@tern-secure/nextjs 5.2.0-canary.v20251020032343 → 5.2.0-canary.v20251023005301
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/admin/actions.js +4 -2
- package/dist/cjs/app-router/admin/actions.js.map +1 -1
- package/dist/cjs/app-router/admin/cookieOptionsHelper.js +51 -0
- package/dist/cjs/app-router/admin/cookieOptionsHelper.js.map +1 -0
- package/dist/cjs/app-router/admin/request.js +2 -6
- package/dist/cjs/app-router/admin/request.js.map +1 -1
- package/dist/cjs/app-router/admin/types.js +1 -0
- package/dist/cjs/app-router/admin/types.js.map +1 -1
- package/dist/cjs/app-router/client/TernSecureProvider.js +11 -1
- package/dist/cjs/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/cjs/app-router/client/useAwaitablePush.js +39 -0
- package/dist/cjs/app-router/client/useAwaitablePush.js.map +1 -0
- package/dist/cjs/app-router/client/useAwaitableReplace.js +39 -0
- package/dist/cjs/app-router/client/useAwaitableReplace.js.map +1 -0
- package/dist/cjs/app-router/client/useInternalNavFun.js +73 -0
- package/dist/cjs/app-router/client/useInternalNavFun.js.map +1 -0
- package/dist/cjs/app-router/server/auth.js +1 -2
- package/dist/cjs/app-router/server/auth.js.map +1 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/server/node/ternSecureNodeMiddleware.js +2 -3
- package/dist/cjs/server/node/ternSecureNodeMiddleware.js.map +1 -1
- package/dist/cjs/server/protect.js.map +1 -1
- package/dist/cjs/server/ternSecureEdgeMiddleware.js +5 -11
- package/dist/cjs/server/ternSecureEdgeMiddleware.js.map +1 -1
- package/dist/cjs/utils/allNextProviderProps.js +18 -2
- package/dist/cjs/utils/allNextProviderProps.js.map +1 -1
- package/dist/cjs/utils/removeBasePath.js +36 -0
- package/dist/cjs/utils/removeBasePath.js.map +1 -0
- package/dist/esm/app-router/admin/actions.js +4 -2
- package/dist/esm/app-router/admin/actions.js.map +1 -1
- package/dist/esm/app-router/admin/cookieOptionsHelper.js +26 -0
- package/dist/esm/app-router/admin/cookieOptionsHelper.js.map +1 -0
- package/dist/esm/app-router/admin/request.js +2 -6
- package/dist/esm/app-router/admin/request.js.map +1 -1
- package/dist/esm/app-router/admin/types.js +1 -0
- package/dist/esm/app-router/admin/types.js.map +1 -1
- package/dist/esm/app-router/client/TernSecureProvider.js +11 -1
- package/dist/esm/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/esm/app-router/client/useAwaitablePush.js +15 -0
- package/dist/esm/app-router/client/useAwaitablePush.js.map +1 -0
- package/dist/esm/app-router/client/useAwaitableReplace.js +15 -0
- package/dist/esm/app-router/client/useAwaitableReplace.js.map +1 -0
- package/dist/esm/app-router/client/useInternalNavFun.js +49 -0
- package/dist/esm/app-router/client/useInternalNavFun.js.map +1 -0
- package/dist/esm/app-router/server/auth.js +1 -2
- package/dist/esm/app-router/server/auth.js.map +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/server/node/ternSecureNodeMiddleware.js +1 -2
- package/dist/esm/server/node/ternSecureNodeMiddleware.js.map +1 -1
- package/dist/esm/server/protect.js.map +1 -1
- package/dist/esm/server/ternSecureEdgeMiddleware.js +5 -11
- package/dist/esm/server/ternSecureEdgeMiddleware.js.map +1 -1
- package/dist/esm/utils/allNextProviderProps.js +18 -2
- package/dist/esm/utils/allNextProviderProps.js.map +1 -1
- package/dist/esm/utils/removeBasePath.js +12 -0
- package/dist/esm/utils/removeBasePath.js.map +1 -0
- package/dist/types/app-router/admin/actions.d.ts +5 -4
- package/dist/types/app-router/admin/actions.d.ts.map +1 -1
- package/dist/types/app-router/admin/cookieOptionsHelper.d.ts +23 -0
- package/dist/types/app-router/admin/cookieOptionsHelper.d.ts.map +1 -0
- package/dist/types/app-router/admin/request.d.ts.map +1 -1
- package/dist/types/app-router/admin/types.d.ts.map +1 -1
- package/dist/types/app-router/client/TernSecureProvider.d.ts.map +1 -1
- package/dist/types/app-router/client/useAwaitablePush.d.ts +13 -0
- package/dist/types/app-router/client/useAwaitablePush.d.ts.map +1 -0
- package/dist/types/app-router/client/useAwaitableReplace.d.ts +13 -0
- package/dist/types/app-router/client/useAwaitableReplace.d.ts.map +1 -0
- package/dist/types/app-router/client/useInternalNavFun.d.ts +7 -0
- package/dist/types/app-router/client/useInternalNavFun.d.ts.map +1 -0
- package/dist/types/app-router/server/auth.d.ts +1 -2
- package/dist/types/app-router/server/auth.d.ts.map +1 -1
- package/dist/types/index.d.ts +2 -2
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/server/node/ternSecureNodeMiddleware.d.ts.map +1 -1
- package/dist/types/server/protect.d.ts +1 -2
- package/dist/types/server/protect.d.ts.map +1 -1
- package/dist/types/server/ternSecureEdgeMiddleware.d.ts +1 -2
- package/dist/types/server/ternSecureEdgeMiddleware.d.ts.map +1 -1
- package/dist/types/utils/allNextProviderProps.d.ts +2 -2
- package/dist/types/utils/allNextProviderProps.d.ts.map +1 -1
- package/dist/types/utils/removeBasePath.d.ts +7 -0
- package/dist/types/utils/removeBasePath.d.ts.map +1 -0
- package/package.json +5 -5
- package/dist/cjs/server/redirect.js +0 -84
- package/dist/cjs/server/redirect.js.map +0 -1
- package/dist/esm/server/redirect.js +0 -60
- package/dist/esm/server/redirect.js.map +0 -1
- package/dist/types/server/redirect.d.ts +0 -20
- package/dist/types/server/redirect.d.ts.map +0 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { createTernSecureRequest } from "@tern-secure/backend";
|
|
1
|
+
import { createRedirect, createTernSecureRequest } from "@tern-secure/backend";
|
|
2
2
|
import {
|
|
3
3
|
createBackendInstance
|
|
4
4
|
} from "@tern-secure/backend/admin";
|
|
@@ -11,7 +11,6 @@ import {
|
|
|
11
11
|
redirectToSignInError,
|
|
12
12
|
redirectToSignUpError
|
|
13
13
|
} from "../nextErrors";
|
|
14
|
-
import { createRedirect } from "../redirect";
|
|
15
14
|
const createRouteMatcher = (patterns) => {
|
|
16
15
|
return (request) => {
|
|
17
16
|
const { pathname } = request.nextUrl;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/server/node/ternSecureNodeMiddleware.ts"],"sourcesContent":["import {createTernSecureRequest, type TernSecureRequest } from \"@tern-secure/backend\";\nimport {\n createBackendInstance,\n} from \"@tern-secure/backend/admin\";\nimport type { NextMiddleware,NextRequest } from \"next/server\";\nimport {NextResponse } from \"next/server\";\n\nimport { SIGN_IN_URL, SIGN_UP_URL } from \"../constant\";\nimport {\n isNextjsNotFoundError,\n isRedirectToSignInError,\n isRedirectToSignUpError,\n redirectToSignInError,\n redirectToSignUpError,\n} from \"../nextErrors\";\nimport { createRedirect } from \"../redirect\";\nimport type { BaseUser ,\n NextMiddlewareEvtParam,\n NextMiddlewareRequestParam,\n NextMiddlewareReturn,\n} from \"../types\";\n\ntype RedirectToParams = { returnBackUrl?: string | URL | null };\nexport type RedirectFun<ReturnType> = (params?: RedirectToParams) => ReturnType;\n\nexport type AuthObject = {\n user: BaseUser | null;\n session: string | null;\n};\n\nexport interface MiddlewareAuth extends AuthObject {\n (): Promise<MiddlewareAuthObject>;\n protect: () => Promise<void>;\n}\n\ntype MiddlewareHandler = (\n auth: MiddlewareAuth,\n request: NextMiddlewareRequestParam,\n event: NextMiddlewareEvtParam\n) => NextMiddlewareReturn;\n\nexport type MiddlewareAuthObject = AuthObject & {\n redirectToSignIn: RedirectFun<Response>;\n redirectToSignUp: RedirectFun<Response>;\n};\n\n/**\n * Create a route matcher function for public paths\n */\nexport const createRouteMatcher = (patterns: string[]) => {\n return (request: NextRequest): boolean => {\n const { pathname } = request.nextUrl;\n return patterns.some((pattern) => {\n const regexPattern = pattern\n .replace(/[.*+?^${}()|[\\]\\\\]/g, \"\\\\$&\")\n .replace(/\\\\\\*/g, \".*\");\n\n return new RegExp(`^${regexPattern}$`).test(pathname);\n });\n };\n};\n\nconst authenticateMiddlewareRequest = async (\n request: NextRequest\n): Promise<AuthObject> => {\n try {\n const requestState = await createBackendInstance(request);\n const authResult = requestState.requestState.auth();\n\n return {\n user: {\n uid: authResult.session.uid,\n email: authResult.session.email || null,\n tenantId: authResult.session.firebase?.tenant || \"default\",\n authTime: authResult.session.auth_time,\n },\n session: requestState.requestState.token,\n };\n } catch (error) {\n console.error(\n \"Auth check error:\",\n error instanceof Error ? error.message : \"Unknown error\"\n );\n return {\n user: null,\n session: null,\n };\n }\n};\n\nexport interface MiddlewareOptions {\n signInUrl?: string;\n signUpUrl?: string;\n debug?: boolean;\n}\ntype MiddlewareOptionsCallback = (\n req: NextRequest\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\n\ninterface TernSecureMiddleware {\n /**\n * @example\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\n */\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\n */\n (\n handler: MiddlewareHandler,\n options?: MiddlewareOptionsCallback\n ): NextMiddleware;\n\n /**\n * @example\n * export default ternSecureMiddleware(options);\n */\n (options?: MiddlewareOptions): NextMiddleware;\n /**\n * @example\n * export default ternSecureMiddleware;\n */\n (\n request: NextMiddlewareRequestParam,\n event: NextMiddlewareEvtParam\n ): NextMiddlewareReturn;\n}\n\nexport const ternSecureMiddleware = ((\n ...args: unknown[]\n): NextMiddleware | NextMiddlewareReturn => {\n const [request, event] = parseRequestAndEvent(args);\n const [handler, params] = parseHandlerAndOptions(args);\n\n const middleware = () => {\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\n const resolvedParams =\n typeof params === \"function\" ? await params(request) : params;\n\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\n\n let handlerResult: Response = NextResponse.next();\n\n if (handler) {\n const createAuthHandler = async (): Promise<MiddlewareAuth> => {\n const authObject = await authenticateMiddlewareRequest(request);\n\n const getAuth = async (): Promise<MiddlewareAuthObject> => {\n const ternSecureRequest = createTernSecureRequest(request);\n const { redirectToSignIn, redirectToSignUp } =\n createMiddlewareRedirects(\n ternSecureRequest,\n signInUrl,\n signUpUrl\n );\n\n return {\n ...authObject,\n redirectToSignIn,\n redirectToSignUp,\n };\n };\n\n const protect = async (): Promise<void> => {\n if (!authObject.user || !authObject.session) {\n const redirectUrl = new URL(signInUrl || \"/sign-in\", request.url);\n