@tern-secure/nextjs 5.2.0-canary.v20251108045933 → 5.2.0-canary.v20251127221555
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/admin/actions.js +5 -0
- package/dist/cjs/app-router/admin/actions.js.map +1 -1
- package/dist/cjs/app-router/admin/c-authenticateRequestProcessor.js +1 -0
- package/dist/cjs/app-router/admin/c-authenticateRequestProcessor.js.map +1 -1
- package/dist/cjs/app-router/admin/endpointRouter.js +10 -1
- package/dist/cjs/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/cjs/app-router/admin/fnValidators.js +7 -0
- package/dist/cjs/app-router/admin/fnValidators.js.map +1 -1
- package/dist/cjs/app-router/admin/request.js +5 -2
- package/dist/cjs/app-router/admin/request.js.map +1 -1
- package/dist/cjs/app-router/admin/sessionHandlers.js +92 -11
- package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/cjs/app-router/admin/signInCreateHandler.js +213 -0
- package/dist/cjs/app-router/admin/signInCreateHandler.js.map +1 -0
- package/dist/cjs/app-router/admin/types.js +14 -1
- package/dist/cjs/app-router/admin/types.js.map +1 -1
- package/dist/cjs/app-router/client/TernSecureProvider.js +5 -1
- package/dist/cjs/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/cjs/boundary/components.js +2 -12
- package/dist/cjs/boundary/components.js.map +1 -1
- package/dist/cjs/components/uiComponents.js +42 -0
- package/dist/cjs/components/uiComponents.js.map +1 -0
- package/dist/cjs/index.js +9 -12
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/server/data/getAuthDataFromRequest.js +8 -2
- package/dist/cjs/server/data/getAuthDataFromRequest.js.map +1 -1
- package/dist/cjs/server/index.js.map +1 -1
- package/dist/cjs/server/ternSecureProxy.js +27 -3
- package/dist/cjs/server/ternSecureProxy.js.map +1 -1
- package/dist/cjs/server/utils.js +3 -2
- package/dist/cjs/server/utils.js.map +1 -1
- package/dist/cjs/utils/allNextProviderProps.js +16 -3
- package/dist/cjs/utils/allNextProviderProps.js.map +1 -1
- package/dist/cjs/utils/tern-ui-script.js +72 -0
- package/dist/cjs/utils/tern-ui-script.js.map +1 -0
- package/dist/esm/app-router/admin/actions.js +5 -0
- package/dist/esm/app-router/admin/actions.js.map +1 -1
- package/dist/esm/app-router/admin/c-authenticateRequestProcessor.js +1 -0
- package/dist/esm/app-router/admin/c-authenticateRequestProcessor.js.map +1 -1
- package/dist/esm/app-router/admin/endpointRouter.js +11 -2
- package/dist/esm/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/esm/app-router/admin/fnValidators.js +7 -0
- package/dist/esm/app-router/admin/fnValidators.js.map +1 -1
- package/dist/esm/app-router/admin/request.js +5 -2
- package/dist/esm/app-router/admin/request.js.map +1 -1
- package/dist/esm/app-router/admin/sessionHandlers.js +96 -11
- package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/esm/app-router/admin/signInCreateHandler.js +188 -0
- package/dist/esm/app-router/admin/signInCreateHandler.js.map +1 -0
- package/dist/esm/app-router/admin/types.js +13 -1
- package/dist/esm/app-router/admin/types.js.map +1 -1
- package/dist/esm/app-router/client/TernSecureProvider.js +6 -2
- package/dist/esm/app-router/client/TernSecureProvider.js.map +1 -1
- package/dist/esm/boundary/components.js +1 -11
- package/dist/esm/boundary/components.js.map +1 -1
- package/dist/esm/components/uiComponents.js +21 -0
- package/dist/esm/components/uiComponents.js.map +1 -0
- package/dist/esm/index.js +10 -12
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/server/data/getAuthDataFromRequest.js +9 -3
- package/dist/esm/server/data/getAuthDataFromRequest.js.map +1 -1
- package/dist/esm/server/index.js +1 -3
- package/dist/esm/server/index.js.map +1 -1
- package/dist/esm/server/ternSecureProxy.js +28 -4
- package/dist/esm/server/ternSecureProxy.js.map +1 -1
- package/dist/esm/server/utils.js +3 -2
- package/dist/esm/server/utils.js.map +1 -1
- package/dist/esm/utils/allNextProviderProps.js +16 -3
- package/dist/esm/utils/allNextProviderProps.js.map +1 -1
- package/dist/esm/utils/tern-ui-script.js +38 -0
- package/dist/esm/utils/tern-ui-script.js.map +1 -0
- package/dist/types/app-router/admin/actions.d.ts +23 -0
- package/dist/types/app-router/admin/actions.d.ts.map +1 -1
- package/dist/types/app-router/admin/c-authenticateRequestProcessor.d.ts +1 -0
- package/dist/types/app-router/admin/c-authenticateRequestProcessor.d.ts.map +1 -1
- package/dist/types/app-router/admin/endpointRouter.d.ts.map +1 -1
- package/dist/types/app-router/admin/fnValidators.d.ts.map +1 -1
- package/dist/types/app-router/admin/request.d.ts +1 -1
- package/dist/types/app-router/admin/request.d.ts.map +1 -1
- package/dist/types/app-router/admin/sessionHandlers.d.ts +4 -3
- package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
- package/dist/types/app-router/admin/signInCreateHandler.d.ts +11 -0
- package/dist/types/app-router/admin/signInCreateHandler.d.ts.map +1 -0
- package/dist/types/app-router/admin/types.d.ts +3 -2
- package/dist/types/app-router/admin/types.d.ts.map +1 -1
- package/dist/types/app-router/client/TernSecureProvider.d.ts.map +1 -1
- package/dist/types/boundary/components.d.ts +1 -1
- package/dist/types/boundary/components.d.ts.map +1 -1
- package/dist/types/components/uiComponents.d.ts +6 -0
- package/dist/types/components/uiComponents.d.ts.map +1 -0
- package/dist/types/index.d.ts +2 -1
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/server/data/getAuthDataFromRequest.d.ts.map +1 -1
- package/dist/types/server/index.d.ts +1 -1
- package/dist/types/server/index.d.ts.map +1 -1
- package/dist/types/server/ternSecureProxy.d.ts.map +1 -1
- package/dist/types/server/utils.d.ts +1 -1
- package/dist/types/server/utils.d.ts.map +1 -1
- package/dist/types/utils/allNextProviderProps.d.ts.map +1 -1
- package/dist/types/utils/tern-ui-script.d.ts +8 -0
- package/dist/types/utils/tern-ui-script.d.ts.map +1 -0
- package/package.json +5 -5
|
@@ -0,0 +1,213 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
var signInCreateHandler_exports = {};
|
|
20
|
+
__export(signInCreateHandler_exports, {
|
|
21
|
+
processEmailCodeStrategy: () => processEmailCodeStrategy,
|
|
22
|
+
processPasswordStrategy: () => processPasswordStrategy,
|
|
23
|
+
processPhoneCodeStrategy: () => processPhoneCodeStrategy,
|
|
24
|
+
processResetPasswordStrategy: () => processResetPasswordStrategy,
|
|
25
|
+
processSignInCreate: () => processSignInCreate
|
|
26
|
+
});
|
|
27
|
+
