@tern-secure/nextjs 5.2.0-canary.v20251030165007 → 5.2.0-canary.v20251125170702

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (137) hide show
  1. package/dist/cjs/app-router/admin/actions.js +5 -0
  2. package/dist/cjs/app-router/admin/actions.js.map +1 -1
  3. package/dist/cjs/app-router/admin/cookieOptionsHelper.js +28 -16
  4. package/dist/cjs/app-router/admin/cookieOptionsHelper.js.map +1 -1
  5. package/dist/cjs/app-router/admin/endpointRouter.js +10 -1
  6. package/dist/cjs/app-router/admin/endpointRouter.js.map +1 -1
  7. package/dist/cjs/app-router/admin/request.js +6 -1
  8. package/dist/cjs/app-router/admin/request.js.map +1 -1
  9. package/dist/cjs/app-router/admin/sessionHandlers.js +79 -7
  10. package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
  11. package/dist/cjs/app-router/admin/signInCreateHandler.js +213 -0
  12. package/dist/cjs/app-router/admin/signInCreateHandler.js.map +1 -0
  13. package/dist/cjs/app-router/admin/types.js +33 -11
  14. package/dist/cjs/app-router/admin/types.js.map +1 -1
  15. package/dist/cjs/app-router/client/TernSecureProvider.js +5 -1
  16. package/dist/cjs/app-router/client/TernSecureProvider.js.map +1 -1
  17. package/dist/cjs/app-router/server/TernSecureProvider.js +1 -1
  18. package/dist/cjs/app-router/server/TernSecureProvider.js.map +1 -1
  19. package/dist/cjs/app-router/server/auth.js +1 -1
  20. package/dist/cjs/app-router/server/auth.js.map +1 -1
  21. package/dist/cjs/boundary/components.js +2 -12
  22. package/dist/cjs/boundary/components.js.map +1 -1
  23. package/dist/cjs/{app-router/server/auth_new.js → components/uiComponents.js} +18 -17
  24. package/dist/cjs/components/uiComponents.js.map +1 -0
  25. package/dist/cjs/index.js +9 -15
  26. package/dist/cjs/index.js.map +1 -1
  27. package/dist/cjs/server/data/getAuthDataFromRequest.js +15 -15
  28. package/dist/cjs/server/data/getAuthDataFromRequest.js.map +1 -1
  29. package/dist/cjs/server/index.js +3 -6
  30. package/dist/cjs/server/index.js.map +1 -1
  31. package/dist/cjs/server/{ternSecureEdgeMiddleware.js → ternSecureProxy.js} +32 -9
  32. package/dist/cjs/server/ternSecureProxy.js.map +1 -0
  33. package/dist/cjs/server/utils.js +1 -1
  34. package/dist/cjs/server/utils.js.map +1 -1
  35. package/dist/cjs/utils/allNextProviderProps.js +17 -3
  36. package/dist/cjs/utils/allNextProviderProps.js.map +1 -1
  37. package/dist/cjs/utils/config.js +1 -0
  38. package/dist/cjs/utils/config.js.map +1 -1
  39. package/dist/cjs/utils/tern-ui-script.js +72 -0
  40. package/dist/cjs/utils/tern-ui-script.js.map +1 -0
  41. package/dist/esm/app-router/admin/actions.js +5 -0
  42. package/dist/esm/app-router/admin/actions.js.map +1 -1
  43. package/dist/esm/app-router/admin/cookieOptionsHelper.js +26 -15
  44. package/dist/esm/app-router/admin/cookieOptionsHelper.js.map +1 -1
  45. package/dist/esm/app-router/admin/endpointRouter.js +11 -2
  46. package/dist/esm/app-router/admin/endpointRouter.js.map +1 -1
  47. package/dist/esm/app-router/admin/request.js +7 -2
  48. package/dist/esm/app-router/admin/request.js.map +1 -1
  49. package/dist/esm/app-router/admin/sessionHandlers.js +83 -7
  50. package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
  51. package/dist/esm/app-router/admin/signInCreateHandler.js +188 -0
  52. package/dist/esm/app-router/admin/signInCreateHandler.js.map +1 -0
  53. package/dist/esm/app-router/admin/types.js +30 -10
  54. package/dist/esm/app-router/admin/types.js.map +1 -1
  55. package/dist/esm/app-router/client/TernSecureProvider.js +6 -2
  56. package/dist/esm/app-router/client/TernSecureProvider.js.map +1 -1
  57. package/dist/esm/app-router/server/TernSecureProvider.js +2 -2
  58. package/dist/esm/app-router/server/TernSecureProvider.js.map +1 -1
  59. package/dist/esm/app-router/server/auth.js +2 -2
  60. package/dist/esm/app-router/server/auth.js.map +1 -1
  61. package/dist/esm/boundary/components.js +1 -11
  62. package/dist/esm/boundary/components.js.map +1 -1
  63. package/dist/esm/components/uiComponents.js +21 -0
  64. package/dist/esm/components/uiComponents.js.map +1 -0
  65. package/dist/esm/index.js +10 -14
  66. package/dist/esm/index.js.map +1 -1
  67. package/dist/esm/server/data/getAuthDataFromRequest.js +21 -13
  68. package/dist/esm/server/data/getAuthDataFromRequest.js.map +1 -1
  69. package/dist/esm/server/index.js +2 -8
  70. package/dist/esm/server/index.js.map +1 -1
  71. package/dist/esm/server/{ternSecureEdgeMiddleware.js → ternSecureProxy.js} +30 -7
  72. package/dist/esm/server/ternSecureProxy.js.map +1 -0
  73. package/dist/esm/server/utils.js +1 -1
  74. package/dist/esm/server/utils.js.map +1 -1
  75. package/dist/esm/utils/allNextProviderProps.js +17 -3
  76. package/dist/esm/utils/allNextProviderProps.js.map +1 -1
  77. package/dist/esm/utils/config.js +1 -0
  78. package/dist/esm/utils/config.js.map +1 -1
  79. package/dist/esm/utils/tern-ui-script.js +38 -0
  80. package/dist/esm/utils/tern-ui-script.js.map +1 -0
  81. package/dist/types/app-router/admin/actions.d.ts +23 -0
  82. package/dist/types/app-router/admin/actions.d.ts.map +1 -1
  83. package/dist/types/app-router/admin/cookieOptionsHelper.d.ts +2 -10
  84. package/dist/types/app-router/admin/cookieOptionsHelper.d.ts.map +1 -1
  85. package/dist/types/app-router/admin/endpointRouter.d.ts.map +1 -1
  86. package/dist/types/app-router/admin/request.d.ts.map +1 -1
  87. package/dist/types/app-router/admin/sessionHandlers.d.ts +4 -3
  88. package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
  89. package/dist/types/app-router/admin/signInCreateHandler.d.ts +11 -0
  90. package/dist/types/app-router/admin/signInCreateHandler.d.ts.map +1 -0
  91. package/dist/types/app-router/admin/types.d.ts +5 -3
  92. package/dist/types/app-router/admin/types.d.ts.map +1 -1
  93. package/dist/types/app-router/client/TernSecureProvider.d.ts.map +1 -1
  94. package/dist/types/app-router/server/auth.d.ts.map +1 -1
  95. package/dist/types/boundary/components.d.ts +1 -1
  96. package/dist/types/boundary/components.d.ts.map +1 -1
  97. package/dist/types/components/uiComponents.d.ts +6 -0
  98. package/dist/types/components/uiComponents.d.ts.map +1 -0
  99. package/dist/types/index.d.ts +3 -3
  100. package/dist/types/index.d.ts.map +1 -1
  101. package/dist/types/server/data/getAuthDataFromRequest.d.ts +6 -6
  102. package/dist/types/server/data/getAuthDataFromRequest.d.ts.map +1 -1
  103. package/dist/types/server/index.d.ts +1 -2
  104. package/dist/types/server/index.d.ts.map +1 -1
  105. package/dist/types/server/{ternSecureEdgeMiddleware.d.ts → ternSecureProxy.d.ts} +2 -2
  106. package/dist/types/server/ternSecureProxy.d.ts.map +1 -0
  107. package/dist/types/utils/allNextProviderProps.d.ts.map +1 -1
  108. package/dist/types/utils/config.d.ts.map +1 -1
  109. package/dist/types/utils/tern-ui-script.d.ts +8 -0
  110. package/dist/types/utils/tern-ui-script.d.ts.map +1 -0
  111. package/package.json +7 -9
  112. package/dist/cjs/app-router/server/TernSecureProviderNode.js +0 -92
  113. package/dist/cjs/app-router/server/TernSecureProviderNode.js.map +0 -1
  114. package/dist/cjs/app-router/server/auth_new.js.map +0 -1
  115. package/dist/cjs/server/ternSecureEdgeMiddleware.js.map +0 -1
  116. package/dist/cjs/utils/admin-init.js +0 -4
  117. package/dist/cjs/utils/admin-init.js.map +0 -1
  118. package/dist/cjs/utils/client-init.js +0 -4
  119. package/dist/cjs/utils/client-init.js.map +0 -1
  120. package/dist/esm/app-router/server/TernSecureProviderNode.js +0 -58
  121. package/dist/esm/app-router/server/TernSecureProviderNode.js.map +0 -1
  122. package/dist/esm/app-router/server/auth_new.js +0 -17
  123. package/dist/esm/app-router/server/auth_new.js.map +0 -1
  124. package/dist/esm/server/ternSecureEdgeMiddleware.js.map +0 -1
  125. package/dist/esm/utils/admin-init.js +0 -3
  126. package/dist/esm/utils/admin-init.js.map +0 -1
  127. package/dist/esm/utils/client-init.js +0 -3
  128. package/dist/esm/utils/client-init.js.map +0 -1
  129. package/dist/types/app-router/server/TernSecureProviderNode.d.ts +0 -4
  130. package/dist/types/app-router/server/TernSecureProviderNode.d.ts.map +0 -1
  131. package/dist/types/app-router/server/auth_new.d.ts +0 -14
  132. package/dist/types/app-router/server/auth_new.d.ts.map +0 -1
  133. package/dist/types/server/ternSecureEdgeMiddleware.d.ts.map +0 -1
  134. package/dist/types/utils/admin-init.d.ts +0 -2
  135. package/dist/types/utils/admin-init.d.ts.map +0 -1
  136. package/dist/types/utils/client-init.d.ts +0 -2
  137. package/dist/types/utils/client-init.d.ts.map +0 -1
package/dist/cjs/server/{ternSecureEdgeMiddleware.js → ternSecureProxy.js} RENAMED
@@ -16,12 +16,12 @@ var __copyProps = (to, from, except, desc) => {
16
16
  return to;
17
17
  };
18
18
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
- var ternSecureEdgeMiddleware_exports = {};
20
- __export(ternSecureEdgeMiddleware_exports, {
19
+ var ternSecureProxy_exports = {};
20
+ __export(ternSecureProxy_exports, {
21
21
  redirectAdapter: () => redirectAdapter,
22
- ternSecureMiddleware: () => ternSecureMiddleware
22
+ ternSecureProxy: () => ternSecureProxy
23
23
  });
24
- module.exports = __toCommonJS(ternSecureEdgeMiddleware_exports);
24
+ module.exports = __toCommonJS(ternSecureProxy_exports);
25
25
  var import_backend = require("@tern-secure/backend");
26
26
  var import_navigation = require("next/navigation");
27
27
  var import_server = require("next/server");
@@ -32,7 +32,7 @@ var import_nextErrors = require("./nextErrors");
32
32
  var import_protect = require("./protect");
33
33
  var import_ternsecureClient = require("./ternsecureClient");
34
34
  var import_utils = require("./utils");
35
- const ternSecureMiddleware = (...args) => {
35
+ const ternSecureProxy = (...args) => {
36
36
  const [request, event] = parseRequestAndEvent(args);
37
37
  const [handler, params] = parseHandlerAndOptions(args);
38
38
  const middleware = () => {
@@ -40,9 +40,11 @@ const ternSecureMiddleware = (...args) => {
40
40
  const resolvedParams = typeof params === "function" ? await params(request2) : params;
41
41
  const signInUrl = resolvedParams.signInUrl || import_constant.SIGN_IN_URL;
42
42
  const signUpUrl = resolvedParams.signUpUrl || import_constant.SIGN_UP_URL;
43
+ const apiKey = resolvedParams.apiKey || import_constant.FIREBASE_API_KEY;
43
44
  const options = {
44
45
  signInUrl,
45
46
  signUpUrl,
47
+ apiKey,
46
48
  ...resolvedParams
47
49
  };
48
50
  const reqBackendClient = await (0, import_ternsecureClient.ternSecureBackendClient)();
@@ -51,9 +53,18 @@ const ternSecureMiddleware = (...args) => {
51
53
  ternSecureRequest,
52
54
  options
53
55
  );
56
+ const locationHeader = requestStateClient.headers.get(import_backend.constants.Headers.Location);
57
+ if (locationHeader) {
58
+ return new Response(null, {
59
+ status: 307,
60
+ headers: requestStateClient.headers
61
+ });
62
+ } else if (requestStateClient.status === import_backend.AuthStatus.Handshake) {
63
+ throw new Error("TernSecure: handshake status without redirect is not supported.");
64
+ }
54
65
  const authObjectClient = requestStateClient.auth();
55
- const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);
56
- const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);
66
+ const redirectToSignIn = createProxyRedirectToSignIn(ternSecureRequest);
67
+ const redirectToSignUp = createProxyRedirectToSignUp(ternSecureRequest);
57
68
  const protect = await createMiddlewareProtect(
58
69
  ternSecureRequest,
59
70
  authObjectClient,
@@ -105,6 +116,18 @@ const parseHandlerAndOptions = (args) => {
105
116
  (args.length === 2 ? args[1] : typeof args[0] === "function" ? {} : args[0]) || {}
106
117
  ];
107
118
  };
119
+ const createProxyRedirectToSignIn = (ternSecureRequest) => {
120
+ return (opts = {}) => {
121
+ const url = ternSecureRequest.ternUrl.toString();
122
+ (0, import_nextErrors.redirectToSignInError)(url, opts.returnBackUrl);
123
+ };
124
+ };
125
+ const createProxyRedirectToSignUp = (ternSecureRequest) => {
126
+ return (opts = {}) => {
127
+ const url = ternSecureRequest.ternUrl.toString();
128
+ (0, import_nextErrors.redirectToSignUpError)(url, opts.returnBackUrl);
129
+ };
130
+ };
108
131
  const createMiddlewareRedirects = (ternSecureRequest) => {
109
132
  const redirectToSignIn = (opts = {}) => {
110
133
  const url = ternSecureRequest.ternUrl.toString();
@@ -166,6 +189,6 @@ const handleControlError = (error, ternSecureRequest, nextrequest, requestState)
166
189
  // Annotate the CommonJS export names for ESM import in node:
167
190
  0 && (module.exports = {
168
191
  redirectAdapter,
169
- ternSecureMiddleware
192
+ ternSecureProxy
170
193
  });
171
- //# sourceMappingURL=ternSecureEdgeMiddleware.js.map
194
+ //# sourceMappingURL=ternSecureProxy.js.map
