@tern-secure/nextjs 5.2.0-canary.v20251029025859 → 5.2.0-canary.v20251108045933
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/admin/cookieOptionsHelper.js +28 -16
- package/dist/cjs/app-router/admin/cookieOptionsHelper.js.map +1 -1
- package/dist/cjs/app-router/admin/request.js +6 -1
- package/dist/cjs/app-router/admin/request.js.map +1 -1
- package/dist/cjs/app-router/admin/sessionHandlers.js +2 -1
- package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/cjs/app-router/admin/types.js +19 -10
- package/dist/cjs/app-router/admin/types.js.map +1 -1
- package/dist/cjs/app-router/server/TernSecureProvider.js.map +1 -1
- package/dist/cjs/app-router/server/auth.js.map +1 -1
- package/dist/cjs/boundary/PromiseAuthProvider.js.map +1 -1
- package/dist/cjs/boundary/PromiseAuthProviderNode.js +68 -0
- package/dist/cjs/boundary/PromiseAuthProviderNode.js.map +1 -0
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/server/constant.js +21 -0
- package/dist/cjs/server/constant.js.map +1 -1
- package/dist/cjs/server/data/getAuthDataFromRequest.js +109 -6
- package/dist/cjs/server/data/getAuthDataFromRequest.js.map +1 -1
- package/dist/cjs/server/index.js +6 -3
- package/dist/cjs/server/index.js.map +1 -1
- package/dist/cjs/server/instrumentation.js +52 -0
- package/dist/cjs/server/instrumentation.js.map +1 -0
- package/dist/cjs/server/{ternSecureEdgeMiddleware.js → ternSecureProxy.js} +18 -7
- package/dist/cjs/server/ternSecureProxy.js.map +1 -0
- package/dist/cjs/utils/allNextProviderProps.js +1 -0
- package/dist/cjs/utils/allNextProviderProps.js.map +1 -1
- package/dist/cjs/utils/config.js +1 -0
- package/dist/cjs/utils/config.js.map +1 -1
- package/dist/esm/app-router/admin/cookieOptionsHelper.js +26 -15
- package/dist/esm/app-router/admin/cookieOptionsHelper.js.map +1 -1
- package/dist/esm/app-router/admin/request.js +7 -2
- package/dist/esm/app-router/admin/request.js.map +1 -1
- package/dist/esm/app-router/admin/sessionHandlers.js +2 -1
- package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/esm/app-router/admin/types.js +17 -9
- package/dist/esm/app-router/admin/types.js.map +1 -1
- package/dist/esm/app-router/server/TernSecureProvider.js.map +1 -1
- package/dist/esm/app-router/server/auth.js.map +1 -1
- package/dist/esm/boundary/PromiseAuthProvider.js.map +1 -1
- package/dist/esm/boundary/PromiseAuthProviderNode.js +33 -0
- package/dist/esm/boundary/PromiseAuthProviderNode.js.map +1 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/server/constant.js +14 -0
- package/dist/esm/server/constant.js.map +1 -1
- package/dist/esm/server/data/getAuthDataFromRequest.js +113 -5
- package/dist/esm/server/data/getAuthDataFromRequest.js.map +1 -1
- package/dist/esm/server/index.js +5 -3
- package/dist/esm/server/index.js.map +1 -1
- package/dist/esm/server/instrumentation.js +28 -0
- package/dist/esm/server/instrumentation.js.map +1 -0
- package/dist/esm/server/{ternSecureEdgeMiddleware.js → ternSecureProxy.js} +16 -5
- package/dist/esm/server/ternSecureProxy.js.map +1 -0
- package/dist/esm/utils/allNextProviderProps.js +1 -0
- package/dist/esm/utils/allNextProviderProps.js.map +1 -1
- package/dist/esm/utils/config.js +1 -0
- package/dist/esm/utils/config.js.map +1 -1
- package/dist/types/app-router/admin/cookieOptionsHelper.d.ts +2 -10
- package/dist/types/app-router/admin/cookieOptionsHelper.d.ts.map +1 -1
- package/dist/types/app-router/admin/request.d.ts.map +1 -1
- package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
- package/dist/types/app-router/admin/types.d.ts +2 -1
- package/dist/types/app-router/admin/types.d.ts.map +1 -1
- package/dist/types/app-router/server/auth.d.ts +5 -1
- package/dist/types/app-router/server/auth.d.ts.map +1 -1
- package/dist/types/boundary/PromiseAuthProvider.d.ts +2 -2
- package/dist/types/boundary/PromiseAuthProvider.d.ts.map +1 -1
- package/dist/types/boundary/PromiseAuthProviderNode.d.ts +14 -0
- package/dist/types/boundary/PromiseAuthProviderNode.d.ts.map +1 -0
- package/dist/types/index.d.ts +1 -1
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/server/constant.d.ts +7 -0
- package/dist/types/server/constant.d.ts.map +1 -1
- package/dist/types/server/data/getAuthDataFromRequest.d.ts +35 -3
- package/dist/types/server/data/getAuthDataFromRequest.d.ts.map +1 -1
- package/dist/types/server/index.d.ts +2 -1
- package/dist/types/server/index.d.ts.map +1 -1
- package/dist/types/server/instrumentation.d.ts +27 -0
- package/dist/types/server/instrumentation.d.ts.map +1 -0
- package/dist/types/server/{ternSecureEdgeMiddleware.d.ts → ternSecureProxy.d.ts} +2 -2
- package/dist/types/server/ternSecureProxy.d.ts.map +1 -0
- package/dist/types/utils/allNextProviderProps.d.ts.map +1 -1
- package/dist/types/utils/config.d.ts.map +1 -1
- package/package.json +8 -9
- package/dist/cjs/server/ternSecureEdgeMiddleware.js.map +0 -1
- package/dist/cjs/utils/admin-init.js +0 -4
- package/dist/cjs/utils/admin-init.js.map +0 -1
- package/dist/cjs/utils/client-init.js +0 -4
- package/dist/cjs/utils/client-init.js.map +0 -1
- package/dist/esm/server/ternSecureEdgeMiddleware.js.map +0 -1
- package/dist/esm/utils/admin-init.js +0 -3
- package/dist/esm/utils/admin-init.js.map +0 -1
- package/dist/esm/utils/client-init.js +0 -3
- package/dist/esm/utils/client-init.js.map +0 -1
- package/dist/types/server/ternSecureEdgeMiddleware.d.ts.map +0 -1
- package/dist/types/utils/admin-init.d.ts +0 -2
- package/dist/types/utils/admin-init.d.ts.map +0 -1
- package/dist/types/utils/client-init.d.ts +0 -2
- package/dist/types/utils/client-init.d.ts.map +0 -1
|
@@ -19,22 +19,28 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
19
19
|
var getAuthDataFromRequest_exports = {};
|
|
20
20
|
__export(getAuthDataFromRequest_exports, {
|
|
21
21
|
authObjectToSerializable: () => authObjectToSerializable,
|
|
22
|
+
authObjectToSerializableJwt: () => authObjectToSerializableJwt,
|
|
22
23
|
getAuthDataFromRequest: () => getAuthDataFromRequest,
|
|
23
|
-
|
|
24
|
+
getAuthDataFromRequestJwt: () => getAuthDataFromRequestJwt,
|
|
25
|
+
getTernSecureAuthData: () => getTernSecureAuthData,
|
|
26
|
+
getTernSecureAuthDataJwt: () => getTernSecureAuthDataJwt
|
|
24
27
|
});
|
|
25
28
|
module.exports = __toCommonJS(getAuthDataFromRequest_exports);
|
|
26
29
|
var import_backend = require("@tern-secure/backend");
|
|
27
30
|
var import_jwt = require("@tern-secure/backend/jwt");
|
|
31
|
+
var import_app = require("firebase/app");
|
|
32
|
+
var import_auth = require("firebase/auth");
|
|
28
33
|
var import_headers_utils = require("../../server/headers-utils");
|
|
29
|
-
|
|
34
|
+
var import_constant = require("../constant");
|
|
35
|
+
const authObjectToSerializableJwt = (obj) => {
|
|
30
36
|
const { require: require2, ...rest } = obj;
|
|
31
37
|
return rest;
|
|
32
38
|
};
|
|
33
|
-
function
|
|
34
|
-
const authObject =
|
|
39
|
+
function getTernSecureAuthDataJwt(req, initialState = {}) {
|
|
40
|
+
const authObject = getAuthDataFromRequestJwt(req);
|
|
35
41
|
return authObjectToSerializable({ ...initialState, ...authObject });
|
|
36
42
|
}
|
|
37
|
-
function
|
|
43
|
+
function getAuthDataFromRequestJwt(req) {
|
|
38
44
|
const authStatus = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthStatus");
|
|
39
45
|
const authToken = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthToken");
|
|
40
46
|
const authSignature = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthSignature");
|
|
@@ -48,10 +54,107 @@ function getAuthDataFromRequest(req) {
|
|
|
48
54
|
}
|
|
49
55
|
return authObject;
|
|
50
56
|
}
|
|
57
|
+
const authObjectToSerializable = (obj) => {
|
|
58
|
+
const { require: require2, ...rest } = obj;
|
|
59
|
+
return rest;
|
|
60
|
+
};
|
|
61
|
+
