@tern-secure/nextjs 5.2.0-canary.v20250919134427 → 5.2.0-canary.v20251002175916
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/admin/api/endpoints/abstract.js.map +1 -1
- package/dist/cjs/app-router/admin/{claude-authenticateRequestProcessor.js → c-authenticateRequestProcessor.js} +21 -7
- package/dist/cjs/app-router/admin/c-authenticateRequestProcessor.js.map +1 -0
- package/dist/cjs/app-router/admin/constants.js +18 -0
- package/dist/cjs/app-router/admin/constants.js.map +1 -1
- package/dist/cjs/app-router/admin/endpointRouter.js +10 -11
- package/dist/cjs/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/cjs/app-router/admin/fnValidators.js +10 -24
- package/dist/cjs/app-router/admin/fnValidators.js.map +1 -1
- package/dist/cjs/app-router/admin/index.js +0 -5
- package/dist/cjs/app-router/admin/index.js.map +1 -1
- package/dist/cjs/app-router/admin/request.js +73 -0
- package/dist/cjs/app-router/admin/request.js.map +1 -0
- package/dist/cjs/app-router/admin/sessionHandlers.js +84 -123
- package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/cjs/app-router/admin/ternsecureNextjsHandler.js +21 -34
- package/dist/cjs/app-router/admin/ternsecureNextjsHandler.js.map +1 -1
- package/dist/cjs/app-router/admin/types.js +83 -6
- package/dist/cjs/app-router/admin/types.js.map +1 -1
- package/dist/cjs/server/constant.js +4 -1
- package/dist/cjs/server/constant.js.map +1 -1
- package/dist/cjs/server/ternSecureEdgeMiddleware.js +3 -23
- package/dist/cjs/server/ternSecureEdgeMiddleware.js.map +1 -1
- package/dist/cjs/server/ternsecureClient.js +44 -0
- package/dist/cjs/server/ternsecureClient.js.map +1 -0
- package/dist/esm/app-router/admin/api/endpoints/abstract.js.map +1 -1
- package/dist/esm/app-router/admin/{claude-authenticateRequestProcessor.js → c-authenticateRequestProcessor.js} +18 -4
- package/dist/esm/app-router/admin/c-authenticateRequestProcessor.js.map +1 -0
- package/dist/esm/app-router/admin/constants.js +12 -0
- package/dist/esm/app-router/admin/constants.js.map +1 -1
- package/dist/esm/app-router/admin/endpointRouter.js +11 -12
- package/dist/esm/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/esm/app-router/admin/fnValidators.js +10 -23
- package/dist/esm/app-router/admin/fnValidators.js.map +1 -1
- package/dist/esm/app-router/admin/index.js +0 -3
- package/dist/esm/app-router/admin/index.js.map +1 -1
- package/dist/esm/app-router/admin/request.js +56 -0
- package/dist/esm/app-router/admin/request.js.map +1 -0
- package/dist/esm/app-router/admin/sessionHandlers.js +84 -111
- package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/esm/app-router/admin/ternsecureNextjsHandler.js +22 -35
- package/dist/esm/app-router/admin/ternsecureNextjsHandler.js.map +1 -1
- package/dist/esm/app-router/admin/types.js +80 -5
- package/dist/esm/app-router/admin/types.js.map +1 -1
- package/dist/esm/server/constant.js +3 -1
- package/dist/esm/server/constant.js.map +1 -1
- package/dist/esm/server/ternSecureEdgeMiddleware.js +3 -24
- package/dist/esm/server/ternSecureEdgeMiddleware.js.map +1 -1
- package/dist/esm/server/ternsecureClient.js +22 -0
- package/dist/esm/server/ternsecureClient.js.map +1 -0
- package/dist/types/app-router/admin/api/endpoints/abstract.d.ts +6 -4
- package/dist/types/app-router/admin/api/endpoints/abstract.d.ts.map +1 -1
- package/dist/types/app-router/admin/{claude-authenticateRequestProcessor.d.ts → c-authenticateRequestProcessor.d.ts} +13 -5
- package/dist/types/app-router/admin/c-authenticateRequestProcessor.d.ts.map +1 -0
- package/dist/types/app-router/admin/constants.d.ts +6 -0
- package/dist/types/app-router/admin/constants.d.ts.map +1 -1
- package/dist/types/app-router/admin/endpointRouter.d.ts +7 -4
- package/dist/types/app-router/admin/endpointRouter.d.ts.map +1 -1
- package/dist/types/app-router/admin/fnValidators.d.ts +2 -11
- package/dist/types/app-router/admin/fnValidators.d.ts.map +1 -1
- package/dist/types/app-router/admin/index.d.ts +1 -3
- package/dist/types/app-router/admin/index.d.ts.map +1 -1
- package/dist/types/app-router/admin/request.d.ts +4 -0
- package/dist/types/app-router/admin/request.d.ts.map +1 -0
- package/dist/types/app-router/admin/sessionHandlers.d.ts +3 -24
- package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
- package/dist/types/app-router/admin/ternsecureNextjsHandler.d.ts.map +1 -1
- package/dist/types/app-router/admin/types.d.ts +40 -64
- package/dist/types/app-router/admin/types.d.ts.map +1 -1
- package/dist/types/server/constant.d.ts +2 -1
- package/dist/types/server/constant.d.ts.map +1 -1
- package/dist/types/server/ternSecureEdgeMiddleware.d.ts.map +1 -1
- package/dist/types/server/ternsecureClient.d.ts +3 -0
- package/dist/types/server/ternsecureClient.d.ts.map +1 -0
- package/package.json +5 -5
- package/dist/cjs/app-router/admin/claude-authenticateRequestProcessor.js.map +0 -1
- package/dist/cjs/app-router/admin/handlerUtils.js +0 -63
- package/dist/cjs/app-router/admin/handlerUtils.js.map +0 -1
- package/dist/cjs/server/ternSecureFireMiddleware.js +0 -192
- package/dist/cjs/server/ternSecureFireMiddleware.js.map +0 -1
- package/dist/esm/app-router/admin/claude-authenticateRequestProcessor.js.map +0 -1
- package/dist/esm/app-router/admin/handlerUtils.js +0 -38
- package/dist/esm/app-router/admin/handlerUtils.js.map +0 -1
- package/dist/esm/server/ternSecureFireMiddleware.js +0 -179
- package/dist/esm/server/ternSecureFireMiddleware.js.map +0 -1
- package/dist/types/app-router/admin/claude-authenticateRequestProcessor.d.ts.map +0 -1
- package/dist/types/app-router/admin/handlerUtils.d.ts +0 -19
- package/dist/types/app-router/admin/handlerUtils.d.ts.map +0 -1
- package/dist/types/server/ternSecureFireMiddleware.d.ts +0 -47
- package/dist/types/server/ternSecureFireMiddleware.d.ts.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"sourcesContent":["import type {\r\n AuthObject,\r\n RequestOptions,\r\n TernSecureRequest,\r\n} from '@tern-secure/backend';\r\nimport {\r\n constants,\r\n createBackendInstanceClient,\r\n createTernSecureRequest,\r\n enableDebugLogging,\r\n} from '@tern-secure/backend';\r\nimport type {\r\n TernSecureConfig,\r\n} from '@tern-secure/types';\r\nimport { notFound as nextjsNotFound } from 'next/navigation';\r\nimport type { NextMiddleware,NextRequest } from 'next/server';\r\nimport { NextResponse } from 'next/server';\r\n\r\nimport { isRedirect, setHeader } from '../utils/response';\r\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\r\nimport { createEdgeCompatibleLogger } from '../utils/withLogger';\r\nimport { API_URL, API_VERSION,SIGN_IN_URL, SIGN_UP_URL } from './constant';\r\nimport {\r\n isNextjsNotFoundError,\r\n isNextjsRedirectError,\r\n isRedirectToSignInError,\r\n isRedirectToSignUpError,\r\n nextjsRedirectError,\r\n redirectToSignInError,\r\n redirectToSignUpError,\r\n} from './nextErrors';\r\nimport { type AuthProtect,createProtect } from './protect';\r\nimport { createRedirect, type RedirectFun } from './redirect';\r\nimport type {\r\n NextMiddlewareEvtParam,\r\n NextMiddlewareRequestParam,\r\n NextMiddlewareReturn,\r\n} from './types';\r\nimport { decorateRequest } from './utils';\r\n\r\nexport type MiddlewareAuthObject = AuthObject & {\r\n redirectToSignIn: RedirectFun<Response>;\r\n redirectToSignUp: RedirectFun<Response>;\r\n};\r\n\r\nexport interface MiddlewareAuth {\r\n (): Promise<MiddlewareAuthObject>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\ntype MiddlewareHandler = (\r\n auth: MiddlewareAuth,\r\n request: NextMiddlewareRequestParam,\r\n event: NextMiddlewareEvtParam,\r\n) => NextMiddlewareReturn;\r\n\r\nexport interface MiddlewareOptions extends RequestOptions {\r\n debug?: boolean;\r\n firebaseOptions?: TernSecureConfig;\r\n}\r\ntype MiddlewareOptionsCallback = (\r\n req: NextRequest,\r\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\r\n\r\ninterface TernSecureMiddleware {\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware(options);\r\n */\r\n (options?: MiddlewareOptions): NextMiddleware;\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware;\r\n */\r\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\r\n}\r\n\r\nconst backendClientDefaultOptions = {\r\n apiUrl: API_URL,\r\n apiVersion: API_VERSION,\r\n};\r\n\r\nconst ternSecureBackendClient = async () => {\r\n return createBackendClientWithOptions({});\r\n};\r\n\r\nconst createBackendClientWithOptions: typeof createBackendInstanceClient = options => {\r\n return createBackendInstanceClient({\r\n ...backendClientDefaultOptions,\r\n ...options,\r\n });\r\n};\r\n\r\nexport const ternSecureMiddleware = ((\r\n ...args: unknown[]\r\n): NextMiddleware | NextMiddlewareReturn => {\r\n const [request, event] = parseRequestAndEvent(args);\r\n const [handler, params] = parseHandlerAndOptions(args);\r\n\r\n const middleware = () => {\r\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\r\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\r\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\r\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\r\n\r\n const options = {\r\n signInUrl,\r\n signUpUrl,\r\n ...resolvedParams,\r\n };\r\n\r\n const logger = createEdgeCompatibleLogger(options.debug);\r\n\r\n if (options.debug) {\r\n enableDebugLogging();\r\n }\r\n\r\n //const { authObject, headers: authHeaders } =\r\n // await authenticateMiddlewareRequest(request, checkRevoked, logger);\r\n\r\n //const reqBackend = await createBackendInstanceEdge(request, checkRevoked);\r\n const reqBackendClient = await ternSecureBackendClient();\r\n //const requestState = reqBackend.requestState;\r\n //const authObject = requestState.auth();\r\n //const authHeaders = requestState.headers;\r\n\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n const requestStateClient = await reqBackendClient.authenticateRequest(\r\n ternSecureRequest,\r\n options,\r\n );\r\n\r\n const authObjectClient = requestStateClient.auth();\r\n\r\n const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const protect = await createMiddlewareProtect(\r\n ternSecureRequest,\r\n authObjectClient,\r\n redirectToSignIn,\r\n );\r\n\r\n const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\r\n redirectToSignIn,\r\n redirectToSignUp,\r\n });\r\n\r\n const authHandler = () => Promise.resolve(authObj);\r\n authHandler.protect = protect;\r\n\r\n let handlerResult: Response = NextResponse.next();\r\n\r\n try {\r\n const userHandlerResult = await handler?.(authHandler, request, event);\r\n handlerResult = userHandlerResult || handlerResult;\r\n } catch (error: any) {\r\n handlerResult = handleControlError(error, ternSecureRequest, request);\r\n }\r\n\r\n if (requestStateClient.headers) {\r\n requestStateClient.headers.forEach((value, key) => {\r\n handlerResult.headers.append(key, value);\r\n });\r\n }\r\n\r\n if (isRedirect(handlerResult)) {\r\n return serverRedirectWithAuth(ternSecureRequest, handlerResult);\r\n }\r\n\r\n decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\r\n return handlerResult;\r\n };\r\n\r\n const fireNextMiddleware: NextMiddleware = async (request) => {\r\n console.log('[TernSecureMiddleware] Firebase Request URL:', request.url);\r\n if (isFirebaseCookieRequest(request)) {\r\n const options = typeof params === 'function' ? await params(request) : params;\r\n rewriteFirebaseRequest(options, request);\r\n return handleFirebaseAuthRequest(request);\r\n }\r\n };\r\n\r\n const nextMiddleware: NextMiddleware = async (request, event) => {\r\n if (isFirebaseCookieRequest(request)) {\r\n return fireNextMiddleware(request, event);\r\n }\r\n return withAuthNextMiddleware(request, event);\r\n };\r\n\r\n if (request && event) {\r\n return nextMiddleware(request, event);\r\n }\r\n\r\n return nextMiddleware;\r\n };\r\n return middleware();\r\n}) as TernSecureMiddleware;\r\n\r\nconst parseRequestAndEvent = (args: unknown[]) => {\r\n return [\r\n args[0] instanceof Request ? args[0] : undefined,\r\n args[0] instanceof Request ? args[1] : undefined,\r\n ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\r\n};\r\n\r\nconst parseHandlerAndOptions = (args: unknown[]) => {\r\n return [\r\n typeof args[0] === 'function' ? args[0] : undefined,\r\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\r\n ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\r\n};\r\n\r\nconst isFirebaseRequest = (request: NextMiddlewareRequestParam) =>\r\n request.nextUrl.pathname.startsWith('/__/');\r\n\r\nconst rewriteFirebaseRequest = (options: MiddlewareOptions, request: NextMiddlewareRequestParam) => {\r\n const newUrl = new URL(request.url);\r\n newUrl.host = options.firebaseOptions?.authDomain || '';\r\n newUrl.port = '';\r\n return NextResponse.rewrite(newUrl);\r\n}\r\n\r\nconst finalTarget = (request: NextMiddlewareRequestParam) => {\r\n const finalTargetUrl = request.nextUrl.searchParams.get('finalTarget');\r\n return finalTargetUrl ? new URL(finalTargetUrl, request.url) : undefined;\r\n};\r\n\r\nconst isFirebaseCookieRequest = (request: NextMiddlewareRequestParam) =>\r\n request.nextUrl.pathname === '/__cookies__';\r\n\r\n/**\r\n * Create middleware redirect functions\r\n */\r\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\r\n const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignInError(url, opts.returnBackUrl);\r\n };\r\n\r\n const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignUpError(url, opts.returnBackUrl);\r\n };\r\n\r\n return { redirectToSignIn, redirectToSignUp };\r\n};\r\n\r\nconst createMiddlewareProtect = (\r\n ternSecureRequest: TernSecureRequest,\r\n authObject: AuthObject,\r\n redirectToSignIn: RedirectFun<Response>,\r\n) => {\r\n return (async (params: any, options: any) => {\r\n const notFound = () => nextjsNotFound();\r\n\r\n const redirect = (url: string) =>\r\n nextjsRedirectError(url, {\r\n redirectUrl: url,\r\n });\r\n\r\n return createProtect({\r\n request: ternSecureRequest,\r\n redirect,\r\n notFound,\r\n authObject,\r\n redirectToSignIn,\r\n })(params, options);\r\n }) as unknown as Promise<AuthProtect>;\r\n};\r\n\r\nexport const redirectAdapter = (url: string | URL) => {\r\n return NextResponse.redirect(url, {\r\n headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\r\n });\r\n};\r\n\r\n/**\r\n * Handle control flow errors in middleware\r\n */\r\nconst handleControlError = (\r\n error: any,\r\n ternSecureRequest: TernSecureRequest,\r\n nextrequest: NextRequest,\r\n): Response => {\r\n if (isNextjsNotFoundError(error)) {\r\n return setHeader(\r\n NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\r\n constants.Headers.AuthReason,\r\n 'protect-rewrite',\r\n );\r\n }\r\n\r\n const isRedirectToSignIn = isRedirectToSignInError(error);\r\n const isRedirectToSignUp = isRedirectToSignUpError(error);\r\n\r\n if (isRedirectToSignIn || isRedirectToSignUp) {\r\n const redirect = createRedirect({\r\n redirectAdapter,\r\n baseUrl: ternSecureRequest.ternUrl,\r\n signInUrl: SIGN_IN_URL,\r\n signUpUrl: SIGN_UP_URL,\r\n });\r\n\r\n const { returnBackUrl } = error;\r\n\r\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\r\n returnBackUrl,\r\n });\r\n }\r\n\r\n if (isNextjsRedirectError(error)) {\r\n return redirectAdapter(error.redirectUrl);\r\n }\r\n\r\n throw error;\r\n};\r\n\r\nconst handleFirebaseAuthRequest = async (\r\n request: NextRequest,\r\n): Promise<NextResponse | null> => {\r\n\r\n console.log('Checking for __cookies__ path');\r\n\r\n const isDevMode = process.env.NODE_ENV === 'development';\r\n const ID_TOKEN_COOKIE_NAME = isDevMode ? `__dev_FIREBASE_[DEFAULT]` : `__HOST-FIREBASE_[DEFAULT]`;\r\n const REFRESH_TOKEN_COOKIE_NAME = isDevMode\r\n ? '__dev_FIREBASEID_[DEFAULT]'\r\n : `__HOST-FIREBASEID_[DEFAULT]`;\r\n const ID_TOKEN_COOKIE = {\r\n path: '/',\r\n secure: !isDevMode,\r\n sameSite: 'strict',\r\n partitioned: true,\r\n name: ID_TOKEN_COOKIE_NAME,\r\n maxAge: 34560000,\r\n priority: 'high',\r\n } as const;\r\n const REFRESH_TOKEN_COOKIE = {\r\n ...ID_TOKEN_COOKIE,\r\n httpOnly: true,\r\n name: REFRESH_TOKEN_COOKIE_NAME,\r\n } as const;\r\n\r\n if (request.nextUrl.pathname === '/__cookies__') {\r\n console.log('Handling /__cookies__ request');\r\n const method = request.method;\r\n if (method === 'DELETE') {\r\n const response = new NextResponse('');\r\n response.cookies.delete({ ...ID_TOKEN_COOKIE, maxAge: 0 });\r\n response.cookies.delete({ ...REFRESH_TOKEN_COOKIE, maxAge: 0 });\r\n return response;\r\n }\r\n\r\n const headers: Record<string, string> = {};\r\n const headerNames = [\r\n 'content-type',\r\n 'X-Firebase-Client',\r\n 'X-Firebase-gmpid',\r\n 'X-Firebase-AppCheck',\r\n 'X-Client-Version',\r\n ];\r\n\r\n headerNames.forEach(headerName => {\r\n const headerValue = request.headers.get(headerName);\r\n if (headerValue) {\r\n headers[headerName] = headerValue;\r\n }\r\n });\r\n\r\n const finalTargetParam = request.nextUrl.searchParams.get('finalTarget');\r\n\r\n const url = new URL(finalTargetParam || '');\r\n let body: ReadableStream<any> | string | null = request.body;\r\n\r\n const isTokenRequest = !!url.pathname.match(/^(\\/securetoken\\.googleapis\\.com)?