@tern-secure/nextjs 5.2.0-canary.v20251008165428 → 5.2.0-canary.v20251019190011

package/dist/cjs/server/jwt.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/jwt.ts"],"sourcesContent":["import { createRemoteJWKSet,jwtVerify } from \"jose\";\r\nimport { cache } from \"react\";\r\n\r\ninterface FirebaseIdTokenPayload {\r\n  iss: string;\r\n  aud: string;\r\n  auth_time: number;\r\n  user_id: string;\r\n  sub: string;\r\n  iat: number;\r\n  exp: number;\r\n  email?: string;\r\n  email_verified?: boolean;\r\n  firebase: {\r\n    identities: {\r\n      [key: string]: any;\r\n    };\r\n    sign_in_provider: string;\r\n    tenant?: string;\r\n  };\r\n}\r\n\r\ninterface FirebaseTokenResult {\r\n  valid: boolean;\r\n  tenant?: string;\r\n  uid?: string;\r\n  email?: string | null;\r\n  emailVerified?: boolean;\r\n  authTime?: number;\r\n  issuedAt?: number;\r\n  expiresAt?: number;\r\n  error?: string;\r\n}\r\n\r\n// Firebase public key endpoints\r\nconst FIREBASE_ID_TOKEN_URL =\r\n  \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\";\r\nconst FIREBASE_SESSION_CERT_URL =\r\n  \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\";\r\n\r\n// Cache the JWKS using React cache\r\nconst getIdTokenJWKS = cache(() => {\r\n  return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\r\n    cacheMaxAge: 3600000, // 1 hour\r\n    timeoutDuration: 5000, // 5 seconds\r\n    cooldownDuration: 30000, // 30 seconds between retries\r\n  });\r\n});\r\n\r\nconst getSessionJWKS = cache(() => {\r\n  return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\r\n    cacheMaxAge: 3600000, // 1 hour\r\n    timeoutDuration: 5000, // 5 seconds\r\n    cooldownDuration: 30000, // 30 seconds between retries\r\n  });\r\n});\r\n\r\n// Helper to decode JWT without verification\r\nfunction decodeJwt(token: string) {\r\n  try {\r\n    const [headerB64, payloadB64] = token.split(\".\");\r\n    const header = JSON.parse(Buffer.from(headerB64, \"base64\").toString());\r\n    const payload = JSON.parse(Buffer.from(payloadB64, \"base64\").toString());\r\n    return { header, payload };\r\n  } catch (error) {\r\n    console.error(\"Error decoding JWT:\", error);\r\n    return null;\r\n  }\r\n}\r\n\r\nexport async function verifyFirebaseToken(\r\n  token: string,\r\n  isSessionCookie = false\r\n): Promise<FirebaseTokenResult> {\r\n  try {\r\n    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID;\r\n    if (!projectId) {\r\n      throw new Error(\"Firebase Project ID is not configured\");\r\n    }\r\n\r\n    const decoded = decodeJwt(token);\r\n    if (!decoded) {\r\n      throw new Error(\"Invalid token format\");\r\n    }\r\n\r\n    let retries = 3;\r\n    let lastError: Error | null = null;\r\n\r\n    while (retries > 0) {\r\n      try {\r\n        // Use different JWKS based on token type\r\n        const JWKS = isSessionCookie\r\n          ? await getSessionJWKS()\r\n          : await getIdTokenJWKS();\r\n\r\n        const { payload } = await jwtVerify(token, JWKS, {\r\n          issuer: isSessionCookie\r\n            ? \"https://session.firebase.google.com/\" + projectId\r\n            : \"https://securetoken.google.com/\" + projectId,\r\n          audience: projectId,\r\n          algorithms: [\"RS256\"],\r\n        });\r\n\r\n        const firebasePayload = payload as unknown as FirebaseIdTokenPayload;\r\n        const now = Math.floor(Date.now() / 1000);\r\n\r\n        // Verify token claims\r\n        if (firebasePayload.exp <= now) {\r\n          throw new Error(\"Token has expired\");\r\n        }\r\n\r\n        if (firebasePayload.iat > now) {\r\n          throw new Error(\"Token issued time is in the future\");\r\n        }\r\n\r\n        if (!firebasePayload.sub) {\r\n          throw new Error(\"Token subject is empty\");\r\n        }\r\n\r\n        if (firebasePayload.auth_time > now) {\r\n          throw new Error(\"Token auth time is in the future\");\r\n        }\r\n\r\n        return {\r\n          valid: true,\r\n          uid: firebasePayload.sub,\r\n          email: firebasePayload.email,\r\n          emailVerified: firebasePayload.email_verified,\r\n          tenant: firebasePayload.firebase.tenant,\r\n          authTime: firebasePayload.auth_time,\r\n          issuedAt: firebasePayload.iat,\r\n          expiresAt: firebasePayload.exp,\r\n        };\r\n      } catch (error) {\r\n        lastError = error as Error;\r\n        if (error instanceof Error && error.name === \"JWKSNoMatchingKey\") {\r\n          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message);\r\n          retries--;\r\n          if (retries > 0) {\r\n            await new Promise((resolve) => setTimeout(resolve, 1000));\r\n            continue;\r\n          }\r\n        }\r\n        throw error;\r\n      }\r\n    }\r\n\r\n    throw lastError || new Error(\"Failed to verify token after retries\");\r\n  } catch (error) {\r\n    console.error(\"Token verification details:\", {\r\n      error:\r\n        error instanceof Error\r\n          ? {\r\n              name: error.name,\r\n              message: error.message,\r\n              stack: error.stack,\r\n            }\r\n          : error,\r\n      decoded: decodeJwt(token),\r\n      //projectId,\r\n      isSessionCookie,\r\n    });\r\n\r\n    return {\r\n      valid: false,\r\n      error: error instanceof Error ? error.message : \"Invalid token\",\r\n    };\r\n  }\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA6C;AAC7C,mBAAsB;AAkCtB,MAAM,wBACJ;AACF,MAAM,4BACJ;AAGF,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,IACxD,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAED,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,IAC5D,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAGD,SAAS,UAAU,OAAe;AAChC,MAAI;AACF,UAAM,CAAC,WAAW,UAAU,IAAI,MAAM,MAAM,GAAG;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO,KAAK,WAAW,QAAQ,EAAE,SAAS,CAAC;AACrE,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,CAAC;AACvE,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B,SAAS,OAAO;AACd,YAAQ,MAAM,uBAAuB,KAAK;AAC1C,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,oBACpB,OACA,kBAAkB,OACY;AAC9B,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAEA,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,QAAI,UAAU;AACd,QAAI,YAA0B;AAE9B,WAAO,UAAU,GAAG;AAClB,UAAI;AAEF,cAAM,OAAO,kBACT,MAAM,eAAe,IACrB,MAAM,eAAe;AAEzB,cAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,OAAO,MAAM;AAAA,UAC/C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,UACxC,UAAU;AAAA,UACV,YAAY,CAAC,OAAO;AAAA,QACtB,CAAC;AAED,cAAM,kBAAkB;AACxB,cAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAGxC,YAAI,gBAAgB,OAAO,KAAK;AAC9B,gBAAM,IAAI,MAAM,mBAAmB;AAAA,QACrC;AAEA,YAAI,gBAAgB,MAAM,KAAK;AAC7B,gBAAM,IAAI,MAAM,oCAAoC;AAAA,QACtD;AAEA,YAAI,CAAC,gBAAgB,KAAK;AACxB,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C;AAEA,YAAI,gBAAgB,YAAY,KAAK;AACnC,gBAAM,IAAI,MAAM,kCAAkC;AAAA,QACpD;AAEA,eAAO;AAAA,UACL,OAAO;AAAA,UACP,KAAK,gBAAgB;AAAA,UACrB,OAAO,gBAAgB;AAAA,UACvB,eAAe,gBAAgB;AAAA,UAC/B,QAAQ,gBAAgB,SAAS;AAAA,UACjC,UAAU,gBAAgB;AAAA,UAC1B,UAAU,gBAAgB;AAAA,UAC1B,WAAW,gBAAgB;AAAA,QAC7B;AAAA,MACF,SAAS,OAAO;AACd,oBAAY;AACZ,YAAI,iBAAiB,SAAS,MAAM,SAAS,qBAAqB;AAChE,kBAAQ,KAAK,sBAAsB,IAAI,OAAO,KAAK,MAAM,OAAO;AAChE;AACA,cAAI,UAAU,GAAG;AACf,kBAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,GAAI,CAAC;AACxD;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,sCAAsC;AAAA,EACrE,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,SAAS,UAAU,KAAK;AAAA;AAAA,MAExB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}