async function getTernSecureAuthData(req, initialState = {}) {
|
|
62
|
+
const authObject = await getAuthDataFromRequest(req);
|
|
63
|
+
return authObjectToSerializable({ ...initialState, ...authObject });
|
|
64
|
+
}
|
|
65
|
+
async function getAuthDataFromRequest(req) {
|
|
66
|
+
const authStatus = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthStatus");
|
|
67
|
+
const authToken = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthToken");
|
|
68
|
+
if (!authStatus || authStatus !== import_backend.AuthStatus.SignedIn) {
|
|
69
|
+
return {
|
|
70
|
+
...(0, import_backend.signedOutAuthObject)(),
|
|
71
|
+
user: null,
|
|
72
|
+
userId: null
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
const firebaseUser = await authenticateRequest(authToken, req);
|
|
76
|
+
if (!firebaseUser || !firebaseUser.claims) {
|
|
77
|
+
return {
|
|
78
|
+
...(0, import_backend.signedOutAuthObject)(),
|
|
79
|
+
user: null,
|
|
80
|
+
userId: null
|
|
81
|
+
};
|
|
82
|
+
}
|
|
83
|
+
const { user, claims } = firebaseUser;
|
|
84
|
+
const authObject = (0, import_backend.signedInAuthObject)(authToken, claims);
|
|
85
|
+
return {
|
|
86
|
+
...authObject,
|
|
87
|
+
user: user || null
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
const authenticateRequest = async (token, request) => {
|
|
91
|
+
try {
|
|
92
|
+
const origin = new URL(request.url).origin;
|
|
93
|
+
const requestHeaders = new Headers(request.headers);
|
|
94
|
+
requestHeaders.set("referer", origin);
|
|
95
|
+
requestHeaders.set("Referer", origin);
|
|
96
|
+
const mockRequest = {
|
|
97
|
+
headers: requestHeaders
|
|
98
|
+
};
|
|
99
|
+
const config = {
|
|
100
|
+
apiKey: import_constant.FIREBASE_API_KEY,
|
|
101
|
+
authDomain: import_constant.FIREBASE_AUTH_DOMAIN,
|
|
102
|
+
projectId: import_constant.FIREBASE_PROJECT_ID,
|
|
103
|
+
storageBucket: import_constant.FIREBASE_STORAGE_BUCKET,
|
|
104
|
+
messagingSenderId: import_constant.FIREBASE_MESSAGING_SENDER_ID,
|
|
105
|
+
appId: import_constant.FIREBASE_APP_ID,
|
|
106
|
+
measurementId: import_constant.FIREBASE_MEASUREMENT_ID
|
|
107
|
+
};
|
|
108
|
+
const firebaseServerApp = (0, import_app.initializeServerApp)(
|
|
109
|
+
config,
|
|
110
|
+
{
|
|
111
|
+
authIdToken: token,
|
|
112
|
+
releaseOnDeref: mockRequest
|
|
113
|
+
}
|
|
114
|
+
);
|
|
115
|
+
const auth = (0, import_auth.getAuth)(firebaseServerApp);
|
|
116
|
+
await auth.authStateReady();
|
|
117
|
+
if (auth.currentUser) {
|
|
118
|
+
const idTokenResult = await auth.currentUser.getIdTokenResult();
|
|
119
|
+
const claims = idTokenResult.claims;
|
|
120
|
+
const userObj = {
|
|
121
|
+
uid: auth.currentUser.uid,
|
|
122
|
+
email: auth.currentUser.email,
|
|
123
|
+
emailVerified: auth.currentUser.emailVerified,
|
|
124
|
+
displayName: auth.currentUser.displayName,
|
|
125
|
+
isAnonymous: auth.currentUser.isAnonymous,
|
|
126
|
+
phoneNumber: auth.currentUser.phoneNumber,
|
|
127
|
+
photoURL: auth.currentUser.photoURL,
|
|
128
|
+
providerId: auth.currentUser.providerId,
|
|
129
|
+
tenantId: auth.currentUser.tenantId,
|
|
130
|
+
refreshToken: auth.currentUser.refreshToken,
|
|
131
|
+
metadata: {
|
|
132
|
+
creationTime: auth.currentUser.metadata.creationTime,
|
|
133
|
+
lastSignInTime: auth.currentUser.metadata.lastSignInTime
|
|
134
|
+
},
|
|
135
|
+
providerData: auth.currentUser.providerData.map((provider) => ({
|
|
136
|
+
uid: provider.uid,
|
|
137
|
+
displayName: provider.displayName,
|
|
138
|
+
email: provider.email,
|
|
139
|
+
phoneNumber: provider.phoneNumber,
|
|
140
|
+
photoURL: provider.photoURL,
|
|
141
|
+
providerId: provider.providerId
|
|
142
|
+
}))
|
|
143
|
+
};
|
|
144
|
+
return { user: userObj, claims };
|
|
145
|
+
}
|
|
146
|
+
return null;
|
|
147
|
+
} catch (error) {
|
|
148
|
+
return null;
|
|
149
|
+
}
|
|
150
|
+
};
|
|
51
151
|
// Annotate the CommonJS export names for ESM import in node:
|
|
52
152
|
0 && (module.exports = {
|
|
53
153
|
authObjectToSerializable,
|
|
154
|
+
authObjectToSerializableJwt,
|
|
54
155
|
getAuthDataFromRequest,
|
|
55
|
-
|
|
156
|
+
getAuthDataFromRequestJwt,
|
|
157
|
+
getTernSecureAuthData,
|
|
158
|
+
getTernSecureAuthDataJwt
|
|
56
159
|
});
|
|
57
160
|
//# sourceMappingURL=getAuthDataFromRequest.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject } from '@tern-secure/backend';\nimport { AuthStatus, signedInAuthObject, signedOutAuthObject } from '@tern-secure/backend';\nimport { ternDecodeJwt } from '@tern-secure/backend/jwt';\n\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\nimport type { RequestLike } from '../../server/types';\n\n\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const
|
|
1
|
+
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject } from '@tern-secure/backend';\nimport { AuthStatus, signedInAuthObject, signedOutAuthObject } from '@tern-secure/backend';\nimport { ternDecodeJwt } from '@tern-secure/backend/jwt';\nimport type { ParsedToken, TernSecureConfig, TernSecureUser } from '@tern-secure/types';\nimport type { FirebaseServerApp } from \"firebase/app\";\nimport { initializeServerApp } from \"firebase/app\";\nimport type { Auth } from \"firebase/auth\";\nimport { getAuth } from \"firebase/auth\";\n\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\nimport type { RequestLike } from '../../server/types';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MEASUREMENT_ID,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET\n} from \"../constant\";\n\n\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const authObjectToSerializableJwt = <T extends Record<string, unknown>>(obj: T): T => {\n // remove any non-serializable props from the returned object\n\n const { require, ...rest } = obj as unknown as AuthObject;\n return rest as unknown as T;\n};\n\nexport function getTernSecureAuthDataJwt(req: RequestLike, initialState = {}) {\n const authObject = getAuthDataFromRequestJwt(req);\n return authObjectToSerializable({ ...initialState, ...authObject });\n}\n\nexport function getAuthDataFromRequestJwt(req: RequestLike): AuthObject {\n const authStatus = getAuthKeyFromRequest(req, 'AuthStatus');\n const authToken = getAuthKeyFromRequest(req, 'AuthToken');\n const authSignature = getAuthKeyFromRequest(req, 'AuthSignature');\n const authReason = getAuthKeyFromRequest(req, 'AuthReason');\n\n let authObject;\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n authObject = signedOutAuthObject();\n } else {\n const jwt = ternDecodeJwt(authToken as string);\n\n authObject = signedInAuthObject(jwt.raw.text, jwt.payload);\n }\n return authObject;\n}\n\n\nexport type SerializableTernSecureUser = Omit<TernSecureUser, 'delete' | 'getIdToken' | 'getIdTokenResult' | 'reload' | 'toJSON'>;\n\nexport type Aobj = {\n user: SerializableTernSecureUser | null\n userId: string | null\n}\n\n\n// Serializable auth object type\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const authObjectToSerializable = <T extends Record<string, unknown>>(\n obj: T\n): T => {\n // remove any non-serializable props from the returned object\n\n const { require, ...rest } = obj as unknown as AuthObject;\n return rest as unknown as T;\n};\n\nexport async function getTernSecureAuthData(\n req: RequestLike,\n initialState = {}\n) {\n const authObject = await getAuthDataFromRequest(req);\n return authObjectToSerializable({ ...initialState, ...authObject });\n}\n\nexport async function getAuthDataFromRequest(req: RequestLike): Promise<AuthObject & Aobj> {\n const authStatus = getAuthKeyFromRequest(req, \"AuthStatus\");\n const authToken = getAuthKeyFromRequest(req, \"AuthToken\");\n\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n return {\n ...signedOutAuthObject(),\n user: null,\n userId: null\n }\n }\n\n const firebaseUser = await authenticateRequest(authToken as string, req as any);\n if (!firebaseUser || !firebaseUser.claims) {\n return {\n ...signedOutAuthObject(),\n user: null,\n userId: null\n }\n }\n const { user, claims } = firebaseUser;\n const authObject = signedInAuthObject(authToken as string, claims as any);\n return {\n ...authObject,\n user: user || null,\n };\n}\n\nconst authenticateRequest = async (\n token: string,\n request: Request\n): Promise<{ user: SerializableTernSecureUser; claims: ParsedToken } | null> => {\n try {\n const origin = new URL(request.url).origin;\n\n const requestHeaders = new Headers(request.headers);\n requestHeaders.set(\"referer\", origin);\n requestHeaders.set(\"Referer\", origin);\n\n const mockRequest = {\n headers: requestHeaders,\n };\n\n const config: TernSecureConfig = {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n measurementId: FIREBASE_MEASUREMENT_ID,\n };\n\n const firebaseServerApp: FirebaseServerApp = initializeServerApp(\n config,\n {\n authIdToken: token,\n releaseOnDeref: mockRequest,\n }\n );\n\n const auth: Auth = getAuth(firebaseServerApp);\n await auth.authStateReady();\n\n if (auth.currentUser) {\n const idTokenResult = await auth.currentUser.getIdTokenResult();\n const claims = idTokenResult.claims;\n\n const userObj: SerializableTernSecureUser = {\n uid: auth.currentUser.uid,\n email: auth.currentUser.email,\n emailVerified: auth.currentUser.emailVerified,\n displayName: auth.currentUser.displayName,\n isAnonymous: auth.currentUser.isAnonymous,\n phoneNumber: auth.currentUser.phoneNumber,\n photoURL: auth.currentUser.photoURL,\n providerId: auth.currentUser.providerId,\n tenantId: auth.currentUser.tenantId,\n refreshToken: auth.currentUser.refreshToken,\n metadata: {\n creationTime: auth.currentUser.metadata.creationTime,\n lastSignInTime: auth.currentUser.metadata.lastSignInTime,\n },\n providerData: auth.currentUser.providerData.map((provider) => ({\n uid: provider.uid,\n displayName: provider.displayName,\n email: provider.email,\n phoneNumber: provider.phoneNumber,\n photoURL: provider.photoURL,\n providerId: provider.providerId,\n })),\n };\n\n return { user: userObj, claims };\n }\n\n return null;\n } catch (error) {\n return null;\n }\n};\n\nexport { TernSecureUser }\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAAoE;AACpE,iBAA8B;AAG9B,iBAAoC;AAEpC,kBAAwB;AAExB,2BAAsC;AAEtC,sBAQO;AAWA,MAAM,8BAA8B,CAAoC,QAAc;AAG3F,QAAM,EAAE,SAAAA,UAAS,GAAG,KAAK,IAAI;AAC7B,SAAO;AACT;AAEO,SAAS,yBAAyB,KAAkB,eAAe,CAAC,GAAG;AAC5E,QAAM,aAAa,0BAA0B,GAAG;AAChD,SAAO,yBAAyB,EAAE,GAAG,cAAc,GAAG,WAAW,CAAC;AACpE;AAEO,SAAS,0BAA0B,KAA8B;AACtE,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAC1D,QAAM,gBAAY,4CAAsB,KAAK,WAAW;AACxD,QAAM,oBAAgB,4CAAsB,KAAK,eAAe;AAChE,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAE1D,MAAI;AACJ,MAAI,CAAC,cAAc,eAAe,0BAAW,UAAU;AACrD,qBAAa,oCAAoB;AAAA,EACnC,OAAO;AACL,UAAM,UAAM,0BAAc,SAAmB;AAE7C,qBAAa,mCAAmB,IAAI,IAAI,MAAM,IAAI,OAAO;AAAA,EAC3D;AACA,SAAO;AACT;AAoBO,MAAM,2BAA2B,CACtC,QACM;AAGN,QAAM,EAAE,SAAAA,UAAS,GAAG,KAAK,IAAI;AAC7B,SAAO;AACT;AAEA,eAAsB,sBACpB,KACA,eAAe,CAAC,GAChB;AACA,QAAM,aAAa,MAAM,uBAAuB,GAAG;AACnD,SAAO,yBAAyB,EAAE,GAAG,cAAc,GAAG,WAAW,CAAC;AACpE;AAEA,eAAsB,uBAAuB,KAA8C;AACzF,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAC1D,QAAM,gBAAY,4CAAsB,KAAK,WAAW;AAExD,MAAI,CAAC,cAAc,eAAe,0BAAW,UAAU;AACrD,WAAO;AAAA,MACL,OAAG,oCAAoB;AAAA,MACvB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,QAAM,eAAe,MAAM,oBAAoB,WAAqB,GAAU;AAC9E,MAAI,CAAC,gBAAgB,CAAC,aAAa,QAAQ;AACzC,WAAO;AAAA,MACL,OAAG,oCAAoB;AAAA,MACvB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,EACF;AACA,QAAM,EAAE,MAAM,OAAO,IAAI;AACzB,QAAM,iBAAa,mCAAmB,WAAqB,MAAa;AACxE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,MAAM,QAAQ;AAAA,EAChB;AACF;AAEA,MAAM,sBAAsB,OAC1B,OACA,YAC8E;AAC9E,MAAI;AACF,UAAM,SAAS,IAAI,IAAI,QAAQ,GAAG,EAAE;AAEpC,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAClD,mBAAe,IAAI,WAAW,MAAM;AACpC,mBAAe,IAAI,WAAW,MAAM;AAEpC,UAAM,cAAc;AAAA,MAClB,SAAS;AAAA,IACX;AAEA,UAAM,SAA2B;AAAA,MAC/B,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,MACf,mBAAmB;AAAA,MACnB,OAAO;AAAA,MACP,eAAe;AAAA,IACjB;AAEA,UAAM,wBAAuC;AAAA,MAC3C;AAAA,MACA;AAAA,QACE,aAAa;AAAA,QACb,gBAAgB;AAAA,MAClB;AAAA,IACF;AAEA,UAAM,WAAa,qBAAQ,iBAAiB;AAC5C,UAAM,KAAK,eAAe;AAE1B,QAAI,KAAK,aAAa;AACpB,YAAM,gBAAgB,MAAM,KAAK,YAAY,iBAAiB;AAC9D,YAAM,SAAS,cAAc;AAE7B,YAAM,UAAsC;AAAA,QAC1C,KAAK,KAAK,YAAY;AAAA,QACtB,OAAO,KAAK,YAAY;AAAA,QACxB,eAAe,KAAK,YAAY;AAAA,QAChC,aAAa,KAAK,YAAY;AAAA,QAC9B,aAAa,KAAK,YAAY;AAAA,QAC9B,aAAa,KAAK,YAAY;AAAA,QAC9B,UAAU,KAAK,YAAY;AAAA,QAC3B,YAAY,KAAK,YAAY;AAAA,QAC7B,UAAU,KAAK,YAAY;AAAA,QAC3B,cAAc,KAAK,YAAY;AAAA,QAC/B,UAAU;AAAA,UACR,cAAc,KAAK,YAAY,SAAS;AAAA,UACxC,gBAAgB,KAAK,YAAY,SAAS;AAAA,QAC5C;AAAA,QACA,cAAc,KAAK,YAAY,aAAa,IAAI,CAAC,cAAc;AAAA,UAC7D,KAAK,SAAS;AAAA,UACd,aAAa,SAAS;AAAA,UACtB,OAAO,SAAS;AAAA,UAChB,aAAa,SAAS;AAAA,UACtB,UAAU,SAAS;AAAA,UACnB,YAAY,SAAS;AAAA,QACvB,EAAE;AAAA,MACJ;AAEA,aAAO,EAAE,MAAM,SAAS,OAAO;AAAA,IACjC;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;","names":["require"]}
|
package/dist/cjs/server/index.js
CHANGED
|
@@ -22,10 +22,12 @@ __export(server_exports, {
|
|
|
22
22
|
auth: () => import_auth.auth,
|
|
23
23
|
createRouteMatcher: () => import_routeMatcher.createRouteMatcher,
|
|
24
24
|
ternSecureBackendClient: () => import_ternsecureClient.ternSecureBackendClient,
|
|
25
|
-
|
|
25
|
+
ternSecureInstrumentation: () => import_instrumentation.ternSecureInstrumentation,
|
|
26
|
+
ternSecureProxy: () => import_ternSecureProxy.ternSecureProxy
|
|
26
27
|
});
|
|
27
28
|
module.exports = __toCommonJS(server_exports);
|
|
28
|
-
var
|
|
29
|
+
var import_ternSecureProxy = require("./ternSecureProxy");
|
|
30
|
+
var import_instrumentation = require("./instrumentation");
|
|
29
31
|
var import_routeMatcher = require("./routeMatcher");
|
|
30
32
|
var import_ternsecureClient = require("./ternsecureClient");
|
|
31
33
|
var import_auth = require("../app-router/server/auth");
|
|
@@ -36,6 +38,7 @@ var import_NextCookieAdapter = require("../utils/NextCookieAdapter");
|
|
|
36
38
|
auth,
|
|
37
39
|
createRouteMatcher,
|
|
38
40
|
ternSecureBackendClient,
|
|
39
|
-
|
|
41
|
+
ternSecureInstrumentation,
|
|
42
|
+
ternSecureProxy
|
|
40
43
|
});
|
|
41
44
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export {\r\n
|
|
1
|
+
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export {\r\n ternSecureProxy,\r\n} from \"./ternSecureProxy\";\r\nexport { ternSecureInstrumentation } from \"./instrumentation\";\r\nexport { createRouteMatcher } from \"./routeMatcher\";\r\nexport { ternSecureBackendClient } from \"./ternsecureClient\";\r\nexport {\r\n auth\r\n} from \"../app-router/server/auth\";\r\nexport type { AuthResult } from \"../app-router/server/auth\";\r\nexport type { BaseUser, SessionResult } from \"./types\";\r\nexport { NextCookieStore } from \"../utils/NextCookieAdapter\";\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,6BAEO;AACP,6BAA0C;AAC1C,0BAAmC;AACnC,8BAAwC;AACxC,kBAEO;AAGP,+BAAgC;","names":[]}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
var instrumentation_exports = {};
|
|
20
|
+
__export(instrumentation_exports, {
|
|
21
|
+
ternSecureInstrumentation: () => ternSecureInstrumentation
|
|
22
|
+
});
|
|
23
|
+
module.exports = __toCommonJS(instrumentation_exports);
|
|
24
|
+
function ternSecureInstrumentation(appUrl) {
|
|
25
|
+
const resolvedAppUrl = appUrl || process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN;
|
|
26
|
+
if (!resolvedAppUrl) {
|
|
27
|
+
throw new Error(
|
|
28
|
+
"ternSecureInstrumentation: appUrl must be provided either as a parameter or via NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN environment variable."
