@tern-secure/nextjs 5.2.0-canary.v20251008165428 → 5.2.0-canary.v20251020032343

package/dist/types/boundary/NextOptionsCtx.d.ts

@@ -0,0 +1,9 @@
+import React from 'react';
+import type { TernSecureNextProps } from '../types';
+type TernNextContextValue = Partial<Omit<TernSecureNextProps, 'children'>>;
+declare const useTernNextOptions: () => Partial<Omit<TernSecureNextProps, "children">>;
+declare const TernNextOptionsProvider: (props: React.PropsWithChildren<{
+    options: TernNextContextValue;
+}>) => React.JSX.Element;
+export { TernNextOptionsProvider, useTernNextOptions };
+//# sourceMappingURL=NextOptionsCtx.d.ts.map

package/dist/types/boundary/NextOptionsCtx.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NextOptionsCtx.d.ts","sourceRoot":"","sources":["../../../src/boundary/NextOptionsCtx.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAEpD,KAAK,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,mBAAmB,EAAE,UAAU,CAAC,CAAC,CAAC;AAK3E,QAAA,MAAM,kBAAkB,sDAGvB,CAAC;AAEF,QAAA,MAAM,uBAAuB,GAC3B,OAAO,KAAK,CAAC,iBAAiB,CAAC;IAAE,OAAO,EAAE,oBAAoB,CAAA;CAAE,CAAC,KAChE,KAAK,CAAC,GAAG,CAAC,OAGZ,CAAC;AAEF,OAAO,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC"}

package/dist/types/boundary/PromiseAuthProvider.d.ts

@@ -0,0 +1,8 @@
+import type { TernSecureStateExtended } from '@tern-secure/types';
+import React from 'react';
+export declare function PromiseAuthProvider({ authPromise, children, }: {
+    authPromise: Promise<TernSecureStateExtended> | TernSecureStateExtended;
+    children: React.ReactNode;
+}): import("react/jsx-runtime").JSX.Element;
+export declare function usePromiseAuth(): import("@tern-secure/types").UseAuthReturn;
+//# sourceMappingURL=PromiseAuthProvider.d.ts.map

package/dist/types/boundary/PromiseAuthProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PromiseAuthProvider.d.ts","sourceRoot":"","sources":["../../../src/boundary/PromiseAuthProvider.tsx"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAElE,OAAO,KAAK,MAAM,OAAO,CAAC;AAM1B,wBAAgB,mBAAmB,CAAC,EAClC,WAAW,EACX,QAAQ,GACT,EAAE;IACD,WAAW,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,uBAAuB,CAAC;IACxE,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B,2CAEA;AAED,wBAAgB,cAAc,+CAmB7B"}

package/dist/types/boundary/components.d.ts

@@ -1,2 +1,3 @@
-export { useAuth, useIdToken, useSession, useSignIn, useSignInContext, SignInProvider, signIn, } from '@tern-secure/react';
+export { useIdToken, useSession, useSignIn, useSignInContext, useTernSecure, SignInProvider, signIn, } from '@tern-secure/react';
+export { usePromiseAuth as useAuth } from './PromiseAuthProvider';
 //# sourceMappingURL=components.d.ts.map

package/dist/types/boundary/components.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"components.d.ts","sourceRoot":"","sources":["../../../src/boundary/components.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,OAAO,EACP,UAAU,EACV,UAAU,EACV,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,MAAM,GACT,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"components.d.ts","sourceRoot":"","sources":["../../../src/boundary/components.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,UAAU,EACV,UAAU,EACV,SAAS,EACT,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,MAAM,GACT,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,cAAc,IAAI,OAAO,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/types/index.d.ts

@@ -1,5 +1,5 @@
-export { TernSecureProvider } from './app-router/client/TernSecureProvider';
-export { useAuth, useIdToken, useSession, useSignIn, signIn, useSignInContext, SignInProvider } from './boundary/components';
+export { TernSecureProvider } from './app-router/server/TernSecureProvider';
+export { useAuth, useIdToken, useSession, useSignIn, signIn, useSignInContext, useTernSecure, SignInProvider } from './boundary/components';
 export type { TernSecureUser, TernSecureUserData, SignInResponse } from '@tern-secure/types';
 export type { UserInfo, SessionResult } from './types';
 //# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAA;AAC3E,OAAO,EACH,OAAO,EACP,UAAU,EACV,UAAU,EACV,SAAS,EACT,MAAM,EACN,gBAAgB,EAChB,cAAc,EAKjB,MAAM,uBAAuB,CAAA;AAE9B,YAAY,EAAE,cAAc,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AAE5F,YAAY,EACR,QAAQ,EACR,aAAa,EAChB,MAAM,SAAS,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAA;AAC3E,OAAO,EACH,OAAO,EACP,UAAU,EACV,UAAU,EACV,SAAS,EACT,MAAM,EACN,gBAAgB,EAChB,aAAa,EACb,cAAc,EAKjB,MAAM,uBAAuB,CAAA;AAE9B,YAAY,EAAE,cAAc,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AAE5F,YAAY,EACR,QAAQ,EACR,aAAa,EAChB,MAAM,SAAS,CAAA"}

package/dist/types/server/data/getAuthDataFromRequest.d.ts

@@ -0,0 +1,26 @@
+import type { AuthObject } from '@tern-secure/backend';
+import type { RequestLike } from '../../server/types';
+/**
+ * Auth objects moving through the server -> client boundary need to be serializable
+ * as we need to ensure that they can be transferred via the network as pure strings.
+ * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply
+ * ignoring any non-serializable keys, however Nextjs /app directory is stricter and
+ * throws an error if a non-serializable value is found.
+ * @internal
+ */
+export declare const authObjectToSerializable: <T extends Record<string, unknown>>(obj: T) => T;
+export declare function getTernSecureAuthData(req: RequestLike, initialState?: {}): {
+    sessionClaims: import("@tern-secure/types").DecodedIdToken;
+    userId: string;
+    token: string;
+    require: import("@tern-secure/types").CheckAuthorizationFromSessionClaims;
+    error: string | null;
+} | {
+    sessionClaims: null;
+    userId: null;
+    token: null;
+    require: import("@tern-secure/types").CheckAuthorizationFromSessionClaims;
+    error: string | null;
+};
+export declare function getAuthDataFromRequest(req: RequestLike): AuthObject;
+//# sourceMappingURL=getAuthDataFromRequest.d.ts.map