redirectUrl.searchParams.set(\n \"redirect\",\n request.nextUrl.pathname\n );\n redirectToSignInError(redirectUrl.toString());\n }\n };\n\n // Return the MiddlewareAuth object with direct property access\n const authHandler = Object.assign(getAuth, {\n protect,\n user: authObject.user,\n session: authObject.session,\n });\n\n return authHandler as MiddlewareAuth;\n };\n\n try {\n const auth = await createAuthHandler();\n const userHandlerResult = await handler(auth, request, event);\n handlerResult = userHandlerResult || handlerResult;\n } catch (error) {\n const ternSecureRequest = createTernSecureRequest(request);\n handlerResult = handleControlError(error, ternSecureRequest, request);\n }\n\n return handlerResult;\n }\n\n return handlerResult;\n };\n\n const nextMiddleware: NextMiddleware = async (request, event) => {\n return withAuthNextMiddleware(request, event);\n };\n\n if (request && event) {\n return nextMiddleware(request, event);\n }\n\n return nextMiddleware;\n };\n return middleware();\n}) as TernSecureMiddleware;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n return [\n args[0] instanceof Request ? args[0] : undefined,\n args[0] instanceof Request ? args[1] : undefined,\n ] as [\n NextMiddlewareRequestParam | undefined,\n NextMiddlewareEvtParam | undefined,\n ];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n return [\n typeof args[0] === \"function\" ? args[0] : undefined,\n (args.length === 2\n ? args[1]\n : typeof args[0] === \"function\"\n ? {}\n : args[0]) || {},\n ] as [\n MiddlewareHandler | undefined,\n MiddlewareOptions | MiddlewareOptionsCallback,\n ];\n};\n\n/**\n * Create middleware redirect functions\n */\nconst createMiddlewareRedirects = (\n ternSecureRequest: TernSecureRequest,\n signInUrl: string,\n signUpUrl: string\n) => {\n const redirectToSignIn: MiddlewareAuthObject[\"redirectToSignIn\"] = (\n opts = {}\n ) => {\n const url = signInUrl || ternSecureRequest.ternUrl.toString();\n redirectToSignInError(url, opts.returnBackUrl);\n };\n\n const redirectToSignUp: MiddlewareAuthObject[\"redirectToSignUp\"] = (\n opts = {}\n ) => {\n const url = signUpUrl || ternSecureRequest.ternUrl.toString();\n redirectToSignUpError(url, opts.returnBackUrl);\n };\n\n return { redirectToSignIn, redirectToSignUp };\n};\n\n/**\n * Handle control flow errors in middleware\n */\nconst handleControlError = (\n error: any,\n ternSecureRequest: TernSecureRequest,\n nextrequest: NextRequest\n): Response => {\n if (isNextjsNotFoundError(error)) {\n return NextResponse.rewrite(new URL(\"/404\", nextrequest.url));\n }\n\n // Handle redirect to sign in errors\n if (isRedirectToSignInError(error)) {\n const redirectAdapter = (url: string) =>\n NextResponse.redirect(new URL(url, nextrequest.url));\n const { redirectToSignIn } = createRedirect({\n redirectAdapter,\n baseUrl: ternSecureRequest.ternUrl.origin,\n signInUrl: SIGN_IN_URL,\n signUpUrl: SIGN_UP_URL,\n });\n\n return redirectToSignIn({ returnBackUrl: error.returnBackUrl });\n }\n\n // Handle redirect to sign up errors\n if (isRedirectToSignUpError(error)) {\n const redirectAdapter = (url: string) =>\n NextResponse.redirect(new URL(url, nextrequest.url));\n const { redirectToSignUp } = createRedirect({\n redirectAdapter,\n baseUrl: ternSecureRequest.ternUrl.origin,\n signInUrl: SIGN_IN_URL,\n signUpUrl: SIGN_UP_URL,\n });\n\n return redirectToSignUp({ returnBackUrl: error.returnBackUrl });\n }\n\n throw error;\n};\n"],"mappings":"AAAA,SAAQ,+BAAwD;AAChE;AAAA,EACE;AAAA,OACK;AAEP,SAAQ,oBAAoB;AAE5B,SAAS,aAAa,mBAAmB;AACzC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,sBAAsB;AAkCxB,MAAM,qBAAqB,CAAC,aAAuB;AACxD,SAAO,CAAC,YAAkC;AACxC,UAAM,EAAE,SAAS,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,YAAY;AAChC,YAAM,eAAe,QAClB,QAAQ,uBAAuB,MAAM,EACrC,QAAQ,SAAS,IAAI;AAExB,aAAO,IAAI,OAAO,IAAI,YAAY,GAAG,EAAE,KAAK,QAAQ;AAAA,IACtD,CAAC;AAAA,EACH;AACF;AAEA,MAAM,gCAAgC,OACpC,YACwB;AACxB,MAAI;AACF,UAAM,eAAe,MAAM,sBAAsB,OAAO;AACxD,UAAM,aAAa,aAAa,aAAa,KAAK;AAElD,WAAO;AAAA,MACL,MAAM;AAAA,QACJ,KAAK,WAAW,QAAQ;AAAA,QACxB,OAAO,WAAW,QAAQ,SAAS;AAAA,QACnC,UAAU,WAAW,QAAQ,UAAU,UAAU;AAAA,QACjD,UAAU,WAAW,QAAQ;AAAA,MAC/B;AAAA,MACA,SAAS,aAAa,aAAa;AAAA,IACrC;AAAA,EACF,SAAS,OAAO;AACd,YAAQ;AAAA,MACN;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAC3C;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF;AACF;AA0CO,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBACJ,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAEzD,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,UAAI,gBAA0B,aAAa,KAAK;AAEhD,UAAI,SAAS;AACX,cAAM,oBAAoB,YAAqC;AAC7D,gBAAM,aAAa,MAAM,8BAA8BA,QAAO;AAE9D,gBAAM,UAAU,YAA2C;AACzD,kBAAM,oBAAoB,wBAAwBA,QAAO;AACzD,kBAAM,EAAE,kBAAkB,iBAAiB,IACzC;AAAA,cACE;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAEF,mBAAO;AAAA,cACL,GAAG;AAAA,cACH;AAAA,cACA;AAAA,YACF;AAAA,UACF;AAEA,gBAAM,UAAU,YAA2B;AACzC,gBAAI,CAAC,WAAW,QAAQ,CAAC,WAAW,SAAS;AAC3C,oBAAM,cAAc,IAAI,IAAI,aAAa,YAAYA,SAAQ,GAAG;AAChE,0BAAY,aAAa;AAAA,gBACvB;AAAA,gBACAA,SAAQ,QAAQ;AAAA,cAClB;AACA,oCAAsB,YAAY,SAAS,CAAC;AAAA,YAC9C;AAAA,UACF;AAGA,gBAAM,cAAc,OAAO,OAAO,SAAS;AAAA,YACzC;AAAA,YACA,MAAM,WAAW;AAAA,YACjB,SAAS,WAAW;AAAA,UACtB,CAAC;AAED,iBAAO;AAAA,QACT;AAEA,YAAI;AACF,gBAAM,OAAO,MAAM,kBAAkB;AACrC,gBAAM,oBAAoB,MAAM,QAAQ,MAAMA,UAASC,MAAK;AAC5D,0BAAgB,qBAAqB;AAAA,QACvC,SAAS,OAAO;AACd,gBAAM,oBAAoB,wBAAwBD,QAAO;AACzD,0BAAgB,mBAAmB,OAAO,mBAAmBA,QAAO;AAAA,QACtE;AAEA,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AAIF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IACb,KAAK,CAAC,IACN,OAAO,KAAK,CAAC,MAAM,aACjB,CAAC,IACD,KAAK,CAAC,MAAM,CAAC;AAAA,EACrB;AAIF;AAKA,MAAM,4BAA4B,CAChC,mBACA,WACA,cACG;AACH,QAAM,mBAA6D,CACjE,OAAO,CAAC,MACL;AACH,UAAM,MAAM,aAAa,kBAAkB,QAAQ,SAAS;AAC5D,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CACjE,OAAO,CAAC,MACL;AACH,UAAM,MAAM,aAAa,kBAAkB,QAAQ,SAAS;AAC5D,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO,aAAa,QAAQ,IAAI,IAAI,QAAQ,YAAY,GAAG,CAAC;AAAA,EAC9D;AAGA,MAAI,wBAAwB,KAAK,GAAG;AAClC,UAAM,kBAAkB,CAAC,QACvB,aAAa,SAAS,IAAI,IAAI,KAAK,YAAY,GAAG,CAAC;AACrD,UAAM,EAAE,iBAAiB,IAAI,eAAe;AAAA,MAC1C;AAAA,MACA,SAAS,kBAAkB,QAAQ;AAAA,MACnC,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,WAAO,iBAAiB,EAAE,eAAe,MAAM,cAAc,CAAC;AAAA,EAChE;AAGA,MAAI,wBAAwB,KAAK,GAAG;AAClC,UAAM,kBAAkB,CAAC,QACvB,aAAa,SAAS,IAAI,IAAI,KAAK,YAAY,GAAG,CAAC;AACrD,UAAM,EAAE,iBAAiB,IAAI,eAAe;AAAA,MAC1C;AAAA,MACA,SAAS,kBAAkB,QAAQ;AAAA,MACnC,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,WAAO,iBAAiB,EAAE,eAAe,MAAM,cAAc,CAAC;AAAA,EAChE;AAEA,QAAM;AACR;","names":["request","event"]}
|
|
1
|
+
{"version":3,"sources":["../../../../src/server/node/ternSecureNodeMiddleware.ts"],"sourcesContent":["import {createRedirect, createTernSecureRequest, type TernSecureRequest } from \"@tern-secure/backend\";\nimport {\n createBackendInstance,\n} from \"@tern-secure/backend/admin\";\nimport type { NextMiddleware,NextRequest } from \"next/server\";\nimport {NextResponse } from \"next/server\";\n\nimport { SIGN_IN_URL, SIGN_UP_URL } from \"../constant\";\nimport {\n isNextjsNotFoundError,\n isRedirectToSignInError,\n isRedirectToSignUpError,\n redirectToSignInError,\n redirectToSignUpError,\n} from \"../nextErrors\";\nimport type { BaseUser ,\n NextMiddlewareEvtParam,\n NextMiddlewareRequestParam,\n NextMiddlewareReturn,\n} from \"../types\";\n\ntype RedirectToParams = { returnBackUrl?: string | URL | null };\nexport type RedirectFun<ReturnType> = (params?: RedirectToParams) => ReturnType;\n\nexport type AuthObject = {\n user: BaseUser | null;\n session: string | null;\n};\n\nexport interface MiddlewareAuth extends AuthObject {\n (): Promise<MiddlewareAuthObject>;\n protect: () => Promise<void>;\n}\n\ntype MiddlewareHandler = (\n auth: MiddlewareAuth,\n request: NextMiddlewareRequestParam,\n event: NextMiddlewareEvtParam\n) => NextMiddlewareReturn;\n\nexport type MiddlewareAuthObject = AuthObject & {\n redirectToSignIn: RedirectFun<Response>;\n redirectToSignUp: RedirectFun<Response>;\n};\n\n/**\n * Create a route matcher function for public paths\n */\nexport const createRouteMatcher = (patterns: string[]) => {\n return (request: NextRequest): boolean => {\n const { pathname } = request.nextUrl;\n return patterns.some((pattern) => {\n const regexPattern = pattern\n .replace(/[.*+?^${}()|[\\]\\\\]/g, \"\\\\$&\")\n .replace(/\\\\\\*/g, \".*\");\n\n return new RegExp(`^${regexPattern}$`).test(pathname);\n });\n };\n};\n\nconst authenticateMiddlewareRequest = async (\n request: NextRequest\n): Promise<AuthObject> => {\n try {\n const requestState = await createBackendInstance(request);\n const authResult = requestState.requestState.auth();\n\n return {\n user: {\n uid: authResult.session.uid,\n email: authResult.session.email || null,\n tenantId: authResult.session.firebase?.tenant || \"default\",\n authTime: authResult.session.auth_time,\n },\n session: requestState.requestState.token,\n };\n } catch (error) {\n console.error(\n \"Auth check error:\",\n error instanceof Error ? error.message : \"Unknown error\"\n );\n return {\n user: null,\n session: null,\n };\n }\n};\n\nexport interface MiddlewareOptions {\n signInUrl?: string;\n signUpUrl?: string;\n debug?: boolean;\n}\ntype MiddlewareOptionsCallback = (\n req: NextRequest\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\n\ninterface TernSecureMiddleware {\n /**\n * @example\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\n */\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\n */\n (\n handler: MiddlewareHandler,\n options?: MiddlewareOptionsCallback\n ): NextMiddleware;\n\n /**\n * @example\n * export default ternSecureMiddleware(options);\n */\n (options?: MiddlewareOptions): NextMiddleware;\n /**\n * @example\n * export default ternSecureMiddleware;\n */\n (\n request: NextMiddlewareRequestParam,\n event: NextMiddlewareEvtParam\n ): NextMiddlewareReturn;\n}\n\nexport const ternSecureMiddleware = ((\n ...args: unknown[]\n): NextMiddleware | NextMiddlewareReturn => {\n const [request, event] = parseRequestAndEvent(args);\n const [handler, params] = parseHandlerAndOptions(args);\n\n const middleware = () => {\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\n const resolvedParams =\n typeof params === \"function\" ? await params(request) : params;\n\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\n\n let handlerResult: Response = NextResponse.next();\n\n if (handler) {\n const createAuthHandler = async (): Promise<MiddlewareAuth> => {\n const authObject = await