package/dist/cjs/server/session-store.js

@@ -1,74 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var session_store_exports = {};
-__export(session_store_exports, {
-  getVerifiedUser: () => getVerifiedUser,
-  sessionStore: () => sessionStore
-});
-module.exports = __toCommonJS(session_store_exports);
-var import_react = require("react");
-class SessionStore {
-  static instance;
-  sessions;
-  currentSessionId = null;
-  constructor() {
-    this.sessions = /* @__PURE__ */ new Map();
-  }
-  static getInstance() {
-    if (!SessionStore.instance) {
-      SessionStore.instance = new SessionStore();
-    }
-    return SessionStore.instance;
-  }
-  setUser(sessionId, user) {
-    console.log("SessionStore: Setting user:", { sessionId, user });
-    this.sessions.set(sessionId, user);
-    this.currentSessionId = sessionId;
-  }
-  getUser(sessionId) {
-    return this.sessions.get(sessionId) || null;
-  }
-  getCurrentUser() {
-    if (!this.currentSessionId) return null;
-    return this.sessions.get(this.currentSessionId) || null;
-  }
-  removeUser(sessionId) {
-    this.sessions.delete(sessionId);
-  }
-  clear() {
-    this.sessions.clear();
-  }
-  debug() {
-    return {
-      sessionsCount: this.sessions.size,
-      currentSessionId: this.currentSessionId,
-      sessions: Array.from(this.sessions.entries())
-    };
-  }
-}
-const sessionStore = SessionStore.getInstance();
-const getVerifiedUser = (0, import_react.cache)((sessionId) => {
-  return sessionStore.getUser(sessionId);
-});
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  getVerifiedUser,
-  sessionStore
-});
-//# sourceMappingURL=session-store.js.map

package/dist/cjs/server/session-store.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/session-store.ts"],"sourcesContent":["import { cache } from \"react\"\r\n\r\nimport type { User } from \"./types\"\r\n\r\n/**\r\n * Simple in-memory session store\r\n * In a real app, this would be backed by Redis/etc\r\n */\r\nclass SessionStore {\r\n  private static instance: SessionStore\r\n  private sessions: Map<string, User>\r\n  private currentSessionId: string | null = null\r\n\r\n  private constructor() {\r\n    this.sessions = new Map()\r\n  }\r\n\r\n  static getInstance(): SessionStore {\r\n    if (!SessionStore.instance) {\r\n      SessionStore.instance = new SessionStore()\r\n    }\r\n    return SessionStore.instance\r\n  }\r\n\r\n  setUser(sessionId: string, user: User) {\r\n    console.log(\"SessionStore: Setting user:\", { sessionId, user })\r\n    this.sessions.set(sessionId, user)\r\n    this.currentSessionId = sessionId\r\n  }\r\n\r\n  getUser(sessionId: string): User | null {\r\n    return this.sessions.get(sessionId) || null\r\n  }\r\n\r\n  getCurrentUser(): User | null {\r\n    if (!this.currentSessionId) return null\r\n    return this.sessions.get(this.currentSessionId) || null\r\n  }\r\n\r\n  removeUser(sessionId: string) {\r\n    this.sessions.delete(sessionId)\r\n  }\r\n\r\n  clear() {\r\n    this.sessions.clear()\r\n  }\r\n\r\n  debug() {\r\n    return {\r\n      sessionsCount: this.sessions.size,\r\n      currentSessionId: this.currentSessionId,\r\n      sessions: Array.from(this.sessions.entries())\r\n    }\r\n}\r\n}\r\n\r\n// Export singleton instance\r\nexport const sessionStore = SessionStore.getInstance()\r\n\r\n/**\r\n * Cached function to get user from session store\r\n * Uses React cache for SSR optimization\r\n */\r\nexport const getVerifiedUser = cache((sessionId: string): User | null => {\r\n  return sessionStore.getUser(sessionId)\r\n})\r\n\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAsB;AAQtB,MAAM,aAAa;AAAA,EACjB,OAAe;AAAA,EACP;AAAA,EACA,mBAAkC;AAAA,EAElC,cAAc;AACpB,SAAK,WAAW,oBAAI,IAAI;AAAA,EAC1B;AAAA,EAEA,OAAO,cAA4B;AACjC,QAAI,CAAC,aAAa,UAAU;AAC1B,mBAAa,WAAW,IAAI,aAAa;AAAA,IAC3C;AACA,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,QAAQ,WAAmB,MAAY;AACrC,YAAQ,IAAI,+BAA+B,EAAE,WAAW,KAAK,CAAC;AAC9D,SAAK,SAAS,IAAI,WAAW,IAAI;AACjC,SAAK,mBAAmB;AAAA,EAC1B;AAAA,EAEA,QAAQ,WAAgC;AACtC,WAAO,KAAK,SAAS,IAAI,SAAS,KAAK;AAAA,EACzC;AAAA,EAEA,iBAA8B;AAC5B,QAAI,CAAC,KAAK,iBAAkB,QAAO;AACnC,WAAO,KAAK,SAAS,IAAI,KAAK,gBAAgB,KAAK;AAAA,EACrD;AAAA,EAEA,WAAW,WAAmB;AAC5B,SAAK,SAAS,OAAO,SAAS;AAAA,EAChC;AAAA,EAEA,QAAQ;AACN,SAAK,SAAS,MAAM;AAAA,EACtB;AAAA,EAEA,QAAQ;AACN,WAAO;AAAA,MACL,eAAe,KAAK,SAAS;AAAA,MAC7B,kBAAkB,KAAK;AAAA,MACvB,UAAU,MAAM,KAAK,KAAK,SAAS,QAAQ,CAAC;AAAA,IAC9C;AAAA,EACJ;AACA;AAGO,MAAM,eAAe,aAAa,YAAY;AAM9C,MAAM,sBAAkB,oBAAM,CAAC,cAAmC;AACvE,SAAO,aAAa,QAAQ,SAAS;AACvC,CAAC;","names":[]}

