@tern-secure/nextjs 5.2.0-canary.v20251029025859 → 5.2.0-canary.v20251108045933

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (98) hide show
  1. package/dist/cjs/app-router/admin/cookieOptionsHelper.js +28 -16
  2. package/dist/cjs/app-router/admin/cookieOptionsHelper.js.map +1 -1
  3. package/dist/cjs/app-router/admin/request.js +6 -1
  4. package/dist/cjs/app-router/admin/request.js.map +1 -1
  5. package/dist/cjs/app-router/admin/sessionHandlers.js +2 -1
  6. package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
  7. package/dist/cjs/app-router/admin/types.js +19 -10
  8. package/dist/cjs/app-router/admin/types.js.map +1 -1
  9. package/dist/cjs/app-router/server/TernSecureProvider.js.map +1 -1
  10. package/dist/cjs/app-router/server/auth.js.map +1 -1
  11. package/dist/cjs/boundary/PromiseAuthProvider.js.map +1 -1
  12. package/dist/cjs/boundary/PromiseAuthProviderNode.js +68 -0
  13. package/dist/cjs/boundary/PromiseAuthProviderNode.js.map +1 -0
  14. package/dist/cjs/index.js.map +1 -1
  15. package/dist/cjs/server/constant.js +21 -0
  16. package/dist/cjs/server/constant.js.map +1 -1
  17. package/dist/cjs/server/data/getAuthDataFromRequest.js +109 -6
  18. package/dist/cjs/server/data/getAuthDataFromRequest.js.map +1 -1
  19. package/dist/cjs/server/index.js +6 -3
  20. package/dist/cjs/server/index.js.map +1 -1
  21. package/dist/cjs/server/instrumentation.js +52 -0
  22. package/dist/cjs/server/instrumentation.js.map +1 -0
  23. package/dist/cjs/server/{ternSecureEdgeMiddleware.js → ternSecureProxy.js} +18 -7
  24. package/dist/cjs/server/ternSecureProxy.js.map +1 -0
  25. package/dist/cjs/utils/allNextProviderProps.js +1 -0
  26. package/dist/cjs/utils/allNextProviderProps.js.map +1 -1
  27. package/dist/cjs/utils/config.js +1 -0
  28. package/dist/cjs/utils/config.js.map +1 -1
  29. package/dist/esm/app-router/admin/cookieOptionsHelper.js +26 -15
  30. package/dist/esm/app-router/admin/cookieOptionsHelper.js.map +1 -1
  31. package/dist/esm/app-router/admin/request.js +7 -2
  32. package/dist/esm/app-router/admin/request.js.map +1 -1
  33. package/dist/esm/app-router/admin/sessionHandlers.js +2 -1
  34. package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
  35. package/dist/esm/app-router/admin/types.js +17 -9
  36. package/dist/esm/app-router/admin/types.js.map +1 -1
  37. package/dist/esm/app-router/server/TernSecureProvider.js.map +1 -1
  38. package/dist/esm/app-router/server/auth.js.map +1 -1
  39. package/dist/esm/boundary/PromiseAuthProvider.js.map +1 -1
  40. package/dist/esm/boundary/PromiseAuthProviderNode.js +33 -0
  41. package/dist/esm/boundary/PromiseAuthProviderNode.js.map +1 -0
  42. package/dist/esm/index.js.map +1 -1
  43. package/dist/esm/server/constant.js +14 -0
  44. package/dist/esm/server/constant.js.map +1 -1
  45. package/dist/esm/server/data/getAuthDataFromRequest.js +113 -5
  46. package/dist/esm/server/data/getAuthDataFromRequest.js.map +1 -1
  47. package/dist/esm/server/index.js +5 -3
  48. package/dist/esm/server/index.js.map +1 -1
  49. package/dist/esm/server/instrumentation.js +28 -0
  50. package/dist/esm/server/instrumentation.js.map +1 -0
  51. package/dist/esm/server/{ternSecureEdgeMiddleware.js → ternSecureProxy.js} +16 -5
  52. package/dist/esm/server/ternSecureProxy.js.map +1 -0
  53. package/dist/esm/utils/allNextProviderProps.js +1 -0
  54. package/dist/esm/utils/allNextProviderProps.js.map +1 -1
  55. package/dist/esm/utils/config.js +1 -0
  56. package/dist/esm/utils/config.js.map +1 -1
  57. package/dist/types/app-router/admin/cookieOptionsHelper.d.ts +2 -10
  58. package/dist/types/app-router/admin/cookieOptionsHelper.d.ts.map +1 -1
  59. package/dist/types/app-router/admin/request.d.ts.map +1 -1
  60. package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
  61. package/dist/types/app-router/admin/types.d.ts +2 -1
  62. package/dist/types/app-router/admin/types.d.ts.map +1 -1
  63. package/dist/types/app-router/server/auth.d.ts +5 -1
  64. package/dist/types/app-router/server/auth.d.ts.map +1 -1
  65. package/dist/types/boundary/PromiseAuthProvider.d.ts +2 -2
  66. package/dist/types/boundary/PromiseAuthProvider.d.ts.map +1 -1
  67. package/dist/types/boundary/PromiseAuthProviderNode.d.ts +14 -0
  68. package/dist/types/boundary/PromiseAuthProviderNode.d.ts.map +1 -0
  69. package/dist/types/index.d.ts +1 -1
  70. package/dist/types/index.d.ts.map +1 -1
  71. package/dist/types/server/constant.d.ts +7 -0
  72. package/dist/types/server/constant.d.ts.map +1 -1
  73. package/dist/types/server/data/getAuthDataFromRequest.d.ts +35 -3
  74. package/dist/types/server/data/getAuthDataFromRequest.d.ts.map +1 -1
  75. package/dist/types/server/index.d.ts +2 -1
  76. package/dist/types/server/index.d.ts.map +1 -1
  77. package/dist/types/server/instrumentation.d.ts +27 -0
  78. package/dist/types/server/instrumentation.d.ts.map +1 -0
  79. package/dist/types/server/{ternSecureEdgeMiddleware.d.ts → ternSecureProxy.d.ts} +2 -2
  80. package/dist/types/server/ternSecureProxy.d.ts.map +1 -0
  81. package/dist/types/utils/allNextProviderProps.d.ts.map +1 -1
  82. package/dist/types/utils/config.d.ts.map +1 -1
  83. package/package.json +8 -9
  84. package/dist/cjs/server/ternSecureEdgeMiddleware.js.map +0 -1
  85. package/dist/cjs/utils/admin-init.js +0 -4
  86. package/dist/cjs/utils/admin-init.js.map +0 -1
  87. package/dist/cjs/utils/client-init.js +0 -4
  88. package/dist/cjs/utils/client-init.js.map +0 -1
  89. package/dist/esm/server/ternSecureEdgeMiddleware.js.map +0 -1
  90. package/dist/esm/utils/admin-init.js +0 -3
  91. package/dist/esm/utils/admin-init.js.map +0 -1
  92. package/dist/esm/utils/client-init.js +0 -3
  93. package/dist/esm/utils/client-init.js.map +0 -1
  94. package/dist/types/server/ternSecureEdgeMiddleware.d.ts.map +0 -1
  95. package/dist/types/utils/admin-init.d.ts +0 -2
  96. package/dist/types/utils/admin-init.d.ts.map +0 -1
  97. package/dist/types/utils/client-init.d.ts +0 -2
  98. package/dist/types/utils/client-init.d.ts.map +0 -1
package/dist/cjs/app-router/admin/cookieOptionsHelper.js CHANGED
@@ -18,34 +18,46 @@ var __copyProps = (to, from, except, desc) => {
18
18
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
19
  var cookieOptionsHelper_exports = {};
20
20
  __export(cookieOptionsHelper_exports, {
21
- getCookieOptions: () => getCookieOptions,
22
- getDeleteOptions: () => getDeleteOptions
21
+ getDeleteOptions: () => getDeleteOptions,
22
+ getIdTokenCookieOptions: () => getIdTokenCookieOptions,
23
+ getSessionCookieOptions: () => getSessionCookieOptions
23
24
  });
24
25
  module.exports = __toCommonJS(cookieOptionsHelper_exports);
25
26
  var import_types = require("./types");
26
- function getCookieOptions(config) {
27
+ const ONE_YEAR_IN_SECONDS = 365 * 24 * 60 * 60;
28
+ function getIdTokenCookieOptions() {
27
29
  return {
28
- path: config?.cookies?.path ?? import_types.DEFAULT_COOKIE_OPTIONS.path ?? "/",
29
- httpOnly: config?.cookies?.httpOnly ?? import_types.DEFAULT_COOKIE_OPTIONS.httpOnly ?? true,
30
- secure: config?.cookies?.secure ?? import_types.DEFAULT_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
31
- sameSite: config?.cookies?.sameSite ?? import_types.DEFAULT_COOKIE_OPTIONS.sameSite ?? "strict",
32
- maxAge: config?.cookies?.maxAge ?? import_types.DEFAULT_COOKIE_OPTIONS.maxAge,
33
- priority: config?.cookies?.priority ?? import_types.DEFAULT_COOKIE_OPTIONS.priority
30
+ path: "/",
31
+ httpOnly: true,
32
+ secure: process.env.NODE_ENV === "production",
33
+ sameSite: "strict",
34
+ maxAge: ONE_YEAR_IN_SECONDS,
35
+ priority: "high"
36
+ };
37
+ }
38
+ function getSessionCookieOptions(config) {
39
+ return {
40
+ path: config?.cookies?.path ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.path ?? "/",
41
+ httpOnly: config?.cookies?.httpOnly ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.httpOnly ?? true,
42
+ secure: config?.cookies?.secure ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
43
+ sameSite: config?.cookies?.sameSite ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.sameSite ?? "strict",
44
+ maxAge: config?.cookies?.maxAge ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.maxAge,
45
+ priority: config?.cookies?.priority ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.priority
34
46
  };
35
47
  }
36
48
  function getDeleteOptions(options) {
37
49
  return {
38
- path: options?.cookies?.path ?? import_types.DEFAULT_COOKIE_OPTIONS.path ?? "/",
39
- httpOnly: options?.cookies?.httpOnly ?? import_types.DEFAULT_COOKIE_OPTIONS.httpOnly ?? true,
40
- secure: options?.cookies?.secure ?? import_types.DEFAULT_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
41
- sameSite: options?.cookies?.sameSite ?? import_types.DEFAULT_COOKIE_OPTIONS.sameSite ?? "strict",
50
+ path: options?.cookies?.path ?? import_types.DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.path ?? "/",
51
+ httpOnly: options?.cookies?.httpOnly ?? import_types.DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.httpOnly ?? true,
52
+ secure: options?.cookies?.secure ?? import_types.DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
53
+ sameSite: options?.cookies?.sameSite ?? import_types.DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.sameSite ?? "strict",
42
54
  revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true
43
- // Domain is intentionally omitted to use current domain
44
55
  };
45
56
  }
46
57
  // Annotate the CommonJS export names for ESM import in node:
47
58
  0 && (module.exports = {
48
- getCookieOptions,
49
- getDeleteOptions
59
+ getDeleteOptions,
60
+ getIdTokenCookieOptions,
61
