@tern-secure/nextjs 5.2.0-canary.v20251008165428 → 5.2.0-canary.v20251020032343
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/admin/endpointRouter.js +13 -1
- package/dist/cjs/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/cjs/app-router/admin/sessionHandlers.js +71 -3
- package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/cjs/app-router/admin/types.js +17 -0
- package/dist/cjs/app-router/admin/types.js.map +1 -1
- package/dist/cjs/app-router/client/TernSecureProvider.js +17 -7
- package/dist/cjs/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/cjs/app-router/server/TernSecureProvider.js +92 -0
- package/dist/cjs/app-router/server/TernSecureProvider.js.map +1 -0
- package/dist/cjs/app-router/server/auth.js +2 -16
- package/dist/cjs/app-router/server/auth.js.map +1 -1
- package/dist/cjs/app-router/server/utils.js +2 -2
- package/dist/cjs/app-router/server/utils.js.map +1 -1
- package/dist/cjs/boundary/NextOptionsCtx.js +52 -0
- package/dist/cjs/boundary/NextOptionsCtx.js.map +1 -0
- package/dist/cjs/boundary/PromiseAuthProvider.js +68 -0
- package/dist/cjs/boundary/PromiseAuthProvider.js.map +1 -0
- package/dist/cjs/boundary/components.js +6 -3
- package/dist/cjs/boundary/components.js.map +1 -1
- package/dist/cjs/index.js +5 -3
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/server/data/getAuthDataFromRequest.js +57 -0
- package/dist/cjs/server/data/getAuthDataFromRequest.js.map +1 -0
- package/dist/cjs/server/index.js +3 -0
- package/dist/cjs/server/index.js.map +1 -1
- package/dist/cjs/types.js.map +1 -1
- package/dist/cjs/utils/allNextProviderProps.js +3 -3
- package/dist/cjs/utils/allNextProviderProps.js.map +1 -1
- package/dist/esm/app-router/admin/endpointRouter.js +14 -2
- package/dist/esm/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/esm/app-router/admin/sessionHandlers.js +71 -4
- package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/esm/app-router/admin/types.js +16 -0
- package/dist/esm/app-router/admin/types.js.map +1 -1
- package/dist/esm/app-router/client/TernSecureProvider.js +17 -9
- package/dist/esm/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/esm/app-router/server/TernSecureProvider.js +58 -0
- package/dist/esm/app-router/server/TernSecureProvider.js.map +1 -0
- package/dist/esm/app-router/server/auth.js +2 -21
- package/dist/esm/app-router/server/auth.js.map +1 -1
- package/dist/esm/app-router/server/utils.js +2 -2
- package/dist/esm/app-router/server/utils.js.map +1 -1
- package/dist/esm/boundary/NextOptionsCtx.js +17 -0
- package/dist/esm/boundary/NextOptionsCtx.js.map +1 -0
- package/dist/esm/boundary/PromiseAuthProvider.js +33 -0
- package/dist/esm/boundary/PromiseAuthProvider.js.map +1 -0
- package/dist/esm/boundary/components.js +5 -3
- package/dist/esm/boundary/components.js.map +1 -1
- package/dist/esm/index.js +4 -2
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/server/data/getAuthDataFromRequest.js +31 -0
- package/dist/esm/server/data/getAuthDataFromRequest.js.map +1 -0
- package/dist/esm/server/index.js +2 -0
- package/dist/esm/server/index.js.map +1 -1
- package/dist/esm/types.js.map +1 -1
- package/dist/esm/utils/allNextProviderProps.js +3 -3
- package/dist/esm/utils/allNextProviderProps.js.map +1 -1
- package/dist/types/app-router/admin/endpointRouter.d.ts.map +1 -1
- package/dist/types/app-router/admin/sessionHandlers.d.ts +3 -1
- package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
- package/dist/types/app-router/admin/types.d.ts +2 -1
- package/dist/types/app-router/admin/types.d.ts.map +1 -1
- package/dist/types/app-router/client/TernSecureProvider.d.ts +2 -24
- package/dist/types/app-router/client/TernSecureProvider.d.ts.map +1 -1
- package/dist/types/app-router/server/TernSecureProvider.d.ts +4 -0
- package/dist/types/app-router/server/TernSecureProvider.d.ts.map +1 -0
- package/dist/types/app-router/server/auth.d.ts.map +1 -1
- package/dist/types/boundary/NextOptionsCtx.d.ts +9 -0
- package/dist/types/boundary/NextOptionsCtx.d.ts.map +1 -0
- package/dist/types/boundary/PromiseAuthProvider.d.ts +8 -0
- package/dist/types/boundary/PromiseAuthProvider.d.ts.map +1 -0
- package/dist/types/boundary/components.d.ts +2 -1
- package/dist/types/boundary/components.d.ts.map +1 -1
- package/dist/types/index.d.ts +2 -2
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/server/data/getAuthDataFromRequest.d.ts +26 -0
- package/dist/types/server/data/getAuthDataFromRequest.d.ts.map +1 -0
- package/dist/types/server/index.d.ts +1 -0
- package/dist/types/server/index.d.ts.map +1 -1
- package/dist/types/types.d.ts +1 -0
- package/dist/types/types.d.ts.map +1 -1
- package/dist/types/utils/allNextProviderProps.d.ts +1 -4
- package/dist/types/utils/allNextProviderProps.d.ts.map +1 -1
- package/package.json +5 -5
- package/dist/cjs/server/edge-session.js +0 -173
- package/dist/cjs/server/edge-session.js.map +0 -1
- package/dist/cjs/server/jwt-edge.js +0 -138
- package/dist/cjs/server/jwt-edge.js.map +0 -1
- package/dist/cjs/server/jwt.js +0 -138
- package/dist/cjs/server/jwt.js.map +0 -1
- package/dist/cjs/server/session-store.js +0 -74
- package/dist/cjs/server/session-store.js.map +0 -1
- package/dist/esm/server/edge-session.js +0 -146
- package/dist/esm/server/edge-session.js.map +0 -1
- package/dist/esm/server/jwt-edge.js +0 -114
- package/dist/esm/server/jwt-edge.js.map +0 -1
- package/dist/esm/server/jwt.js +0 -114
- package/dist/esm/server/jwt.js.map +0 -1
- package/dist/esm/server/session-store.js +0 -49
- package/dist/esm/server/session-store.js.map +0 -1
- package/dist/types/server/edge-session.d.ts +0 -16
- package/dist/types/server/edge-session.d.ts.map +0 -1
- package/dist/types/server/jwt-edge.d.ts +0 -14
- package/dist/types/server/jwt-edge.d.ts.map +0 -1
- package/dist/types/server/jwt.d.ts +0 -14
- package/dist/types/server/jwt.d.ts.map +0 -1
- package/dist/types/server/session-store.d.ts +0 -30
- package/dist/types/server/session-store.d.ts.map +0 -1
|
@@ -41,8 +41,20 @@ class UsersHandler {
|
|
|
41
41
|
);
|
|
42
42
|
}
|
|
43
43
|
}
|
|
44
|
+
class CookieHandler {
|
|
45
|
+
canHandle(endpoint) {
|
|
46
|
+
return endpoint === "cookies";
|
|
47
|
+
}
|
|
48
|
+
async handle(context, config) {
|
|
49
|
+
return await (0, import_sessionHandlers.cookieEndpointHandler)(context, config);
|
|
50
|
+
}
|
|
51
|
+
}
|
|
44
52
|
class EndpointRouter {
|
|
45
|
-
static handlers = [
|
|
53
|
+
static handlers = [
|
|
54
|
+
new SessionsHandler(),
|
|
55
|
+
new UsersHandler(),
|
|
56
|
+
new CookieHandler()
|
|
57
|
+
];
|
|
46
58
|
static async route(context, config) {
|
|
47
59
|
const { endpoint } = context;
|
|
48
60
|
if (!endpoint) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/endpointRouter.ts"],"sourcesContent":["import type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createApiErrorResponse } from './responses';\nimport { sessionEndpointHandler } from './sessionHandlers';\nimport type { AuthEndpoint, TernSecureHandlerOptions } from './types';\n\nexport interface EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean;\n handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;\n}\n\nclass SessionsHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'sessions';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await sessionEndpointHandler(context, config);\n }\n}\n\nclass UsersHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'users';\n }\n\n handle(_context: RequestProcessorContext, _config: TernSecureHandlerOptions): Promise<Response> {\n return Promise.resolve(\n createApiErrorResponse('ENDPOINT_NOT_IMPLEMENTED', 'Users endpoint not implemented', 501),\n );\n }\n}\n\nexport class EndpointRouter {\n private static readonly handlers: EndpointHandler[] = [new SessionsHandler()