package/dist/types/server/data/getAuthDataFromRequest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"getAuthDataFromRequest.d.ts","sourceRoot":"","sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAKvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD;;;;;;;GAOG;AACH,eAAO,MAAM,wBAAwB,GAAI,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,CAAC,KAAG,CAKpF,CAAC;AAEF,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,WAAW,EAAE,YAAY,KAAK;;;;;;;;;;;;EAGxE;AAED,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,WAAW,GAAG,UAAU,CAenE"}

package/dist/types/server/index.d.ts

@@ -1,5 +1,6 @@
 export { ternSecureMiddleware, } from "./ternSecureEdgeMiddleware";
 export { createRouteMatcher } from "./routeMatcher";
+export { ternSecureBackendClient } from "./ternsecureClient";
 export { auth } from "../app-router/server/auth";
 export type { AuthResult } from "../app-router/server/auth";
 export type { BaseUser, SessionResult } from "./types";

package/dist/types/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,GACrB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EACL,IAAI,EACL,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC5D,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,GACrB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EACL,IAAI,EACL,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC5D,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC"}

package/dist/types/types.d.ts

@@ -141,4 +141,5 @@ export interface SessionResult {
     user: UserInfo | null;
     error?: string;
 }
+export type NextProviderProcessedProps = Omit<TernSecureProviderProps, 'children'>;
 //# sourceMappingURL=types.d.ts.map

package/dist/types/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAA;AAEjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AAGtC;;GAEG;AAGH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5B,CAAA;AAGD;;;GAGG;AAWH;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,WAAW,CAAC,EAAE,aAAa,GAAG,YAAY,CAAA;IAC1C,yCAAyC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,2BAA2B;IAC3B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAA;IAChC,sBAAsB;IACtB,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4CAA4C;IAC5C,WAAW,EAAE,OAAO,CAAA;IACpB,gCAAgC;IAChC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,+CAA+C;IAC/C,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,EAAE,MAAM,EAAE,CAAA;CAEjB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,MAAM,EAAE,qBAAqB,CAAA;CAC9B;AAGD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,OAAO,MAAM,GAAG,SAAS,CAAC;IACxC,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,MAAM,WAAW,SAAU,SAAQ,KAAK;IACtC,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,cAAc,CAAA;CAC1B;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,GAAG,GAAG,KAAK,IAAI,cAAc,CAEpE;AAGD,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,QAAQ,EAAE,OAAO,CAAA;IACjB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;IACnB,eAAe,EAAE,OAAO,CAAA;IACxB,KAAK,EAAE,GAAG,GAAG,IAAI,CAAA;IACjB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,MAAM,EAAE,SAAS,GAAG,eAAe,GAAG,iBAAiB,GAAG,YAAY,CAAA;IACtE,oBAAoB,EAAE,OAAO,CAAA;CAC9B;AAED,MAAM,WAAW,cAAc;IAE7B,WAAW,CAAC,EAAE,MAAM,CAAA;IAEpB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAElB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAGD,MAAM,WAAW,WAAY,SAAQ,cAAc;IACjD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAA;IAChC,SAAS,CAAC,EAAE,MAAM,IAAI,CAAA;IACtB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,YAAY,CAAC,EAAE;QACb,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,WAAW,CAAC,EAAE,MAAM,CAAA;QACpB,YAAY,CAAC,EAAE,MAAM,CAAA;KACtB,CAAA;CACF;AAGD,MAAM,MAAM,mBAAmB,GAAG,uBAAuB,GAAG;IAC1D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B,gBAAgB,CAAC,EAAE,KAAK,CAAC,SAAS,CAAA;CACnC,CAAA;AAED,MAAM,WAAW,IAAI;IACjB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACrB;AAED,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAIC,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,EAAE,OAAO,CAAA;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,eAAe,EAAE,OAAO,CAAA;IACxB,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAA;IACrB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAA;AAEjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AAGtC;;GAEG;AAGH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5B,CAAA;AAGD;;;GAGG;AAWH;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,WAAW,CAAC,EAAE,aAAa,GAAG,YAAY,CAAA;IAC1C,yCAAyC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,2BAA2B;IAC3B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAA;IAChC,sBAAsB;IACtB,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4CAA4C;IAC5C,WAAW,EAAE,OAAO,CAAA;IACpB,gCAAgC;IAChC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,+CAA+C;IAC/C,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,EAAE,MAAM,EAAE,CAAA;CAEjB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,MAAM,EAAE,qBAAqB,CAAA;CAC9B;AAGD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,OAAO,MAAM,GAAG,SAAS,CAAC;IACxC,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,MAAM,WAAW,SAAU,SAAQ,KAAK;IACtC,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,cAAc,CAAA;CAC1B;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,GAAG,GAAG,KAAK,IAAI,cAAc,CAEpE;AAGD,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,QAAQ,EAAE,OAAO,CAAA;IACjB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;IACnB,eAAe,EAAE,OAAO,CAAA;IACxB,KAAK,EAAE,GAAG,GAAG,IAAI,CAAA;IACjB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,MAAM,EAAE,SAAS,GAAG,eAAe,GAAG,iBAAiB,GAAG,YAAY,CAAA;IACtE,oBAAoB,EAAE,OAAO,CAAA;CAC9B;AAED,MAAM,WAAW,cAAc;IAE7B,WAAW,CAAC,EAAE,MAAM,CAAA;IAEpB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAElB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAGD,MAAM,WAAW,WAAY,SAAQ,cAAc;IACjD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAA;IAChC,SAAS,CAAC,EAAE,MAAM,IAAI,CAAA;IACtB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,YAAY,CAAC,EAAE;QACb,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,WAAW,CAAC,EAAE,MAAM,CAAA;QACpB,YAAY,CAAC,EAAE,MAAM,CAAA;KACtB,CAAA;CACF;AAGD,MAAM,MAAM,mBAAmB,GAAG,uBAAuB,GAAG;IAC1D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B,gBAAgB,CAAC,EAAE,KAAK,CAAC,SAAS,CAAA;CACnC,CAAA;AAED,MAAM,WAAW,IAAI;IACjB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACrB;AAED,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAIC,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,EAAE,OAAO,CAAA;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,eAAe,EAAE,OAAO,CAAA;IACxB,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAA;IACrB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,MAAM,MAAM,0BAA0B,GAAG,IAAI,CAAC,uBAAuB,EAAE,UAAU,CAAC,CAAC"}

