []
+      }
+    },
+    createsession: {
+      enabled: true,
+      methods: ["POST"],
+      requireAuth: false,
+      security: {
+        requireCSRF: true
+      }
+    },
+    refresh: {
+      enabled: true,
+      methods: ["POST"],
+      requireAuth: true,
+      security: {
+        requireCSRF: true
+      }
+    },
+    revoke: {
+      enabled: true,
+      methods: ["POST"],
+      requireAuth: true,
+      security: {
+        requireCSRF: true
+      }
+    }
+  }
+};
+const DEFAULT_HANDLER_OPTIONS = {
+  cors: DEFAULT_CORS_OPTIONS,
+  cookies: DEFAULT_COOKIE_OPTIONS,
+  rateLimit: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 100,
+    skipSuccessful: false,
+    skipFailedRequests: false
+  },
+  security: DEFAULT_SECURITY_OPTIONS,
+  endpoints: {
+    sessions: DEFAULT_SESSIONS_CONFIG
+  },
+  debug: false,
+  environment: "production",
+  basePath: "/api/auth"
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  DEFAULT_COOKIE_OPTIONS,
+  DEFAULT_CORS_OPTIONS,
+  DEFAULT_ENDPOINT_CONFIG,
+  DEFAULT_HANDLER_OPTIONS,
+  DEFAULT_SECURITY_OPTIONS,
+  DEFAULT_SESSIONS_CONFIG
+});
+//# sourceMappingURL=types.js.map

package/dist/cjs/app-router/admin/types.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import { type NextResponse } from 'next/server';\n\nexport interface CorsOptions {\n  allowedOrigins: string[] | '*';\n  allowedMethods?: string[];\n  allowedHeaders?: string[];\n  allowCredentials?: boolean;\n  maxAge?: number;\n  skipSameOrigin?: boolean;\n}\n\nexport interface CookieOptions {\n  name?: string;\n  domain?: string;\n  path?: string;\n  secure?: boolean;\n  httpOnly?: boolean;\n  sameSite?: 'strict' | 'lax' | 'none';\n  maxAge?: number;\n}\n\nexport interface RateLimitOptions {\n  windowMs?: number;\n  maxRequests?: number;\n  skipSuccessful?: boolean;\n  skipFailedRequests?: boolean;\n}\n\nexport interface SecurityOptions {\n  requireCSRF?: boolean;\n  allowedReferers?: string[];\n  requiredHeaders?: Record<string, string>;\n  ipWhitelist?: string[];\n  userAgent?: {\n    block?: string[];\n    allow?: string[];\n  };\n}\n\nexport interface EndpointConfig {\n  enabled: boolean;\n  methods: ('GET' | 'POST' | 'PUT' | 'DELETE')[];\n  requireAuth?: boolean;\n  rateLimit?: RateLimitOptions;\n  security?: SecurityOptions;\n  cors?: Partial<CorsOptions>;\n}\n\nexport interface SessionEndpointConfig extends EndpointConfig {\n  subEndpoints?: {\n    [K in SessionSubEndpoint]?: Partial<EndpointConfig>;\n  };\n}\n\nexport interface TernSecureHandlerOptions {\n  cors?: CorsOptions;\n  cookies?: CookieOptions;\n  rateLimit?: RateLimitOptions;\n  security?: SecurityOptions;\n  endpoints?: {\n    sessions?: SessionEndpointConfig;\n  };\n\n  debug?: boolean;\n  environment?: 'development' | 'production' | 'test';\n  basePath?: string;\n}\n\n/**\n * Define an internal config type that extends the public options\n * with server-side only values like tenantId.\n */\nexport type TernSecureInternalHandlerConfig = Required<TernSecureHandlerOptions> & {\n  tenantId?: string;\n};\n\nexport type AuthEndpoint = 'sessions' | 'users';\nexport type SessionSubEndpoint = 'verify' | 'createsession' | 'refresh' | 'revoke';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n  allowedOrigins: [],\n  allowedMethods: ['GET', 'POST'],\n  allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n  allowCredentials: true,\n  maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_COOKIE_OPTIONS: CookieOptions = {\n  name: '__session',\n  path: '/',\n  secure: true,\n  httpOnly: true,\n  sameSite: 'lax',\n  maxAge: 3600 * 24 * 7, // 7 days\n};\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n  requireCSRF: true,\n  allowedReferers: [],\n  requiredHeaders: {},\n  ipWhitelist: [],\n  userAgent: {\n    block: [],\n    allow: [],\n  },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n  enabled: true,\n  methods: ['GET', 'POST'],\n  requireAuth: false,\n  security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n  ...DEFAULT_ENDPOINT_CONFIG,\n  subEndpoints: {\n    verify: {\n      enabled: true,\n      methods: ['GET'],\n      requireAuth: false,\n      security: {\n        requireCSRF: true,\n        allowedReferers: [],\n      },\n    },\n    createsession: {\n      enabled: true,\n      methods: ['POST'],\n      requireAuth: false,\n      security: {\n        requireCSRF: true,\n      },\n    },\n    refresh: {\n      enabled: true,\n      methods: ['POST'],\n      requireAuth: true,\n      security: {\n        requireCSRF: true,\n      },\n    },\n    revoke: {\n      enabled: true,\n      methods: ['POST'],\n      requireAuth: true,\n      security: {\n        requireCSRF: true,\n      },\n    },\n  },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n  endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n  cors: DEFAULT_CORS_OPTIONS,\n  cookies: DEFAULT_COOKIE_OPTIONS,\n  rateLimit: {\n    windowMs: 15 * 60 * 1000, // 15 minutes\n    maxRequests: 100,\n    skipSuccessful: false,\n    skipFailedRequests: false,\n  },\n  security: DEFAULT_SECURITY_OPTIONS,\n  endpoints: {\n    sessions: DEFAULT_SESSIONS_CONFIG,\n  },\n  debug: false,\n  environment: 'production',\n  basePath: '/api/auth',\n};\n\n\nexport interface ValidationResult {\n  error?: NextResponse;\n  data?: any;\n}\n\nexport interface ValidationConfig {\n  cors?: CorsOptions;\n  security?: SecurityOptions;\n  endpoint?: {\n    name: AuthEndpoint;\n    config: EndpointConfig;\n  };\n  subEndpoint?: {\n    name: SessionSubEndpoint;\n    config: EndpointConfig;\n  };\n  requireIdToken?: boolean;\n  requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n  isValid: boolean;\n  error?: NextResponse;\n  corsResponse?: NextResponse;\n  sessionData?: {\n    body: any;\n    idToken?: string;\n    csrfToken?: string;\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA+EO,MAAM,uBAAoC;AAAA,EAC/C,gBAAgB,CAAC;AAAA,EACjB,gBAAgB,CAAC,OAAO,MAAM;AAAA,EAC9B,gBAAgB,CAAC,gBAAgB,iBAAiB,kBAAkB;AAAA,EACpE,kBAAkB;AAAA,EAClB,QAAQ;AAAA;AACV;AAEO,MAAM,yBAAwC;AAAA,EACnD,MAAM;AAAA,EACN,MAAM;AAAA,EACN,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,UAAU;AAAA,EACV,QAAQ,OAAO,KAAK;AAAA;AACtB;AAEO,MAAM,2BAA4C;AAAA,EACvD,aAAa;AAAA,EACb,iBAAiB,CAAC;AAAA,EAClB,iBAAiB,CAAC;AAAA,EAClB,aAAa,CAAC;AAAA,EACd,WAAW;AAAA,IACT,OAAO,CAAC;AAAA,IACR,OAAO,CAAC;AAAA,EACV;AACF;AAEO,MAAM,0BAA0C;AAAA,EACrD,SAAS;AAAA,EACT,SAAS,CAAC,OAAO,MAAM;AAAA,EACvB,aAAa;AAAA,EACb,UAAU;AACZ;AAEO,MAAM,0BAAiD;AAAA,EAC5D,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAET;AAAA,EACF,MAAM;AAAA,EACN,SAAS;AAAA,EACT,WAAW;AAAA,IACT,UAAU,KAAK,KAAK;AAAA;AAAA,IACpB,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB;AAAA,EACA,UAAU;AAAA,EACV,WAAW;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA,OAAO;AAAA,EACP,aAAa;AAAA,EACb,UAAU;AACZ;","names":[]}

package/dist/cjs/app-router/admin/utils.js

@@ -0,0 +1,107 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var utils_exports = {};
+__export(utils_exports, {
+  ConfigUtils: () => ConfigUtils,
+  CookieUtils: () => CookieUtils,
+  HttpUtils: () => HttpUtils,
+  LoggingUtils: () => LoggingUtils