+ getSessionCookieOptions
50
62
  });
51
63
  //# sourceMappingURL=cookieOptionsHelper.js.map
package/dist/cjs/app-router/admin/cookieOptionsHelper.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/app-router/admin/cookieOptionsHelper.ts"],"sourcesContent":["import type { CookieOptions, TernSecureHandlerOptions } from '@tern-secure/types';\n\nimport { DEFAULT_COOKIE_OPTIONS } from './types';\n\n/**\n * Creates complete cookie options by merging config with defaults\n * Used for both setting and deleting cookies to ensure consistency\n */\nexport function getCookieOptions(\n config?: TernSecureHandlerOptions,\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: config?.cookies?.path ?? DEFAULT_COOKIE_OPTIONS.path ?? '/',\n httpOnly: config?.cookies?.httpOnly ?? DEFAULT_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n config?.cookies?.secure ?? DEFAULT_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: config?.cookies?.sameSite ?? DEFAULT_COOKIE_OPTIONS.sameSite ?? 'strict',\n maxAge: config?.cookies?.maxAge ?? DEFAULT_COOKIE_OPTIONS.maxAge,\n priority: config?.cookies?.priority ?? DEFAULT_COOKIE_OPTIONS.priority,\n };\n}\n\n/**\n * Extracts options needed for cookie deletion\n * For __HOST- prefixed cookies, all security attributes must match\n * @param options - Object containing cookies config and revokeRefreshTokensOnSignOut flag\n */\nexport function getDeleteOptions(options?: {\n cookies?: TernSecureHandlerOptions['cookies'];\n revokeRefreshTokensOnSignOut?: boolean;\n}): {\n path: string;\n httpOnly?: boolean;\n secure?: boolean;\n domain?: string;\n sameSite?: 'lax' | 'strict' | 'none';\n revokeRefreshTokensOnSignOut?: boolean;\n} {\n return {\n path: options?.cookies?.path ?? DEFAULT_COOKIE_OPTIONS.path ?? '/',\n httpOnly: options?.cookies?.httpOnly ?? DEFAULT_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n options?.cookies?.secure ?? DEFAULT_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: options?.cookies?.sameSite ?? DEFAULT_COOKIE_OPTIONS.sameSite ?? 'strict',\n revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true,\n // Domain is intentionally omitted to use current domain\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAAuC;AAMhC,SAAS,iBACd,QAE2C;AAC3C,SAAO;AAAA,IACL,MAAM,QAAQ,SAAS,QAAQ,oCAAuB,QAAQ;AAAA,IAC9D,UAAU,QAAQ,SAAS,YAAY,oCAAuB,YAAY;AAAA,IAC1E,QACE,QAAQ,SAAS,UAAU,oCAAuB,UAAU,QAAQ,IAAI,aAAa;AAAA,IACvF,UAAU,QAAQ,SAAS,YAAY,oCAAuB,YAAY;AAAA,IAC1E,QAAQ,QAAQ,SAAS,UAAU,oCAAuB;AAAA,IAC1D,UAAU,QAAQ,SAAS,YAAY,oCAAuB;AAAA,EAChE;AACF;AAOO,SAAS,iBAAiB,SAU/B;AACA,SAAO;AAAA,IACL,MAAM,SAAS,SAAS,QAAQ,oCAAuB,QAAQ;AAAA,IAC/D,UAAU,SAAS,SAAS,YAAY,oCAAuB,YAAY;AAAA,IAC3E,QACE,SAAS,SAAS,UAAU,oCAAuB,UAAU,QAAQ,IAAI,aAAa;AAAA,IACxF,UAAU,SAAS,SAAS,YAAY,oCAAuB,YAAY;AAAA,IAC3E,8BAA8B,SAAS,gCAAgC;AAAA;AAAA,EAEzE;AACF;","names":[]}
1
+ {"version":3,"sources":["../../../../src/app-router/admin/cookieOptionsHelper.ts"],"sourcesContent":["import type { CookieOptions, TernSecureHandlerOptions } from '@tern-secure/types';\n\nimport { DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS, DEFAULT_SESSION_COOKIE_OPTIONS } from './types';\n\nconst ONE_YEAR_IN_SECONDS = 365 * 24 * 60 * 60;\n\n\nexport function getIdTokenCookieOptions(\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: '/',\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: ONE_YEAR_IN_SECONDS,\n priority: 'high',\n };\n}\n\nexport function getSessionCookieOptions(\n config?: TernSecureHandlerOptions,\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: config?.cookies?.path ?? DEFAULT_SESSION_COOKIE_OPTIONS.path ?? '/',\n httpOnly: config?.cookies?.httpOnly ?? DEFAULT_SESSION_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n config?.cookies?.secure ?? DEFAULT_SESSION_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: config?.cookies?.sameSite ?? DEFAULT_SESSION_COOKIE_OPTIONS.sameSite ?? 'strict',\n maxAge: config?.cookies?.maxAge ?? DEFAULT_SESSION_COOKIE_OPTIONS.maxAge,\n priority: config?.cookies?.priority ?? DEFAULT_SESSION_COOKIE_OPTIONS.priority,\n };\n}\n\n\nexport function getDeleteOptions(options?: {\n cookies?: TernSecureHandlerOptions['cookies'];\n revokeRefreshTokensOnSignOut?: boolean;\n}): {\n path: string;\n httpOnly?: boolean;\n secure?: boolean;\n domain?: string;\n sameSite?: 'lax' | 'strict' | 'none';\n revokeRefreshTokensOnSignOut?: boolean;\n} {\n return {\n path: options?.cookies?.path ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.path ?? '/',\n httpOnly: options?.cookies?.httpOnly ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n options?.cookies?.secure ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: options?.cookies?.sameSite ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.sameSite ?? 'strict',\n revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAAwF;AAExF,MAAM,sBAAsB,MAAM,KAAK,KAAK;AAGrC,SAAS,0BAE6B;AAC3C,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,EACZ;AACF;AAEO,SAAS,wBACd,QAE2C;AAC3C,SAAO;AAAA,IACL,MAAM,QAAQ,SAAS,QAAQ,4CAA+B,QAAQ;AAAA,IACtE,UAAU,QAAQ,SAAS,YAAY,4CAA+B,YAAY;AAAA,IAClF,QACE,QAAQ,SAAS,UAAU,4CAA+B,UAAU,QAAQ,IAAI,aAAa;AAAA,IAC/F,UAAU,QAAQ,SAAS,YAAY,4CAA+B,YAAY;AAAA,IAClF,QAAQ,QAAQ,SAAS,UAAU,4CAA+B;AAAA,IAClE,UAAU,QAAQ,SAAS,YAAY,4CAA+B;AAAA,EACxE;AACF;AAGO,SAAS,iBAAiB,SAU/B;AACA,SAAO;AAAA,IACL,MAAM,SAAS,SAAS,QAAQ,qDAAwC,QAAQ;AAAA,IAChF,UAAU,SAAS,SAAS,YAAY,qDAAwC,YAAY;AAAA,IAC5F,QACE,SAAS,SAAS,UAAU,qDAAwC,UAAU,QAAQ,IAAI,aAAa;AAAA,IACzG,UAAU,SAAS,SAAS,YAAY,qDAAwC,YAAY;AAAA,IAC5F,8BAA8B,SAAS,gCAAgC;AAAA,EACzE;AACF;","names":[]}
package/dist/cjs/app-router/admin/request.js CHANGED
@@ -41,7 +41,7 @@ async function refreshCookieWithIdToken(idToken, cookieStore, config, referrer)
41
41
  },
42
42
  apiClient: backendClient
43
43
  };
44
- const COOKIE_OPTIONS = (0, import_cookieOptionsHelper.getCookieOptions)(config);
44
+ const COOKIE_OPTIONS = (0, import_cookieOptionsHelper.getIdTokenCookieOptions)();
45
45
  const { createCustomIdAndRefreshToken } = (0, import_auth.getAuth)(authOptions);
46
46
  const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });
47
47
  const cookiePrefix = (0, import_cookie.getCookiePrefix)();
@@ -55,6 +55,11 @@ async function refreshCookieWithIdToken(idToken, cookieStore, config, referrer)
55
55
  (0, import_cookie.getCookieName)(import_backend.constants.Cookies.Refresh, cookiePrefix),
56
56
  customTokens.refreshToken,
57
57
  COOKIE_OPTIONS
58
+ ),
59
+ cookieStore.set(
60
+ import_backend.constants.Cookies.TernAut,
61
+ customTokens.auth_time.toString(),
62
+ { secure: true, maxAge: 365 * 24 * 60 * 60 }
58
63
  )
59
64
  ];
60
65
  if (config?.enableCustomToken) {
package/dist/cjs/app-router/admin/request.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport { getCookieOptions } from './cookieOptionsHelper';\nimport type { TernSecureHandlerOptions } from './types';\n\nexport async function refreshCookieWithIdToken(\n idToken: string,\n cookieStore: NextCookieStore,\n config?: TernSecureHandlerOptions,\n referrer?: string,\n): Promise<void> {\n const backendClient = await ternSecureBackendClient();\n\n const authOptions: AuthenticateRequestOptions = {\n tenantId: config?.tenantId || undefined,\n firebaseConfig: {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n },\n apiClient: backendClient,\n };\n\n const COOKIE_OPTIONS = getCookieOptions(config);\n\n const { createCustomIdAndRefreshToken } = getAuth(authOptions);\n\n const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });\n\n const cookiePrefix = getCookiePrefix();\n\n const cookiePromises = [\n cookieStore.set(\n getCookieName(constants.Cookies.IdToken, cookiePrefix),\n customTokens.idToken,\n COOKIE_OPTIONS,\n ),\n cookieStore.set(\n getCookieName(constants.Cookies.Refresh, cookiePrefix),\n customTokens.refreshToken,\n COOKIE_OPTIONS,\n ),\n ];\n\n if (config?.enableCustomToken) {\n cookiePromises.push(\n cookieStore.set(constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS),\n );\n }\n\n await Promise.all(cookiePromises);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAA0B;AAC1B,kBAAwB;AACxB,oBAA+C;AAE/C,8BAAwC;AAExC,uBAOO;AACP,iCAAiC;AAGjC,eAAsB,yBACpB,SACA,aACA,QACA,UACe;AACf,QAAM,gBAAgB,UAAM,iDAAwB;AAEpD,QAAM,cAA0C;AAAA,IAC9C,UAAU,QAAQ,YAAY;AAAA,IAC9B,gBAAgB;AAAA,MACd,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,MACf,mBAAmB;AAAA,MACnB,OAAO;AAAA,IACT;AAAA,IACA,WAAW;AAAA,EACb;AAEA,QAAM,qBAAiB,6CAAiB,MAAM;AAE9C,QAAM,EAAE,8BAA8B,QAAI,qBAAQ,WAAW;AAE7D,QAAM,eAAe,MAAM,8BAA8B,SAAS,EAAE,SAAS,SAAS,CAAC;AAEvF,QAAM,mBAAe,+BAAgB;AAErC,QAAM,iBAAiB;AAAA,IACrB,YAAY;AAAA,UACV,6BAAc,yBAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,IACA,YAAY;AAAA,UACV,6BAAc,yBAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAEA,MAAI,QAAQ,mBAAmB;AAC7B,mBAAe;AAAA,MACb,YAAY,IAAI,yBAAU,QAAQ,QAAQ,aAAa,aAAa,cAAc;AAAA,IACpF;AAAA,EACF;AAEA,QAAM,QAAQ,IAAI,cAAc;AAClC;","names":[]}
1