package/dist/types/utils/allNextProviderProps.d.ts

@@ -1,6 +1,3 @@
-import type { TernSecureProviderProps } from "@tern-secure/react";
-import type { TernSecureNextProps } from "../types";
-type NextProviderProcessedProps = Omit<TernSecureProviderProps, 'children'>;
+import type { NextProviderProcessedProps, TernSecureNextProps } from "../types";
 export declare const allNextProviderPropsWithEnv: (nextProps: Omit<TernSecureNextProps, "children">) => NextProviderProcessedProps;
-export {};
 //# sourceMappingURL=allNextProviderProps.d.ts.map

package/dist/types/utils/allNextProviderProps.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"allNextProviderProps.d.ts","sourceRoot":"","sources":["../../../src/utils/allNextProviderProps.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,uBAAuB,EAAC,MAAM,oBAAoB,CAAC;AAErD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAGpD,KAAK,0BAA0B,GAAG,IAAI,CAAC,uBAAuB,EAAE,UAAU,CAAC,CAAC;AAE5E,eAAO,MAAM,2BAA2B,GACtC,WAAW,IAAI,CAAC,mBAAmB,EAAE,UAAU,CAAC,KAC/C,0BAkFF,CAAC"}
+{"version":3,"file":"allNextProviderProps.d.ts","sourceRoot":"","sources":["../../../src/utils/allNextProviderProps.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAKhF,eAAO,MAAM,2BAA2B,GACtC,WAAW,IAAI,CAAC,mBAAmB,EAAE,UAAU,CAAC,KAC/C,0BAmFF,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tern-secure/nextjs",
-  "version": "5.2.0-canary.v20251008165428",
+  "version": "5.2.0-canary.v20251020032343",
   "publishConfig": {
     "access": "public"
   },
@@ -63,10 +63,10 @@
     "jose": "^5.9.6",
     "server-only": "^0.0.1",
     "tslib": "2.4.1",
-    "@tern-secure/backend": "1.2.0-canary.v20251008165428",
-    "@tern-secure/react": "1.2.0-canary.v20251008165428",
-    "@tern-secure/shared": "1.3.0-canary.v20251008165428",
-    "@tern-secure/types": "1.1.0-canary.v20251008165428"
+    "@tern-secure/backend": "1.2.0-canary.v20251020032343",
+    "@tern-secure/react": "1.2.0-canary.v20251020032343",
+    "@tern-secure/shared": "1.3.0-canary.v20251020032343",
+    "@tern-secure/types": "1.1.0-canary.v20251020032343"
   },
   "peerDependencies": {
     "next": "^13.0.0 || ^14.0.0 || ^15.0.0",

package/dist/cjs/server/edge-session.js

@@ -1,173 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var edge_session_exports = {};
-__export(edge_session_exports, {
-  VerifySessionWithRestApi: () => VerifySessionWithRestApi,
-  verifySession: () => verifySession,
-  verifySessionEdge: () => verifySessionEdge,
-  verifyTokenEdge: () => verifyTokenEdge
-});
-module.exports = __toCommonJS(edge_session_exports);
-var import_jwt = require("./jwt");
-async function verifySession(request) {
-  try {
-    const sessionCookie = request.cookies.get("_session_cookie")?.value;
-    if (sessionCookie) {
-      const result = await (0, import_jwt.verifyFirebaseToken)(sessionCookie, true);
-      if (result.valid) {
-        return {
-          isAuthenticated: true,
-          user: {
-            uid: result.uid ?? "",
-            email: result.email || null,
-            tenantId: result.tenant || "default",
-            emailVerified: result.emailVerified ?? false,
-            disabled: false
-          }
-        };
-      }
-    }
-    return {
-      isAuthenticated: false,
-      user: null,
-      error: "No valid session found"
-    };
-  } catch (error) {
-    console.error("Session verification error:", error);
-    return {
-      isAuthenticated: false,
-      user: null,
-      error: error instanceof Error ? error.message : "Session verification failed"
-    };
-  }
-}
-async function verifyTokenEdge(idToken) {
-  try {
-    const response = await fetch(
-      `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.NEXT_PUBLIC_FIREBASE_API_KEY}`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({ idToken })
-      }
-    );
-    const data = await response.json();
-    console.log("data Token", data);
-    if (!response.ok || !data.users?.[0]) {
-      return null;
-    }
-    const user = data.users[0];
-    return {
-      uid: user.localId,
-      email: user.email || null,
-      tenantId: user.tenantId || "default",
-      disabled: user.disabled || false
-    };
-  } catch (error) {
-    console.error("Token verification error:", error);
-    return null;
-  }
-}
-async function verifySessionEdge(sessionCookie) {
-  try {
-    const response = await fetch(
-      `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.NEXT_PUBLIC_FIREBASE_API_KEY}`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${sessionCookie}`
-        }
-      }
-    );
-    const data = await response.json();
-    console.log("data Session", data);
-    if (!response.ok || !data.users?.[0]) {
-      return null;
-    }
-    const user = data.users[0];
-    return {
-      uid: user.localId,
-      email: user.email || null,
-      tenantId: user.tenant || "default",
-      disabled: user.disabled || false
-    };
-  } catch (error) {
-    console.error("Session verification error:", error);
-    return null;
-  }
-}
-async function VerifySessionWithRestApi(request) {
-  try {
-    const sessionCookie = request.cookies.get("_session_cookie")?.value;
-    if (sessionCookie) {
-      const response = await fetch(
-        `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.GOOGLE_CLIENT_ID}`,
-        {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json",
-            Authorization: `Bearer ${sessionCookie}`
-          }
-        }
-      );
-      const data = await response.json();
-      console.log("[edge-session] data with session cookie", data);
-      if (response.ok && data.users?.[0]) {
-        const user = data.users[0];
-        return {
-          isAuthenticated: true,
-          user: {
-            uid: user.localId,
-            email: user.email || null,
-            tenantId: user.tenantId || "default",
-            emailVerified: user.emailVerified ?? false,
-            disabled: user.disabled || false
-          }
-        };
-      }
-      console.log(
-        "Session cookie verification failed:",
-        data.error?.message || "Invalid session"
-      );
-    }
-    return {
-      isAuthenticated: false,
-      user: null,
-      error: "No valid session found"
-    };
-  } catch (error) {
-    console.error("Session verification error:", error);
-    return {
-      isAuthenticated: false,
-      user: null,
-      error: error instanceof Error ? error.message : "Session verification failed"
-    };
-  }
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  VerifySessionWithRestApi,
-  verifySession,
-  verifySessionEdge,
-  verifyTokenEdge
-});
-//# sourceMappingURL=edge-session.js.map