package/dist/esm/server/edge-session.js

@@ -1,146 +0,0 @@
-import { verifyFirebaseToken } from "./jwt";
-async function verifySession(request) {
-  try {
-    const sessionCookie = request.cookies.get("_session_cookie")?.value;
-    if (sessionCookie) {
-      const result = await verifyFirebaseToken(sessionCookie, true);
-      if (result.valid) {
-        return {
-          isAuthenticated: true,
-          user: {
-            uid: result.uid ?? "",
-            email: result.email || null,
-            tenantId: result.tenant || "default",
-            emailVerified: result.emailVerified ?? false,
-            disabled: false
-          }
-        };
-      }
-    }
-    return {
-      isAuthenticated: false,
-      user: null,
-      error: "No valid session found"
-    };
-  } catch (error) {
-    console.error("Session verification error:", error);
-    return {
-      isAuthenticated: false,
-      user: null,
-      error: error instanceof Error ? error.message : "Session verification failed"
-    };
-  }
-}
-async function verifyTokenEdge(idToken) {
-  try {
-    const response = await fetch(
-      `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.NEXT_PUBLIC_FIREBASE_API_KEY}`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({ idToken })
-      }
-    );
-    const data = await response.json();
-    console.log("data Token", data);
-    if (!response.ok || !data.users?.[0]) {
-      return null;
-    }
-    const user = data.users[0];
-    return {
-      uid: user.localId,
-      email: user.email || null,
-      tenantId: user.tenantId || "default",
-      disabled: user.disabled || false
-    };
-  } catch (error) {
-    console.error("Token verification error:", error);
-    return null;
-  }
-}
-async function verifySessionEdge(sessionCookie) {
-  try {
-    const response = await fetch(
-      `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.NEXT_PUBLIC_FIREBASE_API_KEY}`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${sessionCookie}`
-        }
-      }
-    );
-    const data = await response.json();
-    console.log("data Session", data);
-    if (!response.ok || !data.users?.[0]) {
-      return null;
-    }
-    const user = data.users[0];
-    return {
-      uid: user.localId,
-      email: user.email || null,
-      tenantId: user.tenant || "default",
-      disabled: user.disabled || false
-    };
-  } catch (error) {
-    console.error("Session verification error:", error);
-    return null;
-  }
-}
-async function VerifySessionWithRestApi(request) {
-  try {
-    const sessionCookie = request.cookies.get("_session_cookie")?.value;
-    if (sessionCookie) {
-      const response = await fetch(
-        `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.GOOGLE_CLIENT_ID}`,
-        {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json",
-            Authorization: `Bearer ${sessionCookie}`
-          }
-        }
-      );
-      const data = await response.json();
-      console.log("[edge-session] data with session cookie", data);
-      if (response.ok && data.users?.[0]) {
-        const user = data.users[0];
-        return {
-          isAuthenticated: true,
-          user: {
-            uid: user.localId,
-            email: user.email || null,
-            tenantId: user.tenantId || "default",
-            emailVerified: user.emailVerified ?? false,
-            disabled: user.disabled || false
-          }
-        };
-      }
-      console.log(
-        "Session cookie verification failed:",
-        data.error?.message || "Invalid session"
-      );
-    }
-    return {
-      isAuthenticated: false,
-      user: null,
-      error: "No valid session found"
-    };
-  } catch (error) {
-    console.error("Session verification error:", error);
-    return {
-      isAuthenticated: false,
-      user: null,
-      error: error instanceof Error ? error.message : "Session verification failed"
-    };
-  }
-}
-export {
-  VerifySessionWithRestApi,
-  verifySession,
-  verifySessionEdge,
-  verifyTokenEdge
-};
-//# sourceMappingURL=edge-session.js.map

package/dist/esm/server/edge-session.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/edge-session.ts"],"sourcesContent":["import type { NextRequest } from \"next/server\";\r\n\r\nimport { verifyFirebaseToken } from \"./jwt\";\r\nimport type { BaseUser,SessionResult } from \"./types\";\r\n\r\nexport async function verifySession(\r\n  request: NextRequest\r\n): Promise<SessionResult> {\r\n  try {\r\n    const sessionCookie = request.cookies.get(\"_session_cookie\")?.value;\r\n    if (sessionCookie) {\r\n      const result = await verifyFirebaseToken(sessionCookie, true);\r\n      if (result.valid) {\r\n        return {\r\n          isAuthenticated: true,\r\n          user: {\r\n            uid: result.uid ?? \"\",\r\n            email: result.email || null,\r\n            tenantId: result.tenant || \"default\",\r\n            emailVerified: result.emailVerified ?? false,\r\n            disabled: false,\r\n          },\r\n        };\r\n      }\r\n    }\r\n    return {\r\n      isAuthenticated: false,\r\n      user: null,\r\n      error: \"No valid session found\",\r\n    };\r\n  } catch (error) {\r\n    console.error(\"Session verification error:\", error);\r\n    return {\r\n      isAuthenticated: false,\r\n      user: null,\r\n      error:\r\n        error instanceof Error ? error.message : \"Session verification failed\",\r\n    };\r\n  }\r\n}\r\n\r\n/**\r\n * Edge-compatible token verification using Firebase Auth REST API\r\n */\r\nexport async function verifyTokenEdge(\r\n  idToken: string\r\n): Promise<BaseUser | null> {\r\n  try {\r\n    const response = await fetch(\r\n      `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.NEXT_PUBLIC_FIREBASE_API_KEY}`,\r\n      {\r\n        method: \"POST\",\r\n        headers: {\r\n          \"Content-Type\": \"application/json\",\r\n        },\r\n        body: JSON.stringify({ idToken }),\r\n      }\r\n    );\r\n\r\n    const data = await response.json();\r\n    console.log(\"data Token\", data);\r\n\r\n    if (!response.ok || !data.users?.[0]) {\r\n      return null;\r\n    }\r\n\r\n    const user = data.users[0];\r\n    return {\r\n      uid: user.localId,\r\n      email: user.email || null,\r\n      tenantId: user.tenantId || \"default\",\r\n      disabled: user.disabled || false,\r\n    };\r\n  } catch (error) {\r\n    console.error(\"Token verification error:\", error);\r\n    return null;\r\n  }\r\n}\r\n\r\n/**\r\n * Edge-compatible session cookie verification\r\n */\r\nexport async function verifySessionEdge(\r\n  sessionCookie: string\r\n): Promise<BaseUser | null> {\r\n  try {\r\n    const response = await fetch(\r\n      `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.NEXT_PUBLIC_FIREBASE_API_KEY}`,\r\n      {\r\n        method: \"POST\",\r\n        headers: {\r\n          \"Content-Type\": \"application/json\",\r\n          Authorization: `Bearer ${sessionCookie}`,\r\n        },\r\n      }\r\n    );\r\n\r\n    const data = await response.json();\r\n    console.log(\"data Session\", data);\r\n\r\n    if (!response.ok || !data.users?.[0]) {\r\n      return null;\r\n    }\r\n\r\n    const user = data.users[0];\r\n    return {\r\n      uid: user.localId,\r\n      email: user.email || null,\r\n      tenantId: user.tenant || \"default\",\r\n      disabled: user.disabled || false,\r\n    };\r\n  } catch (error) {\r\n    console.error(\"Session verification error:\", error);\r\n    return null;\r\n  }\r\n}\r\n\r\n/**\r\n * Edge-compatible session verification using Firebase Auth REST API\r\n */\r\nexport async function VerifySessionWithRestApi(\r\n  request: NextRequest\r\n): Promise<SessionResult> {\r\n  try {\r\n    // First try session cookie\r\n    const sessionCookie = request.cookies.get(\"_session_cookie\")?.value;\r\n    if (sessionCookie) {\r\n      const response = await fetch(\r\n        `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.GOOGLE_CLIENT_ID}`,\r\n        {\r\n          method: \"POST\",\r\n          headers: {\r\n            \"Content-Type\": \"application/json\",\r\n            Authorization: `Bearer ${sessionCookie}`,\r\n          },\r\n        }\r\n      );\r\n\r\n      const data = await response.json();\r\n      console.log(\"[edge-session] data with session cookie\", data);\r\n\r\n      if (response.ok && data.users?.[0]) {\r\n        const user = data.users[0];\r\n        return {\r\n          isAuthenticated: true,\r\n          user: {\r\n            uid: user.localId,\r\n            email: user.email || null,\r\n            tenantId: user.tenantId || \"default\",\r\n            emailVerified: user.emailVerified ?? false,\r\n            disabled: user.disabled || false,\r\n          },\r\n        };\r\n      }\r\n      console.log(\r\n        \"Session cookie verification failed:\",\r\n        data.error?.message || \"Invalid session\"\r\n      );\r\n    }\r\n    return {\r\n      isAuthenticated: false,\r\n      user: null,\r\n      error: \"No valid session found\",\r\n    };\r\n  } catch (error) {\r\n    console.error(\"Session verification error:\", error);\r\n    return {\r\n      isAuthenticated: false,\r\n      user: null,\r\n      error:\r\n        error instanceof Error ? error.message : \"Session verification failed\",\r\n    };\r\n  }\r\n}\r\n"],"mappings":"AAEA,SAAS,2BAA2B;AAGpC,eAAsB,cACpB,SACwB;AACxB,MAAI;AACF,UAAM,gBAAgB,QAAQ,QAAQ,IAAI,iBAAiB,GAAG;AAC9D,QAAI,eAAe;AACjB,YAAM,SAAS,MAAM,oBAAoB,eAAe,IAAI;AAC5D,UAAI,OAAO,OAAO;AAChB,eAAO;AAAA,UACL,iBAAiB;AAAA,UACjB,MAAM;AAAA,YACJ,KAAK,OAAO,OAAO;AAAA,YACnB,OAAO,OAAO,SAAS;AAAA,YACvB,UAAU,OAAO,UAAU;AAAA,YAC3B,eAAe,OAAO,iBAAiB;AAAA,YACvC,UAAU;AAAA,UACZ;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OACE,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAC7C;AAAA,EACF;AACF;AAKA,eAAsB,gBACpB,SAC0B;AAC1B,MAAI;AACF,UAAM,WAAW,MAAM;AAAA,MACrB,iEAAiE,QAAQ,IAAI,4BAA4B;AAAA,MACzG;AAAA,QACE,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA,MAAM,KAAK,UAAU,EAAE,QAAQ,CAAC;AAAA,MAClC;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAQ,IAAI,cAAc,IAAI;AAE9B,QAAI,CAAC,SAAS,MAAM,CAAC,KAAK,QAAQ,CAAC,GAAG;AACpC,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,KAAK,MAAM,CAAC;AACzB,WAAO;AAAA,MACL,KAAK,KAAK;AAAA,MACV,OAAO,KAAK,SAAS;AAAA,MACrB,UAAU,KAAK,YAAY;AAAA,MAC3B,UAAU,KAAK,YAAY;AAAA,IAC7B;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,6BAA6B,KAAK;AAChD,WAAO;AAAA,EACT;AACF;AAKA,eAAsB,kBACpB,eAC0B;AAC1B,MAAI;AACF,UAAM,WAAW,MAAM;AAAA,MACrB,iEAAiE,QAAQ,IAAI,4BAA4B;AAAA,MACzG;AAAA,QACE,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,eAAe,UAAU,aAAa;AAAA,QACxC;AAAA,MACF;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAQ,IAAI,gBAAgB,IAAI;AAEhC,QAAI,CAAC,SAAS,MAAM,CAAC,KAAK,QAAQ,CAAC,GAAG;AACpC,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,KAAK,MAAM,CAAC;AACzB,WAAO;AAAA,MACL,KAAK,KAAK;AAAA,MACV,OAAO,KAAK,SAAS;AAAA,MACrB,UAAU,KAAK,UAAU;AAAA,MACzB,UAAU,KAAK,YAAY;AAAA,IAC7B;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO;AAAA,EACT;AACF;AAKA,eAAsB,yBACpB,SACwB;AACxB,MAAI;AAEF,UAAM,gBAAgB,QAAQ,QAAQ,IAAI,iBAAiB,GAAG;AAC9D,QAAI,eAAe;AACjB,YAAM,WAAW,MAAM;AAAA,QACrB,iEAAiE,QAAQ,IAAI,gBAAgB;AAAA,QAC7F;AAAA,UACE,QAAQ;AAAA,UACR,SAAS;AAAA,YACP,gBAAgB;AAAA,YAChB,eAAe,UAAU,aAAa;AAAA,UACxC;AAAA,QACF;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,cAAQ,IAAI,2CAA2C,IAAI;AAE3D,UAAI,SAAS,MAAM,KAAK,QAAQ,CAAC,GAAG;AAClC,cAAM,OAAO,KAAK,MAAM,CAAC;AACzB,eAAO;AAAA,UACL,iBAAiB;AAAA,UACjB,MAAM;AAAA,YACJ,KAAK,KAAK;AAAA,YACV,OAAO,KAAK,SAAS;AAAA,YACrB,UAAU,KAAK,YAAY;AAAA,YAC3B,eAAe,KAAK,iBAAiB;AAAA,YACrC,UAAU,KAAK,YAAY;AAAA,UAC7B;AAAA,QACF;AAAA,MACF;AACA,cAAQ;AAAA,QACN;AAAA,QACA,KAAK,OAAO,WAAW;AAAA,MACzB;AAAA,IACF;AACA,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OACE,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAC7C;AAAA,EACF;AACF;","names":[]}