package/dist/cjs/server/ternSecureProxy.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../src/server/ternSecureProxy.ts"],"sourcesContent":["import type {\r\n AuthenticateRequestOptions,\r\n AuthObject,\r\n RedirectFun,\r\n RequestState,\r\n TernSecureRequest,\r\n} from '@tern-secure/backend';\r\nimport { AuthStatus, constants, createRedirect, createTernSecureRequest } from '@tern-secure/backend';\r\nimport { notFound as nextjsNotFound } from 'next/navigation';\r\nimport type { NextMiddleware, NextRequest } from 'next/server';\r\nimport { NextResponse } from 'next/server';\r\n\r\nimport { isRedirect, setHeader } from '../utils/response';\r\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\r\nimport { FIREBASE_API_KEY, SIGN_IN_URL, SIGN_UP_URL } from './constant';\r\nimport {\r\n isNextjsNotFoundError,\r\n isNextjsRedirectError,\r\n isRedirectToSignInError,\r\n isRedirectToSignUpError,\r\n nextjsRedirectError,\r\n redirectToSignInError,\r\n redirectToSignUpError,\r\n} from './nextErrors';\r\nimport { type AuthProtect, createProtect } from './protect';\r\nimport { ternSecureBackendClient } from './ternsecureClient';\r\nimport type {\r\n NextMiddlewareEvtParam,\r\n NextMiddlewareRequestParam,\r\n NextMiddlewareReturn,\r\n} from './types';\r\nimport { decorateRequest } from './utils';\r\n\r\nexport type MiddlewareAuthObject = AuthObject & {\r\n redirectToSignIn: RedirectFun<Response>;\r\n redirectToSignUp: RedirectFun<Response>;\r\n};\r\n\r\nexport interface MiddlewareAuth {\r\n (): Promise<MiddlewareAuthObject>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\ntype MiddlewareHandler = (\r\n auth: MiddlewareAuth,\r\n request: NextMiddlewareRequestParam,\r\n event: NextMiddlewareEvtParam,\r\n) => NextMiddlewareReturn;\r\n\r\nexport interface MiddlewareOptions extends AuthenticateRequestOptions {\r\n debug?: boolean;\r\n}\r\ntype MiddlewareOptionsCallback = (\r\n req: NextRequest,\r\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\r\n\r\ninterface TernSecureMiddleware {\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware(options);\r\n */\r\n (options?: MiddlewareOptions): NextMiddleware;\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware;\r\n */\r\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\r\n}\r\n\r\nexport const ternSecureProxy = ((\r\n ...args: unknown[]\r\n): NextMiddleware | NextMiddlewareReturn => {\r\n const [request, event] = parseRequestAndEvent(args);\r\n const [handler, params] = parseHandlerAndOptions(args);\r\n\r\n const middleware = () => {\r\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\r\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\r\n\r\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\r\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\r\n const apiKey = resolvedParams.apiKey || FIREBASE_API_KEY;\r\n\r\n const options = {\r\n signInUrl,\r\n signUpUrl,\r\n apiKey,\r\n ...resolvedParams,\r\n };\r\n\r\n const reqBackendClient = await ternSecureBackendClient();\r\n\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n const requestStateClient = await reqBackendClient.authenticateRequest(\r\n ternSecureRequest,\r\n options,\r\n );\r\n\r\n const locationHeader = requestStateClient.headers.get(constants.Headers.Location);\r\n if (locationHeader) {\r\n return new Response(null, {\r\n status: 307,\r\n headers: requestStateClient.headers,\r\n });\r\n } else if (requestStateClient.status === AuthStatus.Handshake) {\r\n throw new Error('TernSecure: handshake status without redirect is not supported.');\r\n }\r\n\r\n const authObjectClient = requestStateClient.auth();\r\n\r\n const redirectToSignIn = createProxyRedirectToSignIn(ternSecureRequest);\r\n const redirectToSignUp = createProxyRedirectToSignUp(ternSecureRequest);\r\n const protect = await createMiddlewareProtect(\r\n ternSecureRequest,\r\n authObjectClient,\r\n redirectToSignIn,\r\n );\r\n\r\n const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\r\n redirectToSignIn,\r\n redirectToSignUp,\r\n });\r\n\r\n const authHandler = () => Promise.resolve(authObj);\r\n authHandler.protect = protect;\r\n\r\n let handlerResult: Response = NextResponse.next();\r\n\r\n try {\r\n const userHandlerResult = await handler?.(authHandler, request, event);\r\n handlerResult = userHandlerResult || handlerResult;\r\n } catch (error: any) {\r\n handlerResult = handleControlError(error, ternSecureRequest, request, requestStateClient);\r\n }\r\n\r\n if (requestStateClient.headers) {\r\n requestStateClient.headers.forEach((value, key) => {\r\n handlerResult.headers.append(key, value);\r\n });\r\n }\r\n\r\n if (isRedirect(handlerResult)) {\r\n return serverRedirectWithAuth(ternSecureRequest, handlerResult);\r\n }\r\n\r\n decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\r\n return handlerResult;\r\n };\r\n\r\n const nextMiddleware: NextMiddleware = async (request, event) => {\r\n return withAuthNextMiddleware(request, event);\r\n };\r\n\r\n if (request && event) {\r\n return nextMiddleware(request, event);\r\n }\r\n\r\n return nextMiddleware;\r\n };\r\n return middleware();\r\n}) as TernSecureMiddleware;\r\n\r\nconst parseRequestAndEvent = (args: unknown[]) => {\r\n return [\r\n args[0] instanceof Request ? args[0] : undefined,\r\n args[0] instanceof Request ? args[1] : undefined,\r\n ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\r\n};\r\n\r\nconst parseHandlerAndOptions = (args: unknown[]) => {\r\n return [\r\n typeof args[0] === 'function' ? args[0] : undefined,\r\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\r\n ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\r\n};\r\n\r\n\r\nconst createProxyRedirectToSignIn = (\r\n ternSecureRequest: TernSecureRequest,\r\n): MiddlewareAuthObject['redirectToSignIn'] => {\r\n return (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignInError(url, opts.returnBackUrl);\r\n };\r\n};\r\n\r\nconst createProxyRedirectToSignUp = (\r\n ternSecureRequest: TernSecureRequest,\r\n): MiddlewareAuthObject['redirectToSignUp'] => {\r\n return (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignUpError(url, opts.returnBackUrl);\r\n };\r\n};\r\n\r\n/**\r\n * Create middleware redirect functions\r\n * @deprecated\r\n */\r\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\r\n const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignInError(url, opts.returnBackUrl);\r\n };\r\n\r\n const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignUpError(url, opts.returnBackUrl);\r\n };\r\n\r\n return { redirectToSignIn, redirectToSignUp };\r\n};\r\n\r\nconst createMiddlewareProtect = (\r\n ternSecureRequest: TernSecureRequest,\r\n authObject: AuthObject,\r\n redirectToSignIn: RedirectFun<Response>,\r\n) => {\r\n return (async (params: any, options: any) => {\r\n const notFound = () => nextjsNotFound();\r\n\r\n const redirect = (url: string) =>\r\n nextjsRedirectError(url, {\r\n redirectUrl: url,\r\n });\r\n\r\n return createProtect({\r\n request: ternSecureRequest,\r\n redirect,\r\n notFound,\r\n authObject,\r\n redirectToSignIn,\r\n })(params, options);\r\n }) as unknown as Promise<AuthProtect>;\r\n};\r\n\r\nexport const redirectAdapter = (url: string | URL) => {\r\n return NextResponse.redirect(url, {\r\n headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\r\n });\r\n};\r\n\r\n/**\r\n * Handle control flow errors in middleware\r\n */\r\nconst handleControlError = (\r\n error: any,\r\n ternSecureRequest: TernSecureRequest,\r\n nextrequest: NextRequest,\r\n requestState: RequestState,\r\n): Response => {\r\n if (isNextjsNotFoundError(error)) {\r\n return setHeader(\r\n NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\r\n constants.Headers.AuthReason,\r\n 'protect-rewrite',\r\n );\r\n }\r\n\r\n const isRedirectToSignIn = isRedirectToSignInError(error);\r\n const isRedirectToSignUp = isRedirectToSignUpError(error);\r\n\r\n if (isRedirectToSignIn || isRedirectToSignUp) {\r\n const redirect = createRedirect({\r\n redirectAdapter,\r\n baseUrl: ternSecureRequest.ternUrl,\r\n signInUrl: requestState.signInUrl,\r\n signUpUrl: requestState.signUpUrl,\r\n });\r\n\r\n const { returnBackUrl } = error;\r\n\r\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\r\n returnBackUrl,\r\n });\r\n }\r\n\r\n if (isNextjsRedirectError(error)) {\r\n return redirectAdapter(error.redirectUrl);\r\n }\r\n\r\n throw error;\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,qBAA+E;AAC/E,wBAA2C;AAE3C,oBAA6B;AAE7B,sBAAsC;AACtC,gCAAuC;AACvC,sBAA2D;AAC3D,wBAQO;AACP,qBAAgD;AAChD,8BAAwC;AAMxC,mBAAgC;AAmDzB,MAAM,kBAAmB,IAC3B,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAE9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,SAAS,eAAe,UAAU;AAExC,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,mBAAmB,UAAM,iDAAwB;AAEvD,YAAM,wBAAoB,wCAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,iBAAiB,mBAAmB,QAAQ,IAAI,yBAAU,QAAQ,QAAQ;AAChF,UAAI,gBAAgB;AAClB,eAAO,IAAI,SAAS,MAAM;AAAA,UACxB,QAAQ;AAAA,UACR,SAAS,mBAAmB;AAAA,QAC9B,CAAC;AAAA,MACH,WAAW,mBAAmB,WAAW,0BAAW,WAAW;AAC7D,cAAM,IAAI,MAAM,iEAAiE;AAAA,MACnF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,mBAAmB,4BAA4B,iBAAiB;AACtE,YAAM,mBAAmB,4BAA4B,iBAAiB;AACtE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,2BAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,UAAS,kBAAkB;AAAA,MAC1F;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,cAAI,4BAAW,aAAa,GAAG;AAC7B,mBAAO,kDAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,wCAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAGA,MAAM,8BAA8B,CAClC,sBAC6C;AAC7C,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAEA,MAAM,8BAA8B,CAClC,sBAC6C;AAC7C,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAMA,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,UAAM,kBAAAC,UAAe;AAEtC,UAAM,WAAW,CAAC,YAChB,uCAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,eAAO,8BAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,2BAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,yBAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,aACA,iBACa;AACb,UAAI,yCAAsB,KAAK,GAAG;AAChC,eAAO;AAAA,MACL,2BAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,yBAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,yBAAqB,2CAAwB,KAAK;AACxD,QAAM,yBAAqB,2CAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,eAAW,+BAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW,aAAa;AAAA,MACxB,WAAW,aAAa;AAAA,IAC1B,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,UAAI,yCAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;","names":["request","event","nextjsNotFound"]}
package/dist/cjs/server/utils.js CHANGED
@@ -186,7 +186,7 @@ async function buildRequestLike() {
186
186
  throw e;
187
187
  }
188
188
  throw new Error(
189
- `Clerk: auth(), currentUser() and clerkClient(), are only supported in App Router (/app directory).
189
+ `TernSecure: auth(), currentUser() and ternSecureClient(), are only supported in App Router (/app directory).
190
190
  If you're using /pages, try getAuth() instead.
191
191
  Original error: ${e}`
192
192
  );
package/dist/cjs/server/utils.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import type {\r\n RequestState,\r\n TernSecureRequest,\r\n} from \"@tern-secure/backend\";\r\nimport { constants } from \"@tern-secure/backend\";\r\nimport { NextRequest,NextResponse } from 'next/server';\r\n\r\nimport { constants as nextConstants } from \"../constants\";\r\nimport type { User } from \"./types\"\r\n\r\nconst OVERRIDE_HEADERS = 'x-middleware-override-headers';\r\nconst MIDDLEWARE_HEADER_PREFIX = 'x-middleware-request' as string;\r\n\r\ninterface RequestContext {\r\n user: User\r\n sessionId: string\r\n}\r\n\r\n// Use process.env in Node.js and globalThis in Edge\r\nconst getGlobalObject = () => {\r\n if (typeof process !== 'undefined') {\r\n return process\r\n }\r\n return globalThis\r\n}\r\n\r\nconst STORE_KEY = '__TERN_AUTH_STORE__'\r\n\r\nexport class Store {\r\n private static getStore() {\r\n const global = getGlobalObject() as any\r\n \r\n if (!global[STORE_KEY]) {\r\n global[STORE_KEY] = {\r\n contexts: new Map<string, RequestContext>(),\r\n sessions: new Map<string, User>(),\r\n currentSession: null as RequestContext | null\r\n }\r\n }\r\n \r\n return global[STORE_KEY]\r\n }\r\n\r\n static setContext(context: RequestContext) {\r\n const store = this.getStore()\r\n const { user, sessionId } = context\r\n \r\n console.log(\"Store: Setting context:\", { sessionId, user })\r\n \r\n // Store in both maps\r\n store.contexts.set(sessionId, context)\r\n store.sessions.set(sessionId, user)\r\n \r\n // Set as current session\r\n store.currentSession = context\r\n \r\n console.log(\"Store: Updated state:\", {\r\n contextsSize: store.contexts.size,\r\n sessionsSize: store.sessions.size,\r\n currentSession: store.currentSession\r\n })\r\n }\r\n\r\n static getContext(): RequestContext | null {\r\n const store = this.getStore()\r\n \r\n // First try current session\r\n if (store.currentSession) {\r\n const session = this.getSession(store.currentSession.sessionId)\r\n if (session && session.uid === store.currentSession.user.uid) {\r\n return store.currentSession\r\n }\r\n }\r\n \r\n // Then try to find any valid context\r\n for (const [sessionId, user] of store.sessions.entries()) {\r\n const context = store.contexts.get(sessionId)\r\n if (context && context.user.uid === user.uid) {\r\n // Update current session\r\n store.currentSession = context\r\n return context\r\n }\r\n }\r\n \r\n return null\r\n }\r\n\r\n static setSession(sessionId: string, user: User) {\r\n const store = this.getStore()\r\n store.sessions.set(sessionId, user)\r\n }\r\n\r\n static getSession(sessionId: string): User | null {\r\n const store = this.getStore()\r\n return store.sessions.get(sessionId) || null\r\n }\r\n\r\n static debug() {\r\n const store = this.getStore()\r\n return {\r\n contextsSize: store.contexts.size,\r\n sessionsSize: store.sessions.size,\r\n currentSession: store.currentSession,\r\n contexts: Array.from(store.contexts.entries()),\r\n sessions: Array.from(store.sessions.entries())\r\n }\r\n }\r\n\r\n static cleanup() {\r\n const store = this.getStore()\r\n const MAX_ENTRIES = 1000\r\n \r\n if (store.contexts.size > MAX_ENTRIES) {\r\n const keys = Array.from(store.contexts.keys())\r\n const toDelete = keys.slice(0, keys.length - MAX_ENTRIES)\r\n \r\n toDelete.forEach(key => {\r\n store.contexts.delete(key)\r\n store.sessions.delete(key)\r\n })\r\n }\r\n }\r\n}\r\n\r\n\r\nexport const setRequestHeadersOnNextResponse = (\r\n res: NextResponse | Response,\r\n req: Request,\r\n newHeaders: Record<string, string>,\r\n) => {\r\n if (!res.headers.get(OVERRIDE_HEADERS)) {\r\n // Emulate a user setting overrides by explicitly adding the required nextjs headers\r\n // https://github.com/vercel/next.js/pull/41380\r\n // @ts-expect-error -- property keys does not exist on type Headers\r\n res.headers.set(OVERRIDE_HEADERS, [...req.headers.keys()]);\r\n req.headers.forEach((val, key) => {\r\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\r\n });\r\n }\r\n\r\n // Now that we have normalised res to include overrides, just append the new header\r\n Object.entries(newHeaders).forEach(([key, val]) => {\r\n res.headers.set(OVERRIDE_HEADERS, `${res.headers.get(OVERRIDE_HEADERS)},${key}`);\r\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\r\n });\r\n};\r\n\r\nexport function decorateRequest(\r\n req: TernSecureRequest,\r\n res: Response,\r\n requestState: RequestState,\r\n): Response {\r\n const { reason, token, status } = requestState;\r\n // pass-through case, convert to next()\r\n if (!res) {\r\n res = NextResponse.next();\r\n }\r\n\r\n // redirect() case, return early\r\n if (res.headers.get(nextConstants.Headers.NextRedirect)) {\r\n return res;\r\n }\r\n\r\n let rewriteURL;\r\n\r\n // next() case, convert to a rewrite\r\n if (res.headers.get(nextConstants.Headers.NextResume) === '1') {\r\n res.headers.delete(nextConstants.Headers.NextResume);\r\n rewriteURL = new URL(req.url);\r\n }\r\n\r\n // rewrite() case, set auth result only if origin remains the same\r\n const rewriteURLHeader = res.headers.get(nextConstants.Headers.NextRewrite);\r\n\r\n if (rewriteURLHeader) {\r\n const reqURL = new URL(req.url);\r\n rewriteURL = new URL(rewriteURLHeader);\r\n\r\n // if the origin has changed, return early\r\n if (rewriteURL.origin !