package/dist/cjs/server/edge-session.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/edge-session.ts"],"sourcesContent":["import type { NextRequest } from \"next/server\";\r\n\r\nimport { verifyFirebaseToken } from \"./jwt\";\r\nimport type { BaseUser,SessionResult } from \"./types\";\r\n\r\nexport async function verifySession(\r\n  request: NextRequest\r\n): Promise<SessionResult> {\r\n  try {\r\n    const sessionCookie = request.cookies.get(\"_session_cookie\")?.value;\r\n    if (sessionCookie) {\r\n      const result = await verifyFirebaseToken(sessionCookie, true);\r\n      if (result.valid) {\r\n        return {\r\n          isAuthenticated: true,\r\n          user: {\r\n            uid: result.uid ?? \"\",\r\n            email: result.email || null,\r\n            tenantId: result.tenant || \"default\",\r\n            emailVerified: result.emailVerified ?? false,\r\n            disabled: false,\r\n          },\r\n        };\r\n      }\r\n    }\r\n    return {\r\n      isAuthenticated: false,\r\n      user: null,\r\n      error: \"No valid session found\",\r\n    };\r\n  } catch (error) {\r\n    console.error(\"Session verification error:\", error);\r\n    return {\r\n      isAuthenticated: false,\r\n      user: null,\r\n      error:\r\n        error instanceof Error ? error.message : \"Session verification failed\",\r\n    };\r\n  }\r\n}\r\n\r\n/**\r\n * Edge-compatible token verification using Firebase Auth REST API\r\n */\r\nexport async function verifyTokenEdge(\r\n  idToken: string\r\n): Promise<BaseUser | null> {\r\n  try {\r\n    const response = await fetch(\r\n      `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.NEXT_PUBLIC_FIREBASE_API_KEY}`,\r\n      {\r\n        method: \"POST\",\r\n        headers: {\r\n          \"Content-Type\": \"application/json\",\r\n        },\r\n        body: JSON.stringify({ idToken }),\r\n      }\r\n    );\r\n\r\n    const data = await response.json();\r\n    console.log(\"data Token\", data);\r\n\r\n    if (!response.ok || !data.users?.[0]) {\r\n      return null;\r\n    }\r\n\r\n    const user = data.users[0];\r\n    return {\r\n      uid: user.localId,\r\n      email: user.email || null,\r\n      tenantId: user.tenantId || \"default\",\r\n      disabled: user.disabled || false,\r\n    };\r\n  } catch (error) {\r\n    console.error(\"Token verification error:\", error);\r\n    return null;\r\n  }\r\n}\r\n\r\n/**\r\n * Edge-compatible session cookie verification\r\n */\r\nexport async function verifySessionEdge(\r\n  sessionCookie: string\r\n): Promise<BaseUser | null> {\r\n  try {\r\n    const response = await fetch(\r\n      `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.NEXT_PUBLIC_FIREBASE_API_KEY}`,\r\n      {\r\n        method: \"POST\",\r\n        headers: {\r\n          \"Content-Type\": \"application/json\",\r\n          Authorization: `Bearer ${sessionCookie}`,\r\n        },\r\n      }\r\n    );\r\n\r\n    const data = await response.json();\r\n    console.log(\"data Session\", data);\r\n\r\n    if (!response.ok || !data.users?.[0]) {\r\n      return null;\r\n    }\r\n\r\n    const user = data.users[0];\r\n    return {\r\n      uid: user.localId,\r\n      email: user.email || null,\r\n      tenantId: user.tenant || \"default\",\r\n      disabled: user.disabled || false,\r\n    };\r\n  } catch (error) {\r\n    console.error(\"Session verification error:\", error);\r\n    return null;\r\n  }\r\n}\r\n\r\n/**\r\n * Edge-compatible session verification using Firebase Auth REST API\r\n */\r\nexport async function VerifySessionWithRestApi(\r\n  request: NextRequest\r\n): Promise<SessionResult> {\r\n  try {\r\n    // First try session cookie\r\n    const sessionCookie = request.cookies.get(\"_session_cookie\")?.value;\r\n    if (sessionCookie) {\r\n      const response = await fetch(\r\n        `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${process.env.GOOGLE_CLIENT_ID}`,\r\n        {\r\n          method: \"POST\",\r\n          headers: {\r\n            \"Content-Type\": \"application/json\",\r\n            Authorization: `Bearer ${sessionCookie}`,\r\n          },\r\n        }\r\n      );\r\n\r\n      const data = await response.json();\r\n      console.log(\"[edge-session] data with session cookie\", data);\r\n\r\n      if (response.ok && data.users?.