|
|
29
|
+
);
|
|
30
|
+
}
|
|
31
|
+
const originalFetch = global.fetch;
|
|
32
|
+
global.fetch = async (input, init) => {
|
|
33
|
+
const url = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
|
|
34
|
+
const urlObj = new URL(url);
|
|
35
|
+
if (urlObj.hostname === "identitytoolkit.googleapis.com") {
|
|
36
|
+
const modifiedInit = {
|
|
37
|
+
...init,
|
|
38
|
+
headers: {
|
|
39
|
+
...init?.headers || {},
|
|
40
|
+
Referer: resolvedAppUrl
|
|
41
|
+
}
|
|
42
|
+
};
|
|
43
|
+
return originalFetch(input, modifiedInit);
|
|
44
|
+
}
|
|
45
|
+
return originalFetch(input, init);
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
49
|
+
0 && (module.exports = {
|
|
50
|
+
ternSecureInstrumentation
|
|
51
|
+
});
|
|
52
|
+
//# sourceMappingURL=instrumentation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/server/instrumentation.ts"],"sourcesContent":["/**\n * Patches global.fetch to add Referer header for Firebase Identity Toolkit requests.\n * This is required for Firebase Auth to work properly on the server side.\n * \n * @param appUrl - Optional URL of your application. If not provided, uses NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN env variable.\n * You must provide either the parameter or set the environment variable.\n * \n * @throws {Error} If no appUrl is provided and NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN is not set.\n * \n * @example\n * ```typescript\n * // In your app's instrumentation.ts\n * import { ternSecureInstrumentation } from '@tern-secure/nextjs/server';\n * \n * export async function register() {\n * if (process.env.NEXT_RUNTIME === 'nodejs') {\n * // Option 1: Use environment variable\n * ternSecureInstrumentation();\n * \n * // Option 2: Provide URL explicitly\n * ternSecureInstrumentation('http://localhost:3000');\n * }\n * }\n * ```\n */\nexport function ternSecureInstrumentation(appUrl?: string): void {\n const resolvedAppUrl = appUrl || process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN;\n\n if (!resolvedAppUrl) {\n throw new Error(\n 'ternSecureInstrumentation: appUrl must be provided either as a parameter or via NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN environment variable.'\n );\n }\n\n const originalFetch = global.fetch;\n\n global.fetch = async (input: RequestInfo | URL, init?: RequestInit) => {\n const url =\n typeof input === \"string\"\n ? input\n : input instanceof URL\n ? input.href\n : input.url;\n const urlObj = new URL(url);\n\n if (urlObj.hostname === \"identitytoolkit.googleapis.com\") {\n const modifiedInit = {\n ...init,\n headers: {\n ...(init?.headers || {}),\n Referer: resolvedAppUrl,\n },\n };\n return originalFetch(input, modifiedInit);\n }\n return originalFetch(input, init);\n };\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAyBO,SAAS,0BAA0B,QAAuB;AAC7D,QAAM,iBAAiB,UAAU,QAAQ,IAAI;AAE7C,MAAI,CAAC,gBAAgB;AACjB,UAAM,IAAI;AAAA,MACN;AAAA,IACJ;AAAA,EACJ;AAEA,QAAM,gBAAgB,OAAO;AAE7B,SAAO,QAAQ,OAAO,OAA0B,SAAuB;AACnE,UAAM,MACF,OAAO,UAAU,WACX,QACA,iBAAiB,MACb,MAAM,OACN,MAAM;AACpB,UAAM,SAAS,IAAI,IAAI,GAAG;AAE1B,QAAI,OAAO,aAAa,kCAAkC;AACtD,YAAM,eAAe;AAAA,QACjB,GAAG;AAAA,QACH,SAAS;AAAA,UACL,GAAI,MAAM,WAAW,CAAC;AAAA,UACtB,SAAS;AAAA,QACb;AAAA,MACJ;AACA,aAAO,cAAc,OAAO,YAAY;AAAA,IAC5C;AACA,WAAO,cAAc,OAAO,IAAI;AAAA,EACpC;AACJ;","names":[]}
|
|
@@ -16,12 +16,12 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
16
16
|
return to;
|
|
17
17
|
};
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
-
var
|
|
20
|
-
__export(
|
|
19
|
+
var ternSecureProxy_exports = {};
|
|
20
|
+
__export(ternSecureProxy_exports, {
|
|
21
21
|
redirectAdapter: () => redirectAdapter,
|
|
22
|
-
|
|
22
|
+
ternSecureProxy: () => ternSecureProxy
|
|
23
23
|
});
|
|
24
|
-
module.exports = __toCommonJS(
|
|
24
|
+
module.exports = __toCommonJS(ternSecureProxy_exports);
|
|
25
25
|
var import_backend = require("@tern-secure/backend");
|
|
26
26
|
var import_navigation = require("next/navigation");
|
|
27
27
|
var import_server = require("next/server");
|
|
@@ -32,7 +32,7 @@ var import_nextErrors = require("./nextErrors");
|
|
|
32
32
|
var import_protect = require("./protect");
|
|
33
33
|
var import_ternsecureClient = require("./ternsecureClient");
|
|
34
34
|
var import_utils = require("./utils");
|
|
35
|
-
const
|
|
35
|
+
const ternSecureProxy = (...args) => {
|
|
36
36
|
const [request, event] = parseRequestAndEvent(args);
|
|
37
37
|
const [handler, params] = parseHandlerAndOptions(args);
|
|
38
38
|
const middleware = () => {
|
|
@@ -40,9 +40,11 @@ const ternSecureMiddleware = (...args) => {
|
|
|
40
40
|
const resolvedParams = typeof params === "function" ? await params(request2) : params;
|
|
41
41
|
const signInUrl = resolvedParams.signInUrl || import_constant.SIGN_IN_URL;
|
|
42
42
|
const signUpUrl = resolvedParams.signUpUrl || import_constant.SIGN_UP_URL;
|
|
43
|
+
const apiKey = resolvedParams.apiKey || import_constant.FIREBASE_API_KEY;
|
|
43
44
|
const options = {
|
|
44
45
|
signInUrl,
|
|
45
46
|
signUpUrl,
|
|
47
|
+
apiKey,
|
|
46
48
|
...resolvedParams
|
|
47
49
|
};
|
|
48
50
|
const reqBackendClient = await (0, import_ternsecureClient.ternSecureBackendClient)();
|
|
@@ -51,6 +53,15 @@ const ternSecureMiddleware = (...args) => {
|
|
|
51
53
|
ternSecureRequest,
|
|
52
54
|
options
|
|
53
55
|
);
|
|
56
|
+
const locationHeader = requestStateClient.headers.get(import_backend.constants.Headers.Location);
|
|
57
|
+
if (locationHeader) {
|
|
58
|
+
return new Response(null, {
|
|
59
|
+
status: 307,
|
|
60
|
+
headers: requestStateClient.headers
|
|
61
|
+
});
|
|
62
|
+
} else if (requestStateClient.status === import_backend.AuthStatus.Handshake) {
|
|
63
|
+
throw new Error("TernSecure: handshake status without redirect is not supported.");
|
|
64
|
+
}
|
|
54
65
|
const authObjectClient = requestStateClient.auth();
|
|
55
66
|
const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);
|
|
56
67
|
const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);
|
|
@@ -166,6 +177,6 @@ const handleControlError = (error, ternSecureRequest, nextrequest, requestState)
|
|
|
166
177
|
// Annotate the CommonJS export names for ESM import in node:
|
|
167
178
|
0 && (module.exports = {
|
|
168
179
|
redirectAdapter,
|
|
169
|
-
|
|
180
|
+
ternSecureProxy
|
|
170
181
|
});
|
|
171
|
-
//# sourceMappingURL=
|
|
182
|
+
//# sourceMappingURL=ternSecureProxy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/server/ternSecureProxy.ts"],"sourcesContent":["import type {\r\n AuthenticateRequestOptions,\r\n AuthObject,\r\n RedirectFun,\r\n RequestState,\r\n TernSecureRequest,\r\n} from '@tern-secure/backend';\r\nimport { AuthStatus, constants, createRedirect, createTernSecureRequest} from '@tern-secure/backend';\r\nimport { notFound as nextjsNotFound } from 'next/navigation';\r\nimport type { NextMiddleware, NextRequest } from 'next/server';\r\nimport { NextResponse } from 'next/server';\r\n\r\nimport { isRedirect, setHeader } from '../utils/response';\r\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\r\nimport {FIREBASE_API_KEY, SIGN_IN_URL, SIGN_UP_URL } from './constant';\r\nimport {\r\n isNextjsNotFoundError,\r\n isNextjsRedirectError,\r\n isRedirectToSignInError,\r\n isRedirectToSignUpError,\r\n nextjsRedirectError,\r\n redirectToSignInError,\r\n redirectToSignUpError,\r\n} from './nextErrors';\r\nimport { type AuthProtect, createProtect } from './protect';\r\nimport { ternSecureBackendClient } from './ternsecureClient';\r\nimport type {\r\n NextMiddlewareEvtParam,\r\n NextMiddlewareRequestParam,\r\n NextMiddlewareReturn,\r\n} from './types';\r\nimport { decorateRequest } from './utils';\r\n\r\nexport type MiddlewareAuthObject = AuthObject & {\r\n redirectToSignIn: RedirectFun<Response>;\r\n redirectToSignUp: RedirectFun<Response>;\r\n};\r\n\r\nexport interface MiddlewareAuth {\r\n (): Promise<MiddlewareAuthObject>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\ntype MiddlewareHandler = (\r\n auth: MiddlewareAuth,\r\n request: NextMiddlewareRequestParam,\r\n event: NextMiddlewareEvtParam,\r\n) => NextMiddlewareReturn;\r\n\r\nexport interface MiddlewareOptions extends AuthenticateRequestOptions {\r\n debug?: boolean;\r\n}\r\ntype MiddlewareOptionsCallback = (\r\n req: NextRequest,\r\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\r\n\r\ninterface TernSecureMiddleware {\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware(options);\r\n */\r\n (options?: MiddlewareOptions): NextMiddleware;\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware;\r\n */\r\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\r\n}\r\n\r\nexport const ternSecureProxy= ((\r\n ...args: unknown[]\r\n): NextMiddleware | NextMiddlewareReturn => {\r\n const [request, event] = parseRequestAndEvent(args);\r\n const [handler, params] = parseHandlerAndOptions(args);\r\n\r\n const middleware = () => {\r\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\r\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\r\n\r\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\r\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\r\n const apiKey = resolvedParams.apiKey || FIREBASE_API_KEY;\r\n\r\n const options = {\r\n signInUrl,\r\n signUpUrl,\r\n apiKey,\r\n ...resolvedParams,\r\n };\r\n\r\n const reqBackendClient = await ternSecureBackendClient();\r\n\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n const requestStateClient = await reqBackendClient.authenticateRequest(\r\n ternSecureRequest,\r\n options,\r\n );\r\n\r\n const locationHeader = requestStateClient.headers.get(constants.Headers.Location);\r\n if (locationHeader) {\r\n return new Response(null, {\r\n status: 307,\r\n headers: requestStateClient.headers,\r\n });\r\n } else if (requestStateClient.status === AuthStatus.Handshake) {\r\n throw new Error('TernSecure: handshake status without redirect is not supported.');\r\n }\r\n\r\n const authObjectClient = requestStateClient.auth();\r\n\r\n const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const protect = await createMiddlewareProtect(\r\n ternSecureRequest,\r\n authObjectClient,\r\n redirectToSignIn,\r\n );\r\n\r\n const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\r\n redirectToSignIn,\r\n redirectToSignUp,\r\n });\r\n\r\n const authHandler = () => Promise.resolve(authObj);\r\n authHandler.protect = protect;\r\n\r\n let handlerResult: Response = NextResponse.next();\r\n\r\n try {\r\n const userHandlerResult = await handler?.