\\/v1\\/token/);\r\n const isSignInRequest = !!url.pathname.match(\r\n /^(\\/identitytoolkit\\.googleapis\\.com)?\\/v1\\/accounts:signInWith/,\r\n );\r\n\r\n if (!isTokenRequest && !isSignInRequest)\r\n throw new Error('Could not determine the request type to proxy');\r\n\r\n if (isTokenRequest) {\r\n body = await request.text();\r\n const bodyParams = new URLSearchParams(body.trim());\r\n if (bodyParams.has('refresh_token')) {\r\n const refreshToken = request.cookies.get(REFRESH_TOKEN_COOKIE.name)?.value;\r\n if (refreshToken) {\r\n bodyParams.set('refresh_token', refreshToken);\r\n body = bodyParams.toString();\r\n }\r\n }\r\n }\r\n\r\n const response = await fetch(url, { method, body, headers });\r\n const json = await response.json();\r\n\r\n if (!response.ok) {\r\n return NextResponse.json(json, { status: response.status, statusText: response.statusText });\r\n }\r\n\r\n let refreshToken, idToken, maxAge;\r\n if (isSignInRequest) {\r\n refreshToken = json.refreshToken;\r\n idToken = json.idToken;\r\n maxAge = json.expiresIn;\r\n json.refreshToken = 'REDACTED';\r\n } else {\r\n refreshToken = json.refresh_token;\r\n idToken = json.id_token;\r\n maxAge = json.expires_in;\r\n json.refresh_token = 'REDACTED';\r\n }\r\n\r\n const nextResponse = NextResponse.json(json);\r\n if (idToken) nextResponse.cookies.set({ ...ID_TOKEN_COOKIE, maxAge, value: idToken });\r\n if (refreshToken) nextResponse.cookies.set({ ...REFRESH_TOKEN_COOKIE, value: refreshToken });\r\n return nextResponse;\r\n }\r\n return null;\r\n};\r\n"],"mappings":"AAKA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAIP,SAAS,YAAY,sBAAsB;AAE3C,SAAS,oBAAoB;AAE7B,SAAS,YAAY,iBAAiB;AACtC,SAAS,8BAA8B;AACvC,SAAS,kCAAkC;AAC3C,SAAS,SAAS,aAAY,aAAa,mBAAmB;AAC9D;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAA0B,qBAAqB;AAC/C,SAAS,sBAAwC;AAMjD,SAAS,uBAAuB;AAoDhC,MAAM,8BAA8B;AAAA,EAClC,QAAQ;AAAA,EACR,YAAY;AACd;AAEA,MAAM,0BAA0B,YAAY;AAC1C,SAAO,+BAA+B,CAAC,CAAC;AAC1C;AAEA,MAAM,iCAAqE,aAAW;AACpF,SAAO,4BAA4B;AAAA,IACjC,GAAG;AAAA,IACH,GAAG;AAAA,EACL,CAAC;AACH;AAEO,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAC9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,SAAS,2BAA2B,QAAQ,KAAK;AAEvD,UAAI,QAAQ,OAAO;AACjB,2BAAmB;AAAA,MACrB;AAMA,YAAM,mBAAmB,MAAM,wBAAwB;AAKvD,YAAM,oBAAoB,wBAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,aAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,QAAO;AAAA,MACtE;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,UAAI,WAAW,aAAa,GAAG;AAC7B,eAAO,uBAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,sBAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAEA,UAAM,qBAAqC,OAAOA,aAAY;AAC5D,cAAQ,IAAI,gDAAgDA,SAAQ,GAAG;AACvE,UAAI,wBAAwBA,QAAO,GAAG;AACpC,cAAM,UAAU,OAAO,WAAW,aAAa,MAAM,OAAOA,QAAO,IAAI;AACvE,+BAAuB,SAASA,QAAO;AACvC,eAAO,0BAA0BA,QAAO;AAAA,MAC1C;AAAA,IACF;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC9D,UAAI,wBAAwBD,QAAO,GAAG;AACrC,eAAO,mBAAmBA,UAASC,MAAK;AAAA,MACzC;AACD,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAEA,MAAM,oBAAoB,CAAC,YACzB,QAAQ,QAAQ,SAAS,WAAW,MAAM;AAE5C,MAAM,yBAAyB,CAAC,SAA4B,YAAwC;AAClG,QAAM,SAAS,IAAI,IAAI,QAAQ,GAAG;AAClC,SAAO,OAAO,QAAQ,iBAAiB,cAAc;AACrD,SAAO,OAAO;AACd,SAAO,aAAa,QAAQ,MAAM;AACpC;AAEA,MAAM,cAAc,CAAC,YAAwC;AAC3D,QAAM,iBAAiB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AACrE,SAAO,iBAAiB,IAAI,IAAI,gBAAgB,QAAQ,GAAG,IAAI;AACjE;AAEA,MAAM,0BAA0B,CAAC,YAC/B,QAAQ,QAAQ,aAAa;AAK/B,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,MAAM,eAAe;AAEtC,UAAM,WAAW,CAAC,QAChB,oBAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,WAAO,cAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,aAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,UAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO;AAAA,MACL,aAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,UAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,qBAAqB,wBAAwB,KAAK;AACxD,QAAM,qBAAqB,wBAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,WAAW,eAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;AAEA,MAAM,4BAA4B,OAChC,YACiC;AAEjC,UAAQ,IAAI,+BAA+B;AAE3C,QAAM,YAAY,QAAQ,IAAI,aAAa;AAC3C,QAAM,uBAAuB,YAAY,6BAA6B;AACtE,QAAM,4BAA4B,YAC9B,+BACA;AACJ,QAAM,kBAAkB;AAAA,IACtB,MAAM;AAAA,IACN,QAAQ,CAAC;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,EACZ;AACA,QAAM,uBAAuB;AAAA,IAC3B,GAAG;AAAA,IACH,UAAU;AAAA,IACV,MAAM;AAAA,EACR;AAEA,MAAI,QAAQ,QAAQ,aAAa,gBAAgB;AAC/C,YAAQ,IAAI,+BAA+B;AAC3C,UAAM,SAAS,QAAQ;AACvB,QAAI,WAAW,UAAU;AACvB,YAAMC,YAAW,IAAI,aAAa,EAAE;AACpC,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,iBAAiB,QAAQ,EAAE,CAAC;AACzD,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,sBAAsB,QAAQ,EAAE,CAAC;AAC9D,aAAOA;AAAA,IACT;AAEA,UAAM,UAAkC,CAAC;AACrC,UAAM,cAAc;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,gBAAY,QAAQ,gBAAc;AAChC,YAAM,cAAc,QAAQ,QAAQ,IAAI,UAAU;AAClD,UAAI,aAAa;AACf,gBAAQ,UAAU,IAAI;AAAA,MACxB;AAAA,IACF,CAAC;AAED,UAAM,mBAAmB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AAEvE,UAAM,MAAM,IAAI,IAAI,oBAAoB,EAAE;AAC1C,QAAI,OAA4C,QAAQ;AAExD,UAAM,iBAAiB,CAAC,CAAC,IAAI,SAAS,MAAM,+CAA+C;AAC3F,UAAM,kBAAkB,CAAC,CAAC,IAAI,SAAS;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,CAAC,kBAAkB,CAAC;AACtB,YAAM,IAAI,MAAM,+CAA+C;AAEjE,QAAI,gBAAgB;AAClB,aAAO,MAAM,QAAQ,KAAK;AAC1B,YAAM,aAAa,IAAI,gBAAgB,KAAK,KAAK,CAAC;AAClD,UAAI,WAAW,IAAI,eAAe,GAAG;AACnC,cAAMC,gBAAe,QAAQ,QAAQ,IAAI,qBAAqB,IAAI,GAAG;AACrE,YAAIA,eAAc;AAChB,qBAAW,IAAI,iBAAiBA,aAAY;AAC5C,iBAAO,WAAW,SAAS;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK,EAAE,QAAQ,MAAM,QAAQ,CAAC;AAC3D,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,CAAC,SAAS,IAAI;AAChB,aAAO,aAAa,KAAK,MAAM,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,WAAW,CAAC;AAAA,IAC7F;AAEA,QAAI,cAAc,SAAS;AAC3B,QAAI,iBAAiB;AACnB,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,eAAe;AAAA,IACtB,OAAO;AACL,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,gBAAgB;AAAA,IACvB;AAEA,UAAM,eAAe,aAAa,KAAK,IAAI;AAC3C,QAAI,QAAS,cAAa,QAAQ,IAAI,EAAE,GAAG,iBAAiB,QAAQ,OAAO,QAAQ,CAAC;AACpF,QAAI,aAAc,cAAa,QAAQ,IAAI,EAAE,GAAG,sBAAsB,OAAO,aAAa,CAAC;AAC3F,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":["request","event","response","refreshToken"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"sourcesContent":["import type {\r\n AuthObject,\r\n RequestOptions,\r\n TernSecureRequest,\r\n} from '@tern-secure/backend';\r\nimport {\r\n constants,\r\n createTernSecureRequest,\r\n enableDebugLogging,\r\n} from '@tern-secure/backend';\r\nimport type {\r\n TernSecureConfig,\r\n} from '@tern-secure/types';\r\nimport { notFound as nextjsNotFound } from 'next/navigation';\r\nimport type { NextMiddleware,NextRequest } from 'next/server';\r\nimport { NextResponse } from 'next/server';\r\n\r\nimport { isRedirect, setHeader } from '../utils/response';\r\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\r\nimport { createEdgeCompatibleLogger } from '../utils/withLogger';\r\nimport { SIGN_IN_URL, SIGN_UP_URL } from './constant';\r\nimport {\r\n isNextjsNotFoundError,\r\n isNextjsRedirectError,\r\n isRedirectToSignInError,\r\n isRedirectToSignUpError,\r\n nextjsRedirectError,\r\n redirectToSignInError,\r\n redirectToSignUpError,\r\n} from './nextErrors';\r\nimport { type AuthProtect,createProtect } from './protect';\r\nimport { createRedirect, type RedirectFun } from './redirect';\r\nimport { ternSecureBackendClient } from './ternsecureClient';\r\nimport type {\r\n NextMiddlewareEvtParam,\r\n NextMiddlewareRequestParam,\r\n NextMiddlewareReturn,\r\n} from './types';\r\nimport { decorateRequest } from './utils';\r\n\r\nexport type MiddlewareAuthObject = AuthObject & {\r\n redirectToSignIn: RedirectFun<Response>;\r\n redirectToSignUp: RedirectFun<Response>;\r\n};\r\n\r\nexport interface MiddlewareAuth {\r\n (): Promise<MiddlewareAuthObject>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\ntype MiddlewareHandler = (\r\n auth: MiddlewareAuth,\r\n request: NextMiddlewareRequestParam,\r\n event: NextMiddlewareEvtParam,\r\n) => NextMiddlewareReturn;\r\n\r\nexport interface MiddlewareOptions extends RequestOptions {\r\n debug?: boolean;\r\n firebaseOptions?: TernSecureConfig;\r\n}\r\ntype MiddlewareOptionsCallback = (\r\n req: NextRequest,\r\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\r\n\r\ninterface TernSecureMiddleware {\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware(options);\r\n */\r\n (options?: MiddlewareOptions): NextMiddleware;\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware;\r\n */\r\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\r\n}\r\n\r\nexport const ternSecureMiddleware = ((\r\n ...args: unknown[]\r\n): NextMiddleware | NextMiddlewareReturn => {\r\n const [request, event] = parseRequestAndEvent(args);\r\n const [handler, params] = parseHandlerAndOptions(args);\r\n\r\n const middleware = () => {\r\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\r\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\r\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\r\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\r\n\r\n const options = {\r\n signInUrl,\r\n signUpUrl,\r\n ...resolvedParams,\r\n };\r\n\r\n const logger = createEdgeCompatibleLogger(options.debug);\r\n\r\n if (options.debug) {\r\n enableDebugLogging();\r\n }\r\n\r\n //const { authObject, headers: authHeaders } =\r\n // await authenticateMiddlewareRequest(request, checkRevoked, logger);\r\n\r\n //const reqBackend = await createBackendInstanceEdge(request, checkRevoked);\r\n const reqBackendClient = await ternSecureBackendClient();\r\n //const requestState = reqBackend.requestState;\r\n //const authObject = requestState.auth();\r\n //const authHeaders = requestState.headers;\r\n\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n const requestStateClient = await reqBackendClient.authenticateRequest(\r\n ternSecureRequest,\r\n options,\r\n );\r\n\r\n const authObjectClient = requestStateClient.auth();\r\n\r\n const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const protect = await createMiddlewareProtect(\r\n ternSecureRequest,\r\n authObjectClient,\r\n redirectToSignIn,\r\n );\r\n\r\n const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\r\n redirectToSignIn,\r\n redirectToSignUp,\r\n });\r\n\r\n const authHandler = () => Promise.resolve(authObj);\r\n authHandler.protect = protect;\r\n\r\n let handlerResult: Response = NextResponse.next();\r\n\r\n try {\r\n const userHandlerResult = await handler?.(authHandler, request, event);\r\n handlerResult = userHandlerResult || handlerResult;\r\n } catch (error: any) {\r\n handlerResult = handleControlError(error, ternSecureRequest, request);\r\n }\r\n\r\n if (requestStateClient.headers) {\r\n requestStateClient.headers.forEach((value, key) => {\r\n handlerResult.headers.append(key, value);\r\n });\r\n }\r\n\r\n if (isRedirect(handlerResult)) {\r\n return serverRedirectWithAuth(ternSecureRequest, handlerResult);\r\n }\r\n\r\n decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\r\n return handlerResult;\r\n };\r\n\r\n\r\n const nextMiddleware: NextMiddleware = async (request, event) => {\r\n if(isFirebaseCookieRequest(request)) {\r\n return handleFirebaseAuthRequest(request);\r\n }\r\n return withAuthNextMiddleware(request, event);\r\n };\r\n\r\n if (request && event) {\r\n return nextMiddleware(request, event);\r\n }\r\n\r\n return nextMiddleware;\r\n };\r\n return middleware();\r\n}) as TernSecureMiddleware;\r\n\r\nconst parseRequestAndEvent = (args: unknown[]) => {\r\n return [\r\n args[0] instanceof Request ? args[0] : undefined,\r\n args[0] instanceof Request ? args[1] : undefined,\r\n ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\r\n};\r\n\r\nconst parseHandlerAndOptions = (args: unknown[]) => {\r\n return [\r\n typeof args[0] === 'function' ? args[0] : undefined,\r\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\r\n ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\r\n};\r\n\r\nconst isFirebaseRequest = (request: NextMiddlewareRequestParam) =>\r\n request.nextUrl.pathname.startsWith('/__/');\r\n\r\nconst rewriteFirebaseRequest = (options: MiddlewareOptions, request: NextMiddlewareRequestParam) => {\r\n const newUrl = new URL(request.url);\r\n newUrl.host = options.firebaseOptions?.authDomain || '';\r\n newUrl.port = '';\r\n return NextResponse.rewrite(newUrl);\r\n}\r\n\r\nconst finalTarget = (request: NextMiddlewareRequestParam) => {\r\n const finalTargetUrl = request.nextUrl.searchParams.get('finalTarget');\r\n return finalTargetUrl ? new URL(finalTargetUrl, request.url) : undefined;\r\n};\r\n\r\nconst isFirebaseCookieRequest = (request: NextMiddlewareRequestParam) =>\r\n request.nextUrl.pathname === '/__cookies__';\r\n\r\n/**\r\n * Create middleware redirect functions\r\n */\r\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\r\n const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignInError(url, opts.returnBackUrl);\r\n };\r\n\r\n const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignUpError(url, opts.returnBackUrl);\r\n };\r\n\r\n return { redirectToSignIn, redirectToSignUp };\r\n};\r\n\r\nconst createMiddlewareProtect = (\r\n ternSecureRequest: TernSecureRequest,\r\n authObject: AuthObject,\r\n redirectToSignIn: RedirectFun<Response>,\r\n) => {\r\n return (async (params: any, options: any) => {\r\n const notFound = () => nextjsNotFound();\r\n\r\n const redirect = (url: string) =>\r\n nextjsRedirectError(url, {\r\n redirectUrl: url,\r\n });\r\n\r\n return createProtect({\r\n request: ternSecureRequest,\r\n redirect,\r\n notFound,\r\n authObject,\r\n redirectToSignIn,\r\n })(params, options);\r\n }) as unknown as Promise<AuthProtect>;\r\n};\r\n\r\nexport const redirectAdapter = (url: string | URL) => {\r\n return NextResponse.redirect(url, {\r\n headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\r\n });\r\n};\r\n\r\n/**\r\n * Handle control flow errors in middleware\r\n */\r\nconst handleControlError = (\r\n error: any,\r\n ternSecureRequest: TernSecureRequest,\r\n nextrequest: NextRequest,\r\n): Response => {\r\n if (isNextjsNotFoundError(error)) {\r\n return setHeader(\r\n NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\r\n constants.Headers.AuthReason,\r\n 'protect-rewrite',\r\n );\r\n }\r\n\r\n const isRedirectToSignIn = isRedirectToSignInError(error);\r\n const isRedirectToSignUp = isRedirectToSignUpError(error);\r\n\r\n if (isRedirectToSignIn || isRedirectToSignUp) {\r\n const redirect = createRedirect({\r\n redirectAdapter,\r\n baseUrl: ternSecureRequest.ternUrl,\r\n signInUrl: SIGN_IN_URL,\r\n signUpUrl: SIGN_UP_URL,\r\n });\r\n\r\n const { returnBackUrl } = error;\r\n\r\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\r\n returnBackUrl,\r\n });\r\n }\r\n\r\n if (isNextjsRedirectError(error)) {\r\n return redirectAdapter(error.redirectUrl);\r\n }\r\n\r\n throw error;\r\n};\r\n\r\nconst handleFirebaseAuthRequest = async (\r\n request: NextRequest,\r\n): Promise<NextResponse | null> => {\r\n\r\n console.log('Checking for __cookies__ path');\r\n\r\n const isDevMode = process.env.NODE_ENV === 'development';\r\n const ID_TOKEN_COOKIE_NAME = isDevMode ? `__dev_FIREBASE_[DEFAULT]` : `__HOST-FIREBASE_[DEFAULT]`;\r\n const REFRESH_TOKEN_COOKIE_NAME = isDevMode\r\n ? '__dev_FIREBASEID_[DEFAULT]'\r\n : `__HOST-FIREBASEID_[DEFAULT]`;\r\n const ID_TOKEN_COOKIE = {\r\n path: '/',\r\n secure: !isDevMode,\r\n sameSite: 'strict',\r\n partitioned: true,\r\n name: ID_TOKEN_COOKIE_NAME,\r\n maxAge: 34560000,\r\n priority: 'high',\r\n } as const;\r\n const REFRESH_TOKEN_COOKIE = {\r\n ...ID_TOKEN_COOKIE,\r\n httpOnly: true,\r\n name: REFRESH_TOKEN_COOKIE_NAME,\r\n } as const;\r\n\r\n if (request.nextUrl.pathname === '/__cookies__') {\r\n console.log('Handling /__cookies__ request');\r\n const method = request.method;\r\n if (method === 'DELETE') {\r\n const response = new NextResponse('');\r\n response.cookies.delete({ ...ID_TOKEN_COOKIE, maxAge: 0 });\r\n response.cookies.delete({ ...REFRESH_TOKEN_COOKIE, maxAge: 0 });\r\n return response;\r\n }\r\n\r\n const headers: Record<string, string> = {};\r\n const headerNames = [\r\n 'content-type',\r\n 'X-Firebase-Client',\r\n 'X-Firebase-gmpid',\r\n 'X-Firebase-AppCheck',\r\n 'X-Client-Version',\r\n ];\r\n\r\n headerNames.forEach(headerName => {\r\n const headerValue = request.headers.get(headerName);\r\n if (headerValue) {\r\n headers[headerName] = headerValue;\r\n }\r\n });\r\n\r\n const finalTargetParam = request.nextUrl.searchParams.get('finalTarget');\r\n\r\n const url = new URL(finalTargetParam || '');\r\n let body: ReadableStream<any> | string | null = request.body;\r\n\r\n const isTokenRequest = !!url.pathname.match(/^(\\/securetoken\\.googleapis\\.com)?