== reqURL.origin) {\r\n return res;\r\n }\r\n }\r\n\r\n if (rewriteURL) {\r\n setRequestHeadersOnNextResponse(res, req, {\r\n [constants.Headers.AuthStatus]: status,\r\n [constants.Headers.AuthToken]: token || '',\r\n [constants.Headers.AuthReason]: reason || '',\r\n [constants.Headers.TernSecureUrl]: req.ternUrl.toString(),\r\n });\r\n res.headers.set(nextConstants.Headers.NextRewrite, rewriteURL.href);\r\n }\r\n\r\n return res;\r\n}\r\n\r\n\r\nexport const isPrerenderingBailout = (e: unknown) => {\r\n if (!(e instanceof Error) || !('message' in e)) {\r\n return false;\r\n }\r\n\r\n const { message } = e;\r\n\r\n const lowerCaseInput = message.toLowerCase();\r\n const dynamicServerUsage = lowerCaseInput.includes('dynamic server usage');\r\n const bailOutPrerendering = lowerCaseInput.includes('this page needs to bail out of prerendering');\r\n\r\n // note: new error message syntax introduced in next@14.1.1-canary.21\r\n // but we still want to support older versions.\r\n // https://github.com/vercel/next.js/pull/61332 (dynamic-rendering.ts:153)\r\n const routeRegex = /Route .*? needs to bail out of prerendering at this point because it used .*?./;\r\n\r\n return routeRegex.test(message) || dynamicServerUsage || bailOutPrerendering;\r\n};\r\n\r\nexport async function buildRequestLike(): Promise<NextRequest> {\r\n try {\r\n // Dynamically import next/headers, otherwise Next12 apps will break\r\n // @ts-expect-error: Cannot find module 'next/headers' or its corresponding type declarations.ts(2307)\r\n const { headers } = await import('next/headers');\r\n const resolvedHeaders = await headers();\r\n return new NextRequest('https://placeholder.com', { headers: resolvedHeaders });\r\n } catch (e: any) {\r\n // rethrow the error when react throws a prerendering bailout\r\n // https://nextjs.org/docs/messages/ppr-caught-error\r\n if (e && isPrerenderingBailout(e)) {\r\n throw e;\r\n }\r\n\r\n throw new Error(\r\n `Clerk: auth(), currentUser() and clerkClient(), are only supported in App Router (/app directory).\\nIf you're using /pages, try getAuth() instead.\\nOriginal error: ${e}`,\r\n );\r\n }\r\n}\r\n\r\n// Original source: https://github.com/vercel/next.js/blob/canary/packages/next/src/server/app-render/get-script-nonce-from-header.tsx\r\nexport function getScriptNonceFromHeader(cspHeaderValue: string): string | undefined {\r\n const directives = cspHeaderValue\r\n // Directives are split by ';'.\r\n .split(';')\r\n .map(directive => directive.trim());\r\n\r\n // First try to find the directive for the 'script-src', otherwise try to\r\n // fallback to the 'default-src'.\r\n const directive =\r\n directives.find(dir => dir.startsWith('script-src')) || directives.find(dir => dir.startsWith('default-src'));\r\n\r\n // If no directive could be found, then we're done.\r\n if (!directive) {\r\n return;\r\n }\r\n\r\n // Extract the nonce from the directive\r\n const nonce = directive\r\n .split(' ')\r\n // Remove the 'strict-src'/'default-src' string, this can't be the nonce.\r\n .slice(1)\r\n .map(source => source.trim())\r\n // Find the first source with the 'nonce-' prefix.\r\n .find(source => source.startsWith(\"'nonce-\") && source.length > 8 && source.endsWith(\"'\"))\r\n // Grab the nonce by trimming the 'nonce-' prefix.\r\n ?.slice(7, -1);\r\n\r\n // If we couldn't find the nonce, then we're done.\r\n if (!nonce) {\r\n return;\r\n }\r\n\r\n // Don't accept the nonce value if it contains HTML escape characters.\r\n // Technically, the spec requires a base64'd value, but this is just an\r\n // extra layer.\r\n if (/[&><\\u2028\\u2029]/g.test(nonce)) {\r\n throw new Error(\r\n 'Nonce value from Content-Security-Policy contained invalid HTML escape characters, which is disallowed for security reasons. Make sure that your nonce value does not contain the following characters: `<`, `>`, `&`',\r\n );\r\n }\r\n\r\n return nonce;\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,qBAA0B;AAC1B,oBAAyC;AAEzC,uBAA2C;AAG3C,MAAM,mBAAmB;AACzB,MAAM,2BAA2B;AAQjC,MAAM,kBAAkB,MAAM;AAC5B,MAAI,OAAO,YAAY,aAAa;AAClC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,MAAM,YAAY;AAEX,MAAM,MAAM;AAAA,EACjB,OAAe,WAAW;AACxB,UAAM,SAAS,gBAAgB;AAE/B,QAAI,CAAC,OAAO,SAAS,GAAG;AACtB,aAAO,SAAS,IAAI;AAAA,QAClB,UAAU,oBAAI,IAA4B;AAAA,QAC1C,UAAU,oBAAI,IAAkB;AAAA,QAChC,gBAAgB;AAAA,MAClB;AAAA,IACF;AAEA,WAAO,OAAO,SAAS;AAAA,EACzB;AAAA,EAEA,OAAO,WAAW,SAAyB;AACzC,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,EAAE,MAAM,UAAU,IAAI;AAE5B,YAAQ,IAAI,2BAA2B,EAAE,WAAW,KAAK,CAAC;AAG1D,UAAM,SAAS,IAAI,WAAW,OAAO;AACrC,UAAM,SAAS,IAAI,WAAW,IAAI;AAGlC,UAAM,iBAAiB;AAEvB,YAAQ,IAAI,yBAAyB;AAAA,MACnC,cAAc,MAAM,SAAS;AAAA,MAC7B,cAAc,MAAM,SAAS;AAAA,MAC7B,gBAAgB,MAAM;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,aAAoC;AACzC,UAAM,QAAQ,KAAK,SAAS;AAG5B,QAAI,MAAM,gBAAgB;AACxB,YAAM,UAAU,KAAK,WAAW,MAAM,eAAe,SAAS;AAC9D,UAAI,WAAW,QAAQ,QAAQ,MAAM,eAAe,KAAK,KAAK;AAC5D,eAAO,MAAM;AAAA,MACf;AAAA,IACF;AAGA,eAAW,CAAC,WAAW,IAAI,KAAK,MAAM,SAAS,QAAQ,GAAG;AACxD,YAAM,UAAU,MAAM,SAAS,IAAI,SAAS;AAC5C,UAAI,WAAW,QAAQ,KAAK,QAAQ,KAAK,KAAK;AAE5C,cAAM,iBAAiB;AACvB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,OAAO,WAAW,WAAmB,MAAY;AAC/C,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,SAAS,IAAI,WAAW,IAAI;AAAA,EACpC;AAAA,EAEA,OAAO,WAAW,WAAgC;AAChD,UAAM,QAAQ,KAAK,SAAS;AAC5B,WAAO,MAAM,SAAS,IAAI,SAAS,KAAK;AAAA,EAC1C;AAAA,EAEA,OAAO,QAAQ;AACb,UAAM,QAAQ,KAAK,SAAS;AAC5B,WAAO;AAAA,MACL,cAAc,MAAM,SAAS;AAAA,MAC7B,cAAc,MAAM,SAAS;AAAA,MAC7B,gBAAgB,MAAM;AAAA,MACtB,UAAU,MAAM,KAAK,MAAM,SAAS,QAAQ,CAAC;AAAA,MAC7C,UAAU,MAAM,KAAK,MAAM,SAAS,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF;AAAA,EAEA,OAAO,UAAU;AACf,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,cAAc;AAEpB,QAAI,MAAM,SAAS,OAAO,aAAa;AACrC,YAAM,OAAO,MAAM,KAAK,MAAM,SAAS,KAAK,CAAC;AAC7C,YAAM,WAAW,KAAK,MAAM,GAAG,KAAK,SAAS,WAAW;AAExD,eAAS,QAAQ,SAAO;AACtB,cAAM,SAAS,OAAO,GAAG;AACzB,cAAM,SAAS,OAAO,GAAG;AAAA,MAC3B,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAGO,MAAM,kCAAkC,CAC7C,KACA,KACA,eACG;AACH,MAAI,CAAC,IAAI,QAAQ,IAAI,gBAAgB,GAAG;AAItC,QAAI,QAAQ,IAAI,kBAAkB,CAAC,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAC;AACzD,QAAI,QAAQ,QAAQ,CAAC,KAAK,QAAQ;AAChC,UAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,IAC3D,CAAC;AAAA,EACH;AAGA,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,GAAG,MAAM;AACjD,QAAI,QAAQ,IAAI,kBAAkB,GAAG,IAAI,QAAQ,IAAI,gBAAgB,CAAC,IAAI,GAAG,EAAE;AAC/E,QAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,EAC3D,CAAC;AACH;AAEO,SAAS,gBACd,KACA,KACA,cACU;AACV,QAAM,EAAE,QAAQ,OAAO,OAAO,IAAI;AAElC,MAAI,CAAC,KAAK;AACR,UAAM,2BAAa,KAAK;AAAA,EAC1B;AAGA,MAAI,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,YAAY,GAAG;AACvD,WAAO;AAAA,EACT;AAEA,MAAI;AAGJ,MAAI,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,UAAU,MAAM,KAAK;AAC7D,QAAI,QAAQ,OAAO,iBAAAA,UAAc,QAAQ,UAAU;AACnD,iBAAa,IAAI,IAAI,IAAI,GAAG;AAAA,EAC9B;AAGA,QAAM,mBAAmB,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,WAAW;AAE1E,MAAI,kBAAkB;AACpB,UAAM,SAAS,IAAI,IAAI,IAAI,GAAG;AAC9B,iBAAa,IAAI,IAAI,gBAAgB;AAGrC,QAAI,WAAW,WAAW,OAAO,QAAQ;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,YAAY;AACd,oCAAgC,KAAK,KAAK;AAAA,MACxC,CAAC,yBAAU,QAAQ,UAAU,GAAG;AAAA,MAChC,CAAC,yBAAU,QAAQ,SAAS,GAAG,SAAS;AAAA,MACxC,CAAC,yBAAU,QAAQ,UAAU,GAAG,UAAU;AAAA,MAC1C,CAAC,yBAAU,QAAQ,aAAa,GAAG,IAAI,QAAQ,SAAS;AAAA,IAC1D,CAAC;AACD,QAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,aAAa,WAAW,IAAI;AAAA,EACpE;AAEA,SAAO;AACT;AAGO,MAAM,wBAAwB,CAAC,MAAe;AACnD,MAAI,EAAE,aAAa,UAAU,EAAE,aAAa,IAAI;AAC9C,WAAO;AAAA,EACT;AAEA,QAAM,EAAE,QAAQ,IAAI;AAEpB,QAAM,iBAAiB,QAAQ,YAAY;AAC3C,QAAM,qBAAqB,eAAe,SAAS,sBAAsB;AACzE,QAAM,sBAAsB,eAAe,SAAS,6CAA6C;AAKjG,QAAM,aAAa;AAEnB,SAAO,WAAW,KAAK,OAAO,KAAK,sBAAsB;AAC3D;AAEA,eAAsB,mBAAyC;AAC7D,MAAI;AAGF,UAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,cAAc;AAC/C,UAAM,kBAAkB,MAAM,QAAQ;AACtC,WAAO,IAAI,0BAAY,2BAA2B,EAAE,SAAS,gBAAgB,CAAC;AAAA,EAChF,SAAS,GAAQ;AAGf,QAAI,KAAK,sBAAsB,CAAC,GAAG;AACjC,YAAM;AAAA,IACR;AAEA,UAAM,IAAI;AAAA,MACR;AAAA;AAAA,kBAAuK,CAAC;AAAA,IAC1K;AAAA,EACF;AACF;AAGO,SAAS,yBAAyB,gBAA4C;AACnF,QAAM,aAAa,eAEhB,MAAM,GAAG,EACT,IAAI,CAAAC,eAAaA,WAAU,KAAK,CAAC;AAIpC,QAAM,YACJ,WAAW,KAAK,SAAO,IAAI,WAAW,YAAY,CAAC,KAAK,WAAW,KAAK,SAAO,IAAI,WAAW,aAAa,CAAC;AAG9G,MAAI,CAAC,WAAW;AACd;AAAA,EACF;AAGA,QAAM,QAAQ,UACX,MAAM,GAAG,EAET,MAAM,CAAC,EACP,IAAI,YAAU,OAAO,KAAK,CAAC,EAE3B,KAAK,YAAU,OAAO,WAAW,SAAS,KAAK,OAAO,SAAS,KAAK,OAAO,SAAS,GAAG,CAAC,GAEvF,MAAM,GAAG,EAAE;AAGf,MAAI,CAAC,OAAO;AACV;AAAA,EACF;AAKA,MAAI,qBAAqB,KAAK,KAAK,GAAG;AACpC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;","names":["nextConstants","directive"]}
1
+ {"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import type {\r\n RequestState,\r\n TernSecureRequest,\r\n} from \"@tern-secure/backend\";\r\nimport { constants } from \"@tern-secure/backend\";\r\nimport { NextRequest,NextResponse } from 'next/server';\r\n\r\nimport { constants as nextConstants } from \"../constants\";\r\nimport type { User } from \"./types\"\r\n\r\nconst OVERRIDE_HEADERS = 'x-middleware-override-headers';\r\nconst MIDDLEWARE_HEADER_PREFIX = 'x-middleware-request' as string;\r\n\r\ninterface RequestContext {\r\n user: User\r\n sessionId: string\r\n}\r\n\r\n// Use process.env in Node.js and globalThis in Edge\r\nconst getGlobalObject = () => {\r\n if (typeof process !== 'undefined') {\r\n return process\r\n }\r\n return globalThis\r\n}\r\n\r\nconst STORE_KEY = '__TERN_AUTH_STORE__'\r\n\r\nexport class Store {\r\n private static getStore() {\r\n const global = getGlobalObject() as any\r\n \r\n if (!global[STORE_KEY]) {\r\n global[STORE_KEY] = {\r\n contexts: new Map<string, RequestContext>(),\r\n sessions: new Map<string, User>(),\r\n currentSession: null as RequestContext | null\r\n }\r\n }\r\n \r\n return global[STORE_KEY]\r\n }\r\n\r\n static setContext(context: RequestContext) {\r\n const store = this.getStore()\r\n const { user, sessionId } = context\r\n \r\n console.log(\"Store: Setting context:\", { sessionId, user })\r\n \r\n // Store in both maps\r\n store.contexts.set(sessionId, context)\r\n store.sessions.set(sessionId, user)\r\n \r\n // Set as current session\r\n store.currentSession = context\r\n \r\n console.log(\"Store: Updated state:\", {\r\n contextsSize: store.contexts.size,\r\n sessionsSize: store.sessions.size,\r\n currentSession: store.currentSession\r\n })\r\n }\r\n\r\n static getContext(): RequestContext | null {\r\n const store = this.getStore()\r\n \r\n // First try current session\r\n if (store.currentSession) {\r\n const session = this.getSession(store.currentSession.sessionId)\r\n if (session && session.uid === store.currentSession.user.uid) {\r\n return store.currentSession\r\n }\r\n }\r\n \r\n // Then try to find any valid context\r\n for (const [sessionId, user] of store.sessions.entries()) {\r\n const context = store.contexts.get(sessionId)\r\n if (context && context.user.uid === user.uid) {\r\n // Update current session\r\n store.currentSession = context\r\n return context\r\n }\r\n }\r\n \r\n return null\r\n }\r\n\r\n static setSession(sessionId: string, user: User) {\r\n const store = this.getStore()\r\n store.sessions.set(sessionId, user)\r\n }\r\n\r\n static getSession(sessionId: string): User | null {\r\n const store = this.getStore()\r\n return store.sessions.get(sessionId) || null\r\n }\r\n\r\n static debug() {\r\n const store = this.getStore()\r\n return {\r\n contextsSize: store.contexts.size,\r\n sessionsSize: store.sessions.size,\r\n currentSession: store.currentSession,\r\n contexts: Array.from(store.contexts.entries()),\r\n sessions: Array.from(store.sessions.entries())\r\n }\r\n }\r\n\r\n static cleanup() {\r\n const store = this.getStore()\r\n const MAX_ENTRIES = 1000\r\n \r\n if (store.contexts.size > MAX_ENTRIES) {\r\n const keys = Array.from(store.contexts.keys())\r\n const toDelete = keys.slice(0, keys.length - MAX_ENTRIES)\r\n \r\n toDelete.forEach(key => {\r\n store.contexts.delete(key)\r\n store.sessions.delete(key)\r\n })\r\n }\r\n }\r\n}\r\n\r\n\r\nexport const setRequestHeadersOnNextResponse = (\r\n res: NextResponse | Response,\r\n req: Request,\r\n newHeaders: Record<string, string>,\r\n) => {\r\n if (!res.headers.get(OVERRIDE_HEADERS)) {\r\n // Emulate a user setting overrides by explicitly adding the required nextjs headers\r\n // https://github.com/vercel/next.js/pull/41380\r\n // @ts-expect-error -- property keys does not exist on type Headers\r\n res.headers.set(OVERRIDE_HEADERS, [...req.headers.keys()]);\r\n req.headers.forEach((val, key) => {\r\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\r\n });\r\n }\r\n\r\n // Now that we have normalised res to include overrides, just append the new header\r\n Object.entries(newHeaders).forEach(([key, val]) => {\r\n res.headers.set(OVERRIDE_HEADERS, `${res.headers.get(OVERRIDE_HEADERS)},${key}`);\r\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\r\n });\r\n};\r\n\r\nexport function decorateRequest(\r\n req: TernSecureRequest,\r\n res: Response,\r\n requestState: RequestState,\r\n): Response {\r\n const { reason, token, status } = requestState;\r\n // pass-through case, convert to next()\r\n if (!res) {\r\n res = NextResponse.next();\r\n }\r\n\r\n // redirect() case, return early\r\n if (res.headers.get(nextConstants.Headers.NextRedirect)) {\r\n return res;\r\n }\r\n\r\n let rewriteURL;\r\n\r\n // next() case, convert to a rewrite\r\n if (res.headers.get(nextConstants.Headers.NextResume) === '1') {\r\n res.headers.delete(nextConstants.Headers.NextResume);\r\n rewriteURL = new URL(req.url);\r\n }\r\n\r\n // rewrite() case, set auth result only if origin remains the same\r\n const rewriteURLHeader = res.headers.get(nextConstants.Headers.NextRewrite);\r\n\r\n if (rewriteURLHeader) {\r\n const reqURL = new URL(req.url);\r\n rewriteURL = new URL(rewriteURLHeader);\r\n\r\n // if the origin has changed, return early\r\n if (rewriteURL.origin !