module.exports = __toCommonJS(signInCreateHandler_exports);
|
|
28
|
+
var import_actions = require("./actions");
|
|
29
|
+
var import_responses = require("./responses");
|
|
30
|
+
const processSignInCreate = async (context) => {
|
|
31
|
+
try {
|
|
32
|
+
const body = await context.request.json();
|
|
33
|
+
const { strategy, identifier } = body;
|
|
34
|
+
if (!strategy) {
|
|
35
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
36
|
+
"STRATEGY_REQUIRED",
|
|
37
|
+
"Authentication strategy is required",
|
|
38
|
+
400
|
|
39
|
+
);
|
|
40
|
+
}
|
|
41
|
+
if (!identifier) {
|
|
42
|
+
return (0, import_responses.createApiSuccessResponse)({
|
|
43
|
+
status: "needs_identifier",
|
|
44
|
+
strategy,
|
|
45
|
+
message: "Identifier is required to continue"
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
if (strategy === "email_code") {
|
|
49
|
+
return await processEmailCodeStrategy(identifier);
|
|
50
|
+
}
|
|
51
|
+
if (strategy === "password") {
|
|
52
|
+
return await processPasswordStrategy(identifier);
|
|
53
|
+
}
|
|
54
|
+
if (strategy === "phone_code") {
|
|
55
|
+
return processPhoneCodeStrategy(identifier);
|
|
56
|
+
}
|
|
57
|
+
if (strategy === "reset_password_email_code" || strategy === "reset_password_phone_code") {
|
|
58
|
+
return await processResetPasswordStrategy(strategy, identifier);
|
|
59
|
+
}
|
|
60
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
61
|
+
"INVALID_STRATEGY",
|
|
62
|
+
`Unsupported authentication strategy: ${strategy}`,
|
|
63
|
+
400
|
|
64
|
+
);
|
|
65
|
+
} catch (error) {
|
|
66
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
67
|
+
"SIGN_IN_CREATE_ERROR",
|
|
68
|
+
error instanceof Error ? error.message : "An error occurred while creating sign-in",
|
|
69
|
+
500
|
|
70
|
+
);
|
|
71
|
+
}
|
|
72
|
+
};
|
|
73
|
+
const processEmailCodeStrategy = async (email) => {
|
|
74
|
+
try {
|
|
75
|
+
const retrieveUser = (0, import_actions.RetrieveUser)();
|
|
76
|
+
const { data: user, error } = await retrieveUser.getUserByEmail(email);
|
|
77
|
+
if (error) {
|
|
78
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
79
|
+
error.code,
|
|
80
|
+
error.message,
|
|
81
|
+
400
|
|
82
|
+
);
|
|
83
|
+
}
|
|
84
|
+
if (!user.emailVerified) {
|
|
85
|
+
return (0, import_responses.createApiSuccessResponse)({
|
|
86
|
+
status: "needs_email_verification",
|
|
87
|
+
identifier: email,
|
|
88
|
+
supportedFirstFactors: [{ strategy: "email_code" }],
|
|
89
|
+
userId: user.uid,
|
|
90
|
+
message: "Email verification required"
|
|
91
|
+
});
|
|
92
|
+
}
|
|
93
|
+
return (0, import_responses.createApiSuccessResponse)({
|
|
94
|
+
status: "needs_first_factor",
|
|
95
|
+
identifier: email,
|
|
96
|
+
supportedFirstFactors: [{ strategy: "email_code" }],
|
|
97
|
+
userId: user.uid,
|
|
98
|
+
message: "User verified. Proceed with first factor authentication"
|
|
99
|
+
});
|
|
100
|
+
} catch (error) {
|
|
101
|
+
if (error instanceof Error && error.message.includes("no user record")) {
|
|
102
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
103
|
+
"USER_NOT_FOUND",
|
|
104
|
+
"No user found with this email address",
|
|
105
|
+
404
|
|
106
|
+
);
|
|
107
|
+
}
|
|
108
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
109
|
+
"EMAIL_VERIFICATION_ERROR",
|
|
110
|
+
error instanceof Error ? error.message : "Failed to verify email",
|
|
111
|
+
500
|
|
112
|
+
);
|
|
113
|
+
}
|
|
114
|
+
};
|
|
115
|
+
const processPasswordStrategy = async (identifier) => {
|
|
116
|
+
try {
|
|
117
|
+
const retrieveUser = (0, import_actions.RetrieveUser)();
|
|
118
|
+
const { data: user, error } = await retrieveUser.getUserByEmail(identifier);
|
|
119
|
+
if (error) {
|
|
120
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
121
|
+
error.code,
|
|
122
|
+
error.message,
|
|
123
|
+
400
|
|
124
|
+
);
|
|
125
|
+
}
|
|
126
|
+
return (0, import_responses.createApiSuccessResponse)({
|
|
127
|
+
status: "needs_first_factor",
|
|
128
|
+
identifier,
|
|
129
|
+
supportedFirstFactors: [{ strategy: "password" }],
|
|
130
|
+
userId: user.uid,
|
|
131
|
+
message: "User verified. Proceed with password authentication"
|
|
132
|
+
});
|
|
133
|
+
} catch (error) {
|
|
134
|
+
if (error instanceof Error && error.message.includes("no user record")) {
|
|
135
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
136
|
+
"USER_NOT_FOUND",
|
|
137
|
+
"No user found with this identifier",
|
|
138
|
+
404
|
|
139
|
+
);
|
|
140
|
+
}
|
|
141
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
142
|
+
"USER_VERIFICATION_ERROR",
|
|
143
|
+
error instanceof Error ? error.message : "Failed to verify user",
|
|
144
|
+
500
|
|
145
|
+
);
|
|
146
|
+
}
|
|
147
|
+
};
|
|
148
|
+
const processPhoneCodeStrategy = async (phoneNumber) => {
|
|
149
|
+
try {
|
|
150
|
+
return (0, import_responses.createApiSuccessResponse)({
|
|
151
|
+
status: "needs_first_factor",
|
|
152
|
+
identifier: phoneNumber,
|
|
153
|
+
supportedFirstFactors: [{ strategy: "phone_code" }],
|
|
154
|
+
//userId: user.uid,
|
|
155
|
+
message: "User verified. Proceed with phone authentication"
|
|
156
|
+
});
|
|
157
|
+
} catch (error) {
|
|
158
|
+
if (error instanceof Error && error.message.includes("no user record")) {
|
|
159
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
160
|
+
"USER_NOT_FOUND",
|
|
161
|
+
"No user found with this phone number",
|
|
162
|
+
404
|
|
163
|
+
);
|
|
164
|
+
}
|
|
165
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
166
|
+
"PHONE_VERIFICATION_ERROR",
|
|
167
|
+
error instanceof Error ? error.message : "Failed to verify phone number",
|
|
168
|
+
500
|
|
169
|
+
);
|
|
170
|
+
}
|
|
171
|
+
};
|
|
172
|
+
const processResetPasswordStrategy = async (strategy, identifier) => {
|
|
173
|
+
try {
|
|
174
|
+
if (strategy === "reset_password_email_code") {
|
|
175
|
+
const retrieveUser = (0, import_actions.RetrieveUser)();
|
|
176
|
+
const { data: user, error } = await retrieveUser.getUserByEmail(identifier);
|
|
177
|
+
if (error) {
|
|
178
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
179
|
+
error.code,
|
|
180
|
+
error.message,
|
|
181
|
+
400
|
|
182
|
+
);
|
|
183
|
+
}
|
|
184
|
+
return (0, import_responses.createApiSuccessResponse)({
|
|
185
|
+
status: "needs_first_factor",
|
|
186
|
+
identifier,
|
|
187
|
+
strategy,
|
|
188
|
+
userId: user.uid,
|
|
189
|
+
message: "User verified. Proceed with password reset"
|
|
190
|
+
});
|
|
191
|
+
}
|
