@tern-secure/nextjs 5.2.0-canary.v20251008165428 → 5.2.0-canary.v20251019190011
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/admin/endpointRouter.js +13 -1
- package/dist/cjs/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/cjs/app-router/admin/sessionHandlers.js +71 -3
- package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/cjs/app-router/admin/types.js +17 -0
- package/dist/cjs/app-router/admin/types.js.map +1 -1
- package/dist/cjs/app-router/client/TernSecureProvider.js +17 -7
- package/dist/cjs/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/cjs/app-router/server/TernSecureProvider.js +92 -0
- package/dist/cjs/app-router/server/TernSecureProvider.js.map +1 -0
- package/dist/cjs/app-router/server/auth.js +2 -16
- package/dist/cjs/app-router/server/auth.js.map +1 -1
- package/dist/cjs/app-router/server/utils.js +2 -2
- package/dist/cjs/app-router/server/utils.js.map +1 -1
- package/dist/cjs/boundary/NextOptionsCtx.js +52 -0
- package/dist/cjs/boundary/NextOptionsCtx.js.map +1 -0
- package/dist/cjs/boundary/PromiseAuthProvider.js +68 -0
- package/dist/cjs/boundary/PromiseAuthProvider.js.map +1 -0
- package/dist/cjs/boundary/components.js +6 -3
- package/dist/cjs/boundary/components.js.map +1 -1
- package/dist/cjs/index.js +5 -3
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/server/data/getAuthDataFromRequest.js +57 -0
- package/dist/cjs/server/data/getAuthDataFromRequest.js.map +1 -0
- package/dist/cjs/server/index.js +3 -0
- package/dist/cjs/server/index.js.map +1 -1
- package/dist/cjs/types.js.map +1 -1
- package/dist/cjs/utils/allNextProviderProps.js +3 -3
- package/dist/cjs/utils/allNextProviderProps.js.map +1 -1
- package/dist/esm/app-router/admin/endpointRouter.js +14 -2
- package/dist/esm/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/esm/app-router/admin/sessionHandlers.js +71 -4
- package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/esm/app-router/admin/types.js +16 -0
- package/dist/esm/app-router/admin/types.js.map +1 -1
- package/dist/esm/app-router/client/TernSecureProvider.js +17 -9
- package/dist/esm/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/esm/app-router/server/TernSecureProvider.js +58 -0
- package/dist/esm/app-router/server/TernSecureProvider.js.map +1 -0
- package/dist/esm/app-router/server/auth.js +2 -21
- package/dist/esm/app-router/server/auth.js.map +1 -1
- package/dist/esm/app-router/server/utils.js +2 -2
- package/dist/esm/app-router/server/utils.js.map +1 -1
- package/dist/esm/boundary/NextOptionsCtx.js +17 -0
- package/dist/esm/boundary/NextOptionsCtx.js.map +1 -0
- package/dist/esm/boundary/PromiseAuthProvider.js +33 -0
- package/dist/esm/boundary/PromiseAuthProvider.js.map +1 -0
- package/dist/esm/boundary/components.js +5 -3
- package/dist/esm/boundary/components.js.map +1 -1
- package/dist/esm/index.js +4 -2
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/server/data/getAuthDataFromRequest.js +31 -0
- package/dist/esm/server/data/getAuthDataFromRequest.js.map +1 -0
- package/dist/esm/server/index.js +2 -0
- package/dist/esm/server/index.js.map +1 -1
- package/dist/esm/types.js.map +1 -1
- package/dist/esm/utils/allNextProviderProps.js +3 -3
- package/dist/esm/utils/allNextProviderProps.js.map +1 -1
- package/dist/types/app-router/admin/endpointRouter.d.ts.map +1 -1
- package/dist/types/app-router/admin/sessionHandlers.d.ts +3 -1
- package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
- package/dist/types/app-router/admin/types.d.ts +2 -1
- package/dist/types/app-router/admin/types.d.ts.map +1 -1
- package/dist/types/app-router/client/TernSecureProvider.d.ts +2 -24
- package/dist/types/app-router/client/TernSecureProvider.d.ts.map +1 -1
- package/dist/types/app-router/server/TernSecureProvider.d.ts +4 -0
- package/dist/types/app-router/server/TernSecureProvider.d.ts.map +1 -0
- package/dist/types/app-router/server/auth.d.ts.map +1 -1
- package/dist/types/boundary/NextOptionsCtx.d.ts +9 -0
- package/dist/types/boundary/NextOptionsCtx.d.ts.map +1 -0
- package/dist/types/boundary/PromiseAuthProvider.d.ts +8 -0
- package/dist/types/boundary/PromiseAuthProvider.d.ts.map +1 -0
- package/dist/types/boundary/components.d.ts +2 -1
- package/dist/types/boundary/components.d.ts.map +1 -1
- package/dist/types/index.d.ts +2 -2
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/server/data/getAuthDataFromRequest.d.ts +26 -0
- package/dist/types/server/data/getAuthDataFromRequest.d.ts.map +1 -0
- package/dist/types/server/index.d.ts +1 -0
- package/dist/types/server/index.d.ts.map +1 -1
- package/dist/types/types.d.ts +1 -0
- package/dist/types/types.d.ts.map +1 -1
- package/dist/types/utils/allNextProviderProps.d.ts +1 -4
- package/dist/types/utils/allNextProviderProps.d.ts.map +1 -1
- package/package.json +5 -5
- package/dist/cjs/server/edge-session.js +0 -173
- package/dist/cjs/server/edge-session.js.map +0 -1
- package/dist/cjs/server/jwt-edge.js +0 -138
- package/dist/cjs/server/jwt-edge.js.map +0 -1
- package/dist/cjs/server/jwt.js +0 -138
- package/dist/cjs/server/jwt.js.map +0 -1
- package/dist/cjs/server/session-store.js +0 -74
- package/dist/cjs/server/session-store.js.map +0 -1
- package/dist/esm/server/edge-session.js +0 -146
- package/dist/esm/server/edge-session.js.map +0 -1
- package/dist/esm/server/jwt-edge.js +0 -114
- package/dist/esm/server/jwt-edge.js.map +0 -1
- package/dist/esm/server/jwt.js +0 -114
- package/dist/esm/server/jwt.js.map +0 -1
- package/dist/esm/server/session-store.js +0 -49
- package/dist/esm/server/session-store.js.map +0 -1
- package/dist/types/server/edge-session.d.ts +0 -16
- package/dist/types/server/edge-session.d.ts.map +0 -1
- package/dist/types/server/jwt-edge.d.ts +0 -14
- package/dist/types/server/jwt-edge.d.ts.map +0 -1
- package/dist/types/server/jwt.d.ts +0 -14
- package/dist/types/server/jwt.d.ts.map +0 -1
- package/dist/types/server/session-store.d.ts +0 -30
- package/dist/types/server/session-store.d.ts.map +0 -1
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
"use client";
|
|
3
|
+
var __create = Object.create;
|
|
4
|
+
var __defProp = Object.defineProperty;
|
|
5
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
6
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
7
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
8
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
9
|
+
var __export = (target, all) => {
|
|
10
|
+
for (var name in all)
|
|
11
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
12
|
+
};
|
|
13
|
+
var __copyProps = (to, from, except, desc) => {
|
|
14
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
15
|
+
for (let key of __getOwnPropNames(from))
|
|
16
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
17
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
18
|
+
}
|
|
19
|
+
return to;
|
|
20
|
+
};
|
|
21
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
22
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
23
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
24
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
25
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
26
|
+
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
27
|
+
mod
|
|
28
|
+
));
|
|
29
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
30
|
+
var PromiseAuthProvider_exports = {};
|
|
31
|
+
__export(PromiseAuthProvider_exports, {
|
|
32
|
+
PromiseAuthProvider: () => PromiseAuthProvider,
|
|
33
|
+
usePromiseAuth: () => usePromiseAuth
|
|
34
|
+
});
|
|
35
|
+
module.exports = __toCommonJS(PromiseAuthProvider_exports);
|
|
36
|
+
var import_jsx_runtime = require("react/jsx-runtime");
|
|
37
|
+
var import_react = require("@tern-secure/react");
|
|
38
|
+
var import_router = require("next/compat/router");
|
|
39
|
+
var import_react2 = __toESM(require("react"));
|
|
40
|
+
const PromiseAuthContext = import_react2.default.createContext(null);
|
|
41
|
+
function PromiseAuthProvider({
|
|
42
|
+
authPromise,
|
|
43
|
+
children
|
|
44
|
+
}) {
|
|
45
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(PromiseAuthContext.Provider, { value: authPromise, children });
|
|
46
|
+
}
|
|
47
|
+
function usePromiseAuth() {
|
|
48
|
+