authenticateMiddlewareRequest(request);\n\n const getAuth = async (): Promise<MiddlewareAuthObject> => {\n const ternSecureRequest = createTernSecureRequest(request);\n const { redirectToSignIn, redirectToSignUp } =\n createMiddlewareRedirects(\n ternSecureRequest,\n signInUrl,\n signUpUrl\n );\n\n return {\n ...authObject,\n redirectToSignIn,\n redirectToSignUp,\n };\n };\n\n const protect = async (): Promise<void> => {\n if (!authObject.user || !authObject.session) {\n const redirectUrl = new URL(signInUrl || \"/sign-in\", request.url);\n redirectUrl.searchParams.set(\n \"redirect\",\n request.nextUrl.pathname\n );\n redirectToSignInError(redirectUrl.toString());\n }\n };\n\n // Return the MiddlewareAuth object with direct property access\n const authHandler = Object.assign(getAuth, {\n protect,\n user: authObject.user,\n session: authObject.session,\n });\n\n return authHandler as MiddlewareAuth;\n };\n\n try {\n const auth = await createAuthHandler();\n const userHandlerResult = await handler(auth, request, event);\n handlerResult = userHandlerResult || handlerResult;\n } catch (error) {\n const ternSecureRequest = createTernSecureRequest(request);\n handlerResult = handleControlError(error, ternSecureRequest, request);\n }\n\n return handlerResult;\n }\n\n return handlerResult;\n };\n\n const nextMiddleware: NextMiddleware = async (request, event) => {\n return withAuthNextMiddleware(request, event);\n };\n\n if (request && event) {\n return nextMiddleware(request, event);\n }\n\n return nextMiddleware;\n };\n return middleware();\n}) as TernSecureMiddleware;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n return [\n args[0] instanceof Request ? args[0] : undefined,\n args[0] instanceof Request ? args[1] : undefined,\n ] as [\n NextMiddlewareRequestParam | undefined,\n NextMiddlewareEvtParam | undefined,\n ];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n return [\n typeof args[0] === \"function\" ? args[0] : undefined,\n (args.length === 2\n ? args[1]\n : typeof args[0] === \"function\"\n ? {}\n : args[0]) || {},\n ] as [\n MiddlewareHandler | undefined,\n MiddlewareOptions | MiddlewareOptionsCallback,\n ];\n};\n\n/**\n * Create middleware redirect functions\n */\nconst createMiddlewareRedirects = (\n ternSecureRequest: TernSecureRequest,\n signInUrl: string,\n signUpUrl: string\n) => {\n const redirectToSignIn: MiddlewareAuthObject[\"redirectToSignIn\"] = (\n opts = {}\n ) => {\n const url = signInUrl || ternSecureRequest.ternUrl.toString();\n redirectToSignInError(url, opts.returnBackUrl);\n };\n\n const redirectToSignUp: MiddlewareAuthObject[\"redirectToSignUp\"] = (\n opts = {}\n ) => {\n const url = signUpUrl || ternSecureRequest.ternUrl.toString();\n redirectToSignUpError(url, opts.returnBackUrl);\n };\n\n return { redirectToSignIn, redirectToSignUp };\n};\n\n/**\n * Handle control flow errors in middleware\n */\nconst handleControlError = (\n error: any,\n ternSecureRequest: TernSecureRequest,\n nextrequest: NextRequest\n): Response => {\n if (isNextjsNotFoundError(error)) {\n return NextResponse.rewrite(new URL(\"/404\", nextrequest.url));\n }\n\n // Handle redirect to sign in errors\n if (isRedirectToSignInError(error)) {\n const redirectAdapter = (url: string) =>\n NextResponse.redirect(new URL(url, nextrequest.url));\n const { redirectToSignIn } = createRedirect({\n redirectAdapter,\n baseUrl: ternSecureRequest.ternUrl.origin,\n signInUrl: SIGN_IN_URL,\n signUpUrl: SIGN_UP_URL,\n });\n\n return redirectToSignIn({ returnBackUrl: error.returnBackUrl });\n }\n\n // Handle redirect to sign up errors\n if (isRedirectToSignUpError(error)) {\n const redirectAdapter = (url: string) =>\n NextResponse.redirect(new URL(url, nextrequest.url));\n const { redirectToSignUp } = createRedirect({\n redirectAdapter,\n baseUrl: ternSecureRequest.ternUrl.origin,\n signInUrl: SIGN_IN_URL,\n signUpUrl: SIGN_UP_URL,\n });\n\n return redirectToSignUp({ returnBackUrl: error.returnBackUrl });\n }\n\n throw error;\n};\n"],"mappings":"AAAA,SAAQ,gBAAiB,+BAAuD;AAChF;AAAA,EACE;AAAA,OACK;AAEP,SAAQ,oBAAoB;AAE5B,SAAS,aAAa,mBAAmB;AACzC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAkCA,MAAM,qBAAqB,CAAC,aAAuB;AACxD,SAAO,CAAC,YAAkC;AACxC,UAAM,EAAE,SAAS,IAAI,QAAQ;AAC7B,WAAO,SAAS,KAAK,CAAC,YAAY;AAChC,YAAM,eAAe,QAClB,QAAQ,uBAAuB,MAAM,EACrC,QAAQ,SAAS,IAAI;AAExB,aAAO,IAAI,OAAO,IAAI,YAAY,GAAG,EAAE,KAAK,QAAQ;AAAA,IACtD,CAAC;AAAA,EACH;AACF;AAEA,MAAM,gCAAgC,OACpC,YACwB;AACxB,MAAI;AACF,UAAM,eAAe,MAAM,sBAAsB,OAAO;AACxD,UAAM,aAAa,aAAa,aAAa,KAAK;AAElD,WAAO;AAAA,MACL,MAAM;AAAA,QACJ,KAAK,WAAW,QAAQ;AAAA,QACxB,OAAO,WAAW,QAAQ,SAAS;AAAA,QACnC,UAAU,WAAW,QAAQ,UAAU,UAAU;AAAA,QACjD,UAAU,WAAW,QAAQ;AAAA,MAC/B;AAAA,MACA,SAAS,aAAa,aAAa;AAAA,IACrC;AAAA,EACF,SAAS,OAAO;AACd,YAAQ;AAAA,MACN;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAC3C;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF;AACF;AA0CO,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBACJ,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAEzD,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,UAAI,gBAA0B,aAAa,KAAK;AAEhD,UAAI,SAAS;AACX,cAAM,oBAAoB,YAAqC;AAC7D,gBAAM,aAAa,MAAM,8BAA8BA,QAAO;AAE9D,gBAAM,UAAU,YAA2C;AACzD,kBAAM,oBAAoB,wBAAwBA,QAAO;AACzD,kBAAM,EAAE,kBAAkB,iBAAiB,IACzC;AAAA,cACE;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAEF,mBAAO;AAAA,cACL,GAAG;AAAA,cACH;AAAA,cACA;AAAA,YACF;AAAA,UACF;AAEA,gBAAM,UAAU,YAA2B;AACzC,gBAAI,CAAC,WAAW,QAAQ,CAAC,WAAW,SAAS;AAC3C,oBAAM,cAAc,IAAI,IAAI,aAAa,YAAYA,SAAQ,GAAG;AAChE,0BAAY,aAAa;AAAA,gBACvB;AAAA,gBACAA,SAAQ,QAAQ;AAAA,cAClB;AACA,oCAAsB,YAAY,SAAS,CAAC;AAAA,YAC9C;AAAA,UACF;AAGA,gBAAM,cAAc,OAAO,OAAO,SAAS;AAAA,YACzC;AAAA,YACA,MAAM,WAAW;AAAA,YACjB,SAAS,WAAW;AAAA,UACtB,CAAC;AAED,iBAAO;AAAA,QACT;AAEA,YAAI;AACF,gBAAM,OAAO,MAAM,kBAAkB;AACrC,gBAAM,oBAAoB,MAAM,QAAQ,MAAMA,UAASC,MAAK;AAC5D,0BAAgB,qBAAqB;AAAA,QACvC,SAAS,OAAO;AACd,gBAAM,oBAAoB,wBAAwBD,QAAO;AACzD,0BAAgB,mBAAmB,OAAO,mBAAmBA,QAAO;AAAA,QACtE;AAEA,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AAIF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IACb,KAAK,CAAC,IACN,OAAO,KAAK,CAAC,MAAM,aACjB,CAAC,IACD,KAAK,CAAC,MAAM,CAAC;AAAA,EACrB;AAIF;AAKA,MAAM,4BAA4B,CAChC,mBACA,WACA,cACG;AACH,QAAM,mBAA6D,CACjE,OAAO,CAAC,MACL;AACH,UAAM,MAAM,aAAa,kBAAkB,QAAQ,SAAS;AAC5D,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CACjE,OAAO,CAAC,MACL;AACH,UAAM,MAAM,aAAa,kBAAkB,QAAQ,SAAS;AAC5D,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO,aAAa,QAAQ,IAAI,IAAI,QAAQ,YAAY,GAAG,CAAC;AAAA,EAC9D;AAGA,MAAI,wBAAwB,KAAK,GAAG;AAClC,UAAM,kBAAkB,CAAC,QACvB,aAAa,SAAS,IAAI,IAAI,KAAK,YAAY,GAAG,CAAC;AACrD,UAAM,EAAE,iBAAiB,IAAI,eAAe;AAAA,MAC1C;AAAA,MACA,SAAS,kBAAkB,QAAQ;AAAA,MACnC,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,WAAO,iBAAiB,EAAE,eAAe,MAAM,cAAc,CAAC;AAAA,EAChE;AAGA,MAAI,wBAAwB,KAAK,GAAG;AAClC,UAAM,kBAAkB,CAAC,QACvB,aAAa,SAAS,IAAI,IAAI,KAAK,YAAY,GAAG,CAAC;AACrD,UAAM,EAAE,iBAAiB,IAAI,eAAe;AAAA,MAC1C;AAAA,MACA,SAAS,kBAAkB,QAAQ;AAAA,MACnC,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,WAAO,iBAAiB,EAAE,eAAe,MAAM,cAAc,CAAC;AAAA,EAChE;AAEA,QAAM;AACR;","names":["request","event"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/protect.ts"],"sourcesContent":["import type { AuthObject, SignedInAuthObject } from \"@tern-secure/backend\";\nimport { constants } from \"@tern-secure/backend\";\nimport type { CheckAuthorizationFromSessionClaims } from \"@tern-secure/types\";\n\nimport { constants as nextConstants } from \"../constants\";\nimport { isNextFetcher } from \"./nextFetcher\";\
|
|
1
|
+
{"version":3,"sources":["../../../src/server/protect.ts"],"sourcesContent":["import type { AuthObject, RedirectFun, SignedInAuthObject } from \"@tern-secure/backend\";\nimport { constants } from \"@tern-secure/backend\";\nimport type { CheckAuthorizationFromSessionClaims } from \"@tern-secure/types\";\n\nimport { constants as nextConstants } from \"../constants\";\nimport { isNextFetcher } from \"./nextFetcher\";\n\ntype AuthProtectOptions = {\n /**\n * The URL to redirect the user to if they are not authorized.\n */\n unauthorizedUrl?: string;\n /**\n * The URL to redirect the user to if they are not authenticated.\n */\n unauthenticatedUrl?: string;\n};\n\nexport interface AuthProtect {\n (\n params?: (require: CheckAuthorizationFromSessionClaims) => boolean,\n options?: AuthProtectOptions\n ): Promise<SignedInAuthObject>;\n (options?: AuthProtectOptions): Promise<SignedInAuthObject>;\n}\n\nexport function createProtect(opts: {\n request: Request;\n authObject: AuthObject;\n notFound: () => never;\n redirect: (url: string) => void;\n redirectToSignIn: RedirectFun<unknown>;\n}): AuthProtect {\n const { redirectToSignIn, authObject, redirect, notFound, request } = opts;\n\n return (async (...args: any[]) => {\n const optionValuesAsParam =\n args[0]?.unauthenticatedUrl || args[0]?.unauthorizedUrl;\n const paramsOrFunction = optionValuesAsParam ? undefined : (args[0] as \n | CheckAuthorizationFromSessionClaims\n | ((require: CheckAuthorizationFromSessionClaims) => boolean));\n const unauthenticatedUrl = (args[0]?.unauthenticatedUrl ||\n args[1]?.unauthenticatedUrl) as string | undefined;\n const unauthorizedUrl = (args[0]?.unauthorizedUrl ||\n args[1]?.unauthorizedUrl) as string | undefined;\n\n const handleUnauthenticated = () => {\n if (unauthenticatedUrl) {\n redirect(unauthenticatedUrl);\n }\n if (isPageRequest(request)) {\n return redirectToSignIn();\n }\n return notFound();\n };\n\n const handleUnauthorized = () => {\n if (unauthorizedUrl) {\n redirect(unauthorizedUrl);\n }\n notFound();\n };\n\n if (!authObject.userId) {\n handleUnauthenticated();\n }\n\n if (!paramsOrFunction) {\n return authObject;\n }\n\n if (typeof paramsOrFunction === \"function\") {\n if (paramsOrFunction(authObject.require)) {\n return authObject;\n }\n return handleUnauthorized();\n }\n\n if (authObject.require(paramsOrFunction)) {\n return authObject;\n }\n }) as AuthProtect;\n}\n\nconst isServerActionRequest = (req: Request) => {\n return (\n !!req.headers.get(nextConstants.Headers.NextUrl) &&\n (req.headers.get(constants.Headers.Accept)?.includes(\"text/x-component\") ||\n req.headers\n .get(constants.Headers.ContentType)\n ?.includes(\"multipart/form-data\") ||\n !!req.headers.get(nextConstants.Headers.NextAction))\n );\n};\n\nconst isPageRequest = (req: Request): boolean => {\n return (\n req.headers.get(constants.Headers.SecFetchDest) === \"document\" ||\n req.headers.get(constants.Headers.SecFetchDest) === \"iframe\" ||\n req.headers.get(constants.Headers.Accept)?.includes(\"text/html\") ||\n isAppRouterInternalNavigation(req) ||\n isPagesRouterInternalNavigation(req)\n );\n};\n\nconst isAppRouterInternalNavigation = (req: Request) =>\n (!!req.headers.get(nextConstants.Headers.NextUrl) &&\n !isServerActionRequest(req)) ||\n isPagePathAvailable();\n\nconst isPagePathAvailable = () => {\n const __fetch = globalThis.fetch;\n\n if (!isNextFetcher(__fetch)) {\n return false;\n }\n\n const { page, pagePath } = __fetch.