|
192
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
193
|
+
"NOT_IMPLEMENTED",
|
|
194
|
+
"Phone reset password strategy not yet implemented",
|
|
195
|
+
501
|
|
196
|
+
);
|
|
197
|
+
} catch (error) {
|
|
198
|
+
return (0, import_responses.createApiErrorResponse)(
|
|
199
|
+
"RESET_PASSWORD_ERROR",
|
|
200
|
+
error instanceof Error ? error.message : "Failed to process password reset",
|
|
201
|
+
500
|
|
202
|
+
);
|
|
203
|
+
}
|
|
204
|
+
};
|
|
205
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
206
|
+
0 && (module.exports = {
|
|
207
|
+
processEmailCodeStrategy,
|
|
208
|
+
processPasswordStrategy,
|
|
209
|
+
processPhoneCodeStrategy,
|
|
210
|
+
processResetPasswordStrategy,
|
|
211
|
+
processSignInCreate
|
|
212
|
+
});
|
|
213
|
+
//# sourceMappingURL=signInCreateHandler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/signInCreateHandler.ts"],"sourcesContent":["import type { SignInCreateParams } from '@tern-secure/types';\n\nimport { RetrieveUser } from './actions';\nimport type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport {\n createApiErrorResponse,\n createApiSuccessResponse,\n} from './responses';\n\n\nexport const processSignInCreate = async (\n context: RequestProcessorContext\n): Promise<Response> => {\n try {\n const body = await context.request.json();\n const { strategy, identifier } = body as SignInCreateParams & { identifier?: string; password?: string };\n\n if (!strategy) {\n return createApiErrorResponse(\n 'STRATEGY_REQUIRED',\n 'Authentication strategy is required',\n 400\n );\n }\n\n if (!identifier) {\n return createApiSuccessResponse({\n status: 'needs_identifier',\n strategy,\n message: 'Identifier is required to continue',\n });\n }\n\n if (strategy === 'email_code') {\n return await processEmailCodeStrategy(identifier);\n }\n\n if (strategy === 'password') {\n return await processPasswordStrategy(identifier);\n }\n\n if (strategy === 'phone_code') {\n return processPhoneCodeStrategy(identifier);\n }\n\n if (strategy === 'reset_password_email_code' || strategy === 'reset_password_phone_code') {\n return await processResetPasswordStrategy(strategy, identifier);\n }\n\n return createApiErrorResponse(\n 'INVALID_STRATEGY',\n `Unsupported authentication strategy: ${strategy}`,\n 400\n );\n } catch (error) {\n return createApiErrorResponse(\n 'SIGN_IN_CREATE_ERROR',\n error instanceof Error\n ? error.message\n : 'An error occurred while creating sign-in',\n 500\n );\n }\n};\n\n/**\n * Processes email_code strategy\n * Verifies if user exists by email and returns needs_first_factor status\n */\nexport const processEmailCodeStrategy = async (email: string): Promise<Response> => {\n try {\n const retrieveUser = RetrieveUser();\n const { data: user, error } = await retrieveUser.getUserByEmail(email);\n\n if (error) {\n return createApiErrorResponse(\n error.code,\n error.message,\n 400\n );\n }\n\n if (!user.emailVerified) {\n return createApiSuccessResponse({\n status: 'needs_email_verification',\n identifier: email,\n supportedFirstFactors: [{ strategy: 'email_code' }],\n userId: user.uid,\n message: 'Email verification required',\n });\n }\n\n return createApiSuccessResponse({\n status: 'needs_first_factor',\n identifier: email,\n supportedFirstFactors: [{ strategy: 'email_code' }],\n userId: user.uid,\n message: 'User verified. Proceed with first factor authentication',\n });\n } catch (error) {\n if (error instanceof Error && error.message.includes('no user record')) {\n return createApiErrorResponse(\n 'USER_NOT_FOUND',\n 'No user found with this email address',\n 404\n );\n }\n\n return createApiErrorResponse(\n 'EMAIL_VERIFICATION_ERROR',\n error instanceof Error ? error.message : 'Failed to verify email',\n 500\n );\n }\n};\n\n\nexport const processPasswordStrategy = async (identifier: string): Promise<Response> => {\n try {\n const retrieveUser = RetrieveUser();\n const { data: user, error } = await retrieveUser.getUserByEmail(identifier);\n\n if (error) {\n return createApiErrorResponse(\n error.code,\n error.message,\n 400\n );\n }\n\n return createApiSuccessResponse({\n status: 'needs_first_factor',\n identifier,\n supportedFirstFactors: [{ strategy: 'password' }],\n userId: user.uid,\n message: 'User verified. Proceed with password authentication',\n });\n } catch (error) {\n if (error instanceof Error && error.message.includes('no user record')) {\n return createApiErrorResponse(\n 'USER_NOT_FOUND',\n 'No user found with this identifier',\n 404\n );\n }\n\n return createApiErrorResponse(\n 'USER_VERIFICATION_ERROR',\n error instanceof Error ? error.message : 'Failed to verify user',\n 500\n );\n }\n};\n\n\nexport const processPhoneCodeStrategy = async (phoneNumber: string): Promise<Response> => {\n try {\n //const retrieveUser = RetrieveUser();\n //const { data: user, error } = await retrieveUser.getUserByPhoneNumber(phoneNumber);\n\n //if (error) {\n // return createApiErrorResponse(\n // error.code,\n // error.message,\n // 400\n // );\n // }\n\n return createApiSuccessResponse({\n status: 'needs_first_factor',\n identifier: phoneNumber,\n supportedFirstFactors: [{ strategy: 'phone_code' }],\n //userId: user.uid,\n message: 'User verified. Proceed with phone authentication',\n });\n } catch (error) {\n if (error instanceof Error && error.message.includes('no user record')) {\n return createApiErrorResponse(\n 'USER_NOT_FOUND',\n 'No user found with this phone number',\n 404\n );\n }\n\n return createApiErrorResponse(\n 'PHONE_VERIFICATION_ERROR',\n error instanceof Error ? error.message : 'Failed to verify phone number',\n 500\n );\n }\n};\n\n\nexport const processResetPasswordStrategy = async (\n strategy: 'reset_password_email_code' | 'reset_password_phone_code',\n identifier: string\n): Promise<Response> => {\n try {\n if (strategy === 'reset_password_email_code') {\n const retrieveUser = RetrieveUser();\n const { data: user, error } = await retrieveUser.getUserByEmail(identifier);\n\n if (error) {\n return createApiErrorResponse(\n error.code,\n error.message,\n 400\n );\n }\n\n return createApiSuccessResponse({\n status: 'needs_first_factor',\n identifier,\n strategy,\n userId: user.uid,\n message: 'User verified. Proceed with password reset',\n });\n }\n\n return createApiErrorResponse(\n 'NOT_IMPLEMENTED',\n 'Phone reset password strategy not yet implemented',\n 501\n );\n } catch (error) {\n return createApiErrorResponse(\n 