@tern-secure/nextjs 5.2.0-canary.v20251003134325 → 5.2.0-canary.v20251003171521
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/admin/request.js +33 -39
- package/dist/cjs/app-router/admin/request.js.map +1 -1
- package/dist/cjs/app-router/admin/sessionHandlers.js +2 -6
- package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/esm/app-router/admin/request.js +33 -39
- package/dist/esm/app-router/admin/request.js.map +1 -1
- package/dist/esm/app-router/admin/sessionHandlers.js +2 -6
- package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/types/app-router/admin/request.d.ts +1 -1
- package/dist/types/app-router/admin/request.d.ts.map +1 -1
- package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
- package/package.json +5 -5
|
@@ -31,47 +31,41 @@ const COOKIE_OPTIONS = {
|
|
|
31
31
|
secure: process.env.NODE_ENV === "production",
|
|
32
32
|
sameSite: "strict"
|
|
33
33
|
};
|
|
34
|
-
async function refreshCookieWithIdToken(idToken, cookieStore, options) {
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
authDomain: import_constants.FIREBASE_AUTH_DOMAIN,
|
|
41
|
-
projectId: import_constants.FIREBASE_PROJECT_ID,
|
|
42
|
-
storageBucket: import_constants.FIREBASE_STORAGE_BUCKET,
|
|
43
|
-
messagingSenderId: import_constants.FIREBASE_MESSAGING_SENDER_ID,
|
|
44
|
-
appId: import_constants.FIREBASE_APP_ID,
|
|
45
|
-
tenantId: options?.tenantId || void 0
|
|
46
|
-
},
|
|
47
|
-
apiClient: backendClient
|
|
48
|
-
};
|
|
49
|
-
const { createCustomIdAndRefreshToken } = (0, import_auth.getAuth)(authOptions);
|
|
50
|
-
const customTokens = await createCustomIdAndRefreshToken(idToken);
|
|
51
|
-
const cookiePrefix = (0, import_cookie.getCookiePrefix)();
|
|
52
|
-
await Promise.all([
|
|
53
|
-
cookieStore.set(
|
|
54
|
-
(0, import_cookie.getCookieName)(import_backend.constants.Cookies.IdToken, cookiePrefix),
|
|
55
|
-
customTokens.idToken,
|
|
56
|
-
COOKIE_OPTIONS
|
|
57
|
-
),
|
|
58
|
-
cookieStore.set(
|
|
59
|
-
(0, import_cookie.getCookieName)(import_backend.constants.Cookies.Refresh, cookiePrefix),
|
|
60
|
-
customTokens.refreshToken,
|
|
61
|
-
COOKIE_OPTIONS
|
|
62
|
-
),
|
|
63
|
-
cookieStore.set(import_backend.constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS)
|
|
64
|
-
]);
|
|
65
|
-
} catch (error) {
|
|
66
|
-
console.error("[Auth] refreshCookieWithIdToken failed:", {
|
|
67
|
-
error: error instanceof Error ? error.message : error,
|
|
68
|
-
stack: error instanceof Error ? error.stack : void 0,
|
|
69
|
-
hasIdToken: !!idToken,
|
|
34
|
+
async function refreshCookieWithIdToken(idToken, cookieStore, options, referrer) {
|
|
35
|
+
const backendClient = await (0, import_ternsecureClient.ternSecureBackendClient)();
|
|
36
|
+
const authOptions = {
|
|
37
|
+
firebaseConfig: {
|
|
38
|
+
apiKey: import_constants.FIREBASE_API_KEY,
|
|
39
|
+
authDomain: import_constants.FIREBASE_AUTH_DOMAIN,
|
|
70
40
|
projectId: import_constants.FIREBASE_PROJECT_ID,
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
41
|
+
storageBucket: import_constants.FIREBASE_STORAGE_BUCKET,
|
|
42
|
+
messagingSenderId: import_constants.FIREBASE_MESSAGING_SENDER_ID,
|
|
43
|
+
appId: import_constants.FIREBASE_APP_ID,
|
|
44
|
+
tenantId: options?.tenantId || void 0
|
|
45
|
+
},
|
|
46
|
+
apiClient: backendClient
|
|
47
|
+
};
|
|
48
|
+
const { createCustomIdAndRefreshToken } = (0, import_auth.getAuth)(authOptions);
|
|
49
|
+
const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });
|
|
50
|
+
const cookiePrefix = (0, import_cookie.getCookiePrefix)();
|
|
51
|
+
const cookiePromises = [
|
|
52
|
+
cookieStore.set(
|
|
53
|
+
(0, import_cookie.getCookieName)(import_backend.constants.Cookies.IdToken, cookiePrefix),
|
|
54
|
+
customTokens.idToken,
|
|
55
|
+
COOKIE_OPTIONS
|
|
56
|
+
),
|
|
57
|
+
cookieStore.set(
|