package/dist/esm/server/jwt-edge.js

@@ -1,114 +0,0 @@
-import { createRemoteJWKSet, jwtVerify } from "jose";
-import { cache } from "react";
-const FIREBASE_ID_TOKEN_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
-const FIREBASE_SESSION_CERT_URL = "https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys";
-const getIdTokenJWKS = cache(() => {
-  return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {
-    cacheMaxAge: 36e5,
-    // 1 hour
-    timeoutDuration: 5e3,
-    // 5 seconds
-    cooldownDuration: 3e4
-    // 30 seconds between retries
-  });
-});
-const getSessionJWKS = cache(() => {
-  return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {
-    cacheMaxAge: 36e5,
-    // 1 hour
-    timeoutDuration: 5e3,
-    // 5 seconds
-    cooldownDuration: 3e4
-    // 30 seconds between retries
-  });
-});
-function decodeJwt(token) {
-  try {
-    const [headerB64, payloadB64] = token.split(".");
-    const header = JSON.parse(Buffer.from(headerB64, "base64").toString());
-    const payload = JSON.parse(Buffer.from(payloadB64, "base64").toString());
-    return { header, payload };
-  } catch (error) {
-    console.error("Error decoding JWT:", error);
-    return null;
-  }
-}
-async function verifyFirebaseToken(token, isSessionCookie = false) {
-  try {
-    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID;
-    if (!projectId) {
-      throw new Error("Firebase Project ID is not configured");
-    }
-    const decoded = decodeJwt(token);
-    if (!decoded) {
-      throw new Error("Invalid token format");
-    }
-    let retries = 3;
-    let lastError = null;
-    while (retries > 0) {
-      try {
-        const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS();
-        const { payload } = await jwtVerify(token, JWKS, {
-          issuer: isSessionCookie ? "https://session.firebase.google.com/" + projectId : "https://securetoken.google.com/" + projectId,
-          audience: projectId,
-          algorithms: ["RS256"]
-        });
-        const firebasePayload = payload;
-        const now = Math.floor(Date.now() / 1e3);
-        if (firebasePayload.exp <= now) {
-          throw new Error("Token has expired");
-        }
-        if (firebasePayload.iat > now) {
-          throw new Error("Token issued time is in the future");
-        }
-        if (!firebasePayload.sub) {
-          throw new Error("Token subject is empty");
-        }
-        if (firebasePayload.auth_time > now) {
-          throw new Error("Token auth time is in the future");
-        }
-        return {
-          valid: true,
-          uid: firebasePayload.sub,
-          email: firebasePayload.email,
-          emailVerified: firebasePayload.email_verified,
-          tenant: firebasePayload.firebase.tenant,
-          authTime: firebasePayload.auth_time,
-          issuedAt: firebasePayload.iat,
-          expiresAt: firebasePayload.exp
-        };
-      } catch (error) {
-        lastError = error;
-        if (error instanceof Error && error.name === "JWKSNoMatchingKey") {
-          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message);
-          retries--;
-          if (retries > 0) {
-            await new Promise((resolve) => setTimeout(resolve, 1e3));
-            continue;
-          }
-        }
-        throw error;
-      }
-    }
-    throw lastError || new Error("Failed to verify token after retries");
-  } catch (error) {
-    console.error("Token verification details:", {
-      error: error instanceof Error ? {
-        name: error.name,
-        message: error.message,
-        stack: error.stack
-      } : error,
-      decoded: decodeJwt(token),
-      //projectId,
-      isSessionCookie
-    });
-    return {
-      valid: false,
-      error: error instanceof Error ? error.message : "Invalid token"
-    };
-  }
-}
-export {
-  verifyFirebaseToken
-};
-//# sourceMappingURL=jwt-edge.js.map