const isPagesRouter = (0, import_router.useRouter)();
|
|
49
|
+
const valueFromContext = import_react2.default.useContext(PromiseAuthContext);
|
|
50
|
+
let resolvedData = valueFromContext;
|
|
51
|
+
if (valueFromContext && "then" in valueFromContext) {
|
|
52
|
+
resolvedData = import_react2.default.use(valueFromContext);
|
|
53
|
+
}
|
|
54
|
+
if (typeof window === "undefined") {
|
|
55
|
+
if (isPagesRouter) {
|
|
56
|
+
return (0, import_react.useAuth)();
|
|
57
|
+
}
|
|
58
|
+
return (0, import_react.useDeriveAuth)({ ...resolvedData });
|
|
59
|
+
} else {
|
|
60
|
+
return (0, import_react.useAuth)();
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
64
|
+
0 && (module.exports = {
|
|
65
|
+
PromiseAuthProvider,
|
|
66
|
+
usePromiseAuth
|
|
67
|
+
});
|
|
68
|
+
//# sourceMappingURL=PromiseAuthProvider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/boundary/PromiseAuthProvider.tsx"],"sourcesContent":["'use client';\n\nimport { useAuth, useDeriveAuth } from '@tern-secure/react';\nimport type { TernSecureStateExtended } from '@tern-secure/types';\nimport { useRouter } from 'next/compat/router';\nimport React from 'react';\n\nconst PromiseAuthContext = React.createContext<\n Promise<TernSecureStateExtended> | TernSecureStateExtended | null\n>(null);\n\nexport function PromiseAuthProvider({\n authPromise,\n children,\n}: {\n authPromise: Promise<TernSecureStateExtended> | TernSecureStateExtended;\n children: React.ReactNode;\n}) {\n return <PromiseAuthContext.Provider value={authPromise}>{children}</PromiseAuthContext.Provider>;\n}\n\nexport function usePromiseAuth() {\n const isPagesRouter = useRouter();\n const valueFromContext = React.useContext(PromiseAuthContext);\n\n let resolvedData = valueFromContext;\n if (valueFromContext && 'then' in valueFromContext) {\n resolvedData = React.use(valueFromContext);\n }\n\n if (typeof window === 'undefined') {\n // Pages router should always use useAuth as it is able to grab initial auth state from context during SSR.\n if (isPagesRouter) {\n return useAuth();\n }\n\n return useDeriveAuth({ ...resolvedData });\n } else {\n return useAuth();\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAkBS;AAhBT,mBAAuC;AAEvC,oBAA0B;AAC1B,IAAAA,gBAAkB;AAElB,MAAM,qBAAqB,cAAAC,QAAM,cAE/B,IAAI;AAEC,SAAS,oBAAoB;AAAA,EAClC;AAAA,EACA;AACF,GAGG;AACD,SAAO,4CAAC,mBAAmB,UAAnB,EAA4B,OAAO,aAAc,UAAS;AACpE;AAEO,SAAS,iBAAiB;AAC/B,QAAM,oBAAgB,yBAAU;AAChC,QAAM,mBAAmB,cAAAA,QAAM,WAAW,kBAAkB;AAE5D,MAAI,eAAe;AACnB,MAAI,oBAAoB,UAAU,kBAAkB;AAClD,mBAAe,cAAAA,QAAM,IAAI,gBAAgB;AAAA,EAC3C;AAEA,MAAI,OAAO,WAAW,aAAa;AAEjC,QAAI,eAAe;AACjB,iBAAO,sBAAQ;AAAA,IACjB;AAEA,eAAO,4BAAc,EAAE,GAAG,aAAa,CAAC;AAAA,EAC1C,OAAO;AACL,eAAO,sBAAQ;AAAA,EACjB;AACF;","names":["import_react","React"]}
|
|
@@ -20,14 +20,16 @@ var components_exports = {};
|
|
|
20
20
|
__export(components_exports, {
|
|
21
21
|
SignInProvider: () => import_react.SignInProvider,
|
|
22
22
|
signIn: () => import_react.signIn,
|
|
23
|
-
useAuth: () =>
|
|
23
|
+
useAuth: () => import_PromiseAuthProvider.usePromiseAuth,
|
|
24
24
|
useIdToken: () => import_react.useIdToken,
|
|
25
25
|
useSession: () => import_react.useSession,
|
|
26
26
|
useSignIn: () => import_react.useSignIn,
|
|
27
|
-
useSignInContext: () => import_react.useSignInContext
|
|
27
|
+
useSignInContext: () => import_react.useSignInContext,
|
|
28
|
+
useTernSecure: () => import_react.useTernSecure
|
|
28
29
|
});
|
|
29
30
|
module.exports = __toCommonJS(components_exports);
|
|
30
31
|
var import_react = require("@tern-secure/react");
|
|
32
|
+
var import_PromiseAuthProvider = require("./PromiseAuthProvider");
|
|
31
33
|
// Annotate the CommonJS export names for ESM import in node:
|
|
32
34
|
0 && (module.exports = {
|
|
33
35
|
SignInProvider,
|
|
@@ -36,6 +38,7 @@ var import_react = require("@tern-secure/react");
|
|
|
36
38
|
useIdToken,
|
|
37
39
|
useSession,
|
|
38
40
|
useSignIn,
|
|
39
|
-
useSignInContext
|
|
41
|
+
useSignInContext,
|
|
42
|
+
useTernSecure
|
|
40
43
|
});
|
|
41
44
|
//# sourceMappingURL=components.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/boundary/components.ts"],"sourcesContent":["export { \n
|
|
1
|
+
{"version":3,"sources":["../../../src/boundary/components.ts"],"sourcesContent":["export { \n useIdToken,\n useSession,\n useSignIn,\n useSignInContext,\n useTernSecure,\n SignInProvider,\n signIn,\n} from '@tern-secure/react';\n\nexport { usePromiseAuth as useAuth } from './PromiseAuthProvider';"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAQO;AAEP,iCAA0C;","names":[]}
|
package/dist/cjs/index.js
CHANGED
|
@@ -25,10 +25,11 @@ __export(index_exports, {
|
|
|
25
25
|
useIdToken: () => import_components.useIdToken,
|
|
26
26
|
useSession: () => import_components.useSession,
|
|
27
27
|
useSignIn: () => import_components.useSignIn,
|
|
28
|
-
useSignInContext: () => import_components.useSignInContext
|
|
28
|
+
useSignInContext: () => import_components.useSignInContext,
|
|
29
|
+
useTernSecure: () => import_components.useTernSecure
|
|
29
30
|
});
|
|
30
31
|
module.exports = __toCommonJS(index_exports);
|
|
31
|
-
var import_TernSecureProvider = require("./app-router/
|
|
32
|
+
var import_TernSecureProvider = require("./app-router/server/TernSecureProvider");
|
|
32
33
|
var import_components = require("./boundary/components");
|
|
33
34
|
// Annotate the CommonJS export names for ESM import in node:
|
|
34
35
|
0 && (module.exports = {
|
|
@@ -39,6 +40,7 @@ var import_components = require("./boundary/components");
|
|
|
39
40
|
useIdToken,
|
|
40
41
|
useSession,
|
|
41
42
|
useSignIn,
|
|
42
|
-
useSignInContext
|
|
43
|
+
useSignInContext,
|
|
44
|
+
useTernSecure
|
|
43
45
|
});
|
|
44
46
|
//# sourceMappingURL=index.js.map
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureProvider } from './app-router/
|
|
1
|
+
{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureProvider } from './app-router/server/TernSecureProvider'\r\nexport {\r\n useAuth,\r\n useIdToken,\r\n useSession,\r\n useSignIn,\r\n signIn,\r\n useSignInContext,\r\n useTernSecure,\r\n SignInProvider\r\n //SignIn,\r\n //SignOut,\r\n //SignOutButton,\r\n //SignUp,\r\n} from './boundary/components'\r\n\r\nexport type { TernSecureUser, TernSecureUserData, SignInResponse } from '@tern-secure/types'\r\n\r\nexport type {\r\n UserInfo,\r\n SessionResult\r\n} from './types'"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gCAAmC;AACnC,wBAaO;","names":[]}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
var getAuthDataFromRequest_exports = {};
|
|
20
|
+
__export(getAuthDataFromRequest_exports, {
|
|
21
|
+
authObjectToSerializable: () => authObjectToSerializable,
|
|
22
|
+
getAuthDataFromRequest: () => getAuthDataFromRequest,
|
|
23
|
+
getTernSecureAuthData: () => getTernSecureAuthData
|
|
24
|
+
});
|
|
25
|
+
module.exports = __toCommonJS(getAuthDataFromRequest_exports);
|
|
26
|
+
var import_backend = require("@tern-secure/backend");
|
|
27
|
+
var import_jwt = require("@tern-secure/backend/jwt");
|
|
28
|
+
var import_headers_utils = require("../../server/headers-utils");
|
|
29
|
+
const authObjectToSerializable = (obj) => {
|
|
30
|
+
const { require: require2, ...rest } = obj;
|
|
31
|
+
return rest;
|
|
32
|
+
};
|
|
33
|
+
function getTernSecureAuthData(req, initialState = {}) {
|
|
34
|
+
const authObject = getAuthDataFromRequest(req);
|
|
35
|
+
return authObjectToSerializable({ ...initialState, ...authObject });
|
|
36
|
+
}
|
|
37
|
+
function getAuthDataFromRequest(req) {
|
|
38
|
+
const authStatus = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthStatus");
|
|
39
|
+
const authToken = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthToken");
|
|
40
|
+
const authSignature = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthSignature");
|
|
41
|
+
const authReason = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthReason");
|
|
42
|
+
let authObject;
|
|
43
|
+
if (!authStatus || authStatus !== import_backend.AuthStatus.SignedIn) {
|
|
44
|
+
authObject = (0, import_backend.signedOutAuthObject)();
|
|
45
|
+
} else {
|
|
46
|
+
const jwt = (0, import_jwt.ternDecodeJwt)(authToken);
|
|
47
|
+
authObject = (0, import_backend.signedInAuthObject)(jwt.raw.text, jwt.payload);