__nextGetStaticStore().getStore() || {};\n\n return Boolean(\n // available on next@14\n pagePath ||\n // available on next@15\n page\n );\n};\n\nconst isPagesRouterInternalNavigation = (req: Request) =>\n !!req.headers.get(nextConstants.Headers.NextjsData);\n"],"mappings":"AACA,SAAS,iBAAiB;AAG1B,SAAS,aAAa,qBAAqB;AAC3C,SAAS,qBAAqB;AAqBvB,SAAS,cAAc,MAMd;AACd,QAAM,EAAE,kBAAkB,YAAY,UAAU,UAAU,QAAQ,IAAI;AAEtE,SAAQ,UAAU,SAAgB;AAChC,UAAM,sBACJ,KAAK,CAAC,GAAG,sBAAsB,KAAK,CAAC,GAAG;AAC1C,UAAM,mBAAmB,sBAAsB,SAAa,KAAK,CAAC;AAGlE,UAAM,qBAAsB,KAAK,CAAC,GAAG,sBACnC,KAAK,CAAC,GAAG;AACX,UAAM,kBAAmB,KAAK,CAAC,GAAG,mBAChC,KAAK,CAAC,GAAG;AAEX,UAAM,wBAAwB,MAAM;AAClC,UAAI,oBAAoB;AACtB,iBAAS,kBAAkB;AAAA,MAC7B;AACA,UAAI,cAAc,OAAO,GAAG;AAC1B,eAAO,iBAAiB;AAAA,MAC1B;AACA,aAAO,SAAS;AAAA,IAClB;AAEA,UAAM,qBAAqB,MAAM;AAC/B,UAAI,iBAAiB;AACnB,iBAAS,eAAe;AAAA,MAC1B;AACA,eAAS;AAAA,IACX;AAEA,QAAI,CAAC,WAAW,QAAQ;AACtB,4BAAsB;AAAA,IACxB;AAEA,QAAI,CAAC,kBAAkB;AACrB,aAAO;AAAA,IACT;AAEA,QAAI,OAAO,qBAAqB,YAAY;AAC1C,UAAI,iBAAiB,WAAW,OAAO,GAAG;AACxC,eAAO;AAAA,MACT;AACA,aAAO,mBAAmB;AAAA,IAC5B;AAEA,QAAI,WAAW,QAAQ,gBAAgB,GAAG;AACxC,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,MAAM,wBAAwB,CAAC,QAAiB;AAC9C,SACE,CAAC,CAAC,IAAI,QAAQ,IAAI,cAAc,QAAQ,OAAO,MAC9C,IAAI,QAAQ,IAAI,UAAU,QAAQ,MAAM,GAAG,SAAS,kBAAkB,KACrE,IAAI,QACD,IAAI,UAAU,QAAQ,WAAW,GAChC,SAAS,qBAAqB,KAClC,CAAC,CAAC,IAAI,QAAQ,IAAI,cAAc,QAAQ,UAAU;AAExD;AAEA,MAAM,gBAAgB,CAAC,QAA0B;AAC/C,SACE,IAAI,QAAQ,IAAI,UAAU,QAAQ,YAAY,MAAM,cACpD,IAAI,QAAQ,IAAI,UAAU,QAAQ,YAAY,MAAM,YACpD,IAAI,QAAQ,IAAI,UAAU,QAAQ,MAAM,GAAG,SAAS,WAAW,KAC/D,8BAA8B,GAAG,KACjC,gCAAgC,GAAG;AAEvC;AAEA,MAAM,gCAAgC,CAAC,QACpC,CAAC,CAAC,IAAI,QAAQ,IAAI,cAAc,QAAQ,OAAO,KAC9C,CAAC,sBAAsB,GAAG,KAC5B,oBAAoB;AAEtB,MAAM,sBAAsB,MAAM;AAChC,QAAM,UAAU,WAAW;AAE3B,MAAI,CAAC,cAAc,OAAO,GAAG;AAC3B,WAAO;AAAA,EACT;AAEA,QAAM,EAAE,MAAM,SAAS,IAAI,QAAQ,qBAAqB,EAAE,SAAS,KAAK,CAAC;AAEzE,SAAO;AAAA;AAAA,IAEL;AAAA,IAEE;AAAA,EACJ;AACF;AAEA,MAAM,kCAAkC,CAAC,QACvC,CAAC,CAAC,IAAI,QAAQ,IAAI,cAAc,QAAQ,UAAU;","names":[]}
|
|
@@ -1,9 +1,8 @@
|
|
|
1
|
-
import { constants,
|
|
1
|
+
import { constants, createRedirect, createTernSecureRequest } from "@tern-secure/backend";
|
|
2
2
|
import { notFound as nextjsNotFound } from "next/navigation";
|
|
3
3
|
import { NextResponse } from "next/server";
|
|
4
4
|
import { isRedirect, setHeader } from "../utils/response";
|
|
5
5
|
import { serverRedirectWithAuth } from "../utils/serverRedirectAuth";
|
|
6
|
-
import { createEdgeCompatibleLogger } from "../utils/withLogger";
|
|
7
6
|
import { SIGN_IN_URL, SIGN_UP_URL } from "./constant";
|
|
8
7
|
import {
|
|
9
8
|
isNextjsNotFoundError,
|
|
@@ -15,7 +14,6 @@ import {
|
|
|
15
14
|
redirectToSignUpError
|
|
16
15
|
} from "./nextErrors";
|
|
17
16
|
import { createProtect } from "./protect";
|
|
18
|
-
import { createRedirect } from "./redirect";
|
|
19
17
|
import { ternSecureBackendClient } from "./ternsecureClient";
|
|
20
18
|
import { decorateRequest } from "./utils";
|
|
21
19
|
const ternSecureMiddleware = (...args) => {
|
|
@@ -31,10 +29,6 @@ const ternSecureMiddleware = (...args) => {
|
|
|
31
29
|
signUpUrl,
|
|
32
30
|
...resolvedParams
|
|
33
31
|
};
|
|
34
|
-
const logger = createEdgeCompatibleLogger(options.debug);
|
|
35
|
-
if (options.debug) {
|
|
36
|
-
enableDebugLogging();
|
|
37
|
-
}
|
|
38
32
|
const reqBackendClient = await ternSecureBackendClient();
|
|
39
33
|
const ternSecureRequest = createTernSecureRequest(request2);
|
|
40
34
|
const requestStateClient = await reqBackendClient.authenticateRequest(
|
|
@@ -60,7 +54,7 @@ const ternSecureMiddleware = (...args) => {
|
|
|
60
54
|
const userHandlerResult = await handler?.(authHandler, request2, event2);
|
|
61
55
|
handlerResult = userHandlerResult || handlerResult;
|
|
62
56
|
} catch (error) {
|
|
63
|
-
handlerResult = handleControlError(error, ternSecureRequest, request2);
|
|
57
|
+
handlerResult = handleControlError(error, ternSecureRequest, request2, requestStateClient);
|
|
64
58
|
}
|
|
65
59
|
if (requestStateClient.headers) {
|
|
66
60
|
requestStateClient.headers.forEach((value, key) => {
|
|
@@ -126,7 +120,7 @@ const redirectAdapter = (url) => {
|
|
|
126
120
|
headers: { [constants.Headers.TernSecureRedirectTo]: "true" }
|
|
127
121
|
});
|
|
128
122
|
};
|
|
129
|
-
const handleControlError = (error, ternSecureRequest, nextrequest) => {
|
|
123
|
+
const handleControlError = (error, ternSecureRequest, nextrequest, requestState) => {
|
|
130
124
|
if (isNextjsNotFoundError(error)) {
|
|
131
125
|
return setHeader(
|
|
132
126
|
NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),
|
|
@@ -140,8 +134,8 @@ const handleControlError = (error, ternSecureRequest, nextrequest) => {
|
|
|
140
134
|
const redirect = createRedirect({
|
|
141
135
|
redirectAdapter,
|
|
142
136
|
baseUrl: ternSecureRequest.ternUrl,
|
|
143
|
-
signInUrl:
|
|
144
|
-
signUpUrl:
|
|
137
|
+
signInUrl: requestState.signInUrl,
|
|
138
|
+
signUpUrl: requestState.signUpUrl
|
|
145
139
|
});
|
|
146
140
|
const { returnBackUrl } = error;
|
|
147
141
|
return redirect[isRedirectToSignIn ? "redirectToSignIn" : "redirectToSignUp"]({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"sourcesContent":["import type {\r\n AuthenticateRequestOptions,\r\n AuthObject,\r\n TernSecureRequest,\r\n} from '@tern-secure/backend';\r\nimport { constants, createTernSecureRequest, enableDebugLogging } from '@tern-secure/backend';\r\nimport { notFound as nextjsNotFound } from 'next/navigation';\r\nimport type { NextMiddleware, NextRequest } from 'next/server';\r\nimport { NextResponse } from 'next/server';\r\n\r\nimport { isRedirect, setHeader } from '../utils/response';\r\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\r\nimport { createEdgeCompatibleLogger } from '../utils/withLogger';\r\nimport { SIGN_IN_URL, SIGN_UP_URL } from './constant';\r\nimport {\r\n isNextjsNotFoundError,\r\n isNextjsRedirectError,\r\n isRedirectToSignInError,\r\n isRedirectToSignUpError,\r\n nextjsRedirectError,\r\n redirectToSignInError,\r\n redirectToSignUpError,\r\n} from './nextErrors';\r\nimport { type AuthProtect, createProtect } from './protect';\r\nimport { createRedirect, type RedirectFun } from './redirect';\r\nimport { ternSecureBackendClient } from './ternsecureClient';\r\nimport type {\r\n NextMiddlewareEvtParam,\r\n NextMiddlewareRequestParam,\r\n NextMiddlewareReturn,\r\n} from './types';\r\nimport { decorateRequest } from './utils';\r\n\r\nexport type MiddlewareAuthObject = AuthObject & {\r\n redirectToSignIn: RedirectFun<Response>;\r\n redirectToSignUp: RedirectFun<Response>;\r\n};\r\n\r\nexport interface MiddlewareAuth {\r\n (): Promise<MiddlewareAuthObject>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\ntype MiddlewareHandler = (\r\n auth: MiddlewareAuth,\r\n request: NextMiddlewareRequestParam,\r\n event: NextMiddlewareEvtParam,\r\n) => NextMiddlewareReturn;\r\n\r\nexport interface MiddlewareOptions extends AuthenticateRequestOptions {\r\n debug?: boolean;\r\n}\r\ntype MiddlewareOptionsCallback = (\r\n req: NextRequest,\r\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\r\n\r\ninterface TernSecureMiddleware {\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware(options);\r\n */\r\n (options?: MiddlewareOptions): NextMiddleware;\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware;\r\n */\r\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\r\n}\r\n\r\nexport const ternSecureMiddleware = ((\r\n ...args: unknown[]\r\n): NextMiddleware | NextMiddlewareReturn => {\r\n const [request, event] = parseRequestAndEvent(args);\r\n const [handler, params] = parseHandlerAndOptions(args);\r\n\r\n const middleware = () => {\r\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\r\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\r\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\r\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\r\n\r\n const options = {\r\n signInUrl,\r\n signUpUrl,\r\n ...resolvedParams,\r\n };\r\n\r\n const logger = createEdgeCompatibleLogger(options.debug);\r\n\r\n if (options.debug) {\r\n enableDebugLogging();\r\n }\r\n\r\n const reqBackendClient = await ternSecureBackendClient();\r\n\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n const requestStateClient = await reqBackendClient.authenticateRequest(\r\n ternSecureRequest,\r\n options,\r\n );\r\n\r\n const authObjectClient = requestStateClient.auth();\r\n\r\n const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const protect = await createMiddlewareProtect(\r\n ternSecureRequest,\r\n authObjectClient,\r\n redirectToSignIn,\r\n );\r\n\r\n const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\r\n redirectToSignIn,\r\n redirectToSignUp,\r\n });\r\n\r\n const authHandler = () => Promise.resolve(authObj);\r\n authHandler.protect = protect;\r\n\r\n let handlerResult: Response = NextResponse.next();\r\n\r\n try {\r\n const userHandlerResult = await handler?.