\\/v1\\/token/);\r\n const isSignInRequest = !!url.pathname.match(\r\n /^(\\/identitytoolkit\\.googleapis\\.com)?\\/v1\\/accounts:signInWith/,\r\n );\r\n\r\n if (!isTokenRequest && !isSignInRequest)\r\n throw new Error('Could not determine the request type to proxy');\r\n\r\n if (isTokenRequest) {\r\n body = await request.text();\r\n const bodyParams = new URLSearchParams(body.trim());\r\n if (bodyParams.has('refresh_token')) {\r\n const refreshToken = request.cookies.get(REFRESH_TOKEN_COOKIE.name)?.value;\r\n if (refreshToken) {\r\n bodyParams.set('refresh_token', refreshToken);\r\n body = bodyParams.toString();\r\n }\r\n }\r\n }\r\n\r\n const response = await fetch(url, { method, body, headers });\r\n const json = await response.json();\r\n\r\n if (!response.ok) {\r\n return NextResponse.json(json, { status: response.status, statusText: response.statusText });\r\n }\r\n\r\n let refreshToken, idToken, maxAge;\r\n if (isSignInRequest) {\r\n refreshToken = json.refreshToken;\r\n idToken = json.idToken;\r\n maxAge = json.expiresIn;\r\n json.refreshToken = 'REDACTED';\r\n } else {\r\n refreshToken = json.refresh_token;\r\n idToken = json.id_token;\r\n maxAge = json.expires_in;\r\n json.refresh_token = 'REDACTED';\r\n }\r\n\r\n const nextResponse = NextResponse.json(json);\r\n if (idToken) nextResponse.cookies.set({ ...ID_TOKEN_COOKIE, maxAge, value: idToken });\r\n if (refreshToken) nextResponse.cookies.set({ ...REFRESH_TOKEN_COOKIE, value: refreshToken });\r\n return nextResponse;\r\n }\r\n return null;\r\n};\r\n"],"mappings":"AAKA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAIP,SAAS,YAAY,sBAAsB;AAE3C,SAAS,oBAAoB;AAE7B,SAAS,YAAY,iBAAiB;AACtC,SAAS,8BAA8B;AACvC,SAAS,kCAAkC;AAC3C,SAAS,aAAa,mBAAmB;AACzC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAA0B,qBAAqB;AAC/C,SAAS,sBAAwC;AACjD,SAAS,+BAA+B;AAMxC,SAAS,uBAAuB;AAoDzB,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAC9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,SAAS,2BAA2B,QAAQ,KAAK;AAEvD,UAAI,QAAQ,OAAO;AACjB,2BAAmB;AAAA,MACrB;AAMA,YAAM,mBAAmB,MAAM,wBAAwB;AAKvD,YAAM,oBAAoB,wBAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,aAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,QAAO;AAAA,MACtE;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,UAAI,WAAW,aAAa,GAAG;AAC7B,eAAO,uBAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,sBAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAGA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,UAAG,wBAAwBD,QAAO,GAAG;AACnC,eAAO,0BAA0BA,QAAO;AAAA,MAC1C;AACA,aAAO,uBAAuBA,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAEA,MAAM,oBAAoB,CAAC,YACzB,QAAQ,QAAQ,SAAS,WAAW,MAAM;AAE5C,MAAM,yBAAyB,CAAC,SAA4B,YAAwC;AAClG,QAAM,SAAS,IAAI,IAAI,QAAQ,GAAG;AAClC,SAAO,OAAO,QAAQ,iBAAiB,cAAc;AACrD,SAAO,OAAO;AACd,SAAO,aAAa,QAAQ,MAAM;AACpC;AAEA,MAAM,cAAc,CAAC,YAAwC;AAC3D,QAAM,iBAAiB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AACrE,SAAO,iBAAiB,IAAI,IAAI,gBAAgB,QAAQ,GAAG,IAAI;AACjE;AAEA,MAAM,0BAA0B,CAAC,YAC/B,QAAQ,QAAQ,aAAa;AAK/B,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,MAAM,eAAe;AAEtC,UAAM,WAAW,CAAC,QAChB,oBAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,WAAO,cAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,aAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,UAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO;AAAA,MACL,aAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,UAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,qBAAqB,wBAAwB,KAAK;AACxD,QAAM,qBAAqB,wBAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,WAAW,eAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;AAEA,MAAM,4BAA4B,OAChC,YACiC;AAEjC,UAAQ,IAAI,+BAA+B;AAE3C,QAAM,YAAY,QAAQ,IAAI,aAAa;AAC3C,QAAM,uBAAuB,YAAY,6BAA6B;AACtE,QAAM,4BAA4B,YAC9B,+BACA;AACJ,QAAM,kBAAkB;AAAA,IACtB,MAAM;AAAA,IACN,QAAQ,CAAC;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,EACZ;AACA,QAAM,uBAAuB;AAAA,IAC3B,GAAG;AAAA,IACH,UAAU;AAAA,IACV,MAAM;AAAA,EACR;AAEA,MAAI,QAAQ,QAAQ,aAAa,gBAAgB;AAC/C,YAAQ,IAAI,+BAA+B;AAC3C,UAAM,SAAS,QAAQ;AACvB,QAAI,WAAW,UAAU;AACvB,YAAMC,YAAW,IAAI,aAAa,EAAE;AACpC,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,iBAAiB,QAAQ,EAAE,CAAC;AACzD,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,sBAAsB,QAAQ,EAAE,CAAC;AAC9D,aAAOA;AAAA,IACT;AAEA,UAAM,UAAkC,CAAC;AACrC,UAAM,cAAc;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,gBAAY,QAAQ,gBAAc;AAChC,YAAM,cAAc,QAAQ,QAAQ,IAAI,UAAU;AAClD,UAAI,aAAa;AACf,gBAAQ,UAAU,IAAI;AAAA,MACxB;AAAA,IACF,CAAC;AAED,UAAM,mBAAmB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AAEvE,UAAM,MAAM,IAAI,IAAI,oBAAoB,EAAE;AAC1C,QAAI,OAA4C,QAAQ;AAExD,UAAM,iBAAiB,CAAC,CAAC,IAAI,SAAS,MAAM,+CAA+C;AAC3F,UAAM,kBAAkB,CAAC,CAAC,IAAI,SAAS;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,CAAC,kBAAkB,CAAC;AACtB,YAAM,IAAI,MAAM,+CAA+C;AAEjE,QAAI,gBAAgB;AAClB,aAAO,MAAM,QAAQ,KAAK;AAC1B,YAAM,aAAa,IAAI,gBAAgB,KAAK,KAAK,CAAC;AAClD,UAAI,WAAW,IAAI,eAAe,GAAG;AACnC,cAAMC,gBAAe,QAAQ,QAAQ,IAAI,qBAAqB,IAAI,GAAG;AACrE,YAAIA,eAAc;AAChB,qBAAW,IAAI,iBAAiBA,aAAY;AAC5C,iBAAO,WAAW,SAAS;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK,EAAE,QAAQ,MAAM,QAAQ,CAAC;AAC3D,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,CAAC,SAAS,IAAI;AAChB,aAAO,aAAa,KAAK,MAAM,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,WAAW,CAAC;AAAA,IAC7F;AAEA,QAAI,cAAc,SAAS;AAC3B,QAAI,iBAAiB;AACnB,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,eAAe;AAAA,IACtB,OAAO;AACL,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,gBAAgB;AAAA,IACvB;AAEA,UAAM,eAAe,aAAa,KAAK,IAAI;AAC3C,QAAI,QAAS,cAAa,QAAQ,IAAI,EAAE,GAAG,iBAAiB,QAAQ,OAAO,QAAQ,CAAC;AACpF,QAAI,aAAc,cAAa,QAAQ,IAAI,EAAE,GAAG,sBAAsB,OAAO,aAAa,CAAC;AAC3F,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":["request","event","response","refreshToken"]}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import {
|
|
2
|
+
createBackendInstanceClient
|
|
3
|
+
} from "@tern-secure/backend";
|
|
4
|
+
import { API_KEY, API_URL, API_VERSION } from "./constant";
|
|
5
|
+
const backendClientDefaultOptions = {
|
|
6
|
+
apiKey: API_KEY,
|
|
7
|
+
apiUrl: API_URL,
|
|
8
|
+
apiVersion: API_VERSION
|
|
9
|
+
};
|
|
10
|
+
const ternSecureBackendClient = async () => {
|
|
11
|
+
return createBackendClientWithOptions({});
|
|
12
|
+
};
|
|
13
|
+
const createBackendClientWithOptions = (options) => {
|
|
14
|
+
return createBackendInstanceClient({
|
|
15
|
+
...backendClientDefaultOptions,
|
|
16
|
+
...options
|
|
17
|
+
});
|
|
18
|
+
};
|
|
19
|
+
export {
|
|
20
|
+
ternSecureBackendClient
|
|
21
|
+
};
|
|
22
|
+
//# sourceMappingURL=ternsecureClient.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/server/ternsecureClient.ts"],"sourcesContent":["import {\n createBackendInstanceClient,\n} from '@tern-secure/backend';\n\nimport { API_KEY, API_URL, API_VERSION } from './constant';\n\nconst backendClientDefaultOptions = {\n apiKey: API_KEY,\n apiUrl: API_URL,\n apiVersion: API_VERSION,\n};\n\nconst ternSecureBackendClient = async () => {\n return createBackendClientWithOptions({});\n};\n\nconst createBackendClientWithOptions: typeof createBackendInstanceClient = options => {\n return createBackendInstanceClient({\n ...backendClientDefaultOptions,\n ...options,\n });\n};\n\nexport { ternSecureBackendClient };"],"mappings":"AAAA;AAAA,EACE;AAAA,OACK;AAEP,SAAS,SAAS,SAAS,mBAAmB;AAE9C,MAAM,8BAA8B;AAAA,EAClC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,YAAY;AACd;AAEA,MAAM,0BAA0B,YAAY;AAC1C,SAAO,+BAA+B,CAAC,CAAC;AAC1C;AAEA,MAAM,iCAAqE,aAAW;AACpF,SAAO,4BAA4B;AAAA,IACjC,GAAG;AAAA,IACH,GAAG;AAAA,EACL,CAAC;AACH;","names":[]}
|
|
@@ -1,18 +1,20 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { RequestProcessorContext } from '../../c-authenticateRequestProcessor';
|
|
2
|
+
import type { AuthEndpoint, SessionSubEndpoint, TernSecureHandlerOptions } from '../../types';
|
|
2
3
|
export interface HandlerContext {
|
|
3
4
|
request: Request;
|
|
4
5
|
pathSegments: string[];
|
|
5
6
|
endpoint: AuthEndpoint;
|
|
6
|
-
subEndpoint: SessionSubEndpoint
|
|
7
|
+
subEndpoint: SessionSubEndpoint;
|
|
7
8
|
method: string;
|
|
9
|
+
requestProcessorContext: RequestProcessorContext;
|
|
8
10
|
}
|
|
9
11
|
export interface EndpointHandler {
|
|
10
12
|
canHandle(endpoint: AuthEndpoint): boolean;
|
|
11
|
-
handle(
|
|
13
|
+
handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;
|
|
12
14
|
}
|
|
13
15
|
export declare abstract class BaseEndpointHandler implements EndpointHandler {