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/endpointRouter.ts"],"sourcesContent":["import type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createApiErrorResponse } from './responses';\nimport { cookieEndpointHandler, sessionEndpointHandler } from './sessionHandlers';\nimport type { AuthEndpoint, TernSecureHandlerOptions } from './types';\n\nexport interface EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean;\n handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;\n}\n\nclass SessionsHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'sessions';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await sessionEndpointHandler(context, config);\n }\n}\n\nclass UsersHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'users';\n }\n\n handle(_context: RequestProcessorContext, _config: TernSecureHandlerOptions): Promise<Response> {\n return Promise.resolve(\n createApiErrorResponse('ENDPOINT_NOT_IMPLEMENTED', 'Users endpoint not implemented', 501),\n );\n }\n}\n\nclass CookieHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'cookies';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await cookieEndpointHandler(context, config);\n }\n}\n\nexport class EndpointRouter {\n private static readonly handlers: EndpointHandler[] = [\n new SessionsHandler(),\n new UsersHandler(),\n new CookieHandler(),\n ];\n\n static async route(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n const { endpoint } = context;\n\n if (!endpoint) {\n return createApiErrorResponse('ENDPOINT_REQUIRED', 'Endpoint is required', 400);\n }\n\n const handler = this.handlers.find(h => h.canHandle(endpoint));\n\n if (!handler) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Endpoint not found', 404);\n }\n\n return handler.handle(context, config);\n }\n\n static addHandler(handler: EndpointHandler): void {\n this.handlers.push(handler);\n }\n\n static removeHandler(predicate: (handler: EndpointHandler) => boolean): void {\n const index = this.handlers.findIndex(predicate);\n if (index > -1) {\n this.handlers.splice(index, 1);\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,uBAAuC;AACvC,6BAA8D;AAQ9D,MAAM,gBAA2C;AAAA,EAC/C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,MAAM,OACJ,SACA,QACmB;AACnB,WAAO,UAAM,+CAAuB,SAAS,MAAM;AAAA,EACrD;AACF;AAEA,MAAM,aAAwC;AAAA,EAC5C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,OAAO,UAAmC,SAAsD;AAC9F,WAAO,QAAQ;AAAA,UACb,yCAAuB,4BAA4B,kCAAkC,GAAG;AAAA,IAC1F;AAAA,EACF;AACF;AAEA,MAAM,cAAyC;AAAA,EAC7C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,MAAM,OACJ,SACA,QACmB;AACnB,WAAO,UAAM,8CAAsB,SAAS,MAAM;AAAA,EACpD;AACF;AAEO,MAAM,eAAe;AAAA,EAC1B,OAAwB,WAA8B;AAAA,IACpD,IAAI,gBAAgB;AAAA,IACpB,IAAI,aAAa;AAAA,IACjB,IAAI,cAAc;AAAA,EACpB;AAAA,EAEA,aAAa,MACX,SACA,QACmB;AACnB,UAAM,EAAE,SAAS,IAAI;AAErB,QAAI,CAAC,UAAU;AACb,iBAAO,yCAAuB,qBAAqB,wBAAwB,GAAG;AAAA,IAChF;AAEA,UAAM,UAAU,KAAK,SAAS,KAAK,OAAK,EAAE,UAAU,QAAQ,CAAC;AAE7D,QAAI,CAAC,SAAS;AACZ,iBAAO,yCAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,WAAO,QAAQ,OAAO,SAAS,MAAM;AAAA,EACvC;AAAA,EAEA,OAAO,WAAW,SAAgC;AAChD,SAAK,SAAS,KAAK,OAAO;AAAA,EAC5B;AAAA,EAEA,OAAO,cAAc,WAAwD;AAC3E,UAAM,QAAQ,KAAK,SAAS,UAAU,SAAS;AAC/C,QAAI,QAAQ,IAAI;AACd,WAAK,SAAS,OAAO,OAAO,CAAC;AAAA,IAC/B;AAAA,EACF;AACF;","names":[]}
|
|
@@ -18,12 +18,12 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
19
|
var sessionHandlers_exports = {};
|
|
20
20
|
__export(sessionHandlers_exports, {
|
|
21
|
+
cookieEndpointHandler: () => cookieEndpointHandler,
|
|
21
22
|
sessionEndpointHandler: () => sessionEndpointHandler
|
|
22
23
|
});
|
|
23
24
|
module.exports = __toCommonJS(sessionHandlers_exports);
|
|
24
25
|
var import_admin = require("@tern-secure/backend/admin");
|
|
25
26
|
var import_jwt = require("@tern-secure/backend/jwt");
|
|
26
|
-
var import_headers = require("next/headers");
|
|
27
27
|
var import_NextCookieAdapter = require("../../utils/NextCookieAdapter");
|
|
28
28
|
var import_fnValidators = require("./fnValidators");
|
|
29
29
|
var import_request = require("./request");
|
|
@@ -50,8 +50,7 @@ async function sessionEndpointHandler(context, config) {
|
|
|
50
50
|
const SessionGetHandler = async (subEndpoint2) => {
|
|
51
51
|
const handleSessionVerify = async () => {
|
|
52
52
|
try {
|
|
53
|
-
const
|
|
54
|
-
const sessionCookie = cookieStore.get("_session_cookie")?.value;
|
|
53
|
+
const sessionCookie = context.sessionTokenInCookie;
|
|
55
54
|
if (!sessionCookie) {
|
|
56
55
|
return import_responses.SessionResponseHelper.createUnauthorizedResponse();
|
|
57
56
|
}
|
|
@@ -126,8 +125,77 @@ async function sessionEndpointHandler(context, config) {
|
|
|
126
125
|
return import_responses.HttpResponseHelper.createMethodNotAllowedResponse();
|
|
127
126
|
}
|
|
128
127
|
}
|
|
128
|
+
async function cookieEndpointHandler(context, config) {
|
|
129
|
+
const { subEndpoint, method } = context;
|
|
130
|
+
const validators = (0, import_fnValidators.createValidators)(context);
|
|
131
|
+
const { validateSecurity } = validators;
|
|
132
|
+
if (!subEndpoint) {
|
|
133
|
+
return (0, import_responses.createApiErrorResponse)("SUB_ENDPOINT_REQUIRED", "Cookie sub-endpoint required", 400);
|
|
134
|
+
}
|
|
135
|
+
const cookiesConfig = config.endpoints?.cookies;
|
|
136
|
+
const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint];
|
|
137
|
+
if (!subEndpointConfig || !subEndpointConfig.enabled) {
|
|
138
|
+
return (0, import_responses.createApiErrorResponse)("ENDPOINT_NOT_FOUND", "Cookie endpoint not found or disabled", 404);
|
|
139
|
+
}
|
|
140
|
+
if (subEndpointConfig?.security) {
|
|
141
|
+
await validateSecurity(subEndpointConfig.security);
|
|
142
|
+
}
|
|
143
|
+
const CookieGetHandler = async (subEndpoint2) => {
|
|
144
|
+
const handleGetCookie = async () => {
|
|
145
|
+
try {
|
|
146
|
+
const url = new URL(context.ternUrl);
|
|
147
|
+
const tokenName = url.searchParams.get("tokenName");
|
|
148
|
+
if (!tokenName) {
|
|
149
|
+
return (0, import_responses.createApiErrorResponse)("TOKEN_NAME_REQUIRED", "tokenName query parameter is required", 400);
|
|
150
|
+
}
|
|
151
|
+
let cookieValue;
|
|
152
|
+
switch (tokenName) {
|
|
153
|
+
case "idToken":
|
|
154
|
+
cookieValue = context.idTokenInCookie;
|
|
155
|
+
break;
|
|
156
|
+
case "sessionToken":
|
|
157
|
+
cookieValue = context.sessionTokenInCookie;
|
|
158
|
+
break;
|
|
159
|
+
case "refreshToken":
|
|
160
|
+
cookieValue = context.refreshTokenInCookie;
|
|
161
|
+
break;
|
|
162
|
+
case "customToken":
|
|
163
|
+
cookieValue = context.customTokenInCookie;
|
|
164
|
+
break;
|
|
165
|
+
default:
|
|
166
|
+
return (0, import_responses.createApiErrorResponse)("INVALID_TOKEN_NAME", "Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken", 400);
|
|
167
|
+
}
|
|
168
|
+
if (!cookieValue) {
|
|
169
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
170
|
+
"TOKEN_NOT_FOUND",
|
|
171
|
+
`${tokenName} not found in httpOnly cookies`,
|
|
172
|
+
404
|
|
173
|
+
);
|
|
174
|
+
}
|
|
175
|
+
return (0, import_responses.createApiSuccessResponse)({
|
|
176
|
+
token: cookieValue
|
|
177
|
+
});
|
|
178
|
+
} catch (error) {
|
|
179
|
+
return (0, import_responses.createApiErrorResponse)("COOKIE_RETRIEVAL_FAILED", "Failed to retrieve cookie", 500);
|
|
180
|
+
}
|
|
181
|
+
};
|
|
182
|
+
switch (subEndpoint2) {
|
|
183
|
+
case "get":
|
|
184
|
+
return handleGetCookie();
|
|
185
|
+
default:
|
|
186
|
+