== reqURL.origin) {\r\n return res;\r\n }\r\n }\r\n\r\n if (rewriteURL) {\r\n setRequestHeadersOnNextResponse(res, req, {\r\n [constants.Headers.AuthStatus]: status,\r\n [constants.Headers.AuthToken]: token || '',\r\n [constants.Headers.AuthReason]: reason || '',\r\n [constants.Headers.TernSecureUrl]: req.ternUrl.toString(),\r\n });\r\n res.headers.set(nextConstants.Headers.NextRewrite, rewriteURL.href);\r\n }\r\n\r\n return res;\r\n}\r\n\r\n\r\nexport const isPrerenderingBailout = (e: unknown) => {\r\n if (!(e instanceof Error) || !('message' in e)) {\r\n return false;\r\n }\r\n\r\n const { message } = e;\r\n\r\n const lowerCaseInput = message.toLowerCase();\r\n const dynamicServerUsage = lowerCaseInput.includes('dynamic server usage');\r\n const bailOutPrerendering = lowerCaseInput.includes('this page needs to bail out of prerendering');\r\n\r\n // note: new error message syntax introduced in next@14.1.1-canary.21\r\n // but we still want to support older versions.\r\n // https://github.com/vercel/next.js/pull/61332 (dynamic-rendering.ts:153)\r\n const routeRegex = /Route .*? needs to bail out of prerendering at this point because it used .*?./;\r\n\r\n return routeRegex.test(message) || dynamicServerUsage || bailOutPrerendering;\r\n};\r\n\r\nexport async function buildRequestLike(): Promise<NextRequest> {\r\n try {\r\n // Dynamically import next/headers, otherwise Next12 apps will break\r\n // @ts-expect-error: Cannot find module 'next/headers' or its corresponding type declarations.ts(2307)\r\n const { headers } = await import('next/headers');\r\n const resolvedHeaders = await headers();\r\n return new NextRequest('https://placeholder.com', { headers: resolvedHeaders });\r\n } catch (e: any) {\r\n // rethrow the error when react throws a prerendering bailout\r\n // https://nextjs.org/docs/messages/ppr-caught-error\r\n if (e && isPrerenderingBailout(e)) {\r\n throw e;\r\n }\r\n\r\n throw new Error(\r\n `TernSecure: auth(), currentUser() and ternSecureClient(), are only supported in App Router (/app directory).\\nIf you're using /pages, try getAuth() instead.\\nOriginal error: ${e}`,\r\n );\r\n }\r\n}\r\n\r\n// Original source: https://github.com/vercel/next.js/blob/canary/packages/next/src/server/app-render/get-script-nonce-from-header.tsx\r\nexport function getScriptNonceFromHeader(cspHeaderValue: string): string | undefined {\r\n const directives = cspHeaderValue\r\n // Directives are split by ';'.\r\n .split(';')\r\n .map(directive => directive.trim());\r\n\r\n // First try to find the directive for the 'script-src', otherwise try to\r\n // fallback to the 'default-src'.\r\n const directive =\r\n directives.find(dir => dir.startsWith('script-src')) || directives.find(dir => dir.startsWith('default-src'));\r\n\r\n // If no directive could be found, then we're done.\r\n if (!directive) {\r\n return;\r\n }\r\n\r\n // Extract the nonce from the directive\r\n const nonce = directive\r\n .split(' ')\r\n // Remove the 'strict-src'/'default-src' string, this can't be the nonce.\r\n .slice(1)\r\n .map(source => source.trim())\r\n // Find the first source with the 'nonce-' prefix.\r\n .find(source => source.startsWith(\"'nonce-\") && source.length > 8 && source.endsWith(\"'\"))\r\n // Grab the nonce by trimming the 'nonce-' prefix.\r\n ?.slice(7, -1);\r\n\r\n // If we couldn't find the nonce, then we're done.\r\n if (!nonce) {\r\n return;\r\n }\r\n\r\n // Don't accept the nonce value if it contains HTML escape characters.\r\n // Technically, the spec requires a base64'd value, but this is just an\r\n // extra layer.\r\n if (/[&><\\u2028\\u2029]/g.test(nonce)) {\r\n throw new Error(\r\n 'Nonce value from Content-Security-Policy contained invalid HTML escape characters, which is disallowed for security reasons. Make sure that your nonce value does not contain the following characters: `<`, `>`, `&`',\r\n );\r\n }\r\n\r\n return nonce;\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,qBAA0B;AAC1B,oBAAyC;AAEzC,uBAA2C;AAG3C,MAAM,mBAAmB;AACzB,MAAM,2BAA2B;AAQjC,MAAM,kBAAkB,MAAM;AAC5B,MAAI,OAAO,YAAY,aAAa;AAClC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,MAAM,YAAY;AAEX,MAAM,MAAM;AAAA,EACjB,OAAe,WAAW;AACxB,UAAM,SAAS,gBAAgB;AAE/B,QAAI,CAAC,OAAO,SAAS,GAAG;AACtB,aAAO,SAAS,IAAI;AAAA,QAClB,UAAU,oBAAI,IAA4B;AAAA,QAC1C,UAAU,oBAAI,IAAkB;AAAA,QAChC,gBAAgB;AAAA,MAClB;AAAA,IACF;AAEA,WAAO,OAAO,SAAS;AAAA,EACzB;AAAA,EAEA,OAAO,WAAW,SAAyB;AACzC,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,EAAE,MAAM,UAAU,IAAI;AAE5B,YAAQ,IAAI,2BAA2B,EAAE,WAAW,KAAK,CAAC;AAG1D,UAAM,SAAS,IAAI,WAAW,OAAO;AACrC,UAAM,SAAS,IAAI,WAAW,IAAI;AAGlC,UAAM,iBAAiB;AAEvB,YAAQ,IAAI,yBAAyB;AAAA,MACnC,cAAc,MAAM,SAAS;AAAA,MAC7B,cAAc,MAAM,SAAS;AAAA,MAC7B,gBAAgB,MAAM;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,aAAoC;AACzC,UAAM,QAAQ,KAAK,SAAS;AAG5B,QAAI,MAAM,gBAAgB;AACxB,YAAM,UAAU,KAAK,WAAW,MAAM,eAAe,SAAS;AAC9D,UAAI,WAAW,QAAQ,QAAQ,MAAM,eAAe,KAAK,KAAK;AAC5D,eAAO,MAAM;AAAA,MACf;AAAA,IACF;AAGA,eAAW,CAAC,WAAW,IAAI,KAAK,MAAM,SAAS,QAAQ,GAAG;AACxD,YAAM,UAAU,MAAM,SAAS,IAAI,SAAS;AAC5C,UAAI,WAAW,QAAQ,KAAK,QAAQ,KAAK,KAAK;AAE5C,cAAM,iBAAiB;AACvB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,OAAO,WAAW,WAAmB,MAAY;AAC/C,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,SAAS,IAAI,WAAW,IAAI;AAAA,EACpC;AAAA,EAEA,OAAO,WAAW,WAAgC;AAChD,UAAM,QAAQ,KAAK,SAAS;AAC5B,WAAO,MAAM,SAAS,IAAI,SAAS,KAAK;AAAA,EAC1C;AAAA,EAEA,OAAO,QAAQ;AACb,UAAM,QAAQ,KAAK,SAAS;AAC5B,WAAO;AAAA,MACL,cAAc,MAAM,SAAS;AAAA,MAC7B,cAAc,MAAM,SAAS;AAAA,MAC7B,gBAAgB,MAAM;AAAA,MACtB,UAAU,MAAM,KAAK,MAAM,SAAS,QAAQ,CAAC;AAAA,MAC7C,UAAU,MAAM,KAAK,MAAM,SAAS,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF;AAAA,EAEA,OAAO,UAAU;AACf,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,cAAc;AAEpB,QAAI,MAAM,SAAS,OAAO,aAAa;AACrC,YAAM,OAAO,MAAM,KAAK,MAAM,SAAS,KAAK,CAAC;AAC7C,YAAM,WAAW,KAAK,MAAM,GAAG,KAAK,SAAS,WAAW;AAExD,eAAS,QAAQ,SAAO;AACtB,cAAM,SAAS,OAAO,GAAG;AACzB,cAAM,SAAS,OAAO,GAAG;AAAA,MAC3B,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAGO,MAAM,kCAAkC,CAC7C,KACA,KACA,eACG;AACH,MAAI,CAAC,IAAI,QAAQ,IAAI,gBAAgB,GAAG;AAItC,QAAI,QAAQ,IAAI,kBAAkB,CAAC,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAC;AACzD,QAAI,QAAQ,QAAQ,CAAC,KAAK,QAAQ;AAChC,UAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,IAC3D,CAAC;AAAA,EACH;AAGA,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,GAAG,MAAM;AACjD,QAAI,QAAQ,IAAI,kBAAkB,GAAG,IAAI,QAAQ,IAAI,gBAAgB,CAAC,IAAI,GAAG,EAAE;AAC/E,QAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,EAC3D,CAAC;AACH;AAEO,SAAS,gBACd,KACA,KACA,cACU;AACV,QAAM,EAAE,QAAQ,OAAO,OAAO,IAAI;AAElC,MAAI,CAAC,KAAK;AACR,UAAM,2BAAa,KAAK;AAAA,EAC1B;AAGA,MAAI,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,YAAY,GAAG;AACvD,WAAO;AAAA,EACT;AAEA,MAAI;AAGJ,MAAI,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,UAAU,MAAM,KAAK;AAC7D,QAAI,QAAQ,OAAO,iBAAAA,UAAc,QAAQ,UAAU;AACnD,iBAAa,IAAI,IAAI,IAAI,GAAG;AAAA,EAC9B;AAGA,QAAM,mBAAmB,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,WAAW;AAE1E,MAAI,kBAAkB;AACpB,UAAM,SAAS,IAAI,IAAI,IAAI,GAAG;AAC9B,iBAAa,IAAI,IAAI,gBAAgB;AAGrC,QAAI,WAAW,WAAW,OAAO,QAAQ;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,YAAY;AACd,oCAAgC,KAAK,KAAK;AAAA,MACxC,CAAC,yBAAU,QAAQ,UAAU,GAAG;AAAA,MAChC,CAAC,yBAAU,QAAQ,SAAS,GAAG,SAAS;AAAA,MACxC,CAAC,yBAAU,QAAQ,UAAU,GAAG,UAAU;AAAA,MAC1C,CAAC,yBAAU,QAAQ,aAAa,GAAG,IAAI,QAAQ,SAAS;AAAA,IAC1D,CAAC;AACD,QAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,aAAa,WAAW,IAAI;AAAA,EACpE;AAEA,SAAO;AACT;AAGO,MAAM,wBAAwB,CAAC,MAAe;AACnD,MAAI,EAAE,aAAa,UAAU,EAAE,aAAa,IAAI;AAC9C,WAAO;AAAA,EACT;AAEA,QAAM,EAAE,QAAQ,IAAI;AAEpB,QAAM,iBAAiB,QAAQ,YAAY;AAC3C,QAAM,qBAAqB,eAAe,SAAS,sBAAsB;AACzE,QAAM,sBAAsB,eAAe,SAAS,6CAA6C;AAKjG,QAAM,aAAa;AAEnB,SAAO,WAAW,KAAK,OAAO,KAAK,sBAAsB;AAC3D;AAEA,eAAsB,mBAAyC;AAC7D,MAAI;AAGF,UAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,cAAc;AAC/C,UAAM,kBAAkB,MAAM,QAAQ;AACtC,WAAO,IAAI,0BAAY,2BAA2B,EAAE,SAAS,gBAAgB,CAAC;AAAA,EAChF,SAAS,GAAQ;AAGf,QAAI,KAAK,sBAAsB,CAAC,GAAG;AACjC,YAAM;AAAA,IACR;AAEA,UAAM,IAAI;AAAA,MACR;AAAA;AAAA,kBAAiL,CAAC;AAAA,IACpL;AAAA,EACF;AACF;AAGO,SAAS,yBAAyB,gBAA4C;AACnF,QAAM,aAAa,eAEhB,MAAM,GAAG,EACT,IAAI,CAAAC,eAAaA,WAAU,KAAK,CAAC;AAIpC,QAAM,YACJ,WAAW,KAAK,SAAO,IAAI,WAAW,YAAY,CAAC,KAAK,WAAW,KAAK,SAAO,IAAI,WAAW,aAAa,CAAC;AAG9G,MAAI,CAAC,WAAW;AACd;AAAA,EACF;AAGA,QAAM,QAAQ,UACX,MAAM,GAAG,EAET,MAAM,CAAC,EACP,IAAI,YAAU,OAAO,KAAK,CAAC,EAE3B,KAAK,YAAU,OAAO,WAAW,SAAS,KAAK,OAAO,SAAS,KAAK,OAAO,SAAS,GAAG,CAAC,GAEvF,MAAM,GAAG,EAAE;AAGf,MAAI,CAAC,OAAO;AACV;AAAA,EACF;AAKA,MAAI,qBAAqB,KAAK,KAAK,GAAG;AACpC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;","names":["nextConstants","directive"]}
package/dist/cjs/utils/allNextProviderProps.js CHANGED
@@ -23,6 +23,7 @@ __export(allNextProviderProps_exports, {
23
23
  module.exports = __toCommonJS(allNextProviderProps_exports);
24
24
  const allNextProviderPropsWithEnv = (nextProps) => {
25
25
  const {
26
+ tenantId,
26
27
  signInUrl,
27
28
  signUpUrl,
28
29
  signInForceRedirectUrl,
@@ -36,11 +37,17 @@ const allNextProviderPropsWithEnv = (nextProps) => {
36
37
  enableServiceWorker: propsEnableServiceWorker,
37
38
  loadingComponent: propsLoadingComponent,
38
39
  persistence: propsPersistence,
40
+ ternUIUrl: propsTernUIUrl,
41
+ ternUIVersion: propsTernUIVersion,
42
+ appCheck,
39
43
  ...baseProps
40
44
  } = nextProps;
41
45
  const envConfig = {
46
+ tenantId: process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || "",
42
47
  apiKey: process.env.NEXT_PUBLIC_TERN_API_KEY,
43
48
  apiUrl: process.env.TERNSECURE_API_URL || "",
49
+ ternUIUrl: process.env.NEXT_PUBLIC_TERN_UI_URL || "",
50
+ ternUIVersion: process.env.NEXT_PUBLIC_TERN_UI_VERSION || "",
44
51
  projectId: process.env.NEXT_PUBLIC_TERN_PROJECT_ID,
45
52
  customDomain: process.env.NEXT_PUBLIC_TERN_CUSTOM_DOMAIN,
46
53
  proxyUrl: process.env.NEXT_PUBLIC_TERN_PROXY_URL,
@@ -60,14 +67,15 @@ const allNextProviderPropsWithEnv = (nextProps) => {
60
67
  const ternSecureConfig = {
61
68
  apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || "",
62
69
  authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || "",
70
+ databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL || "",
63
71
  appName: process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || "",
64
72
  projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || "",
65
73
  storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || "",
66
74
  messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || "",
67
75
  appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || "",
68
- measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENTID,
69
- tenantId: process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || ""
76
+ measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENTID || ""
70
77
  };
78
+ const finalTenantId = tenantId ?? envConfig.tenantId;
71
79
  const finalApiUrl = propsApiUrl ?? envConfig.apiUrl;
72
80
  const finalSignInUrl = signInUrl ?? envConfig.signInUrl;
73
81
  const finalSignUpUrl = signUpUrl ?? envConfig.signUpUrl;
@@ -76,16 +84,20 @@ const allNextProviderPropsWithEnv = (nextProps) => {
76
84
  const finalSignInFallbackRedirectUrl = signInFallbackRedirectUrl ?? envConfig.signInFallbackRedirectUrl;
77
85
  const finalSignUpFallbackRedirectUrl = signUpFallbackRedirectUrl ?? envConfig.signUpFallbackRedirectUrl;
78
86
  const finalPersistence = propsPersistence ?? envConfig.persistence;
87
+ const finalTernUIUrl = propsTernUIUrl ?? envConfig.ternUIUrl;
88
+ const finalTernUIVersion = propsTernUIVersion ?? envConfig.ternUIVersion;
79
89
  const result = {
80
90
  ...baseProps,
81
91
  // Set the Firebase configuration properties
82
92
  ternSecureConfig,
83
93
  // Set properties explicitly taken from TernSecureNextProps (props version)
84
94
  // These are part of the TernSecureProviderProps interface.