+ {"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport { getIdTokenCookieOptions } from './cookieOptionsHelper';\nimport type { TernSecureHandlerOptions } from './types';\n\nexport async function refreshCookieWithIdToken(\n idToken: string,\n cookieStore: NextCookieStore,\n config?: TernSecureHandlerOptions,\n referrer?: string,\n): Promise<void> {\n const backendClient = await ternSecureBackendClient();\n\n const authOptions: AuthenticateRequestOptions = {\n tenantId: config?.tenantId || undefined,\n firebaseConfig: {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n },\n apiClient: backendClient,\n };\n\n const COOKIE_OPTIONS = getIdTokenCookieOptions();\n\n const { createCustomIdAndRefreshToken } = getAuth(authOptions);\n\n const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });\n\n const cookiePrefix = getCookiePrefix();\n\n const cookiePromises = [\n cookieStore.set(\n getCookieName(constants.Cookies.IdToken, cookiePrefix),\n customTokens.idToken,\n COOKIE_OPTIONS,\n ),\n cookieStore.set(\n getCookieName(constants.Cookies.Refresh, cookiePrefix),\n customTokens.refreshToken,\n COOKIE_OPTIONS,\n ),\n\n cookieStore.set(\n constants.Cookies.TernAut,\n customTokens.auth_time.toString(),\n { secure: true, maxAge: 365 * 24 * 60 * 60 }\n ),\n ];\n\n if (config?.enableCustomToken) {\n cookiePromises.push(\n cookieStore.set(constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS),\n );\n }\n\n await Promise.all(cookiePromises);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAA0B;AAC1B,kBAAwB;AACxB,oBAA+C;AAE/C,8BAAwC;AAExC,uBAOO;AACP,iCAAwC;AAGxC,eAAsB,yBACpB,SACA,aACA,QACA,UACe;AACf,QAAM,gBAAgB,UAAM,iDAAwB;AAEpD,QAAM,cAA0C;AAAA,IAC9C,UAAU,QAAQ,YAAY;AAAA,IAC9B,gBAAgB;AAAA,MACd,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,MACf,mBAAmB;AAAA,MACnB,OAAO;AAAA,IACT;AAAA,IACA,WAAW;AAAA,EACb;AAEA,QAAM,qBAAiB,oDAAwB;AAE/C,QAAM,EAAE,8BAA8B,QAAI,qBAAQ,WAAW;AAE7D,QAAM,eAAe,MAAM,8BAA8B,SAAS,EAAE,SAAS,SAAS,CAAC;AAEvF,QAAM,mBAAe,+BAAgB;AAErC,QAAM,iBAAiB;AAAA,IACrB,YAAY;AAAA,UACV,6BAAc,yBAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,IACA,YAAY;AAAA,UACV,6BAAc,yBAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,IAEA,YAAY;AAAA,MACV,yBAAU,QAAQ;AAAA,MAClB,aAAa,UAAU,SAAS;AAAA,MAChC,EAAE,QAAQ,MAAM,QAAQ,MAAM,KAAK,KAAK,GAAG;AAAA,IAC7C;AAAA,EACF;AAEA,MAAI,QAAQ,mBAAmB;AAC7B,mBAAe;AAAA,MACb,YAAY,IAAI,yBAAU,QAAQ,QAAQ,aAAa,aAAa,cAAc;AAAA,IACpF;AAAA,EACF;AAEA,QAAM,QAAQ,IAAI,cAAc;AAClC;","names":[]}
package/dist/cjs/app-router/admin/sessionHandlers.js CHANGED
@@ -22,6 +22,7 @@ __export(sessionHandlers_exports, {
22
22
  sessionEndpointHandler: () => sessionEndpointHandler
23
23
  });
24
24
  module.exports = __toCommonJS(sessionHandlers_exports);
25
+ var import_backend = require("@tern-secure/backend");
25
26
  var import_admin = require("@tern-secure/backend/admin");
26
27
  var import_jwt = require("@tern-secure/backend/jwt");
27
28
  var import_NextCookieAdapter = require("../../utils/NextCookieAdapter");
@@ -74,7 +75,7 @@ async function sessionEndpointHandler(context, config) {
74
75
  const cookieStore = new import_NextCookieAdapter.NextCookieStore();
75
76
  const { idToken, csrfToken, error } = await validateSessionRequest();
76
77
  if (error) return error;
77
- const csrfCookieValue = await cookieStore.get("_session_terncf");
78
+ const csrfCookieValue = await cookieStore.get(import_backend.constants.Cookies.CsrfToken);
78
79
  validateCsrfToken(csrfToken || "", csrfCookieValue.value);
79
80
  const handleCreateSession = async (cookieStore2, idToken2) => {
80
81
  try {
package/dist/cjs/app-router/admin/sessionHandlers.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport type { CookieSubEndpoint } from '@tern-secure/types';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, createApiSuccessResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nasync function sessionEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const sessionCookie = context.sessionTokenInCookie;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, config);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nasync function cookieEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n const { validateSecurity } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Cookie sub-endpoint required', 400);\n }\n\n const cookiesConfig = config.endpoints?.cookies;\n const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint as CookieSubEndpoint];\n\n if (!subEndpointConfig || !subEndpointConfig.enabled) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Cookie endpoint not found or disabled', 404);\n }\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const CookieGetHandler = async (subEndpoint: CookieSubEndpoint): Promise<Response> => {\n const handleGetCookie = async (): Promise<Response> => {\n try {\n const url = new URL(context.ternUrl);\n const tokenName = url.searchParams.get('tokenName');\n\n if (!tokenName) {\n return createApiErrorResponse('TOKEN_NAME_REQUIRED', 'tokenName query parameter is required', 400);\n }\n\n let cookieValue: string | undefined;\n\n switch (tokenName) {\n case 'idToken':\n cookieValue = context.idTokenInCookie;\n break;\n case 'sessionToken':\n cookieValue = context.sessionTokenInCookie;\n break;\n case 'refreshToken':\n cookieValue = context.refreshTokenInCookie;\n break;\n case 'customToken':\n cookieValue = context.customTokenInCookie;\n break;\n default:\n return createApiErrorResponse('INVALID_TOKEN_NAME', 'Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken', 400);\n }\n\n if (!cookieValue) {\n return createApiErrorResponse(\n 'TOKEN_NOT_FOUND',\n `${tokenName} not found in httpOnly cookies`,\n 404\n );\n }\n\n return createApiSuccessResponse({\n token: cookieValue,\n });\n } catch (error) {\n return createApiErrorResponse('COOKIE_RETRIEVAL_FAILED', 'Failed to retrieve cookie', 500);\n }\n };\n\n switch (subEndpoint) {\n case 'get':\n return handleGetCookie();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return CookieGetHandler(subEndpoint as CookieSubEndpoint);\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nexport { sessionEndpointHandler, cookieEndpointHandler };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAmC;AACnC,iBAAuC;AAGvC,+BAAgC;AAEhC,0BAAiC;AACjC,qBAAyC;AACzC,uBAA4G;AAG5G,eAAe,uBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,gBAAgB,QAAQ;AAC9B,YAAI,CAAC,eAAe;AAClB,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,QAAI,mCAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,uCAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,iBAAiB;AAC/D,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,kBAAM,yCAAyBA,UAASD,cAAa,QAAQ,QAAQ;AACrE,eAAO,uCAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,mBAAO,yCAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,qBAAiB,mCAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,qBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,UAAM,yCAAyBA,UAASD,cAAa,MAAM;AAC9E,eAAO,uCAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,mBAAO,yCAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,UAAM,iCAAmBA,YAAW;AAChD,aAAO,uCAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,eAAe,sBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,iBAAa,sCAAiB,OAAO;AAC3C,QAAM,EAAE,iBAAiB,IAAI;AAE7B,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,gCAAgC,GAAG;AAAA,EAC5F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,MAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,eAAO,yCAAuB,sBAAsB,yCAAyC,GAAG;AAAA,EAClG;AAEA,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,mBAAmB,OAAOA,iBAAsD;AACpF,UAAM,kBAAkB,YAA+B;AACrD,UAAI;AACF,cAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,cAAM,YAAY,IAAI,aAAa,IAAI,WAAW;AAElD,YAAI,CAAC,WAAW;AACd,qBAAO,yCAAuB,uBAAuB,yCAAyC,GAAG;AAAA,QACnG;AAEA,YAAI;AAEJ,gBAAQ,WAAW;AAAA,UACjB,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF;AACE,uBAAO,yCAAuB,sBAAsB,wFAAwF,GAAG;AAAA,QACnJ;AAEA,YAAI,CAAC,aAAa;AAChB,qBAAO;AAAA,YACL;AAAA,YACA,GAAG,SAAS;AAAA,YACZ;AAAA,UACF;AAAA,QACF;AAEA,mBAAO,2CAAyB;AAAA,UAC9B,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,OAAO;AACd,mBAAO,yCAAuB,2BAA2B,6BAA6B,GAAG;AAAA,MAC3F;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,gBAAgB;AAAA,MACzB;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,iBAAiB,WAAgC;AAAA,IAC1D;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
1
+ {"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { constants } from '@tern-secure/backend';\nimport { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport type { CookieSubEndpoint } from '@tern-secure/types';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, createApiSuccessResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nasync function sessionEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const sessionCookie = context.sessionTokenInCookie;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get(constants.Cookies.CsrfToken);\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, config);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nasync function cookieEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n const { validateSecurity } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Cookie sub-endpoint required', 400);\n }\n\n const cookiesConfig = config.endpoints?.cookies;\n const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint as CookieSubEndpoint];\n\n if (!subEndpointConfig || !subEndpointConfig.enabled) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Cookie endpoint not found or disabled', 404);\n }\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const CookieGetHandler = async (subEndpoint: CookieSubEndpoint): Promise<Response> => {\n const handleGetCookie = async (): Promise<Response> => {\n try {\n const url = new URL(context.ternUrl);\n const tokenName = url.searchParams.get('tokenName');\n\n if (!tokenName) {\n return createApiErrorResponse('TOKEN_NAME_REQUIRED', 'tokenName query parameter is required', 400);\n }\n\n let cookieValue: string | undefined;\n\n switch (tokenName) {\n case 'idToken':\n cookieValue = context.idTokenInCookie;\n break;\n case 'sessionToken':\n cookieValue = context.sessionTokenInCookie;\n break;\n case 'refreshToken':\n cookieValue = context.refreshTokenInCookie;\n break;\n case 'customToken':\n cookieValue = context.customTokenInCookie;\n break;\n default:\n return createApiErrorResponse('INVALID_TOKEN_NAME', 'Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken', 400);\n }\n\n if (!cookieValue) {\n return createApiErrorResponse(\n 