package/dist/esm/server/jwt-edge.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/jwt-edge.ts"],"sourcesContent":["import { createRemoteJWKSet,jwtVerify } from \"jose\"\r\nimport { cache } from \"react\"\r\n\r\ninterface FirebaseIdTokenPayload {\r\n  iss: string\r\n  aud: string\r\n  auth_time: number\r\n  user_id: string\r\n  sub: string\r\n  iat: number\r\n  exp: number\r\n  email?: string\r\n  email_verified?: boolean\r\n  firebase: {\r\n    identities: {\r\n      [key: string]: any\r\n    }\r\n    sign_in_provider: string\r\n    tenant?: string;\r\n  }\r\n}\r\n\r\ninterface FirebaseTokenResult {\r\n  valid: boolean;\r\n  tenant?: string;\r\n  uid?: string;\r\n  email?: string | null;\r\n  emailVerified?: boolean;\r\n  authTime?: number;\r\n  issuedAt?: number;\r\n  expiresAt?: number;\r\n  error?: string;\r\n}\r\n\r\n// Firebase public key endpoints\r\nconst FIREBASE_ID_TOKEN_URL = \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\"\r\nconst FIREBASE_SESSION_CERT_URL = \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\"\r\n\r\n// Cache the JWKS using React cache\r\nconst getIdTokenJWKS = cache(() => {\r\n  return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\r\n    cacheMaxAge: 3600000, // 1 hour\r\n    timeoutDuration: 5000, // 5 seconds\r\n    cooldownDuration: 30000, // 30 seconds between retries\r\n  })\r\n})\r\n\r\nconst getSessionJWKS = cache(() => {\r\n  return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\r\n    cacheMaxAge: 3600000, // 1 hour\r\n    timeoutDuration: 5000, // 5 seconds\r\n    cooldownDuration: 30000, // 30 seconds between retries\r\n  })\r\n})\r\n\r\n// Helper to decode JWT without verification\r\nfunction decodeJwt(token: string) {\r\n  try {\r\n    const [headerB64, payloadB64] = token.split(\".\")\r\n    const header = JSON.parse(Buffer.from(headerB64, \"base64\").toString())\r\n    const payload = JSON.parse(Buffer.from(payloadB64, \"base64\").toString())\r\n    return { header, payload }\r\n  } catch (error) {\r\n    console.error(\"Error decoding JWT:\", error)\r\n    return null\r\n  }\r\n}\r\n\r\nexport async function verifyFirebaseToken(token: string, isSessionCookie = false): Promise<FirebaseTokenResult> {\r\n  try {\r\n    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID\r\n    if (!projectId) {\r\n      throw new Error(\"Firebase Project ID is not configured\")\r\n    }\r\n\r\n    // Decode token for debugging and type checking\r\n    const decoded = decodeJwt(token)\r\n    if (!decoded) {\r\n      throw new Error(\"Invalid token format\")\r\n    }\r\n\r\n    //console.log(\"Token details:\", {\r\n     // header: decoded.header,\r\n     // type: isSessionCookie ? \"session_cookie\" : \"id_token\",\r\n    //})\r\n\r\n    let retries = 3\r\n    let lastError: Error | null = null\r\n\r\n    while (retries > 0) {\r\n      try {\r\n        // Use different JWKS based on token type\r\n        const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS()\r\n\r\n        const { payload } = await jwtVerify(token, JWKS, {\r\n          issuer: isSessionCookie\r\n            ? \"https://session.firebase.google.com/\" + projectId\r\n            : \"https://securetoken.google.com/\" + projectId,\r\n          audience: projectId,\r\n          algorithms: [\"RS256\"],\r\n        })\r\n\r\n        const firebasePayload = payload as unknown as FirebaseIdTokenPayload\r\n        const now = Math.floor(Date.now() / 1000)\r\n\r\n        // Verify token claims\r\n        if (firebasePayload.exp <= now) {\r\n          throw new Error(\"Token has expired\")\r\n        }\r\n\r\n        if (firebasePayload.iat > now) {\r\n          throw new Error(\"Token issued time is in the future\")\r\n        }\r\n\r\n        if (!firebasePayload.sub) {\r\n          throw new Error(\"Token subject is empty\")\r\n        }\r\n\r\n        if (firebasePayload.auth_time > now) {\r\n          throw new Error(\"Token auth time is in the future\")\r\n        }\r\n\r\n        return {\r\n          valid: true,\r\n          uid: firebasePayload.sub,\r\n          email: firebasePayload.email,\r\n          emailVerified: firebasePayload.email_verified,\r\n          tenant: firebasePayload.firebase.tenant,\r\n          authTime: firebasePayload.auth_time,\r\n          issuedAt: firebasePayload.iat,\r\n          expiresAt: firebasePayload.exp,\r\n        }\r\n      } catch (error) {\r\n        lastError = error as Error\r\n        if (error instanceof Error && error.name === \"JWKSNoMatchingKey\") {\r\n          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message)\r\n          retries--\r\n          if (retries > 0) {\r\n            await new Promise((resolve) => setTimeout(resolve, 1000))\r\n            continue\r\n          }\r\n        }\r\n        throw error\r\n      }\r\n    }\r\n\r\n    throw lastError || new Error(\"Failed to verify token after retries\")\r\n  } catch (error) {\r\n    console.error(\"Token verification details:\", {\r\n      error:\r\n        error instanceof Error\r\n          ? {\r\n              name: error.name,\r\n              message: error.message,\r\n              stack: error.stack,\r\n            }\r\n          : error,\r\n      decoded: decodeJwt(token),\r\n      //projectId,\r\n      isSessionCookie,\r\n    })\r\n\r\n    return {\r\n      valid: false,\r\n      error: error instanceof Error ? error.message : \"Invalid token\",\r\n    }\r\n  }\r\n}\r\n"],"mappings":"AAAA,SAAS,oBAAmB,iBAAiB;AAC7C,SAAS,aAAa;AAkCtB,MAAM,wBAAwB;AAC9B,MAAM,4BAA4B;AAGlC,MAAM,iBAAiB,MAAM,MAAM;AACjC,SAAO,mBAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,IACxD,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAED,MAAM,iBAAiB,MAAM,MAAM;AACjC,SAAO,mBAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,IAC5D,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAGD,SAAS,UAAU,OAAe;AAChC,MAAI;AACF,UAAM,CAAC,WAAW,UAAU,IAAI,MAAM,MAAM,GAAG;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO,KAAK,WAAW,QAAQ,EAAE,SAAS,CAAC;AACrE,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,CAAC;AACvE,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B,SAAS,OAAO;AACd,YAAQ,MAAM,uBAAuB,KAAK;AAC1C,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,oBAAoB,OAAe,kBAAkB,OAAqC;AAC9G,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAGA,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAOA,QAAI,UAAU;AACd,QAAI,YAA0B;AAE9B,WAAO,UAAU,GAAG;AAClB,UAAI;AAEF,cAAM,OAAO,kBAAkB,MAAM,eAAe,IAAI,MAAM,eAAe;AAE7E,cAAM,EAAE,QAAQ,IAAI,MAAM,UAAU,OAAO,MAAM;AAAA,UAC/C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,UACxC,UAAU;AAAA,UACV,YAAY,CAAC,OAAO;AAAA,QACtB,CAAC;AAED,cAAM,kBAAkB;AACxB,cAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAGxC,YAAI,gBAAgB,OAAO,KAAK;AAC9B,gBAAM,IAAI,MAAM,mBAAmB;AAAA,QACrC;AAEA,YAAI,gBAAgB,MAAM,KAAK;AAC7B,gBAAM,IAAI,MAAM,oCAAoC;AAAA,QACtD;AAEA,YAAI,CAAC,gBAAgB,KAAK;AACxB,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C;AAEA,YAAI,gBAAgB,YAAY,KAAK;AACnC,gBAAM,IAAI,MAAM,kCAAkC;AAAA,QACpD;AAEA,eAAO;AAAA,UACL,OAAO;AAAA,UACP,KAAK,gBAAgB;AAAA,UACrB,OAAO,gBAAgB;AAAA,UACvB,eAAe,gBAAgB;AAAA,UAC/B,QAAQ,gBAAgB,SAAS;AAAA,UACjC,UAAU,gBAAgB;AAAA,UAC1B,UAAU,gBAAgB;AAAA,UAC1B,WAAW,gBAAgB;AAAA,QAC7B;AAAA,MACF,SAAS,OAAO;AACd,oBAAY;AACZ,YAAI,iBAAiB,SAAS,MAAM,SAAS,qBAAqB;AAChE,kBAAQ,KAAK,sBAAsB,IAAI,OAAO,KAAK,MAAM,OAAO;AAChE;AACA,cAAI,UAAU,GAAG;AACf,kBAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,GAAI,CAAC;AACxD;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,sCAAsC;AAAA,EACrE,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,SAAS,UAAU,KAAK;AAAA;AAAA,MAExB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}