return import_responses.HttpResponseHelper.createNotFoundResponse();
|
|
187
|
+
}
|
|
188
|
+
};
|
|
189
|
+
switch (method) {
|
|
190
|
+
case "GET":
|
|
191
|
+
return CookieGetHandler(subEndpoint);
|
|
192
|
+
default:
|
|
193
|
+
return import_responses.HttpResponseHelper.createMethodNotAllowedResponse();
|
|
194
|
+
}
|
|
195
|
+
}
|
|
129
196
|
// Annotate the CommonJS export names for ESM import in node:
|
|
130
197
|
0 && (module.exports = {
|
|
198
|
+
cookieEndpointHandler,
|
|
131
199
|
sessionEndpointHandler
|
|
132
200
|
});
|
|
133
201
|
//# sourceMappingURL=sessionHandlers.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport { cookies } from 'next/headers';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nexport async function sessionEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, config);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAmC;AACnC,iBAAuC;AACvC,qBAAwB;AAExB,+BAAgC;AAEhC,0BAAiC;AACjC,qBAAyC;AACzC,uBAAkF;AAGlF,eAAsB,uBACpB,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,cAAc,UAAM,wBAAQ;AAClC,cAAM,gBAAgB,YAAY,IAAI,iBAAiB,GAAG;AAC1D,YAAI,CAAC,eAAe;AAClB,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,QAAI,mCAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,uCAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,iBAAiB;AAC/D,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,kBAAM,yCAAyBA,UAASD,cAAa,QAAQ,QAAQ;AACrE,eAAO,uCAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,mBAAO,yCAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,qBAAiB,mCAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,qBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,UAAM,yCAAyBA,UAASD,cAAa,MAAM;AAC9E,eAAO,uCAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,mBAAO,yCAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,UAAM,iCAAmBA,YAAW;AAChD,aAAO,uCAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport type { CookieSubEndpoint } from '@tern-secure/types';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, createApiSuccessResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nasync function sessionEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const sessionCookie = context.sessionTokenInCookie;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, config);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nasync function cookieEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n const { validateSecurity } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Cookie sub-endpoint required', 400);\n }\n\n const cookiesConfig = config.endpoints?.cookies;\n const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint as CookieSubEndpoint];\n\n if (!subEndpointConfig || !subEndpointConfig.enabled) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Cookie endpoint not found or disabled', 404);\n }\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const CookieGetHandler = async (subEndpoint: CookieSubEndpoint): Promise<Response> => {\n const handleGetCookie = async (): Promise<Response> => {\n try {\n const url = new URL(context.ternUrl);\n const tokenName = url.searchParams.get('tokenName');\n\n if (!tokenName) {\n return createApiErrorResponse('TOKEN_NAME_REQUIRED', 'tokenName query parameter is required', 400);\n }\n\n let cookieValue: string | undefined;\n\n switch (tokenName) {\n case 'idToken':\n cookieValue = context.idTokenInCookie;\n break;\n case 'sessionToken':\n cookieValue = context.sessionTokenInCookie;\n break;\n case 'refreshToken':\n cookieValue = context.refreshTokenInCookie;\n break;\n case 'customToken':\n cookieValue = context.customTokenInCookie;\n break;\n default:\n return createApiErrorResponse('INVALID_TOKEN_NAME', 'Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken', 400);\n }\n\n if (!cookieValue) {\n return createApiErrorResponse(\n 'TOKEN_NOT_FOUND',\n `${tokenName} not found in httpOnly cookies`,\n 404\n );\n }\n\n return createApiSuccessResponse({\n token: cookieValue,\n });\n } catch (error) {\n return createApiErrorResponse('COOKIE_RETRIEVAL_FAILED', 'Failed to retrieve cookie', 500);\n }\n };\n\n switch (subEndpoint) {\n case 'get':\n return handleGetCookie();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return CookieGetHandler(subEndpoint as CookieSubEndpoint);\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nexport { sessionEndpointHandler, cookieEndpointHandler };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAmC;AACnC,iBAAuC;AAGvC,+BAAgC;AAEhC,0BAAiC;AACjC,qBAAyC;AACzC,uBAA4G;AAG5G,eAAe,uBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,gBAAgB,QAAQ;AAC9B,YAAI,CAAC,eAAe;AAClB,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,QAAI,mCAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,uCAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,iBAAiB;AAC/D,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,kBAAM,yCAAyBA,UAASD,cAAa,QAAQ,QAAQ;AACrE,eAAO,uCAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,mBAAO,yCAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,qBAAiB,mCAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,qBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,UAAM,yCAAyBA,UAASD,cAAa,MAAM;AAC9E,eAAO,uCAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,mBAAO,yCAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,UAAM,iCAAmBA,YAAW;AAChD,aAAO,uCAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,eAAe,sBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,iBAAa,sCAAiB,OAAO;AAC3C,QAAM,EAAE,iBAAiB,IAAI;AAE7B,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,gCAAgC,GAAG;AAAA,EAC5F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,MAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,eAAO,yCAAuB,sBAAsB,yCAAyC,GAAG;AAAA,EAClG;AAEA,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,mBAAmB,OAAOA,iBAAsD;AACpF,UAAM,kBAAkB,YAA+B;AACrD,UAAI;AACF,cAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,cAAM,YAAY,IAAI,aAAa,IAAI,WAAW;AAElD,YAAI,CAAC,WAAW;AACd,qBAAO,yCAAuB,uBAAuB,yCAAyC,GAAG;AAAA,QACnG;AAEA,YAAI;AAEJ,gBAAQ,WAAW;AAAA,UACjB,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF;AACE,uBAAO,yCAAuB,sBAAsB,wFAAwF,GAAG;AAAA,QACnJ;AAEA,YAAI,CAAC,aAAa;AAChB,qBAAO;AAAA,YACL;AAAA,YACA,GAAG,SAAS;AAAA,YACZ;AAAA,UACF;AAAA,QACF;AAEA,mBAAO,2CAAyB;AAAA,UAC9B,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,OAAO;AACd,mBAAO,yCAAuB,2BAA2B,6BAA6B,GAAG;AAAA,MAC3F;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,gBAAgB;AAAA,MACzB;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,iBAAiB,WAAgC;AAAA,IAC1D;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
|
|
@@ -20,6 +20,7 @@ var types_exports = {};
|
|
|
20
20
|
__export(types_exports, {
|
|
21
21
|
CookieUtils: () => CookieUtils,
|
|
22
22
|
DEFAULT_COOKIE_OPTIONS: () => DEFAULT_COOKIE_OPTIONS,
|
|
23
|
+
DEFAULT_COOKIE_REQUEST_CONFIG: () => DEFAULT_COOKIE_REQUEST_CONFIG,
|
|
23
24
|
DEFAULT_CORS_OPTIONS: () => DEFAULT_CORS_OPTIONS,
|
|
24
25
|
DEFAULT_ENDPOINT_CONFIG: () => DEFAULT_ENDPOINT_CONFIG,
|
|
25
26
|
DEFAULT_HANDLER_OPTIONS: () => DEFAULT_HANDLER_OPTIONS,
|
|
@@ -91,6 +92,20 @@ const DEFAULT_ENDPOINT_CONFIG = {
|
|
|
91
92
|
requireAuth: false,
|
|
92
93
|
security: DEFAULT_SECURITY_OPTIONS
|
|
93
94
|
};
|
|
95
|
+
const DEFAULT_COOKIE_REQUEST_CONFIG = {
|
|
96
|
+
...DEFAULT_ENDPOINT_CONFIG,
|
|
97
|
+
subEndpoints: {
|
|
98
|
+
get: {
|
|
99
|
+
enabled: true,
|
|
100
|
+
methods: ["GET"],
|
|
101
|
+
requireAuth: false,
|
|
102
|
+
security: {
|
|
103
|
+
requireCSRF: true,
|
|
104
|
+
allowedReferers: []
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
};
|
|
94
109
|