'TOKEN_NOT_FOUND',\n `${tokenName} not found in httpOnly cookies`,\n 404\n );\n }\n\n return createApiSuccessResponse({\n token: cookieValue,\n });\n } catch (error) {\n return createApiErrorResponse('COOKIE_RETRIEVAL_FAILED', 'Failed to retrieve cookie', 500);\n }\n };\n\n switch (subEndpoint) {\n case 'get':\n return handleGetCookie();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return CookieGetHandler(subEndpoint as CookieSubEndpoint);\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nexport { sessionEndpointHandler, cookieEndpointHandler };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAA0B;AAC1B,mBAAmC;AACnC,iBAAuC;AAGvC,+BAAgC;AAEhC,0BAAiC;AACjC,qBAAyC;AACzC,uBAA4G;AAG5G,eAAe,uBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,gBAAgB,QAAQ;AAC9B,YAAI,CAAC,eAAe;AAClB,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,QAAI,mCAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,uCAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,yBAAU,QAAQ,SAAS;AACzE,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,kBAAM,yCAAyBA,UAASD,cAAa,QAAQ,QAAQ;AACrE,eAAO,uCAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,mBAAO,yCAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,qBAAiB,mCAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,qBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,UAAM,yCAAyBA,UAASD,cAAa,MAAM;AAC9E,eAAO,uCAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,mBAAO,yCAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,UAAM,iCAAmBA,YAAW;AAChD,aAAO,uCAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,eAAe,sBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,iBAAa,sCAAiB,OAAO;AAC3C,QAAM,EAAE,iBAAiB,IAAI;AAE7B,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,gCAAgC,GAAG;AAAA,EAC5F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,MAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,eAAO,yCAAuB,sBAAsB,yCAAyC,GAAG;AAAA,EAClG;AAEA,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,mBAAmB,OAAOA,iBAAsD;AACpF,UAAM,kBAAkB,YAA+B;AACrD,UAAI;AACF,cAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,cAAM,YAAY,IAAI,aAAa,IAAI,WAAW;AAElD,YAAI,CAAC,WAAW;AACd,qBAAO,yCAAuB,uBAAuB,yCAAyC,GAAG;AAAA,QACnG;AAEA,YAAI;AAEJ,gBAAQ,WAAW;AAAA,UACjB,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF;AACE,uBAAO,yCAAuB,sBAAsB,wFAAwF,GAAG;AAAA,QACnJ;AAEA,YAAI,CAAC,aAAa;AAChB,qBAAO;AAAA,YACL;AAAA,YACA,GAAG,SAAS;AAAA,YACZ;AAAA,UACF;AAAA,QACF;AAEA,mBAAO,2CAAyB;AAAA,UAC9B,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,OAAO;AACd,mBAAO,yCAAuB,2BAA2B,6BAA6B,GAAG;AAAA,MAC3F;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,gBAAgB;AAAA,MACzB;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,iBAAiB,WAAgC;AAAA,IAC1D;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
package/dist/cjs/app-router/admin/types.js CHANGED
@@ -19,13 +19,14 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
19
19
  var types_exports = {};
20
20
  __export(types_exports, {
21
21
  CookieUtils: () => CookieUtils,
22
- DEFAULT_COOKIE_OPTIONS: () => DEFAULT_COOKIE_OPTIONS,
23
22
  DEFAULT_COOKIE_REQUEST_CONFIG: () => DEFAULT_COOKIE_REQUEST_CONFIG,
24
23
  DEFAULT_CORS_OPTIONS: () => DEFAULT_CORS_OPTIONS,
25
24
  DEFAULT_ENDPOINT_CONFIG: () => DEFAULT_ENDPOINT_CONFIG,
26
25
  DEFAULT_HANDLER_OPTIONS: () => DEFAULT_HANDLER_OPTIONS,
26
+ DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS: () => DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS,
27
27
  DEFAULT_SECURITY_OPTIONS: () => DEFAULT_SECURITY_OPTIONS,
28
28
  DEFAULT_SESSIONS_CONFIG: () => DEFAULT_SESSIONS_CONFIG,
29
+ DEFAULT_SESSION_COOKIE_OPTIONS: () => DEFAULT_SESSION_COOKIE_OPTIONS,
29
30
  FIXED_TOKEN_CONFIGS: () => FIXED_TOKEN_CONFIGS
30
31
  });
31
32
  module.exports = __toCommonJS(types_exports);
@@ -37,7 +38,16 @@ const DEFAULT_CORS_OPTIONS = {
37
38
  maxAge: 86400
38
39
  // 24 hours
39
40
  };
40
- const DEFAULT_COOKIE_OPTIONS = {
41
+ const DEFAULT_SESSION_COOKIE_OPTIONS = {
42
+ httpOnly: true,
43
+ path: "/",
44
+ secure: process.env.NODE_ENV === "production",
45
+ sameSite: "strict",
46
+ maxAge: 12 * 60 * 60 * 24,
47
+ // twelve days
48
+ priority: "high"
49
+ };
50
+ const DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS = {
41
51
  httpOnly: true,
42
52
  path: "/",
43
53
  secure: process.env.NODE_ENV === "production",
@@ -146,7 +156,7 @@ const DEFAULT_SESSIONS_CONFIG = {
146
156
  };
147
157
  const DEFAULT_HANDLER_OPTIONS = {
148
158
  cors: DEFAULT_CORS_OPTIONS,
149
- cookies: DEFAULT_COOKIE_OPTIONS,
159
+ cookies: DEFAULT_SESSION_COOKIE_OPTIONS,
150
160
  rateLimit: {
151
161
  windowMs: 15 * 60 * 1e3,
152
162
  // 15 minutes
@@ -180,13 +190,11 @@ class CookieUtils {
180
190
  };
181
191
  }
182
192
  static getSessionConfig(cookieOptions) {
183
- const sessionConfig = cookieOptions.session || {};
184
- const defaultSession = DEFAULT_COOKIE_OPTIONS.session || {};
185
193
  return {
186
- path: sessionConfig.path ?? cookieOptions.path ?? "/",
187
- httpOnly: sessionConfig.httpOnly ?? cookieOptions.httpOnly ?? true,
188
- sameSite: sessionConfig.sameSite ?? cookieOptions.sameSite ?? "lax",
189
- maxAge: sessionConfig.maxAge ?? defaultSession.maxAge ?? 3600 * 24 * 7
194
+ path: cookieOptions.path ?? "/",
195
+ httpOnly: cookieOptions.httpOnly ?? true,
196
+ sameSite: cookieOptions.sameSite ?? "lax",
197
+ maxAge: cookieOptions.maxAge ?? 3600 * 24 * 7
190
198
  };
191
199
  }
192
200
  static getFixedTokenConfig(tokenType) {
@@ -207,13 +215,14 @@ class CookieUtils {
207
215
  // Annotate the CommonJS export names for ESM import in node:
208
216
  0 && (module.exports = {
209
217
  CookieUtils,
210
- DEFAULT_COOKIE_OPTIONS,
211
218
  DEFAULT_COOKIE_REQUEST_CONFIG,
212
219
  DEFAULT_CORS_OPTIONS,
213
220
  DEFAULT_ENDPOINT_CONFIG,
214
221
  DEFAULT_HANDLER_OPTIONS,
222
+ DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS,
215
223
  DEFAULT_SECURITY_OPTIONS,
216
224
  DEFAULT_SESSIONS_CONFIG,
225
+ DEFAULT_SESSION_COOKIE_OPTIONS,
217
226
  FIXED_TOKEN_CONFIGS
218
227
  });
219
228
  //# sourceMappingURL=types.js.map
package/dist/cjs/app-router/admin/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieEndpointConfig,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig,\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\n\nexport const FIXED_TOKEN_CONFIGS = {\n id: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600, // 1 hour\n },\n refresh: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 30, // 30 days (changes when user events occur)\n },\n signature: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n custom: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n} as const;\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n requireCSRF: true,\n allowedReferers: [],\n requiredHeaders: {},\n ipWhitelist: [],\n userAgent: {\n block: [],\n allow: [],\n },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n enabled: true,\n methods: ['GET', 'POST'],\n requireAuth: false,\n security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_COOKIE_REQUEST_CONFIG: CookieEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n get: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n },\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n verify: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n createsession: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n },\n },\n refresh: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n revoke: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n cors: DEFAULT_CORS_OPTIONS,\n cookies: DEFAULT_COOKIE_OPTIONS,\n rateLimit: {\n windowMs: 15 * 60 * 1000, // 15 minutes\n maxRequests: 100,\n skipSuccessful: false,\n skipFailedRequests: false,\n },\n security: DEFAULT_SECURITY_OPTIONS,\n endpoints: {\n cookies: DEFAULT_COOKIE_REQUEST_CONFIG,\n sessions: DEFAULT_SESSIONS_CONFIG,\n },\n tenantId: '',\n revokeRefreshTokensOnSignOut: true,\n enableCustomToken: false,\n debug: false,\n environment: 'production',\n basePath: '/api/auth',\n};\n\nexport interface ValidationResult {\n error?: NextResponse;\n data?: any;\n}\n\nexport interface ValidationConfig {\n cors?: CorsOptions;\n security?: SecurityOptions;\n endpoint?: {\n name: AuthEndpoint;\n config: EndpointConfig;\n };\n subEndpoint?: {\n name: SessionSubEndpoint;\n config: EndpointConfig;\n };\n requireIdToken?: boolean;\n requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n isValid: boolean;\n error?: Response;\n corsResponse?: Response;\n sessionData?: {\n body: any;\n idToken?: string;\n csrfToken?: string;\n };\n}\n\nexport type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';\n\nexport class CookieUtils {\n static getCookieName(namePrefix: string, tokenType: suffix): string {\n return `${namePrefix}.${tokenType}`;\n }\n\n static getCookieNames(namePrefix: string) {\n return {\n session: this.getCookieName(namePrefix, 'session'),\n id: this.getCookieName(namePrefix, 'id'),\n refresh: this.getCookieName(namePrefix, 'refresh'),\n signature: this.getCookieName(namePrefix, 'signature'),\n custom: this.getCookieName(namePrefix, 'custom'),\n };\n }\n\n static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig {\n const sessionConfig = cookieOptions.session || {};\n const defaultSession = DEFAULT_COOKIE_OPTIONS.session || {};\n\n return {\n path: sessionConfig.path ?? cookieOptions.path ?? '/',\n httpOnly: sessionConfig.httpOnly ?? cookieOptions.httpOnly ?? true,\n sameSite: sessionConfig.sameSite ?? cookieOptions.sameSite ?? 'lax',\n maxAge: sessionConfig.maxAge ?? defaultSession.maxAge ?? 