|
|
14
16
|
abstract canHandle(endpoint: AuthEndpoint): boolean;
|
|
15
|
-
abstract handle(
|
|
17
|
+
abstract handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;
|
|
16
18
|
protected validateMethod(allowedMethods: string[], method: string): boolean;
|
|
17
19
|
protected validateSubEndpoint(subEndpoint: SessionSubEndpoint | undefined, requiredSubEndpoint?: boolean): boolean;
|
|
18
20
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"abstract.d.ts","sourceRoot":"","sources":["../../../../../../src/app-router/admin/api/endpoints/abstract.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,kBAAkB,EAClB
|
|
1
|
+
{"version":3,"file":"abstract.d.ts","sourceRoot":"","sources":["../../../../../../src/app-router/admin/api/endpoints/abstract.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AACpF,OAAO,KAAK,EACV,YAAY,EACZ,kBAAkB,EAClB,wBAAwB,EACzB,MAAM,aAAa,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,QAAQ,EAAE,YAAY,CAAC;IACvB,WAAW,EAAE,kBAAkB,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB,EAAE,uBAAuB,CAAC;CAClD;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC;IAC3C,MAAM,CACJ,OAAO,EAAE,uBAAuB,EAChC,MAAM,EAAE,wBAAwB,GAC/B,OAAO,CAAC,QAAQ,CAAC,CAAC;CACtB;AAED,8BAAsB,mBAAoB,YAAW,eAAe;IAClE,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO;IACnD,QAAQ,CAAC,MAAM,CACb,OAAO,EAAE,uBAAuB,EAChC,MAAM,EAAE,wBAAwB,GAC/B,OAAO,CAAC,QAAQ,CAAC;IAEpB,SAAS,CAAC,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAI3E,SAAS,CAAC,mBAAmB,CAC3B,WAAW,EAAE,kBAAkB,GAAG,SAAS,EAC3C,mBAAmB,CAAC,EAAE,OAAO,GAC5B,OAAO;CAMX"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { TernSecureRequest } from '@tern-secure/backend';
|
|
2
|
-
import type { TernSecureHandlerOptions } from './types';
|
|
2
|
+
import type { AuthEndpoint, SessionSubEndpoint, TernSecureHandlerOptions } from './types';
|
|
3
3
|
/**
|
|
4
4
|
* Request context for better type safety and clarity
|
|
5
5
|
*/
|
|
@@ -13,10 +13,17 @@ interface RequestProcessorContext extends TernSecureHandlerOptions {
|
|
|
13
13
|
userAgent: string | undefined;
|
|
14
14
|
secFetchDest: string | undefined;
|
|
15
15
|
accept: string | undefined;
|
|
16
|
-
|
|
16
|
+
idTokenInCookie: string | undefined;
|
|
17
17
|
refreshTokenInCookie: string | undefined;
|
|
18
18
|
csrfTokenInCookie: string | undefined;
|
|
19
|
+
sessionTokenInCookie?: string | undefined;
|
|
20
|
+
customTokenInCookie?: string | undefined;
|
|
21
|
+
method: string;
|
|
22
|
+
pathSegments: string[];
|
|
23
|
+
endpoint?: AuthEndpoint;
|
|
24
|
+
subEndpoint?: SessionSubEndpoint;
|
|
19
25
|
ternUrl: URL;
|
|
26
|
+
instanceType: string;
|
|
20
27
|
}
|
|
21
28
|
/**
|
|
22
29
|
* Request processor utility class for common operations
|
|
@@ -25,13 +32,14 @@ declare class RequestProcessorContext implements RequestProcessorContext {
|
|
|
25
32
|
private ternSecureRequest;
|
|
26
33
|
private options;
|
|
27
34
|
constructor(ternSecureRequest: TernSecureRequest, options: TernSecureHandlerOptions);
|
|
35
|
+
get request(): TernSecureRequest;
|
|
28
36
|
private initHeaderValues;
|
|
29
37
|
private initCookieValues;
|
|
30
|
-
private
|
|
38
|
+
private initUrlValues;
|
|
31
39
|
private getHeader;
|
|
32
40
|
private getCookie;
|
|
33
41
|
private parseAuthorizationHeader;
|
|
34
42
|
}
|
|
35
43
|
export type { RequestProcessorContext };
|
|
36
|
-
export declare const createRequestProcessor: (ternSecureRequest: TernSecureRequest, options: TernSecureHandlerOptions) =>
|
|
37
|
-
//# sourceMappingURL=
|
|
44
|
+
export declare const createRequestProcessor: (ternSecureRequest: TernSecureRequest, options: TernSecureHandlerOptions) => RequestProcessorContext;
|
|
45
|
+
//# sourceMappingURL=c-authenticateRequestProcessor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"c-authenticateRequestProcessor.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/c-authenticateRequestProcessor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAG9D,OAAO,KAAK,EAAE,YAAY,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAE1F;;GAEG;AACH,UAAU,uBAAwB,SAAQ,wBAAwB;IAEhE,oBAAoB,EAAE,MAAM,GAAG,SAAS,CAAC;IACzC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAG3B,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,oBAAoB,EAAE,MAAM,GAAG,SAAS,CAAC;IACzC,iBAAiB,EAAE,MAAM,GAAG,SAAS,CAAC;IACtC,oBAAoB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1C,mBAAmB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAEzC,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,WAAW,CAAC,EAAE,kBAAkB,CAAC;IAEjC,OAAO,EAAE,GAAG,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,cAAM,uBAAwB,YAAW,uBAAuB;IAE5D,OAAO,CAAC,iBAAiB;IACzB,OAAO,CAAC,OAAO;gBADP,iBAAiB,EAAE,iBAAiB,EACpC,OAAO,EAAE,wBAAwB;IAS3C,IAAW,OAAO,IAAI,iBAAiB,CAEtC;IAED,OAAO,CAAC,gBAAgB;IAgBxB,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,wBAAwB;CAqBjC;AAED,YAAY,EAAE,uBAAuB,EAAE,CAAC;AAExC,eAAO,MAAM,sBAAsB,GACjC,mBAAmB,iBAAiB,EACpC,SAAS,wBAAwB,KAChC,uBAEF,CAAC"}
|
|
@@ -1,2 +1,8 @@
|
|
|
1
1
|
export declare const TENANT_ID: string;
|
|
2
|
+
export declare const FIREBASE_API_KEY: string;
|
|
3
|
+
export declare const FIREBASE_AUTH_DOMAIN: string;
|
|
4
|
+
export declare const FIREBASE_PROJECT_ID: string;
|
|
5
|
+
export declare const FIREBASE_STORAGE_BUCKET: string;
|
|
6
|
+
export declare const FIREBASE_MESSAGING_SENDER_ID: string;
|
|
7
|
+
export declare const FIREBASE_APP_ID: string;
|
|
2
8
|
//# sourceMappingURL=constants.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,SAAS,QAAmD,CAAC"}
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,SAAS,QAAmD,CAAC;AAC1E,eAAO,MAAM,gBAAgB,QAAiD,CAAC;AAC/E,eAAO,MAAM,oBAAoB,QAAqD,CAAC;AACvF,eAAO,MAAM,mBAAmB,QAAoD,CAAC;AACrF,eAAO,MAAM,uBAAuB,QAAwD,CAAC;AAC7F,eAAO,MAAM,4BAA4B,QAA6D,CAAC;AACvG,eAAO,MAAM,eAAe,QAAgD,CAAC"}
|
|
@@ -1,9 +1,12 @@
|
|
|
1
|
-
import type {
|
|
2
|
-
import type {
|
|
3
|
-
|
|
1
|
+
import type { RequestProcessorContext } from './c-authenticateRequestProcessor';
|
|
2
|
+
import type { AuthEndpoint, TernSecureHandlerOptions } from './types';
|
|
3
|
+
export interface EndpointHandler {
|
|
4
|
+
canHandle(endpoint: AuthEndpoint): boolean;
|
|
5
|
+
handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;
|
|
6
|
+
}
|
|
4
7
|
export declare class EndpointRouter {
|
|
5
8
|
private static readonly handlers;
|
|
6
|
-
static route(
|
|
9
|
+
static route(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;
|
|
7
10
|
static addHandler(handler: EndpointHandler): void;
|
|
8
11
|
static removeHandler(predicate: (handler: EndpointHandler) => boolean): void;
|
|
9
12
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"endpointRouter.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/endpointRouter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"endpointRouter.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/endpointRouter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAGhF,OAAO,KAAK,EAAE,YAAY,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAEtE,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC;IAC3C,MAAM,CAAC,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,wBAAwB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC/F;AA2BD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAkE;WAErF,KAAK,CAChB,OAAO,EAAE,uBAAuB,EAChC,MAAM,EAAE,wBAAwB,GAC/B,OAAO,CAAC,QAAQ,CAAC;IAgBpB,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI;IAIjD,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,eAAe,KAAK,OAAO,GAAG,IAAI;CAM7E"}
|
|
@@ -1,19 +1,10 @@
|
|
|
1
|
+
import type { RequestProcessorContext } from './c-authenticateRequestProcessor';
|
|
1
2
|
import type { AuthEndpoint, ComprehensiveValidationResult, CorsOptions, EndpointConfig, SecurityOptions, SessionSubEndpoint, ValidationConfig } from './types';
|
|
2
|
-
export interface RequestContext {
|
|
3
|
-
request: Request;
|
|
4
|
-
origin: string | null;
|
|
5
|
-
host: string | null;
|
|
6
|
-
referer: string | null;
|
|
7
|
-
userAgent: string;
|
|
8
|
-
method: string;
|
|
9
|
-
pathSegments: string[];
|
|
10
|
-
}
|
|
11
|
-
export declare function createRequestContext(request: Request): RequestContext;
|
|
12
3
|
/**
|
|
13
4
|
* Main validators factory function
|
|
14
5
|
* Returns an object containing all validator functions and utilities
|
|
15
6
|
*/
|
|
16
|
-
export declare function createValidators(context:
|
|
7
|
+
export declare function createValidators(context: RequestProcessorContext): {