[0]) {\r\n        const user = data.users[0];\r\n        return {\r\n          isAuthenticated: true,\r\n          user: {\r\n            uid: user.localId,\r\n            email: user.email || null,\r\n            tenantId: user.tenantId || \"default\",\r\n            emailVerified: user.emailVerified ?? false,\r\n            disabled: user.disabled || false,\r\n          },\r\n        };\r\n      }\r\n      console.log(\r\n        \"Session cookie verification failed:\",\r\n        data.error?.message || \"Invalid session\"\r\n      );\r\n    }\r\n    return {\r\n      isAuthenticated: false,\r\n      user: null,\r\n      error: \"No valid session found\",\r\n    };\r\n  } catch (error) {\r\n    console.error(\"Session verification error:\", error);\r\n    return {\r\n      isAuthenticated: false,\r\n      user: null,\r\n      error:\r\n        error instanceof Error ? error.message : \"Session verification failed\",\r\n    };\r\n  }\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAAoC;AAGpC,eAAsB,cACpB,SACwB;AACxB,MAAI;AACF,UAAM,gBAAgB,QAAQ,QAAQ,IAAI,iBAAiB,GAAG;AAC9D,QAAI,eAAe;AACjB,YAAM,SAAS,UAAM,gCAAoB,eAAe,IAAI;AAC5D,UAAI,OAAO,OAAO;AAChB,eAAO;AAAA,UACL,iBAAiB;AAAA,UACjB,MAAM;AAAA,YACJ,KAAK,OAAO,OAAO;AAAA,YACnB,OAAO,OAAO,SAAS;AAAA,YACvB,UAAU,OAAO,UAAU;AAAA,YAC3B,eAAe,OAAO,iBAAiB;AAAA,YACvC,UAAU;AAAA,UACZ;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OACE,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAC7C;AAAA,EACF;AACF;AAKA,eAAsB,gBACpB,SAC0B;AAC1B,MAAI;AACF,UAAM,WAAW,MAAM;AAAA,MACrB,iEAAiE,QAAQ,IAAI,4BAA4B;AAAA,MACzG;AAAA,QACE,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA,MAAM,KAAK,UAAU,EAAE,QAAQ,CAAC;AAAA,MAClC;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAQ,IAAI,cAAc,IAAI;AAE9B,QAAI,CAAC,SAAS,MAAM,CAAC,KAAK,QAAQ,CAAC,GAAG;AACpC,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,KAAK,MAAM,CAAC;AACzB,WAAO;AAAA,MACL,KAAK,KAAK;AAAA,MACV,OAAO,KAAK,SAAS;AAAA,MACrB,UAAU,KAAK,YAAY;AAAA,MAC3B,UAAU,KAAK,YAAY;AAAA,IAC7B;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,6BAA6B,KAAK;AAChD,WAAO;AAAA,EACT;AACF;AAKA,eAAsB,kBACpB,eAC0B;AAC1B,MAAI;AACF,UAAM,WAAW,MAAM;AAAA,MACrB,iEAAiE,QAAQ,IAAI,4BAA4B;AAAA,MACzG;AAAA,QACE,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,eAAe,UAAU,aAAa;AAAA,QACxC;AAAA,MACF;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAQ,IAAI,gBAAgB,IAAI;AAEhC,QAAI,CAAC,SAAS,MAAM,CAAC,KAAK,QAAQ,CAAC,GAAG;AACpC,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,KAAK,MAAM,CAAC;AACzB,WAAO;AAAA,MACL,KAAK,KAAK;AAAA,MACV,OAAO,KAAK,SAAS;AAAA,MACrB,UAAU,KAAK,UAAU;AAAA,MACzB,UAAU,KAAK,YAAY;AAAA,IAC7B;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO;AAAA,EACT;AACF;AAKA,eAAsB,yBACpB,SACwB;AACxB,MAAI;AAEF,UAAM,gBAAgB,QAAQ,QAAQ,IAAI,iBAAiB,GAAG;AAC9D,QAAI,eAAe;AACjB,YAAM,WAAW,MAAM;AAAA,QACrB,iEAAiE,QAAQ,IAAI,gBAAgB;AAAA,QAC7F;AAAA,UACE,QAAQ;AAAA,UACR,SAAS;AAAA,YACP,gBAAgB;AAAA,YAChB,eAAe,UAAU,aAAa;AAAA,UACxC;AAAA,QACF;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,cAAQ,IAAI,2CAA2C,IAAI;AAE3D,UAAI,SAAS,MAAM,KAAK,QAAQ,CAAC,GAAG;AAClC,cAAM,OAAO,KAAK,MAAM,CAAC;AACzB,eAAO;AAAA,UACL,iBAAiB;AAAA,UACjB,MAAM;AAAA,YACJ,KAAK,KAAK;AAAA,YACV,OAAO,KAAK,SAAS;AAAA,YACrB,UAAU,KAAK,YAAY;AAAA,YAC3B,eAAe,KAAK,iBAAiB;AAAA,YACrC,UAAU,KAAK,YAAY;AAAA,UAC7B;AAAA,QACF;AAAA,MACF;AACA,cAAQ;AAAA,QACN;AAAA,QACA,KAAK,OAAO,WAAW;AAAA,MACzB;AAAA,IACF;AACA,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,MAAM;AAAA,MACN,OACE,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAC7C;AAAA,EACF;AACF;","names":[]}