3600 * 24 * 7,\n };\n }\n\n static getFixedTokenConfig(\n tokenType: Exclude<suffix, 'session'>,\n ): TokenCookieConfig {\n const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];\n\n return {\n path: fixedConfig.path,\n httpOnly: fixedConfig.httpOnly,\n sameSite: fixedConfig.sameSite,\n maxAge: fixedConfig.maxAge,\n };\n }\n\n static validateSessionMaxAge(maxAge: number): boolean {\n const minAge = 300; // 5 minutes\n const maxAgeLimit = 3600 * 24 * 14; // 2 weeks\n return maxAge >= minAge && maxAge <= maxAgeLimit;\n }\n}\n\nexport {\n AuthEndpoint,\n CookieOptions,\n CorsOptions,\n SecurityOptions,\n SessionSubEndpoint,\n EndpointConfig,\n SessionEndpointConfig,\n TernSecureHandlerOptions,\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcO,MAAM,uBAAoC;AAAA,EAC/C,gBAAgB,CAAC;AAAA,EACjB,gBAAgB,CAAC,OAAO,MAAM;AAAA,EAC9B,gBAAgB,CAAC,gBAAgB,iBAAiB,kBAAkB;AAAA,EACpE,kBAAkB;AAAA,EAClB,QAAQ;AAAA;AACV;AAEO,MAAM,yBAAwC;AAAA,EACnD,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,EACvB,UAAU;AACZ;AAGO,MAAM,sBAAsB;AAAA,EACjC,IAAI;AAAA,IACF,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ;AAAA;AAAA,EACV;AAAA,EACA,SAAS;AAAA,IACP,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,WAAW;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AACF;AAEO,MAAM,2BAA4C;AAAA,EACvD,aAAa;AAAA,EACb,iBAAiB,CAAC;AAAA,EAClB,iBAAiB,CAAC;AAAA,EAClB,aAAa,CAAC;AAAA,EACd,WAAW;AAAA,IACT,OAAO,CAAC;AAAA,IACR,OAAO,CAAC;AAAA,EACV;AACF;AAEO,MAAM,0BAA0C;AAAA,EACrD,SAAS;AAAA,EACT,SAAS,CAAC,OAAO,MAAM;AAAA,EACvB,aAAa;AAAA,EACb,UAAU;AACZ;AAEO,MAAM,gCAAsD;AAAA,EACjE,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,KAAK;AAAA,MACH,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAAiD;AAAA,EAC5D,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAET;AAAA,EACF,MAAM;AAAA,EACN,SAAS;AAAA,EACT,WAAW;AAAA,IACT,UAAU,KAAK,KAAK;AAAA;AAAA,IACpB,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB;AAAA,EACA,UAAU;AAAA,EACV,WAAW;AAAA,IACT,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA,UAAU;AAAA,EACV,8BAA8B;AAAA,EAC9B,mBAAmB;AAAA,EACnB,OAAO;AAAA,EACP,aAAa;AAAA,EACb,UAAU;AACZ;AAmCO,MAAM,YAAY;AAAA,EACvB,OAAO,cAAc,YAAoB,WAA2B;AAClE,WAAO,GAAG,UAAU,IAAI,SAAS;AAAA,EACnC;AAAA,EAEA,OAAO,eAAe,YAAoB;AACxC,WAAO;AAAA,MACL,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,IAAI,KAAK,cAAc,YAAY,IAAI;AAAA,MACvC,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,WAAW,KAAK,cAAc,YAAY,WAAW;AAAA,MACrD,QAAQ,KAAK,cAAc,YAAY,QAAQ;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB,eAAiD;AACvE,UAAM,gBAAgB,cAAc,WAAW,CAAC;AAChD,UAAM,iBAAiB,uBAAuB,WAAW,CAAC;AAE1D,WAAO;AAAA,MACL,MAAM,cAAc,QAAQ,cAAc,QAAQ;AAAA,MAClD,UAAU,cAAc,YAAY,cAAc,YAAY;AAAA,MAC9D,UAAU,cAAc,YAAY,cAAc,YAAY;AAAA,MAC9D,QAAQ,cAAc,UAAU,eAAe,UAAU,OAAO,KAAK;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,OAAO,oBACL,WACmB;AACnB,UAAM,cAAc,oBAAoB,SAAS;AAEjD,WAAO;AAAA,MACL,MAAM,YAAY;AAAA,MAClB,UAAU,YAAY;AAAA,MACtB,UAAU,YAAY;AAAA,MACtB,QAAQ,YAAY;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,OAAO,sBAAsB,QAAyB;AACpD,UAAM,SAAS;AACf,UAAM,cAAc,OAAO,KAAK;AAChC,WAAO,UAAU,UAAU,UAAU;AAAA,EACvC;AACF;","names":[]}
1
+ {"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieEndpointConfig,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig,\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_SESSION_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\nexport const DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\n\nexport const FIXED_TOKEN_CONFIGS = {\n id: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600, // 1 hour\n },\n refresh: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 30, // 30 days (changes when user events occur)\n },\n signature: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n custom: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n} as const;\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n requireCSRF: true,\n allowedReferers: [],\n requiredHeaders: {},\n ipWhitelist: [],\n userAgent: {\n block: [],\n allow: [],\n },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n enabled: true,\n methods: ['GET', 'POST'],\n requireAuth: false,\n security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_COOKIE_REQUEST_CONFIG: CookieEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n get: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n },\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n verify: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n createsession: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n },\n },\n refresh: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n revoke: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n cors: DEFAULT_CORS_OPTIONS,\n cookies: DEFAULT_SESSION_COOKIE_OPTIONS,\n rateLimit: {\n windowMs: 15 * 60 * 1000, // 15 minutes\n maxRequests: 100,\n skipSuccessful: false,\n skipFailedRequests: false,\n },\n security: DEFAULT_SECURITY_OPTIONS,\n endpoints: {\n cookies: DEFAULT_COOKIE_REQUEST_CONFIG,\n sessions: DEFAULT_SESSIONS_CONFIG,\n },\n tenantId: '',\n revokeRefreshTokensOnSignOut: true,\n enableCustomToken: false,\n debug: false,\n environment: 'production',\n basePath: '/api/auth',\n};\n\nexport interface ValidationResult {\n error?: NextResponse;\n data?: any;\n}\n\nexport interface ValidationConfig {\n cors?: CorsOptions;\n security?: SecurityOptions;\n endpoint?: {\n name: AuthEndpoint;\n config: EndpointConfig;\n };\n subEndpoint?: {\n name: SessionSubEndpoint;\n config: EndpointConfig;\n };\n requireIdToken?: boolean;\n requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n isValid: boolean;\n error?: Response;\n corsResponse?: Response;\n sessionData?: {\n body: any;\n idToken?: string;\n csrfToken?: string;\n };\n}\n\nexport type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';\n\nexport class CookieUtils {\n static getCookieName(namePrefix: string, tokenType: suffix): string {\n return `${namePrefix}.${tokenType}`;\n }\n\n static getCookieNames(namePrefix: string) {\n return {\n session: this.getCookieName(namePrefix, 'session'),\n id: this.getCookieName(namePrefix, 'id'),\n refresh: this.getCookieName(namePrefix, 'refresh'),\n signature: this.getCookieName(namePrefix, 'signature'),\n custom: this.getCookieName(namePrefix, 'custom'),\n };\n }\n\n static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig {\n return {\n path: cookieOptions.path ?? '/',\n httpOnly: cookieOptions.httpOnly ?? true,\n sameSite: cookieOptions.sameSite ?? 'lax',\n maxAge: cookieOptions.maxAge ?? 3600 * 24 * 7,\n };\n }\n\n static getFixedTokenConfig(\n tokenType: Exclude<suffix, 'session'>,\n ): TokenCookieConfig {\n const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];\n\n return {\n path: fixedConfig.path,\n httpOnly: fixedConfig.httpOnly,\n sameSite: fixedConfig.sameSite,\n maxAge: fixedConfig.maxAge,\n };\n }\n\n static validateSessionMaxAge(maxAge: number): boolean {\n const minAge = 300; // 5 minutes\n const maxAgeLimit = 3600 * 24 * 14; // 2 weeks\n return maxAge >= minAge && maxAge <= maxAgeLimit;\n }\n}\n\nexport {\n AuthEndpoint,\n CookieOptions,\n CorsOptions,\n SecurityOptions,\n SessionSubEndpoint,\n EndpointConfig,\n SessionEndpointConfig,\n TernSecureHandlerOptions,\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcO,MAAM,uBAAoC;AAAA,EAC/C,gBAAgB,CAAC;AAAA,EACjB,gBAAgB,CAAC,OAAO,MAAM;AAAA,EAC9B,gBAAgB,CAAC,gBAAgB,iBAAiB,kBAAkB;AAAA,EACpE,kBAAkB;AAAA,EAClB,QAAQ;AAAA;AACV;AAEO,MAAM,iCAAgD;AAAA,EAC3D,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,EACvB,UAAU;AACZ;AAEO,MAAM,0CAAyD;AAAA,EACpE,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,EACvB,UAAU;AACZ;AAGO,MAAM,sBAAsB;AAAA,EACjC,IAAI;AAAA,IACF,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ;AAAA;AAAA,EACV;AAAA,EACA,SAAS;AAAA,IACP,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,WAAW;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AACF;AAEO,MAAM,2BAA4C;AAAA,EACvD,aAAa;AAAA,EACb,iBAAiB,CAAC;AAAA,EAClB,iBAAiB,CAAC;AAAA,EAClB,aAAa,CAAC;AAAA,EACd,WAAW;AAAA,IACT,OAAO,CAAC;AAAA,IACR,OAAO,CAAC;AAAA,EACV;AACF;AAEO,MAAM,0BAA0C;AAAA,EACrD,SAAS;AAAA,EACT,SAAS,CAAC,OAAO,MAAM;AAAA,EACvB,aAAa;AAAA,EACb,UAAU;AACZ;AAEO,MAAM,gCAAsD;AAAA,EACjE,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,KAAK;AAAA,MACH,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAAiD;AAAA,EAC5D,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAET;AAAA,EACF,MAAM;AAAA,EACN,SAAS;AAAA,EACT,WAAW;AAAA,IACT,UAAU,KAAK,KAAK;AAAA;AAAA,IACpB,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB;AAAA,EACA,UAAU;AAAA,EACV,WAAW;AAAA,IACT,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA,UAAU;AAAA,EACV,8BAA8B;AAAA,EAC9B,mBAAmB;AAAA,EACnB,OAAO;AAAA,EACP,aAAa;AAAA,EACb,UAAU;AACZ;AAmCO,MAAM,YAAY;AAAA,EACvB,OAAO,cAAc,YAAoB,WAA2B;AAClE,WAAO,GAAG,UAAU,IAAI,SAAS;AAAA,EACnC;AAAA,EAEA,OAAO,eAAe,YAAoB;AACxC,WAAO;AAAA,MACL,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,IAAI,KAAK,cAAc,YAAY,IAAI;AAAA,MACvC,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,WAAW,KAAK,cAAc,YAAY,WAAW;AAAA,MACrD,QAAQ,KAAK,cAAc,YAAY,QAAQ;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB,eAAiD;AACvE,WAAO;AAAA,MACL,MAAM,cAAc,QAAQ;AAAA,MAC5B,UAAU,cAAc,YAAY;AAAA,MACpC,UAAU,cAAc,YAAY;AAAA,MACpC,QAAQ,cAAc,UAAU,OAAO,KAAK;AAAA,IAC9C;AAAA,EACF;AAAA,EAEA,OAAO,oBACL,WACmB;AACnB,UAAM,cAAc,oBAAoB,SAAS;AAEjD,WAAO;AAAA,MACL,MAAM,YAAY;AAAA,MAClB,UAAU,YAAY;AAAA,MACtB,UAAU,YAAY;AAAA,MACtB,QAAQ,YAAY;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,OAAO,sBAAsB,QAAyB;AACpD,UAAM,SAAS;AACf,UAAM,cAAc,OAAO,KAAK;AAChC,WAAO,UAAU,UAAU,UAAU;AAAA,EACvC;AACF;","names":[]}