'RESET_PASSWORD_ERROR',\n error instanceof Error ? error.message : 'Failed to process password reset',\n 500\n );\n }\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAA6B;AAE7B,uBAGO;AAGA,MAAM,sBAAsB,OACjC,YACsB;AACtB,MAAI;AACF,UAAM,OAAO,MAAM,QAAQ,QAAQ,KAAK;AACxC,UAAM,EAAE,UAAU,WAAW,IAAI;AAEjC,QAAI,CAAC,UAAU;AACb,iBAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,YAAY;AACf,iBAAO,2CAAyB;AAAA,QAC9B,QAAQ;AAAA,QACR;AAAA,QACA,SAAS;AAAA,MACX,CAAC;AAAA,IACH;AAEA,QAAI,aAAa,cAAc;AAC7B,aAAO,MAAM,yBAAyB,UAAU;AAAA,IAClD;AAEA,QAAI,aAAa,YAAY;AAC3B,aAAO,MAAM,wBAAwB,UAAU;AAAA,IACjD;AAEA,QAAI,aAAa,cAAc;AAC7B,aAAO,yBAAyB,UAAU;AAAA,IAC5C;AAEA,QAAI,aAAa,+BAA+B,aAAa,6BAA6B;AACxF,aAAO,MAAM,6BAA6B,UAAU,UAAU;AAAA,IAChE;AAEA,eAAO;AAAA,MACL;AAAA,MACA,wCAAwC,QAAQ;AAAA,MAChD;AAAA,IACF;AAAA,EACF,SAAS,OAAO;AACd,eAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QACb,MAAM,UACN;AAAA,MACJ;AAAA,IACF;AAAA,EACF;AACF;AAMO,MAAM,2BAA2B,OAAO,UAAqC;AAClF,MAAI;AACF,UAAM,mBAAe,6BAAa;AAClC,UAAM,EAAE,MAAM,MAAM,MAAM,IAAI,MAAM,aAAa,eAAe,KAAK;AAErE,QAAI,OAAO;AACT,iBAAO;AAAA,QACL,MAAM;AAAA,QACN,MAAM;AAAA,QACN;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,KAAK,eAAe;AACvB,iBAAO,2CAAyB;AAAA,QAC9B,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,uBAAuB,CAAC,EAAE,UAAU,aAAa,CAAC;AAAA,QAClD,QAAQ,KAAK;AAAA,QACb,SAAS;AAAA,MACX,CAAC;AAAA,IACH;AAEA,eAAO,2CAAyB;AAAA,MAC9B,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,uBAAuB,CAAC,EAAE,UAAU,aAAa,CAAC;AAAA,MAClD,QAAQ,KAAK;AAAA,MACb,SAAS;AAAA,IACX,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,iBAAiB,SAAS,MAAM,QAAQ,SAAS,gBAAgB,GAAG;AACtE,iBAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,eAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;AAGO,MAAM,0BAA0B,OAAO,eAA0C;AACtF,MAAI;AACF,UAAM,mBAAe,6BAAa;AAClC,UAAM,EAAE,MAAM,MAAM,MAAM,IAAI,MAAM,aAAa,eAAe,UAAU;AAE1E,QAAI,OAAO;AACT,iBAAO;AAAA,QACL,MAAM;AAAA,QACN,MAAM;AAAA,QACN;AAAA,MACF;AAAA,IACF;AAEA,eAAO,2CAAyB;AAAA,MAC9B,QAAQ;AAAA,MACR;AAAA,MACA,uBAAuB,CAAC,EAAE,UAAU,WAAW,CAAC;AAAA,MAChD,QAAQ,KAAK;AAAA,MACb,SAAS;AAAA,IACX,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,iBAAiB,SAAS,MAAM,QAAQ,SAAS,gBAAgB,GAAG;AACtE,iBAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,eAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;AAGO,MAAM,2BAA2B,OAAO,gBAA2C;AACxF,MAAI;AAYF,eAAO,2CAAyB;AAAA,MAC9B,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,uBAAuB,CAAC,EAAE,UAAU,aAAa,CAAC;AAAA;AAAA,MAElD,SAAS;AAAA,IACX,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,iBAAiB,SAAS,MAAM,QAAQ,SAAS,gBAAgB,GAAG;AACtE,iBAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,eAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;AAGO,MAAM,+BAA+B,OAC1C,UACA,eACsB;AACtB,MAAI;AACF,QAAI,aAAa,6BAA6B;AAC5C,YAAM,mBAAe,6BAAa;AAClC,YAAM,EAAE,MAAM,MAAM,MAAM,IAAI,MAAM,aAAa,eAAe,UAAU;AAE1E,UAAI,OAAO;AACT,mBAAO;AAAA,UACL,MAAM;AAAA,UACN,MAAM;AAAA,UACN;AAAA,QACF;AAAA,MACF;AAEA,iBAAO,2CAAyB;AAAA,QAC9B,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA,QAAQ,KAAK;AAAA,QACb,SAAS;AAAA,MACX,CAAC;AAAA,IACH;AAEA,eAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF,SAAS,OAAO;AACd,eAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
|
|
@@ -27,6 +27,7 @@ __export(types_exports, {
|
|
|
27
27
|
DEFAULT_SECURITY_OPTIONS: () => DEFAULT_SECURITY_OPTIONS,
|
|
28
28
|
DEFAULT_SESSIONS_CONFIG: () => DEFAULT_SESSIONS_CONFIG,
|
|
29
29
|
DEFAULT_SESSION_COOKIE_OPTIONS: () => DEFAULT_SESSION_COOKIE_OPTIONS,
|
|
30
|
+
DEFAULT_SIGNINS_CONFIG: () => DEFAULT_SIGNINS_CONFIG,
|
|
30
31
|
FIXED_TOKEN_CONFIGS: () => FIXED_TOKEN_CONFIGS
|
|
31
32
|
});
|
|
32
33
|
module.exports = __toCommonJS(types_exports);
|
|
@@ -154,6 +155,16 @@ const DEFAULT_SESSIONS_CONFIG = {
|
|
|
154
155
|
}
|
|
155
156
|
}
|
|
156
157
|
};
|
|
158
|
+
const DEFAULT_SIGNINS_CONFIG = {
|
|
159
|
+
...DEFAULT_ENDPOINT_CONFIG,
|
|
160
|
+
subEndpoints: {
|
|
161
|
+
resetPasswordEmail: {
|
|
162
|
+
enabled: true,
|
|
163
|
+
methods: ["POST"],
|
|
164
|
+
requireAuth: false
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
};
|
|
157
168
|
const DEFAULT_HANDLER_OPTIONS = {
|
|
158
169
|
cors: DEFAULT_CORS_OPTIONS,
|
|
159
170
|
cookies: DEFAULT_SESSION_COOKIE_OPTIONS,
|
|
@@ -167,7 +178,8 @@ const DEFAULT_HANDLER_OPTIONS = {
|
|
|
167
178
|
security: DEFAULT_SECURITY_OPTIONS,
|
|
168
179
|
endpoints: {
|
|
169
180
|
cookies: DEFAULT_COOKIE_REQUEST_CONFIG,
|
|
170
|
-
sessions: DEFAULT_SESSIONS_CONFIG
|
|
181
|
+
sessions: DEFAULT_SESSIONS_CONFIG,
|
|
182
|
+
signIns: DEFAULT_SIGNINS_CONFIG
|
|
171
183
|
},
|
|
172
184
|
tenantId: "",
|
|
173
185
|
revokeRefreshTokensOnSignOut: true,
|
|
@@ -223,6 +235,7 @@ class CookieUtils {
|
|
|
223
235
|
DEFAULT_SECURITY_OPTIONS,
|
|
224
236
|
DEFAULT_SESSIONS_CONFIG,
|
|
225
237
|
DEFAULT_SESSION_COOKIE_OPTIONS,
|
|
238
|
+
DEFAULT_SIGNINS_CONFIG,
|
|
226
239
|
FIXED_TOKEN_CONFIGS
|
|
227
240
|
});
|
|
228
241
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieEndpointConfig,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieEndpointConfig,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n SignInEndpointConfig,\n SignInSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_SESSION_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\nexport const DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\n\nexport const FIXED_TOKEN_CONFIGS = {\n id: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600, // 1 hour\n },\n refresh: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 30, // 30 days (changes when user events occur)\n },\n signature: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n custom: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n} as const;\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n requireCSRF: true,\n allowedReferers: [],\n requiredHeaders: {},\n ipWhitelist: [],\n userAgent: {\n block: [],\n allow: [],\n },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n enabled: true,\n methods: ['GET', 'POST'],\n requireAuth: false,\n security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_COOKIE_REQUEST_CONFIG: CookieEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n get: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n },\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n verify: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n createsession: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n },\n },\n refresh: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n