|
58
|
+
(0, import_cookie.getCookieName)(import_backend.constants.Cookies.Refresh, cookiePrefix),
|
|
59
|
+
customTokens.refreshToken,
|
|
60
|
+
COOKIE_OPTIONS
|
|
61
|
+
)
|
|
62
|
+
];
|
|
63
|
+
if (options?.enableCustomToken) {
|
|
64
|
+
cookiePromises.push(
|
|
65
|
+
cookieStore.set(import_backend.constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS)
|
|
66
|
+
);
|
|
74
67
|
}
|
|
68
|
+
await Promise.all(cookiePromises);
|
|
75
69
|
}
|
|
76
70
|
// Annotate the CommonJS export names for ESM import in node:
|
|
77
71
|
0 && (module.exports = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport type { TernSecureHandlerOptions } from './types';\n\nconst COOKIE_OPTIONS = {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict' as const,\n};\n\nexport async function refreshCookieWithIdToken(\n idToken: string,\n cookieStore: NextCookieStore,\n options?: TernSecureHandlerOptions,\n): Promise<void> {\n
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport type { TernSecureHandlerOptions } from './types';\n\nconst COOKIE_OPTIONS = {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict' as const,\n};\n\nexport async function refreshCookieWithIdToken(\n idToken: string,\n cookieStore: NextCookieStore,\n options?: TernSecureHandlerOptions,\n referrer?: string,\n): Promise<void> {\n const backendClient = await ternSecureBackendClient();\n\n const authOptions: AuthenticateRequestOptions = {\n firebaseConfig: {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n tenantId: options?.tenantId || undefined,\n },\n apiClient: backendClient,\n };\n\n const { createCustomIdAndRefreshToken } = getAuth(authOptions);\n\n const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });\n\n const cookiePrefix = getCookiePrefix();\n\n const cookiePromises = [\n cookieStore.set(\n getCookieName(constants.Cookies.IdToken, cookiePrefix),\n customTokens.idToken,\n COOKIE_OPTIONS,\n ),\n cookieStore.set(\n getCookieName(constants.Cookies.Refresh, cookiePrefix),\n customTokens.refreshToken,\n COOKIE_OPTIONS,\n ),\n ];\n\n if (options?.enableCustomToken) {\n cookiePromises.push(\n cookieStore.set(constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS),\n );\n }\n\n await Promise.all(cookiePromises);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAA0B;AAC1B,kBAAwB;AACxB,oBAA+C;AAE/C,8BAAwC;AAExC,uBAOO;AAGP,MAAM,iBAAiB;AAAA,EACrB,UAAU;AAAA,EACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AACZ;AAEA,eAAsB,yBACpB,SACA,aACA,SACA,UACe;AACf,QAAM,gBAAgB,UAAM,iDAAwB;AAEpD,QAAM,cAA0C;AAAA,IAC9C,gBAAgB;AAAA,MACd,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,MACf,mBAAmB;AAAA,MACnB,OAAO;AAAA,MACP,UAAU,SAAS,YAAY;AAAA,IACjC;AAAA,IACA,WAAW;AAAA,EACb;AAEA,QAAM,EAAE,8BAA8B,QAAI,qBAAQ,WAAW;AAE7D,QAAM,eAAe,MAAM,8BAA8B,SAAS,EAAE,SAAS,SAAS,CAAC;AAEvF,QAAM,mBAAe,+BAAgB;AAErC,QAAM,iBAAiB;AAAA,IACrB,YAAY;AAAA,UACV,6BAAc,yBAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,IACA,YAAY;AAAA,UACV,6BAAc,yBAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAEA,MAAI,SAAS,mBAAmB;AAC9B,mBAAe;AAAA,MACb,YAAY,IAAI,yBAAU,QAAQ,QAAQ,aAAa,aAAa,cAAc;AAAA,IACpF;AAAA,EACF;AAEA,QAAM,QAAQ,IAAI,cAAc;AAClC;","names":[]}
|
|
@@ -29,7 +29,7 @@ var import_fnValidators = require("./fnValidators");
|
|
|
29
29
|
var import_request = require("./request");
|
|
30
30
|
var import_responses = require("./responses");
|
|
31
31
|
async function sessionEndpointHandler(context, options) {
|
|
32
|
-
const { subEndpoint, method } = context;
|
|
32
|
+
const { subEndpoint, method, referrer } = context;
|
|
33
33
|
const validators = (0, import_fnValidators.createValidators)(context);
|
|
34
34
|
const {
|
|
35
35
|
validateSubEndpoint,
|
|
@@ -79,16 +79,12 @@ async function sessionEndpointHandler(context, options) {
|
|
|
79
79
|
validateCsrfToken(csrfToken || "", csrfCookieValue.value);