|
|
17
8
|
createValidationConfig: (overrides?: Partial<ValidationConfig>) => ValidationConfig;
|
|
18
9
|
validateRequest: (config: ValidationConfig) => Promise<ComprehensiveValidationResult>;
|
|
19
10
|
validateCors: (corsOptions: CorsOptions) => Promise<Response | null>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fnValidators.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/fnValidators.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"fnValidators.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/fnValidators.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAEhF,OAAO,KAAK,EACV,YAAY,EACZ,6BAA6B,EAC7B,WAAW,EACX,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,SAAS,CAAC;AAEjB;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,uBAAuB;yCA8SpB,OAAO,CAAC,gBAAgB,CAAC,KAAQ,gBAAgB;8BA9ErD,gBAAgB,KAAG,OAAO,CAAC,6BAA6B,CAAC;gCA5NvD,WAAW,KAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;wCAqD9B,eAAe,KAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;iCA0FzD,QAAQ,GAAG,IAAI;kCAYpC,YAAY,kBACP,cAAc,KAC7B,QAAQ,GAAG,IAAI;uCAaH,kBAAkB,GAAG,SAAS,qBACxB,GAAG,KACrB,QAAQ,GAAG,IAAI;kCAgBuB,OAAO,CAAC;QAC/C,IAAI,EAAE,GAAG,CAAC;QACV,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,QAAQ,CAAC;KAClB,CAAC;+BAYgC,MAAM,GAAG,SAAS,KAAG,QAAQ,GAAG,IAAI;mCAhFzD,MAAM,mBACA,MAAM,GAAG,SAAS,KAClC,QAAQ,GAAG,IAAI;6CAvG8B,WAAW,KAAG,QAAQ;EAwSvE"}
|
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
export { createTernSecureNextJsHandler } from './ternsecureNextjsHandler';
|
|
2
2
|
export { clearSessionCookieServer, clearNextSessionCookie, createSessionCookieServer, createNextSessionCookie, setNextServerSession, setNextServerToken } from './actions';
|
|
3
3
|
export { EndpointRouter } from './endpointRouter';
|
|
4
|
-
export {
|
|
5
|
-
export type { HandlerContext } from './handlerUtils';
|
|
6
|
-
export type { TernSecureHandlerOptions, TernSecureInternalHandlerConfig } from './types';
|
|
4
|
+
export type { TernSecureHandlerOptions } from './types';
|
|
7
5
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,2BAA2B,CAAA;AAEzE,OAAO,EACH,wBAAwB,EACxB,sBAAsB,EACtB,yBAAyB,EACzB,uBAAuB,EACvB,oBAAoB,EACpB,kBAAkB,EACrB,MAAM,WAAW,CAAA;AAElB,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,2BAA2B,CAAA;AAEzE,OAAO,EACH,wBAAwB,EACxB,sBAAsB,EACtB,yBAAyB,EACzB,uBAAuB,EACvB,oBAAoB,EACpB,kBAAkB,EACrB,MAAM,WAAW,CAAA;AAElB,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAEjD,YAAY,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAA"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import type { NextCookieStore } from '../../utils/NextCookieAdapter';
|
|
2
|
+
import type { TernSecureHandlerOptions } from './types';
|
|
3
|
+
export declare function refreshCookieWithIdToken(idToken: string, cookieStore: NextCookieStore, options?: TernSecureHandlerOptions): Promise<void>;
|
|
4
|
+
//# sourceMappingURL=request.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/request.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AASrE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAQxD,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,eAAe,EAC5B,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,IAAI,CAAC,CAsCf"}
|
|
@@ -1,25 +1,4 @@
|
|
|
1
|
-
import
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
*/
|
|
5
|
-
export declare class SessionGetHandler {
|
|
6
|
-
static handle(subEndpoint: SessionSubEndpoint, _config: Required<TernSecureHandlerOptions>): Promise<Response>;
|
|
7
|
-
private static handleVerify;
|
|
8
|
-
}
|
|
9
|
-
/**
|
|
10
|
-
* Session POST request handlers
|
|
11
|
-
*/
|
|
12
|
-
export declare class SessionPostHandler {
|
|
13
|
-
static handle(request: Request, subEndpoint: SessionSubEndpoint, _config: TernSecureInternalHandlerConfig): Promise<Response>;
|
|
14
|
-
private static handleCreateSession;
|
|
15
|
-
private static handleRefreshSession;
|
|
16
|
-
private static handleRevokeSession;
|
|
17
|
-
}
|
|
18
|
-
/**
|
|
19
|
-
* Main session endpoint orchestrator
|
|
20
|
-
*/
|
|
21
|
-
export declare class SessionEndpointHandler {
|
|
22
|
-
static handle(request: Request, method: string, subEndpoint: SessionSubEndpoint | undefined, config: Required<TernSecureHandlerOptions>): Promise<Response>;
|
|
23
|
-
private static validateSubEndpoint;
|
|
24
|
-
}
|
|
1
|
+
import { type RequestProcessorContext } from './c-authenticateRequestProcessor';
|
|
2
|
+
import type { TernSecureHandlerOptions } from './types';
|
|
3
|
+
export declare function sessionEndpointHandler(context: RequestProcessorContext, options: TernSecureHandlerOptions): Promise<Response>;
|
|
25
4
|
//# sourceMappingURL=sessionHandlers.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sessionHandlers.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sessionHandlers.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,KAAK,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAIhF,OAAO,KAAK,EAAsB,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAE5E,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,uBAAuB,EAChC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,QAAQ,CAAC,CA8HnB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ternsecureNextjsHandler.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/ternsecureNextjsHandler.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"ternsecureNextjsHandler.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/ternsecureNextjsHandler.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAgBxD,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,wBAAwB;4BAG7C,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;6BAA3B,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;EAqB5D"}
|
|
@@ -1,72 +1,33 @@
|
|
|
1
|
+
import type { AuthEndpoint, CookieOpts as CookieOptions, CorsOptions, EndpointConfig, SecurityOptions, SessionEndpointConfig, SessionSubEndpoint, TernSecureHandlerOptions, TokenCookieConfig } from '@tern-secure/types';
|
|
1
2
|
import { type NextResponse } from 'next/server';
|
|
2
|
-
export
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
export interface CookieOptions {
|
|
11
|
-
name?: string;
|
|
12
|
-
domain?: string;
|
|
13
|
-
path?: string;
|
|
14
|
-
httpOnly?: boolean;
|
|
15
|
-
sameSite?: 'strict' | 'lax' | 'none';
|
|
16
|
-
maxAge?: number;
|
|
17
|
-
}
|
|
18
|
-
export interface RateLimitOptions {
|
|
19
|
-
windowMs?: number;
|
|
20
|
-
maxRequests?: number;
|
|
21
|
-
skipSuccessful?: boolean;
|
|
22
|
-
skipFailedRequests?: boolean;
|
|
23
|
-
}
|
|
24
|
-
export interface SecurityOptions {
|
|
25
|
-
requireCSRF?: boolean;
|
|
26
|
-
allowedReferers?: string[];
|
|
27
|
-
requiredHeaders?: Record<string, string>;
|
|
28
|
-
ipWhitelist?: string[];
|
|
29
|
-
userAgent?: {
|
|
30
|
-
block?: string[];
|
|
31
|
-
allow?: string[];
|
|
3
|
+
export declare const DEFAULT_CORS_OPTIONS: CorsOptions;
|
|
4
|
+
export declare const DEFAULT_COOKIE_OPTIONS: CookieOptions;
|
|
5
|
+
export declare const FIXED_TOKEN_CONFIGS: {
|
|
6
|
+
readonly id: {
|
|
7
|
+
readonly path: "/";
|
|
8
|
+
readonly httpOnly: true;
|
|
9
|
+
readonly sameSite: "lax";
|
|
10
|
+
readonly maxAge: 3600;
|
|
32
11
|
};
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
rateLimit?: RateLimitOptions;
|
|
39
|
-
security?: SecurityOptions;
|
|
40
|
-
cors?: Partial<CorsOptions>;
|
|
41
|
-
}
|
|
42
|
-
export interface SessionEndpointConfig extends EndpointConfig {
|
|
43
|
-
subEndpoints?: {
|
|
44
|
-
[K in SessionSubEndpoint]?: Partial<EndpointConfig>;
|
|
12
|
+
readonly refresh: {
|
|
13
|
+
readonly path: "/";
|
|
14
|
+
readonly httpOnly: true;
|
|
15
|
+
readonly sameSite: "lax";
|
|
16
|
+
readonly maxAge: number;
|
|
45
17
|
};
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
18
|
+
readonly signature: {
|
|
19
|
+
readonly path: "/";
|
|
20
|
+
readonly httpOnly: true;
|
|
21
|
+
readonly sameSite: "lax";
|
|
22
|
+
readonly maxAge: number;
|
|
23
|
+
};
|
|
24
|
+
readonly custom: {
|
|
25
|
+
readonly path: "/";
|
|
26
|
+
readonly httpOnly: true;
|
|
27
|
+
readonly sameSite: "lax";
|
|
28
|
+
readonly maxAge: number;
|
|
54
29
|
};
|
|
55
|
-
debug?: boolean;
|
|
56
|
-
environment?: 'development' | 'production' | 'test';
|
|
57
|
-
basePath?: string;
|
|
58
|
-
}
|
|
59
|
-
/**
|
|
60
|
-
* Define an internal config type that extends the public options
|
|
61
|
-
* with server-side only values like tenantId.