(authHandler, request, event);\r\n handlerResult = userHandlerResult || handlerResult;\r\n } catch (error: any) {\r\n handlerResult = handleControlError(error, ternSecureRequest, request);\r\n }\r\n\r\n if (requestStateClient.headers) {\r\n requestStateClient.headers.forEach((value, key) => {\r\n handlerResult.headers.append(key, value);\r\n });\r\n }\r\n\r\n if (isRedirect(handlerResult)) {\r\n return serverRedirectWithAuth(ternSecureRequest, handlerResult);\r\n }\r\n\r\n decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\r\n return handlerResult;\r\n };\r\n\r\n const nextMiddleware: NextMiddleware = async (request, event) => {\r\n return withAuthNextMiddleware(request, event);\r\n };\r\n\r\n if (request && event) {\r\n return nextMiddleware(request, event);\r\n }\r\n\r\n return nextMiddleware;\r\n };\r\n return middleware();\r\n}) as TernSecureMiddleware;\r\n\r\nconst parseRequestAndEvent = (args: unknown[]) => {\r\n return [\r\n args[0] instanceof Request ? args[0] : undefined,\r\n args[0] instanceof Request ? args[1] : undefined,\r\n ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\r\n};\r\n\r\nconst parseHandlerAndOptions = (args: unknown[]) => {\r\n return [\r\n typeof args[0] === 'function' ? args[0] : undefined,\r\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\r\n ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\r\n};\r\n\r\n/**\r\n * Create middleware redirect functions\r\n */\r\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\r\n const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignInError(url, opts.returnBackUrl);\r\n };\r\n\r\n const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignUpError(url, opts.returnBackUrl);\r\n };\r\n\r\n return { redirectToSignIn, redirectToSignUp };\r\n};\r\n\r\nconst createMiddlewareProtect = (\r\n ternSecureRequest: TernSecureRequest,\r\n authObject: AuthObject,\r\n redirectToSignIn: RedirectFun<Response>,\r\n) => {\r\n return (async (params: any, options: any) => {\r\n const notFound = () => nextjsNotFound();\r\n\r\n const redirect = (url: string) =>\r\n nextjsRedirectError(url, {\r\n redirectUrl: url,\r\n });\r\n\r\n return createProtect({\r\n request: ternSecureRequest,\r\n redirect,\r\n notFound,\r\n authObject,\r\n redirectToSignIn,\r\n })(params, options);\r\n }) as unknown as Promise<AuthProtect>;\r\n};\r\n\r\nexport const redirectAdapter = (url: string | URL) => {\r\n return NextResponse.redirect(url, {\r\n headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\r\n });\r\n};\r\n\r\n/**\r\n * Handle control flow errors in middleware\r\n */\r\nconst handleControlError = (\r\n error: any,\r\n ternSecureRequest: TernSecureRequest,\r\n nextrequest: NextRequest,\r\n): Response => {\r\n if (isNextjsNotFoundError(error)) {\r\n return setHeader(\r\n NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\r\n constants.Headers.AuthReason,\r\n 'protect-rewrite',\r\n );\r\n }\r\n\r\n const isRedirectToSignIn = isRedirectToSignInError(error);\r\n const isRedirectToSignUp = isRedirectToSignUpError(error);\r\n\r\n if (isRedirectToSignIn || isRedirectToSignUp) {\r\n const redirect = createRedirect({\r\n redirectAdapter,\r\n baseUrl: ternSecureRequest.ternUrl,\r\n signInUrl: SIGN_IN_URL,\r\n signUpUrl: SIGN_UP_URL,\r\n });\r\n\r\n const { returnBackUrl } = error;\r\n\r\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\r\n returnBackUrl,\r\n });\r\n }\r\n\r\n if (isNextjsRedirectError(error)) {\r\n return redirectAdapter(error.redirectUrl);\r\n }\r\n\r\n throw error;\r\n};\r\n"],"mappings":"AAKA,SAAS,WAAW,yBAAyB,0BAA0B;AACvE,SAAS,YAAY,sBAAsB;AAE3C,SAAS,oBAAoB;AAE7B,SAAS,YAAY,iBAAiB;AACtC,SAAS,8BAA8B;AACvC,SAAS,kCAAkC;AAC3C,SAAS,aAAa,mBAAmB;AACzC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAA2B,qBAAqB;AAChD,SAAS,sBAAwC;AACjD,SAAS,+BAA+B;AAMxC,SAAS,uBAAuB;AAmDzB,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAC9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,SAAS,2BAA2B,QAAQ,KAAK;AAEvD,UAAI,QAAQ,OAAO;AACjB,2BAAmB;AAAA,MACrB;AAEA,YAAM,mBAAmB,MAAM,wBAAwB;AAEvD,YAAM,oBAAoB,wBAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,aAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,QAAO;AAAA,MACtE;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,UAAI,WAAW,aAAa,GAAG;AAC7B,eAAO,uBAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,sBAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAKA,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,MAAM,eAAe;AAEtC,UAAM,WAAW,CAAC,QAChB,oBAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,WAAO,cAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,aAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,UAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO;AAAA,MACL,aAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,UAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,qBAAqB,wBAAwB,KAAK;AACxD,QAAM,qBAAqB,wBAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,WAAW,eAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;","names":["request","event"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"sourcesContent":["import type {\r\n AuthenticateRequestOptions,\r\n AuthObject,\r\n RedirectFun,\r\n RequestState,\r\n TernSecureRequest,\r\n} from '@tern-secure/backend';\r\nimport { constants, createRedirect, createTernSecureRequest } from '@tern-secure/backend';\r\nimport { notFound as nextjsNotFound } from 'next/navigation';\r\nimport type { NextMiddleware, NextRequest } from 'next/server';\r\nimport { NextResponse } from 'next/server';\r\n\r\nimport { isRedirect, setHeader } from '../utils/response';\r\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\r\nimport { SIGN_IN_URL, SIGN_UP_URL } from './constant';\r\nimport {\r\n isNextjsNotFoundError,\r\n isNextjsRedirectError,\r\n isRedirectToSignInError,\r\n isRedirectToSignUpError,\r\n nextjsRedirectError,\r\n redirectToSignInError,\r\n redirectToSignUpError,\r\n} from './nextErrors';\r\nimport { type AuthProtect, createProtect } from './protect';\r\nimport { ternSecureBackendClient } from './ternsecureClient';\r\nimport type {\r\n NextMiddlewareEvtParam,\r\n NextMiddlewareRequestParam,\r\n NextMiddlewareReturn,\r\n} from './types';\r\nimport { decorateRequest } from './utils';\r\n\r\nexport type MiddlewareAuthObject = AuthObject & {\r\n redirectToSignIn: RedirectFun<Response>;\r\n redirectToSignUp: RedirectFun<Response>;\r\n};\r\n\r\nexport interface MiddlewareAuth {\r\n (): Promise<MiddlewareAuthObject>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\ntype MiddlewareHandler = (\r\n auth: MiddlewareAuth,\r\n request: NextMiddlewareRequestParam,\r\n event: NextMiddlewareEvtParam,\r\n) => NextMiddlewareReturn;\r\n\r\nexport interface MiddlewareOptions extends AuthenticateRequestOptions {\r\n debug?: boolean;\r\n}\r\ntype MiddlewareOptionsCallback = (\r\n req: NextRequest,\r\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\r\n\r\ninterface TernSecureMiddleware {\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware(options);\r\n */\r\n (options?: MiddlewareOptions): NextMiddleware;\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware;\r\n */\r\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\r\n}\r\n\r\nexport const ternSecureMiddleware = ((\r\n ...args: unknown[]\r\n): NextMiddleware | NextMiddlewareReturn => {\r\n const [request, event] = parseRequestAndEvent(args);\r\n const [handler, params] = parseHandlerAndOptions(args);\r\n\r\n const middleware = () => {\r\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\r\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\r\n\r\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\r\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\r\n\r\n const options = {\r\n signInUrl,\r\n signUpUrl,\r\n ...resolvedParams,\r\n };\r\n\r\n const reqBackendClient = await ternSecureBackendClient();\r\n\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n const requestStateClient = await reqBackendClient.authenticateRequest(\r\n ternSecureRequest,\r\n options,\r\n );\r\n\r\n const authObjectClient = requestStateClient.auth();\r\n\r\n const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const protect = await createMiddlewareProtect(\r\n ternSecureRequest,\r\n authObjectClient,\r\n redirectToSignIn,\r\n );\r\n\r\n const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\r\n redirectToSignIn,\r\n redirectToSignUp,\r\n });\r\n\r\n const authHandler = () => Promise.resolve(authObj);\r\n authHandler.protect = protect;\r\n\r\n let handlerResult: Response = NextResponse.next();\r\n\r\n try {\r\n const userHandlerResult = await handler?.(authHandler, request, event);\r\n handlerResult = userHandlerResult || handlerResult;\r\n } catch (error: any) {\r\n handlerResult = handleControlError(error, ternSecureRequest, request, requestStateClient);\r\n }\r\n\r\n if (requestStateClient.headers) {\r\n requestStateClient.headers.forEach((value, key) => {\r\n handlerResult.headers.append(key, value);\r\n });\r\n }\r\n\r\n if (isRedirect(handlerResult)) {\r\n return serverRedirectWithAuth(ternSecureRequest, handlerResult);\r\n }\r\n\r\n decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\r\n return handlerResult;\r\n };\r\n\r\n const nextMiddleware: NextMiddleware = async (request, event) => {\r\n return withAuthNextMiddleware(request, event);\r\n };\r\n\r\n if (request && event) {\r\n return nextMiddleware(request, event);\r\n }\r\n\r\n return nextMiddleware;\r\n };\r\n return middleware();\r\n}) as TernSecureMiddleware;\r\n\r\nconst parseRequestAndEvent = (args: unknown[]) => {\r\n return [\r\n args[0] instanceof Request ? args[0] : undefined,\r\n args[0] instanceof Request ? args[1] : undefined,\r\n ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\r\n};\r\n\r\nconst parseHandlerAndOptions = (args: unknown[]) => {\r\n return [\r\n typeof args[0] === 'function' ? args[0] : undefined,\r\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\r\n ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\r\n};\r\n\r\n/**\r\n * Create middleware redirect functions\r\n */\r\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\r\n const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignInError(url, opts.returnBackUrl);\r\n };\r\n\r\n const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignUpError(url, opts.returnBackUrl);\r\n };\r\n\r\n return { redirectToSignIn, redirectToSignUp };\r\n};\r\n\r\nconst createMiddlewareProtect = (\r\n ternSecureRequest: TernSecureRequest,\r\n authObject: AuthObject,\r\n redirectToSignIn: RedirectFun<Response>,\r\n) => {\r\n return (async (params: any, options: any) => {\r\n const notFound = () => nextjsNotFound();\r\n\r\n const redirect = (url: string) =>\r\n nextjsRedirectError(url, {\r\n redirectUrl: url,\r\n });\r\n\r\n return createProtect({\r\n request: ternSecureRequest,\r\n redirect,\r\n notFound,\r\n authObject,\r\n redirectToSignIn,\r\n })(params, options);\r\n }) as unknown as Promise<AuthProtect>;\r\n};\r\n\r\nexport const redirectAdapter = (url: string | URL) => {\r\n return NextResponse.redirect(url, {\r\n headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\r\n });\r\n};\r\n\r\n/**\r\n * Handle control flow errors in middleware\r\n */\r\nconst handleControlError = (\r\n error: any,\r\n ternSecureRequest: TernSecureRequest,\r\n nextrequest: NextRequest,\r\n requestState: RequestState,\r\n): Response => {\r\n if (isNextjsNotFoundError(error)) {\r\n return setHeader(\r\n NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\r\n constants.Headers.AuthReason,\r\n 'protect-rewrite',\r\n );\r\n }\r\n\r\n const isRedirectToSignIn = isRedirectToSignInError(error);\r\n const isRedirectToSignUp = isRedirectToSignUpError(error);\r\n\r\n if (isRedirectToSignIn || isRedirectToSignUp) {\r\n const redirect = createRedirect({\r\n redirectAdapter,\r\n baseUrl: ternSecureRequest.ternUrl,\r\n signInUrl: requestState.signInUrl,\r\n signUpUrl: requestState.signUpUrl,\r\n });\r\n\r\n const { returnBackUrl } = error;\r\n\r\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\r\n returnBackUrl,\r\n });\r\n }\r\n\r\n if (isNextjsRedirectError(error)) {\r\n return redirectAdapter(error.redirectUrl);\r\n }\r\n\r\n throw error;\r\n};\r\n"],"mappings":"AAOA,SAAS,WAAW,gBAAgB,+BAA+B;AACnE,SAAS,YAAY,sBAAsB;AAE3C,SAAS,oBAAoB;AAE7B,SAAS,YAAY,iBAAiB;AACtC,SAAS,8BAA8B;AACvC,SAAS,aAAa,mBAAmB;AACzC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAA2B,qBAAqB;AAChD,SAAS,+BAA+B;AAMxC,SAAS,uBAAuB;AAmDzB,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAE9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,mBAAmB,MAAM,wBAAwB;AAEvD,YAAM,oBAAoB,wBAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,aAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,UAAS,kBAAkB;AAAA,MAC1F;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,UAAI,WAAW,aAAa,GAAG;AAC7B,eAAO,uBAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,sBAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAKA,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,MAAM,eAAe;AAEtC,UAAM,WAAW,CAAC,QAChB,oBAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,WAAO,cAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,aAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,UAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,aACA,iBACa;AACb,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO;AAAA,MACL,aAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,UAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,qBAAqB,wBAAwB,KAAK;AACxD,QAAM,qBAAqB,wBAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,WAAW,eAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW,aAAa;AAAA,MACxB,WAAW,aAAa;AAAA,IAC1B,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,sBAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;","names":["request","event"]}
|
|
@@ -2,6 +2,10 @@ const allNextProviderPropsWithEnv = (nextProps) => {
|
|
|
2
2
|
const {
|
|
3
3
|
signInUrl,
|
|
4
4
|
signUpUrl,
|
|
5
|
+
signInForceRedirectUrl,
|
|
6
|
+
signUpForceRedirectUrl,
|
|
7
|
+
signInFallbackRedirectUrl,
|
|
8
|
+
signUpFallbackRedirectUrl,
|
|
5
9
|
//apiKey: propsApiKey,
|
|
6
10
|
apiUrl: propsApiUrl,
|
|
7
11
|
requiresVerification: propsRequiresVerification,
|
|
@@ -18,8 +22,12 @@ const allNextProviderPropsWithEnv = (nextProps) => {
|
|
|
18
22
|
customDomain: process.env.NEXT_PUBLIC_TERN_CUSTOM_DOMAIN,
|
|
19
23
|
proxyUrl: process.env.NEXT_PUBLIC_TERN_PROXY_URL,
|
|
20
24
|
environment: process.env.NEXT_PUBLIC_TERN_ENVIRONMENT,
|
|
21
|
-
signInUrl: process.env.NEXT_PUBLIC_SIGN_IN_URL,
|
|
22
|
-
signUpUrl: process.env.NEXT_PUBLIC_SIGN_UP_URL,
|
|
25
|
+
signInUrl: process.env.NEXT_PUBLIC_SIGN_IN_URL || "",
|
|
26
|
+
signUpUrl: process.env.NEXT_PUBLIC_SIGN_UP_URL || "",
|
|
27
|
+
signInForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FORCE_REDIRECT_URL || "",
|
|
28
|
+
signUpForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FORCE_REDIRECT_URL || "",
|
|
29
|
+
signInFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FALLBACK_REDIRECT_URL || "",
|
|
30
|
+
signUpFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FALLBACK_REDIRECT_URL || "",
|
|
23
31
|
persistence: process.env.NEXT_PUBLIC_TERN_PERSISTENCE,
|
|
24
32
|
useEmulator: process.env.NEXT_PUBLIC_USE_FIREBASE_EMULATOR,
|
|
25
33
|
projectIdAdmin: process.env.FIREBASE_PROJECT_ID,
|
|
@@ -40,6 +48,10 @@ const allNextProviderPropsWithEnv = (nextProps) => {
|
|
|
40
48
|
const finalApiUrl = propsApiUrl ?? envConfig.apiUrl;
|
|
41
49
|
const finalSignInUrl = signInUrl ?? envConfig.signInUrl;
|
|
42
50
|
const finalSignUpUrl = signUpUrl ?? envConfig.signUpUrl;
|
|
51
|
+
const finalSignInForceRedirectUrl = signInForceRedirectUrl ?? envConfig.signInForceRedirectUrl;
|
|
52
|
+
const finalSignUpForceRedirectUrl = signUpForceRedirectUrl ?? envConfig.signUpForceRedirectUrl;
|
|
53
|
+
const finalSignInFallbackRedirectUrl = signInFallbackRedirectUrl ?? envConfig.signInFallbackRedirectUrl;
|
|
54
|
+
const finalSignUpFallbackRedirectUrl = signUpFallbackRedirectUrl ?? envConfig.signUpFallbackRedirectUrl;
|
|
43
55
|
const finalPersistence = propsPersistence ?? envConfig.persistence;
|
|
44
56
|
const result = {
|
|
45
57
|
...baseProps,
|
|
@@ -56,6 +68,10 @@ const allNextProviderPropsWithEnv = (nextProps) => {
|
|
|
56
68
|
bypassApiKey: baseProps.bypassApiKey,
|
|
57
69
|
signInUrl: finalSignInUrl,
|
|
58
70
|
signUpUrl: finalSignUpUrl,
|
|
71
|
+
signInForceRedirectUrl: finalSignInForceRedirectUrl,
|
|
72
|
+
signUpForceRedirectUrl: finalSignUpForceRedirectUrl,
|
|
73
|
+
signInFallbackRedirectUrl: finalSignInFallbackRedirectUrl,
|
|
74
|
+
signUpFallbackRedirectUrl: finalSignUpFallbackRedirectUrl,
|
|
59
75
|
mode: baseProps.mode,
|
|
60
76
|
apiUrl: finalApiUrl,
|
|
61
77
|
persistence: finalPersistence
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/utils/allNextProviderProps.ts"],"sourcesContent":["import type { \n IsoTernSecureAuthOptions,\n TernSecureProviderProps} from \"@tern-secure/react\";\n\nimport type { NextProviderProcessedProps, TernSecureNextProps } from \"../types\";\n\n
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/allNextProviderProps.ts"],"sourcesContent":["import type { \n IsoTernSecureAuthOptions,\n TernSecureProviderProps} from \"@tern-secure/react\";\n\nimport type { NextProviderProcessedProps, TernSecureNextProps } from \"../types\";\n\n\nexport const allNextProviderPropsWithEnv = (\n nextProps: Omit<TernSecureNextProps, 'children'>\n): any => {\n const {\n signInUrl,\n signUpUrl,\n signInForceRedirectUrl,\n signUpForceRedirectUrl,\n signInFallbackRedirectUrl,\n signUpFallbackRedirectUrl,\n //apiKey: propsApiKey,\n apiUrl: propsApiUrl,\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n persistence: propsPersistence,\n ...baseProps \n } = nextProps;\n\n const envConfig = {\n apiKey: process.env.NEXT_PUBLIC_TERN_API_KEY,\n apiUrl: process.env.TERNSECURE_API_URL || '',\n projectId: process.env.NEXT_PUBLIC_TERN_PROJECT_ID,\n customDomain: process.env.NEXT_PUBLIC_TERN_CUSTOM_DOMAIN,\n proxyUrl: process.env.NEXT_PUBLIC_TERN_PROXY_URL,\n environment: process.env.NEXT_PUBLIC_TERN_ENVIRONMENT,\n signInUrl: process.env.NEXT_PUBLIC_SIGN_IN_URL || '',\n signUpUrl: process.env.NEXT_PUBLIC_SIGN_UP_URL || '',\n signInForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FORCE_REDIRECT_URL || '',\n signUpForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FORCE_REDIRECT_URL || '',\n signInFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FALLBACK_REDIRECT_URL || '',\n signUpFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FALLBACK_REDIRECT_URL || '',\n persistence: process.env.NEXT_PUBLIC_TERN_PERSISTENCE as 'local' | 'session' | 'browserCookie' | 'none',\n useEmulator: process.env.NEXT_PUBLIC_USE_FIREBASE_EMULATOR,\n projectIdAdmin: process.env.FIREBASE_PROJECT_ID,\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL,\n privateKey: process.env.FIREBASE_PRIVATE_KEY,\n };\n\n const ternSecureConfig = {\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\n appName: process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || '',\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENTID,\n tenantId: process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || '',\n };\n\n // Merge config values: props take precedence over environment variables\n //const finalApiKey = propsApiKey ?? envConfig.apiKey;\n const finalApiUrl = propsApiUrl ?? envConfig.apiUrl;\n const finalSignInUrl = signInUrl ?? envConfig.signInUrl;\n const finalSignUpUrl = signUpUrl ?? envConfig.signUpUrl;\n const finalSignInForceRedirectUrl = signInForceRedirectUrl ?? envConfig.signInForceRedirectUrl;\n const finalSignUpForceRedirectUrl = signUpForceRedirectUrl ?? envConfig.signUpForceRedirectUrl;\n const finalSignInFallbackRedirectUrl = signInFallbackRedirectUrl ?? envConfig.signInFallbackRedirectUrl;\n const finalSignUpFallbackRedirectUrl = signUpFallbackRedirectUrl ?? envConfig.signUpFallbackRedirectUrl;\n const finalPersistence = propsPersistence ?? envConfig.persistence;\n\n // Construct the result, ensuring it conforms to NextProviderProcessedProps\n // (Omit<TernSecureProviderProps, 'children'>)\n const result: NextProviderProcessedProps = {\n ...(baseProps as Omit<TernSecureProviderProps, 'children' | keyof IsoTernSecureAuthOptions | 'requiresVerification' | 'loadingComponent'>),\n\n // Set the Firebase configuration properties\n ternSecureConfig,\n \n // Set properties explicitly taken from TernSecureNextProps (props version)\n // These are part of the TernSecureProviderProps interface.\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n\n //TernSecure: baseProps.Instance,\n initialState: baseProps.initialState,\n bypassApiKey: baseProps.bypassApiKey,\n signInUrl: finalSignInUrl,\n signUpUrl: finalSignUpUrl,\n signInForceRedirectUrl: finalSignInForceRedirectUrl,\n signUpForceRedirectUrl: finalSignUpForceRedirectUrl,\n signInFallbackRedirectUrl: finalSignInFallbackRedirectUrl,\n signUpFallbackRedirectUrl: finalSignUpFallbackRedirectUrl,\n mode: baseProps.mode,\n apiUrl: finalApiUrl,\n persistence: finalPersistence\n };\n\n // Clean up undefined keys that might have resulted from spreading if not present in baseProps\n // and also not set by merged values (e.g. if env var is also undefined)\n Object.keys(result).forEach(key => {\n if (result[key as keyof NextProviderProcessedProps] === undefined) {\n delete result[key as keyof NextProviderProcessedProps];\n }\n });\n\n return result;\n};"],"mappings":"AAOO,MAAM,8BAA8B,CACzC,cACQ;AACR,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA,QAAQ;AAAA,IACR,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,IAClB,aAAa;AAAA,IACb,GAAG;AAAA,EACL,IAAI;AAEJ,QAAM,YAAY;AAAA,IAChB,QAAQ,QAAQ,IAAI;AAAA,IACpB,QAAQ,QAAQ,IAAI,sBAAsB;AAAA,IAC1C,WAAW,QAAQ,IAAI;AAAA,IACvB,cAAc,QAAQ,IAAI;AAAA,IAC1B,UAAU,QAAQ,IAAI;AAAA,IACtB,aAAa,QAAQ,IAAI;AAAA,IACzB,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,aAAa,QAAQ,IAAI;AAAA,IACzB,aAAa,QAAQ,IAAI;AAAA,IACzB,gBAAgB,QAAQ,IAAI;AAAA,IAC5B,aAAa,QAAQ,IAAI;AAAA,IACzB,YAAY,QAAQ,IAAI;AAAA,EAC1B;AAEA,QAAM,mBAAmB;AAAA,IACvB,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,IACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,IAC5D,SAAS,QAAQ,IAAI,iCAAiC;AAAA,IACtD,WAAW,QAAQ,IAAI,mCAAmC;AAAA,IAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,IAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,IAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,IAClD,eAAe,QAAQ,IAAI;AAAA,IAC3B,UAAU,QAAQ,IAAI,kCAAkC;AAAA,EAC1D;AAIA,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,mBAAmB,oBAAoB,UAAU;AAIvD,QAAM,SAAqC;AAAA,IACzC,GAAI;AAAA;AAAA,IAGJ;AAAA;AAAA;AAAA,IAIA,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA;AAAA,IAGlB,cAAc,UAAU;AAAA,IACxB,cAAc,UAAU;AAAA,IACxB,WAAW;AAAA,IACX,WAAW;AAAA,IACX,wBAAwB;AAAA,IACxB,wBAAwB;AAAA,IACxB,2BAA2B;AAAA,IAC3B,2BAA2B;AAAA,IAC3B,MAAM,UAAU;AAAA,IAChB,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAIA,SAAO,KAAK,MAAM,EAAE,QAAQ,SAAO;AACjC,QAAI,OAAO,GAAuC,MAAM,QAAW;AACjE,aAAO,OAAO,GAAuC;AAAA,IACvD;AAAA,EACF,CAAC;AAED,SAAO;AACT;","names":[]}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