revoke: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n },\n};\n\nexport const DEFAULT_SIGNINS_CONFIG: SignInEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n resetPasswordEmail: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false\n },\n },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n cors: DEFAULT_CORS_OPTIONS,\n cookies: DEFAULT_SESSION_COOKIE_OPTIONS,\n rateLimit: {\n windowMs: 15 * 60 * 1000, // 15 minutes\n maxRequests: 100,\n skipSuccessful: false,\n skipFailedRequests: false,\n },\n security: DEFAULT_SECURITY_OPTIONS,\n endpoints: {\n cookies: DEFAULT_COOKIE_REQUEST_CONFIG,\n sessions: DEFAULT_SESSIONS_CONFIG,\n signIns: DEFAULT_SIGNINS_CONFIG,\n },\n tenantId: '',\n revokeRefreshTokensOnSignOut: true,\n enableCustomToken: false,\n debug: false,\n environment: 'production',\n basePath: '/api/auth',\n};\n\nexport interface ValidationResult {\n error?: NextResponse;\n data?: any;\n}\n\nexport interface ValidationConfig {\n cors?: CorsOptions;\n security?: SecurityOptions;\n endpoint?: {\n name: AuthEndpoint;\n config: EndpointConfig;\n };\n subEndpoint?: {\n name: SessionSubEndpoint;\n config: EndpointConfig;\n };\n requireIdToken?: boolean;\n requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n isValid: boolean;\n error?: Response;\n corsResponse?: Response;\n sessionData?: {\n body: any;\n idToken?: string;\n csrfToken?: string;\n };\n}\n\nexport type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';\n\nexport class CookieUtils {\n static getCookieName(namePrefix: string, tokenType: suffix): string {\n return `${namePrefix}.${tokenType}`;\n }\n\n static getCookieNames(namePrefix: string) {\n return {\n session: this.getCookieName(namePrefix, 'session'),\n id: this.getCookieName(namePrefix, 'id'),\n refresh: this.getCookieName(namePrefix, 'refresh'),\n signature: this.getCookieName(namePrefix, 'signature'),\n custom: this.getCookieName(namePrefix, 'custom'),\n };\n }\n\n static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig {\n return {\n path: cookieOptions.path ?? '/',\n httpOnly: cookieOptions.httpOnly ?? true,\n sameSite: cookieOptions.sameSite ?? 'lax',\n maxAge: cookieOptions.maxAge ?? 3600 * 24 * 7,\n };\n }\n\n static getFixedTokenConfig(\n tokenType: Exclude<suffix, 'session'>,\n ): TokenCookieConfig {\n const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];\n\n return {\n path: fixedConfig.path,\n httpOnly: fixedConfig.httpOnly,\n sameSite: fixedConfig.sameSite,\n maxAge: fixedConfig.maxAge,\n };\n }\n\n static validateSessionMaxAge(maxAge: number): boolean {\n const minAge = 300; // 5 minutes\n const maxAgeLimit = 3600 * 24 * 14; // 2 weeks\n return maxAge >= minAge && maxAge <= maxAgeLimit;\n }\n}\n\nexport {\n AuthEndpoint,\n CookieOptions,\n CorsOptions,\n SecurityOptions,\n SessionSubEndpoint,\n EndpointConfig,\n SessionEndpointConfig,\n SignInEndpointConfig,\n SignInSubEndpoint,\n TernSecureHandlerOptions,\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAgBO,MAAM,uBAAoC;AAAA,EAC/C,gBAAgB,CAAC;AAAA,EACjB,gBAAgB,CAAC,OAAO,MAAM;AAAA,EAC9B,gBAAgB,CAAC,gBAAgB,iBAAiB,kBAAkB;AAAA,EACpE,kBAAkB;AAAA,EAClB,QAAQ;AAAA;AACV;AAEO,MAAM,iCAAgD;AAAA,EAC3D,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,EACvB,UAAU;AACZ;AAEO,MAAM,0CAAyD;AAAA,EACpE,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,EACvB,UAAU;AACZ;AAGO,MAAM,sBAAsB;AAAA,EACjC,IAAI;AAAA,IACF,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ;AAAA;AAAA,EACV;AAAA,EACA,SAAS;AAAA,IACP,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,WAAW;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AACF;AAEO,MAAM,2BAA4C;AAAA,EACvD,aAAa;AAAA,EACb,iBAAiB,CAAC;AAAA,EAClB,iBAAiB,CAAC;AAAA,EAClB,aAAa,CAAC;AAAA,EACd,WAAW;AAAA,IACT,OAAO,CAAC;AAAA,IACR,OAAO,CAAC;AAAA,EACV;AACF;AAEO,MAAM,0BAA0C;AAAA,EACrD,SAAS;AAAA,EACT,SAAS,CAAC,OAAO,MAAM;AAAA,EACvB,aAAa;AAAA,EACb,UAAU;AACZ;AAEO,MAAM,gCAAsD;AAAA,EACjE,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,KAAK;AAAA,MACH,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAAiD;AAAA,EAC5D,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,yBAA+C;AAAA,EAC1D,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,oBAAoB;AAAA,MAClB,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,IACf;AAAA,EACF;AACF;AAEO,MAAM,0BAET;AAAA,EACF,MAAM;AAAA,EACN,SAAS;AAAA,EACT,WAAW;AAAA,IACT,UAAU,KAAK,KAAK;AAAA;AAAA,IACpB,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB;AAAA,EACA,UAAU;AAAA,EACV,WAAW;AAAA,IACT,SAAS;AAAA,IACT,UAAU;AAAA,IACV,SAAS;AAAA,EACX;AAAA,EACA,UAAU;AAAA,EACV,8BAA8B;AAAA,EAC9B,mBAAmB;AAAA,EACnB,OAAO;AAAA,EACP,aAAa;AAAA,EACb,UAAU;AACZ;AAmCO,MAAM,YAAY;AAAA,EACvB,OAAO,cAAc,YAAoB,WAA2B;AAClE,WAAO,GAAG,UAAU,IAAI,SAAS;AAAA,EACnC;AAAA,EAEA,OAAO,eAAe,YAAoB;AACxC,WAAO;AAAA,MACL,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,IAAI,KAAK,cAAc,YAAY,IAAI;AAAA,MACvC,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,WAAW,KAAK,cAAc,YAAY,WAAW;AAAA,MACrD,QAAQ,KAAK,cAAc,YAAY,QAAQ;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB,eAAiD;AACvE,WAAO;AAAA,MACL,MAAM,cAAc,QAAQ;AAAA,MAC5B,UAAU,cAAc,YAAY;AAAA,MACpC,UAAU,cAAc,YAAY;AAAA,MACpC,QAAQ,cAAc,UAAU,OAAO,KAAK;AAAA,IAC9C;AAAA,EACF;AAAA,EAEA,OAAO,oBACL,WACmB;AACnB,UAAM,cAAc,oBAAoB,SAAS;AAEjD,WAAO;AAAA,MACL,MAAM,YAAY;AAAA,MAClB,UAAU,YAAY;AAAA,MACtB,UAAU,YAAY;AAAA,MACtB,QAAQ,YAAY;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,OAAO,sBAAsB,QAAyB;AACpD,UAAM,SAAS;AACf,UAAM,cAAc,OAAO,KAAK;AAChC,WAAO,UAAU,UAAU,UAAU;AAAA,EACvC;AACF;","names":[]}
|
|
@@ -26,6 +26,7 @@ var import_jsx_runtime = require("react/jsx-runtime");
|
|
|
26
26
|
var import_react = require("@tern-secure/react");
|
|
27
27
|
var import_NextOptionsCtx = require("../../boundary/NextOptionsCtx");
|
|
28
28
|
var import_allNextProviderProps = require("../../utils/allNextProviderProps");
|
|
29
|
+
var import_tern_ui_script = require("../../utils/tern-ui-script");
|
|
29
30
|
var import_useAwaitablePush = require("./useAwaitablePush");
|
|
30
31
|
var import_useAwaitableReplace = require("./useAwaitableReplace");
|
|
31
32
|
const NextClientProvider = (props) => {
|
|
@@ -43,7 +44,10 @@ const NextClientProvider = (props) => {
|
|
|
43
44
|
// @ts-expect-error Error because of the stricter types of internal `replace`
|
|
44
45
|
routerReplace: replace
|
|
45
46
|
});
|
|
46
|
-
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_NextOptionsCtx.TernNextOptionsProvider, { options: providerProps, children: /* @__PURE__ */ (0, import_jsx_runtime.