|
|
48
|
+
}
|
|
49
|
+
return authObject;
|
|
50
|
+
}
|
|
51
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
52
|
+
0 && (module.exports = {
|
|
53
|
+
authObjectToSerializable,
|
|
54
|
+
getAuthDataFromRequest,
|
|
55
|
+
getTernSecureAuthData
|
|
56
|
+
});
|
|
57
|
+
//# sourceMappingURL=getAuthDataFromRequest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject } from '@tern-secure/backend';\nimport { AuthStatus, signedInAuthObject, signedOutAuthObject } from '@tern-secure/backend';\nimport { ternDecodeJwt } from '@tern-secure/backend/jwt';\n\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\nimport type { RequestLike } from '../../server/types';\n\n\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const authObjectToSerializable = <T extends Record<string, unknown>>(obj: T): T => {\n // remove any non-serializable props from the returned object\n\n const { require, ...rest } = obj as unknown as AuthObject;\n return rest as unknown as T;\n};\n\nexport function getTernSecureAuthData(req: RequestLike, initialState = {}) {\n const authObject = getAuthDataFromRequest(req);\n return authObjectToSerializable({ ...initialState, ...authObject });\n}\n\nexport function getAuthDataFromRequest(req: RequestLike): AuthObject {\n const authStatus = getAuthKeyFromRequest(req, 'AuthStatus');\n const authToken = getAuthKeyFromRequest(req, 'AuthToken');\n const authSignature = getAuthKeyFromRequest(req, 'AuthSignature');\n const authReason = getAuthKeyFromRequest(req, 'AuthReason');\n\n let authObject;\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n authObject = signedOutAuthObject();\n } else {\n const jwt = ternDecodeJwt(authToken as string);\n\n authObject = signedInAuthObject(jwt.raw.text, jwt.payload);\n }\n return authObject;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAAoE;AACpE,iBAA8B;AAE9B,2BAAsC;AAY/B,MAAM,2BAA2B,CAAoC,QAAc;AAGxF,QAAM,EAAE,SAAAA,UAAS,GAAG,KAAK,IAAI;AAC7B,SAAO;AACT;AAEO,SAAS,sBAAsB,KAAkB,eAAe,CAAC,GAAG;AACzE,QAAM,aAAa,uBAAuB,GAAG;AAC7C,SAAO,yBAAyB,EAAE,GAAG,cAAc,GAAG,WAAW,CAAC;AACpE;AAEO,SAAS,uBAAuB,KAA8B;AACnE,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAC1D,QAAM,gBAAY,4CAAsB,KAAK,WAAW;AACxD,QAAM,oBAAgB,4CAAsB,KAAK,eAAe;AAChE,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAE1D,MAAI;AACJ,MAAI,CAAC,cAAc,eAAe,0BAAW,UAAU;AACrD,qBAAa,oCAAoB;AAAA,EACnC,OAAO;AACL,UAAM,UAAM,0BAAc,SAAmB;AAE7C,qBAAa,mCAAmB,IAAI,IAAI,MAAM,IAAI,OAAO;AAAA,EAC3D;AACA,SAAO;AACT;","names":["require"]}
|
package/dist/cjs/server/index.js
CHANGED
|
@@ -21,11 +21,13 @@ __export(server_exports, {
|
|
|
21
21
|
NextCookieStore: () => import_NextCookieAdapter.NextCookieStore,
|
|
22
22
|
auth: () => import_auth.auth,
|
|
23
23
|
createRouteMatcher: () => import_routeMatcher.createRouteMatcher,
|
|
24
|
+
ternSecureBackendClient: () => import_ternsecureClient.ternSecureBackendClient,
|
|
24
25
|
ternSecureMiddleware: () => import_ternSecureEdgeMiddleware.ternSecureMiddleware
|
|
25
26
|
});
|
|
26
27
|
module.exports = __toCommonJS(server_exports);
|
|
27
28
|
var import_ternSecureEdgeMiddleware = require("./ternSecureEdgeMiddleware");
|
|
28
29
|
var import_routeMatcher = require("./routeMatcher");
|
|
30
|
+
var import_ternsecureClient = require("./ternsecureClient");
|
|
29
31
|
var import_auth = require("../app-router/server/auth");
|
|
30
32
|
var import_NextCookieAdapter = require("../utils/NextCookieAdapter");
|
|
31
33
|
// Annotate the CommonJS export names for ESM import in node:
|
|
@@ -33,6 +35,7 @@ var import_NextCookieAdapter = require("../utils/NextCookieAdapter");
|
|
|
33
35
|
NextCookieStore,
|
|
34
36
|
auth,
|
|
35
37
|
createRouteMatcher,
|
|
38
|
+
ternSecureBackendClient,
|
|
36
39
|
ternSecureMiddleware
|
|
37
40
|
});
|
|
38
41
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export {\r\n ternSecureMiddleware,\r\n} from \"./ternSecureEdgeMiddleware\";\r\nexport { createRouteMatcher } from \"./routeMatcher\";\r\nexport {\r\n auth\r\n} from \"../app-router/server/auth\";\r\nexport type { AuthResult } from \"../app-router/server/auth\";\r\nexport type { BaseUser, SessionResult } from \"./types\";\r\nexport { NextCookieStore } from \"../utils/NextCookieAdapter\";\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sCAEO;AACP,0BAAmC;AACnC,kBAEO;AAGP,+BAAgC;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export {\r\n ternSecureMiddleware,\r\n} from \"./ternSecureEdgeMiddleware\";\r\nexport { createRouteMatcher } from \"./routeMatcher\";\r\nexport { ternSecureBackendClient } from \"./ternsecureClient\";\r\nexport {\r\n auth\r\n} from \"../app-router/server/auth\";\r\nexport type { AuthResult } from \"../app-router/server/auth\";\r\nexport type { BaseUser, SessionResult } from \"./types\";\r\nexport { NextCookieStore } from \"../utils/NextCookieAdapter\";\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sCAEO;AACP,0BAAmC;AACnC,8BAAwC;AACxC,kBAEO;AAGP,+BAAgC;","names":[]}
|
package/dist/cjs/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/types.ts"],"sourcesContent":["import type { TernSecureProviderProps } from '@tern-secure/react'\r\n\r\nimport type { ERRORS } from './errors'\r\n\r\n\r\n/**\r\n * TernSecure User\r\n */\r\n//export type TernSecureUser = FirebaseUser\r\n\r\nexport type TernSecureUserData = {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n displayName?: string | null\r\n}\r\n\r\n\r\n/**\r\n * TernSecure Firebase configuration interface\r\n * Extends Firebase's base configuration options\r\n */\r\n//export interface TernSecureConfig extends FirebaseOptions {\r\n// apiKey: string\r\n// authDomain: string\r\n// projectId: string\r\n// storageBucket: string\r\n// messagingSenderId: string\r\n// appId: string\r\n// measurementId?: string // Optional for analytics\r\n//}\r\n\r\n/**\r\n * TernSecure initialization options\r\n */\r\nexport interface TernSecureOptions {\r\n /** Environment setting for different configurations */\r\n environment?: 'development' | 'production'\r\n /** Geographic region for data storage */\r\n region?: string\r\n /** Custom error handler */\r\n onError?: (error: Error) => void\r\n /** Debug mode flag */\r\n debug?: boolean\r\n}\r\n\r\n/**\r\n * Firebase initialization state\r\n */\r\nexport interface FirebaseState {\r\n /** Whether Firebase has been initialized */\r\n initialized: boolean\r\n /** Any initialization errors */\r\n error: Error | null\r\n /** Timestamp of last initialization attempt */\r\n lastInitAttempt?: number\r\n}\r\n\r\n/**\r\n * Configuration validation result\r\n */\r\nexport interface ConfigValidationResult {\r\n isValid: boolean\r\n errors: string[]\r\n //config: TernSecureConfig\r\n}\r\n\r\n/**\r\n * Firebase Admin configuration interface\r\n */\r\nexport interface TernSecureAdminConfig {\r\n projectId: string\r\n clientEmail: string\r\n privateKey: string\r\n}\r\n\r\n/**\r\n * Firebase Admin configuration validation result\r\n */\r\nexport interface AdminConfigValidationResult {\r\n isValid: boolean\r\n errors: string[]\r\n config: TernSecureAdminConfig\r\n}\r\n\r\n\r\nexport interface SignInResponse {\r\n success: boolean;\r\n message?: string;\r\n error?: keyof typeof ERRORS | undefined; \r\n user?: any;\r\n}\r\n\r\nexport interface AuthError extends Error {\r\n code?: string\r\n message: string\r\n response?: SignInResponse\r\n}\r\n\r\nexport function isSignInResponse(value: any): value is SignInResponse {\r\n return typeof value === \"object\" && \"success\" in value && typeof value.success === \"boolean\"\r\n}\r\n\r\n\r\nexport interface TernSecureState {\r\n userId: string | null\r\n isLoaded: boolean\r\n error: Error | null\r\n isValid: boolean\r\n isVerified: boolean\r\n isAuthenticated: boolean\r\n token: any | null\r\n email: string | null\r\n status: \"loading\" | \"authenticated\" | \"unauthenticated\" | \"unverified\"\r\n requiresVerification: boolean\r\n}\r\n\r\nexport interface RedirectConfig {\r\n // URL to redirect to after successful authentication\r\n redirectUrl?: string\r\n // Whether this is a return visit (e.g. after sign out)\r\n isReturn?: boolean\r\n // Priority of the redirect (higher number = higher priority)\r\n priority?: number\r\n}\r\n\r\n\r\nexport interface SignInProps