|
|
62
|
-
*/
|
|
63
|
-
export type TernSecureInternalHandlerConfig = Required<TernSecureHandlerOptions> & {
|
|
64
|
-
tenantId?: string;
|
|
65
30
|
};
|
|
66
|
-
export type AuthEndpoint = 'sessions' | 'users';
|
|
67
|
-
export type SessionSubEndpoint = 'verify' | 'createsession' | 'refresh' | 'revoke';
|
|
68
|
-
export declare const DEFAULT_CORS_OPTIONS: CorsOptions;
|
|
69
|
-
export declare const DEFAULT_COOKIE_OPTIONS: CookieOptions;
|
|
70
31
|
export declare const DEFAULT_SECURITY_OPTIONS: SecurityOptions;
|
|
71
32
|
export declare const DEFAULT_ENDPOINT_CONFIG: EndpointConfig;
|
|
72
33
|
export declare const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig;
|
|
@@ -101,4 +62,19 @@ export interface ComprehensiveValidationResult {
|
|
|
101
62
|
csrfToken?: string;
|
|
102
63
|
};
|
|
103
64
|
}
|
|
65
|
+
export type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';
|
|
66
|
+
export declare class CookieUtils {
|
|
67
|
+
static getCookieName(namePrefix: string, tokenType: suffix): string;
|
|
68
|
+
static getCookieNames(namePrefix: string): {
|
|
69
|
+
session: string;
|
|
70
|
+
id: string;
|
|
71
|
+
refresh: string;
|
|
72
|
+
signature: string;
|
|
73
|
+
custom: string;
|
|
74
|
+
};
|
|
75
|
+
static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig;
|
|
76
|
+
static getFixedTokenConfig(cookieOptions: CookieOptions, tokenType: Exclude<suffix, 'session'>): TokenCookieConfig;
|
|
77
|
+
static validateSessionMaxAge(maxAge: number): boolean;
|
|
78
|
+
}
|
|
79
|
+
export { AuthEndpoint, CookieOptions, CorsOptions, SecurityOptions, SessionSubEndpoint, EndpointConfig, SessionEndpointConfig, TernSecureHandlerOptions, };
|
|
104
80
|
//# sourceMappingURL=types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/types.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,UAAU,IAAI,aAAa,EAC3B,WAAW,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,EAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,eAAO,MAAM,oBAAoB,EAAE,WAMlC,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,aAQpC,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;CAyBtB,CAAC;AAEX,eAAO,MAAM,wBAAwB,EAAE,eAStC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,cAKrC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,qBAqCrC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,wBAAwB,CAAC,GAAG;IACzE,SAAS,EAAE,QAAQ,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;CAmBzE,CAAC;AAEF,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,YAAY,CAAC;QACnB,MAAM,EAAE,cAAc,CAAC;KACxB,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,kBAAkB,CAAC;QACzB,MAAM,EAAE,cAAc,CAAC;KACxB,CAAC;IACF,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,QAAQ,CAAC;IACjB,YAAY,CAAC,EAAE,QAAQ,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,GAAG,CAAC;QACV,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,MAAM,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC;AAE3E,qBAAa,WAAW;IACtB,MAAM,CAAC,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM;IAInE,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,MAAM;;;;;;;IAUxC,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,GAAG,iBAAiB;IAaxE,MAAM,CAAC,mBAAmB,CACxB,aAAa,EAAE,aAAa,EAC5B,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,GACpC,iBAAiB;IAYpB,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;CAKtD;AAED,OAAO,EACL,YAAY,EACZ,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,qBAAqB,EACrB,wBAAwB,GACzB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constant.d.ts","sourceRoot":"","sources":["../../../src/server/constant.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"constant.d.ts","sourceRoot":"","sources":["../../../src/server/constant.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,OAAO,QAAiD,CAAC;AACtE,eAAO,MAAM,OAAO,QAAuC,CAAC;AAC5D,eAAO,MAAM,WAAW,QAA6C,CAAC;AACtE,eAAO,MAAM,WAAW,QAA4C,CAAC;AACrE,eAAO,MAAM,WAAW,QAA4C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ternSecureEdgeMiddleware.d.ts","sourceRoot":"","sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,UAAU,EACV,cAAc,EAEf,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"ternSecureEdgeMiddleware.d.ts","sourceRoot":"","sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,UAAU,EACV,cAAc,EAEf,MAAM,sBAAsB,CAAC;AAM9B,OAAO,KAAK,EACV,gBAAgB,EACjB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,EAAE,cAAc,EAAC,WAAW,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAe3C,OAAO,EAAE,KAAK,WAAW,EAAgB,MAAM,WAAW,CAAC;AAC3D,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9D,OAAO,KAAK,EACV,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACrB,MAAM,SAAS,CAAC;AAGjB,MAAM,MAAM,oBAAoB,GAAG,UAAU,GAAG;IAC9C,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxC,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;CACzC,CAAC;AAEF,MAAM,WAAW,cAAc;IAC7B,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAElC,OAAO,EAAE,WAAW,CAAC;CACtB;AAED,KAAK,iBAAiB,GAAG,CACvB,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE,0BAA0B,EACnC,KAAK,EAAE,sBAAsB,KAC1B,oBAAoB,CAAC;AAE1B,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,eAAe,CAAC,EAAE,gBAAgB,CAAC;CACpC;AACD,KAAK,yBAAyB,GAAG,CAC/B,GAAG,EAAE,WAAW,KACb,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEpD,UAAU,oBAAoB;IAC5B;;;OAGG;IACH,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAE1E;;;OAGG;IACH,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,yBAAyB,GAAG,cAAc,CAAC;IAElF;;;OAGG;IACH,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAC9C;;;OAGG;IACH,CAAC,OAAO,EAAE,0BAA0B,EAAE,KAAK,EAAE,sBAAsB,GAAG,oBAAoB,CAAC;CAC5F;AAED,eAAO,MAAM,oBAAoB,EAkG3B,oBAAoB,CAAC;AA0E3B,eAAO,MAAM,eAAe,GAAI,KAAK,MAAM,GAAG,GAAG,0BAIhD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ternsecureClient.d.ts","sourceRoot":"","sources":["../../../src/server/ternsecureClient.ts"],"names":[],"mappings":"AAYA,QAAA,MAAM,uBAAuB,sHAE5B,CAAC;AASF,OAAO,EAAE,uBAAuB,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tern-secure/nextjs",
|
|
3
|
-
"version": "5.2.0-canary.
|
|
3
|
+
"version": "5.2.0-canary.v20251002175916",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public"
|
|
6
6
|
},
|
|
@@ -63,10 +63,10 @@
|
|
|
63
63
|
"jose": "^5.9.6",
|
|
64
64
|
"server-only": "^0.0.1",
|
|
65
65
|
"tslib": "2.4.1",
|
|
66
|
-
"@tern-secure/backend": "1.2.0-canary.
|
|
67
|
-
"@tern-secure/react": "1.2.0-canary.
|
|
68
|
-
"@tern-secure/shared": "1.3.0-canary.
|
|
69
|
-
"@tern-secure/types": "1.1.0-canary.
|
|
66
|
+
"@tern-secure/backend": "1.2.0-canary.v20251002175916",
|
|
67
|
+
"@tern-secure/react": "1.2.0-canary.v20251002175916",
|
|
68
|
+
"@tern-secure/shared": "1.3.0-canary.v20251002175916",
|
|
69
|
+
"@tern-secure/types": "1.1.0-canary.v20251002175916"
|
|
70
70
|
},
|
|
71
71
|
"peerDependencies": {
|
|
72
72
|
"next": "^13.0.0 || ^14.0.0 || ^15.0.0",
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/claude-authenticateRequestProcessor.ts"],"sourcesContent":["import type { TernSecureRequest } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\n\nimport type { TernSecureHandlerOptions} from './types';\n\n/**\n * Request context for better type safety and clarity\n */\ninterface RequestProcessorContext extends TernSecureHandlerOptions {\n // header-based values\n sessionTokenInHeader: string | undefined;\n origin: string | undefined;\n host: string | undefined;\n forwardedHost: string | undefined;\n forwardedProto: string | undefined;\n referrer: string | undefined;\n userAgent: string | undefined;\n secFetchDest: string | undefined;\n accept: string | undefined;\n\n // cookie-based values\n sessionTokenInCookie: string | undefined;\n refreshTokenInCookie: string | undefined;\n csrfTokenInCookie: string | undefined;\n\n ternUrl: URL;\n}\n\n/**\n * Request processor utility class for common operations\n */\nclass RequestProcessorContext implements RequestProcessorContext {\n public constructor(\n private ternSecureRequest: TernSecureRequest,\n private options: TernSecureHandlerOptions,\n ) {\n this.initHeaderValues();\n this.initCookieValues();\n this.ternUrl = this.ternSecureRequest.ternUrl;\n }\n\n private initHeaderValues() {\n this.sessionTokenInHeader = this.parseAuthorizationHeader(\n this.getHeader(constants.Headers.Authorization),\n );\n this.origin = this.getHeader(constants.Headers.Origin);\n this.host = this.getHeader(constants.Headers.Host);\n this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);\n this.forwardedProto =\n this.getHeader(constants.Headers.CloudFrontForwardedProto) ||\n this.getHeader(constants.Headers.ForwardedProto);\n this.referrer = this.getHeader(constants.Headers.Referrer);\n this.userAgent = this.getHeader(constants.Headers.UserAgent);\n this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);\n this.accept = this.getHeader(constants.Headers.Accept);\n }\n\n private initCookieValues() {\n //this.sessionTokenInCookie = this.getCookie(this.options.cookies.name);\n this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);\n }\n\n private getQueryParam(name: string) {\n return this.ternSecureRequest.ternUrl.searchParams.get(name);\n }\n\n private getHeader(name: string) {\n return this.ternSecureRequest.headers.get(name) || undefined;\n }\n\n private getCookie(name: string) {\n return this.ternSecureRequest.cookies.get(name) || undefined;\n }\n\n private parseAuthorizationHeader(\n authorizationHeader: string | undefined | null,\n ): string | undefined {\n if (!authorizationHeader) {\n return undefined;\n }\n\n const [scheme, token] = authorizationHeader.split(' ', 2);\n\n if (!token) {\n // No scheme specified, treat the entire value as the token\n return scheme;\n }\n\n if (scheme === 'Bearer') {\n return token;\n }\n\n // Skip all other schemes\n return undefined;\n }\n}\n\nexport type { RequestProcessorContext };\n\nexport const createRequestProcessor = async (\n ternSecureRequest: TernSecureRequest,\n options: TernSecureHandlerOptions,\n): Promise<RequestProcessorContext> => {\n return new RequestProcessorContext(ternSecureRequest, options);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAA0B;AA8B1B,MAAM,wBAA2D;AAAA,EACxD,YACG,mBACA,SACR;AAFQ;AACA;AAER,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,UAAU,KAAK,kBAAkB;AAAA,EACxC;AAAA,EAEQ,mBAAmB;AACzB,SAAK,uBAAuB,KAAK;AAAA,MAC/B,KAAK,UAAU,yBAAU,QAAQ,aAAa;AAAA,IAChD;AACA,SAAK,SAAS,KAAK,UAAU,yBAAU,QAAQ,MAAM;AACrD,SAAK,OAAO,KAAK,UAAU,yBAAU,QAAQ,IAAI;AACjD,SAAK,gBAAgB,KAAK,UAAU,yBAAU,QAAQ,aAAa;AACnE,SAAK,iBACH,KAAK,UAAU,yBAAU,QAAQ,wBAAwB,KACzD,KAAK,UAAU,yBAAU,QAAQ,cAAc;AACjD,SAAK,WAAW,KAAK,UAAU,yBAAU,QAAQ,QAAQ;AACzD,SAAK,YAAY,KAAK,UAAU,yBAAU,QAAQ,SAAS;AAC3D,SAAK,eAAe,KAAK,UAAU,yBAAU,QAAQ,YAAY;AACjE,SAAK,SAAS,KAAK,UAAU,yBAAU,QAAQ,MAAM;AAAA,EACvD;AAAA,EAEQ,mBAAmB;AAEzB,SAAK,oBAAoB,KAAK,UAAU,yBAAU,QAAQ,SAAS;AAAA,EACrE;AAAA,EAEQ,cAAc,MAAc;AAClC,WAAO,KAAK,kBAAkB,QAAQ,aAAa,IAAI,IAAI;AAAA,EAC7D;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,yBACN,qBACoB;AACpB,QAAI,CAAC,qBAAqB;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,QAAQ,KAAK,IAAI,oBAAoB,MAAM,KAAK,CAAC;AAExD,QAAI,CAAC,OAAO;AAEV,aAAO;AAAA,IACT;AAEA,QAAI,WAAW,UAAU;AACvB,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT;AACF;AAIO,MAAM,yBAAyB,OACpC,mBACA,YACqC;AACrC,SAAO,IAAI,wBAAwB,mBAAmB,OAAO;AAC/D;","names":[]}
|