function removeBasePath(to) {
|
|
2
|
+
let destination = to;
|
|
3
|
+
const basePath = process.env.__NEXT_ROUTER_BASEPATH;
|
|
4
|
+
if (basePath && destination.startsWith(basePath)) {
|
|
5
|
+
destination = destination.slice(basePath.length);
|
|
6
|
+
}
|
|
7
|
+
return destination;
|
|
8
|
+
}
|
|
9
|
+
export {
|
|
10
|
+
removeBasePath
|
|
11
|
+
};
|
|
12
|
+
//# sourceMappingURL=removeBasePath.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/removeBasePath.ts"],"sourcesContent":["/**\n * Removes the Next.js basePath from the provided destination if set.\n * @param to Destination route to navigate to\n * @returns Destination without basePath, if set\n */\nexport function removeBasePath(to: string): string {\n let destination = to;\n const basePath = process.env.__NEXT_ROUTER_BASEPATH;\n if (basePath && destination.startsWith(basePath)) {\n destination = destination.slice(basePath.length);\n }\n\n return destination;\n}\n"],"mappings":"AAKO,SAAS,eAAe,IAAoB;AACjD,MAAI,cAAc;AAClB,QAAM,WAAW,QAAQ,IAAI;AAC7B,MAAI,YAAY,YAAY,WAAW,QAAQ,GAAG;AAChD,kBAAc,YAAY,MAAM,SAAS,MAAM;AAAA,EACjD;AAEA,SAAO;AACT;","names":[]}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
|
+
import type { TernSecureHandlerOptions } from './types';
|
|
1
2
|
export declare function createSessionCookieServer(idToken: string): Promise<import("@tern-secure/types").SessionResult>;
|
|
2
3
|
export declare function clearSessionCookieServer(): Promise<import("@tern-secure/types").SessionResult>;
|
|
3
|
-
export declare function clearNextSessionCookie(
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
}>;
|
|
4
|
+
export declare function clearNextSessionCookie(options?: {
|
|
5
|
+
cookies?: TernSecureHandlerOptions['cookies'];
|
|
6
|
+
revokeRefreshTokensOnSignOut?: boolean;
|
|
7
|
+
}): Promise<import("@tern-secure/types").SessionResult>;
|
|
7
8
|
export declare function setNextServerSession(idToken: string): Promise<{
|
|
8
9
|
success: boolean;
|
|
9
10
|
message: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/actions.ts"],"names":[],"mappings":"AAcA,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,MAAM,uDAG9D;AAED,wBAAsB,wBAAwB,wDAG7C;AAED,wBAAsB,sBAAsB
|
|
1
|
+
{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/actions.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAExD,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,MAAM,uDAG9D;AAED,wBAAsB,wBAAwB,wDAG7C;AAED,wBAAsB,sBAAsB,CAAC,OAAO,CAAC,EAAE;IACrD,OAAO,CAAC,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAC9C,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC,uDAGA;AAED,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,MAAM;;;GAEzD;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,MAAM;;;GAErD;AAED,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,MAAM;;;GAE5D"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { CookieOptions, TernSecureHandlerOptions } from '@tern-secure/types';
|
|
2
|
+
/**
|
|
3
|
+
* Creates complete cookie options by merging config with defaults
|
|
4
|
+
* Used for both setting and deleting cookies to ensure consistency
|
|
5
|
+
*/
|
|
6
|
+
export declare function getCookieOptions(config?: TernSecureHandlerOptions): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> & Pick<CookieOptions, 'maxAge' | 'priority'>;
|
|
7
|
+
/**
|
|
8
|
+
* Extracts options needed for cookie deletion
|
|
9
|
+
* For __HOST- prefixed cookies, all security attributes must match
|
|
10
|
+
* @param options - Object containing cookies config and revokeRefreshTokensOnSignOut flag
|
|
11
|
+
*/
|
|
12
|
+
export declare function getDeleteOptions(options?: {
|
|
13
|
+
cookies?: TernSecureHandlerOptions['cookies'];
|
|
14
|
+
revokeRefreshTokensOnSignOut?: boolean;
|
|
15
|
+
}): {
|
|
16
|
+
path: string;
|
|
17
|
+
httpOnly?: boolean;
|
|
18
|
+
secure?: boolean;
|
|
19
|
+
domain?: string;
|
|
20
|
+
sameSite?: 'lax' | 'strict' | 'none';
|
|
21
|
+
revokeRefreshTokensOnSignOut?: boolean;
|
|
22
|
+
};
|
|
23
|
+
//# sourceMappingURL=cookieOptionsHelper.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cookieOptionsHelper.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/cookieOptionsHelper.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAIlF;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,CAAC,EAAE,wBAAwB,GAChC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,GAAG,UAAU,GAAG,QAAQ,GAAG,UAAU,CAAC,CAAC,GAC3E,IAAI,CAAC,aAAa,EAAE,QAAQ,GAAG,UAAU,CAAC,CAU3C;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IACzC,OAAO,CAAC,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAC9C,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC,GAAG;IACF,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC,CAUA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/request.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/request.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAUrE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAExD,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,eAAe,EAC5B,MAAM,CAAC,EAAE,wBAAwB,EACjC,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC,CA4Cf"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,oBAAoB,EACpB,UAAU,IAAI,aAAa,EAC3B,WAAW,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,EAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,eAAO,MAAM,oBAAoB,EAAE,WAMlC,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,aAOpC,CAAC;AAGF,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;CAyBtB,CAAC;AAEX,eAAO,MAAM,wBAAwB,EAAE,eAStC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,cAKrC,CAAC;AAEF,eAAO,MAAM,6BAA6B,EAAE,oBAa3C,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,qBAqCrC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,wBAAwB,CAAC,GAAG;IACzE,SAAS,EAAE,QAAQ,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,oBAAoB,EACpB,UAAU,IAAI,aAAa,EAC3B,WAAW,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,EAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,eAAO,MAAM,oBAAoB,EAAE,WAMlC,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,aAOpC,CAAC;AAGF,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;CAyBtB,CAAC;AAEX,eAAO,MAAM,wBAAwB,EAAE,eAStC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,cAKrC,CAAC;AAEF,eAAO,MAAM,6BAA6B,EAAE,oBAa3C,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,qBAqCrC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,wBAAwB,CAAC,GAAG;IACzE,SAAS,EAAE,QAAQ,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;CAqBzE,CAAC;AAEF,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,YAAY,CAAC;QACnB,MAAM,EAAE,cAAc,CAAC;KACxB,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,kBAAkB,CAAC;QACzB,MAAM,EAAE,cAAc,CAAC;KACxB,CAAC;IACF,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,QAAQ,CAAC;IACjB,YAAY,CAAC,EAAE,QAAQ,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,GAAG,CAAC;QACV,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,MAAM,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC;AAE3E,qBAAa,WAAW;IACtB,MAAM,CAAC,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM;IAInE,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,MAAM;;;;;;;IAUxC,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,GAAG,iBAAiB;IAYxE,MAAM,CAAC,mBAAmB,CACxB,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,GACpC,iBAAiB;IAWpB,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;CAKtD;AAED,OAAO,EACL,YAAY,EACZ,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,qBAAqB,EACrB,wBAAwB,GACzB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TernSecureProvider.d.ts","sourceRoot":"","sources":["../../../../src/app-router/client/TernSecureProvider.tsx"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"TernSecureProvider.d.ts","sourceRoot":"","sources":["../../../../src/app-router/client/TernSecureProvider.tsx"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAiCvD,eAAO,MAAM,wBAAwB,GAAI,OAAO,mBAAmB,4CAGlE,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Creates an "awaitable" navigation function that will do its best effort to wait for Next.js to finish its route transition.
|
|
3
|
+
* This is accomplished by wrapping the call to `router.push` in `startTransition()`, which should rely on React to coordinate the pending state. We key off of
|
|
4
|
+
* `isPending` to flush the stored promises and ensure the navigates "resolve".
|
|
5
|
+
*/
|
|
6
|
+
export declare const useAwaitablePush: () => (to: string, metadata: {
|
|
7
|
+
__internal_metadata?: {
|
|
8
|
+
routing?: import("@tern-secure/types").RoutingStrategy;
|
|
9
|
+
navigationType?: "internal" | "external" | "window";
|
|
10
|
+
};
|
|
11
|
+
windowNavigate: (to: URL | string) => void;
|
|
12
|
+
}) => unknown;
|
|
13
|
+
//# sourceMappingURL=useAwaitablePush.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"useAwaitablePush.d.ts","sourceRoot":"","sources":["../../../../src/app-router/client/useAwaitablePush.ts"],"names":[],"mappings":"AAMA;;;;GAIG;AACH,eAAO,MAAM,gBAAgB;;;;;;aAQ5B,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Creates an "awaitable" navigation function that will do its best effort to wait for Next.js to finish its route transition.
|
|
3
|
+
* This is accomplished by wrapping the call to `router.replace` in `startTransition()`, which should rely on React to coordinate the pending state. We key off of
|
|
4
|
+
* `isPending` to flush the stored promises and ensure the navigates "resolve".