package/dist/cjs/app-router/server/TernSecureProvider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/app-router/server/TernSecureProvider.tsx"],"sourcesContent":["import type { TernSecureStateExtended } from '@tern-secure/types';\nimport type { ReactNode } from 'react';\nimport React from 'react';\n\nimport { PromiseAuthProvider } from '../../boundary/PromiseAuthProvider';\nimport { getTernSecureAuthData } from '../../server/data/getAuthDataFromRequest';\nimport { isNext13 } from '../../server/sdk-versions';\nimport type { TernSecureNextProps } from '../../types';\nimport { allNextProviderPropsWithEnv } from '../../utils/allNextProviderProps';\nimport { ClientTernSecureProvider } from '../client/TernSecureProvider';\nimport { buildRequestLike } from './utils';\n\nconst getTernSecureState = React.cache(async function getTernSecureState() {\n const request = await buildRequestLike();\n const data = getTernSecureAuthData(request);\n return data;\n});\n\nexport async function TernSecureProvider(props: TernSecureNextProps) {\n const { children, ...rest } = props;\n const { persistence } = rest;\n\n const browserCookiePersistence = persistence === 'browserCookie';\n\n async function generateStatePromise() {\n if (!browserCookiePersistence) {\n return Promise.resolve(undefined);\n }\n if (isNext13) {\n return Promise.resolve(await getTernSecureState());\n }\n return getTernSecureState();\n }\n\n const providerProps = allNextProviderPropsWithEnv({ ...rest });\n\n let output: ReactNode;\n\n if (browserCookiePersistence) {\n output = (\n <PromiseAuthProvider\n authPromise={generateStatePromise() as unknown as Promise<TernSecureStateExtended>}\n >\n <ClientTernSecureProvider\n {...providerProps}\n initialState={await generateStatePromise()}\n >\n {children}\n </ClientTernSecureProvider>\n </PromiseAuthProvider>\n );\n } else {\n output = (\n <ClientTernSecureProvider\n {...providerProps}\n >\n {children}\n </ClientTernSecureProvider>\n );\n }\n\n return output;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA2CQ;AAzCR,mBAAkB;AAElB,iCAAoC;AACpC,oCAAsC;AACtC,0BAAyB;AAEzB,kCAA4C;AAC5C,gCAAyC;AACzC,mBAAiC;AAEjC,MAAM,qBAAqB,aAAAA,QAAM,MAAM,eAAeC,sBAAqB;AACzE,QAAM,UAAU,UAAM,+BAAiB;AACvC,QAAM,WAAO,qDAAsB,OAAO;AAC1C,SAAO;AACT,CAAC;AAED,eAAsB,mBAAmB,OAA4B;AACnE,QAAM,EAAE,UAAU,GAAG,KAAK,IAAI;AAC9B,QAAM,EAAE,YAAY,IAAI;AAExB,QAAM,2BAA2B,gBAAgB;AAEjD,iBAAe,uBAAuB;AACpC,QAAI,CAAC,0BAA0B;AAC7B,aAAO,QAAQ,QAAQ,MAAS;AAAA,IAClC;AACA,QAAI,8BAAU;AACZ,aAAO,QAAQ,QAAQ,MAAM,mBAAmB,CAAC;AAAA,IACnD;AACA,WAAO,mBAAmB;AAAA,EAC5B;AAEA,QAAM,oBAAgB,yDAA4B,EAAE,GAAG,KAAK,CAAC;AAE7D,MAAI;AAEJ,MAAI,0BAA0B;AAC5B,aACE;AAAA,MAAC;AAAA;AAAA,QACC,aAAa,qBAAqB;AAAA,QAElC;AAAA,UAAC;AAAA;AAAA,YACE,GAAG;AAAA,YACJ,cAAc,MAAM,qBAAqB;AAAA,YAExC;AAAA;AAAA,QACH;AAAA;AAAA,IACF;AAAA,EAEJ,OAAO;AACL,aACE;AAAA,MAAC;AAAA;AAAA,QACE,GAAG;AAAA,QAEH;AAAA;AAAA,IACH;AAAA,EAEJ;AAEA,SAAO;AACT;","names":["React","getTernSecureState"]}
1
+ {"version":3,"sources":["../../../../src/app-router/server/TernSecureProvider.tsx"],"sourcesContent":["import type { TernSecureInitialState } from '@tern-secure/types';\nimport type { ReactNode } from 'react';\nimport React from 'react';\n\nimport { PromiseAuthProvider } from '../../boundary/PromiseAuthProvider';\nimport { getTernSecureAuthData } from '../../server/data/getAuthDataFromRequest';\nimport { isNext13 } from '../../server/sdk-versions';\nimport type { TernSecureNextProps } from '../../types';\nimport { allNextProviderPropsWithEnv } from '../../utils/allNextProviderProps';\nimport { ClientTernSecureProvider } from '../client/TernSecureProvider';\nimport { buildRequestLike } from './utils';\n\nconst getTernSecureState = React.cache(async function getTernSecureState() {\n const request = await buildRequestLike();\n const data = getTernSecureAuthData(request);\n return data;\n});\n\nexport async function TernSecureProvider(props: TernSecureNextProps) {\n const { children, ...rest } = props;\n const { persistence } = rest;\n\n const browserCookiePersistence = persistence === 'browserCookie';\n\n async function generateStatePromise() {\n if (!browserCookiePersistence) {\n return Promise.resolve(undefined);\n }\n if (isNext13) {\n return Promise.resolve(await getTernSecureState());\n }\n return getTernSecureState();\n }\n\n const providerProps = allNextProviderPropsWithEnv({ ...rest });\n\n let output: ReactNode;\n\n if (browserCookiePersistence) {\n output = (\n <PromiseAuthProvider\n authPromise={generateStatePromise() as unknown as Promise<TernSecureInitialState>}\n >\n <ClientTernSecureProvider\n {...providerProps}\n initialState={await generateStatePromise()}\n >\n {children}\n </ClientTernSecureProvider>\n </PromiseAuthProvider>\n );\n } else {\n output = (\n <ClientTernSecureProvider\n {...providerProps}\n >\n {children}\n </ClientTernSecureProvider>\n );\n }\n\n return output;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA2CQ;AAzCR,mBAAkB;AAElB,iCAAoC;AACpC,oCAAsC;AACtC,0BAAyB;AAEzB,kCAA4C;AAC5C,gCAAyC;AACzC,mBAAiC;AAEjC,MAAM,qBAAqB,aAAAA,QAAM,MAAM,eAAeC,sBAAqB;AACzE,QAAM,UAAU,UAAM,+BAAiB;AACvC,QAAM,WAAO,qDAAsB,OAAO;AAC1C,SAAO;AACT,CAAC;AAED,eAAsB,mBAAmB,OAA4B;AACnE,QAAM,EAAE,UAAU,GAAG,KAAK,IAAI;AAC9B,QAAM,EAAE,YAAY,IAAI;AAExB,QAAM,2BAA2B,gBAAgB;AAEjD,iBAAe,uBAAuB;AACpC,QAAI,CAAC,0BAA0B;AAC7B,aAAO,QAAQ,QAAQ,MAAS;AAAA,IAClC;AACA,QAAI,8BAAU;AACZ,aAAO,QAAQ,QAAQ,MAAM,mBAAmB,CAAC;AAAA,IACnD;AACA,WAAO,mBAAmB;AAAA,EAC5B;AAEA,QAAM,oBAAgB,yDAA4B,EAAE,GAAG,KAAK,CAAC;AAE7D,MAAI;AAEJ,MAAI,0BAA0B;AAC5B,aACE;AAAA,MAAC;AAAA;AAAA,QACC,aAAa,qBAAqB;AAAA,QAElC;AAAA,UAAC;AAAA;AAAA,YACE,GAAG;AAAA,YACJ,cAAc,MAAM,qBAAqB;AAAA,YAExC;AAAA;AAAA,QACH;AAAA;AAAA,IACF;AAAA,EAEJ,OAAO;AACL,aACE;AAAA,MAAC;AAAA;AAAA,QACE,GAAG;AAAA,QAEH;AAAA;AAAA,IACH;AAAA,EAEJ;AAEA,SAAO;AACT;","names":["React","getTernSecureState"]}
package/dist/cjs/app-router/server/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["import type { AuthObject, RedirectFun } from '@tern-secure/backend';\r\nimport { createRedirect, createTernSecureRequest } from '@tern-secure/backend';\r\nimport { notFound, redirect } from 'next/navigation';\r\n\r\nimport { SIGN_IN_URL, SIGN_UP_URL } from '../../server/constant';\r\nimport { getAuthDataFromRequest } from '../../server/data/getAuthDataFromRequest';\r\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\r\nimport { type AuthProtect, createProtect } from '../../server/protect';\r\nimport type { BaseUser, RequestLike } from '../../server/types';\r\nimport { buildRequestLike } from './utils';\r\n\r\nexport interface AuthResult {\r\n user: BaseUser | null;\r\n error: Error | null;\r\n}\r\n\r\n/**\r\n * `Auth` object of the currently active user and the `redirectToSignIn()` method.\r\n */\r\ntype Auth = AuthObject & {\r\n redirectToSignIn: RedirectFun<ReturnType<typeof redirect>>;\r\n redirectToSignUp: RedirectFun<ReturnType<typeof redirect>>;\r\n};\r\n\r\nexport interface AuthFn {\r\n (): Promise<Auth>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\nconst createAuthObject = () => {\r\n return async (req: RequestLike) => {\r\n return getAuthDataFromRequest(req);\r\n };\r\n};\r\n\r\n/**\r\n * Get the current authenticated user from the session or token\r\n */\r\nexport const auth: AuthFn = async () => {\r\n // eslint-disable-next-line @typescript-eslint/no-require-imports\r\n require('server-only');\r\n\r\n const request = await buildRequestLike();\r\n\r\n const authObject = await createAuthObject()(request);\r\n\r\n const ternUrl = getAuthKeyFromRequest(request, 'TernSecureUrl');\r\n\r\n const createRedirectForRequest = (...args: Parameters<RedirectFun<never>>) => {\r\n const { returnBackUrl } = args[0] || {};\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n return [\r\n createRedirect({\r\n redirectAdapter: redirect,\r\n baseUrl: ternSecureRequest.ternUrl.toString(),\r\n signInUrl: SIGN_IN_URL,\r\n signUpUrl: SIGN_UP_URL,\r\n }),\r\n returnBackUrl === null ? '' : returnBackUrl || ternUrl?.toString(),\r\n ] as const;\r\n };\r\n\r\n const redirectToSignIn: RedirectFun<never> = (opts = {}) => {\r\n const [r, returnBackUrl] = createRedirectForRequest(opts);\r\n return r.redirectToSignIn({\r\n returnBackUrl,\r\n });\r\n };\r\n\r\n const redirectToSignUp: RedirectFun<never> = (opts = {}) => {\r\n const [r, returnBackUrl] = createRedirectForRequest(opts);\r\n return r.redirectToSignUp({\r\n returnBackUrl,\r\n });\r\n };\r\n\r\n return Object.assign(authObject, { redirectToSignIn, redirectToSignUp });\r\n};\r\n\r\nauth.protect = async (...args: any[]) => {\r\n // eslint-disable-next-line @typescript-eslint/no-require-imports\r\n require('server-only');\r\n\r\n const request = await buildRequestLike();\r\n const authObject = await auth();\r\n\r\n const protect = createProtect({\r\n request,\r\n authObject,\r\n redirectToSignIn: authObject.redirectToSignIn,\r\n notFound,\r\n redirect,\r\n });\r\n\r\n return protect(...args);\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAAwD;AACxD,wBAAmC;AAEnC,sBAAyC;AACzC,oCAAuC;AACvC,2BAAsC;AACtC,qBAAgD;AAEhD,mBAAiC;AAqBjC,MAAM,mBAAmB,MAAM;AAC7B,SAAO,OAAO,QAAqB;AACjC,eAAO,sDAAuB,GAAG;AAAA,EACnC;AACF;AAKO,MAAM,OAAe,YAAY;AAEtC,UAAQ,aAAa;AAErB,QAAM,UAAU,UAAM,+BAAiB;AAEvC,QAAM,aAAa,MAAM,iBAAiB,EAAE,OAAO;AAEnD,QAAM,cAAU,4CAAsB,SAAS,eAAe;AAE9D,QAAM,2BAA2B,IAAI,SAAyC;AAC5E,UAAM,EAAE,cAAc,IAAI,KAAK,CAAC,KAAK,CAAC;AACtC,UAAM,wBAAoB,wCAAwB,OAAO;AAEzD,WAAO;AAAA,UACL,+BAAe;AAAA,QACb,iBAAiB;AAAA,QACjB,SAAS,kBAAkB,QAAQ,SAAS;AAAA,QAC5C,WAAW;AAAA,QACX,WAAW;AAAA,MACb,CAAC;AAAA,MACD,kBAAkB,OAAO,KAAK,iBAAiB,SAAS,SAAS;AAAA,IACnE;AAAA,EACF;AAEA,QAAM,mBAAuC,CAAC,OAAO,CAAC,MAAM;AAC1D,UAAM,CAAC,GAAG,aAAa,IAAI,yBAAyB,IAAI;AACxD,WAAO,EAAE,iBAAiB;AAAA,MACxB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,QAAM,mBAAuC,CAAC,OAAO,CAAC,MAAM;AAC1D,UAAM,CAAC,GAAG,aAAa,IAAI,yBAAyB,IAAI;AACxD,WAAO,EAAE,iBAAiB;AAAA,MACxB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO,OAAO,OAAO,YAAY,EAAE,kBAAkB,iBAAiB,CAAC;AACzE;AAEA,KAAK,UAAU,UAAU,SAAgB;AAEvC,UAAQ,aAAa;AAErB,QAAM,UAAU,UAAM,+BAAiB;AACvC,QAAM,aAAa,MAAM,KAAK;AAE9B,QAAM,cAAU,8BAAc;AAAA,IAC5B;AAAA,IACA;AAAA,IACA,kBAAkB,WAAW;AAAA,IAC7B;AAAA,IACA;AAAA,EACF,CAAC;AAED,SAAO,QAAQ,GAAG,IAAI;AACxB;","names":[]}