const DEFAULT_SESSIONS_CONFIG = {
|
|
95
110
|
...DEFAULT_ENDPOINT_CONFIG,
|
|
96
111
|
subEndpoints: {
|
|
@@ -141,6 +156,7 @@ const DEFAULT_HANDLER_OPTIONS = {
|
|
|
141
156
|
},
|
|
142
157
|
security: DEFAULT_SECURITY_OPTIONS,
|
|
143
158
|
endpoints: {
|
|
159
|
+
cookies: DEFAULT_COOKIE_REQUEST_CONFIG,
|
|
144
160
|
sessions: DEFAULT_SESSIONS_CONFIG
|
|
145
161
|
},
|
|
146
162
|
tenantId: "",
|
|
@@ -191,6 +207,7 @@ class CookieUtils {
|
|
|
191
207
|
0 && (module.exports = {
|
|
192
208
|
CookieUtils,
|
|
193
209
|
DEFAULT_COOKIE_OPTIONS,
|
|
210
|
+
DEFAULT_COOKIE_REQUEST_CONFIG,
|
|
194
211
|
DEFAULT_CORS_OPTIONS,
|
|
195
212
|
DEFAULT_ENDPOINT_CONFIG,
|
|
196
213
|
DEFAULT_HANDLER_OPTIONS,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig,\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\n\nexport const FIXED_TOKEN_CONFIGS = {\n id: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600, // 1 hour\n },\n refresh: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 30, // 30 days (changes when user events occur)\n },\n signature: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n custom: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n} as const;\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n requireCSRF: true,\n allowedReferers: [],\n requiredHeaders: {},\n ipWhitelist: [],\n userAgent: {\n block: [],\n allow: [],\n },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n enabled: true,\n methods: ['GET', 'POST'],\n requireAuth: false,\n security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n verify: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n createsession: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n },\n },\n refresh: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n revoke: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n cors: DEFAULT_CORS_OPTIONS,\n cookies: DEFAULT_COOKIE_OPTIONS,\n rateLimit: {\n windowMs: 15 * 60 * 1000, // 15 minutes\n maxRequests: 100,\n skipSuccessful: false,\n skipFailedRequests: false,\n },\n security: DEFAULT_SECURITY_OPTIONS,\n endpoints: {\n sessions: DEFAULT_SESSIONS_CONFIG,\n },\n tenantId: '',\n enableCustomToken: false,\n debug: false,\n environment: 'production',\n basePath: '/api/auth',\n};\n\nexport interface ValidationResult {\n error?: NextResponse;\n data?: any;\n}\n\nexport interface ValidationConfig {\n cors?: CorsOptions;\n security?: SecurityOptions;\n endpoint?: {\n name: AuthEndpoint;\n config: EndpointConfig;\n };\n subEndpoint?: {\n name: SessionSubEndpoint;\n config: EndpointConfig;\n };\n requireIdToken?: boolean;\n requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n isValid: boolean;\n error?: Response;\n corsResponse?: Response;\n sessionData?: {\n body: any;\n idToken?: string;\n csrfToken?: string;\n };\n}\n\nexport type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';\n\nexport class CookieUtils {\n static getCookieName(namePrefix: string, tokenType: suffix): string {\n return `${namePrefix}.${tokenType}`;\n }\n\n static getCookieNames(namePrefix: string) {\n return {\n session: this.getCookieName(namePrefix, 'session'),\n id: this.getCookieName(namePrefix, 'id'),\n refresh: this.getCookieName(namePrefix, 'refresh'),\n signature: this.getCookieName(namePrefix, 'signature'),\n custom: this.getCookieName(namePrefix, 'custom'),\n };\n }\n\n static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig {\n const sessionConfig = cookieOptions.session || {};\n const defaultSession = DEFAULT_COOKIE_OPTIONS.session || {};\n\n return {\n path: sessionConfig.path ?? cookieOptions.path ?? '/',\n httpOnly: sessionConfig.httpOnly ?? cookieOptions.httpOnly ?? true,\n sameSite: sessionConfig.sameSite ?? cookieOptions.sameSite ?? 'lax',\n maxAge: sessionConfig.maxAge ?? defaultSession.maxAge ?? 3600 * 24 * 7,\n };\n }\n\n static getFixedTokenConfig(\n tokenType: Exclude<suffix, 'session'>,\n ): TokenCookieConfig {\n const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];\n\n return {\n path: fixedConfig.path,\n httpOnly: fixedConfig.httpOnly,\n sameSite: fixedConfig.sameSite,\n maxAge: fixedConfig.maxAge,\n };\n }\n\n static validateSessionMaxAge(maxAge: number): boolean {\n const minAge = 300; // 5 minutes\n const maxAgeLimit = 3600 * 24 * 14; // 2 weeks\n return maxAge >= minAge && maxAge <= maxAgeLimit;\n }\n}\n\nexport {\n AuthEndpoint,\n CookieOptions,\n CorsOptions,\n SecurityOptions,\n SessionSubEndpoint,\n EndpointConfig,\n SessionEndpointConfig,\n TernSecureHandlerOptions,\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieEndpointConfig,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig,\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\n\nexport const FIXED_TOKEN_CONFIGS = {\n id: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600, // 1 hour\n },\n refresh: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 30, // 30 days (changes when user events occur)\n },\n signature: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n custom: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n} as const;\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n requireCSRF: true,\n allowedReferers: [],\n requiredHeaders: {},\n ipWhitelist: [],\n userAgent: {\n block: [],\n allow: [],\n },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n enabled: true,\n methods: ['GET', 'POST'],\n requireAuth: false,\n security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_COOKIE_REQUEST_CONFIG: CookieEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n get: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n },\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n verify: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n createsession: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n },\n },\n refresh: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n revoke: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n cors: DEFAULT_CORS_OPTIONS,\n cookies: DEFAULT_COOKIE_OPTIONS,\n rateLimit: {\n windowMs: 15 * 60 * 1000, // 15 minutes\n maxRequests: 100,\n skipSuccessful: false,\n skipFailedRequests: false,\n },\n security: DEFAULT_SECURITY_OPTIONS,\n endpoints: {\n cookies: DEFAULT_COOKIE_REQUEST_CONFIG,\n sessions: DEFAULT_SESSIONS_CONFIG,\n },\n tenantId: '',\n enableCustomToken: false,\n debug: false,\n environment: 'production',\n basePath: '/api/auth',\n};\n\nexport interface ValidationResult {\n error?: NextResponse;\n data?: any;\n}\n\nexport interface ValidationConfig {\n cors?: CorsOptions;\n security?: SecurityOptions;\n endpoint?: {\n name: AuthEndpoint;\n config: EndpointConfig;\n };\n subEndpoint?: {\n name: SessionSubEndpoint;\n config: EndpointConfig;\n };\n requireIdToken?: boolean;\n requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n isValid: boolean;\n error?: Response;\n corsResponse?: Response;\n sessionData?: {\n body: any;\n idToken?: string;\n csrfToken?: string;\n };\n}\n\nexport type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';\n\nexport class CookieUtils {\n static getCookieName(namePrefix: string, tokenType: suffix): string {\n return `${namePrefix}.${tokenType}`;\n }\n\n static getCookieNames(namePrefix: string) {\n return {\n session: this.getCookieName(namePrefix, 'session'),\n id: this.getCookieName(namePrefix, 'id'),\n refresh: this.getCookieName(namePrefix, 'refresh'),\n signature: this.getCookieName(namePrefix, 'signature'),\n custom: this.getCookieName(namePrefix, 'custom'),\n };\n }\n\n static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig {\n const sessionConfig = cookieOptions.session || {};\n const defaultSession = DEFAULT_COOKIE_OPTIONS.session || {};\n\n return {\n path: sessionConfig.path ?? cookieOptions.path ?? '/',\n httpOnly: sessionConfig.httpOnly ?? cookieOptions.httpOnly ?? true,\n sameSite: sessionConfig.sameSite ?? cookieOptions.sameSite ?? 