extends RedirectConfig {\r\n onError?: (error: Error) => void\r\n onSuccess?: () => void\r\n className?: string\r\n customStyles?: {\r\n card?: string\r\n input?: string\r\n button?: string\r\n label?: string\r\n separator?: string\r\n title?: string\r\n description?: string\r\n socialButton?: string\r\n }\r\n}\r\n\r\n\r\nexport type TernSecureNextProps = TernSecureProviderProps & {\r\n apiKey?: string\r\n requiresVerification?: boolean\r\n loadingComponent?: React.ReactNode\r\n}\r\n\r\nexport interface User {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n authTime?: number\r\n disabled?: boolean\r\n}\r\n\r\nexport interface BaseUser {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n tenantId: string | null\r\n authTime?: number\r\n}\r\n \r\n\r\n\r\n export interface UserInfo {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n authTime?: number\r\n disabled?: boolean\r\n }\r\n \r\n export interface SessionUser {\r\n uid: string\r\n email: string | null\r\n emailVerified: boolean\r\n disabled?: boolean\r\n }\r\n \r\n export interface SessionResult {\r\n isAuthenticated: boolean\r\n user: UserInfo | null\r\n error?: string\r\n }\r\n\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAmGO,SAAS,iBAAiB,OAAqC;AACpE,SAAO,OAAO,UAAU,YAAY,aAAa,SAAS,OAAO,MAAM,YAAY;AACrF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../src/types.ts"],"sourcesContent":["import type { TernSecureProviderProps } from '@tern-secure/react'\r\n\r\nimport type { ERRORS } from './errors'\r\n\r\n\r\n/**\r\n * TernSecure User\r\n */\r\n//export type TernSecureUser = FirebaseUser\r\n\r\nexport type TernSecureUserData = {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n displayName?: string | null\r\n}\r\n\r\n\r\n/**\r\n * TernSecure Firebase configuration interface\r\n * Extends Firebase's base configuration options\r\n */\r\n//export interface TernSecureConfig extends FirebaseOptions {\r\n// apiKey: string\r\n// authDomain: string\r\n// projectId: string\r\n// storageBucket: string\r\n// messagingSenderId: string\r\n// appId: string\r\n// measurementId?: string // Optional for analytics\r\n//}\r\n\r\n/**\r\n * TernSecure initialization options\r\n */\r\nexport interface TernSecureOptions {\r\n /** Environment setting for different configurations */\r\n environment?: 'development' | 'production'\r\n /** Geographic region for data storage */\r\n region?: string\r\n /** Custom error handler */\r\n onError?: (error: Error) => void\r\n /** Debug mode flag */\r\n debug?: boolean\r\n}\r\n\r\n/**\r\n * Firebase initialization state\r\n */\r\nexport interface FirebaseState {\r\n /** Whether Firebase has been initialized */\r\n initialized: boolean\r\n /** Any initialization errors */\r\n error: Error | null\r\n /** Timestamp of last initialization attempt */\r\n lastInitAttempt?: number\r\n}\r\n\r\n/**\r\n * Configuration validation result\r\n */\r\nexport interface ConfigValidationResult {\r\n isValid: boolean\r\n errors: string[]\r\n //config: TernSecureConfig\r\n}\r\n\r\n/**\r\n * Firebase Admin configuration interface\r\n */\r\nexport interface TernSecureAdminConfig {\r\n projectId: string\r\n clientEmail: string\r\n privateKey: string\r\n}\r\n\r\n/**\r\n * Firebase Admin configuration validation result\r\n */\r\nexport interface AdminConfigValidationResult {\r\n isValid: boolean\r\n errors: string[]\r\n config: TernSecureAdminConfig\r\n}\r\n\r\n\r\nexport interface SignInResponse {\r\n success: boolean;\r\n message?: string;\r\n error?: keyof typeof ERRORS | undefined; \r\n user?: any;\r\n}\r\n\r\nexport interface AuthError extends Error {\r\n code?: string\r\n message: string\r\n response?: SignInResponse\r\n}\r\n\r\nexport function isSignInResponse(value: any): value is SignInResponse {\r\n return typeof value === \"object\" && \"success\" in value && typeof value.success === \"boolean\"\r\n}\r\n\r\n\r\nexport interface TernSecureState {\r\n userId: string | null\r\n isLoaded: boolean\r\n error: Error | null\r\n isValid: boolean\r\n isVerified: boolean\r\n isAuthenticated: boolean\r\n token: any | null\r\n email: string | null\r\n status: \"loading\" | \"authenticated\" | \"unauthenticated\" | \"unverified\"\r\n requiresVerification: boolean\r\n}\r\n\r\nexport interface RedirectConfig {\r\n // URL to redirect to after successful authentication\r\n redirectUrl?: string\r\n // Whether this is a return visit (e.g. after sign out)\r\n isReturn?: boolean\r\n // Priority of the redirect (higher number = higher priority)\r\n priority?: number\r\n}\r\n\r\n\r\nexport interface SignInProps extends RedirectConfig {\r\n onError?: (error: Error) => void\r\n onSuccess?: () => void\r\n className?: string\r\n customStyles?: {\r\n card?: string\r\n input?: string\r\n button?: string\r\n label?: string\r\n separator?: string\r\n title?: string\r\n description?: string\r\n socialButton?: string\r\n }\r\n}\r\n\r\n\r\nexport type TernSecureNextProps = TernSecureProviderProps & {\r\n apiKey?: string\r\n requiresVerification?: boolean\r\n loadingComponent?: React.ReactNode\r\n}\r\n\r\nexport interface User {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n authTime?: number\r\n disabled?: boolean\r\n}\r\n\r\nexport interface BaseUser {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n tenantId: string | null\r\n authTime?: number\r\n}\r\n \r\n\r\n\r\n export interface UserInfo {\r\n uid: string\r\n email: string | null\r\n emailVerified?: boolean\r\n authTime?: number\r\n disabled?: boolean\r\n }\r\n \r\n export interface SessionUser {\r\n uid: string\r\n email: string | null\r\n emailVerified: boolean\r\n disabled?: boolean\r\n }\r\n \r\n export interface SessionResult {\r\n isAuthenticated: boolean\r\n user: UserInfo | null\r\n error?: string\r\n }\r\n\r\n export type NextProviderProcessedProps = Omit<TernSecureProviderProps, 'children'>;\r\n\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAmGO,SAAS,iBAAiB,OAAqC;AACpE,SAAO,OAAO,UAAU,YAAY,aAAa,SAAS,OAAO,MAAM,YAAY;AACrF;","names":[]}
|
|
@@ -25,12 +25,13 @@ const allNextProviderPropsWithEnv = (nextProps) => {
|
|
|
25
25
|
const {
|
|
26
26
|
signInUrl,
|
|
27
27
|
signUpUrl,
|
|
28
|
-
apiKey: propsApiKey,
|
|
28
|
+
//apiKey: propsApiKey,
|
|
29
29
|
apiUrl: propsApiUrl,
|
|
30
30
|
requiresVerification: propsRequiresVerification,
|
|
31
31
|
isTernSecureDev: propsIsTernSecureDev,
|
|
32
32
|
enableServiceWorker: propsEnableServiceWorker,
|
|
33
33
|
loadingComponent: propsLoadingComponent,
|
|
34
|
+
persistence: propsPersistence,
|
|
34
35
|
...baseProps
|
|
35
36
|
} = nextProps;
|
|
36
37
|
const envConfig = {
|
|
@@ -59,11 +60,10 @@ const allNextProviderPropsWithEnv = (nextProps) => {
|
|
|
59
60
|
measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENTID,
|
|
60
61
|
tenantId: process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || ""
|
|
61
62
|
};
|
|
62
|
-
const finalApiKey = propsApiKey ?? envConfig.apiKey;
|
|
63
63
|
const finalApiUrl = propsApiUrl ?? envConfig.apiUrl;
|
|
64
64
|
const finalSignInUrl = signInUrl ?? envConfig.signInUrl;
|
|
65
65
|
const finalSignUpUrl = signUpUrl ?? envConfig.signUpUrl;
|
|
66
|
-
const finalPersistence =
|
|
66
|
+
const finalPersistence = propsPersistence ?? envConfig.persistence;
|
|
67
67
|
const result = {
|
|
68
68
|
...baseProps,
|
|
69
69
|
// Set the Firebase configuration properties
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/utils/allNextProviderProps.ts"],"sourcesContent":["import type { \n IsoTernSecureAuthOptions,\n TernSecureProviderProps} from \"@tern-secure/react\";\n\nimport type { TernSecureNextProps } from \"../types\";\n\n// Helper type for the return value, as children are handled by the consuming component\