1
+ {"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["import type { AuthObject, RedirectFun } from '@tern-secure/backend';\r\nimport { createRedirect, createTernSecureRequest } from '@tern-secure/backend';\r\nimport { notFound, redirect } from 'next/navigation';\r\n\r\nimport { SIGN_IN_URL, SIGN_UP_URL } from '../../server/constant';\r\nimport { type Aobj, getAuthDataFromRequest } from '../../server/data/getAuthDataFromRequest';\r\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\r\nimport { type AuthProtect, createProtect } from '../../server/protect';\r\nimport type { BaseUser, RequestLike } from '../../server/types';\r\nimport { buildRequestLike } from './utils';\r\n\r\n/**\r\n * @deprecated will be removed in future versions.\r\n*/\r\nexport interface AuthResult {\r\n user: BaseUser | null;\r\n error: Error | null;\r\n}\r\n\r\n/**\r\n * `Auth` object of the currently active user and the `redirectToSignIn()` method.\r\n */\r\ntype Auth = AuthObject & Aobj & {\r\n redirectToSignIn: RedirectFun<ReturnType<typeof redirect>>;\r\n redirectToSignUp: RedirectFun<ReturnType<typeof redirect>>;\r\n};\r\n\r\nexport interface AuthFn {\r\n (): Promise<Auth>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\nconst createAuthObject = () => {\r\n return async (req: RequestLike) => {\r\n return getAuthDataFromRequest(req);\r\n };\r\n};\r\n\r\n/**\r\n * Get the current authenticated user from the session or token\r\n */\r\nexport const auth: AuthFn = async () => {\r\n // eslint-disable-next-line @typescript-eslint/no-require-imports\r\n require('server-only');\r\n\r\n const request = await buildRequestLike();\r\n\r\n const authObject = await createAuthObject()(request);\r\n\r\n const ternUrl = getAuthKeyFromRequest(request, 'TernSecureUrl');\r\n\r\n const createRedirectForRequest = (...args: Parameters<RedirectFun<never>>) => {\r\n const { returnBackUrl } = args[0] || {};\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n return [\r\n createRedirect({\r\n redirectAdapter: redirect,\r\n baseUrl: ternSecureRequest.ternUrl.toString(),\r\n signInUrl: SIGN_IN_URL,\r\n signUpUrl: SIGN_UP_URL,\r\n }),\r\n returnBackUrl === null ? '' : returnBackUrl || ternUrl?.toString(),\r\n ] as const;\r\n };\r\n\r\n const redirectToSignIn: RedirectFun<never> = (opts = {}) => {\r\n const [r, returnBackUrl] = createRedirectForRequest(opts);\r\n return r.redirectToSignIn({\r\n returnBackUrl,\r\n });\r\n };\r\n\r\n const redirectToSignUp: RedirectFun<never> = (opts = {}) => {\r\n const [r, returnBackUrl] = createRedirectForRequest(opts);\r\n return r.redirectToSignUp({\r\n returnBackUrl,\r\n });\r\n };\r\n\r\n return Object.assign(authObject, { redirectToSignIn, redirectToSignUp });\r\n};\r\n\r\nauth.protect = async (...args: any[]) => {\r\n // eslint-disable-next-line @typescript-eslint/no-require-imports\r\n require('server-only');\r\n\r\n const request = await buildRequestLike();\r\n const authObject = await auth();\r\n\r\n const protect = createProtect({\r\n request,\r\n authObject,\r\n redirectToSignIn: authObject.redirectToSignIn,\r\n notFound,\r\n redirect,\r\n });\r\n\r\n return protect(...args);\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAAwD;AACxD,wBAAmC;AAEnC,sBAAyC;AACzC,oCAAkD;AAClD,2BAAsC;AACtC,qBAAgD;AAEhD,mBAAiC;AAwBjC,MAAM,mBAAmB,MAAM;AAC7B,SAAO,OAAO,QAAqB;AACjC,eAAO,sDAAuB,GAAG;AAAA,EACnC;AACF;AAKO,MAAM,OAAe,YAAY;AAEtC,UAAQ,aAAa;AAErB,QAAM,UAAU,UAAM,+BAAiB;AAEvC,QAAM,aAAa,MAAM,iBAAiB,EAAE,OAAO;AAEnD,QAAM,cAAU,4CAAsB,SAAS,eAAe;AAE9D,QAAM,2BAA2B,IAAI,SAAyC;AAC5E,UAAM,EAAE,cAAc,IAAI,KAAK,CAAC,KAAK,CAAC;AACtC,UAAM,wBAAoB,wCAAwB,OAAO;AAEzD,WAAO;AAAA,UACL,+BAAe;AAAA,QACb,iBAAiB;AAAA,QACjB,SAAS,kBAAkB,QAAQ,SAAS;AAAA,QAC5C,WAAW;AAAA,QACX,WAAW;AAAA,MACb,CAAC;AAAA,MACD,kBAAkB,OAAO,KAAK,iBAAiB,SAAS,SAAS;AAAA,IACnE;AAAA,EACF;AAEA,QAAM,mBAAuC,CAAC,OAAO,CAAC,MAAM;AAC1D,UAAM,CAAC,GAAG,aAAa,IAAI,yBAAyB,IAAI;AACxD,WAAO,EAAE,iBAAiB;AAAA,MACxB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,QAAM,mBAAuC,CAAC,OAAO,CAAC,MAAM;AAC1D,UAAM,CAAC,GAAG,aAAa,IAAI,yBAAyB,IAAI;AACxD,WAAO,EAAE,iBAAiB;AAAA,MACxB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO,OAAO,OAAO,YAAY,EAAE,kBAAkB,iBAAiB,CAAC;AACzE;AAEA,KAAK,UAAU,UAAU,SAAgB;AAEvC,UAAQ,aAAa;AAErB,QAAM,UAAU,UAAM,+BAAiB;AACvC,QAAM,aAAa,MAAM,KAAK;AAE9B,QAAM,cAAU,8BAAc;AAAA,IAC5B;AAAA,IACA;AAAA,IACA,kBAAkB,WAAW;AAAA,IAC7B;AAAA,IACA;AAAA,EACF,CAAC;AAED,SAAO,QAAQ,GAAG,IAAI;AACxB;","names":[]}
package/dist/cjs/boundary/PromiseAuthProvider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/boundary/PromiseAuthProvider.tsx"],"sourcesContent":["'use client';\n\nimport { useAuth, useDeriveAuth } from '@tern-secure/react';\nimport type { TernSecureStateExtended } from '@tern-secure/types';\nimport { useRouter } from 'next/compat/router';\nimport React from 'react';\n\nconst PromiseAuthContext = React.createContext<\n Promise<TernSecureStateExtended> | TernSecureStateExtended | null\n>(null);\n\nexport function PromiseAuthProvider({\n authPromise,\n children,\n}: {\n authPromise: Promise<TernSecureStateExtended> | TernSecureStateExtended;\n children: React.ReactNode;\n}) {\n return <PromiseAuthContext.Provider value={authPromise}>{children}</PromiseAuthContext.Provider>;\n}\n\nexport function usePromiseAuth() {\n const isPagesRouter = useRouter();\n const valueFromContext = React.useContext(PromiseAuthContext);\n\n let resolvedData = valueFromContext;\n if (valueFromContext && 'then' in valueFromContext) {\n resolvedData = React.use(valueFromContext);\n }\n\n if (typeof window === 'undefined') {\n // Pages router should always use useAuth as it is able to grab initial auth state from context during SSR.\n if (isPagesRouter) {\n return useAuth();\n }\n\n return useDeriveAuth({ ...resolvedData });\n } else {\n return useAuth();\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAkBS;AAhBT,mBAAuC;AAEvC,oBAA0B;AAC1B,IAAAA,gBAAkB;AAElB,MAAM,qBAAqB,cAAAC,QAAM,cAE/B,IAAI;AAEC,SAAS,oBAAoB;AAAA,EAClC;AAAA,EACA;AACF,GAGG;AACD,SAAO,4CAAC,mBAAmB,UAAnB,EAA4B,OAAO,aAAc,UAAS;AACpE;AAEO,SAAS,iBAAiB;AAC/B,QAAM,oBAAgB,yBAAU;AAChC,QAAM,mBAAmB,cAAAA,QAAM,WAAW,kBAAkB;AAE5D,MAAI,eAAe;AACnB,MAAI,oBAAoB,UAAU,kBAAkB;AAClD,mBAAe,cAAAA,QAAM,IAAI,gBAAgB;AAAA,EAC3C;AAEA,MAAI,OAAO,WAAW,aAAa;AAEjC,QAAI,eAAe;AACjB,iBAAO,sBAAQ;AAAA,IACjB;AAEA,eAAO,4BAAc,EAAE,GAAG,aAAa,CAAC;AAAA,EAC1C,OAAO;AACL,eAAO,sBAAQ;AAAA,EACjB;AACF;","names":["import_react","React"]}
1
+ {"version":3,"sources":["../../../src/boundary/PromiseAuthProvider.tsx"],"sourcesContent":["'use client';\n\nimport { useAuth, useDeriveAuth } from '@tern-secure/react';\nimport type { TernSecureInitialState } from '@tern-secure/types';\nimport { useRouter } from 'next/compat/router';\nimport React from 'react';\n\nconst PromiseAuthContext = React.createContext<\n Promise<TernSecureInitialState> | TernSecureInitialState | null\n>(null);\n\nexport function PromiseAuthProvider({\n authPromise,\n children,\n}: {\n authPromise: Promise<TernSecureInitialState> | TernSecureInitialState;\n children: React.ReactNode;\n}) {\n return <PromiseAuthContext.Provider value={authPromise}>{children}</PromiseAuthContext.Provider>;\n}\n\nexport function usePromiseAuth() {\n const isPagesRouter = useRouter();\n const valueFromContext = React.useContext(PromiseAuthContext);\n\n let resolvedData = valueFromContext;\n if (valueFromContext && 'then' in valueFromContext) {\n resolvedData = React.use(valueFromContext);\n }\n\n if (typeof window === 'undefined') {\n // Pages router should always use useAuth as it is able to grab initial auth state from context during SSR.\n if (isPagesRouter) {\n return useAuth();\n }\n\n return useDeriveAuth({ ...resolvedData });\n } else {\n return useAuth();\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAkBS;AAhBT,mBAAuC;AAEvC,oBAA0B;AAC1B,IAAAA,gBAAkB;AAElB,MAAM,qBAAqB,cAAAC,QAAM,cAE/B,IAAI;AAEC,SAAS,oBAAoB;AAAA,EAClC;AAAA,EACA;AACF,GAGG;AACD,SAAO,4CAAC,mBAAmB,UAAnB,EAA4B,OAAO,aAAc,UAAS;AACpE;AAEO,SAAS,iBAAiB;AAC/B,QAAM,oBAAgB,yBAAU;AAChC,QAAM,mBAAmB,cAAAA,QAAM,WAAW,kBAAkB;AAE5D,MAAI,eAAe;AACnB,MAAI,oBAAoB,UAAU,kBAAkB;AAClD,mBAAe,cAAAA,QAAM,IAAI,gBAAgB;AAAA,EAC3C;AAEA,MAAI,OAAO,WAAW,aAAa;AAEjC,QAAI,eAAe;AACjB,iBAAO,sBAAQ;AAAA,IACjB;AAEA,eAAO,4BAAc,EAAE,GAAG,aAAa,CAAC;AAAA,EAC1C,OAAO;AACL,eAAO,sBAAQ;AAAA,EACjB;AACF;","names":["import_react","React"]}
package/dist/cjs/boundary/PromiseAuthProviderNode.js ADDED
@@ -0,0 +1,68 @@
1
+ "use strict";
2
+ "use client";
3
+ var __create = Object.create;
4
+ var __defProp = Object.defineProperty;
5
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
6
+ var __getOwnPropNames = Object.getOwnPropertyNames;
7
+ var __getProtoOf = Object.getPrototypeOf;
8
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
9
+ var __export = (target, all) => {
10
+ for (var name in all)
11
+ __defProp(target, name, { get: all[name], enumerable: true });
12
+ };
13
+ var __copyProps = (to, from, except, desc) => {
14
+ if (from && typeof from === "object" || typeof from === "function") {
15
+ for (let key of __getOwnPropNames(from))
16
+ if (!__hasOwnProp.call(to, key) && key !== except)
17
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
18
+ }
19
+ return to;
20
+ };
21
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
22
+ // If the importer is in node compatibility mode or this is not an ESM
23
+ // file that has been converted to a CommonJS file using a Babel-
24
+ // compatible transform (i.e. "__esModule" has not been set), then set
25
+ // "default" to the CommonJS "module.exports" for node compatibility.