'lax',\n maxAge: sessionConfig.maxAge ?? defaultSession.maxAge ?? 3600 * 24 * 7,\n };\n }\n\n static getFixedTokenConfig(\n tokenType: Exclude<suffix, 'session'>,\n ): TokenCookieConfig {\n const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];\n\n return {\n path: fixedConfig.path,\n httpOnly: fixedConfig.httpOnly,\n sameSite: fixedConfig.sameSite,\n maxAge: fixedConfig.maxAge,\n };\n }\n\n static validateSessionMaxAge(maxAge: number): boolean {\n const minAge = 300; // 5 minutes\n const maxAgeLimit = 3600 * 24 * 14; // 2 weeks\n return maxAge >= minAge && maxAge <= maxAgeLimit;\n }\n}\n\nexport {\n AuthEndpoint,\n CookieOptions,\n CorsOptions,\n SecurityOptions,\n SessionSubEndpoint,\n EndpointConfig,\n SessionEndpointConfig,\n TernSecureHandlerOptions,\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcO,MAAM,uBAAoC;AAAA,EAC/C,gBAAgB,CAAC;AAAA,EACjB,gBAAgB,CAAC,OAAO,MAAM;AAAA,EAC9B,gBAAgB,CAAC,gBAAgB,iBAAiB,kBAAkB;AAAA,EACpE,kBAAkB;AAAA,EAClB,QAAQ;AAAA;AACV;AAEO,MAAM,yBAAwC;AAAA,EACnD,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,EACvB,UAAU;AACZ;AAGO,MAAM,sBAAsB;AAAA,EACjC,IAAI;AAAA,IACF,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ;AAAA;AAAA,EACV;AAAA,EACA,SAAS;AAAA,IACP,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,WAAW;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AACF;AAEO,MAAM,2BAA4C;AAAA,EACvD,aAAa;AAAA,EACb,iBAAiB,CAAC;AAAA,EAClB,iBAAiB,CAAC;AAAA,EAClB,aAAa,CAAC;AAAA,EACd,WAAW;AAAA,IACT,OAAO,CAAC;AAAA,IACR,OAAO,CAAC;AAAA,EACV;AACF;AAEO,MAAM,0BAA0C;AAAA,EACrD,SAAS;AAAA,EACT,SAAS,CAAC,OAAO,MAAM;AAAA,EACvB,aAAa;AAAA,EACb,UAAU;AACZ;AAEO,MAAM,gCAAsD;AAAA,EACjE,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,KAAK;AAAA,MACH,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAAiD;AAAA,EAC5D,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAET;AAAA,EACF,MAAM;AAAA,EACN,SAAS;AAAA,EACT,WAAW;AAAA,IACT,UAAU,KAAK,KAAK;AAAA;AAAA,IACpB,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB;AAAA,EACA,UAAU;AAAA,EACV,WAAW;AAAA,IACT,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA,UAAU;AAAA,EACV,mBAAmB;AAAA,EACnB,OAAO;AAAA,EACP,aAAa;AAAA,EACb,UAAU;AACZ;AAmCO,MAAM,YAAY;AAAA,EACvB,OAAO,cAAc,YAAoB,WAA2B;AAClE,WAAO,GAAG,UAAU,IAAI,SAAS;AAAA,EACnC;AAAA,EAEA,OAAO,eAAe,YAAoB;AACxC,WAAO;AAAA,MACL,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,IAAI,KAAK,cAAc,YAAY,IAAI;AAAA,MACvC,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,WAAW,KAAK,cAAc,YAAY,WAAW;AAAA,MACrD,QAAQ,KAAK,cAAc,YAAY,QAAQ;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB,eAAiD;AACvE,UAAM,gBAAgB,cAAc,WAAW,CAAC;AAChD,UAAM,iBAAiB,uBAAuB,WAAW,CAAC;AAE1D,WAAO;AAAA,MACL,MAAM,cAAc,QAAQ,cAAc,QAAQ;AAAA,MAClD,UAAU,cAAc,YAAY,cAAc,YAAY;AAAA,MAC9D,UAAU,cAAc,YAAY,cAAc,YAAY;AAAA,MAC9D,QAAQ,cAAc,UAAU,eAAe,UAAU,OAAO,KAAK;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,OAAO,oBACL,WACmB;AACnB,UAAM,cAAc,oBAAoB,SAAS;AAEjD,WAAO;AAAA,MACL,MAAM,YAAY;AAAA,MAClB,UAAU,YAAY;AAAA,MACtB,UAAU,YAAY;AAAA,MACtB,QAAQ,YAAY;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,OAAO,sBAAsB,QAAyB;AACpD,UAAM,SAAS;AACf,UAAM,cAAc,OAAO,KAAK;AAChC,WAAO,UAAU,UAAU,UAAU;AAAA,EACvC;AACF;","names":[]}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
"use client";
|
|
2
3
|
var __defProp = Object.defineProperty;
|
|
3
4
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
5
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
@@ -18,19 +19,28 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
19
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
20
|
var TernSecureProvider_exports = {};
|
|
20
21
|
__export(TernSecureProvider_exports, {
|
|
21
|
-
|
|
22
|
+
ClientTernSecureProvider: () => ClientTernSecureProvider
|
|
22
23
|
});
|
|
23
24
|
module.exports = __toCommonJS(TernSecureProvider_exports);
|
|
24
25
|
var import_jsx_runtime = require("react/jsx-runtime");
|
|
25
26
|
var import_react = require("@tern-secure/react");
|
|
27
|
+
var import_NextOptionsCtx = require("../../boundary/NextOptionsCtx");
|
|
26
28
|
var import_allNextProviderProps = require("../../utils/allNextProviderProps");
|
|
27
|
-
|
|
28
|
-
const { children
|
|
29
|
-
const
|
|
30
|
-
|
|
31
|
-
|
|
29
|
+
const NextClientProvider = (props) => {
|
|
30
|
+
const { children } = props;
|
|
31
|
+
const isNested = Boolean((0, import_NextOptionsCtx.useTernNextOptions)());
|
|
32
|
+
if (isNested) {
|
|
33
|
+
return props.children;
|
|
34
|
+
}
|
|
35
|
+
const providerProps = (0, import_allNextProviderProps.allNextProviderPropsWithEnv)({ ...props });
|
|
36
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_NextOptionsCtx.TernNextOptionsProvider, { options: providerProps, children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_react.TernSecureProvider, { ...providerProps, children }) });
|
|
37
|
+
};
|
|
38
|
+
const ClientTernSecureProvider = (props) => {
|
|
39
|
+
const { children, ...rest } = props;
|
|
40
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(NextClientProvider, { ...rest, children });
|
|
41
|
+
};
|
|
32
42
|
// Annotate the CommonJS export names for ESM import in node:
|
|
33
43
|
0 && (module.exports = {
|
|
34
|
-
|
|
44
|
+
ClientTernSecureProvider
|
|
35
45
|
});
|
|
36
46
|
//# sourceMappingURL=TernSecureProvider.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/client/TernSecureProvider.tsx"],"sourcesContent":["
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/client/TernSecureProvider.tsx"],"sourcesContent":["'use client';\r\n\r\nimport { TernSecureProvider as TernSecureReactProvider } from '@tern-secure/react';\r\n\r\nimport { TernNextOptionsProvider, useTernNextOptions } from '../../boundary/NextOptionsCtx';\r\nimport type { TernSecureNextProps } from '../../types';\r\nimport { allNextProviderPropsWithEnv } from '../../utils/allNextProviderProps';\r\n\r\nconst NextClientProvider = (props: TernSecureNextProps) => {\r\n const { children } = props;\r\n\r\n const isNested = Boolean(useTernNextOptions());\r\n if (isNested) {\r\n return props.children;\r\n }\r\n\r\n const providerProps = allNextProviderPropsWithEnv({...props});\r\n return (\r\n <TernNextOptionsProvider options={providerProps}>\r\n <TernSecureReactProvider {...providerProps}>\r\n {children}\r\n </TernSecureReactProvider>\r\n </TernNextOptionsProvider>\r\n );\r\n};\r\n\r\nexport const ClientTernSecureProvider = (props: TernSecureNextProps) => {\r\n const { children, ...rest } = props;\r\n return (\r\n <NextClientProvider {...rest}>\r\n {children}\r\n </NextClientProvider>\r\n );\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAmBM;AAjBN,mBAA8D;AAE9D,4BAA4D;AAE5D,kCAA4C;AAE5C,MAAM,qBAAqB,CAAC,UAA+B;AACzD,QAAM,EAAE,SAAS,IAAI;AAErB,QAAM,WAAW,YAAQ,0CAAmB,CAAC;AAC7C,MAAI,UAAU;AACZ,WAAO,MAAM;AAAA,EACf;AAEA,QAAM,oBAAgB,yDAA4B,EAAC,GAAG,MAAK,CAAC;AAC5D,SACE,4CAAC,iDAAwB,SAAS,eAChC,sDAAC,aAAAA,oBAAA,EAAyB,GAAG,eAC1B,UACH,GACF;AAEJ;AAEO,MAAM,2BAA2B,CAAC,UAA+B;AACtE,QAAM,EAAE,UAAU,GAAG,KAAK,IAAI;AAC9B,SACE,4CAAC,sBAAoB,GAAG,MACrB,UACH;AAEJ;","names":["TernSecureReactProvider"]}
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __create = Object.create;
|
|
3
|
+
var __defProp = Object.defineProperty;
|
|
4
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
7
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
|
+
var __export = (target, all) => {
|
|
9
|
+
for (var name in all)
|
|
10
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