package/dist/cjs/server/jwt-edge.js

@@ -1,138 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var jwt_edge_exports = {};
-__export(jwt_edge_exports, {
-  verifyFirebaseToken: () => verifyFirebaseToken
-});
-module.exports = __toCommonJS(jwt_edge_exports);
-var import_jose = require("jose");
-var import_react = require("react");
-const FIREBASE_ID_TOKEN_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
-const FIREBASE_SESSION_CERT_URL = "https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys";
-const getIdTokenJWKS = (0, import_react.cache)(() => {
-  return (0, import_jose.createRemoteJWKSet)(new URL(FIREBASE_ID_TOKEN_URL), {
-    cacheMaxAge: 36e5,
-    // 1 hour
-    timeoutDuration: 5e3,
-    // 5 seconds
-    cooldownDuration: 3e4
-    // 30 seconds between retries
-  });
-});
-const getSessionJWKS = (0, import_react.cache)(() => {
-  return (0, import_jose.createRemoteJWKSet)(new URL(FIREBASE_SESSION_CERT_URL), {
-    cacheMaxAge: 36e5,
-    // 1 hour
-    timeoutDuration: 5e3,
-    // 5 seconds
-    cooldownDuration: 3e4
-    // 30 seconds between retries
-  });
-});
-function decodeJwt(token) {
-  try {
-    const [headerB64, payloadB64] = token.split(".");
-    const header = JSON.parse(Buffer.from(headerB64, "base64").toString());
-    const payload = JSON.parse(Buffer.from(payloadB64, "base64").toString());
-    return { header, payload };
-  } catch (error) {
-    console.error("Error decoding JWT:", error);
-    return null;
-  }
-}
-async function verifyFirebaseToken(token, isSessionCookie = false) {
-  try {
-    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID;
-    if (!projectId) {
-      throw new Error("Firebase Project ID is not configured");
-    }
-    const decoded = decodeJwt(token);
-    if (!decoded) {
-      throw new Error("Invalid token format");
-    }
-    let retries = 3;
-    let lastError = null;
-    while (retries > 0) {
-      try {
-        const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS();
-        const { payload } = await (0, import_jose.jwtVerify)(token, JWKS, {
-          issuer: isSessionCookie ? "https://session.firebase.google.com/" + projectId : "https://securetoken.google.com/" + projectId,
-          audience: projectId,
-          algorithms: ["RS256"]
-        });
-        const firebasePayload = payload;
-        const now = Math.floor(Date.now() / 1e3);
-        if (firebasePayload.exp <= now) {
-          throw new Error("Token has expired");
-        }
-        if (firebasePayload.iat > now) {
-          throw new Error("Token issued time is in the future");
-        }
-        if (!firebasePayload.sub) {
-          throw new Error("Token subject is empty");
-        }
-        if (firebasePayload.auth_time > now) {
-          throw new Error("Token auth time is in the future");
-        }
-        return {
-          valid: true,
-          uid: firebasePayload.sub,
-          email: firebasePayload.email,
-          emailVerified: firebasePayload.email_verified,
-          tenant: firebasePayload.firebase.tenant,
-          authTime: firebasePayload.auth_time,
-          issuedAt: firebasePayload.iat,
-          expiresAt: firebasePayload.exp
-        };
-      } catch (error) {
-        lastError = error;
-        if (error instanceof Error && error.name === "JWKSNoMatchingKey") {
-          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message);
-          retries--;
-          if (retries > 0) {
-            await new Promise((resolve) => setTimeout(resolve, 1e3));
-            continue;
-          }
-        }
-        throw error;
-      }
-    }
-    throw lastError || new Error("Failed to verify token after retries");
-  } catch (error) {
-    console.error("Token verification details:", {
-      error: error instanceof Error ? {
-        name: error.name,
-        message: error.message,
-        stack: error.stack
-      } : error,
-      decoded: decodeJwt(token),
-      //projectId,
-      isSessionCookie
-    });
-    return {
-      valid: false,
-      error: error instanceof Error ? error.message : "Invalid token"
-    };
-  }
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  verifyFirebaseToken
-});
-//# sourceMappingURL=jwt-edge.js.map