|
|
80
80
|
const handleCreateSession = async (cookieStore2, idToken2) => {
|
|
81
81
|
try {
|
|
82
|
-
await (0, import_request.refreshCookieWithIdToken)(idToken2, cookieStore2, options);
|
|
82
|
+
await (0, import_request.refreshCookieWithIdToken)(idToken2, cookieStore2, options, referrer);
|
|
83
83
|
return import_responses.SessionResponseHelper.createSessionCreationResponse({
|
|
84
84
|
success: true,
|
|
85
85
|
message: "Session created successfully"
|
|
86
86
|
});
|
|
87
87
|
} catch (error2) {
|
|
88
|
-
console.error("[Auth] Session creation failed:", {
|
|
89
|
-
error: error2 instanceof Error ? error2.message : error2,
|
|
90
|
-
stack: error2 instanceof Error ? error2.stack : void 0
|
|
91
|
-
});
|
|
92
88
|
return (0, import_responses.createApiErrorResponse)("SESSION_CREATION_FAILED", "Session creation failed", 500);
|
|
93
89
|
}
|
|
94
90
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport { cookies } from 'next/headers';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nexport async function sessionEndpointHandler(\n context: RequestProcessorContext,\n options: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = options.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, options);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport { cookies } from 'next/headers';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nexport async function sessionEndpointHandler(\n context: RequestProcessorContext,\n options: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = options.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, options, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, options);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAmC;AACnC,iBAAuC;AACvC,qBAAwB;AAExB,+BAAgC;AAEhC,0BAAiC;AACjC,qBAAyC;AACzC,uBAAkF;AAGlF,eAAsB,uBACpB,SACA,SACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,QAAQ,WAAW;AAC1C,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,cAAc,UAAM,wBAAQ;AAClC,cAAM,gBAAgB,YAAY,IAAI,iBAAiB,GAAG;AAC1D,YAAI,CAAC,eAAe;AAClB,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,QAAI,mCAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,uCAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,iBAAiB;AAC/D,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,kBAAM,yCAAyBA,UAASD,cAAa,SAAS,QAAQ;AACtE,eAAO,uCAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,mBAAO,yCAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,qBAAiB,mCAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,qBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,UAAM,yCAAyBA,UAASD,cAAa,OAAO;AAC/E,eAAO,uCAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,mBAAO,yCAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,UAAM,iCAAmBA,YAAW;AAChD,aAAO,uCAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
|
|
@@ -15,47 +15,41 @@ const COOKIE_OPTIONS = {
|
|
|
15
15
|
secure: process.env.NODE_ENV === "production",
|
|
16
16
|
sameSite: "strict"
|
|
17
17
|
};
|
|
18
|
-
async function refreshCookieWithIdToken(idToken, cookieStore, options) {
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
authDomain: FIREBASE_AUTH_DOMAIN,
|
|
25
|
-
projectId: FIREBASE_PROJECT_ID,
|
|
26
|
-
storageBucket: FIREBASE_STORAGE_BUCKET,
|
|
27
|
-
messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,
|
|
28
|
-
appId: FIREBASE_APP_ID,
|
|
29
|
-
tenantId: options?.tenantId || void 0
|
|
30
|
-
},
|
|
31
|
-
apiClient: backendClient
|
|
32
|
-
};
|
|
33
|
-
const { createCustomIdAndRefreshToken } = getAuth(authOptions);
|
|
34
|
-
const customTokens = await createCustomIdAndRefreshToken(idToken);
|
|
35
|
-
const cookiePrefix = getCookiePrefix();
|
|
36
|
-
await Promise.all([
|
|
37
|
-
cookieStore.set(
|
|
38
|
-
getCookieName(constants.Cookies.IdToken, cookiePrefix),
|
|
39
|
-
customTokens.idToken,
|
|
40
|
-