95
+ tenantId: finalTenantId,
85
96
  requiresVerification: propsRequiresVerification,
86
97
  isTernSecureDev: propsIsTernSecureDev,
87
98
  enableServiceWorker: propsEnableServiceWorker,
88
99
  loadingComponent: propsLoadingComponent,
100
+ appCheck,
89
101
  //TernSecure: baseProps.Instance,
90
102
  initialState: baseProps.initialState,
91
103
  bypassApiKey: baseProps.bypassApiKey,
@@ -97,7 +109,9 @@ const allNextProviderPropsWithEnv = (nextProps) => {
97
109
  signUpFallbackRedirectUrl: finalSignUpFallbackRedirectUrl,
98
110
  mode: baseProps.mode,
99
111
  apiUrl: finalApiUrl,
100
- persistence: finalPersistence
112
+ persistence: finalPersistence,
113
+ ternUIUrl: finalTernUIUrl,
114
+ ternUIVersion: finalTernUIVersion
101
115
  };
102
116
  Object.keys(result).forEach((key) => {
103
117
  if (result[key] === void 0) {
package/dist/cjs/utils/allNextProviderProps.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/utils/allNextProviderProps.ts"],"sourcesContent":["import type { \n IsoTernSecureAuthOptions,\n TernSecureProviderProps} from \"@tern-secure/react\";\n\nimport type { NextProviderProcessedProps, TernSecureNextProps } from \"../types\";\n\n\nexport const allNextProviderPropsWithEnv = (\n nextProps: Omit<TernSecureNextProps, 'children'>\n): any => {\n const {\n signInUrl,\n signUpUrl,\n signInForceRedirectUrl,\n signUpForceRedirectUrl,\n signInFallbackRedirectUrl,\n signUpFallbackRedirectUrl,\n //apiKey: propsApiKey,\n apiUrl: propsApiUrl,\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n persistence: propsPersistence,\n ...baseProps \n } = nextProps;\n\n const envConfig = {\n apiKey: process.env.NEXT_PUBLIC_TERN_API_KEY,\n apiUrl: process.env.TERNSECURE_API_URL || '',\n projectId: process.env.NEXT_PUBLIC_TERN_PROJECT_ID,\n customDomain: process.env.NEXT_PUBLIC_TERN_CUSTOM_DOMAIN,\n proxyUrl: process.env.NEXT_PUBLIC_TERN_PROXY_URL,\n environment: process.env.NEXT_PUBLIC_TERN_ENVIRONMENT,\n signInUrl: process.env.NEXT_PUBLIC_SIGN_IN_URL || '',\n signUpUrl: process.env.NEXT_PUBLIC_SIGN_UP_URL || '',\n signInForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FORCE_REDIRECT_URL || '',\n signUpForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FORCE_REDIRECT_URL || '',\n signInFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FALLBACK_REDIRECT_URL || '',\n signUpFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FALLBACK_REDIRECT_URL || '',\n persistence: process.env.NEXT_PUBLIC_TERN_PERSISTENCE as 'local' | 'session' | 'browserCookie' | 'none',\n useEmulator: process.env.NEXT_PUBLIC_USE_FIREBASE_EMULATOR,\n projectIdAdmin: process.env.FIREBASE_PROJECT_ID,\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL,\n privateKey: process.env.FIREBASE_PRIVATE_KEY,\n };\n\n const ternSecureConfig = {\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\n appName: process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || '',\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENTID,\n tenantId: process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || '',\n };\n\n // Merge config values: props take precedence over environment variables\n //const finalApiKey = propsApiKey ?? envConfig.apiKey;\n const finalApiUrl = propsApiUrl ?? envConfig.apiUrl;\n const finalSignInUrl = signInUrl ?? envConfig.signInUrl;\n const finalSignUpUrl = signUpUrl ?? envConfig.signUpUrl;\n const finalSignInForceRedirectUrl = signInForceRedirectUrl ?? envConfig.signInForceRedirectUrl;\n const finalSignUpForceRedirectUrl = signUpForceRedirectUrl ?? envConfig.signUpForceRedirectUrl;\n const finalSignInFallbackRedirectUrl = signInFallbackRedirectUrl ?? envConfig.signInFallbackRedirectUrl;\n const finalSignUpFallbackRedirectUrl = signUpFallbackRedirectUrl ?? envConfig.signUpFallbackRedirectUrl;\n const finalPersistence = propsPersistence ?? envConfig.persistence;\n\n // Construct the result, ensuring it conforms to NextProviderProcessedProps\n // (Omit<TernSecureProviderProps, 'children'>)\n const result: NextProviderProcessedProps = {\n ...(baseProps as Omit<TernSecureProviderProps, 'children' | keyof IsoTernSecureAuthOptions | 'requiresVerification' | 'loadingComponent'>),\n\n // Set the Firebase configuration properties\n ternSecureConfig,\n \n // Set properties explicitly taken from TernSecureNextProps (props version)\n // These are part of the TernSecureProviderProps interface.\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n\n //TernSecure: baseProps.Instance,\n initialState: baseProps.initialState,\n bypassApiKey: baseProps.bypassApiKey,\n signInUrl: finalSignInUrl,\n signUpUrl: finalSignUpUrl,\n signInForceRedirectUrl: finalSignInForceRedirectUrl,\n signUpForceRedirectUrl: finalSignUpForceRedirectUrl,\n signInFallbackRedirectUrl: finalSignInFallbackRedirectUrl,\n signUpFallbackRedirectUrl: finalSignUpFallbackRedirectUrl,\n mode: baseProps.mode,\n apiUrl: finalApiUrl,\n persistence: finalPersistence\n };\n\n // Clean up undefined keys that might have resulted from spreading if not present in baseProps\n // and also not set by merged values (e.g. if env var is also undefined)\n Object.keys(result).forEach(key => {\n if (result[key as keyof NextProviderProcessedProps] === undefined) {\n delete result[key as keyof NextProviderProcessedProps];\n }\n });\n\n return result;\n};"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAOO,MAAM,8BAA8B,CACzC,cACQ;AACR,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA,QAAQ;AAAA,IACR,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,IAClB,aAAa;AAAA,IACb,GAAG;AAAA,EACL,IAAI;AAEJ,QAAM,YAAY;AAAA,IAChB,QAAQ,QAAQ,IAAI;AAAA,IACpB,QAAQ,QAAQ,IAAI,sBAAsB;AAAA,IAC1C,WAAW,QAAQ,IAAI;AAAA,IACvB,cAAc,QAAQ,IAAI;AAAA,IAC1B,UAAU,QAAQ,IAAI;AAAA,IACtB,aAAa,QAAQ,IAAI;AAAA,IACzB,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,aAAa,QAAQ,IAAI;AAAA,IACzB,aAAa,QAAQ,IAAI;AAAA,IACzB,gBAAgB,QAAQ,IAAI;AAAA,IAC5B,aAAa,QAAQ,IAAI;AAAA,IACzB,YAAY,QAAQ,IAAI;AAAA,EAC1B;AAEA,QAAM,mBAAmB;AAAA,IACvB,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,IACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,IAC5D,SAAS,QAAQ,IAAI,iCAAiC;AAAA,IACtD,WAAW,QAAQ,IAAI,mCAAmC;AAAA,IAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,IAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,IAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,IAClD,eAAe,QAAQ,IAAI;AAAA,IAC3B,UAAU,QAAQ,IAAI,kCAAkC;AAAA,EAC1D;AAIA,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,mBAAmB,oBAAoB,UAAU;AAIvD,QAAM,SAAqC;AAAA,IACzC,GAAI;AAAA;AAAA,IAGJ;AAAA;AAAA;AAAA,IAIA,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA;AAAA,IAGlB,cAAc,UAAU;AAAA,IACxB,cAAc,UAAU;AAAA,IACxB,WAAW;AAAA,IACX,WAAW;AAAA,IACX,wBAAwB;AAAA,IACxB,wBAAwB;AAAA,IACxB,2BAA2B;AAAA,IAC3B,2BAA2B;AAAA,IAC3B,MAAM,UAAU;AAAA,IAChB,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAIA,SAAO,KAAK,MAAM,EAAE,QAAQ,SAAO;AACjC,QAAI,OAAO,GAAuC,MAAM,QAAW;AACjE,aAAO,OAAO,GAAuC;AAAA,IACvD;AAAA,EACF,CAAC;AAED,SAAO;AACT;","names":[]}
1
+ {"version":3,"sources":["../../../src/utils/allNextProviderProps.ts"],"sourcesContent":["import type { \n IsoTernSecureAuthOptions,\n TernSecureProviderProps} from \"@tern-secure/react\";\n\nimport type { NextProviderProcessedProps, TernSecureNextProps } from \"../types\";\n\n\nexport const allNextProviderPropsWithEnv = (\n nextProps: Omit<TernSecureNextProps, 'children'>\n): any => {\n const {\n tenantId,\n signInUrl,\n signUpUrl,\n signInForceRedirectUrl,\n signUpForceRedirectUrl,\n signInFallbackRedirectUrl,\n signUpFallbackRedirectUrl,\n //apiKey: propsApiKey,\n apiUrl: propsApiUrl,\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n persistence: propsPersistence,\n ternUIUrl: propsTernUIUrl,\n ternUIVersion: propsTernUIVersion,\n appCheck,\n ...baseProps \n } = nextProps;\n\n const envConfig = {\n tenantId: process.env.NEXT_PUBLIC_FIREBASE_TENANT_ID || '',\n apiKey: process.env.NEXT_PUBLIC_TERN_API_KEY,\n apiUrl: process.env.TERNSECURE_API_URL || '',\n ternUIUrl: process.env.NEXT_PUBLIC_TERN_UI_URL || '',\n ternUIVersion: process.env.NEXT_PUBLIC_TERN_UI_VERSION || '',\n projectId: process.env.NEXT_PUBLIC_TERN_PROJECT_ID,\n customDomain: process.env.NEXT_PUBLIC_TERN_CUSTOM_DOMAIN,\n proxyUrl: process.env.NEXT_PUBLIC_TERN_PROXY_URL,\n environment: process.env.NEXT_PUBLIC_TERN_ENVIRONMENT,\n signInUrl: process.env.NEXT_PUBLIC_SIGN_IN_URL || '',\n signUpUrl: process.env.NEXT_PUBLIC_SIGN_UP_URL || '',\n signInForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FORCE_REDIRECT_URL || '',\n signUpForceRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FORCE_REDIRECT_URL || '',\n signInFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_IN_FALLBACK_REDIRECT_URL || '',\n signUpFallbackRedirectUrl: process.env.NEXT_PUBLIC_SIGN_UP_FALLBACK_REDIRECT_URL || '',\n persistence: process.env.NEXT_PUBLIC_TERN_PERSISTENCE as 'local' | 'session' | 'browserCookie' | 'none',\n useEmulator: process.env.NEXT_PUBLIC_USE_FIREBASE_EMULATOR,\n projectIdAdmin: process.env.FIREBASE_PROJECT_ID,\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL,\n privateKey: process.env.FIREBASE_PRIVATE_KEY,\n };\n\n const ternSecureConfig = {\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\n databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL || '',\n appName: process.env.NEXT_PUBLIC_FIREBASE_APP_NAME || '',\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENTID || '',\n };\n\n // Merge config values: props take precedence over environment variables\n //const finalApiKey = propsApiKey ?? envConfig.apiKey;\n const finalTenantId = tenantId ?? envConfig.tenantId;\n const finalApiUrl = propsApiUrl ?? envConfig.apiUrl;\n const finalSignInUrl = signInUrl ?? envConfig.signInUrl;\n const finalSignUpUrl = signUpUrl ?? envConfig.signUpUrl;\n const finalSignInForceRedirectUrl = signInForceRedirectUrl ?? envConfig.signInForceRedirectUrl;\n const finalSignUpForceRedirectUrl = signUpForceRedirectUrl ?? envConfig.signUpForceRedirectUrl;\n const finalSignInFallbackRedirectUrl = signInFallbackRedirectUrl ?? envConfig.signInFallbackRedirectUrl;\n const finalSignUpFallbackRedirectUrl = signUpFallbackRedirectUrl ?? envConfig.signUpFallbackRedirectUrl;\n const finalPersistence = propsPersistence ?? envConfig.persistence;\n const finalTernUIUrl = propsTernUIUrl ?? envConfig.ternUIUrl;\n const finalTernUIVersion = propsTernUIVersion ?? envConfig.ternUIVersion;\n\n // Construct the result, ensuring it conforms to NextProviderProcessedProps\n // (Omit<TernSecureProviderProps, 'children'>)\n const result: NextProviderProcessedProps = {\n ...(baseProps as Omit<TernSecureProviderProps, 'children' | keyof IsoTernSecureAuthOptions | 'requiresVerification' | 'loadingComponent'>),\n\n // Set the Firebase configuration properties\n ternSecureConfig,\n \n // Set properties explicitly taken from TernSecureNextProps (props version)\n // These are part of the TernSecureProviderProps interface.\n tenantId: finalTenantId,\n requiresVerification: propsRequiresVerification,\n isTernSecureDev: propsIsTernSecureDev,\n enableServiceWorker: propsEnableServiceWorker,\n loadingComponent: propsLoadingComponent,\n appCheck,\n\n //TernSecure: baseProps.Instance,\n initialState: baseProps.initialState,\n bypassApiKey: baseProps.bypassApiKey,\n signInUrl: finalSignInUrl,\n signUpUrl: finalSignUpUrl,\n signInForceRedirectUrl: finalSignInForceRedirectUrl,\n signUpForceRedirectUrl: finalSignUpForceRedirectUrl,\n signInFallbackRedirectUrl: finalSignInFallbackRedirectUrl,\n signUpFallbackRedirectUrl: finalSignUpFallbackRedirectUrl,\n mode: baseProps.mode,\n apiUrl: finalApiUrl,\n persistence: finalPersistence,\n ternUIUrl: finalTernUIUrl,\n ternUIVersion: finalTernUIVersion\n };\n\n // Clean up undefined keys that might have resulted from spreading if not present in baseProps\n // and also not set by merged values (e.g. if env var is also undefined)\n Object.keys(result).forEach(key => {\n if (result[key as keyof NextProviderProcessedProps] === undefined) {\n delete result[key as keyof NextProviderProcessedProps];\n }\n });\n\n return result;\n};"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAOO,MAAM,8BAA8B,CACzC,cACQ;AACR,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA,QAAQ;AAAA,IACR,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,IAClB,aAAa;AAAA,IACb,WAAW;AAAA,IACX,eAAe;AAAA,IACf;AAAA,IACA,GAAG;AAAA,EACL,IAAI;AAEJ,QAAM,YAAY;AAAA,IAChB,UAAU,QAAQ,IAAI,kCAAkC;AAAA,IACxD,QAAQ,QAAQ,IAAI;AAAA,IACpB,QAAQ,QAAQ,IAAI,sBAAsB;AAAA,IAC1C,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,eAAe,QAAQ,IAAI,+BAA+B;AAAA,IAC1D,WAAW,QAAQ,IAAI;AAAA,IACvB,cAAc,QAAQ,IAAI;AAAA,IAC1B,UAAU,QAAQ,IAAI;AAAA,IACtB,aAAa,QAAQ,IAAI;AAAA,IACzB,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,WAAW,QAAQ,IAAI,2BAA2B;AAAA,IAClD,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,wBAAwB,QAAQ,IAAI,0CAA0C;AAAA,IAC9E,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,2BAA2B,QAAQ,IAAI,6CAA6C;AAAA,IACpF,aAAa,QAAQ,IAAI;AAAA,IACzB,aAAa,QAAQ,IAAI;AAAA,IACzB,gBAAgB,QAAQ,IAAI;AAAA,IAC5B,aAAa,QAAQ,IAAI;AAAA,IACzB,YAAY,QAAQ,IAAI;AAAA,EAC1B;AAEA,QAAM,mBAAmB;AAAA,IACvB,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,IACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,IAC5D,aAAa,QAAQ,IAAI,qCAAqC;AAAA,IAC9D,SAAS,QAAQ,IAAI,iCAAiC;AAAA,IACtD,WAAW,QAAQ,IAAI,mCAAmC;AAAA,IAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,IAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,IAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,IAClD,eAAe,QAAQ,IAAI,sCAAsC;AAAA,EACnE;AAIA,QAAM,gBAAgB,YAAY,UAAU;AAC5C,QAAM,cAAc,eAAe,UAAU;AAC7C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,iBAAiB,aAAa,UAAU;AAC9C,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,8BAA8B,0BAA0B,UAAU;AACxE,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,iCAAiC,6BAA6B,UAAU;AAC9E,QAAM,mBAAmB,oBAAoB,UAAU;AACvD,QAAM,iBAAiB,kBAAkB,UAAU;AACnD,QAAM,qBAAqB,sBAAsB,UAAU;AAI3D,QAAM,SAAqC;AAAA,IACzC,GAAI;AAAA;AAAA,IAGJ;AAAA;AAAA;AAAA,IAIA,UAAU;AAAA,IACV,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,IAClB;AAAA;AAAA,IAGA,cAAc,UAAU;AAAA,IACxB,cAAc,UAAU;AAAA,IACxB,WAAW;AAAA,IACX,WAAW;AAAA,IACX,wBAAwB;AAAA,IACxB,wBAAwB;AAAA,IACxB,2BAA2B;AAAA,IAC3B,2BAA2B;AAAA,IAC3B,MAAM,UAAU;AAAA,IAChB,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,WAAW;AAAA,IACX,eAAe;AAAA,EACjB;AAIA,SAAO,KAAK,MAAM,EAAE,QAAQ,SAAO;AACjC,QAAI,OAAO,GAAuC,MAAM,QAAW;AACjE,aAAO,OAAO,GAAuC;AAAA,IACvD;AAAA,EACF,CAAC;AAED,SAAO;AACT;","names":[]}