|
|
47
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_NextOptionsCtx.TernNextOptionsProvider, { options: providerProps, children: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_react.TernSecureProvider, { ...providerProps, children: [
|
|
48
|
+
children,
|
|
49
|
+
/* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_tern_ui_script.TernUIScript, { router: "app" })
|
|
50
|
+
] }) });
|
|
47
51
|
};
|
|
48
52
|
const ClientTernSecureProvider = (props) => {
|
|
49
53
|
const { children, ...rest } = props;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/client/TernSecureProvider.tsx"],"sourcesContent":["'use client';\r\n\r\nimport { TernSecureProvider as TernSecureReactProvider } from '@tern-secure/react';\r\n\r\nimport { TernNextOptionsProvider, useTernNextOptions } from '../../boundary/NextOptionsCtx';\r\nimport type { TernSecureNextProps } from '../../types';\r\nimport { allNextProviderPropsWithEnv } from '../../utils/allNextProviderProps';\r\nimport { useAwaitablePush } from './useAwaitablePush';\r\nimport { useAwaitableReplace } from './useAwaitableReplace';\r\n\r\nconst NextClientProvider = (props: TernSecureNextProps) => {\r\n const { children } = props;\r\n\r\n const push = useAwaitablePush();\r\n const replace = useAwaitableReplace();\r\n\r\n const isNested = Boolean(useTernNextOptions());\r\n if (isNested) {\r\n return props.children;\r\n }\r\n\r\n const providerProps = allNextProviderPropsWithEnv({\r\n ...props,\r\n // @ts-expect-error Error because of the stricter types of internal `push`\r\n routerPush: push,\r\n // @ts-expect-error Error because of the stricter types of internal `replace`\r\n routerReplace: replace,\r\n });\r\n return (\r\n <TernNextOptionsProvider options={providerProps}>\r\n <TernSecureReactProvider {...providerProps}
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/client/TernSecureProvider.tsx"],"sourcesContent":["'use client';\r\n\r\nimport { TernSecureProvider as TernSecureReactProvider } from '@tern-secure/react';\r\n\r\nimport { TernNextOptionsProvider, useTernNextOptions } from '../../boundary/NextOptionsCtx';\r\nimport type { TernSecureNextProps } from '../../types';\r\nimport { allNextProviderPropsWithEnv } from '../../utils/allNextProviderProps';\r\nimport { TernUIScript } from '../../utils/tern-ui-script';\r\nimport { useAwaitablePush } from './useAwaitablePush';\r\nimport { useAwaitableReplace } from './useAwaitableReplace';\r\n\r\nconst NextClientProvider = (props: TernSecureNextProps) => {\r\n const { children } = props;\r\n\r\n const push = useAwaitablePush();\r\n const replace = useAwaitableReplace();\r\n\r\n const isNested = Boolean(useTernNextOptions());\r\n if (isNested) {\r\n return props.children;\r\n }\r\n\r\n const providerProps = allNextProviderPropsWithEnv({\r\n ...props,\r\n // @ts-expect-error Error because of the stricter types of internal `push`\r\n routerPush: push,\r\n // @ts-expect-error Error because of the stricter types of internal `replace`\r\n routerReplace: replace,\r\n });\r\n return (\r\n <TernNextOptionsProvider options={providerProps}>\r\n <TernSecureReactProvider {...providerProps}>\r\n {children}\r\n <TernUIScript router=\"app\" />\r\n </TernSecureReactProvider>\r\n </TernNextOptionsProvider>\r\n );\r\n};\r\n\r\nexport const ClientTernSecureProvider = (props: TernSecureNextProps) => {\r\n const { children, ...rest } = props;\r\n return <NextClientProvider {...rest}>{children}</NextClientProvider>;\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA+BM;AA7BN,mBAA8D;AAE9D,4BAA4D;AAE5D,kCAA4C;AAC5C,4BAA6B;AAC7B,8BAAiC;AACjC,iCAAoC;AAEpC,MAAM,qBAAqB,CAAC,UAA+B;AACzD,QAAM,EAAE,SAAS,IAAI;AAErB,QAAM,WAAO,0CAAiB;AAC9B,QAAM,cAAU,gDAAoB;AAEpC,QAAM,WAAW,YAAQ,0CAAmB,CAAC;AAC7C,MAAI,UAAU;AACZ,WAAO,MAAM;AAAA,EACf;AAEA,QAAM,oBAAgB,yDAA4B;AAAA,IAChD,GAAG;AAAA;AAAA,IAEH,YAAY;AAAA;AAAA,IAEZ,eAAe;AAAA,EACjB,CAAC;AACD,SACE,4CAAC,iDAAwB,SAAS,eAChC,uDAAC,aAAAA,oBAAA,EAAyB,GAAG,eAC1B;AAAA;AAAA,IACD,4CAAC,sCAAa,QAAO,OAAM;AAAA,KAC7B,GACF;AAEJ;AAEO,MAAM,2BAA2B,CAAC,UAA+B;AACtE,QAAM,EAAE,UAAU,GAAG,KAAK,IAAI;AAC9B,SAAO,4CAAC,sBAAoB,GAAG,MAAO,UAAS;AACjD;","names":["TernSecureReactProvider"]}
|
|
@@ -18,33 +18,23 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
19
|
var components_exports = {};
|
|
20
20
|
__export(components_exports, {
|
|
21
|
-
SignInProvider: () => import_react.SignInProvider,
|
|
22
|
-
SignUpProvider: () => import_react.SignUpProvider,
|
|
23
21
|
signIn: () => import_react.signIn,
|
|
24
22
|
useAuth: () => import_PromiseAuthProvider.usePromiseAuth,
|
|
25
23
|
useIdToken: () => import_react.useIdToken,
|
|
26
24
|
useSession: () => import_react.useSession,
|
|
27
25
|
useSignIn: () => import_react.useSignIn,
|
|
28
|
-
|
|
29
|
-
useSignUp: () => import_react.useSignUp,
|
|
30
|
-
useSignUpContext: () => import_react.useSignUpContext,
|
|
31
|
-
useTernSecure: () => import_react.useTernSecure
|
|
26
|
+
useSignUp: () => import_react.useSignUp
|
|
32
27
|
});
|
|
33
28
|
module.exports = __toCommonJS(components_exports);
|
|
34
29
|
var import_react = require("@tern-secure/react");
|
|
35
30
|
var import_PromiseAuthProvider = require("./PromiseAuthProvider");
|
|
36
31
|
// Annotate the CommonJS export names for ESM import in node:
|
|
37
32
|
0 && (module.exports = {
|
|
38
|
-
SignInProvider,
|
|
39
|
-
SignUpProvider,
|
|
40
33
|
signIn,
|
|
41
34
|
useAuth,
|
|
42
35
|
useIdToken,
|
|
43
36
|
useSession,
|
|
44
37
|
useSignIn,
|
|
45
|
-
|
|
46
|
-
useSignUp,
|
|
47
|
-
useSignUpContext,
|
|
48
|
-
useTernSecure
|
|
38
|
+
useSignUp
|
|
49
39
|
});
|
|
50
40
|
//# sourceMappingURL=components.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/boundary/components.ts"],"sourcesContent":["export { \n useIdToken,\n useSession,\n useSignIn,\n useSignUp,\n
|
|
1
|
+
{"version":3,"sources":["../../../src/boundary/components.ts"],"sourcesContent":["export { \n useIdToken,\n useSession,\n useSignIn,\n useSignUp,\n signIn,\n} from '@tern-secure/react';\n\nexport { usePromiseAuth as useAuth } from './PromiseAuthProvider';"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAMO;AAEP,iCAA0C;","names":[]}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
"use client";
|
|
3
|
+
var __defProp = Object.defineProperty;
|
|
4
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
7
|
+
var __export = (target, all) => {
|
|
8
|
+
for (var name in all)
|
|
9
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
10
|
+
};
|
|
11
|
+
var __copyProps = (to, from, except, desc) => {
|
|
12
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
13
|
+
for (let key of __getOwnPropNames(from))
|
|
14
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
15
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
16
|
+
}
|
|
17
|
+
return to;
|
|
18
|
+
};
|
|
19
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