COOKIE_OPTIONS
|
|
41
|
-
),
|
|
42
|
-
cookieStore.set(
|
|
43
|
-
getCookieName(constants.Cookies.Refresh, cookiePrefix),
|
|
44
|
-
customTokens.refreshToken,
|
|
45
|
-
COOKIE_OPTIONS
|
|
46
|
-
),
|
|
47
|
-
cookieStore.set(constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS)
|
|
48
|
-
]);
|
|
49
|
-
} catch (error) {
|
|
50
|
-
console.error("[Auth] refreshCookieWithIdToken failed:", {
|
|
51
|
-
error: error instanceof Error ? error.message : error,
|
|
52
|
-
stack: error instanceof Error ? error.stack : void 0,
|
|
53
|
-
hasIdToken: !!idToken,
|
|
18
|
+
async function refreshCookieWithIdToken(idToken, cookieStore, options, referrer) {
|
|
19
|
+
const backendClient = await ternSecureBackendClient();
|
|
20
|
+
const authOptions = {
|
|
21
|
+
firebaseConfig: {
|
|
22
|
+
apiKey: FIREBASE_API_KEY,
|
|
23
|
+
authDomain: FIREBASE_AUTH_DOMAIN,
|
|
54
24
|
projectId: FIREBASE_PROJECT_ID,
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
25
|
+
storageBucket: FIREBASE_STORAGE_BUCKET,
|
|
26
|
+
messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,
|
|
27
|
+
appId: FIREBASE_APP_ID,
|
|
28
|
+
tenantId: options?.tenantId || void 0
|
|
29
|
+
},
|
|
30
|
+
apiClient: backendClient
|
|
31
|
+
};
|
|
32
|
+
const { createCustomIdAndRefreshToken } = getAuth(authOptions);
|
|
33
|
+
const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });
|
|
34
|
+
const cookiePrefix = getCookiePrefix();
|
|
35
|
+
const cookiePromises = [
|
|
36
|
+
cookieStore.set(
|
|
37
|
+
getCookieName(constants.Cookies.IdToken, cookiePrefix),
|
|
38
|
+
customTokens.idToken,
|
|
39
|
+
COOKIE_OPTIONS
|
|
40
|
+
),
|
|
41
|
+
cookieStore.set(
|
|
42
|
+
getCookieName(constants.Cookies.Refresh, cookiePrefix),
|
|
43
|
+
customTokens.refreshToken,
|
|
44
|
+
COOKIE_OPTIONS
|
|
45
|
+
)
|
|
46
|
+
];
|
|
47
|
+
if (options?.enableCustomToken) {
|
|
48
|
+
cookiePromises.push(
|
|
49
|
+
cookieStore.set(constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS)
|
|
50
|
+
);
|
|
58
51
|
}
|
|
52
|
+
await Promise.all(cookiePromises);
|
|
59
53
|
}
|
|
60
54
|
export {
|
|
61
55
|
refreshCookieWithIdToken
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport type { TernSecureHandlerOptions } from './types';\n\nconst COOKIE_OPTIONS = {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict' as const,\n};\n\nexport async function refreshCookieWithIdToken(\n idToken: string,\n cookieStore: NextCookieStore,\n options?: TernSecureHandlerOptions,\n): Promise<void> {\n
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport type { TernSecureHandlerOptions } from './types';\n\nconst COOKIE_OPTIONS = {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict' as const,\n};\n\nexport async function refreshCookieWithIdToken(\n idToken: string,\n cookieStore: NextCookieStore,\n options?: TernSecureHandlerOptions,\n referrer?: string,\n): Promise<void> {\n const backendClient = await ternSecureBackendClient();\n\n const authOptions: AuthenticateRequestOptions = {\n firebaseConfig: {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n tenantId: options?.tenantId || undefined,\n },\n apiClient: backendClient,\n };\n\n const { createCustomIdAndRefreshToken } = getAuth(authOptions);\n\n const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });\n\n const cookiePrefix = getCookiePrefix();\n\n const cookiePromises = [\n cookieStore.set(\n getCookieName(constants.Cookies.IdToken, cookiePrefix),\n customTokens.idToken,\n COOKIE_OPTIONS,\n ),\n cookieStore.set(\n getCookieName(constants.Cookies.Refresh, cookiePrefix),\n customTokens.refreshToken,\n COOKIE_OPTIONS,\n ),\n ];\n\n if (options?.enableCustomToken) {\n cookiePromises.push(\n cookieStore.set(constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS),\n );\n }\n\n await