(authHandler, request, event);\r\n handlerResult = userHandlerResult || handlerResult;\r\n } catch (error: any) {\r\n handlerResult = handleControlError(error, ternSecureRequest, request, requestStateClient);\r\n }\r\n\r\n if (requestStateClient.headers) {\r\n requestStateClient.headers.forEach((value, key) => {\r\n handlerResult.headers.append(key, value);\r\n });\r\n }\r\n\r\n if (isRedirect(handlerResult)) {\r\n return serverRedirectWithAuth(ternSecureRequest, handlerResult);\r\n }\r\n\r\n decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\r\n return handlerResult;\r\n };\r\n\r\n const nextMiddleware: NextMiddleware = async (request, event) => {\r\n return withAuthNextMiddleware(request, event);\r\n };\r\n\r\n if (request && event) {\r\n return nextMiddleware(request, event);\r\n }\r\n\r\n return nextMiddleware;\r\n };\r\n return middleware();\r\n}) as TernSecureMiddleware;\r\n\r\nconst parseRequestAndEvent = (args: unknown[]) => {\r\n return [\r\n args[0] instanceof Request ? args[0] : undefined,\r\n args[0] instanceof Request ? args[1] : undefined,\r\n ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\r\n};\r\n\r\nconst parseHandlerAndOptions = (args: unknown[]) => {\r\n return [\r\n typeof args[0] === 'function' ? args[0] : undefined,\r\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\r\n ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\r\n};\r\n\r\n/**\r\n * Create middleware redirect functions\r\n */\r\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\r\n const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignInError(url, opts.returnBackUrl);\r\n };\r\n\r\n const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignUpError(url, opts.returnBackUrl);\r\n };\r\n\r\n return { redirectToSignIn, redirectToSignUp };\r\n};\r\n\r\nconst createMiddlewareProtect = (\r\n ternSecureRequest: TernSecureRequest,\r\n authObject: AuthObject,\r\n redirectToSignIn: RedirectFun<Response>,\r\n) => {\r\n return (async (params: any, options: any) => {\r\n const notFound = () => nextjsNotFound();\r\n\r\n const redirect = (url: string) =>\r\n nextjsRedirectError(url, {\r\n redirectUrl: url,\r\n });\r\n\r\n return createProtect({\r\n request: ternSecureRequest,\r\n redirect,\r\n notFound,\r\n authObject,\r\n redirectToSignIn,\r\n })(params, options);\r\n }) as unknown as Promise<AuthProtect>;\r\n};\r\n\r\nexport const redirectAdapter = (url: string | URL) => {\r\n return NextResponse.redirect(url, {\r\n headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\r\n });\r\n};\r\n\r\n/**\r\n * Handle control flow errors in middleware\r\n */\r\nconst handleControlError = (\r\n error: any,\r\n ternSecureRequest: TernSecureRequest,\r\n nextrequest: NextRequest,\r\n requestState: RequestState,\r\n): Response => {\r\n if (isNextjsNotFoundError(error)) {\r\n return setHeader(\r\n NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\r\n constants.Headers.AuthReason,\r\n 'protect-rewrite',\r\n );\r\n }\r\n\r\n const isRedirectToSignIn = isRedirectToSignInError(error);\r\n const isRedirectToSignUp = isRedirectToSignUpError(error);\r\n\r\n if (isRedirectToSignIn || isRedirectToSignUp) {\r\n const redirect = createRedirect({\r\n redirectAdapter,\r\n baseUrl: ternSecureRequest.ternUrl,\r\n signInUrl: requestState.signInUrl,\r\n signUpUrl: requestState.signUpUrl,\r\n });\r\n\r\n const { returnBackUrl } = error;\r\n\r\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\r\n returnBackUrl,\r\n });\r\n }\r\n\r\n if (isNextjsRedirectError(error)) {\r\n return redirectAdapter(error.redirectUrl);\r\n }\r\n\r\n throw error;\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,qBAA8E;AAC9E,wBAA2C;AAE3C,oBAA6B;AAE7B,sBAAsC;AACtC,gCAAuC;AACvC,sBAA0D;AAC1D,wBAQO;AACP,qBAAgD;AAChD,8BAAwC;AAMxC,mBAAgC;AAmDzB,MAAM,kBAAkB,IAC1B,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAE9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,SAAS,eAAe,UAAU;AAExC,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,mBAAmB,UAAM,iDAAwB;AAEvD,YAAM,wBAAoB,wCAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,iBAAiB,mBAAmB,QAAQ,IAAI,yBAAU,QAAQ,QAAQ;AAChF,UAAI,gBAAgB;AAClB,eAAO,IAAI,SAAS,MAAM;AAAA,UACxB,QAAQ;AAAA,UACR,SAAS,mBAAmB;AAAA,QAC9B,CAAC;AAAA,MACH,WAAW,mBAAmB,WAAW,0BAAW,WAAW;AAC7D,cAAM,IAAI,MAAM,iEAAiE;AAAA,MACnF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,2BAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,UAAS,kBAAkB;AAAA,MAC1F;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,cAAI,4BAAW,aAAa,GAAG;AAC7B,mBAAO,kDAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,wCAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAKA,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,UAAM,kBAAAC,UAAe;AAEtC,UAAM,WAAW,CAAC,YAChB,uCAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,eAAO,8BAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,2BAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,yBAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,aACA,iBACa;AACb,UAAI,yCAAsB,KAAK,GAAG;AAChC,eAAO;AAAA,MACL,2BAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,yBAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,yBAAqB,2CAAwB,KAAK;AACxD,QAAM,yBAAqB,2CAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,eAAW,+BAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW,aAAa;AAAA,MACxB,WAAW,aAAa;AAAA,IAC1B,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,UAAI,yCAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;","names":["request","event","nextjsNotFound"]}
|
|
@@ -60,6 +60,7 @@ const allNextProviderPropsWithEnv = (nextProps) => {
|
|
|
60
60
|
const ternSecureConfig = {
|
|
61
61
|
apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || "",
|
|
62
62
|
authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || "",
|
|
63
|
+
databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL || "",
|
|
63
64
|
appName: process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || "",
|
|
64
65
|
projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || "",
|
|
65
66
|
storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || "",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/utils/allNextProviderProps.ts"],"sourcesContent":["import type { \n IsoTernSecureAuthOptions,\n TernSecureProviderProps} from \"@tern-secure/react\";\n\nimport type { NextProviderProcessedProps, TernSecureNextProps } from \"../types\";\n\n\nexport const allNextProviderPropsWithEnv = (\n nextProps: Omit<TernSecureNextProps, 'children'>\n): any => {\n const {\n signInUrl,\n signUpUrl,\n signInForceRedirectUrl,\n signUpForceRedirectUrl,\n signInFallbackRedirectUrl,\n signUpFallbackRedirectUrl,\n //apiKey: propsApiKey,\n apiUrl: propsApiUrl,\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n persistence: propsPersistence,\n ...baseProps \n } = nextProps;\n\n const envConfig = {\n apiKey: process.env.NEXT_PUBLIC_TERN_API_KEY,\n apiUrl: process.env.TERNSECURE_API_URL || '',\n projectId: process.env.NEXT_PUBLIC_TERN_PROJECT_ID,\n customDomain: process.env.NEXT_PUBLIC_TERN_CUSTOM_DOMAIN,\n proxyUrl: process.env.NEXT_PUBLIC_TERN_PROXY_URL,\n environment: process.env.NEXT_PUBLIC_TERN_ENVIRONMENT,\n signInUrl: process.env.NEXT_PUBLIC_SIGN_IN_URL || '',\n signUpUrl: process.env.NEXT_PUBLIC_SIGN_UP_URL || '',\n signInForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FORCE_REDIRECT_URL || '',\n signUpForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FORCE_REDIRECT_URL || '',\n signInFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FALLBACK_REDIRECT_URL || '',\n signUpFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FALLBACK_REDIRECT_URL || '',\n persistence: process.env.NEXT_PUBLIC_TERN_PERSISTENCE as 'local' | 'session' | 'browserCookie' | 'none',\n useEmulator: process.env.NEXT_PUBLIC_USE_FIREBASE_EMULATOR,\n projectIdAdmin: process.env.FIREBASE_PROJECT_ID,\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL,\n privateKey: process.env.FIREBASE_PRIVATE_KEY,\n };\n\n const ternSecureConfig = {\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\n appName: process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || '',\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENTID,\n tenantId: process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || '',\n };\n\n // Merge config values: props take precedence over environment variables\n //const finalApiKey = propsApiKey ?? envConfig.apiKey;\n const finalApiUrl = propsApiUrl ?? envConfig.apiUrl;\n const finalSignInUrl = signInUrl ?? envConfig.signInUrl;\n const finalSignUpUrl = signUpUrl ?? envConfig.signUpUrl;\n const finalSignInForceRedirectUrl = signInForceRedirectUrl ?? envConfig.signInForceRedirectUrl;\n const finalSignUpForceRedirectUrl = signUpForceRedirectUrl ?? envConfig.signUpForceRedirectUrl;\n const finalSignInFallbackRedirectUrl = signInFallbackRedirectUrl ?? envConfig.signInFallbackRedirectUrl;\n const finalSignUpFallbackRedirectUrl = signUpFallbackRedirectUrl ?? envConfig.signUpFallbackRedirectUrl;\n const finalPersistence = propsPersistence ?? envConfig.persistence;\n\n // Construct the result, ensuring it conforms to NextProviderProcessedProps\n // (Omit<TernSecureProviderProps, 'children'>)\n const result: NextProviderProcessedProps = {\n ...(baseProps as Omit<TernSecureProviderProps, 'children' | keyof IsoTernSecureAuthOptions | 'requiresVerification' | 'loadingComponent'>),\n\n // Set the Firebase configuration properties\n ternSecureConfig,\n \n // Set properties explicitly taken from TernSecureNextProps (props version)\n // These are part of the TernSecureProviderProps interface.