11
|
+
};
|
|
12
|
+
var __copyProps = (to, from, except, desc) => {
|
|
13
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
14
|
+
for (let key of __getOwnPropNames(from))
|
|
15
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
16
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
17
|
+
}
|
|
18
|
+
return to;
|
|
19
|
+
};
|
|
20
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
+
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
+
mod
|
|
27
|
+
));
|
|
28
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
|
+
var TernSecureProvider_exports = {};
|
|
30
|
+
__export(TernSecureProvider_exports, {
|
|
31
|
+
TernSecureProvider: () => TernSecureProvider
|
|
32
|
+
});
|
|
33
|
+
module.exports = __toCommonJS(TernSecureProvider_exports);
|
|
34
|
+
var import_jsx_runtime = require("react/jsx-runtime");
|
|
35
|
+
var import_react = __toESM(require("react"));
|
|
36
|
+
var import_PromiseAuthProvider = require("../../boundary/PromiseAuthProvider");
|
|
37
|
+
var import_getAuthDataFromRequest = require("../../server/data/getAuthDataFromRequest");
|
|
38
|
+
var import_sdk_versions = require("../../server/sdk-versions");
|
|
39
|
+
var import_allNextProviderProps = require("../../utils/allNextProviderProps");
|
|
40
|
+
var import_TernSecureProvider = require("../client/TernSecureProvider");
|
|
41
|
+
var import_utils = require("./utils");
|
|
42
|
+
const getTernSecureState = import_react.default.cache(async function getTernSecureState2() {
|
|
43
|
+
const request = await (0, import_utils.buildRequestLike)();
|
|
44
|
+
const data = (0, import_getAuthDataFromRequest.getTernSecureAuthData)(request);
|
|
45
|
+
return data;
|
|
46
|
+
});
|
|
47
|
+
async function TernSecureProvider(props) {
|
|
48
|
+
const { children, ...rest } = props;
|
|
49
|
+
const { persistence } = rest;
|
|
50
|
+
const browserCookiePersistence = persistence === "browserCookie";
|
|
51
|
+
async function generateStatePromise() {
|
|
52
|
+
if (!browserCookiePersistence) {
|
|
53
|
+
return Promise.resolve(void 0);
|
|
54
|
+
}
|
|
55
|
+
if (import_sdk_versions.isNext13) {
|
|
56
|
+
return Promise.resolve(await getTernSecureState());
|
|
57
|
+
}
|
|
58
|
+
return getTernSecureState();
|
|
59
|
+
}
|
|
60
|
+
const providerProps = (0, import_allNextProviderProps.allNextProviderPropsWithEnv)({ ...rest });
|
|
61
|
+
let output;
|
|
62
|
+
if (browserCookiePersistence) {
|
|
63
|
+
output = /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
|
|
64
|
+
import_PromiseAuthProvider.PromiseAuthProvider,
|
|
65
|
+
{
|
|
66
|
+
authPromise: generateStatePromise(),
|
|
67
|
+
children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
|
|
68
|
+
import_TernSecureProvider.ClientTernSecureProvider,
|
|
69
|
+
{
|
|
70
|
+
...providerProps,
|
|
71
|
+
initialState: await generateStatePromise(),
|
|
72
|
+
children
|
|
73
|
+
}
|
|
74
|
+
)
|
|
75
|
+
}
|
|
76
|
+
);
|
|
77
|
+
} else {
|
|
78
|
+
output = /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
|
|
79
|
+
import_TernSecureProvider.ClientTernSecureProvider,
|
|
80
|
+
{
|
|
81
|
+
...providerProps,
|
|
82
|
+
children
|
|
83
|
+
}
|
|
84
|
+
);
|
|
85
|
+
}
|
|
86
|
+
return output;
|
|
87
|
+
}
|
|
88
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
89
|
+
0 && (module.exports = {
|
|
90
|
+
TernSecureProvider
|
|
91
|
+
});
|
|
92
|
+
//# sourceMappingURL=TernSecureProvider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/TernSecureProvider.tsx"],"sourcesContent":["import type { TernSecureStateExtended } from '@tern-secure/types';\nimport type { ReactNode } from 'react';\nimport React from 'react';\n\nimport { PromiseAuthProvider } from '../../boundary/PromiseAuthProvider';\nimport { getTernSecureAuthData } from '../../server/data/getAuthDataFromRequest';\nimport { isNext13 } from '../../server/sdk-versions';\nimport type { TernSecureNextProps } from '../../types';\nimport { allNextProviderPropsWithEnv } from '../../utils/allNextProviderProps';\nimport { ClientTernSecureProvider } from '../client/TernSecureProvider';\nimport { buildRequestLike } from './utils';\n\nconst getTernSecureState = React.cache(async function getTernSecureState() {\n const request = await buildRequestLike();\n const data = getTernSecureAuthData(request);\n return data;\n});\n\nexport async function TernSecureProvider(props: TernSecureNextProps) {\n const { children, ...rest } = props;\n const { persistence } = rest;\n\n const browserCookiePersistence = persistence === 'browserCookie';\n\n async function generateStatePromise() {\n if (!browserCookiePersistence) {\n return Promise.resolve(undefined);\n }\n if (isNext13) {\n return Promise.resolve(await getTernSecureState());\n }\n return getTernSecureState();\n }\n\n const providerProps = allNextProviderPropsWithEnv({ ...rest });\n\n let output: ReactNode;\n\n if (browserCookiePersistence) {\n output = (\n <PromiseAuthProvider\n authPromise={generateStatePromise() as unknown as Promise<TernSecureStateExtended>}\n >\n <ClientTernSecureProvider\n {...providerProps}\n initialState={await generateStatePromise()}\n >\n {children}\n </ClientTernSecureProvider>\n </PromiseAuthProvider>\n );\n } else {\n output = (\n <ClientTernSecureProvider\n {...providerProps}\n >\n {children}\n </ClientTernSecureProvider>\n );\n }\n\n return output;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA2CQ;AAzCR,mBAAkB;AAElB,iCAAoC;AACpC,oCAAsC;AACtC,0BAAyB;AAEzB,kCAA4C;AAC5C,gCAAyC;AACzC,mBAAiC;AAEjC,MAAM,qBAAqB,aAAAA,QAAM,MAAM,eAAeC,sBAAqB;AACzE,QAAM,UAAU,UAAM,+BAAiB;AACvC,QAAM,WAAO,qDAAsB,OAAO;AAC1C,SAAO;AACT,CAAC;AAED,eAAsB,mBAAmB,OAA4B;AACnE,QAAM,EAAE,UAAU,GAAG,KAAK,IAAI;AAC9B,QAAM,EAAE,YAAY,IAAI;AAExB,QAAM,2BAA2B,gBAAgB;AAEjD,iBAAe,uBAAuB;AACpC,QAAI,CAAC,0BAA0B;AAC7B,aAAO,QAAQ,QAAQ,MAAS;AAAA,IAClC;AACA,QAAI,8BAAU;AACZ,aAAO,QAAQ,QAAQ,MAAM,mBAAmB,CAAC;AAAA,IACnD;AACA,WAAO,mBAAmB;AAAA,EAC5B;AAEA,QAAM,oBAAgB,yDAA4B,EAAE,GAAG,KAAK,CAAC;AAE7D,MAAI;AAEJ,MAAI,0BAA0B;AAC5B,aACE;AAAA,MAAC;AAAA;AAAA,QACC,aAAa,qBAAqB;AAAA,QAElC;AAAA,UAAC;AAAA;AAAA,YACE,GAAG;AAAA,YACJ,cAAc,MAAM,qBAAqB;AAAA,YAExC;AAAA;AAAA,QACH;AAAA;AAAA,IACF;AAAA,EAEJ,OAAO;AACL,aACE;AAAA,MAAC;AAAA;AAAA,QACE,GAAG;AAAA,QAEH;AAAA;AAAA,IACH;AAAA,EAEJ;AAEA,SAAO;AACT;","names":["React","getTernSecureState"]}
|
|
@@ -22,32 +22,18 @@ __export(auth_exports, {
|
|
|
22
22
|
});
|
|
23
23
|
module.exports = __toCommonJS(auth_exports);
|
|
24
24
|
var import_backend = require("@tern-secure/backend");
|
|
25
|
-
var import_jwt = require("@tern-secure/backend/jwt");
|
|
26
25
|
var import_navigation = require("next/navigation");
|
|
27
26
|
var import_constant = require("../../server/constant");
|
|
27
|
+
var import_getAuthDataFromRequest = require("../../server/data/getAuthDataFromRequest");
|
|
28
28
|
var import_headers_utils = require("../../server/headers-utils");
|
|
29
29
|
var import_protect = require("../../server/protect");
|
|
30
30
|
var import_redirect = require("../../server/redirect");
|
|
31
31
|
var import_utils = require("./utils");
|
|
32
32
|
const createAuthObject = () => {
|
|
33
33
|
return async (req) => {
|
|
34
|
-
return getAuthDataFromRequest(req);
|
|
34
|
+
return (0, import_getAuthDataFromRequest.getAuthDataFromRequest)(req);
|
|
35
35
|
};
|
|
36
36
|
};
|
|
37
|
-
function getAuthDataFromRequest(req) {
|
|
38
|
-
const authStatus = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthStatus");
|
|
39
|
-
const authToken = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthToken");
|
|
40
|
-
const authSignature = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthSignature");
|