package/dist/esm/server/jwt.js

@@ -1,114 +0,0 @@
-import { createRemoteJWKSet, jwtVerify } from "jose";
-import { cache } from "react";
-const FIREBASE_ID_TOKEN_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
-const FIREBASE_SESSION_CERT_URL = "https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys";
-const getIdTokenJWKS = cache(() => {
-  return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {
-    cacheMaxAge: 36e5,
-    // 1 hour
-    timeoutDuration: 5e3,
-    // 5 seconds
-    cooldownDuration: 3e4
-    // 30 seconds between retries
-  });
-});
-const getSessionJWKS = cache(() => {
-  return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {
-    cacheMaxAge: 36e5,
-    // 1 hour
-    timeoutDuration: 5e3,
-    // 5 seconds
-    cooldownDuration: 3e4
-    // 30 seconds between retries
-  });
-});
-function decodeJwt(token) {
-  try {
-    const [headerB64, payloadB64] = token.split(".");
-    const header = JSON.parse(Buffer.from(headerB64, "base64").toString());
-    const payload = JSON.parse(Buffer.from(payloadB64, "base64").toString());
-    return { header, payload };
-  } catch (error) {
-    console.error("Error decoding JWT:", error);
-    return null;
-  }
-}
-async function verifyFirebaseToken(token, isSessionCookie = false) {
-  try {
-    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID;
-    if (!projectId) {
-      throw new Error("Firebase Project ID is not configured");
-    }
-    const decoded = decodeJwt(token);
-    if (!decoded) {
-      throw new Error("Invalid token format");
-    }
-    let retries = 3;
-    let lastError = null;
-    while (retries > 0) {
-      try {
-        const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS();
-        const { payload } = await jwtVerify(token, JWKS, {
-          issuer: isSessionCookie ? "https://session.firebase.google.com/" + projectId : "https://securetoken.google.com/" + projectId,
-          audience: projectId,
-          algorithms: ["RS256"]
-        });
-        const firebasePayload = payload;
-        const now = Math.floor(Date.now() / 1e3);
-        if (firebasePayload.exp <= now) {
-          throw new Error("Token has expired");
-        }
-        if (firebasePayload.iat > now) {
-          throw new Error("Token issued time is in the future");
-        }
-        if (!firebasePayload.sub) {
-          throw new Error("Token subject is empty");
-        }
-        if (firebasePayload.auth_time > now) {
-          throw new Error("Token auth time is in the future");
-        }
-        return {
-          valid: true,
-          uid: firebasePayload.sub,
-          email: firebasePayload.email,
-          emailVerified: firebasePayload.email_verified,
-          tenant: firebasePayload.firebase.tenant,
-          authTime: firebasePayload.auth_time,
-          issuedAt: firebasePayload.iat,
-          expiresAt: firebasePayload.exp
-        };
-      } catch (error) {
-        lastError = error;
-        if (error instanceof Error && error.name === "JWKSNoMatchingKey") {
-          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message);
-          retries--;
-          if (retries > 0) {
-            await new Promise((resolve) => setTimeout(resolve, 1e3));
-            continue;
-          }
-        }
-        throw error;
-      }
-    }
-    throw lastError || new Error("Failed to verify token after retries");
-  } catch (error) {
-    console.error("Token verification details:", {
-      error: error instanceof Error ? {
-        name: error.name,
-        message: error.message,
-        stack: error.stack
-      } : error,
-      decoded: decodeJwt(token),
-      //projectId,
-      isSessionCookie
-    });
-    return {
-      valid: false,
-      error: error instanceof Error ? error.message : "Invalid token"
-    };
-  }
-}
-export {
-  verifyFirebaseToken
-};
-//# sourceMappingURL=jwt.js.map