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/allNextProviderProps.ts"],"sourcesContent":["import type { \n IsoTernSecureAuthOptions,\n TernSecureProviderProps} from \"@tern-secure/react\";\n\nimport type { NextProviderProcessedProps, TernSecureNextProps } from \"../types\";\n\n// Helper type for the return value, as children are handled by the consuming component\n\n\nexport const allNextProviderPropsWithEnv = (\n nextProps: Omit<TernSecureNextProps, 'children'>\n): NextProviderProcessedProps => {\n const {\n signInUrl,\n signUpUrl,\n //apiKey: propsApiKey,\n apiUrl: propsApiUrl,\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n persistence: propsPersistence,\n ...baseProps \n } = nextProps;\n\n const envConfig = {\n apiKey: process.env.NEXT_PUBLIC_TERN_API_KEY,\n apiUrl: process.env.TERNSECURE_API_URL || '',\n projectId: process.env.NEXT_PUBLIC_TERN_PROJECT_ID,\n customDomain: process.env.NEXT_PUBLIC_TERN_CUSTOM_DOMAIN,\n proxyUrl: process.env.NEXT_PUBLIC_TERN_PROXY_URL,\n environment: process.env.NEXT_PUBLIC_TERN_ENVIRONMENT,\n signInUrl: process.env.NEXT_PUBLIC_SIGN_IN_URL,\n signUpUrl: process.env.NEXT_PUBLIC_SIGN_UP_URL,\n persistence: process.env.NEXT_PUBLIC_TERN_PERSISTENCE as 'local' | 'session' | 'browserCookie' | 'none',\n useEmulator: process.env.NEXT_PUBLIC_USE_FIREBASE_EMULATOR,\n projectIdAdmin: process.env.FIREBASE_PROJECT_ID,\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL,\n privateKey: process.env.FIREBASE_PRIVATE_KEY,\n };\n\n const ternSecureConfig = {\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\n appName: process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || '',\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENTID,\n tenantId: process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || '',\n };\n\n // Merge config values: props take precedence over environment variables\n //const finalApiKey = propsApiKey ?? envConfig.apiKey;\n const finalApiUrl = propsApiUrl ?? envConfig.apiUrl;\n const finalSignInUrl = signInUrl ?? envConfig.signInUrl;\n const finalSignUpUrl = signUpUrl ?? envConfig.signUpUrl;\n const finalPersistence = propsPersistence ?? envConfig.persistence;\n\n // Construct the result, ensuring it conforms to NextProviderProcessedProps\n // (Omit<TernSecureProviderProps, 'children'>)\n const result: NextProviderProcessedProps = {\n ...(baseProps as Omit<TernSecureProviderProps, 'children' | keyof IsoTernSecureAuthOptions | 'requiresVerification' | 'loadingComponent'>),\n\n // Set the Firebase configuration properties\n ternSecureConfig,\n \n // Set properties explicitly taken from TernSecureNextProps (props version)\n // These are part of the TernSecureProviderProps interface.\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n\n //TernSecure: baseProps.Instance,\n initialState: baseProps.initialState,\n bypassApiKey: baseProps.bypassApiKey,\n signInUrl: finalSignInUrl,\n signUpUrl: finalSignUpUrl,\n mode: baseProps.mode,\n apiUrl: finalApiUrl,\n persistence: finalPersistence\n };\n\n // Clean up undefined keys that might have resulted from spreading if not present in baseProps\n // and also not set by merged values (e.g. if env var is also undefined)\n Object.keys(result).forEach(key => {\n if (result[key as keyof NextProviderProcessedProps] === undefined) {\n delete result[key as keyof NextProviderProcessedProps];\n }\n });\n\n return result;\n};"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AASO,MAAM,8BAA8B,CACzC,cAC+B;AAC/B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA;AAAA,IAEA,QAAQ;AAAA,IACR,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,IAClB,aAAa;AAAA,IACb,GAAG;AAAA,EACL,IAAI;AAEJ,QAAM,YAAY;AAAA,IAChB,QAAQ,QAAQ,IAAI;AAAA,IACpB,QAAQ,QAAQ,IAAI,sBAAsB;AAAA,IAC1C,WAAW,QAAQ,IAAI;AAAA,IACvB,cAAc,QAAQ,IAAI;AAAA,IAC1B,UAAU,QAAQ,IAAI;AAAA,IACtB,aAAa,QAAQ,IAAI;AAAA,IACzB,WAAW,QAAQ,IAAI;AAAA,IACvB,WAAW,QAAQ,IAAI;AAAA,IACvB,aAAa,QAAQ,IAAI;AAAA,IACzB,aAAa,QAAQ,IAAI;AAAA,IACzB,gBAAgB,QAAQ,IAAI;AAAA,IAC5B,aAAa,QAAQ,IAAI;AAAA,IACzB,YAAY,QAAQ,IAAI;AAAA,EAC1B;AAEA,QAAM,mBAAmB;AAAA,IACvB,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,IACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,IAC5D,SAAS,QAAQ,IAAI,iCAAiC;AAAA,IACtD,WAAW,QAAQ,IAAI,mCAAmC;AAAA,IAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,IAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,IAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,IAClD,eAAe,QAAQ,IAAI;AAAA,IAC3B,UAAU,QAAQ,IAAI,kCAAkC;AAAA,EAC1D;AAIA,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,mBAAmB,oBAAoB,UAAU;AAIvD,QAAM,SAAqC;AAAA,IACzC,GAAI;AAAA;AAAA,IAGJ;AAAA;AAAA;AAAA,IAIA,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA;AAAA,IAGlB,cAAc,UAAU;AAAA,IACxB,cAAc,UAAU;AAAA,IACxB,WAAW;AAAA,IACX,WAAW;AAAA,IACX,MAAM,UAAU;AAAA,IAChB,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAIA,SAAO,KAAK,MAAM,EAAE,QAAQ,SAAO;AACjC,QAAI,OAAO,GAAuC,MAAM,QAAW;AACjE,aAAO,OAAO,GAAuC;AAAA,IACvD;AAAA,EACF,CAAC;AAED,SAAO;AACT;","names":[]}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { createApiErrorResponse } from "./responses";
|
|
2
|
-
import { sessionEndpointHandler } from "./sessionHandlers";
|
|
2
|
+
import { cookieEndpointHandler, sessionEndpointHandler } from "./sessionHandlers";
|
|
3
3
|
class SessionsHandler {
|
|
4
4
|
canHandle(endpoint) {
|
|
5
5
|
return endpoint === "sessions";
|
|
@@ -18,8 +18,20 @@ class UsersHandler {
|
|
|
18
18
|
);
|
|
19
19
|
}
|
|
20
20
|
}
|
|
21
|
+
class CookieHandler {
|
|
22
|
+
canHandle(endpoint) {
|
|
23
|
+
return endpoint === "cookies";
|
|
24
|
+
}
|
|
25
|
+
async handle(context, config) {
|
|
26
|
+
return await cookieEndpointHandler(context, config);
|
|
27
|
+
}
|
|
28
|
+
}
|
|
21
29
|
class EndpointRouter {
|
|
22
|
-
static handlers = [
|
|
30
|
+
static handlers = [
|
|
31
|
+
new SessionsHandler(),
|
|
32
|
+
new UsersHandler(),
|
|
33
|
+
new CookieHandler()
|
|
34
|
+
];
|
|
23
35
|
static async route(context, config) {
|
|
24
36
|
const { endpoint } = context;
|
|
25
37
|
if (!endpoint) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/endpointRouter.ts"],"sourcesContent":["import type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createApiErrorResponse } from './responses';\nimport { sessionEndpointHandler } from './sessionHandlers';\nimport type { AuthEndpoint, TernSecureHandlerOptions } from './types';\n\nexport interface EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean;\n handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;\n}\n\nclass SessionsHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'sessions';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await sessionEndpointHandler(context, config);\n }\n}\n\nclass UsersHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'users';\n }\n\n handle(_context: RequestProcessorContext, _config: TernSecureHandlerOptions): Promise<Response> {\n return Promise.resolve(\n createApiErrorResponse('ENDPOINT_NOT_IMPLEMENTED', 'Users endpoint not implemented', 501),\n );\n }\n}\n\nexport class EndpointRouter {\n private static readonly handlers: EndpointHandler[] = [new SessionsHandler()
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/endpointRouter.ts"],"sourcesContent":["import type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createApiErrorResponse } from './responses';\nimport { cookieEndpointHandler, sessionEndpointHandler } from './sessionHandlers';\nimport type { AuthEndpoint, TernSecureHandlerOptions } from './types';\n\nexport interface EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean;\n handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;\n}\n\nclass SessionsHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'sessions';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await sessionEndpointHandler(context, config);\n }\n}\n\nclass UsersHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'users';\n }\n\n handle(_context: RequestProcessorContext, _config: TernSecureHandlerOptions): Promise<Response> {\n return Promise.resolve(\n createApiErrorResponse('ENDPOINT_NOT_IMPLEMENTED', 'Users endpoint not implemented', 501),\n );\n }\n}\n\nclass CookieHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'cookies';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await cookieEndpointHandler(context, config);\n }\n}\n\nexport class EndpointRouter {\n private static readonly handlers: EndpointHandler[] = [\n new SessionsHandler(),\n new UsersHandler(),\n new CookieHandler(),\n ];\n\n static async route(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n const { endpoint } = context;\n\n if (!endpoint) {\n return createApiErrorResponse('ENDPOINT_REQUIRED', 'Endpoint is required', 400);\n }\n\n const handler = this.handlers.find(h => h.canHandle(endpoint));\n\n if (!handler) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Endpoint not found', 404);\n }\n\n return handler.handle(context, config);\n }\n\n static addHandler(handler: EndpointHandler): void {\n this.handlers.push(handler);\n }\n\n static removeHandler(predicate: (handler: EndpointHandler) => boolean): void {\n const index = this.handlers.findIndex(predicate);\n if (index > -1) {\n this.handlers.splice(index, 1);\n }\n }\n}\n"],"mappings":"AACA,SAAS,8BAA8B;AACvC,SAAS,uBAAuB,8BAA8B;AAQ9D,MAAM,gBAA2C;AAAA,EAC/C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,MAAM,OACJ,SACA,QACmB;AACnB,WAAO,MAAM,uBAAuB,SAAS,MAAM;AAAA,EACrD;AACF;AAEA,MAAM,aAAwC;AAAA,EAC5C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,OAAO,UAAmC,SAAsD;AAC9F,WAAO,QAAQ;AAAA,MACb,uBAAuB,4BAA4B,kCAAkC,GAAG;AAAA,IAC1F;AAAA,EACF;AACF;AAEA,MAAM,cAAyC;AAAA,EAC7C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,MAAM,OACJ,SACA,QACmB;AACnB,WAAO,MAAM,sBAAsB,SAAS,MAAM;AAAA,EACpD;AACF;AAEO,MAAM,eAAe;AAAA,EAC1B,OAAwB,WAA8B;AAAA,IACpD,IAAI,gBAAgB;AAAA,IACpB,IAAI,aAAa;AAAA,IACjB,IAAI,cAAc;AAAA,EACpB;AAAA,EAEA,aAAa,MACX,SACA,QACmB;AACnB,UAAM,EAAE,SAAS,IAAI;AAErB,QAAI,CAAC,UAAU;AACb,aAAO,uBAAuB,qBAAqB,wBAAwB,GAAG;AAAA,IAChF;AAEA,UAAM,UAAU,KAAK,SAAS,KAAK,OAAK,EAAE,UAAU,QAAQ,CAAC;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,uBAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,WAAO,QAAQ,OAAO,SAAS,MAAM;AAAA,EACvC;AAAA,EAEA,OAAO,WAAW,SAAgC;AAChD,SAAK,SAAS,KAAK,OAAO;AAAA,EAC5B;AAAA,EAEA,OAAO,cAAc,WAAwD;AAC3E,UAAM,QAAQ,KAAK,SAAS,UAAU,SAAS;AAC/C,QAAI,QAAQ,IAAI;AACd,WAAK,SAAS,OAAO,OAAO,CAAC;AAAA,IAC/B;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
import { clearSessionCookie } from "@tern-secure/backend/admin";
|
|
2
2
|
import { ternDecodeJwtUnguarded } from "@tern-secure/backend/jwt";
|
|
3
|
-
import { cookies } from "next/headers";
|
|
4
3
|
import { NextCookieStore } from "../../utils/NextCookieAdapter";
|
|
5
4
|
import { createValidators } from "./fnValidators";
|
|
6
5
|
import { refreshCookieWithIdToken } from "./request";
|
|
7
|
-
import { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from "./responses";
|
|
6
|
+
import { createApiErrorResponse, createApiSuccessResponse, HttpResponseHelper, SessionResponseHelper } from "./responses";
|
|
8
7
|
async function sessionEndpointHandler(context, config) {
|
|
9
8
|
const { subEndpoint, method, referrer } = context;
|
|
10
9
|
const validators = createValidators(context);
|
|
@@ -27,8 +26,7 @@ async function sessionEndpointHandler(context, config) {
|
|
|
27
26
|
const SessionGetHandler = async (subEndpoint2) => {
|
|
28
27
|
const handleSessionVerify = async () => {
|
|
29
28
|
try {
|
|
30
|
-
const
|
|
31
|
-
const sessionCookie = cookieStore.get("_session_cookie")?.value;
|
|
29
|
+
const sessionCookie = context.sessionTokenInCookie;
|
|
32
30
|
if (!sessionCookie) {
|
|
33
31
|
return SessionResponseHelper.createUnauthorizedResponse();
|
|
34
32
|
}
|
|
@@ -103,7 +101,76 @@ async function sessionEndpointHandler(context, config) {
|
|
|
103
101
|
return HttpResponseHelper.createMethodNotAllowedResponse();
|
|
104
102
|
}
|
|
105
103
|
}
|
|
104
|
+
async function cookieEndpointHandler(context, config) {
|
|
105
|
+
const { subEndpoint, method } = context;
|
|
106
|
+
const validators = createValidators(context);
|
|
107
|
+
const { validateSecurity } = validators;
|
|
108
|
+
if (!subEndpoint) {
|
|
109
|
+
return createApiErrorResponse("SUB_ENDPOINT_REQUIRED", "Cookie sub-endpoint required", 400);
|
|
110
|
+
}
|
|
111
|
+
const cookiesConfig = config.endpoints?.cookies;
|
|
112
|
+
const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint];
|
|
113
|
+
if (!subEndpointConfig || !subEndpointConfig.enabled) {
|
|
114
|
+
return createApiErrorResponse("ENDPOINT_NOT_FOUND", "Cookie endpoint not found or disabled", 404);
|
|
115
|
+
}
|
|
116
|
+
if (subEndpointConfig?.security) {
|
|
117
|
+
await validateSecurity(subEndpointConfig.security);
|
|
118
|
+
}
|
|
119
|
+
const CookieGetHandler = async (subEndpoint2) => {
|
|
120
|
+
const handleGetCookie = async () => {
|
|
121
|
+
try {
|
|
122
|
+
const url = new URL(context.ternUrl);
|
|
123
|
+
const tokenName = url.searchParams.get("tokenName");
|
|
124
|
+
if (!tokenName) {
|
|
125
|
+
return createApiErrorResponse("TOKEN_NAME_REQUIRED", "tokenName query parameter is required", 400);
|
|
126
|
+
}
|
|
127
|
+
let cookieValue;
|
|
128
|
+
switch (tokenName) {
|
|
129
|
+
case "idToken":
|
|
130
|
+
cookieValue = context.idTokenInCookie;
|
|
131
|
+
break;
|
|
132
|
+
case "sessionToken":
|
|
133
|
+
cookieValue = context.sessionTokenInCookie;
|
|
134
|
+
break;
|
|
135
|
+
case "refreshToken":
|
|
136
|
+
cookieValue = context.refreshTokenInCookie;
|
|
137
|
+
break;
|
|
138
|
+
case "customToken":
|
|
139
|
+
cookieValue = context.customTokenInCookie;
|
|
140
|
+
break;
|
|
141
|
+
default:
|
|
142
|
+
return createApiErrorResponse("INVALID_TOKEN_NAME", "Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken", 400);
|
|
143
|
+
}
|
|
144
|
+
if (!cookieValue) {
|
|
145
|
+
return createApiErrorResponse(
|
|
146
|
+
"TOKEN_NOT_FOUND",
|
|
147
|
+
`${tokenName} not found in httpOnly cookies`,
|
|
148
|
+
404
|
|
149
|
+
);
|
|
150
|
+
}
|
|
151
|
+
return createApiSuccessResponse({
|
|
152
|
+
token: cookieValue
|
|
153
|
+
});
|
|
154
|
+
} catch (error) {
|
|
155
|
+
return createApiErrorResponse("COOKIE_RETRIEVAL_FAILED", "Failed to retrieve cookie", 500);
|
|
156
|
+
}
|
|
157
|
+
};
|
|
158
|
+
switch (subEndpoint2) {
|
|
159
|
+
case "get":
|
|
160
|
+
return handleGetCookie();
|
|
161
|
+
default:
|
|
162
|
+
return HttpResponseHelper.createNotFoundResponse();
|
|
163
|
+
}
|
|
164
|
+
};
|
|
165
|
+
switch (method) {
|
|
166
|
+
case "GET":
|
|
167
|
+
return CookieGetHandler(subEndpoint);
|
|
168
|
+
default:
|
|
169
|
+
return HttpResponseHelper.createMethodNotAllowedResponse();
|
|
170
|
+
}
|
|
171
|
+
}
|
|
106
172
|
export {
|
|
173
|
+
cookieEndpointHandler,
|
|
107
174
|
sessionEndpointHandler
|
|
108
175
|
};
|
|
109
176
|
//# sourceMappingURL=sessionHandlers.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport { cookies } from 'next/headers';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nexport async function sessionEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, config);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n"],"mappings":"AAAA,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,eAAe;AAExB,SAAS,uBAAuB;AAEhC,SAAS,wBAAwB;AACjC,SAAS,gCAAgC;AACzC,SAAS,wBAAwB,oBAAoB,6BAA6B;AAGlF,eAAsB,uBACpB,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,aAAa,iBAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,WAAO,uBAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,cAAc,MAAM,QAAQ;AAClC,cAAM,gBAAgB,YAAY,IAAI,iBAAiB,GAAG;AAC1D,YAAI,CAAC,eAAe;AAClB,iBAAO,sBAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,IAAI,uBAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,sBAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,sBAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,sBAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,mBAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,gBAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,iBAAiB;AAC/D,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,yBAAyBA,UAASD,cAAa,QAAQ,QAAQ;AACrE,eAAO,sBAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,eAAO,uBAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,iBAAiB,uBAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,iBAAO,uBAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,MAAM,yBAAyBA,UAASD,cAAa,MAAM;AAC9E,eAAO,sBAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,eAAO,uBAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,MAAM,mBAAmBA,YAAW;AAChD,aAAO,sBAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,mBAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,mBAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport type { CookieSubEndpoint } from '@tern-secure/types';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, createApiSuccessResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nasync function sessionEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const