package/dist/cjs/server/jwt-edge.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/jwt-edge.ts"],"sourcesContent":["import { createRemoteJWKSet,jwtVerify } from \"jose\"\r\nimport { cache } from \"react\"\r\n\r\ninterface FirebaseIdTokenPayload {\r\n  iss: string\r\n  aud: string\r\n  auth_time: number\r\n  user_id: string\r\n  sub: string\r\n  iat: number\r\n  exp: number\r\n  email?: string\r\n  email_verified?: boolean\r\n  firebase: {\r\n    identities: {\r\n      [key: string]: any\r\n    }\r\n    sign_in_provider: string\r\n    tenant?: string;\r\n  }\r\n}\r\n\r\ninterface FirebaseTokenResult {\r\n  valid: boolean;\r\n  tenant?: string;\r\n  uid?: string;\r\n  email?: string | null;\r\n  emailVerified?: boolean;\r\n  authTime?: number;\r\n  issuedAt?: number;\r\n  expiresAt?: number;\r\n  error?: string;\r\n}\r\n\r\n// Firebase public key endpoints\r\nconst FIREBASE_ID_TOKEN_URL = \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\"\r\nconst FIREBASE_SESSION_CERT_URL = \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\"\r\n\r\n// Cache the JWKS using React cache\r\nconst getIdTokenJWKS = cache(() => {\r\n  return createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\r\n    cacheMaxAge: 3600000, // 1 hour\r\n    timeoutDuration: 5000, // 5 seconds\r\n    cooldownDuration: 30000, // 30 seconds between retries\r\n  })\r\n})\r\n\r\nconst getSessionJWKS = cache(() => {\r\n  return createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\r\n    cacheMaxAge: 3600000, // 1 hour\r\n    timeoutDuration: 5000, // 5 seconds\r\n    cooldownDuration: 30000, // 30 seconds between retries\r\n  })\r\n})\r\n\r\n// Helper to decode JWT without verification\r\nfunction decodeJwt(token: string) {\r\n  try {\r\n    const [headerB64, payloadB64] = token.split(\".\")\r\n    const header = JSON.parse(Buffer.from(headerB64, \"base64\").toString())\r\n    const payload = JSON.parse(Buffer.from(payloadB64, \"base64\").toString())\r\n    return { header, payload }\r\n  } catch (error) {\r\n    console.error(\"Error decoding JWT:\", error)\r\n    return null\r\n  }\r\n}\r\n\r\nexport async function verifyFirebaseToken(token: string, isSessionCookie = false): Promise<FirebaseTokenResult> {\r\n  try {\r\n    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID\r\n    if (!projectId) {\r\n      throw new Error(\"Firebase Project ID is not configured\")\r\n    }\r\n\r\n    // Decode token for debugging and type checking\r\n    const decoded = decodeJwt(token)\r\n    if (!decoded) {\r\n      throw new Error(\"Invalid token format\")\r\n    }\r\n\r\n    //console.log(\"Token details:\", {\r\n     // header: decoded.header,\r\n     // type: isSessionCookie ? \"session_cookie\" : \"id_token\",\r\n    //})\r\n\r\n    let retries = 3\r\n    let lastError: Error | null = null\r\n\r\n    while (retries > 0) {\r\n      try {\r\n        // Use different JWKS based on token type\r\n        const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS()\r\n\r\n        const { payload } = await jwtVerify(token, JWKS, {\r\n          issuer: isSessionCookie\r\n            ? \"https://session.firebase.google.com/\" + projectId\r\n            : \"https://securetoken.google.com/\" + projectId,\r\n          audience: projectId,\r\n          algorithms: [\"RS256\"],\r\n        })\r\n\r\n        const firebasePayload = payload as unknown as FirebaseIdTokenPayload\r\n        const now = Math.floor(Date.now() / 1000)\r\n\r\n        // Verify token claims\r\n        if (firebasePayload.exp <= now) {\r\n          throw new Error(\"Token has expired\")\r\n        }\r\n\r\n        if (firebasePayload.iat > now) {\r\n          throw new Error(\"Token issued time is in the future\")\r\n        }\r\n\r\n        if (!firebasePayload.sub) {\r\n          throw new Error(\"Token subject is empty\")\r\n        }\r\n\r\n        if (firebasePayload.auth_time > now) {\r\n          throw new Error(\"Token auth time is in the future\")\r\n        }\r\n\r\n        return {\r\n          valid: true,\r\n          uid: firebasePayload.sub,\r\n          email: firebasePayload.email,\r\n          emailVerified: firebasePayload.email_verified,\r\n          tenant: firebasePayload.firebase.tenant,\r\n          authTime: firebasePayload.auth_time,\r\n          issuedAt: firebasePayload.iat,\r\n          expiresAt: firebasePayload.exp,\r\n        }\r\n      } catch (error) {\r\n        lastError = error as Error\r\n        if (error instanceof Error && error.name === \"JWKSNoMatchingKey\") {\r\n          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message)\r\n          retries--\r\n          if (retries > 0) {\r\n            await new Promise((resolve) => setTimeout(resolve, 1000))\r\n            continue\r\n          }\r\n        }\r\n        throw error\r\n      }\r\n    }\r\n\r\n    throw lastError || new Error(\"Failed to verify token after retries\")\r\n  } catch (error) {\r\n    console.error(\"Token verification details:\", {\r\n      error:\r\n        error instanceof Error\r\n          ? {\r\n              name: error.name,\r\n              message: error.message,\r\n              stack: error.stack,\r\n            }\r\n          : error,\r\n      decoded: decodeJwt(token),\r\n      //projectId,\r\n      isSessionCookie,\r\n    })\r\n\r\n    return {\r\n      valid: false,\r\n      error: error instanceof Error ? error.message : \"Invalid token\",\r\n    }\r\n  }\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA6C;AAC7C,mBAAsB;AAkCtB,MAAM,wBAAwB;AAC9B,MAAM,4BAA4B;AAGlC,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,IACxD,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAED,MAAM,qBAAiB,oBAAM,MAAM;AACjC,aAAO,gCAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,IAC5D,aAAa;AAAA;AAAA,IACb,iBAAiB;AAAA;AAAA,IACjB,kBAAkB;AAAA;AAAA,EACpB,CAAC;AACH,CAAC;AAGD,SAAS,UAAU,OAAe;AAChC,MAAI;AACF,UAAM,CAAC,WAAW,UAAU,IAAI,MAAM,MAAM,GAAG;AAC/C,UAAM,SAAS,KAAK,MAAM,OAAO,KAAK,WAAW,QAAQ,EAAE,SAAS,CAAC;AACrE,UAAM,UAAU,KAAK,MAAM,OAAO,KAAK,YAAY,QAAQ,EAAE,SAAS,CAAC;AACvE,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B,SAAS,OAAO;AACd,YAAQ,MAAM,uBAAuB,KAAK;AAC1C,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,oBAAoB,OAAe,kBAAkB,OAAqC;AAC9G,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAGA,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAOA,QAAI,UAAU;AACd,QAAI,YAA0B;AAE9B,WAAO,UAAU,GAAG;AAClB,UAAI;AAEF,cAAM,OAAO,kBAAkB,MAAM,eAAe,IAAI,MAAM,eAAe;AAE7E,cAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,OAAO,MAAM;AAAA,UAC/C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,UACxC,UAAU;AAAA,UACV,YAAY,CAAC,OAAO;AAAA,QACtB,CAAC;AAED,cAAM,kBAAkB;AACxB,cAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAGxC,YAAI,gBAAgB,OAAO,KAAK;AAC9B,gBAAM,IAAI,MAAM,mBAAmB;AAAA,QACrC;AAEA,YAAI,gBAAgB,MAAM,KAAK;AAC7B,gBAAM,IAAI,MAAM,oCAAoC;AAAA,QACtD;AAEA,YAAI,CAAC,gBAAgB,KAAK;AACxB,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C;AAEA,YAAI,gBAAgB,YAAY,KAAK;AACnC,gBAAM,IAAI,MAAM,kCAAkC;AAAA,QACpD;AAEA,eAAO;AAAA,UACL,OAAO;AAAA,UACP,KAAK,gBAAgB;AAAA,UACrB,OAAO,gBAAgB;AAAA,UACvB,eAAe,gBAAgB;AAAA,UAC/B,QAAQ,gBAAgB,SAAS;AAAA,UACjC,UAAU,gBAAgB;AAAA,UAC1B,UAAU,gBAAgB;AAAA,UAC1B,WAAW,gBAAgB;AAAA,QAC7B;AAAA,MACF,SAAS,OAAO;AACd,oBAAY;AACZ,YAAI,iBAAiB,SAAS,MAAM,SAAS,qBAAqB;AAChE,kBAAQ,KAAK,sBAAsB,IAAI,OAAO,KAAK,MAAM,OAAO;AAChE;AACA,cAAI,UAAU,GAAG;AACf,kBAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,GAAI,CAAC;AACxD;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,sCAAsC;AAAA,EACrE,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,SAAS,UAAU,KAAK;AAAA;AAAA,MAExB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}