\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n\n //TernSecure: baseProps.Instance,\n initialState: baseProps.initialState,\n bypassApiKey: baseProps.bypassApiKey,\n signInUrl: finalSignInUrl,\n signUpUrl: finalSignUpUrl,\n signInForceRedirectUrl: finalSignInForceRedirectUrl,\n signUpForceRedirectUrl: finalSignUpForceRedirectUrl,\n signInFallbackRedirectUrl: finalSignInFallbackRedirectUrl,\n signUpFallbackRedirectUrl: finalSignUpFallbackRedirectUrl,\n mode: baseProps.mode,\n apiUrl: finalApiUrl,\n persistence: finalPersistence\n };\n\n // Clean up undefined keys that might have resulted from spreading if not present in baseProps\n // and also not set by merged values (e.g. if env var is also undefined)\n Object.keys(result).forEach(key => {\n if (result[key as keyof NextProviderProcessedProps] === undefined) {\n delete result[key as keyof NextProviderProcessedProps];\n }\n });\n\n return result;\n};"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAOO,MAAM,8BAA8B,CACzC,cACQ;AACR,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA,QAAQ;AAAA,IACR,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,IAClB,aAAa;AAAA,IACb,GAAG;AAAA,EACL,IAAI;AAEJ,QAAM,YAAY;AAAA,IAChB,QAAQ,QAAQ,IAAI;AAAA,IACpB,QAAQ,QAAQ,IAAI,sBAAsB;AAAA,IAC1C,WAAW,QAAQ,IAAI;AAAA,IACvB,cAAc,QAAQ,IAAI;AAAA,IAC1B,UAAU,QAAQ,IAAI;AAAA,IACtB,aAAa,QAAQ,IAAI;AAAA,IACzB,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,aAAa,QAAQ,IAAI;AAAA,IACzB,aAAa,QAAQ,IAAI;AAAA,IACzB,gBAAgB,QAAQ,IAAI;AAAA,IAC5B,aAAa,QAAQ,IAAI;AAAA,IACzB,YAAY,QAAQ,IAAI;AAAA,EAC1B;AAEA,QAAM,mBAAmB;AAAA,IACvB,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,IACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,IAC5D,SAAS,QAAQ,IAAI,iCAAiC;AAAA,IACtD,WAAW,QAAQ,IAAI,mCAAmC;AAAA,IAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,IAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,IAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,IAClD,eAAe,QAAQ,IAAI;AAAA,IAC3B,UAAU,QAAQ,IAAI,kCAAkC;AAAA,EAC1D;AAIA,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,mBAAmB,oBAAoB,UAAU;AAIvD,QAAM,SAAqC;AAAA,IACzC,GAAI;AAAA;AAAA,IAGJ;AAAA;AAAA;AAAA,IAIA,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA;AAAA,IAGlB,cAAc,UAAU;AAAA,IACxB,cAAc,UAAU;AAAA,IACxB,WAAW;AAAA,IACX,WAAW;AAAA,IACX,wBAAwB;AAAA,IACxB,wBAAwB;AAAA,IACxB,2BAA2B;AAAA,IAC3B,2BAA2B;AAAA,IAC3B,MAAM,UAAU;AAAA,IAChB,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAIA,SAAO,KAAK,MAAM,EAAE,QAAQ,SAAO;AACjC,QAAI,OAAO,GAAuC,MAAM,QAAW;AACjE,aAAO,OAAO,GAAuC;AAAA,IACvD;AAAA,EACF,CAAC;AAED,SAAO;AACT;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/allNextProviderProps.ts"],"sourcesContent":["import type { \n IsoTernSecureAuthOptions,\n TernSecureProviderProps} from \"@tern-secure/react\";\n\nimport type { NextProviderProcessedProps, TernSecureNextProps } from \"../types\";\n\n\nexport const allNextProviderPropsWithEnv = (\n nextProps: Omit<TernSecureNextProps, 'children'>\n): any => {\n const {\n signInUrl,\n signUpUrl,\n signInForceRedirectUrl,\n signUpForceRedirectUrl,\n signInFallbackRedirectUrl,\n signUpFallbackRedirectUrl,\n //apiKey: propsApiKey,\n apiUrl: propsApiUrl,\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n persistence: propsPersistence,\n ...baseProps \n } = nextProps;\n\n const envConfig = {\n apiKey: process.env.NEXT_PUBLIC_TERN_API_KEY,\n apiUrl: process.env.TERNSECURE_API_URL || '',\n projectId: process.env.NEXT_PUBLIC_TERN_PROJECT_ID,\n customDomain: process.env.NEXT_PUBLIC_TERN_CUSTOM_DOMAIN,\n proxyUrl: process.env.NEXT_PUBLIC_TERN_PROXY_URL,\n environment: process.env.NEXT_PUBLIC_TERN_ENVIRONMENT,\n signInUrl: process.env.NEXT_PUBLIC_SIGN_IN_URL || '',\n signUpUrl: process.env.NEXT_PUBLIC_SIGN_UP_URL || '',\n signInForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FORCE_REDIRECT_URL || '',\n signUpForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FORCE_REDIRECT_URL || '',\n signInFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FALLBACK_REDIRECT_URL || '',\n signUpFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FALLBACK_REDIRECT_URL || '',\n persistence: process.env.NEXT_PUBLIC_TERN_PERSISTENCE as 'local' | 'session' | 'browserCookie' | 'none',\n useEmulator: process.env.NEXT_PUBLIC_USE_FIREBASE_EMULATOR,\n projectIdAdmin: process.env.FIREBASE_PROJECT_ID,\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL,\n privateKey: process.env.FIREBASE_PRIVATE_KEY,\n };\n\n const ternSecureConfig = {\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\n databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL || '',\n appName: process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || '',\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENTID,\n tenantId: process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || '',\n };\n\n // Merge config values: props take precedence over environment variables\n //const finalApiKey = propsApiKey ?? envConfig.apiKey;\n const finalApiUrl = propsApiUrl ?? envConfig.apiUrl;\n const finalSignInUrl = signInUrl ?? envConfig.signInUrl;\n const finalSignUpUrl = signUpUrl ?? envConfig.signUpUrl;\n const finalSignInForceRedirectUrl = signInForceRedirectUrl ?? envConfig.signInForceRedirectUrl;\n const finalSignUpForceRedirectUrl = signUpForceRedirectUrl ?? envConfig.signUpForceRedirectUrl;\n const finalSignInFallbackRedirectUrl = signInFallbackRedirectUrl ?? envConfig.signInFallbackRedirectUrl;\n const finalSignUpFallbackRedirectUrl = signUpFallbackRedirectUrl ?? envConfig.signUpFallbackRedirectUrl;\n const finalPersistence = propsPersistence ?? envConfig.persistence;\n\n // Construct the result, ensuring it conforms to NextProviderProcessedProps\n // (Omit<TernSecureProviderProps, 'children'>)\n const result: NextProviderProcessedProps = {\n ...(baseProps as Omit<TernSecureProviderProps, 'children' | keyof IsoTernSecureAuthOptions | 'requiresVerification' | 'loadingComponent'>),\n\n // Set the Firebase configuration properties\n ternSecureConfig,\n \n // Set properties explicitly taken from TernSecureNextProps (props version)\n // These are part of the TernSecureProviderProps interface.\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n\n //TernSecure: baseProps.Instance,\n initialState: baseProps.initialState,\n bypassApiKey: baseProps.bypassApiKey,\n signInUrl: finalSignInUrl,\n signUpUrl: finalSignUpUrl,\n signInForceRedirectUrl: finalSignInForceRedirectUrl,\n signUpForceRedirectUrl: finalSignUpForceRedirectUrl,\n signInFallbackRedirectUrl: finalSignInFallbackRedirectUrl,\n signUpFallbackRedirectUrl: finalSignUpFallbackRedirectUrl,\n mode: baseProps.mode,\n apiUrl: finalApiUrl,\n persistence: finalPersistence\n };\n\n // Clean up undefined keys that might have resulted from spreading if not present in baseProps\n // and also not set by merged values (e.g. if env var is also undefined)\n Object.keys(result).forEach(key => {\n if (result[key as keyof NextProviderProcessedProps] === undefined) {\n delete result[key as keyof NextProviderProcessedProps];\n }\n });\n\n return result;\n};"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAOO,MAAM,8BAA8B,CACzC,cACQ;AACR,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA,QAAQ;AAAA,IACR,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,IAClB,aAAa;AAAA,IACb,GAAG;AAAA,EACL,IAAI;AAEJ,QAAM,YAAY;AAAA,IAChB,QAAQ,QAAQ,IAAI;AAAA,IACpB,QAAQ,QAAQ,IAAI,sBAAsB;AAAA,IAC1C,WAAW,QAAQ,IAAI;AAAA,IACvB,cAAc,QAAQ,IAAI;AAAA,IAC1B,UAAU,QAAQ,IAAI;AAAA,IACtB,aAAa,QAAQ,IAAI;AAAA,IACzB,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,aAAa,QAAQ,IAAI;AAAA,IACzB,aAAa,QAAQ,IAAI;AAAA,IACzB,gBAAgB,QAAQ,IAAI;AAAA,IAC5B,aAAa,QAAQ,IAAI;AAAA,IACzB,YAAY,QAAQ,IAAI;AAAA,EAC1B;AAEA,QAAM,mBAAmB;AAAA,IACvB,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,IACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,IAC5D,aAAa,QAAQ,IAAI,qCAAqC;AAAA,IAC9D,SAAS,QAAQ,IAAI,iCAAiC;AAAA,IACtD,WAAW,QAAQ,IAAI,mCAAmC;AAAA,IAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,IAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,IAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,IAClD,eAAe,QAAQ,IAAI;AAAA,IAC3B,UAAU,QAAQ,IAAI,kCAAkC;AAAA,EAC1D;AAIA,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,mBAAmB,oBAAoB,UAAU;AAIvD,QAAM,SAAqC;AAAA,IACzC,GAAI;AAAA;AAAA,IAGJ;AAAA;AAAA;AAAA,IAIA,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA;AAAA,IAGlB,cAAc,UAAU;AAAA,IACxB,cAAc,UAAU;AAAA,IACxB,WAAW;AAAA,IACX,WAAW;AAAA,IACX,wBAAwB;AAAA,IACxB,wBAAwB;AAAA,IACxB,2BAA2B;AAAA,IAC3B,2BAA2B;AAAA,IAC3B,MAAM,UAAU;AAAA,IAChB,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAIA,SAAO,KAAK,MAAM,EAAE,QAAQ,SAAO;AACjC,QAAI,OAAO,GAAuC,MAAM,QAAW;AACjE,aAAO,OAAO,GAAuC;AAAA,IACvD;AAAA,EACF,CAAC;AAED,SAAO;AACT;","names":[]}
|
package/dist/cjs/utils/config.js
CHANGED
|
@@ -32,6 +32,7 @@ module.exports = __toCommonJS(config_exports);
|
|
|
32
32
|
const loadFireConfig = () => ({
|
|
33
33
|
apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || "",
|
|
34
34
|
authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || "",
|
|
35
|
+
databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL || "",
|
|
35
36
|
projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || "",
|
|
36
37
|
storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || "",
|
|
37
38
|
messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || "",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/utils/config.ts"],"sourcesContent":["import type { \r\n AdminConfigValidationResult,\r\n ConfigValidationResult, \r\n ServerConfigValidationResult,\r\n TernSecureAdminConfig,\r\n TernSecureConfig, \r\n TernSecureServerConfig} from '@tern-secure/types'\r\n\r\n/**\r\n * Loads Firebase configuration from environment variables\r\n * @returns {TernSecureConfig} Firebase configuration object\r\n */\r\nexport const loadFireConfig = (): TernSecureConfig => ({\r\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\r\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\r\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\r\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\r\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\r\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\r\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID || undefined,\r\n})\r\n\r\n/**\r\n * Validates Firebase configuration\r\n * @param {TernSecureConfig} config - Firebase configuration object\r\n * @throws {Error} If required configuration values are missing\r\n * @returns {TernSecureConfig} Validated configuration object\r\n */\r\nexport const validateConfig = (config: TernSecureConfig): ConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureConfig)[] = [\r\n 'apiKey',\r\n 'authDomain',\r\n 'projectId',\r\n 'storageBucket',\r\n 'messagingSenderId',\r\n 'appId'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: NEXT_PUBLIC_FIREBASE_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n/**\r\n * Initializes configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeConfig = (): TernSecureConfig => {\r\n const config = loadFireConfig()\r\n const validationResult = validateConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}\r\n\r\n/**\r\n * Loads Firebase Admin configuration from environment variables\r\n * @returns {AdminConfig} Firebase Admin configuration object\r\n */\r\nexport const loadAdminConfig = (): TernSecureAdminConfig => ({\r\n projectId: process.env.FIREBASE_PROJECT_ID || '',\r\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL || '',\r\n privateKey: process.env.FIREBASE_PRIVATE_KEY || '',\r\n})\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateAdminConfig = (config: TernSecureAdminConfig): AdminConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureAdminConfig)[] = [\r\n 'projectId',\r\n 'clientEmail',\r\n 'privateKey'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeAdminConfig = (): TernSecureAdminConfig => {\r\n const config = loadAdminConfig()\r\n const validationResult = validateAdminConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase Admin configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}\r\n\r\n\r\n\r\n/**\r\n * Loads Firebase Server configuration from environment variables\r\n * @returns {ServerConfig} Firebase Server configuration object\r\n */\r\nexport const loadServerConfig = (): TernSecureServerConfig => ({\r\n apiKey: process.env.FIREBASE_SERVER_API_KEY || '',\r\n\r\n})\r\n\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateServerConfig = (config: TernSecureServerConfig): ServerConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureServerConfig)[] = [\r\n 'apiKey'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: FIREBASE_SERVER_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeServerConfig = (): TernSecureServerConfig => {\r\n const config = loadServerConfig()\r\n const validationResult = validateServerConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase Server configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYO,MAAM,iBAAiB,OAAyB;AAAA,EACrD,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,EACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,EAC5D,WAAW,QAAQ,IAAI,mCAAmC;AAAA,EAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,EAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,EAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,EAClD,eAAe,QAAQ,IAAI,uCAAuC;AACpE;AAQO,MAAM,iBAAiB,CAAC,WAAqD;AAClF,QAAM,iBAA6C;AAAA,IACjD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,gDAAgD,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC3F;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,mBAAmB,MAAwB;AACtD,QAAM,SAAS,eAAe;AAC9B,QAAM,mBAAmB,eAAe,MAAM;AAE9C,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAA8C,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IAClF;AAAA,EACF;AAEA,SAAO;AACT;AAMO,MAAM,kBAAkB,OAA8B;AAAA,EAC3D,WAAW,QAAQ,IAAI,uBAAuB;AAAA,EAC9C,aAAa,QAAQ,IAAI,yBAAyB;AAAA,EAClD,YAAY,QAAQ,IAAI,wBAAwB;AAClD;AAOO,MAAM,sBAAsB,CAAC,WAA+D;AACjG,QAAM,iBAAkD;AAAA,IACtD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,oCAAoC,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC/E;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,wBAAwB,MAA6B;AAChE,QAAM,SAAS,gBAAgB;AAC/B,QAAM,mBAAmB,oBAAoB,MAAM;AAEnD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAoD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACxF;AAAA,EACF;AAEA,SAAO;AACT;AAQO,MAAM,mBAAmB,OAA+B;AAAA,EAC7D,QAAQ,QAAQ,IAAI,2BAA2B;AAEjD;AAQO,MAAM,uBAAuB,CAAC,WAAiE;AACpG,QAAM,iBAAmD;AAAA,IACvD;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,2CAA2C,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IACtF;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAQO,MAAM,yBAAyB,MAA8B;AAClE,QAAM,SAAS,iBAAiB;AAChC,QAAM,mBAAmB,qBAAqB,MAAM;AAEpD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAqD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACzF;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/config.ts"],"sourcesContent":["import type { \r\n AdminConfigValidationResult,\r\n ConfigValidationResult, \r\n ServerConfigValidationResult,\r\n TernSecureAdminConfig,\r\n TernSecureConfig, \r\n TernSecureServerConfig} from '@tern-secure/types'\r\n\r\n/**\r\n * Loads Firebase configuration from environment variables\r\n * @returns {TernSecureConfig} Firebase configuration object\r\n */\r\nexport const loadFireConfig = (): TernSecureConfig => ({\r\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\r\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\r\n databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL || '',\r\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\r\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\r\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\r\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\r\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID || undefined,\r\n})\r\n\r\n/**\r\n * Validates Firebase configuration\r\n * @param {TernSecureConfig} config - Firebase configuration object\r\n * @throws {Error} If required configuration values are missing\r\n * @returns {TernSecureConfig} Validated configuration object\r\n */\r\nexport const validateConfig = (config: TernSecureConfig): ConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureConfig)[] = [\r\n 'apiKey',\r\n 'authDomain',\r\n 'projectId',\r\n 'storageBucket',\r\n 'messagingSenderId',\r\n 'appId'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: NEXT_PUBLIC_FIREBASE_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n/**\r\n * Initializes configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeConfig = (): TernSecureConfig => {\r\n const config = loadFireConfig()\r\n const validationResult = validateConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}\r\n\r\n/**\r\n * Loads Firebase Admin configuration from environment variables\r\n * @returns {AdminConfig} Firebase Admin configuration object\r\n */\r\nexport const loadAdminConfig = (): TernSecureAdminConfig => ({\r\n projectId: process.env.FIREBASE_PROJECT_ID || '',\r\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL || '',\r\n privateKey: process.env.FIREBASE_PRIVATE_KEY || '',\r\n})\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateAdminConfig = (config: TernSecureAdminConfig): AdminConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureAdminConfig)[] = [\r\n 'projectId',\r\n 'clientEmail',\r\n 'privateKey'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeAdminConfig = (): TernSecureAdminConfig => {\r\n const config = loadAdminConfig()\r\n const validationResult = validateAdminConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase Admin configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}\r\n\r\n\r\n\r\n/**\r\n * Loads Firebase Server configuration from environment variables\r\n * @returns {ServerConfig} Firebase Server configuration object\r\n */\r\nexport const loadServerConfig = (): TernSecureServerConfig => ({\r\n apiKey: process.env.FIREBASE_SERVER_API_KEY || '',\r\n\r\n})\r\n\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateServerConfig = (config: TernSecureServerConfig): ServerConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureServerConfig)[] = [\r\n 'apiKey'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: FIREBASE_SERVER_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeServerConfig = (): TernSecureServerConfig => {\r\n const config = loadServerConfig()\r\n const validationResult = validateServerConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase Server configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYO,MAAM,iBAAiB,OAAyB;AAAA,EACrD,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,EACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,EAC5D,aAAa,QAAQ,IAAI,qCAAqC;AAAA,EAC9D,WAAW,QAAQ,IAAI,mCAAmC;AAAA,EAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,EAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,EAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,EAClD,eAAe,QAAQ,IAAI,uCAAuC;AACpE;AAQO,MAAM,iBAAiB,CAAC,WAAqD;AAClF,QAAM,iBAA6C;AAAA,IACjD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,gDAAgD,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC3F;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,mBAAmB,MAAwB;AACtD,QAAM,SAAS,eAAe;AAC9B,QAAM,mBAAmB,eAAe,MAAM;AAE9C,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAA8C,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IAClF;AAAA,EACF;AAEA,SAAO;AACT;AAMO,MAAM,kBAAkB,OAA8B;AAAA,EAC3D,WAAW,QAAQ,IAAI,uBAAuB;AAAA,EAC9C,aAAa,QAAQ,IAAI,yBAAyB;AAAA,EAClD,YAAY,QAAQ,IAAI,wBAAwB;AAClD;AAOO,MAAM,sBAAsB,CAAC,WAA+D;AACjG,QAAM,iBAAkD;AAAA,IACtD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,oCAAoC,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC/E;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,wBAAwB,MAA6B;AAChE,QAAM,SAAS,gBAAgB;AAC/B,QAAM,mBAAmB,oBAAoB,MAAM;AAEnD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAoD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACxF;AAAA,EACF;AAEA,SAAO;AACT;AAQO,MAAM,mBAAmB,OAA+B;AAAA,EAC7D,QAAQ,QAAQ,IAAI,2BAA2B;AAEjD;AAQO,MAAM,uBAAuB,CAAC,WAAiE;AACpG,QAAM,iBAAmD;AAAA,IACvD;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,2CAA2C,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IACtF;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAQO,MAAM,yBAAyB,MAA8B;AAClE,QAAM,SAAS,iBAAiB;AAChC,QAAM,mBAAmB,qBAAqB,MAAM;AAEpD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAqD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACzF;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}
|
|
@@ -1,26 +1,37 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
1
|
+
import { DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS, DEFAULT_SESSION_COOKIE_OPTIONS } from "./types";
|
|
2
|
+
const ONE_YEAR_IN_SECONDS = 365 * 24 * 60 * 60;
|
|
3
|
+
function getIdTokenCookieOptions() {
|
|
3
4
|
return {
|
|
4
|
-
path:
|
|
5
|
-
httpOnly:
|
|
6
|
-
secure:
|
|
7
|
-
sameSite:
|
|
8
|
-
maxAge:
|
|
9
|
-
priority:
|
|
5
|
+
path: "/",
|
|
6
|
+
httpOnly: true,
|
|
7
|
+
secure: process.env.NODE_ENV === "production",
|
|
8
|
+
sameSite: "strict",
|
|
9
|
+
maxAge: ONE_YEAR_IN_SECONDS,
|
|
10
|
+
priority: "high"
|
|
11
|
+
};
|
|
12
|
+
}
|
|
13
|
+
function getSessionCookieOptions(config) {
|
|
14
|
+
return {
|
|
15
|
+
path: config?.cookies?.path ?? DEFAULT_SESSION_COOKIE_OPTIONS.path ?? "/",
|
|
16
|
+
httpOnly: config?.cookies?.httpOnly ?? DEFAULT_SESSION_COOKIE_OPTIONS.httpOnly ?? true,
|
|
17
|
+
secure: config?.cookies?.secure ?? DEFAULT_SESSION_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
|
|
18
|
+
sameSite: config?.cookies?.sameSite ?? DEFAULT_SESSION_COOKIE_OPTIONS.sameSite ?? "strict",
|
|
19
|
+
maxAge: config?.cookies?.maxAge ?? DEFAULT_SESSION_COOKIE_OPTIONS.maxAge,
|
|
20
|
+
priority: config?.cookies?.priority ?? DEFAULT_SESSION_COOKIE_OPTIONS.priority
|
|
10
21
|
};
|
|
11
22
|
}
|
|
12
23
|
function getDeleteOptions(options) {
|
|
13
24
|
return {
|
|
14
|
-
path: options?.cookies?.path ??
|
|
15
|
-
httpOnly: options?.cookies?.httpOnly ??
|
|
16
|
-
secure: options?.cookies?.secure ??
|
|
17
|
-
sameSite: options?.cookies?.sameSite ??