package/dist/esm/server/jwt.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/jwt.ts"],"sourcesContent":["import { createRemoteJWKSet,jwtVerify } from \"jose\";\r\nimport { cache } from \"react\";\r\n\r\ninterface FirebaseIdTokenPayload {\r\n  iss: string;\r\n  aud: string;\r\n  auth_time: number;\r\n  user_id: string;\r\n  sub: string;\r\n  iat: number;\r\n  exp: number;\r\n  email?: string;\r\n  email_verified?: boolean;\r\n  firebase: {\r\n    identities: {\r\n      [key: string]: any;\r\n    };\r\n    sign_in_provider: string;\r\n    tenant?: string;\r\n  };\r\n}\r\n\r\ninterface FirebaseTokenResult {\r\n  valid: boolean;\r\n  tenant?: string;\r\n  uid?: string;\r\n  email?: string | null;\r\n  emailVerified?: boolean;\r\n  authTime?: number;\r\n  issuedAt?: number;\r\n  expiresAt?: number;\r\n  error?: string;\r\n}\r\n\r\n// Firebase public key endpoints\r\nconst FIREBASE_ID_TOKEN_URL =\r\n  \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\";\r\nconst FIREBASE_SESSION_CERT_URL =\r\n  \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\";\r\n\r\n// Cache the JWKS using React cache\r\nconst getIdTokenJWKS = cache(() => {\r\n  return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\r\n    cacheMaxAge: 3600000, // 1 hour\r\n    timeoutDuration: 5000, // 5 seconds\r\n    cooldownDuration: 30000, // 30 seconds between retries\r\n  });\r\n});\r\n\r\nconst getSessionJWKS = cache(() => {\r\n  return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\r\n    cacheMaxAge: 3600000, // 1 hour\r\n    timeoutDuration: 5000, // 5 seconds\r\n    cooldownDuration: 30000, // 30 seconds between retries\r\n  });\r\n});\r\n\r\n// Helper to decode JWT without verification\r\nfunction decodeJwt(token: string) {\r\n  try {\r\n    const [headerB64, payloadB64] = token.split(\".\");\r\n    const header = JSON.parse(Buffer.from(headerB64, \"base64\").toString());\r\n    const payload = JSON.parse(Buffer.from(payloadB64, \"base64\").toString());\r\n    return { header, payload };\r\n  } catch (error) {\r\n    console.error(\"Error decoding JWT:\", error);\r\n    return null;\r\n  }\r\n}\r\n\r\nexport async function verifyFirebaseToken(\r\n  token: string,\r\n  isSessionCookie = false\r\n): Promise<FirebaseTokenResult> {\r\n  try {\r\n    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID;\r\n    if (!projectId) {\r\n      throw new Error(\"Firebase Project ID is not configured\");\r\n    }\r\n\r\n    const decoded = decodeJwt(token);\r\n    if (!decoded) {\r\n      throw new Error(\"Invalid token format\");\r\n    }\r\n\r\n    let retries = 3;\r\n    let lastError: Error | null = null;\r\n\r\n    while (retries > 0) {\r\n      try {\r\n        // Use different JWKS based on token type\r\n        const JWKS = isSessionCookie\r\n          ? await getSessionJWKS()\r\n          : await getIdTokenJWKS();\r\n\r\n        const { payload } = await jwtVerify(token, JWKS, {\r\n          issuer: isSessionCookie\r\n            ? \"https://session.firebase.google.com/\" + projectId\r\n            : \"https://securetoken.google.com/\" + projectId,\r\n          audience: projectId,\r\n          algorithms: [\"RS256\"],\r\n        });\r\n\r\n        const firebasePayload = payload as unknown as FirebaseIdTokenPayload;\r\n        const now = Math.floor(Date.now() / 1000);\r\n\r\n        // Verify token claims\r\n        if (firebasePayload.exp <= now) {\r\n          throw new Error(\"Token has expired\");\r\n        }\r\n\r\n        if (firebasePayload.iat > now) {\r\n          throw new Error(\"Token issued time is in the future\");\r\n        }\r\n\r\n        if (!firebasePayload.sub) {\r\n          throw new Error(\"Token subject is empty\");\r\n        }\r\n\r\n        if (firebasePayload.auth_time > now) {\r\n          throw new Error(\"Token auth time is in the future\");\r\n        }\r\n\r\n        return {\r\n          valid: true,\r\n          uid: firebasePayload.sub,\r\n          email: firebasePayload.email,\r\n          emailVerified: firebasePayload.email_verified,\r\n          tenant: firebasePayload.firebase.tenant,\r\n          authTime: firebasePayload.auth_time,\r\n          issuedAt: firebasePayload.iat,\r\n          expiresAt: firebasePayload.exp,\r\n        };\r\n      } catch (error) {\r\n        lastError = error as Error;\r\n        if (error instanceof Error && error.name === \"JWKSNoMatchingKey\") {\r\n          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message);\r\n          retries--;\r\n          if (retries > 0) {\r\n            await new Promise((resolve) => setTimeout(resolve, 1000));\r\n            continue;\r\n          }\r\n        }\r\n        throw error;\r\n      }\r\n    }\r\n\r\n    throw lastError || new Error(\"Failed to verify token after retries\");\r\n  } catch (error) {\r\n    console.error(\"Token verification details:\", {\r\n      error:\r\n        error instanceof Error\r\n          ? {\r\n              name: error.name,\r\n              message: error.message,\r\n              stack: error.stack,\r\n            }\r\n          : error,\r\n      decoded: decodeJwt(token),\r\n      //projectId,\r\n      isSessionCookie,\r\n    });\r\n\r\n    return {\r\n      valid: false,\r\n      error: error instanceof Error ? error.message : \"Invalid token\",\r\n    };\r\n  }\r\n}\r\n"],"mappings":"AAAA,SAAS,oBAAmB,iBAAiB;AAC7C,SAAS,aAAa;AAkCtB,MAAM,wBACJ;AACF,MAAM,4BACJ;AAGF,MAAM,iBAAiB,MAAM,MAAM;AACjC,SAAO,mBAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,IACxD,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAED,MAAM,iBAAiB,MAAM,MAAM;AACjC,SAAO,mBAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,IAC5D,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAGD,SAAS,UAAU,OAAe;AAChC,MAAI;AACF,UAAM,CAAC,WAAW,UAAU,IAAI,MAAM,MAAM,GAAG;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO,KAAK,WAAW,QAAQ,EAAE,SAAS,CAAC;AACrE,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,CAAC;AACvE,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B,SAAS,OAAO;AACd,YAAQ,MAAM,uBAAuB,KAAK;AAC1C,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,oBACpB,OACA,kBAAkB,OACY;AAC9B,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAEA,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,QAAI,UAAU;AACd,QAAI,YAA0B;AAE9B,WAAO,UAAU,GAAG;AAClB,UAAI;AAEF,cAAM,OAAO,kBACT,MAAM,eAAe,IACrB,MAAM,eAAe;AAEzB,cAAM,EAAE,QAAQ,IAAI,MAAM,UAAU,OAAO,MAAM;AAAA,UAC/C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,UACxC,UAAU;AAAA,UACV,YAAY,CAAC,OAAO;AAAA,QACtB,CAAC;AAED,cAAM,kBAAkB;AACxB,cAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAGxC,YAAI,gBAAgB,OAAO,KAAK;AAC9B,gBAAM,IAAI,MAAM,mBAAmB;AAAA,QACrC;AAEA,YAAI,gBAAgB,MAAM,KAAK;AAC7B,gBAAM,IAAI,MAAM,oCAAoC;AAAA,QACtD;AAEA,YAAI,CAAC,gBAAgB,KAAK;AACxB,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C;AAEA,YAAI,gBAAgB,YAAY,KAAK;AACnC,gBAAM,IAAI,MAAM,kCAAkC;AAAA,QACpD;AAEA,eAAO;AAAA,UACL,OAAO;AAAA,UACP,KAAK,gBAAgB;AAAA,UACrB,OAAO,gBAAgB;AAAA,UACvB,eAAe,gBAAgB;AAAA,UAC/B,QAAQ,gBAAgB,SAAS;AAAA,UACjC,UAAU,gBAAgB;AAAA,UAC1B,UAAU,gBAAgB;AAAA,UAC1B,WAAW,gBAAgB;AAAA,QAC7B;AAAA,MACF,SAAS,OAAO;AACd,oBAAY;AACZ,YAAI,iBAAiB,SAAS,MAAM,SAAS,qBAAqB;AAChE,kBAAQ,KAAK,sBAAsB,IAAI,OAAO,KAAK,MAAM,OAAO;AAChE;AACA,cAAI,UAAU,GAAG;AACf,kBAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,GAAI,CAAC;AACxD;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,sCAAsC;AAAA,EACrE,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,SAAS,UAAU,KAAK;AAAA;AAAA,MAExB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}

package/dist/esm/server/session-store.js

@@ -1,49 +0,0 @@
-import { cache } from "react";
-class SessionStore {
-  static instance;
-  sessions;
-  currentSessionId = null;
-  constructor() {
-    this.sessions = /* @__PURE__ */ new Map();
-  }
-  static getInstance() {
-    if (!SessionStore.instance) {
-      SessionStore.instance = new SessionStore();
-    }
-    return SessionStore.instance;
-  }
-  setUser(sessionId, user) {
-    console.log("SessionStore: Setting user:", { sessionId, user });
-    this.sessions.set(sessionId, user);
-    this.currentSessionId = sessionId;
-  }
-  getUser(sessionId) {
-    return this.sessions.get(sessionId) || null;
-  }
-  getCurrentUser() {
-    if (!this.currentSessionId) return null;
-    return this.sessions.get(this.currentSessionId) || null;
-  }
-  removeUser(sessionId) {
-    this.sessions.delete(sessionId);
-  }
-  clear() {
-    this.sessions.clear();
-  }
-  debug() {
-    return {
-      sessionsCount: this.sessions.size,
-      currentSessionId: this.currentSessionId,
-      sessions: Array.from(this.sessions.entries())
-    };
-  }
-}
-const sessionStore = SessionStore.getInstance();
-const getVerifiedUser = cache((sessionId) => {
-  return sessionStore.getUser(sessionId);
-});
-export {
-  getVerifiedUser,
-  sessionStore
-};
-//# sourceMappingURL=session-store.js.map