package/dist/cjs/server/jwt.js

@@ -1,138 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var jwt_exports = {};
-__export(jwt_exports, {
-  verifyFirebaseToken: () => verifyFirebaseToken
-});
-module.exports = __toCommonJS(jwt_exports);
-var import_jose = require("jose");
-var import_react = require("react");
-const FIREBASE_ID_TOKEN_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
-const FIREBASE_SESSION_CERT_URL = "https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys";
-const getIdTokenJWKS = (0, import_react.cache)(() => {
-  return (0, import_jose.createRemoteJWKSet)(new URL(FIREBASE_ID_TOKEN_URL), {
-    cacheMaxAge: 36e5,
-    // 1 hour
-    timeoutDuration: 5e3,
-    // 5 seconds
-    cooldownDuration: 3e4
-    // 30 seconds between retries
-  });
-});
-const getSessionJWKS = (0, import_react.cache)(() => {
-  return (0, import_jose.createRemoteJWKSet)(new URL(FIREBASE_SESSION_CERT_URL), {
-    cacheMaxAge: 36e5,
-    // 1 hour
-    timeoutDuration: 5e3,
-    // 5 seconds
-    cooldownDuration: 3e4
-    // 30 seconds between retries
-  });
-});
-function decodeJwt(token) {
-  try {
-    const [headerB64, payloadB64] = token.split(".");
-    const header = JSON.parse(Buffer.from(headerB64, "base64").toString());
-    const payload = JSON.parse(Buffer.from(payloadB64, "base64").toString());
-    return { header, payload };
-  } catch (error) {
-    console.error("Error decoding JWT:", error);
-    return null;
-  }
-}
-async function verifyFirebaseToken(token, isSessionCookie = false) {
-  try {
-    const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID;
-    if (!projectId) {
-      throw new Error("Firebase Project ID is not configured");
-    }
-    const decoded = decodeJwt(token);
-    if (!decoded) {
-      throw new Error("Invalid token format");
-    }
-    let retries = 3;
-    let lastError = null;
-    while (retries > 0) {
-      try {
-        const JWKS = isSessionCookie ? await getSessionJWKS() : await getIdTokenJWKS();
-        const { payload } = await (0, import_jose.jwtVerify)(token, JWKS, {
-          issuer: isSessionCookie ? "https://session.firebase.google.com/" + projectId : "https://securetoken.google.com/" + projectId,
-          audience: projectId,
-          algorithms: ["RS256"]
-        });
-        const firebasePayload = payload;
-        const now = Math.floor(Date.now() / 1e3);
-        if (firebasePayload.exp <= now) {
-          throw new Error("Token has expired");
-        }
-        if (firebasePayload.iat > now) {
-          throw new Error("Token issued time is in the future");
-        }
-        if (!firebasePayload.sub) {
-          throw new Error("Token subject is empty");
-        }
-        if (firebasePayload.auth_time > now) {
-          throw new Error("Token auth time is in the future");
-        }
-        return {
-          valid: true,
-          uid: firebasePayload.sub,
-          email: firebasePayload.email,
-          emailVerified: firebasePayload.email_verified,
-          tenant: firebasePayload.firebase.tenant,
-          authTime: firebasePayload.auth_time,
-          issuedAt: firebasePayload.iat,
-          expiresAt: firebasePayload.exp
-        };
-      } catch (error) {
-        lastError = error;
-        if (error instanceof Error && error.name === "JWKSNoMatchingKey") {
-          console.warn(`JWKS retry attempt ${4 - retries}:`, error.message);
-          retries--;
-          if (retries > 0) {
-            await new Promise((resolve) => setTimeout(resolve, 1e3));
-            continue;
-          }
-        }
-        throw error;
-      }
-    }
-    throw lastError || new Error("Failed to verify token after retries");
-  } catch (error) {
-    console.error("Token verification details:", {
-      error: error instanceof Error ? {
-        name: error.name,
-        message: error.message,
-        stack: error.stack
-      } : error,
-      decoded: decodeJwt(token),
-      //projectId,
-      isSessionCookie
-    });
-    return {
-      valid: false,
-      error: error instanceof Error ? error.message : "Invalid token"
-    };
-  }
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  verifyFirebaseToken
-});
-//# sourceMappingURL=jwt.js.map