20
|
+
var uiComponents_exports = {};
|
|
21
|
+
__export(uiComponents_exports, {
|
|
22
|
+
SignIn: () => SignIn,
|
|
23
|
+
SignUp: () => SignUp,
|
|
24
|
+
UserButton: () => import_react2.UserButton
|
|
25
|
+
});
|
|
26
|
+
module.exports = __toCommonJS(uiComponents_exports);
|
|
27
|
+
var import_jsx_runtime = require("react/jsx-runtime");
|
|
28
|
+
var import_react = require("@tern-secure/react");
|
|
29
|
+
var import_react2 = require("@tern-secure/react");
|
|
30
|
+
const SignIn = (props) => {
|
|
31
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_react.SignIn, { ...props });
|
|
32
|
+
};
|
|
33
|
+
const SignUp = (props) => {
|
|
34
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_react.SignUp, { ...props });
|
|
35
|
+
};
|
|
36
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
37
|
+
0 && (module.exports = {
|
|
38
|
+
SignIn,
|
|
39
|
+
SignUp,
|
|
40
|
+
UserButton
|
|
41
|
+
});
|
|
42
|
+
//# sourceMappingURL=uiComponents.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/components/uiComponents.tsx"],"sourcesContent":["'use client'\n\nimport { \n SignIn as BaseSignIn,\n SignUp as BaseSignUp,\n} from '@tern-secure/react'\nimport type { ComponentProps } from 'react';\n\nexport {\n UserButton\n} from '@tern-secure/react';\n\nexport const SignIn = (props: ComponentProps<typeof BaseSignIn>) => {\n return <BaseSignIn {...props} />;\n};\n\nexport const SignUp = (props: ComponentProps<typeof BaseSignUp>) => {\n return <BaseSignUp {...props} />; \n};"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAaS;AAXT,mBAGO;AAGP,IAAAA,gBAEO;AAEA,MAAM,SAAS,CAAC,UAA6C;AAClE,SAAO,4CAAC,aAAAC,QAAA,EAAY,GAAG,OAAO;AAChC;AAEO,MAAM,SAAS,CAAC,UAA6C;AAClE,SAAO,4CAAC,aAAAC,QAAA,EAAY,GAAG,OAAO;AAChC;","names":["import_react","BaseSignIn","BaseSignUp"]}
|
package/dist/cjs/index.js
CHANGED
|
@@ -18,35 +18,32 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
19
|
var index_exports = {};
|
|
20
20
|
__export(index_exports, {
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
SignIn: () => import_uiComponents.SignIn,
|
|
22
|
+
SignUp: () => import_uiComponents.SignUp,
|
|
23
23
|
TernSecureProvider: () => import_TernSecureProvider.TernSecureProvider,
|
|
24
|
+
UserButton: () => import_uiComponents.UserButton,
|
|
24
25
|
signIn: () => import_components.signIn,
|
|
25
26
|
useAuth: () => import_components.useAuth,
|
|
26
27
|
useIdToken: () => import_components.useIdToken,
|
|
27
28
|
useSession: () => import_components.useSession,
|
|
28
29
|
useSignIn: () => import_components.useSignIn,
|
|
29
|
-
|
|
30
|
-
useSignUp: () => import_components.useSignUp,
|
|
31
|
-
useSignUpContext: () => import_components.useSignUpContext,
|
|
32
|
-
useTernSecure: () => import_components.useTernSecure
|
|
30
|
+
useSignUp: () => import_components.useSignUp
|
|
33
31
|
});
|
|
34
32
|
module.exports = __toCommonJS(index_exports);
|
|
35
33
|
var import_TernSecureProvider = require("./app-router/server/TernSecureProvider");
|
|
36
34
|
var import_components = require("./boundary/components");
|
|
35
|
+
var import_uiComponents = require("./components/uiComponents");
|
|
37
36
|
// Annotate the CommonJS export names for ESM import in node:
|
|
38
37
|
0 && (module.exports = {
|
|
39
|
-
|
|
40
|
-
|
|
38
|
+
SignIn,
|
|
39
|
+
SignUp,
|
|
41
40
|
TernSecureProvider,
|
|
41
|
+
UserButton,
|
|
42
42
|
signIn,
|
|
43
43
|
useAuth,
|
|
44
44
|
useIdToken,
|
|
45
45
|
useSession,
|
|
46
46
|
useSignIn,
|
|
47
|
-
|
|
48
|
-
useSignUp,
|
|
49
|
-
useSignUpContext,
|
|
50
|
-
useTernSecure
|
|
47
|
+
useSignUp
|
|
51
48
|
});
|
|
52
49
|
//# sourceMappingURL=index.js.map
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureProvider } from './app-router/server/TernSecureProvider';\r\nexport {\r\n useAuth,\r\n useIdToken,\r\n useSession,\r\n useSignIn,\r\n useSignUp,\r\n signIn,\r\n
|
|
1
|
+
{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureProvider } from './app-router/server/TernSecureProvider';\r\nexport {\r\n useAuth,\r\n useIdToken,\r\n useSession,\r\n useSignIn,\r\n useSignUp,\r\n signIn,\r\n} from './boundary/components';\r\n\r\nexport {\r\n SignIn,\r\n SignUp,\r\n UserButton,\r\n} from './components/uiComponents'\r\n\r\nexport type {\r\n TernSecureUser,\r\n SignInResponse,\r\n SignUpResponse,\r\n SocialProviderOptions,\r\n} from '@tern-secure/types';\r\n\r\nexport type { UserInfo, SessionResult } from './types';\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gCAAmC;AACnC,wBAOO;AAEP,0BAIO;","names":[]}
|
|
@@ -65,6 +65,7 @@ async function getTernSecureAuthData(req, initialState = {}) {
|
|
|
65
65
|
async function getAuthDataFromRequest(req) {
|
|
66
66
|
const authStatus = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthStatus");
|
|
67
67
|
const authToken = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthToken");
|
|
68
|
+
const appCheckToken = (0, import_headers_utils.getHeader)(req, "X-Firebase-AppCheck");
|
|
68
69
|
if (!authStatus || authStatus !== import_backend.AuthStatus.SignedIn) {
|
|
69
70
|
return {
|
|
70
71
|
...(0, import_backend.signedOutAuthObject)(),
|
|
@@ -72,7 +73,11 @@ async function getAuthDataFromRequest(req) {
|
|
|
72
73
|
userId: null
|
|
73
74
|
};
|
|
74
75
|
}
|
|
75
|
-
const firebaseUser = await authenticateRequest(
|
|
76
|
+
const firebaseUser = await authenticateRequest(
|
|
77
|
+
authToken,
|
|
78
|
+
req,
|
|
79
|
+
appCheckToken
|
|
80
|
+
);
|
|
76
81
|
if (!firebaseUser || !firebaseUser.claims) {
|
|
77
82
|
return {
|
|
78
83
|
...(0, import_backend.signedOutAuthObject)(),
|
|
@@ -87,7 +92,7 @@ async function getAuthDataFromRequest(req) {
|
|
|
87
92
|
user: user || null
|
|
88
93
|
};
|
|
89
94
|
}
|
|
90
|
-
const authenticateRequest = async (token, request) => {
|
|
95
|
+
const authenticateRequest = async (token, request, appCheckToken) => {
|
|
91
96
|
try {
|
|
92
97
|
const origin = new URL(request.url).origin;
|
|
93
98
|
const requestHeaders = new Headers(request.headers);
|
|
@@ -109,6 +114,7 @@ const authenticateRequest = async (token, request) => {
|
|
|
109
114
|
config,
|
|
110
115
|
{
|
|
111
116
|
authIdToken: token,
|
|
117
|
+
appCheckToken,
|
|
112
118
|
releaseOnDeref: mockRequest
|
|
113
119
|
}
|
|
114
120
|