sessionCookie = context.sessionTokenInCookie;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, config);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nasync function cookieEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n const { validateSecurity } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Cookie sub-endpoint required', 400);\n }\n\n const cookiesConfig = config.endpoints?.cookies;\n const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint as CookieSubEndpoint];\n\n if (!subEndpointConfig || !subEndpointConfig.enabled) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Cookie endpoint not found or disabled', 404);\n }\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const CookieGetHandler = async (subEndpoint: CookieSubEndpoint): Promise<Response> => {\n const handleGetCookie = async (): Promise<Response> => {\n try {\n const url = new URL(context.ternUrl);\n const tokenName = url.searchParams.get('tokenName');\n\n if (!tokenName) {\n return createApiErrorResponse('TOKEN_NAME_REQUIRED', 'tokenName query parameter is required', 400);\n }\n\n let cookieValue: string | undefined;\n\n switch (tokenName) {\n case 'idToken':\n cookieValue = context.idTokenInCookie;\n break;\n case 'sessionToken':\n cookieValue = context.sessionTokenInCookie;\n break;\n case 'refreshToken':\n cookieValue = context.refreshTokenInCookie;\n break;\n case 'customToken':\n cookieValue = context.customTokenInCookie;\n break;\n default:\n return createApiErrorResponse('INVALID_TOKEN_NAME', 'Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken', 400);\n }\n\n if (!cookieValue) {\n return createApiErrorResponse(\n 'TOKEN_NOT_FOUND',\n `${tokenName} not found in httpOnly cookies`,\n 404\n );\n }\n\n return createApiSuccessResponse({\n token: cookieValue,\n });\n } catch (error) {\n return createApiErrorResponse('COOKIE_RETRIEVAL_FAILED', 'Failed to retrieve cookie', 500);\n }\n };\n\n switch (subEndpoint) {\n case 'get':\n return handleGetCookie();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return CookieGetHandler(subEndpoint as CookieSubEndpoint);\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nexport { sessionEndpointHandler, cookieEndpointHandler };\n"],"mappings":"AAAA,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,uBAAuB;AAEhC,SAAS,wBAAwB;AACjC,SAAS,gCAAgC;AACzC,SAAS,wBAAwB,0BAA0B,oBAAoB,6BAA6B;AAG5G,eAAe,uBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,aAAa,iBAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,WAAO,uBAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,gBAAgB,QAAQ;AAC9B,YAAI,CAAC,eAAe;AAClB,iBAAO,sBAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,IAAI,uBAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,sBAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,sBAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,sBAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,mBAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,gBAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,iBAAiB;AAC/D,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,yBAAyBA,UAASD,cAAa,QAAQ,QAAQ;AACrE,eAAO,sBAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,eAAO,uBAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,iBAAiB,uBAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,iBAAO,uBAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,MAAM,yBAAyBA,UAASD,cAAa,MAAM;AAC9E,eAAO,sBAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,eAAO,uBAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,MAAM,mBAAmBA,YAAW;AAChD,aAAO,sBAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,mBAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,mBAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,eAAe,sBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,aAAa,iBAAiB,OAAO;AAC3C,QAAM,EAAE,iBAAiB,IAAI;AAE7B,MAAI,CAAC,aAAa;AAChB,WAAO,uBAAuB,yBAAyB,gCAAgC,GAAG;AAAA,EAC5F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,MAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,WAAO,uBAAuB,sBAAsB,yCAAyC,GAAG;AAAA,EAClG;AAEA,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,mBAAmB,OAAOA,iBAAsD;AACpF,UAAM,kBAAkB,YAA+B;AACrD,UAAI;AACF,cAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,cAAM,YAAY,IAAI,aAAa,IAAI,WAAW;AAElD,YAAI,CAAC,WAAW;AACd,iBAAO,uBAAuB,uBAAuB,yCAAyC,GAAG;AAAA,QACnG;AAEA,YAAI;AAEJ,gBAAQ,WAAW;AAAA,UACjB,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF;AACE,mBAAO,uBAAuB,sBAAsB,wFAAwF,GAAG;AAAA,QACnJ;AAEA,YAAI,CAAC,aAAa;AAChB,iBAAO;AAAA,YACL;AAAA,YACA,GAAG,SAAS;AAAA,YACZ;AAAA,UACF;AAAA,QACF;AAEA,eAAO,yBAAyB;AAAA,UAC9B,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,OAAO;AACd,eAAO,uBAAuB,2BAA2B,6BAA6B,GAAG;AAAA,MAC3F;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,gBAAgB;AAAA,MACzB;AACE,eAAO,mBAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,iBAAiB,WAAgC;AAAA,IAC1D;AACE,aAAO,mBAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
|
|
@@ -61,6 +61,20 @@ const DEFAULT_ENDPOINT_CONFIG = {
|
|
|
61
61
|
requireAuth: false,
|
|
62
62
|
security: DEFAULT_SECURITY_OPTIONS
|
|
63
63
|
};
|
|
64
|
+
const DEFAULT_COOKIE_REQUEST_CONFIG = {
|
|
65
|
+
...DEFAULT_ENDPOINT_CONFIG,
|
|
66
|
+
subEndpoints: {
|
|
67
|
+
get: {
|
|
68
|
+
enabled: true,
|
|
69
|
+
methods: ["GET"],
|
|
70
|
+
requireAuth: false,
|
|
71
|
+
security: {
|
|
72
|
+
requireCSRF: true,
|
|
73
|
+
allowedReferers: []
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
};
|
|
64
78
|
const DEFAULT_SESSIONS_CONFIG = {
|
|
65
79
|
...DEFAULT_ENDPOINT_CONFIG,
|
|
66
80
|
subEndpoints: {
|
|
@@ -111,6 +125,7 @@ const DEFAULT_HANDLER_OPTIONS = {
|
|
|
111
125
|
},
|
|
112
126
|
security: DEFAULT_SECURITY_OPTIONS,
|
|
113
127
|
endpoints: {
|
|
128
|
+
cookies: DEFAULT_COOKIE_REQUEST_CONFIG,
|
|
114
129
|
sessions: DEFAULT_SESSIONS_CONFIG
|
|
115
130
|
},
|
|
116
131
|
tenantId: "",
|
|
@@ -160,6 +175,7 @@ class CookieUtils {
|
|
|
160
175
|
export {
|
|
161
176
|
CookieUtils,
|
|
162
177
|
DEFAULT_COOKIE_OPTIONS,
|
|
178
|
+
DEFAULT_COOKIE_REQUEST_CONFIG,
|
|
163
179
|
DEFAULT_CORS_OPTIONS,
|
|
164
180
|
DEFAULT_ENDPOINT_CONFIG,
|
|
165
181
|
DEFAULT_HANDLER_OPTIONS,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig,\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\n\nexport const FIXED_TOKEN_CONFIGS = {\n id: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600, // 1 hour\n },\n refresh: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 30, // 30 days (changes when user events occur)\n },\n signature: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n custom: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n} as const;\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n requireCSRF: true,\n allowedReferers: [],\n requiredHeaders: {},\n ipWhitelist: [],\n userAgent: {\n block: [],\n allow: [],\n },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n enabled: true,\n methods: ['GET', 'POST'],\n requireAuth: false,\n security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n verify: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n createsession: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n },\n },\n refresh: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n revoke: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n cors: DEFAULT_CORS_OPTIONS,\n cookies: DEFAULT_COOKIE_OPTIONS,\n rateLimit: {\n windowMs: 15 * 60 * 1000, // 15 minutes\n maxRequests: 100,\n skipSuccessful: false,\n skipFailedRequests: false,\n },\n security: DEFAULT_SECURITY_OPTIONS,\n endpoints: {\n sessions: DEFAULT_SESSIONS_CONFIG,\n },\n tenantId: '',\n enableCustomToken: false,\n debug: false,\n environment: 'production',\n basePath: '/api/auth',\n};\n\nexport interface ValidationResult {\n error?: NextResponse;\n data?: any;\n}\n\nexport interface ValidationConfig {\n cors?: CorsOptions;\n security?: SecurityOptions;\n endpoint?: {\n name: AuthEndpoint;\n config: EndpointConfig;\n };\n subEndpoint?: {\n name: SessionSubEndpoint;\n config: EndpointConfig;\n };\n requireIdToken?: boolean;\n requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n isValid: boolean;\n error?: Response;\n corsResponse?: Response;\n sessionData?: {\n body: any;\n idToken?: string;\n csrfToken?: string;\n };\n}\n\nexport type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';\n\nexport class CookieUtils {\n static getCookieName(namePrefix: string, tokenType: suffix): string {\n return `${namePrefix}.