+});
+module.exports = __toCommonJS(utils_exports);
+class HttpUtils {
+  /**
+   * Extract client IP address from various headers
+   */
+  static getClientIP(request) {
+    const forwarded = request.headers.get("x-forwarded-for");
+    const realIP = request.headers.get("x-real-ip");
+    const clientIP = request.headers.get("x-client-ip");
+    if (forwarded) {
+      return forwarded.split(",")[0].trim();
+    }
+    return realIP || clientIP || "unknown";
+  }
+  /**
+   * Parse URL path segments for routing
+   */
+  static parsePathSegments(url) {
+    return url.pathname.split("/").filter(Boolean);
+  }
+  /**
+   * Extract authentication headers
+   */
+  static extractAuthHeaders(request) {
+    return {
+      origin: request.headers.get("origin"),
+      host: request.headers.get("host"),
+      referer: request.headers.get("referer"),
+      userAgent: request.headers.get("user-agent") || "",
+      authorization: request.headers.get("authorization"),
+      xRequestedWith: request.headers.get("x-requested-with")
+    };
+  }
+}
+class ConfigUtils {
+  /**
+   * Deep merge handler options with defaults
+   */
+  static mergeWithDefaults(defaults, options) {
+    if (!options) return defaults;
+    const result = { ...defaults };
+    for (const key in options) {
+      const value = options[key];
+      if (value && typeof value === "object" && !Array.isArray(value)) {
+        result[key] = this.mergeWithDefaults(defaults[key] || {}, value);
+      } else {
+        result[key] = value;
+      }
+    }
+    return result;
+  }
+}
+class CookieUtils {
+  static extractSessionCookies(request) {
+    return {
+      sessionCookie: request.cookies.get("_session_cookie")?.value,
+      csrfCookie: request.cookies.get("_session_terncf")?.value,
+      mainSession: request.cookies.get("__session")?.value
+    };
+  }
+}
+class LoggingUtils {
+  static logRequest(request, context) {
+    if (process.env.NODE_ENV === "development") {
+      console.log(`[TernSecure${context ? ` ${context}` : ""}] ${request.method} ${request.url}`);
+    }
+  }
+  static logError(error, context) {
+    console.error(`[TernSecure${context ? ` ${context}` : ""} Error]`, error);
+  }
+  static logWarning(message, context) {
+    console.warn(`[TernSecure${context ? ` ${context}` : ""} Warning]`, message);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ConfigUtils,
+  CookieUtils,
+  HttpUtils,
+  LoggingUtils
+});
+//# sourceMappingURL=utils.js.map

package/dist/cjs/app-router/admin/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/app-router/admin/utils.ts"],"sourcesContent":["import type { NextRequest } from 'next/server';\n\n/**\n * HTTP utilities\n */\nexport class HttpUtils {\n  /**\n   * Extract client IP address from various headers\n   */\n  static getClientIP(request: NextRequest): string {\n    const forwarded = request.headers.get('x-forwarded-for');\n    const realIP = request.headers.get('x-real-ip');\n    const clientIP = request.headers.get('x-client-ip');\n\n    if (forwarded) {\n      return forwarded.split(',')[0].trim();\n    }\n\n    return realIP || clientIP || 'unknown';\n  }\n\n  /**\n   * Parse URL path segments for routing\n   */\n  static parsePathSegments(url: URL): string[] {\n    return url.pathname.split('/').filter(Boolean);\n  }\n\n  /**\n   * Extract authentication headers\n   */\n  static extractAuthHeaders(request: NextRequest) {\n    return {\n      origin: request.headers.get('origin'),\n      host: request.headers.get('host'),\n      referer: request.headers.get('referer'),\n      userAgent: request.headers.get('user-agent') || '',\n      authorization: request.headers.get('authorization'),\n      xRequestedWith: request.headers.get('x-requested-with'),\n    };\n  }\n}\n\n/**\n * Configuration utilities\n */\nexport class ConfigUtils {\n  /**\n   * Deep merge handler options with defaults\n   */\n  static mergeWithDefaults(\n    defaults: any,\n    options?: any\n  ): any {\n    if (!options) return defaults;\n\n    const result = { ...defaults };\n    \n    for (const key in options) {\n      const value = options[key];\n      if (value && typeof value === 'object' && !Array.isArray(value)) {\n        result[key] = this.mergeWithDefaults(defaults[key] || {}, value);\n      } else {\n        result[key] = value;\n      }\n    }\n\n    return result;\n  }\n}\n\n/**\n * Cookie utilities\n */\nexport class CookieUtils {\n  static extractSessionCookies(request: NextRequest) {\n    return {\n      sessionCookie: request.cookies.get('_session_cookie')?.value,\n      csrfCookie: request.cookies.get('_session_terncf')?.value,\n      mainSession: request.cookies.get('__session')?.value,\n    };\n  }\n}\n\n/**\n * Logging utilities for debugging\n */\nexport class LoggingUtils {\n  static logRequest(request: NextRequest, context?: string) {\n    if (process.env.NODE_ENV === 'development') {\n      console.log(`[TernSecure${context ? ` ${context}` : ''}] ${request.method} ${request.url}`);\n    }\n  }\n\n  static logError(error: any, context?: string) {\n    console.error(`[TernSecure${context ? ` ${context}` : ''} Error]`, error);\n  }\n\n  static logWarning(message: string, context?: string) {\n    console.warn(`[TernSecure${context ? ` ${context}` : ''} Warning]`, message);\n  }\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKO,MAAM,UAAU;AAAA;AAAA;AAAA;AAAA,EAIrB,OAAO,YAAY,SAA8B;AAC/C,UAAM,YAAY,QAAQ,QAAQ,IAAI,iBAAiB;AACvD,UAAM,SAAS,QAAQ,QAAQ,IAAI,WAAW;AAC9C,UAAM,WAAW,QAAQ,QAAQ,IAAI,aAAa;AAElD,QAAI,WAAW;AACb,aAAO,UAAU,MAAM,GAAG,EAAE,CAAC,EAAE,KAAK;AAAA,IACtC;AAEA,WAAO,UAAU,YAAY;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,kBAAkB,KAAoB;AAC3C,WAAO,IAAI,SAAS,MAAM,GAAG,EAAE,OAAO,OAAO;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,mBAAmB,SAAsB;AAC9C,WAAO;AAAA,MACL,QAAQ,QAAQ,QAAQ,IAAI,QAAQ;AAAA,MACpC,MAAM,QAAQ,QAAQ,IAAI,MAAM;AAAA,MAChC,SAAS,QAAQ,QAAQ,IAAI,SAAS;AAAA,MACtC,WAAW,QAAQ,QAAQ,IAAI,YAAY,KAAK;AAAA,MAChD,eAAe,QAAQ,QAAQ,IAAI,eAAe;AAAA,MAClD,gBAAgB,QAAQ,QAAQ,IAAI,kBAAkB;AAAA,IACxD;AAAA,EACF;AACF;AAKO,MAAM,YAAY;AAAA;AAAA;AAAA;AAAA,EAIvB,OAAO,kBACL,UACA,SACK;AACL,QAAI,CAAC,QAAS,QAAO;AAErB,UAAM,SAAS,EAAE,GAAG,SAAS;AAE7B,eAAW,OAAO,SAAS;AACzB,YAAM,QAAQ,QAAQ,GAAG;AACzB,UAAI,SAAS,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK,GAAG;AAC/D,eAAO,GAAG,IAAI,KAAK,kBAAkB,SAAS,GAAG,KAAK,CAAC,GAAG,KAAK;AAAA,MACjE,OAAO;AACL,eAAO,GAAG,IAAI;AAAA,MAChB;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AACF;AAKO,MAAM,YAAY;AAAA,EACvB,OAAO,sBAAsB,SAAsB;AACjD,WAAO;AAAA,MACL,eAAe,QAAQ,QAAQ,IAAI,iBAAiB,GAAG;AAAA,MACvD,YAAY,QAAQ,QAAQ,IAAI,iBAAiB,GAAG;AAAA,MACpD,aAAa,QAAQ,QAAQ,IAAI,WAAW,GAAG;AAAA,IACjD;AAAA,EACF;AACF;AAKO,MAAM,aAAa;AAAA,EACxB,OAAO,WAAW,SAAsB,SAAkB;AACxD,QAAI,QAAQ,IAAI,aAAa,eAAe;AAC1C,cAAQ,IAAI,cAAc,UAAU,IAAI,OAAO,KAAK,EAAE,KAAK,QAAQ,MAAM,IAAI,QAAQ,GAAG,EAAE;AAAA,IAC5F;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,OAAY,SAAkB;AAC5C,YAAQ,MAAM,cAAc,UAAU,IAAI,OAAO,KAAK,EAAE,WAAW,KAAK;AAAA,EAC1E;AAAA,EAEA,OAAO,WAAW,SAAiB,SAAkB;AACnD,YAAQ,KAAK,cAAc,UAAU,IAAI,OAAO,KAAK,EAAE,aAAa,OAAO;AAAA,EAC7E;AACF;","names":[]}