|
41
|
-
const authReason = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthReason");
|
|
42
|
-
let authObject;
|
|
43
|
-
if (!authStatus || authStatus !== import_backend.AuthStatus.SignedIn) {
|
|
44
|
-
authObject = (0, import_backend.signedOutAuthObject)();
|
|
45
|
-
} else {
|
|
46
|
-
const jwt = (0, import_jwt.ternDecodeJwt)(authToken);
|
|
47
|
-
authObject = (0, import_backend.signedInAuthObject)(jwt.raw.text, jwt.payload);
|
|
48
|
-
}
|
|
49
|
-
return authObject;
|
|
50
|
-
}
|
|
51
37
|
const auth = async () => {
|
|
52
38
|
require("server-only");
|
|
53
39
|
const request = await (0, import_utils.buildRequestLike)();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["import type { AuthObject } from '@tern-secure/backend';\r\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["import type { AuthObject } from '@tern-secure/backend';\r\nimport { createTernSecureRequest } from '@tern-secure/backend';\r\nimport { notFound, redirect } from 'next/navigation';\r\n\r\nimport { SIGN_IN_URL, SIGN_UP_URL } from '../../server/constant';\r\nimport { getAuthDataFromRequest } from '../../server/data/getAuthDataFromRequest';\r\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\r\nimport { type AuthProtect, createProtect } from '../../server/protect';\r\nimport { createRedirect, type RedirectFun } from '../../server/redirect';\r\nimport type { BaseUser, RequestLike } from '../../server/types';\r\nimport { buildRequestLike } from './utils';\r\n\r\nexport interface AuthResult {\r\n user: BaseUser | null;\r\n error: Error | null;\r\n}\r\n\r\n/**\r\n * `Auth` object of the currently active user and the `redirectToSignIn()` method.\r\n */\r\ntype Auth = AuthObject & {\r\n redirectToSignIn: RedirectFun<ReturnType<typeof redirect>>;\r\n redirectToSignUp: RedirectFun<ReturnType<typeof redirect>>;\r\n};\r\n\r\nexport interface AuthFn {\r\n (): Promise<Auth>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\nconst createAuthObject = () => {\r\n return async (req: RequestLike) => {\r\n return getAuthDataFromRequest(req);\r\n };\r\n};\r\n\r\n/**\r\n * Get the current authenticated user from the session or token\r\n */\r\nexport const auth: AuthFn = async () => {\r\n // eslint-disable-next-line @typescript-eslint/no-require-imports\r\n require('server-only');\r\n\r\n const request = await buildRequestLike();\r\n\r\n const authObject = await createAuthObject()(request);\r\n\r\n const ternUrl = getAuthKeyFromRequest(request, 'TernSecureUrl');\r\n\r\n const createRedirectForRequest = (...args: Parameters<RedirectFun<never>>) => {\r\n const { returnBackUrl } = args[0] || {};\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n return [\r\n createRedirect({\r\n redirectAdapter: redirect,\r\n baseUrl: ternSecureRequest.ternUrl.toString(),\r\n signInUrl: SIGN_IN_URL,\r\n signUpUrl: SIGN_UP_URL,\r\n }),\r\n returnBackUrl === null ? '' : returnBackUrl || ternUrl?.toString(),\r\n ] as const;\r\n };\r\n\r\n const redirectToSignIn: RedirectFun<never> = (opts = {}) => {\r\n const [r, returnBackUrl] = createRedirectForRequest(opts);\r\n return r.redirectToSignIn({\r\n returnBackUrl,\r\n });\r\n };\r\n\r\n const redirectToSignUp: RedirectFun<never> = (opts = {}) => {\r\n const [r, returnBackUrl] = createRedirectForRequest(opts);\r\n return r.redirectToSignUp({\r\n returnBackUrl,\r\n });\r\n };\r\n\r\n return Object.assign(authObject, { redirectToSignIn, redirectToSignUp });\r\n};\r\n\r\nauth.protect = async (...args: any[]) => {\r\n // eslint-disable-next-line @typescript-eslint/no-require-imports\r\n require('server-only');\r\n\r\n const request = await buildRequestLike();\r\n const authObject = await auth();\r\n\r\n const protect = createProtect({\r\n request,\r\n authObject,\r\n redirectToSignIn: authObject.redirectToSignIn,\r\n notFound,\r\n redirect,\r\n });\r\n\r\n return protect(...args);\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAAwC;AACxC,wBAAmC;AAEnC,sBAAyC;AACzC,oCAAuC;AACvC,2BAAsC;AACtC,qBAAgD;AAChD,sBAAiD;AAEjD,mBAAiC;AAqBjC,MAAM,mBAAmB,MAAM;AAC7B,SAAO,OAAO,QAAqB;AACjC,eAAO,sDAAuB,GAAG;AAAA,EACnC;AACF;AAKO,MAAM,OAAe,YAAY;AAEtC,UAAQ,aAAa;AAErB,QAAM,UAAU,UAAM,+BAAiB;AAEvC,QAAM,aAAa,MAAM,iBAAiB,EAAE,OAAO;AAEnD,QAAM,cAAU,4CAAsB,SAAS,eAAe;AAE9D,QAAM,2BAA2B,IAAI,SAAyC;AAC5E,UAAM,EAAE,cAAc,IAAI,KAAK,CAAC,KAAK,CAAC;AACtC,UAAM,wBAAoB,wCAAwB,OAAO;AAEzD,WAAO;AAAA,UACL,gCAAe;AAAA,QACb,iBAAiB;AAAA,QACjB,SAAS,kBAAkB,QAAQ,SAAS;AAAA,QAC5C,WAAW;AAAA,QACX,WAAW;AAAA,MACb,CAAC;AAAA,MACD,kBAAkB,OAAO,KAAK,iBAAiB,SAAS,SAAS;AAAA,IACnE;AAAA,EACF;AAEA,QAAM,mBAAuC,CAAC,OAAO,CAAC,MAAM;AAC1D,UAAM,CAAC,GAAG,aAAa,IAAI,yBAAyB,IAAI;AACxD,WAAO,EAAE,iBAAiB;AAAA,MACxB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,QAAM,mBAAuC,CAAC,OAAO,CAAC,MAAM;AAC1D,UAAM,CAAC,GAAG,aAAa,IAAI,yBAAyB,IAAI;AACxD,WAAO,EAAE,iBAAiB;AAAA,MACxB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO,OAAO,OAAO,YAAY,EAAE,kBAAkB,iBAAiB,CAAC;AACzE;AAEA,KAAK,UAAU,UAAU,SAAgB;AAEvC,UAAQ,aAAa;AAErB,QAAM,UAAU,UAAM,+BAAiB;AACvC,QAAM,aAAa,MAAM,KAAK;AAE9B,QAAM,cAAU,8BAAc;AAAA,IAC5B;AAAA,IACA;AAAA,IACA,kBAAkB,WAAW;AAAA,IAC7B;AAAA,IACA;AAAA,EACF,CAAC;AAED,SAAO,QAAQ,GAAG,IAAI;AACxB;","names":[]}
|
|
@@ -55,8 +55,8 @@ async function buildRequestLike() {
|
|
|
55
55
|
throw e;
|
|
56
56
|
}
|
|
57
57
|
throw new Error(
|
|
58
|
-
`
|
|
59
|
-
|
|
58
|
+
`auth() is only supported in the App Router (/app directory).
|
|
59
|
+
/pages is not supported yet.
|
|
60
60
|
Original error: ${e}`
|
|
61
61
|
);
|
|
62
62
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/utils.ts"],"sourcesContent":["import { NextRequest } from 'next/server';\r\n\r\nexport const isPrerenderingBailout = (e: unknown) => {\r\n if (!(e instanceof Error) || !('message' in e)) {\r\n return false;\r\n }\r\n\r\n const { message } = e;\r\n\r\n const lowerCaseInput = message.toLowerCase();\r\n const dynamicServerUsage = lowerCaseInput.includes('dynamic server usage');\r\n const bailOutPrerendering = lowerCaseInput.includes('this page needs to bail out of prerendering');\r\n\r\n // note: new error message syntax introduced in next@14.1.1-canary.21\r\n // but we still want to support older versions.\r\n // https://github.com/vercel/next.js/pull/61332 (dynamic-rendering.ts:153)\r\n const routeRegex = /Route .*? needs to bail out of prerendering at this point because it used .*?./;\r\n\r\n return routeRegex.test(message) || dynamicServerUsage || bailOutPrerendering;\r\n};\r\n\r\nexport async function buildRequestLike(): Promise<NextRequest> {\r\n try {\r\n // Dynamically import next/headers, otherwise Next12 apps will break\r\n // @ts-expect-error: Cannot find module 'next/headers' or its corresponding type declarations.ts(2307)\r\n const { headers } = await import('next/headers');\r\n const resolvedHeaders = await headers();\r\n return new NextRequest('https://placeholder.com', { headers: resolvedHeaders });\r\n } catch (e: any) {\r\n // rethrow the error when react throws a prerendering bailout\r\n // https://nextjs.org/docs/messages/ppr-caught-error\r\n if (e && isPrerenderingBailout(e)) {\r\n throw e;\r\n }\r\n\r\n