26
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
27
+ mod
28
+ ));
29
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
30
+ var PromiseAuthProviderNode_exports = {};
31
+ __export(PromiseAuthProviderNode_exports, {
32
+ PromiseAuthProviderNode: () => PromiseAuthProviderNode,
33
+ usePromiseAuthNode: () => usePromiseAuthNode
34
+ });
35
+ module.exports = __toCommonJS(PromiseAuthProviderNode_exports);
36
+ var import_jsx_runtime = require("react/jsx-runtime");
37
+ var import_react = require("@tern-secure/react");
38
+ var import_router = require("next/compat/router");
39
+ var import_react2 = __toESM(require("react"));
40
+ const PromiseAuthContext = import_react2.default.createContext(null);
41
+ function PromiseAuthProviderNode({
42
+ authPromise,
43
+ children
44
+ }) {
45
+ return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(PromiseAuthContext.Provider, { value: authPromise, children });
46
+ }
47
+ function usePromiseAuthNode() {
48
+ const isPagesRouter = (0, import_router.useRouter)();
49
+ const valueFromContext = import_react2.default.useContext(PromiseAuthContext);
50
+ let resolvedData = valueFromContext;
51
+ if (valueFromContext && "then" in valueFromContext) {
52
+ resolvedData = import_react2.default.use(valueFromContext);
53
+ }
54
+ if (typeof window === "undefined") {
55
+ if (isPagesRouter) {
56
+ return (0, import_react.useAuth)();
57
+ }
58
+ return (0, import_react.useDeriveAuth)({ ...resolvedData });
59
+ } else {
60
+ return (0, import_react.useAuth)({ ...resolvedData });
61
+ }
62
+ }
63
+ // Annotate the CommonJS export names for ESM import in node:
64
+ 0 && (module.exports = {
65
+ PromiseAuthProviderNode,
66
+ usePromiseAuthNode
67
+ });
68
+ //# sourceMappingURL=PromiseAuthProviderNode.js.map
package/dist/cjs/boundary/PromiseAuthProviderNode.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../src/boundary/PromiseAuthProviderNode.tsx"],"sourcesContent":["'use client';\n\nimport { useAuth, useDeriveAuth } from '@tern-secure/react';\nimport type { DecodedIdToken, TernSecureUser } from '@tern-secure/types';\nimport { useRouter } from 'next/compat/router';\nimport React from 'react';\n\ntype TernSecureInitialState = {\n user?: TernSecureUser | null;\n token?: string | null;\n sessionClaims?: DecodedIdToken | null;\n};\n\nconst PromiseAuthContext = React.createContext<\n Promise<TernSecureInitialState> | TernSecureInitialState | null\n>(null);\n\nexport function PromiseAuthProviderNode({\n authPromise,\n children,\n}: {\n authPromise: Promise<TernSecureInitialState> | TernSecureInitialState;\n children: React.ReactNode;\n}) {\n return <PromiseAuthContext.Provider value={authPromise}>{children}</PromiseAuthContext.Provider>;\n}\n\nexport function usePromiseAuthNode() {\n const isPagesRouter = useRouter();\n const valueFromContext = React.useContext(PromiseAuthContext);\n\n let resolvedData = valueFromContext;\n if (valueFromContext && 'then' in valueFromContext) {\n resolvedData = React.use(valueFromContext);\n }\n\n if (typeof window === 'undefined') {\n // Pages router should always use useAuth as it is able to grab initial auth state from context during SSR.\n if (isPagesRouter) {\n return useAuth();\n }\n\n return useDeriveAuth({ ...resolvedData });\n } else {\n return useAuth({ ...resolvedData });\n }\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAwBS;AAtBT,mBAAuC;AAEvC,oBAA0B;AAC1B,IAAAA,gBAAkB;AAQlB,MAAM,qBAAqB,cAAAC,QAAM,cAE/B,IAAI;AAEC,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA;AACF,GAGG;AACD,SAAO,4CAAC,mBAAmB,UAAnB,EAA4B,OAAO,aAAc,UAAS;AACpE;AAEO,SAAS,qBAAqB;AACnC,QAAM,oBAAgB,yBAAU;AAChC,QAAM,mBAAmB,cAAAA,QAAM,WAAW,kBAAkB;AAE5D,MAAI,eAAe;AACnB,MAAI,oBAAoB,UAAU,kBAAkB;AAClD,mBAAe,cAAAA,QAAM,IAAI,gBAAgB;AAAA,EAC3C;AAEA,MAAI,OAAO,WAAW,aAAa;AAEjC,QAAI,eAAe;AACjB,iBAAO,sBAAQ;AAAA,IACjB;AAEA,eAAO,4BAAc,EAAE,GAAG,aAAa,CAAC;AAAA,EAC1C,OAAO;AACL,eAAO,sBAAQ,EAAE,GAAG,aAAa,CAAC;AAAA,EACpC;AACF;","names":["import_react","React"]}
package/dist/cjs/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureProvider } from './app-router/server/TernSecureProvider';\r\nexport {\r\n useAuth,\r\n useIdToken,\r\n useSession,\r\n useSignIn,\r\n useSignUp,\r\n signIn,\r\n useSignInContext,\r\n useSignUpContext,\r\n useTernSecure,\r\n SignInProvider,\r\n SignUpProvider,\r\n //SignIn,\r\n //SignOut,\r\n //SignOutButton,\r\n //SignUp,\r\n} from './boundary/components';\r\n\r\nexport type {\r\n TernSecureUser,\r\n TernSecureUserData,\r\n SignInResponse,\r\n SignUpResponse,\r\n SocialProviderOptions,\r\n} from '@tern-secure/types';\r\n\r\nexport type { UserInfo, SessionResult } from './types';\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gCAAmC;AACnC,wBAgBO;","names":[]}
1
+ {"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureProvider } from './app-router/server/TernSecureProvider';\r\nexport {\r\n useAuth,\r\n useIdToken,\r\n useSession,\r\n useSignIn,\r\n useSignUp,\r\n signIn,\r\n useSignInContext,\r\n useSignUpContext,\r\n useTernSecure,\r\n SignInProvider,\r\n SignUpProvider,\r\n} from './boundary/components';\r\n\r\nexport type {\r\n TernSecureUser,\r\n SignInResponse,\r\n SignUpResponse,\r\n SocialProviderOptions,\r\n} from '@tern-secure/types';\r\n\r\nexport type { UserInfo, SessionResult } from './types';\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gCAAmC;AACnC,wBAYO;","names":[]}
package/dist/cjs/server/constant.js CHANGED
@@ -21,10 +21,24 @@ __export(constant_exports, {
21
21
  API_KEY: () => API_KEY,
22
22
  API_URL: () => API_URL,
23
23
  API_VERSION: () => API_VERSION,
24
+ FIREBASE_API_KEY: () => FIREBASE_API_KEY,
25
+ FIREBASE_APP_ID: () => FIREBASE_APP_ID,
26
+ FIREBASE_AUTH_DOMAIN: () => FIREBASE_AUTH_DOMAIN,
27
+ FIREBASE_MEASUREMENT_ID: () => FIREBASE_MEASUREMENT_ID,
28
+ FIREBASE_MESSAGING_SENDER_ID: () => FIREBASE_MESSAGING_SENDER_ID,
29
+ FIREBASE_PROJECT_ID: () => FIREBASE_PROJECT_ID,
30
+ FIREBASE_STORAGE_BUCKET: () => FIREBASE_STORAGE_BUCKET,
24
31
  SIGN_IN_URL: () => SIGN_IN_URL,
25
32
  SIGN_UP_URL: () => SIGN_UP_URL
26
33
  });
27
34
  module.exports = __toCommonJS(constant_exports);
35
+ const FIREBASE_API_KEY = process.env.NEXT_PUBLIC_FIREBASE_API_KEY || "";
36
+ const FIREBASE_AUTH_DOMAIN = process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || "";
37
+ const FIREBASE_PROJECT_ID = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || "";
38
+ const FIREBASE_STORAGE_BUCKET = process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || "";
39
+ const FIREBASE_MESSAGING_SENDER_ID = process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || "";
40
+ const FIREBASE_APP_ID = process.env.NEXT_PUBLIC_FIREBASE_APP_ID || "";
41
+ const FIREBASE_MEASUREMENT_ID = process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID || "";
28
42
  const API_KEY = process.env.NEXT_PUBLIC_FIREBASE_API_KEY || "";
29
43
  const API_URL = process.env.TERNSECURE_API_URL || "";
30
44
  const API_VERSION = process.env.TERNSECURE_API_VERSION || "v1";
@@ -35,6 +49,13 @@ const SIGN_UP_URL = process.env.NEXT_PUBLIC_SIGN_UP_URL || "";
35
49
  API_KEY,
36
50
  API_URL,
37
51
  API_VERSION,
52
+ FIREBASE_API_KEY,
53
+ FIREBASE_APP_ID,
54
+ FIREBASE_AUTH_DOMAIN,
55
+ FIREBASE_MEASUREMENT_ID,
56
+ FIREBASE_MESSAGING_SENDER_ID,
57
+ FIREBASE_PROJECT_ID,
58
+ FIREBASE_STORAGE_BUCKET,
38
59
  SIGN_IN_URL,
39
60
  SIGN_UP_URL
40
61
  });
package/dist/cjs/server/constant.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/server/constant.ts"],"sourcesContent":["export const API_KEY = process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '';\nexport const API_URL = process.env.TERNSECURE_API_URL || '';\nexport const API_VERSION = process.env.TERNSECURE_API_VERSION || 'v1';\nexport const SIGN_IN_URL = process.env.NEXT_PUBLIC_SIGN_IN_URL || '';\nexport const SIGN_UP_URL = process.env.NEXT_PUBLIC_SIGN_UP_URL || '';"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,MAAM,UAAU,QAAQ,IAAI,gCAAgC;AAC5D,MAAM,UAAU,QAAQ,IAAI,sBAAsB;AAClD,MAAM,cAAc,QAAQ,IAAI,0BAA0B;AAC1D,MAAM,cAAc,QAAQ,IAAI,2BAA2B;AAC3D,MAAM,cAAc,QAAQ,IAAI,2BAA2B;","names":[]}
1
+ {"version":3,"sources":["../../../src/server/constant.ts"],"sourcesContent":["export const FIREBASE_API_KEY = process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '';\nexport const FIREBASE_AUTH_DOMAIN = process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '';\nexport const FIREBASE_PROJECT_ID = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '';\nexport const FIREBASE_STORAGE_BUCKET = process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '';\nexport const FIREBASE_MESSAGING_SENDER_ID = process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '';\nexport const FIREBASE_APP_ID = process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '';\nexport const FIREBASE_MEASUREMENT_ID = process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID || '';\n\nexport const API_KEY = process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '';\nexport const API_URL = process.env.TERNSECURE_API_URL || '';\nexport const API_VERSION = process.env.TERNSECURE_API_VERSION || 'v1';\nexport const SIGN_IN_URL = process.env.NEXT_PUBLIC_SIGN_IN_URL || '';\nexport const SIGN_UP_URL = process.env.NEXT_PUBLIC_SIGN_UP_URL || '';"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,MAAM,mBAAmB,QAAQ,IAAI,gCAAgC;AACrE,MAAM,uBAAuB,QAAQ,IAAI,oCAAoC;AAC7E,MAAM,sBAAsB,QAAQ,IAAI,mCAAmC;AAC3E,MAAM,0BAA0B,QAAQ,IAAI,uCAAuC;AACnF,MAAM,+BAA+B,QAAQ,IAAI,4CAA4C;AAC7F,MAAM,kBAAkB,QAAQ,IAAI,+BAA+B;AACnE,MAAM,0BAA0B,QAAQ,IAAI,uCAAuC;AAEnF,MAAM,UAAU,QAAQ,IAAI,gCAAgC;AAC5D,MAAM,UAAU,QAAQ,IAAI,sBAAsB;AAClD,MAAM,cAAc,QAAQ,IAAI,0BAA0B;AAC1D,MAAM,cAAc,QAAQ,IAAI,2BAA2B;AAC3D,MAAM,cAAc,QAAQ,IAAI,2BAA2B;","names":[]}