package/dist/cjs/utils/config.js CHANGED
@@ -32,6 +32,7 @@ module.exports = __toCommonJS(config_exports);
32
32
  const loadFireConfig = () => ({
33
33
  apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || "",
34
34
  authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || "",
35
+ databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL || "",
35
36
  projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || "",
36
37
  storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || "",
37
38
  messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || "",
package/dist/cjs/utils/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/utils/config.ts"],"sourcesContent":["import type { \r\n AdminConfigValidationResult,\r\n ConfigValidationResult, \r\n ServerConfigValidationResult,\r\n TernSecureAdminConfig,\r\n TernSecureConfig, \r\n TernSecureServerConfig} from '@tern-secure/types'\r\n\r\n/**\r\n * Loads Firebase configuration from environment variables\r\n * @returns {TernSecureConfig} Firebase configuration object\r\n */\r\nexport const loadFireConfig = (): TernSecureConfig => ({\r\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\r\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\r\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\r\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\r\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\r\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\r\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID || undefined,\r\n})\r\n\r\n/**\r\n * Validates Firebase configuration\r\n * @param {TernSecureConfig} config - Firebase configuration object\r\n * @throws {Error} If required configuration values are missing\r\n * @returns {TernSecureConfig} Validated configuration object\r\n */\r\nexport const validateConfig = (config: TernSecureConfig): ConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureConfig)[] = [\r\n 'apiKey',\r\n 'authDomain',\r\n 'projectId',\r\n 'storageBucket',\r\n 'messagingSenderId',\r\n 'appId'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: NEXT_PUBLIC_FIREBASE_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n/**\r\n * Initializes configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeConfig = (): TernSecureConfig => {\r\n const config = loadFireConfig()\r\n const validationResult = validateConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}\r\n\r\n/**\r\n * Loads Firebase Admin configuration from environment variables\r\n * @returns {AdminConfig} Firebase Admin configuration object\r\n */\r\nexport const loadAdminConfig = (): TernSecureAdminConfig => ({\r\n projectId: process.env.FIREBASE_PROJECT_ID || '',\r\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL || '',\r\n privateKey: process.env.FIREBASE_PRIVATE_KEY || '',\r\n})\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateAdminConfig = (config: TernSecureAdminConfig): AdminConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureAdminConfig)[] = [\r\n 'projectId',\r\n 'clientEmail',\r\n 'privateKey'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeAdminConfig = (): TernSecureAdminConfig => {\r\n const config = loadAdminConfig()\r\n const validationResult = validateAdminConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase Admin configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}\r\n\r\n\r\n\r\n/**\r\n * Loads Firebase Server configuration from environment variables\r\n * @returns {ServerConfig} Firebase Server configuration object\r\n */\r\nexport const loadServerConfig = (): TernSecureServerConfig => ({\r\n apiKey: process.env.FIREBASE_SERVER_API_KEY || '',\r\n\r\n})\r\n\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateServerConfig = (config: TernSecureServerConfig): ServerConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureServerConfig)[] = [\r\n 'apiKey'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: FIREBASE_SERVER_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeServerConfig = (): TernSecureServerConfig => {\r\n const config = loadServerConfig()\r\n const validationResult = validateServerConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase Server configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYO,MAAM,iBAAiB,OAAyB;AAAA,EACrD,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,EACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,EAC5D,WAAW,QAAQ,IAAI,mCAAmC;AAAA,EAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,EAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,EAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,EAClD,eAAe,QAAQ,IAAI,uCAAuC;AACpE;AAQO,MAAM,iBAAiB,CAAC,WAAqD;AAClF,QAAM,iBAA6C;AAAA,IACjD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,gDAAgD,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC3F;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,mBAAmB,MAAwB;AACtD,QAAM,SAAS,eAAe;AAC9B,QAAM,mBAAmB,eAAe,MAAM;AAE9C,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAA8C,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IAClF;AAAA,EACF;AAEA,SAAO;AACT;AAMO,MAAM,kBAAkB,OAA8B;AAAA,EAC3D,WAAW,QAAQ,IAAI,uBAAuB;AAAA,EAC9C,aAAa,QAAQ,IAAI,yBAAyB;AAAA,EAClD,YAAY,QAAQ,IAAI,wBAAwB;AAClD;AAOO,MAAM,sBAAsB,CAAC,WAA+D;AACjG,QAAM,iBAAkD;AAAA,IACtD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,oCAAoC,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC/E;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,wBAAwB,MAA6B;AAChE,QAAM,SAAS,gBAAgB;AAC/B,QAAM,mBAAmB,oBAAoB,MAAM;AAEnD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAoD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACxF;AAAA,EACF;AAEA,SAAO;AACT;AAQO,MAAM,mBAAmB,OAA+B;AAAA,EAC7D,QAAQ,QAAQ,IAAI,2BAA2B;AAEjD;AAQO,MAAM,uBAAuB,CAAC,WAAiE;AACpG,QAAM,iBAAmD;AAAA,IACvD;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,2CAA2C,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IACtF;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAQO,MAAM,yBAAyB,MAA8B;AAClE,QAAM,SAAS,iBAAiB;AAChC,QAAM,mBAAmB,qBAAqB,MAAM;AAEpD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAqD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACzF;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}
1
+ {"version":3,"sources":["../../../src/utils/config.ts"],"sourcesContent":["import type { \r\n AdminConfigValidationResult,\r\n ConfigValidationResult, \r\n ServerConfigValidationResult,\r\n TernSecureAdminConfig,\r\n TernSecureConfig, \r\n TernSecureServerConfig} from '@tern-secure/types'\r\n\r\n/**\r\n * Loads Firebase configuration from environment variables\r\n * @returns {TernSecureConfig} Firebase configuration object\r\n */\r\nexport const loadFireConfig = (): TernSecureConfig => ({\r\n apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '',\r\n authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN || '',\r\n databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL || '',\r\n projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID || '',\r\n storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET || '',\r\n messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID || '',\r\n appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '',\r\n measurementId: process.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID || undefined,\r\n})\r\n\r\n/**\r\n * Validates Firebase configuration\r\n * @param {TernSecureConfig} config - Firebase configuration object\r\n * @throws {Error} If required configuration values are missing\r\n * @returns {TernSecureConfig} Validated configuration object\r\n */\r\nexport const validateConfig = (config: TernSecureConfig): ConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureConfig)[] = [\r\n 'apiKey',\r\n 'authDomain',\r\n 'projectId',\r\n 'storageBucket',\r\n 'messagingSenderId',\r\n 'appId'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: NEXT_PUBLIC_FIREBASE_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n/**\r\n * Initializes configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeConfig = (): TernSecureConfig => {\r\n const config = loadFireConfig()\r\n const validationResult = validateConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}\r\n\r\n/**\r\n * Loads Firebase Admin configuration from environment variables\r\n * @returns {AdminConfig} Firebase Admin configuration object\r\n */\r\nexport const loadAdminConfig = (): TernSecureAdminConfig => ({\r\n projectId: process.env.FIREBASE_PROJECT_ID || '',\r\n clientEmail: process.env.FIREBASE_CLIENT_EMAIL || '',\r\n privateKey: process.env.FIREBASE_PRIVATE_KEY || '',\r\n})\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateAdminConfig = (config: TernSecureAdminConfig): AdminConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureAdminConfig)[] = [\r\n 'projectId',\r\n 'clientEmail',\r\n 'privateKey'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeAdminConfig = (): TernSecureAdminConfig => {\r\n const config = loadAdminConfig()\r\n const validationResult = validateAdminConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase Admin configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}\r\n\r\n\r\n\r\n/**\r\n * Loads Firebase Server configuration from environment variables\r\n * @returns {ServerConfig} Firebase Server configuration object\r\n */\r\nexport const loadServerConfig = (): TernSecureServerConfig => ({\r\n apiKey: process.env.FIREBASE_SERVER_API_KEY || '',\r\n\r\n})\r\n\r\n\r\n/**\r\n * Validates Firebase Admin configuration\r\n * @param {AdminConfig} config - Firebase Admin configuration object\r\n * @returns {ConfigValidationResult} Validation result\r\n */\r\nexport const validateServerConfig = (config: TernSecureServerConfig): ServerConfigValidationResult => {\r\n const requiredFields: (keyof TernSecureServerConfig)[] = [\r\n 'apiKey'\r\n ]\r\n\r\n const errors: string[] = []\r\n \r\n requiredFields.forEach(field => {\r\n if (!config[field]) {\r\n errors.push(`Missing required field: FIREBASE_SERVER_${String(field).toUpperCase()}`)\r\n }\r\n })\r\n\r\n return {\r\n isValid: errors.length === 0,\r\n errors,\r\n config\r\n }\r\n}\r\n\r\n\r\n\r\n/**\r\n * Initializes admin configuration with validation\r\n * @throws {Error} If configuration is invalid\r\n */\r\nexport const initializeServerConfig = (): TernSecureServerConfig => {\r\n const config = loadServerConfig()\r\n const validationResult = validateServerConfig(config)\r\n\r\n if (!validationResult.isValid) {\r\n throw new Error(\r\n `Firebase Server configuration validation failed:\\n${validationResult.errors.join('\\n')}`\r\n )\r\n }\r\n\r\n return config\r\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYO,MAAM,iBAAiB,OAAyB;AAAA,EACrD,QAAQ,QAAQ,IAAI,gCAAgC;AAAA,EACpD,YAAY,QAAQ,IAAI,oCAAoC;AAAA,EAC5D,aAAa,QAAQ,IAAI,qCAAqC;AAAA,EAC9D,WAAW,QAAQ,IAAI,mCAAmC;AAAA,EAC1D,eAAe,QAAQ,IAAI,uCAAuC;AAAA,EAClE,mBAAmB,QAAQ,IAAI,4CAA4C;AAAA,EAC3E,OAAO,QAAQ,IAAI,+BAA+B;AAAA,EAClD,eAAe,QAAQ,IAAI,uCAAuC;AACpE;AAQO,MAAM,iBAAiB,CAAC,WAAqD;AAClF,QAAM,iBAA6C;AAAA,IACjD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,gDAAgD,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC3F;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,mBAAmB,MAAwB;AACtD,QAAM,SAAS,eAAe;AAC9B,QAAM,mBAAmB,eAAe,MAAM;AAE9C,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAA8C,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IAClF;AAAA,EACF;AAEA,SAAO;AACT;AAMO,MAAM,kBAAkB,OAA8B;AAAA,EAC3D,WAAW,QAAQ,IAAI,uBAAuB;AAAA,EAC9C,aAAa,QAAQ,IAAI,yBAAyB;AAAA,EAClD,YAAY,QAAQ,IAAI,wBAAwB;AAClD;AAOO,MAAM,sBAAsB,CAAC,WAA+D;AACjG,QAAM,iBAAkD;AAAA,IACtD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,oCAAoC,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IAC/E;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAMO,MAAM,wBAAwB,MAA6B;AAChE,QAAM,SAAS,gBAAgB;AAC/B,QAAM,mBAAmB,oBAAoB,MAAM;AAEnD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAoD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACxF;AAAA,EACF;AAEA,SAAO;AACT;AAQO,MAAM,mBAAmB,OAA+B;AAAA,EAC7D,QAAQ,QAAQ,IAAI,2BAA2B;AAEjD;AAQO,MAAM,uBAAuB,CAAC,WAAiE;AACpG,QAAM,iBAAmD;AAAA,IACvD;AAAA,EACF;AAEA,QAAM,SAAmB,CAAC;AAE1B,iBAAe,QAAQ,WAAS;AAC9B,QAAI,CAAC,OAAO,KAAK,GAAG;AAClB,aAAO,KAAK,2CAA2C,OAAO,KAAK,EAAE,YAAY,CAAC,EAAE;AAAA,IACtF;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,SAAS,OAAO,WAAW;AAAA,IAC3B;AAAA,IACA;AAAA,EACF;AACF;AAQO,MAAM,yBAAyB,MAA8B;AAClE,QAAM,SAAS,iBAAiB;AAChC,QAAM,mBAAmB,qBAAqB,MAAM;AAEpD,MAAI,CAAC,iBAAiB,SAAS;AAC7B,UAAM,IAAI;AAAA,MACR;AAAA,EAAqD,iBAAiB,OAAO,KAAK,IAAI,CAAC;AAAA,IACzF;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}
package/dist/cjs/utils/tern-ui-script.js ADDED
@@ -0,0 +1,72 @@
1
+ "use strict";
2
+ var __create = Object.create;
3
+ var __defProp = Object.defineProperty;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
8
+ var __export = (target, all) => {
9
+ for (var name in all)
10
+ __defProp(target, name, { get: all[name], enumerable: true });
11
+ };
12
+ var __copyProps = (to, from, except, desc) => {
13
+ if (from && typeof from === "object" || typeof from === "function") {
14
+ for (let key of __getOwnPropNames(from))
15
+ if (!__hasOwnProp.call(to, key) && key !== except)
16
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
17
+ }
18
+ return to;
19
+ };
20
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
+ // If the importer is in node compatibility mode or this is not an ESM
22
+ // file that has been converted to a CommonJS file using a Babel-
23
+ // compatible transform (i.e. "__esModule" has not been set), then set
24
+ // "default" to the CommonJS "module.exports" for node compatibility.