|
|
25
|
+
path: options?.cookies?.path ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.path ?? "/",
|
|
26
|
+
httpOnly: options?.cookies?.httpOnly ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.httpOnly ?? true,
|
|
27
|
+
secure: options?.cookies?.secure ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
|
|
28
|
+
sameSite: options?.cookies?.sameSite ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.sameSite ?? "strict",
|
|
18
29
|
revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true
|
|
19
|
-
// Domain is intentionally omitted to use current domain
|
|
20
30
|
};
|
|
21
31
|
}
|
|
22
32
|
export {
|
|
23
|
-
|
|
24
|
-
|
|
33
|
+
getDeleteOptions,
|
|
34
|
+
getIdTokenCookieOptions,
|
|
35
|
+
getSessionCookieOptions
|
|
25
36
|
};
|
|
26
37
|
//# sourceMappingURL=cookieOptionsHelper.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/cookieOptionsHelper.ts"],"sourcesContent":["import type { CookieOptions, TernSecureHandlerOptions } from '@tern-secure/types';\n\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/cookieOptionsHelper.ts"],"sourcesContent":["import type { CookieOptions, TernSecureHandlerOptions } from '@tern-secure/types';\n\nimport { DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS, DEFAULT_SESSION_COOKIE_OPTIONS } from './types';\n\nconst ONE_YEAR_IN_SECONDS = 365 * 24 * 60 * 60;\n\n\nexport function getIdTokenCookieOptions(\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: '/',\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: ONE_YEAR_IN_SECONDS,\n priority: 'high',\n };\n}\n\nexport function getSessionCookieOptions(\n config?: TernSecureHandlerOptions,\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: config?.cookies?.path ?? DEFAULT_SESSION_COOKIE_OPTIONS.path ?? '/',\n httpOnly: config?.cookies?.httpOnly ?? DEFAULT_SESSION_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n config?.cookies?.secure ?? DEFAULT_SESSION_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: config?.cookies?.sameSite ?? DEFAULT_SESSION_COOKIE_OPTIONS.sameSite ?? 'strict',\n maxAge: config?.cookies?.maxAge ?? DEFAULT_SESSION_COOKIE_OPTIONS.maxAge,\n priority: config?.cookies?.priority ?? DEFAULT_SESSION_COOKIE_OPTIONS.priority,\n };\n}\n\n\nexport function getDeleteOptions(options?: {\n cookies?: TernSecureHandlerOptions['cookies'];\n revokeRefreshTokensOnSignOut?: boolean;\n}): {\n path: string;\n httpOnly?: boolean;\n secure?: boolean;\n domain?: string;\n sameSite?: 'lax' | 'strict' | 'none';\n revokeRefreshTokensOnSignOut?: boolean;\n} {\n return {\n path: options?.cookies?.path ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.path ?? '/',\n httpOnly: options?.cookies?.httpOnly ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n options?.cookies?.secure ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: options?.cookies?.sameSite ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.sameSite ?? 'strict',\n revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true,\n };\n}\n"],"mappings":"AAEA,SAAS,yCAAyC,sCAAsC;AAExF,MAAM,sBAAsB,MAAM,KAAK,KAAK;AAGrC,SAAS,0BAE6B;AAC3C,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,EACZ;AACF;AAEO,SAAS,wBACd,QAE2C;AAC3C,SAAO;AAAA,IACL,MAAM,QAAQ,SAAS,QAAQ,+BAA+B,QAAQ;AAAA,IACtE,UAAU,QAAQ,SAAS,YAAY,+BAA+B,YAAY;AAAA,IAClF,QACE,QAAQ,SAAS,UAAU,+BAA+B,UAAU,QAAQ,IAAI,aAAa;AAAA,IAC/F,UAAU,QAAQ,SAAS,YAAY,+BAA+B,YAAY;AAAA,IAClF,QAAQ,QAAQ,SAAS,UAAU,+BAA+B;AAAA,IAClE,UAAU,QAAQ,SAAS,YAAY,+BAA+B;AAAA,EACxE;AACF;AAGO,SAAS,iBAAiB,SAU/B;AACA,SAAO;AAAA,IACL,MAAM,SAAS,SAAS,QAAQ,wCAAwC,QAAQ;AAAA,IAChF,UAAU,SAAS,SAAS,YAAY,wCAAwC,YAAY;AAAA,IAC5F,QACE,SAAS,SAAS,UAAU,wCAAwC,UAAU,QAAQ,IAAI,aAAa;AAAA,IACzG,UAAU,SAAS,SAAS,YAAY,wCAAwC,YAAY;AAAA,IAC5F,8BAA8B,SAAS,gCAAgC;AAAA,EACzE;AACF;","names":[]}
|
|
@@ -10,7 +10,7 @@ import {
|
|
|
10
10
|
FIREBASE_PROJECT_ID,
|
|
11
11
|
FIREBASE_STORAGE_BUCKET
|
|
12
12
|
} from "./constants";
|
|
13
|
-
import {
|
|
13
|
+
import { getIdTokenCookieOptions } from "./cookieOptionsHelper";
|
|
14
14
|
async function refreshCookieWithIdToken(idToken, cookieStore, config, referrer) {
|
|
15
15
|
const backendClient = await ternSecureBackendClient();
|
|
16
16
|
const authOptions = {
|
|
@@ -25,7 +25,7 @@ async function refreshCookieWithIdToken(idToken, cookieStore, config, referrer)
|
|
|
25
25
|
},
|
|
26
26
|
apiClient: backendClient
|
|
27
27
|
};
|
|
28
|
-
const COOKIE_OPTIONS =
|
|
28
|
+
const COOKIE_OPTIONS = getIdTokenCookieOptions();
|
|
29
29
|
const { createCustomIdAndRefreshToken } = getAuth(authOptions);
|
|
30
30
|
const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });
|
|
31
31
|
const cookiePrefix = getCookiePrefix();
|
|
@@ -39,6 +39,11 @@ async function refreshCookieWithIdToken(idToken, cookieStore, config, referrer)
|
|
|
39
39
|
getCookieName(constants.Cookies.Refresh, cookiePrefix),
|
|
40
40
|
customTokens.refreshToken,
|
|
41
41
|
COOKIE_OPTIONS
|
|
42
|
+
),
|
|
43
|
+
cookieStore.set(
|
|
44
|
+
constants.Cookies.TernAut,
|
|
45
|
+
customTokens.auth_time.toString(),
|
|
46
|
+
{ secure: true, maxAge: 365 * 24 * 60 * 60 }
|
|
42
47
|
)
|
|
43
48
|
];
|
|
44
49
|
if (config?.enableCustomToken) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport { getIdTokenCookieOptions } from './cookieOptionsHelper';\nimport type { TernSecureHandlerOptions } from './types';\n\nexport async function refreshCookieWithIdToken(\n idToken: string,\n cookieStore: NextCookieStore,\n config?: TernSecureHandlerOptions,\n referrer?: string,\n): Promise<void> {\n const backendClient = await ternSecureBackendClient();\n\n const authOptions: AuthenticateRequestOptions = {\n tenantId: config?.tenantId || undefined,\n firebaseConfig: {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n },\n apiClient: backendClient,\n };\n\n const COOKIE_OPTIONS = getIdTokenCookieOptions();\n\n const { createCustomIdAndRefreshToken } = getAuth(authOptions);\n\n const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });\n\n const cookiePrefix = getCookiePrefix();\n\n const cookiePromises = [\n cookieStore.set(\n getCookieName(constants.Cookies.IdToken, cookiePrefix),\n customTokens.idToken,\n COOKIE_OPTIONS,\n ),\n cookieStore.set(\n getCookieName(constants.Cookies.Refresh, cookiePrefix),\n customTokens.refreshToken,\n COOKIE_OPTIONS,\n ),\n\n cookieStore.set(\n constants.Cookies.TernAut,\n customTokens.auth_time.toString(),\n { secure: true, maxAge: 365 * 24 * 60 * 60 }\n ),\n ];\n\n if (config?.enableCustomToken) {\n cookiePromises.push(\n cookieStore.set(constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS),\n );\n }\n\n await Promise.all(cookiePromises);\n}\n"],"mappings":"AACA,SAAS,iBAAiB;AAC1B,SAAS,eAAe;AACxB,SAAS,eAAe,uBAAuB;AAE/C,SAAS,+BAA+B;AAExC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,+BAA+B;AAGxC,eAAsB,yBACpB,SACA,aACA,QACA,UACe;AACf,QAAM,gBAAgB,MAAM,wBAAwB;AAEpD,QAAM,cAA0C;AAAA,IAC9C,UAAU,QAAQ,YAAY;AAAA,IAC9B,gBAAgB;AAAA,MACd,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,MACf,mBAAmB;AAAA,MACnB,OAAO;AAAA,IACT;AAAA,IACA,WAAW;AAAA,EACb;AAEA,QAAM,iBAAiB,wBAAwB;AAE/C,QAAM,EAAE,8BAA8B,IAAI,QAAQ,WAAW;AAE7D,QAAM,eAAe,MAAM,8BAA8B,SAAS,EAAE,SAAS,SAAS,CAAC;AAEvF,QAAM,eAAe,gBAAgB;AAErC,QAAM,iBAAiB;AAAA,IACrB,YAAY;AAAA,MACV,cAAc,UAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,IACA,YAAY;AAAA,MACV,cAAc,UAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,IAEA,YAAY;AAAA,MACV,UAAU,QAAQ;AAAA,MAClB,aAAa,UAAU,SAAS;AAAA,MAChC,EAAE,QAAQ,MAAM,QAAQ,MAAM,KAAK,KAAK,GAAG;AAAA,IAC7C;AAAA,EACF;AAEA,MAAI,QAAQ,mBAAmB;AAC7B,mBAAe;AAAA,MACb,YAAY,IAAI,UAAU,QAAQ,QAAQ,aAAa,aAAa,cAAc;AAAA,IACpF;AAAA,EACF;AAEA,QAAM,QAAQ,IAAI,cAAc;AAClC;","names":[]}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { constants } from "@tern-secure/backend";
|
|
1
2
|
import { clearSessionCookie } from "@tern-secure/backend/admin";
|
|
2
3
|
import { ternDecodeJwtUnguarded } from "@tern-secure/backend/jwt";
|
|
3
4
|
import { NextCookieStore } from "../../utils/NextCookieAdapter";
|
|
@@ -50,7 +51,7 @@ async function sessionEndpointHandler(context, config) {
|
|
|
50
51
|
const cookieStore = new NextCookieStore();
|
|
51
52
|
const { idToken, csrfToken, error } = await validateSessionRequest();
|
|
52
53
|
if (error) return error;
|
|
53
|
-
const csrfCookieValue = await cookieStore.get(
|
|
54
|
+
const csrfCookieValue = await cookieStore.get(constants.Cookies.CsrfToken);
|
|
54
55
|
validateCsrfToken(csrfToken || "", csrfCookieValue.value);
|
|
55
56
|
const handleCreateSession = async (cookieStore2, idToken2) => {
|
|
56
57
|
try {
|