package/dist/esm/server/session-store.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/session-store.ts"],"sourcesContent":["import { cache } from \"react\"\r\n\r\nimport type { User } from \"./types\"\r\n\r\n/**\r\n * Simple in-memory session store\r\n * In a real app, this would be backed by Redis/etc\r\n */\r\nclass SessionStore {\r\n  private static instance: SessionStore\r\n  private sessions: Map<string, User>\r\n  private currentSessionId: string | null = null\r\n\r\n  private constructor() {\r\n    this.sessions = new Map()\r\n  }\r\n\r\n  static getInstance(): SessionStore {\r\n    if (!SessionStore.instance) {\r\n      SessionStore.instance = new SessionStore()\r\n    }\r\n    return SessionStore.instance\r\n  }\r\n\r\n  setUser(sessionId: string, user: User) {\r\n    console.log(\"SessionStore: Setting user:\", { sessionId, user })\r\n    this.sessions.set(sessionId, user)\r\n    this.currentSessionId = sessionId\r\n  }\r\n\r\n  getUser(sessionId: string): User | null {\r\n    return this.sessions.get(sessionId) || null\r\n  }\r\n\r\n  getCurrentUser(): User | null {\r\n    if (!this.currentSessionId) return null\r\n    return this.sessions.get(this.currentSessionId) || null\r\n  }\r\n\r\n  removeUser(sessionId: string) {\r\n    this.sessions.delete(sessionId)\r\n  }\r\n\r\n  clear() {\r\n    this.sessions.clear()\r\n  }\r\n\r\n  debug() {\r\n    return {\r\n      sessionsCount: this.sessions.size,\r\n      currentSessionId: this.currentSessionId,\r\n      sessions: Array.from(this.sessions.entries())\r\n    }\r\n}\r\n}\r\n\r\n// Export singleton instance\r\nexport const sessionStore = SessionStore.getInstance()\r\n\r\n/**\r\n * Cached function to get user from session store\r\n * Uses React cache for SSR optimization\r\n */\r\nexport const getVerifiedUser = cache((sessionId: string): User | null => {\r\n  return sessionStore.getUser(sessionId)\r\n})\r\n\r\n"],"mappings":"AAAA,SAAS,aAAa;AAQtB,MAAM,aAAa;AAAA,EACjB,OAAe;AAAA,EACP;AAAA,EACA,mBAAkC;AAAA,EAElC,cAAc;AACpB,SAAK,WAAW,oBAAI,IAAI;AAAA,EAC1B;AAAA,EAEA,OAAO,cAA4B;AACjC,QAAI,CAAC,aAAa,UAAU;AAC1B,mBAAa,WAAW,IAAI,aAAa;AAAA,IAC3C;AACA,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,QAAQ,WAAmB,MAAY;AACrC,YAAQ,IAAI,+BAA+B,EAAE,WAAW,KAAK,CAAC;AAC9D,SAAK,SAAS,IAAI,WAAW,IAAI;AACjC,SAAK,mBAAmB;AAAA,EAC1B;AAAA,EAEA,QAAQ,WAAgC;AACtC,WAAO,KAAK,SAAS,IAAI,SAAS,KAAK;AAAA,EACzC;AAAA,EAEA,iBAA8B;AAC5B,QAAI,CAAC,KAAK,iBAAkB,QAAO;AACnC,WAAO,KAAK,SAAS,IAAI,KAAK,gBAAgB,KAAK;AAAA,EACrD;AAAA,EAEA,WAAW,WAAmB;AAC5B,SAAK,SAAS,OAAO,SAAS;AAAA,EAChC;AAAA,EAEA,QAAQ;AACN,SAAK,SAAS,MAAM;AAAA,EACtB;AAAA,EAEA,QAAQ;AACN,WAAO;AAAA,MACL,eAAe,KAAK,SAAS;AAAA,MAC7B,kBAAkB,KAAK;AAAA,MACvB,UAAU,MAAM,KAAK,KAAK,SAAS,QAAQ,CAAC;AAAA,IAC9C;AAAA,EACJ;AACA;AAGO,MAAM,eAAe,aAAa,YAAY;AAM9C,MAAM,kBAAkB,MAAM,CAAC,cAAmC;AACvE,SAAO,aAAa,QAAQ,SAAS;AACvC,CAAC;","names":[]}

package/dist/types/server/edge-session.d.ts

@@ -1,16 +0,0 @@
-import type { NextRequest } from "next/server";
-import type { BaseUser, SessionResult } from "./types";
-export declare function verifySession(request: NextRequest): Promise<SessionResult>;
-/**
- * Edge-compatible token verification using Firebase Auth REST API
- */
-export declare function verifyTokenEdge(idToken: string): Promise<BaseUser | null>;
-/**
- * Edge-compatible session cookie verification
- */
-export declare function verifySessionEdge(sessionCookie: string): Promise<BaseUser | null>;
-/**
- * Edge-compatible session verification using Firebase Auth REST API
- */
-export declare function VerifySessionWithRestApi(request: NextRequest): Promise<SessionResult>;
-//# sourceMappingURL=edge-session.d.ts.map

package/dist/types/server/edge-session.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"edge-session.d.ts","sourceRoot":"","sources":["../../../src/server/edge-session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/C,OAAO,KAAK,EAAE,QAAQ,EAAC,aAAa,EAAE,MAAM,SAAS,CAAC;AAEtD,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,aAAa,CAAC,CAgCxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CA+B1B;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CA+B1B;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,aAAa,CAAC,CAmDxB"}

package/dist/types/server/jwt-edge.d.ts

@@ -1,14 +0,0 @@
-interface FirebaseTokenResult {
-    valid: boolean;
-    tenant?: string;
-    uid?: string;
-    email?: string | null;
-    emailVerified?: boolean;
-    authTime?: number;
-    issuedAt?: number;
-    expiresAt?: number;
-    error?: string;
-}
-export declare function verifyFirebaseToken(token: string, isSessionCookie?: boolean): Promise<FirebaseTokenResult>;
-export {};
-//# sourceMappingURL=jwt-edge.d.ts.map

package/dist/types/server/jwt-edge.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"jwt-edge.d.ts","sourceRoot":"","sources":["../../../src/server/jwt-edge.ts"],"names":[],"mappings":"AAsBA,UAAU,mBAAmB;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAoCD,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,eAAe,UAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAmG9G"}

package/dist/types/server/jwt.d.ts

@@ -1,14 +0,0 @@
-interface FirebaseTokenResult {
-    valid: boolean;
-    tenant?: string;
-    uid?: string;
-    email?: string | null;
-    emailVerified?: boolean;
-    authTime?: number;
-    issuedAt?: number;
-    expiresAt?: number;
-    error?: string;
-}
-export declare function verifyFirebaseToken(token: string, isSessionCookie?: boolean): Promise<FirebaseTokenResult>;
-export {};
-//# sourceMappingURL=jwt.d.ts.map

package/dist/types/server/jwt.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../src/server/jwt.ts"],"names":[],"mappings":"AAsBA,UAAU,mBAAmB;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAsCD,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,MAAM,EACb,eAAe,UAAQ,GACtB,OAAO,CAAC,mBAAmB,CAAC,CA+F9B"}