|
|
5
|
+
*/
|
|
6
|
+
export declare const useAwaitableReplace: () => (to: string, metadata: {
|
|
7
|
+
__internal_metadata?: {
|
|
8
|
+
routing?: import("@tern-secure/types").RoutingStrategy;
|
|
9
|
+
navigationType?: "internal" | "external" | "window";
|
|
10
|
+
};
|
|
11
|
+
windowNavigate: (to: URL | string) => void;
|
|
12
|
+
}) => unknown;
|
|
13
|
+
//# sourceMappingURL=useAwaitableReplace.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"useAwaitableReplace.d.ts","sourceRoot":"","sources":["../../../../src/app-router/client/useAwaitableReplace.ts"],"names":[],"mappings":"AAMA;;;;GAIG;AACH,eAAO,MAAM,mBAAmB;;;;;;aAQ/B,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { AppRouterInstance } from 'next/dist/shared/lib/app-router-context.shared-runtime';
|
|
2
|
+
export declare const useInternalNavFun: (props: {
|
|
3
|
+
windowNav: typeof window.history.pushState | typeof window.history.replaceState | undefined;
|
|
4
|
+
routerNav: AppRouterInstance["push"] | AppRouterInstance["replace"];
|
|
5
|
+
name: string;
|
|
6
|
+
}) => NavigationFunction;
|
|
7
|
+
//# sourceMappingURL=useInternalNavFun.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"useInternalNavFun.d.ts","sourceRoot":"","sources":["../../../../src/app-router/client/useInternalNavFun.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wDAAwD,CAAC;AAahG,eAAO,MAAM,iBAAiB,GAAI,OAAO;IACvC,SAAS,EAAE,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,GAAG,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IAC5F,SAAS,EAAE,iBAAiB,CAAC,MAAM,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;IACpE,IAAI,EAAE,MAAM,CAAC;CACd,KAAG,kBA0DH,CAAC"}
|
|
@@ -1,7 +1,6 @@
|
|
|
1
|
-
import type { AuthObject } from '@tern-secure/backend';
|
|
1
|
+
import type { AuthObject, RedirectFun } from '@tern-secure/backend';
|
|
2
2
|
import { redirect } from 'next/navigation';
|
|
3
3
|
import { type AuthProtect } from '../../server/protect';
|
|
4
|
-
import { type RedirectFun } from '../../server/redirect';
|
|
5
4
|
import type { BaseUser } from '../../server/types';
|
|
6
5
|
export interface AuthResult {
|
|
7
6
|
user: BaseUser | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../../src/app-router/server/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../../src/app-router/server/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEpE,OAAO,EAAY,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAKrD,OAAO,EAAE,KAAK,WAAW,EAAiB,MAAM,sBAAsB,CAAC;AACvE,OAAO,KAAK,EAAE,QAAQ,EAAe,MAAM,oBAAoB,CAAC;AAGhE,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;IACtB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB;AAED;;GAEG;AACH,KAAK,IAAI,GAAG,UAAU,GAAG;IACvB,gBAAgB,EAAE,WAAW,CAAC,UAAU,CAAC,OAAO,QAAQ,CAAC,CAAC,CAAC;IAC3D,gBAAgB,EAAE,WAAW,CAAC,UAAU,CAAC,OAAO,QAAQ,CAAC,CAAC,CAAC;CAC5D,CAAC;AAEF,MAAM,WAAW,MAAM;IACrB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAElB,OAAO,EAAE,WAAW,CAAC;CACtB;AAQD;;GAEG;AACH,eAAO,MAAM,IAAI,EAAE,MAwClB,CAAC"}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export { TernSecureProvider } from './app-router/server/TernSecureProvider';
|
|
2
|
-
export { useAuth, useIdToken, useSession, useSignIn, signIn, useSignInContext, useTernSecure, SignInProvider } from './boundary/components';
|
|
3
|
-
export type { TernSecureUser, TernSecureUserData, SignInResponse } from '@tern-secure/types';
|
|
2
|
+
export { useAuth, useIdToken, useSession, useSignIn, signIn, useSignInContext, useTernSecure, SignInProvider, } from './boundary/components';
|
|
3
|
+
export type { TernSecureUser, TernSecureUserData, SignInResponse, SocialProviderOptions, } from '@tern-secure/types';
|
|
4
4
|
export type { UserInfo, SessionResult } from './types';
|
|
5
5
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AAC5E,OAAO,EACL,OAAO,EACP,UAAU,EACV,UAAU,EACV,SAAS,EACT,MAAM,EACN,gBAAgB,EAChB,aAAa,EACb,cAAc,GAKf,MAAM,uBAAuB,CAAC;AAE/B,YAAY,EACV,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAE5B,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ternSecureNodeMiddleware.d.ts","sourceRoot":"","sources":["../../../../src/server/node/ternSecureNodeMiddleware.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAC,WAAW,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"ternSecureNodeMiddleware.d.ts","sourceRoot":"","sources":["../../../../src/server/node/ternSecureNodeMiddleware.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAC,WAAW,EAAE,MAAM,aAAa,CAAC;AAW9D,OAAO,KAAK,EAAE,QAAQ,EACpB,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACrB,MAAM,UAAU,CAAC;AAElB,KAAK,gBAAgB,GAAG;IAAE,aAAa,CAAC,EAAE,MAAM,GAAG,GAAG,GAAG,IAAI,CAAA;CAAE,CAAC;AAChE,MAAM,MAAM,WAAW,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,EAAE,gBAAgB,KAAK,UAAU,CAAC;AAEhF,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC;AAEF,MAAM,WAAW,cAAe,SAAQ,UAAU;IAChD,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAClC,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,KAAK,iBAAiB,GAAG,CACvB,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE,0BAA0B,EACnC,KAAK,EAAE,sBAAsB,KAC1B,oBAAoB,CAAC;AAE1B,MAAM,MAAM,oBAAoB,GAAG,UAAU,GAAG;IAC9C,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxC,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;CACzC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,UAAU,MAAM,EAAE,MAC3C,SAAS,WAAW,KAAG,OAUhC,CAAC;AA8BF,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AACD,KAAK,yBAAyB,GAAG,CAC/B,GAAG,EAAE,WAAW,KACb,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEpD,UAAU,oBAAoB;IAC5B;;;OAGG;IACH,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAE1E;;;OAGG;IACH,CACE,OAAO,EAAE,iBAAiB,EAC1B,OAAO,CAAC,EAAE,yBAAyB,GAClC,cAAc,CAAC;IAElB;;;OAGG;IACH,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAC9C;;;OAGG;IACH,CACE,OAAO,EAAE,0BAA0B,EACnC,KAAK,EAAE,sBAAsB,GAC5B,oBAAoB,CAAC;CACzB;AAED,eAAO,MAAM,oBAAoB,EAmF3B,oBAAoB,CAAC"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
import type { AuthObject, SignedInAuthObject } from "@tern-secure/backend";
|
|
1
|
+
import type { AuthObject, RedirectFun, SignedInAuthObject } from "@tern-secure/backend";
|
|
2
2
|
import type { CheckAuthorizationFromSessionClaims } from "@tern-secure/types";
|
|
3
|
-
import type { RedirectFun } from "./redirect";
|
|
4
3
|
type AuthProtectOptions = {
|
|
5
4
|
/**
|
|
6
5
|
* The URL to redirect the user to if they are not authorized.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protect.d.ts","sourceRoot":"","sources":["../../../src/server/protect.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"protect.d.ts","sourceRoot":"","sources":["../../../src/server/protect.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAExF,OAAO,KAAK,EAAE,mCAAmC,EAAE,MAAM,oBAAoB,CAAC;AAK9E,KAAK,kBAAkB,GAAG;IACxB;;OAEG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B,CAAC;AAEF,MAAM,WAAW,WAAW;IAC1B,CACE,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,mCAAmC,KAAK,OAAO,EAClE,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC/B,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;CAC7D;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,UAAU,CAAC;IACvB,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAChC,gBAAgB,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACxC,GAAG,WAAW,CAkDd"}
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
import type { AuthenticateRequestOptions, AuthObject } from '@tern-secure/backend';
|
|
1
|
+
import type { AuthenticateRequestOptions, AuthObject, RedirectFun } from '@tern-secure/backend';
|
|
2
2
|
import type { NextMiddleware, NextRequest } from 'next/server';
|
|
3
3
|
import { NextResponse } from 'next/server';
|
|
4
4
|
import { type AuthProtect } from './protect';
|
|
5
|
-
import { type RedirectFun } from './redirect';
|
|
6
5
|
import type { NextMiddlewareEvtParam, NextMiddlewareRequestParam, NextMiddlewareReturn } from './types';
|
|
7
6
|
export type MiddlewareAuthObject = AuthObject & {
|
|
8
7
|
redirectToSignIn: RedirectFun<Response>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ternSecureEdgeMiddleware.d.ts","sourceRoot":"","sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,UAAU,
|
|
1
|
+
{"version":3,"file":"ternSecureEdgeMiddleware.d.ts","sourceRoot":"","sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,UAAU,EACV,WAAW,EAGZ,MAAM,sBAAsB,CAAC;AAG9B,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAc3C,OAAO,EAAE,KAAK,WAAW,EAAiB,MAAM,WAAW,CAAC;AAE5D,OAAO,KAAK,EACV,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACrB,MAAM,SAAS,CAAC;AAGjB,MAAM,MAAM,oBAAoB,GAAG,UAAU,GAAG;IAC9C,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxC,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;CACzC,CAAC;AAEF,MAAM,WAAW,cAAc;IAC7B,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAElC,OAAO,EAAE,WAAW,CAAC;CACtB;AAED,KAAK,iBAAiB,GAAG,CACvB,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE,0BAA0B,EACnC,KAAK,EAAE,sBAAsB,KAC1B,oBAAoB,CAAC;AAE1B,MAAM,WAAW,iBAAkB,SAAQ,0BAA0B;IACnE,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AACD,KAAK,yBAAyB,GAAG,CAC/B,GAAG,EAAE,WAAW,KACb,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEpD,UAAU,oBAAoB;IAC5B;;;OAGG;IACH,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAE1E;;;OAGG;IACH,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,yBAAyB,GAAG,cAAc,CAAC;IAElF;;;OAGG;IACH,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAC9C;;;OAGG;IACH,CAAC,OAAO,EAAE,0BAA0B,EAAE,KAAK,EAAE,sBAAsB,GAAG,oBAAoB,CAAC;CAC5F;AAED,eAAO,MAAM,oBAAoB,EAkF3B,oBAAoB,CAAC;AAwD3B,eAAO,MAAM,eAAe,GAAI,KAAK,MAAM,GAAG,GAAG,0BAIhD,CAAC"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import type {
|
|
2
|
-
export declare const allNextProviderPropsWithEnv: (nextProps: Omit<TernSecureNextProps, "children">) =>
|
|
1
|
+
import type { TernSecureNextProps } from "../types";
|
|
2
|
+
export declare const allNextProviderPropsWithEnv: (nextProps: Omit<TernSecureNextProps, "children">) => any;
|
|
3
3
|
//# sourceMappingURL=allNextProviderProps.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"allNextProviderProps.d.ts","sourceRoot":"","sources":["../../../src/utils/allNextProviderProps.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"allNextProviderProps.d.ts","sourceRoot":"","sources":["../../../src/utils/allNextProviderProps.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAA8B,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAGhF,eAAO,MAAM,2BAA2B,GACtC,WAAW,IAAI,CAAC,mBAAmB,EAAE,UAAU,CAAC,KAC/C,GAmGF,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Removes the Next.js basePath from the provided destination if set.
|
|
3
|
+
* @param to Destination route to navigate to
|
|
4
|
+
* @returns Destination without basePath, if set
|
|
5
|
+
*/
|
|
6
|
+
export declare function removeBasePath(to: string): string;
|
|
7
|
+
//# sourceMappingURL=removeBasePath.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"removeBasePath.d.ts","sourceRoot":"","sources":["../../../src/utils/removeBasePath.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAQjD"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tern-secure/nextjs",
|
|
3
|
-
"version": "5.2.0-canary.
|
|
3
|
+
"version": "5.2.0-canary.v20251023005301",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public"
|
|
6
6
|
},
|
|
@@ -63,10 +63,10 @@
|
|
|
63
63
|
"jose": "^5.9.6",
|
|
64
64
|
"server-only": "^0.0.1",
|
|
65
65
|
"tslib": "2.4.1",
|
|
66
|
-
"@tern-secure/backend": "1.2.0-canary.
|
|
67
|
-
"@tern-secure/react": "1.2.0-canary.
|
|
68
|
-
"@tern-secure/shared": "1.3.0-canary.
|
|
69
|
-
"@tern-secure/types": "1.1.0-canary.
|
|
66
|
+
"@tern-secure/backend": "1.2.0-canary.v20251023005301",
|
|
67
|
+
"@tern-secure/react": "1.2.0-canary.v20251023005301",
|
|
68
|
+
"@tern-secure/shared": "1.3.0-canary.v20251023005301",
|
|
69
|
+
"@tern-secure/types": "1.1.0-canary.v20251023005301"
|
|
70
70
|
},
|
|
71
71
|
"peerDependencies": {
|
|
72
72
|
"next": "^13.0.0 || ^14.0.0 || ^15.0.0",
|