${tokenType}`;\n }\n\n static getCookieNames(namePrefix: string) {\n return {\n session: this.getCookieName(namePrefix, 'session'),\n id: this.getCookieName(namePrefix, 'id'),\n refresh: this.getCookieName(namePrefix, 'refresh'),\n signature: this.getCookieName(namePrefix, 'signature'),\n custom: this.getCookieName(namePrefix, 'custom'),\n };\n }\n\n static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig {\n const sessionConfig = cookieOptions.session || {};\n const defaultSession = DEFAULT_COOKIE_OPTIONS.session || {};\n\n return {\n path: sessionConfig.path ?? cookieOptions.path ?? '/',\n httpOnly: sessionConfig.httpOnly ?? cookieOptions.httpOnly ?? true,\n sameSite: sessionConfig.sameSite ?? cookieOptions.sameSite ?? 'lax',\n maxAge: sessionConfig.maxAge ?? defaultSession.maxAge ?? 3600 * 24 * 7,\n };\n }\n\n static getFixedTokenConfig(\n tokenType: Exclude<suffix, 'session'>,\n ): TokenCookieConfig {\n const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];\n\n return {\n path: fixedConfig.path,\n httpOnly: fixedConfig.httpOnly,\n sameSite: fixedConfig.sameSite,\n maxAge: fixedConfig.maxAge,\n };\n }\n\n static validateSessionMaxAge(maxAge: number): boolean {\n const minAge = 300; // 5 minutes\n const maxAgeLimit = 3600 * 24 * 14; // 2 weeks\n return maxAge >= minAge && maxAge <= maxAgeLimit;\n }\n}\n\nexport {\n AuthEndpoint,\n CookieOptions,\n CorsOptions,\n SecurityOptions,\n SessionSubEndpoint,\n EndpointConfig,\n SessionEndpointConfig,\n TernSecureHandlerOptions,\n};\n"],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieEndpointConfig,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig,\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\n\nexport const FIXED_TOKEN_CONFIGS = {\n id: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600, // 1 hour\n },\n refresh: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 30, // 30 days (changes when user events occur)\n },\n signature: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n custom: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n} as const;\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n requireCSRF: true,\n allowedReferers: [],\n requiredHeaders: {},\n ipWhitelist: [],\n userAgent: {\n block: [],\n allow: [],\n },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n enabled: true,\n methods: ['GET', 'POST'],\n requireAuth: false,\n security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_COOKIE_REQUEST_CONFIG: CookieEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n get: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n },\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n verify: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n createsession: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n },\n },\n refresh: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n revoke: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n cors: DEFAULT_CORS_OPTIONS,\n cookies: DEFAULT_COOKIE_OPTIONS,\n rateLimit: {\n windowMs: 15 * 60 * 1000, // 15 minutes\n maxRequests: 100,\n skipSuccessful: false,\n skipFailedRequests: false,\n },\n security: DEFAULT_SECURITY_OPTIONS,\n endpoints: {\n cookies: DEFAULT_COOKIE_REQUEST_CONFIG,\n sessions: DEFAULT_SESSIONS_CONFIG,\n },\n tenantId: '',\n enableCustomToken: false,\n debug: false,\n environment: 'production',\n basePath: '/api/auth',\n};\n\nexport interface ValidationResult {\n error?: NextResponse;\n data?: any;\n}\n\nexport interface ValidationConfig {\n cors?: CorsOptions;\n security?: SecurityOptions;\n endpoint?: {\n name: AuthEndpoint;\n config: EndpointConfig;\n };\n subEndpoint?: {\n name: SessionSubEndpoint;\n config: EndpointConfig;\n };\n requireIdToken?: boolean;\n requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n isValid: boolean;\n error?: Response;\n corsResponse?: Response;\n sessionData?: {\n body: any;\n idToken?: string;\n csrfToken?: string;\n };\n}\n\nexport type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';\n\nexport class CookieUtils {\n static getCookieName(namePrefix: string, tokenType: suffix): string {\n return `${namePrefix}.${tokenType}`;\n }\n\n static getCookieNames(namePrefix: string) {\n return {\n session: this.getCookieName(namePrefix, 'session'),\n id: this.getCookieName(namePrefix, 'id'),\n refresh: this.getCookieName(namePrefix, 'refresh'),\n signature: this.getCookieName(namePrefix, 'signature'),\n custom: this.getCookieName(namePrefix, 'custom'),\n };\n }\n\n static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig {\n const sessionConfig = cookieOptions.session || {};\n const defaultSession = DEFAULT_COOKIE_OPTIONS.session || {};\n\n return {\n path: sessionConfig.path ?? cookieOptions.path ?? '/',\n httpOnly: sessionConfig.httpOnly ?? cookieOptions.httpOnly ?? true,\n sameSite: sessionConfig.sameSite ?? cookieOptions.sameSite ?? 'lax',\n maxAge: sessionConfig.maxAge ?? defaultSession.maxAge ?? 3600 * 24 * 7,\n };\n }\n\n static getFixedTokenConfig(\n tokenType: Exclude<suffix, 'session'>,\n ): TokenCookieConfig {\n const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];\n\n return {\n path: fixedConfig.path,\n httpOnly: fixedConfig.httpOnly,\n sameSite: fixedConfig.sameSite,\n maxAge: fixedConfig.maxAge,\n };\n }\n\n static validateSessionMaxAge(maxAge: number): boolean {\n const minAge = 300; // 5 minutes\n const maxAgeLimit = 3600 * 24 * 14; // 2 weeks\n return maxAge >= minAge && maxAge <= maxAgeLimit;\n }\n}\n\nexport {\n AuthEndpoint,\n CookieOptions,\n CorsOptions,\n SecurityOptions,\n SessionSubEndpoint,\n EndpointConfig,\n SessionEndpointConfig,\n TernSecureHandlerOptions,\n};\n"],"mappings":"AAcO,MAAM,uBAAoC;AAAA,EAC/C,gBAAgB,CAAC;AAAA,EACjB,gBAAgB,CAAC,OAAO,MAAM;AAAA,EAC9B,gBAAgB,CAAC,gBAAgB,iBAAiB,kBAAkB;AAAA,EACpE,kBAAkB;AAAA,EAClB,QAAQ;AAAA;AACV;AAEO,MAAM,yBAAwC;AAAA,EACnD,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,EACvB,UAAU;AACZ;AAGO,MAAM,sBAAsB;AAAA,EACjC,IAAI;AAAA,IACF,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ;AAAA;AAAA,EACV;AAAA,EACA,SAAS;AAAA,IACP,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,WAAW;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AACF;AAEO,MAAM,2BAA4C;AAAA,EACvD,aAAa;AAAA,EACb,iBAAiB,CAAC;AAAA,EAClB,iBAAiB,CAAC;AAAA,EAClB,aAAa,CAAC;AAAA,EACd,WAAW;AAAA,IACT,OAAO,CAAC;AAAA,IACR,OAAO,CAAC;AAAA,EACV;AACF;AAEO,MAAM,0BAA0C;AAAA,EACrD,SAAS;AAAA,EACT,SAAS,CAAC,OAAO,MAAM;AAAA,EACvB,aAAa;AAAA,EACb,UAAU;AACZ;AAEO,MAAM,gCAAsD;AAAA,EACjE,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,KAAK;AAAA,MACH,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAAiD;AAAA,EAC5D,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAET;AAAA,EACF,MAAM;AAAA,EACN,SAAS;AAAA,EACT,WAAW;AAAA,IACT,UAAU,KAAK,KAAK;AAAA;AAAA,IACpB,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB;AAAA,EACA,UAAU;AAAA,EACV,WAAW;AAAA,IACT,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA,UAAU;AAAA,EACV,mBAAmB;AAAA,EACnB,OAAO;AAAA,EACP,aAAa;AAAA,EACb,UAAU;AACZ;AAmCO,MAAM,YAAY;AAAA,EACvB,OAAO,cAAc,YAAoB,WAA2B;AAClE,WAAO,GAAG,UAAU,IAAI,SAAS;AAAA,EACnC;AAAA,EAEA,OAAO,eAAe,YAAoB;AACxC,WAAO;AAAA,MACL,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,IAAI,KAAK,cAAc,YAAY,IAAI;AAAA,MACvC,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,WAAW,KAAK,cAAc,YAAY,WAAW;AAAA,MACrD,QAAQ,KAAK,cAAc,YAAY,QAAQ;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB,eAAiD;AACvE,UAAM,gBAAgB,cAAc,WAAW,CAAC;AAChD,UAAM,iBAAiB,uBAAuB,WAAW,CAAC;AAE1D,WAAO;AAAA,MACL,MAAM,cAAc,QAAQ,cAAc,QAAQ;AAAA,MAClD,UAAU,cAAc,YAAY,cAAc,YAAY;AAAA,MAC9D,UAAU,cAAc,YAAY,cAAc,YAAY;AAAA,MAC9D,QAAQ,cAAc,UAAU,eAAe,UAAU,OAAO,KAAK;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,OAAO,oBACL,WACmB;AACnB,UAAM,cAAc,oBAAoB,SAAS;AAEjD,WAAO;AAAA,MACL,MAAM,YAAY;AAAA,MAClB,UAAU,YAAY;AAAA,MACtB,UAAU,YAAY;AAAA,MACtB,QAAQ,YAAY;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,OAAO,sBAAsB,QAAyB;AACpD,UAAM,SAAS;AACf,UAAM,cAAc,OAAO,KAAK;AAChC,WAAO,UAAU,UAAU,UAAU;AAAA,EACvC;AACF;","names":[]}
|