25
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
+ mod
27
+ ));
28
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
+ var tern_ui_script_exports = {};
30
+ __export(tern_ui_script_exports, {
31
+ TernUIScript: () => TernUIScript
32
+ });
33
+ module.exports = __toCommonJS(tern_ui_script_exports);
34
+ var import_jsx_runtime = require("react/jsx-runtime");
35
+ var import_react = require("@tern-secure/react");
36
+ var import_script = __toESM(require("next/script"));
37
+ var import_NextOptionsCtx = require("../boundary/NextOptionsCtx");
38
+ const isDevelopment = process.env.NODE_ENV === "development";
39
+ const localPort = process.env.TERN_UI_PORT || "4000";
40
+ const devDomain = isDevelopment ? `http://localhost:${localPort || process.env.NEXT_PUBLIC_TERN_UI_PORT || "4000"}` : void 0;
41
+ function TernUIScript({ authDomain, proxyUrl, nonce, router = "app" }) {
42
+ const { ternUIVersion } = (0, import_NextOptionsCtx.useTernNextOptions)();
43
+ const effectiveDomain = isDevelopment ? devDomain : authDomain;
44
+ if (!effectiveDomain) {
45
+ return null;
46
+ }
47
+ const scriptOptions = {
48
+ domain: effectiveDomain,
49
+ proxyUrl,
50
+ ternUIVersion,
51
+ nonce,
52
+ router
53
+ };
54
+ const scriptUrl = (0, import_react.ternUIgetScriptUrl)(scriptOptions);
55
+ const scriptAttributes = (0, import_react.constructTernUIScriptAttributes)(scriptOptions);
56
+ return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
57
+ import_script.default,
58
+ {
59
+ src: scriptUrl,
60
+ "data-ternui-script": true,
61
+ async: true,
62
+ nonce,
63
+ strategy: void 0,
64
+ ...scriptAttributes
65
+ }
66
+ );
67
+ }
68
+ // Annotate the CommonJS export names for ESM import in node:
69
+ 0 && (module.exports = {
70
+ TernUIScript
71
+ });
72
+ //# sourceMappingURL=tern-ui-script.js.map
package/dist/cjs/utils/tern-ui-script.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../src/utils/tern-ui-script.tsx"],"sourcesContent":["import { constructTernUIScriptAttributes, ternUIgetScriptUrl } from '@tern-secure/react';\nimport Script from 'next/script';\n\nimport { useTernNextOptions } from '../boundary/NextOptionsCtx';\nimport type { TernSecureNextProps } from '../types';\n\nconst isDevelopment = process.env.NODE_ENV === 'development';\nconst localPort = process.env.TERN_UI_PORT || '4000';\n\ntype TernUIScriptProps = Pick<TernSecureNextProps, 'authDomain' | 'proxyUrl'> & {\n nonce?: string;\n router: 'app' | 'pages';\n};\n\nconst devDomain = isDevelopment\n ? `http://localhost:${localPort || process.env.NEXT_PUBLIC_TERN_UI_PORT || '4000'}`\n : undefined;\n\nexport function TernUIScript({ authDomain, proxyUrl, nonce, router = 'app' }: TernUIScriptProps) {\n const { ternUIVersion } = useTernNextOptions();\n const effectiveDomain = isDevelopment ? devDomain : authDomain;\n\n if (!effectiveDomain) {\n return null;\n }\n\n const scriptOptions = {\n domain: effectiveDomain,\n proxyUrl,\n ternUIVersion,\n nonce,\n router,\n };\n\n const scriptUrl = ternUIgetScriptUrl(scriptOptions);\n const scriptAttributes = constructTernUIScriptAttributes(scriptOptions);\n\n return (\n <Script\n src={scriptUrl}\n data-ternui-script\n async\n nonce={nonce}\n strategy={undefined}\n {...scriptAttributes}\n //crossOrigin= {undefined}\n />\n );\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAsCI;AAtCJ,mBAAoE;AACpE,oBAAmB;AAEnB,4BAAmC;AAGnC,MAAM,gBAAgB,QAAQ,IAAI,aAAa;AAC/C,MAAM,YAAY,QAAQ,IAAI,gBAAgB;AAO9C,MAAM,YAAY,gBACd,oBAAoB,aAAa,QAAQ,IAAI,4BAA4B,MAAM,KAC/E;AAEG,SAAS,aAAa,EAAE,YAAY,UAAU,OAAO,SAAS,MAAM,GAAsB;AAC/F,QAAM,EAAE,cAAc,QAAI,0CAAmB;AAC7C,QAAM,kBAAkB,gBAAgB,YAAY;AAEpD,MAAI,CAAC,iBAAiB;AACpB,WAAO;AAAA,EACT;AAEA,QAAM,gBAAgB;AAAA,IACpB,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,gBAAY,iCAAmB,aAAa;AAClD,QAAM,uBAAmB,8CAAgC,aAAa;AAEtE,SACE;AAAA,IAAC,cAAAA;AAAA,IAAA;AAAA,MACC,KAAK;AAAA,MACL,sBAAkB;AAAA,MAClB,OAAK;AAAA,MACL;AAAA,MACA,UAAU;AAAA,MACT,GAAG;AAAA;AAAA,EAEN;AAEJ;","names":["Script"]}
package/dist/esm/app-router/admin/actions.js CHANGED
@@ -4,6 +4,7 @@ import {
4
4
  clearSessionCookie,
5
5
  CreateNextSessionCookie,
6
6
  createSessionCookie,
7
+ RetrieveUser as RetrieveUserBackend,
7
8
  SetNextServerSession,
8
9
  SetNextServerToken,
9
10
  VerifyNextTernIdToken
@@ -35,7 +36,11 @@ async function createNextSessionCookie(idToken) {
35
36
  async function verifyNextTernIdToken(idToken) {
36
37
  return VerifyNextTernIdToken(idToken);
37
38
  }
39
+ function RetrieveUser() {
40
+ return RetrieveUserBackend(TENANT_ID);
41
+ }
38
42
  export {
43
+ RetrieveUser,
39
44
  clearNextSessionCookie,
40
45
  clearSessionCookieServer,
41
46
  createNextSessionCookie,
package/dist/esm/app-router/admin/actions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/app-router/admin/actions.ts"],"sourcesContent":["'use server';\n\nimport {\n ClearNextSessionCookie,\n clearSessionCookie,\n CreateNextSessionCookie,\n createSessionCookie,\n SetNextServerSession,\n SetNextServerToken,\n VerifyNextTernIdToken\n} from '@tern-secure/backend/admin';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { TENANT_ID } from './constants';\nimport { getDeleteOptions } from './cookieOptionsHelper';\nimport type { TernSecureHandlerOptions } from './types';\n\nexport async function createSessionCookieServer(idToken: string) {\n const cookieStore = new NextCookieStore();\n return createSessionCookie(idToken, cookieStore);\n}\n\nexport async function clearSessionCookieServer() {\n const cookieStore = new NextCookieStore();\n return clearSessionCookie(cookieStore);\n}\n\nexport async function clearNextSessionCookie(options?: {\n cookies?: TernSecureHandlerOptions['cookies'];\n revokeRefreshTokensOnSignOut?: boolean;\n}) {\n const deleteOptions = getDeleteOptions(options);\n return ClearNextSessionCookie(TENANT_ID, deleteOptions);\n}\n\nexport async function setNextServerSession(idToken: string) {\n return SetNextServerSession(idToken);\n}\n\nexport async function setNextServerToken(token: string) {\n return SetNextServerToken(token);\n}\n\nexport async function createNextSessionCookie(idToken: string) {\n return CreateNextSessionCookie(idToken);\n}\n\nexport async function verifyNextTernIdToken(idToken: string) {\n return VerifyNextTernIdToken(idToken);\n}\n"],"mappings":";AAEA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,uBAAuB;AAChC,SAAS,iBAAiB;AAC1B,SAAS,wBAAwB;AAGjC,eAAsB,0BAA0B,SAAiB;AAC/D,QAAM,cAAc,IAAI,gBAAgB;AACxC,SAAO,oBAAoB,SAAS,WAAW;AACjD;AAEA,eAAsB,2BAA2B;AAC/C,QAAM,cAAc,IAAI,gBAAgB;AACxC,SAAO,mBAAmB,WAAW;AACvC;AAEA,eAAsB,uBAAuB,SAG1C;AACD,QAAM,gBAAgB,iBAAiB,OAAO;AAC9C,SAAO,uBAAuB,WAAW,aAAa;AACxD;AAEA,eAAsB,qBAAqB,SAAiB;AAC1D,SAAO,qBAAqB,OAAO;AACrC;AAEA,eAAsB,mBAAmB,OAAe;AACtD,SAAO,mBAAmB,KAAK;AACjC;AAEA,eAAsB,wBAAwB,SAAiB;AAC7D,SAAO,wBAAwB,OAAO;AACxC;AAEA,eAAsB,sBAAsB,SAAiB;AAC3D,SAAO,sBAAsB,OAAO;AACtC;","names":[]}
1
+ {"version":3,"sources":["../../../../src/app-router/admin/actions.ts"],"sourcesContent":["'use server';\n\nimport {\n ClearNextSessionCookie,\n clearSessionCookie,\n CreateNextSessionCookie,\n createSessionCookie,\n RetrieveUser as RetrieveUserBackend,\n SetNextServerSession,\n SetNextServerToken,\n VerifyNextTernIdToken,\n} from '@tern-secure/backend/admin';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { TENANT_ID } from './constants';\nimport { getDeleteOptions } from './cookieOptionsHelper';\nimport type { TernSecureHandlerOptions } from './types';\n\nexport async function createSessionCookieServer(idToken: string) {\n const cookieStore = new NextCookieStore();\n return createSessionCookie(idToken, cookieStore);\n}\n\nexport async function clearSessionCookieServer() {\n const cookieStore = new NextCookieStore();\n return clearSessionCookie(cookieStore);\n}\n\nexport async function clearNextSessionCookie(options?: {\n cookies?: TernSecureHandlerOptions['cookies'];\n revokeRefreshTokensOnSignOut?: boolean;\n}) {\n const deleteOptions = getDeleteOptions(options);\n return ClearNextSessionCookie(TENANT_ID, deleteOptions);\n}\n\nexport async function setNextServerSession(idToken: string) {\n return SetNextServerSession(idToken);\n}\n\nexport async function setNextServerToken(token: string) {\n return SetNextServerToken(token);\n}\n\nexport async function createNextSessionCookie(idToken: string) {\n return CreateNextSessionCookie(idToken);\n}\n\nexport async function verifyNextTernIdToken(idToken: string) {\n return VerifyNextTernIdToken(idToken);\n}\n\nexport function RetrieveUser() {\n return RetrieveUserBackend(TENANT_ID);\n}\n"],"mappings":";AAEA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAgB;AAAA,EAChB;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,uBAAuB;AAChC,SAAS,iBAAiB;AAC1B,SAAS,wBAAwB;AAGjC,eAAsB,0BAA0B,SAAiB;AAC/D,QAAM,cAAc,IAAI,gBAAgB;AACxC,SAAO,oBAAoB,SAAS,WAAW;AACjD;AAEA,eAAsB,2BAA2B;AAC/C,QAAM,cAAc,IAAI,gBAAgB;AACxC,SAAO,mBAAmB,WAAW;AACvC;AAEA,eAAsB,uBAAuB,SAG1C;AACD,QAAM,gBAAgB,iBAAiB,OAAO;AAC9C,SAAO,uBAAuB,WAAW,aAAa;AACxD;AAEA,eAAsB,qBAAqB,SAAiB;AAC1D,SAAO,qBAAqB,OAAO;AACrC;AAEA,eAAsB,mBAAmB,OAAe;AACtD,SAAO,mBAAmB,KAAK;AACjC;AAEA,eAAsB,wBAAwB,SAAiB;AAC7D,SAAO,wBAAwB,OAAO;AACxC;AAEA,eAAsB,sBAAsB,SAAiB;AAC3D,SAAO,sBAAsB,OAAO;AACtC;AAEO,SAAS,eAAe;AAC7B,SAAO,oBAAoB,SAAS;AACtC;","names":[]}
package/dist/esm/app-router/admin/cookieOptionsHelper.js CHANGED
@@ -1,26 +1,37 @@
1
- import { DEFAULT_COOKIE_OPTIONS } from "./types";
2
- function getCookieOptions(config) {
1
+ import { DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS, DEFAULT_SESSION_COOKIE_OPTIONS } from "./types";
2
+ const ONE_YEAR_IN_SECONDS = 365 * 24 * 60 * 60;
3
+ function getIdTokenCookieOptions() {
3
4
  return {
4
- path: config?.cookies?.path ?? DEFAULT_COOKIE_OPTIONS.path ?? "/",
5
- httpOnly: config?.cookies?.httpOnly ?? DEFAULT_COOKIE_OPTIONS.httpOnly ?? true,
6
- secure: config?.cookies?.secure ?? DEFAULT_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
7
- sameSite: config?.cookies?.sameSite ?? DEFAULT_COOKIE_OPTIONS.sameSite ?? "strict",
8
- maxAge: config?.cookies?.maxAge ?? DEFAULT_COOKIE_OPTIONS.maxAge,
9
- priority: config?.cookies?.priority ?? DEFAULT_COOKIE_OPTIONS.priority
5
+ path: "/",
6
+ httpOnly: true,
7
+ secure: process.env.NODE_ENV === "production",
8
+ sameSite: "strict",
9
+ maxAge: ONE_YEAR_IN_SECONDS,
10
+ priority: "high"
11
+ };
12
+ }
13
+ function getSessionCookieOptions(config) {
14
+ return {
15
+ path: config?.cookies?.path ?? DEFAULT_SESSION_COOKIE_OPTIONS.path ?? "/",
16
+ httpOnly: config?.cookies?.httpOnly ?? DEFAULT_SESSION_COOKIE_OPTIONS.httpOnly ?? true,
17
+ secure: config?.cookies?.secure ?? DEFAULT_SESSION_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
18
+ sameSite: config?.cookies?.sameSite ?? DEFAULT_SESSION_COOKIE_OPTIONS.sameSite ?? "strict",
19
+ maxAge: config?.cookies?.maxAge ?? DEFAULT_SESSION_COOKIE_OPTIONS.maxAge,
20
+ priority: config?.cookies?.priority ?? DEFAULT_SESSION_COOKIE_OPTIONS.priority
10
21
  };
11
22
  }
12
23
  function getDeleteOptions(options) {
13
24
  return {
14
- path: options?.cookies?.path ?? DEFAULT_COOKIE_OPTIONS.path ?? "/",
15
- httpOnly: options?.cookies?.httpOnly ?? DEFAULT_COOKIE_OPTIONS.httpOnly ?? true,
16
- secure: options?.cookies?.secure ?? DEFAULT_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
17
- sameSite: options?.cookies?.sameSite ?? DEFAULT_COOKIE_OPTIONS.sameSite ?? "strict",
25
+ path: options?.cookies?.path ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.path ?? "/",
26
+ httpOnly: options?.cookies?.httpOnly ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.httpOnly ?? true,
27
+ secure: options?.cookies?.secure ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
28
+ sameSite: options?.cookies?.sameSite ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.sameSite ?? "strict",
18
29
  revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true
19
- // Domain is intentionally omitted to use current domain
20
30
  };
21
31
  }
22
32
  export {
23
- getCookieOptions,
24
- getDeleteOptions
33
+ getDeleteOptions,
34
+ getIdTokenCookieOptions,
35
+ getSessionCookieOptions
25
36
  };
26
37
  //# sourceMappingURL=cookieOptionsHelper.js.map