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/utils.ts"],"sourcesContent":["import { NextRequest } from 'next/server';\r\n\r\nexport const isPrerenderingBailout = (e: unknown) => {\r\n if (!(e instanceof Error) || !('message' in e)) {\r\n return false;\r\n }\r\n\r\n const { message } = e;\r\n\r\n const lowerCaseInput = message.toLowerCase();\r\n const dynamicServerUsage = lowerCaseInput.includes('dynamic server usage');\r\n const bailOutPrerendering = lowerCaseInput.includes('this page needs to bail out of prerendering');\r\n\r\n // note: new error message syntax introduced in next@14.1.1-canary.21\r\n // but we still want to support older versions.\r\n // https://github.com/vercel/next.js/pull/61332 (dynamic-rendering.ts:153)\r\n const routeRegex = /Route .*? needs to bail out of prerendering at this point because it used .*?./;\r\n\r\n return routeRegex.test(message) || dynamicServerUsage || bailOutPrerendering;\r\n};\r\n\r\nexport async function buildRequestLike(): Promise<NextRequest> {\r\n try {\r\n // Dynamically import next/headers, otherwise Next12 apps will break\r\n // @ts-expect-error: Cannot find module 'next/headers' or its corresponding type declarations.ts(2307)\r\n const { headers } = await import('next/headers');\r\n const resolvedHeaders = await headers();\r\n return new NextRequest('https://placeholder.com', { headers: resolvedHeaders });\r\n } catch (e: any) {\r\n // rethrow the error when react throws a prerendering bailout\r\n // https://nextjs.org/docs/messages/ppr-caught-error\r\n if (e && isPrerenderingBailout(e)) {\r\n throw e;\r\n }\r\n\r\n throw new Error(\r\n `auth() is only supported in the App Router (/app directory).\\n/pages is not supported yet.\\nOriginal error: ${e}`,\r\n );\r\n }\r\n}\r\n\r\n// Original source: https://github.com/vercel/next.js/blob/canary/packages/next/src/server/app-render/get-script-nonce-from-header.tsx\r\nexport function getScriptNonceFromHeader(cspHeaderValue: string): string | undefined {\r\n const directives = cspHeaderValue\r\n // Directives are split by ';'.\r\n .split(';')\r\n .map(directive => directive.trim());\r\n\r\n // First try to find the directive for the 'script-src', otherwise try to\r\n // fallback to the 'default-src'.\r\n const directive =\r\n directives.find(dir => dir.startsWith('script-src')) || directives.find(dir => dir.startsWith('default-src'));\r\n\r\n // If no directive could be found, then we're done.\r\n if (!directive) {\r\n return;\r\n }\r\n\r\n // Extract the nonce from the directive\r\n const nonce = directive\r\n .split(' ')\r\n // Remove the 'strict-src'/'default-src' string, this can't be the nonce.\r\n .slice(1)\r\n .map(source => source.trim())\r\n // Find the first source with the 'nonce-' prefix.\r\n .find(source => source.startsWith(\"'nonce-\") && source.length > 8 && source.endsWith(\"'\"))\r\n // Grab the nonce by trimming the 'nonce-' prefix.\r\n ?.slice(7, -1);\r\n\r\n // If we couldn't find the nonce, then we're done.\r\n if (!nonce) {\r\n return;\r\n }\r\n\r\n // Don't accept the nonce value if it contains HTML escape characters.\r\n // Technically, the spec requires a base64'd value, but this is just an\r\n // extra layer.\r\n if (/[&><\\u2028\\u2029]/g.test(nonce)) {\r\n throw new Error(\r\n 'Nonce value from Content-Security-Policy contained invalid HTML escape characters, which is disallowed for security reasons. Make sure that your nonce value does not contain the following characters: `<`, `>`, `&`',\r\n );\r\n }\r\n\r\n return nonce;\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA4B;AAErB,MAAM,wBAAwB,CAAC,MAAe;AACnD,MAAI,EAAE,aAAa,UAAU,EAAE,aAAa,IAAI;AAC9C,WAAO;AAAA,EACT;AAEA,QAAM,EAAE,QAAQ,IAAI;AAEpB,QAAM,iBAAiB,QAAQ,YAAY;AAC3C,QAAM,qBAAqB,eAAe,SAAS,sBAAsB;AACzE,QAAM,sBAAsB,eAAe,SAAS,6CAA6C;AAKjG,QAAM,aAAa;AAEnB,SAAO,WAAW,KAAK,OAAO,KAAK,sBAAsB;AAC3D;AAEA,eAAsB,mBAAyC;AAC7D,MAAI;AAGF,UAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,cAAc;AAC/C,UAAM,kBAAkB,MAAM,QAAQ;AACtC,WAAO,IAAI,0BAAY,2BAA2B,EAAE,SAAS,gBAAgB,CAAC;AAAA,EAChF,SAAS,GAAQ;AAGf,QAAI,KAAK,sBAAsB,CAAC,GAAG;AACjC,YAAM;AAAA,IACR;AAEE,UAAM,IAAI;AAAA,MACR;AAAA;AAAA,kBAA+G,CAAC;AAAA,IAClH;AAAA,EACJ;AACF;AAGO,SAAS,yBAAyB,gBAA4C;AACnF,QAAM,aAAa,eAEhB,MAAM,GAAG,EACT,IAAI,CAAAA,eAAaA,WAAU,KAAK,CAAC;AAIpC,QAAM,YACJ,WAAW,KAAK,SAAO,IAAI,WAAW,YAAY,CAAC,KAAK,WAAW,KAAK,SAAO,IAAI,WAAW,aAAa,CAAC;AAG9G,MAAI,CAAC,WAAW;AACd;AAAA,EACF;AAGA,QAAM,QAAQ,UACX,MAAM,GAAG,EAET,MAAM,CAAC,EACP,IAAI,YAAU,OAAO,KAAK,CAAC,EAE3B,KAAK,YAAU,OAAO,WAAW,SAAS,KAAK,OAAO,SAAS,KAAK,OAAO,SAAS,GAAG,CAAC,GAEvF,MAAM,GAAG,EAAE;AAGf,MAAI,CAAC,OAAO;AACV;AAAA,EACF;AAKA,MAAI,qBAAqB,KAAK,KAAK,GAAG;AACpC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;","names":["directive"]}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __create = Object.create;
|
|
3
|
+
var __defProp = Object.defineProperty;
|
|
4
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
7
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
|
+
var __export = (target, all) => {
|
|
9
|
+
for (var name in all)
|
|
10
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
11
|
+
};
|
|
12
|
+
var __copyProps = (to, from, except, desc) => {
|
|
13
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
14
|
+
for (let key of __getOwnPropNames(from))
|
|
15
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
16
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
17
|
+
}
|
|
18
|
+
return to;
|
|
19
|
+
};
|
|
20
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
+
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
+
mod
|
|
27
|
+
));
|
|
28
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
|
+
var NextOptionsCtx_exports = {};
|
|
30
|
+
__export(NextOptionsCtx_exports, {
|
|
31
|
+
TernNextOptionsProvider: () => TernNextOptionsProvider,
|
|
32
|
+
useTernNextOptions: () => useTernNextOptions
|
|
33
|
+
});
|
|
34
|
+
module.exports = __toCommonJS(NextOptionsCtx_exports);
|
|
35
|
+
var import_jsx_runtime = require("react/jsx-runtime");
|
|
36
|
+
var import_react = __toESM(require("react"));
|
|
37
|
+
const TernNextOptionsCtx = import_react.default.createContext(void 0);
|
|
38
|
+
TernNextOptionsCtx.displayName = "TernNextOptionsCtx";
|
|
39
|
+
const useTernNextOptions = () => {
|
|
40
|
+
const ctx = import_react.default.useContext(TernNextOptionsCtx);
|
|
41
|
+
return ctx?.value;
|
|
42
|
+
};
|
|
43
|
+
const TernNextOptionsProvider = (props) => {
|
|
44
|
+
const { children, options } = props;
|
|
45
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(TernNextOptionsCtx.Provider, { value: { value: options }, children });
|
|
46
|
+
};
|
|
47
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
48
|
+
0 && (module.exports = {
|
|
49
|
+
TernNextOptionsProvider,
|
|
50
|
+
useTernNextOptions
|
|
51
|
+
});
|
|
52
|
+
//# sourceMappingURL=NextOptionsCtx.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/boundary/NextOptionsCtx.tsx"],"sourcesContent":["import React from 'react';\n\nimport type { TernSecureNextProps } from '../types';\n\ntype TernNextContextValue = Partial<Omit<TernSecureNextProps, 'children'>>;\n\nconst TernNextOptionsCtx = React.createContext<{ value: TernNextContextValue } | undefined>(undefined);\nTernNextOptionsCtx.displayName = 'TernNextOptionsCtx';\n\nconst useTernNextOptions = () => {\n const ctx = React.useContext(TernNextOptionsCtx) as { value: TernNextContextValue };\n return ctx?.value;\n};\n\nconst TernNextOptionsProvider = (\n props: React.PropsWithChildren<{ options: TernNextContextValue }>,\n): React.JSX.Element => {\n const { children, options } = props;\n return <TernNextOptionsCtx.Provider value={{ value: options }}>{children}</TernNextOptionsCtx.Provider>;\n};\n\nexport { TernNextOptionsProvider, useTernNextOptions };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAkBS;AAlBT,mBAAkB;AAMlB,MAAM,qBAAqB,aAAAA,QAAM,cAA2D,MAAS;AACrG,mBAAmB,cAAc;AAEjC,MAAM,qBAAqB,MAAM;AAC/B,QAAM,MAAM,aAAAA,QAAM,WAAW,kBAAkB;AAC/C,SAAO,KAAK;AACd;AAEA,MAAM,0BAA0B,CAC9B,UACsB;AACtB,QAAM,EAAE,UAAU,QAAQ,IAAI;AAC9B,SAAO,4CAAC,mBAAmB,UAAnB,EAA4B,OAAO,EAAE,OAAO,QAAQ,GAAI,UAAS;AAC3E;","names":["React"]}
|