Promise.all(cookiePromises);\n}\n"],"mappings":"AACA,SAAS,iBAAiB;AAC1B,SAAS,eAAe;AACxB,SAAS,eAAe,uBAAuB;AAE/C,SAAS,+BAA+B;AAExC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP,MAAM,iBAAiB;AAAA,EACrB,UAAU;AAAA,EACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AACZ;AAEA,eAAsB,yBACpB,SACA,aACA,SACA,UACe;AACf,QAAM,gBAAgB,MAAM,wBAAwB;AAEpD,QAAM,cAA0C;AAAA,IAC9C,gBAAgB;AAAA,MACd,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,MACf,mBAAmB;AAAA,MACnB,OAAO;AAAA,MACP,UAAU,SAAS,YAAY;AAAA,IACjC;AAAA,IACA,WAAW;AAAA,EACb;AAEA,QAAM,EAAE,8BAA8B,IAAI,QAAQ,WAAW;AAE7D,QAAM,eAAe,MAAM,8BAA8B,SAAS,EAAE,SAAS,SAAS,CAAC;AAEvF,QAAM,eAAe,gBAAgB;AAErC,QAAM,iBAAiB;AAAA,IACrB,YAAY;AAAA,MACV,cAAc,UAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,IACA,YAAY;AAAA,MACV,cAAc,UAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAEA,MAAI,SAAS,mBAAmB;AAC9B,mBAAe;AAAA,MACb,YAAY,IAAI,UAAU,QAAQ,QAAQ,aAAa,aAAa,cAAc;AAAA,IACpF;AAAA,EACF;AAEA,QAAM,QAAQ,IAAI,cAAc;AAClC;","names":[]}
|
|
@@ -6,7 +6,7 @@ import { createValidators } from "./fnValidators";
|
|
|
6
6
|
import { refreshCookieWithIdToken } from "./request";
|
|
7
7
|
import { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from "./responses";
|
|
8
8
|
async function sessionEndpointHandler(context, options) {
|
|
9
|
-
const { subEndpoint, method } = context;
|
|
9
|
+
const { subEndpoint, method, referrer } = context;
|
|
10
10
|
const validators = createValidators(context);
|
|
11
11
|
const {
|
|
12
12
|
validateSubEndpoint,
|
|
@@ -56,16 +56,12 @@ async function sessionEndpointHandler(context, options) {
|
|
|
56
56
|
validateCsrfToken(csrfToken || "", csrfCookieValue.value);
|
|
57
57
|
const handleCreateSession = async (cookieStore2, idToken2) => {
|
|
58
58
|
try {
|
|
59
|
-
await refreshCookieWithIdToken(idToken2, cookieStore2, options);
|
|
59
|
+
await refreshCookieWithIdToken(idToken2, cookieStore2, options, referrer);
|
|
60
60
|
return SessionResponseHelper.createSessionCreationResponse({
|
|
61
61
|
success: true,
|
|
62
62
|
message: "Session created successfully"
|
|
63
63
|
});
|
|
64
64
|
} catch (error2) {
|
|
65
|
-
console.error("[Auth] Session creation failed:", {
|
|
66
|
-
error: error2 instanceof Error ? error2.message : error2,
|
|
67
|
-
stack: error2 instanceof Error ? error2.stack : void 0
|
|
68
|
-
});
|
|
69
65
|
return createApiErrorResponse("SESSION_CREATION_FAILED", "Session creation failed", 500);
|
|
70
66
|
}
|
|
71
67
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport { cookies } from 'next/headers';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nexport async function sessionEndpointHandler(\n context: RequestProcessorContext,\n options: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = options.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, options);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport { cookies } from 'next/headers';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nexport async function sessionEndpointHandler(\n context: RequestProcessorContext,\n options: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = options.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, options, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, options);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n"],"mappings":"AAAA,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,eAAe;AAExB,SAAS,uBAAuB;AAEhC,SAAS,wBAAwB;AACjC,SAAS,gCAAgC;AACzC,SAAS,wBAAwB,oBAAoB,6BAA6B;AAGlF,eAAsB,uBACpB,SACA,SACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,aAAa,iBAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,WAAO,uBAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,QAAQ,WAAW;AAC1C,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,cAAc,MAAM,QAAQ;AAClC,cAAM,gBAAgB,YAAY,IAAI,iBAAiB,GAAG;AAC1D,YAAI,CAAC,eAAe;AAClB,iBAAO,sBAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