package/dist/esm/app-router/admin/cookieOptionsHelper.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/app-router/admin/cookieOptionsHelper.ts"],"sourcesContent":["import type { CookieOptions, TernSecureHandlerOptions } from '@tern-secure/types';\n\nimport { DEFAULT_COOKIE_OPTIONS } from './types';\n\n/**\n * Creates complete cookie options by merging config with defaults\n * Used for both setting and deleting cookies to ensure consistency\n */\nexport function getCookieOptions(\n config?: TernSecureHandlerOptions,\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: config?.cookies?.path ?? DEFAULT_COOKIE_OPTIONS.path ?? '/',\n httpOnly: config?.cookies?.httpOnly ?? DEFAULT_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n config?.cookies?.secure ?? DEFAULT_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: config?.cookies?.sameSite ?? DEFAULT_COOKIE_OPTIONS.sameSite ?? 'strict',\n maxAge: config?.cookies?.maxAge ?? DEFAULT_COOKIE_OPTIONS.maxAge,\n priority: config?.cookies?.priority ?? DEFAULT_COOKIE_OPTIONS.priority,\n };\n}\n\n/**\n * Extracts options needed for cookie deletion\n * For __HOST- prefixed cookies, all security attributes must match\n * @param options - Object containing cookies config and revokeRefreshTokensOnSignOut flag\n */\nexport function getDeleteOptions(options?: {\n cookies?: TernSecureHandlerOptions['cookies'];\n revokeRefreshTokensOnSignOut?: boolean;\n}): {\n path: string;\n httpOnly?: boolean;\n secure?: boolean;\n domain?: string;\n sameSite?: 'lax' | 'strict' | 'none';\n revokeRefreshTokensOnSignOut?: boolean;\n} {\n return {\n path: options?.cookies?.path ?? DEFAULT_COOKIE_OPTIONS.path ?? '/',\n httpOnly: options?.cookies?.httpOnly ?? DEFAULT_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n options?.cookies?.secure ?? DEFAULT_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: options?.cookies?.sameSite ?? DEFAULT_COOKIE_OPTIONS.sameSite ?? 'strict',\n revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true,\n // Domain is intentionally omitted to use current domain\n };\n}\n"],"mappings":"AAEA,SAAS,8BAA8B;AAMhC,SAAS,iBACd,QAE2C;AAC3C,SAAO;AAAA,IACL,MAAM,QAAQ,SAAS,QAAQ,uBAAuB,QAAQ;AAAA,IAC9D,UAAU,QAAQ,SAAS,YAAY,uBAAuB,YAAY;AAAA,IAC1E,QACE,QAAQ,SAAS,UAAU,uBAAuB,UAAU,QAAQ,IAAI,aAAa;AAAA,IACvF,UAAU,QAAQ,SAAS,YAAY,uBAAuB,YAAY;AAAA,IAC1E,QAAQ,QAAQ,SAAS,UAAU,uBAAuB;AAAA,IAC1D,UAAU,QAAQ,SAAS,YAAY,uBAAuB;AAAA,EAChE;AACF;AAOO,SAAS,iBAAiB,SAU/B;AACA,SAAO;AAAA,IACL,MAAM,SAAS,SAAS,QAAQ,uBAAuB,QAAQ;AAAA,IAC/D,UAAU,SAAS,SAAS,YAAY,uBAAuB,YAAY;AAAA,IAC3E,QACE,SAAS,SAAS,UAAU,uBAAuB,UAAU,QAAQ,IAAI,aAAa;AAAA,IACxF,UAAU,SAAS,SAAS,YAAY,uBAAuB,YAAY;AAAA,IAC3E,8BAA8B,SAAS,gCAAgC;AAAA;AAAA,EAEzE;AACF;","names":[]}
1
+ {"version":3,"sources":["../../../../src/app-router/admin/cookieOptionsHelper.ts"],"sourcesContent":["import type { CookieOptions, TernSecureHandlerOptions } from '@tern-secure/types';\n\nimport { DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS, DEFAULT_SESSION_COOKIE_OPTIONS } from './types';\n\nconst ONE_YEAR_IN_SECONDS = 365 * 24 * 60 * 60;\n\n\nexport function getIdTokenCookieOptions(\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: '/',\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: ONE_YEAR_IN_SECONDS,\n priority: 'high',\n };\n}\n\nexport function getSessionCookieOptions(\n config?: TernSecureHandlerOptions,\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: config?.cookies?.path ?? DEFAULT_SESSION_COOKIE_OPTIONS.path ?? '/',\n httpOnly: config?.cookies?.httpOnly ?? DEFAULT_SESSION_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n config?.cookies?.secure ?? DEFAULT_SESSION_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: config?.cookies?.sameSite ?? DEFAULT_SESSION_COOKIE_OPTIONS.sameSite ?? 'strict',\n maxAge: config?.cookies?.maxAge ?? DEFAULT_SESSION_COOKIE_OPTIONS.maxAge,\n priority: config?.cookies?.priority ?? DEFAULT_SESSION_COOKIE_OPTIONS.priority,\n };\n}\n\n\nexport function getDeleteOptions(options?: {\n cookies?: TernSecureHandlerOptions['cookies'];\n revokeRefreshTokensOnSignOut?: boolean;\n}): {\n path: string;\n httpOnly?: boolean;\n secure?: boolean;\n domain?: string;\n sameSite?: 'lax' | 'strict' | 'none';\n revokeRefreshTokensOnSignOut?: boolean;\n} {\n return {\n path: options?.cookies?.path ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.path ?? '/',\n httpOnly: options?.cookies?.httpOnly ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n options?.cookies?.secure ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: options?.cookies?.sameSite ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.sameSite ?? 'strict',\n revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true,\n };\n}\n"],"mappings":"AAEA,SAAS,yCAAyC,sCAAsC;AAExF,MAAM,sBAAsB,MAAM,KAAK,KAAK;AAGrC,SAAS,0BAE6B;AAC3C,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,EACZ;AACF;AAEO,SAAS,wBACd,QAE2C;AAC3C,SAAO;AAAA,IACL,MAAM,QAAQ,SAAS,QAAQ,+BAA+B,QAAQ;AAAA,IACtE,UAAU,QAAQ,SAAS,YAAY,+BAA+B,YAAY;AAAA,IAClF,QACE,QAAQ,SAAS,UAAU,+BAA+B,UAAU,QAAQ,IAAI,aAAa;AAAA,IAC/F,UAAU,QAAQ,SAAS,YAAY,+BAA+B,YAAY;AAAA,IAClF,QAAQ,QAAQ,SAAS,UAAU,+BAA+B;AAAA,IAClE,UAAU,QAAQ,SAAS,YAAY,+BAA+B;AAAA,EACxE;AACF;AAGO,SAAS,iBAAiB,SAU/B;AACA,SAAO;AAAA,IACL,MAAM,SAAS,SAAS,QAAQ,wCAAwC,QAAQ;AAAA,IAChF,UAAU,SAAS,SAAS,YAAY,wCAAwC,YAAY;AAAA,IAC5F,QACE,SAAS,SAAS,UAAU,wCAAwC,UAAU,QAAQ,IAAI,aAAa;AAAA,IACzG,UAAU,SAAS,SAAS,YAAY,wCAAwC,YAAY;AAAA,IAC5F,8BAA8B,SAAS,gCAAgC;AAAA,EACzE;AACF;","names":[]}
package/dist/esm/app-router/admin/endpointRouter.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { createApiErrorResponse } from "./responses";
2
- import { cookieEndpointHandler, sessionEndpointHandler } from "./sessionHandlers";
2
+ import { cookieEndpointHandler, sessionEndpointHandler, signInEndpointHandler } from "./sessionHandlers";
3
3
  class SessionsHandler {
4
4
  canHandle(endpoint) {
5
5
  return endpoint === "sessions";
@@ -26,11 +26,20 @@ class CookieHandler {
26
26
  return await cookieEndpointHandler(context, config);
27
27
  }
28
28
  }
29
+ class SignInsHandler {
30
+ canHandle(endpoint) {
31
+ return endpoint === "sign_ins";
32
+ }
33
+ async handle(context, config) {
34
+ return await signInEndpointHandler(context, config);
35
+ }
36
+ }
29
37
  class EndpointRouter {
30
38
  static handlers = [
31
39
  new SessionsHandler(),
32
40
  new UsersHandler(),
33
- new CookieHandler()
41
+ new CookieHandler(),
42
+ new SignInsHandler()
34
43
  ];
35
44
  static async route(context, config) {
36
45
  const { endpoint } = context;
package/dist/esm/app-router/admin/endpointRouter.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/app-router/admin/endpointRouter.ts"],"sourcesContent":["import type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createApiErrorResponse } from './responses';\nimport { cookieEndpointHandler, sessionEndpointHandler } from './sessionHandlers';\nimport type { AuthEndpoint, TernSecureHandlerOptions } from './types';\n\nexport interface EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean;\n handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;\n}\n\nclass SessionsHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'sessions';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await sessionEndpointHandler(context, config);\n }\n}\n\nclass UsersHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'users';\n }\n\n handle(_context: RequestProcessorContext, _config: TernSecureHandlerOptions): Promise<Response> {\n return Promise.resolve(\n createApiErrorResponse('ENDPOINT_NOT_IMPLEMENTED', 'Users endpoint not implemented', 501),\n );\n }\n}\n\nclass CookieHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'cookies';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await cookieEndpointHandler(context, config);\n }\n}\n\nexport class EndpointRouter {\n private static readonly handlers: EndpointHandler[] = [\n new SessionsHandler(),\n new UsersHandler(),\n new CookieHandler(),\n ];\n\n static async route(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n const { endpoint } = context;\n\n if (!endpoint) {\n return createApiErrorResponse('ENDPOINT_REQUIRED', 'Endpoint is required', 400);\n }\n\n const handler = this.handlers.find(h => h.canHandle(endpoint));\n\n if (!handler) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Endpoint not found', 404);\n }\n\n return handler.handle(context, config);\n }\n\n static addHandler(handler: EndpointHandler): void {\n this.handlers.push(handler);\n }\n\n static removeHandler(predicate: (handler: EndpointHandler) => boolean): void {\n const index = this.handlers.findIndex(predicate);\n if (index > -1) {\n this.handlers.splice(index, 1);\n }\n }\n}\n"],"mappings":"AACA,SAAS,8BAA8B;AACvC,SAAS,uBAAuB,8BAA8B;AAQ9D,MAAM,gBAA2C;AAAA,EAC/C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,MAAM,OACJ,SACA,QACmB;AACnB,WAAO,MAAM,uBAAuB,SAAS,MAAM;AAAA,EACrD;AACF;AAEA,MAAM,aAAwC;AAAA,EAC5C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,OAAO,UAAmC,SAAsD;AAC9F,WAAO,QAAQ;AAAA,MACb,uBAAuB,4BAA4B,kCAAkC,GAAG;AAAA,IAC1F;AAAA,EACF;AACF;AAEA,MAAM,cAAyC;AAAA,EAC7C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,MAAM,OACJ,SACA,QACmB;AACnB,WAAO,MAAM,sBAAsB,SAAS,MAAM;AAAA,EACpD;AACF;AAEO,MAAM,eAAe;AAAA,EAC1B,OAAwB,WAA8B;AAAA,IACpD,IAAI,gBAAgB;AAAA,IACpB,IAAI,aAAa;AAAA,IACjB,IAAI,cAAc;AAAA,EACpB;AAAA,EAEA,aAAa,MACX,SACA,QACmB;AACnB,UAAM,EAAE,SAAS,IAAI;AAErB,QAAI,CAAC,UAAU;AACb,aAAO,uBAAuB,qBAAqB,wBAAwB,GAAG;AAAA,IAChF;AAEA,UAAM,UAAU,KAAK,SAAS,KAAK,OAAK,EAAE,UAAU,QAAQ,CAAC;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,uBAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,WAAO,QAAQ,OAAO,SAAS,MAAM;AAAA,EACvC;AAAA,EAEA,OAAO,WAAW,SAAgC;AAChD,SAAK,SAAS,KAAK,OAAO;AAAA,EAC5B;AAAA,EAEA,OAAO,cAAc,WAAwD;AAC3E,UAAM,QAAQ,KAAK,SAAS,UAAU,SAAS;AAC/C,QAAI,QAAQ,IAAI;AACd,WAAK,SAAS,OAAO,OAAO,CAAC;AAAA,IAC/B;AAAA,EACF;AACF;","names":[]}
1
+ {"version":3,"sources":["../../../../src/app-router/admin/endpointRouter.ts"],"sourcesContent":["import type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createApiErrorResponse } from './responses';\nimport { cookieEndpointHandler, sessionEndpointHandler, signInEndpointHandler } from './sessionHandlers';\nimport type { AuthEndpoint, TernSecureHandlerOptions } from './types';\n\nexport interface EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean;\n handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;\n}\n\nclass SessionsHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'sessions';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await sessionEndpointHandler(context, config);\n }\n}\n\nclass UsersHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'users';\n }\n\n handle(_context: RequestProcessorContext, _config: TernSecureHandlerOptions): Promise<Response> {\n return Promise.resolve(\n createApiErrorResponse('ENDPOINT_NOT_IMPLEMENTED', 'Users endpoint not implemented', 501),\n );\n }\n}\n\nclass CookieHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'cookies';\n }\n\n async handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n return await cookieEndpointHandler(context, config);\n }\n}\n\nclass SignInsHandler implements EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean {\n return endpoint === 'sign_ins';\n }\n\n async handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response> {\n return await signInEndpointHandler(context, config);\n }\n}\n\nexport class EndpointRouter {\n private static readonly handlers: EndpointHandler[] = [\n new SessionsHandler(),\n new UsersHandler(),\n new CookieHandler(),\n new SignInsHandler(),\n ];\n\n static async route(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response> {\n const { endpoint } = context;\n\n if (!endpoint) {\n return createApiErrorResponse('ENDPOINT_REQUIRED', 'Endpoint is required', 400);\n }\n\n const handler = this.handlers.find(h => h.canHandle(endpoint));\n\n if (!handler) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Endpoint not found', 404);\n }\n\n return handler.handle(context, config);\n }\n\n static addHandler(handler: EndpointHandler): void {\n this.handlers.push(handler);\n }\n\n static removeHandler(predicate: (handler: EndpointHandler) => boolean): void {\n const index = this.handlers.findIndex(predicate);\n if (index > -1) {\n this.handlers.splice(index, 1);\n }\n }\n}\n"],"mappings":"AACA,SAAS,8BAA8B;AACvC,SAAS,uBAAuB,wBAAwB,6BAA6B;AAQrF,MAAM,gBAA2C;AAAA,EAC/C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,MAAM,OACJ,SACA,QACmB;AACnB,WAAO,MAAM,uBAAuB,SAAS,MAAM;AAAA,EACrD;AACF;AAEA,MAAM,aAAwC;AAAA,EAC5C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,OAAO,UAAmC,SAAsD;AAC9F,WAAO,QAAQ;AAAA,MACb,uBAAuB,4BAA4B,kCAAkC,GAAG;AAAA,IAC1F;AAAA,EACF;AACF;AAEA,MAAM,cAAyC;AAAA,EAC7C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,MAAM,OACJ,SACA,QACmB;AACnB,WAAO,MAAM,sBAAsB,SAAS,MAAM;AAAA,EACpD;AACF;AAEA,MAAM,eAA0C;AAAA,EAC9C,UAAU,UAAiC;AACzC,WAAO,aAAa;AAAA,EACtB;AAAA,EAEA,MAAM,OAAO,SAAkC,QAAqD;AAClG,WAAO,MAAM,sBAAsB,SAAS,MAAM;AAAA,EACpD;AACF;AAEO,MAAM,eAAe;AAAA,EAC1B,OAAwB,WAA8B;AAAA,IACpD,IAAI,gBAAgB;AAAA,IACpB,IAAI,aAAa;AAAA,IACjB,IAAI,cAAc;AAAA,IAClB,IAAI,eAAe;AAAA,EACrB;AAAA,EAEA,aAAa,MACX,SACA,QACmB;AACnB,UAAM,EAAE,SAAS,IAAI;AAErB,QAAI,CAAC,UAAU;AACb,aAAO,uBAAuB,qBAAqB,wBAAwB,GAAG;AAAA,IAChF;AAEA,UAAM,UAAU,KAAK,SAAS,KAAK,OAAK,EAAE,UAAU,QAAQ,CAAC;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,uBAAuB,sBAAsB,sBAAsB,GAAG;AAAA,IAC/E;AAEA,WAAO,QAAQ,OAAO,SAAS,MAAM;AAAA,EACvC;AAAA,EAEA,OAAO,WAAW,SAAgC;AAChD,SAAK,SAAS,KAAK,OAAO;AAAA,EAC5B;AAAA,EAEA,OAAO,cAAc,WAAwD;AAC3E,UAAM,QAAQ,KAAK,SAAS,UAAU,SAAS;AAC/C,QAAI,QAAQ,IAAI;AACd,WAAK,SAAS,OAAO,OAAO,CAAC;AAAA,IAC/B;AAAA,EACF;AACF;","names":[]}