,IAAI,uBAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,sBAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,sBAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,sBAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,mBAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,gBAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,iBAAiB;AAC/D,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,yBAAyBA,UAASD,cAAa,SAAS,QAAQ;AACtE,eAAO,sBAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,eAAO,uBAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,iBAAiB,uBAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,iBAAO,uBAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,MAAM,yBAAyBA,UAASD,cAAa,OAAO;AAC/E,eAAO,sBAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,eAAO,uBAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,MAAM,mBAAmBA,YAAW;AAChD,aAAO,sBAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,mBAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,mBAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import type { NextCookieStore } from '../../utils/NextCookieAdapter';
|
|
2
2
|
import type { TernSecureHandlerOptions } from './types';
|
|
3
|
-
export declare function refreshCookieWithIdToken(idToken: string, cookieStore: NextCookieStore, options?: TernSecureHandlerOptions): Promise<void>;
|
|
3
|
+
export declare function refreshCookieWithIdToken(idToken: string, cookieStore: NextCookieStore, options?: TernSecureHandlerOptions, referrer?: string): Promise<void>;
|
|
4
4
|
//# sourceMappingURL=request.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/request.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AASrE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAQxD,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,eAAe,EAC5B,OAAO,CAAC,EAAE,wBAAwB,
|
|
1
|
+
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/request.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AASrE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAQxD,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,eAAe,EAC5B,OAAO,CAAC,EAAE,wBAAwB,EAClC,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC,CA0Cf"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sessionHandlers.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,KAAK,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAIhF,OAAO,KAAK,EAAsB,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAE5E,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,uBAAuB,EAChC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"sessionHandlers.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,KAAK,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAIhF,OAAO,KAAK,EAAsB,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAE5E,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,uBAAuB,EAChC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,QAAQ,CAAC,CAiInB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tern-secure/nextjs",
|
|
3
|
-
"version": "5.2.0-canary.
|
|
3
|
+
"version": "5.2.0-canary.v20251003171521",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public"
|
|
6
6
|
},
|
|
@@ -63,10 +63,10 @@
|
|
|
63
63
|
"jose": "^5.9.6",
|
|
64
64
|
"server-only": "^0.0.1",
|
|
65
65
|
"tslib": "2.4.1",
|
|
66
|
-
"@tern-secure/backend": "1.2.0-canary.
|
|
67
|
-
"@tern-secure/react": "1.2.0-canary.
|
|
68
|
-
"@tern-secure/shared": "1.3.0-canary.
|
|
69
|
-
"@tern-secure/types": "1.1.0-canary.
|
|
66
|
+
"@tern-secure/backend": "1.2.0-canary.v20251003171521",
|
|
67
|
+
"@tern-secure/react": "1.2.0-canary.v20251003171521",
|
|
68
|
+
"@tern-secure/shared": "1.3.0-canary.v20251003171521",
|
|
69
|
+
"@tern-secure/types": "1.1.0-canary.v20251003171521"
|
|
70
70
|
},
|
|
71
71
|
"peerDependencies": {
|
|
72
72
|
"next": "^13.0.0 || ^14.0.0 || ^15.0.0",
|