);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject } from '@tern-secure/backend';\nimport { AuthStatus, signedInAuthObject, signedOutAuthObject } from '@tern-secure/backend';\nimport { ternDecodeJwt } from '@tern-secure/backend/jwt';\nimport type { ParsedToken, TernSecureConfig, TernSecureUser } from '@tern-secure/types';\nimport type { FirebaseServerApp } from \"firebase/app\";\nimport { initializeServerApp } from \"firebase/app\";\nimport type { Auth } from \"firebase/auth\";\nimport { getAuth } from \"firebase/auth\";\n\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\nimport type { RequestLike } from '../../server/types';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MEASUREMENT_ID,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET\n} from \"../constant\";\n\n\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const authObjectToSerializableJwt = <T extends Record<string, unknown>>(obj: T): T => {\n // remove any non-serializable props from the returned object\n\n const { require, ...rest } = obj as unknown as AuthObject;\n return rest as unknown as T;\n};\n\nexport function getTernSecureAuthDataJwt(req: RequestLike, initialState = {}) {\n const authObject = getAuthDataFromRequestJwt(req);\n return authObjectToSerializable({ ...initialState, ...authObject });\n}\n\nexport function getAuthDataFromRequestJwt(req: RequestLike): AuthObject {\n const authStatus = getAuthKeyFromRequest(req, 'AuthStatus');\n const authToken = getAuthKeyFromRequest(req, 'AuthToken');\n const authSignature = getAuthKeyFromRequest(req, 'AuthSignature');\n const authReason = getAuthKeyFromRequest(req, 'AuthReason');\n\n let authObject;\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n authObject = signedOutAuthObject();\n } else {\n const jwt = ternDecodeJwt(authToken as string);\n\n authObject = signedInAuthObject(jwt.raw.text, jwt.payload);\n }\n return authObject;\n}\n\n\nexport type SerializableTernSecureUser = Omit<TernSecureUser, 'delete' | 'getIdToken' | 'getIdTokenResult' | 'reload' | 'toJSON'>;\n\nexport type Aobj = {\n user: SerializableTernSecureUser | null\n userId: string | null\n}\n\n\n// Serializable auth object type\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const authObjectToSerializable = <T extends Record<string, unknown>>(\n obj: T\n): T => {\n // remove any non-serializable props from the returned object\n\n const { require, ...rest } = obj as unknown as AuthObject;\n return rest as unknown as T;\n};\n\nexport async function getTernSecureAuthData(\n req: RequestLike,\n initialState = {}\n) {\n const authObject = await getAuthDataFromRequest(req);\n return authObjectToSerializable({ ...initialState, ...authObject });\n}\n\nexport async function getAuthDataFromRequest(req: RequestLike): Promise<AuthObject & Aobj> {\n const authStatus = getAuthKeyFromRequest(req, \"AuthStatus\");\n const authToken = getAuthKeyFromRequest(req, \"AuthToken\");\n\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n return {\n ...signedOutAuthObject(),\n user: null,\n userId: null\n }\n }\n\n const firebaseUser = await authenticateRequest(authToken as string, req as any);\n if (!firebaseUser || !firebaseUser.claims) {\n return {\n ...signedOutAuthObject(),\n user: null,\n userId: null\n }\n }\n const { user, claims } = firebaseUser;\n const authObject = signedInAuthObject(authToken as string, claims as any);\n return {\n ...authObject,\n user: user || null,\n };\n}\n\nconst authenticateRequest = async (\n token: string,\n request: Request\n): Promise<{ user: SerializableTernSecureUser; claims: ParsedToken } | null> => {\n try {\n const origin = new URL(request.url).origin;\n\n const requestHeaders = new Headers(request.headers);\n requestHeaders.set(\"referer\", origin);\n requestHeaders.set(\"Referer\", origin);\n\n const mockRequest = {\n headers: requestHeaders,\n };\n\n const config: TernSecureConfig = {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n measurementId: FIREBASE_MEASUREMENT_ID,\n };\n\n const firebaseServerApp: FirebaseServerApp = initializeServerApp(\n config,\n {\n authIdToken: token,\n releaseOnDeref: mockRequest,\n }\n );\n\n const auth: Auth = getAuth(firebaseServerApp);\n await auth.authStateReady();\n\n if (auth.currentUser) {\n const idTokenResult = await auth.currentUser.getIdTokenResult();\n const claims = idTokenResult.claims;\n\n const userObj: SerializableTernSecureUser = {\n uid: auth.currentUser.uid,\n email: auth.currentUser.email,\n emailVerified: auth.currentUser.emailVerified,\n displayName: auth.currentUser.displayName,\n isAnonymous: auth.currentUser.isAnonymous,\n phoneNumber: auth.currentUser.phoneNumber,\n photoURL: auth.currentUser.photoURL,\n providerId: auth.currentUser.providerId,\n tenantId: auth.currentUser.tenantId,\n refreshToken: auth.currentUser.refreshToken,\n metadata: {\n creationTime: auth.currentUser.metadata.creationTime,\n lastSignInTime: auth.currentUser.metadata.lastSignInTime,\n },\n providerData: auth.currentUser.providerData.map((provider) => ({\n uid: provider.uid,\n displayName: provider.displayName,\n email: provider.email,\n phoneNumber: provider.phoneNumber,\n photoURL: provider.photoURL,\n providerId: provider.providerId,\n })),\n };\n\n return { user: userObj, claims };\n }\n\n return null;\n } catch (error) {\n return null;\n }\n};\n\nexport { TernSecureUser }\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAAoE;AACpE,iBAA8B;AAG9B,iBAAoC;AAEpC,kBAAwB;AAExB,
|
|
1
|
+
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject } from '@tern-secure/backend';\nimport { AuthStatus, signedInAuthObject, signedOutAuthObject } from '@tern-secure/backend';\nimport { ternDecodeJwt } from '@tern-secure/backend/jwt';\nimport type { ParsedToken, TernSecureConfig, TernSecureUser } from '@tern-secure/types';\nimport type { FirebaseServerApp } from \"firebase/app\";\nimport { initializeServerApp } from \"firebase/app\";\nimport type { Auth } from \"firebase/auth\";\nimport { getAuth } from \"firebase/auth\";\n\nimport { getAuthKeyFromRequest, getHeader } from '../../server/headers-utils';\nimport type { RequestLike } from '../../server/types';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MEASUREMENT_ID,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET\n} from \"../constant\";\n\n\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const authObjectToSerializableJwt = <T extends Record<string, unknown>>(obj: T): T => {\n // remove any non-serializable props from the returned object\n\n const { require, ...rest } = obj as unknown as AuthObject;\n return rest as unknown as T;\n};\n\nexport function getTernSecureAuthDataJwt(req: RequestLike, initialState = {}) {\n const authObject = getAuthDataFromRequestJwt(req);\n return authObjectToSerializable({ ...initialState, ...authObject });\n}\n\nexport function getAuthDataFromRequestJwt(req: RequestLike): AuthObject {\n const authStatus = getAuthKeyFromRequest(req, 'AuthStatus');\n const authToken = getAuthKeyFromRequest(req, 'AuthToken');\n const authSignature = getAuthKeyFromRequest(req, 'AuthSignature');\n const authReason = getAuthKeyFromRequest(req, 'AuthReason');\n\n let authObject;\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n authObject = signedOutAuthObject();\n } else {\n const jwt = ternDecodeJwt(authToken as string);\n\n authObject = signedInAuthObject(jwt.raw.text, jwt.payload);\n }\n return authObject;\n}\n\n\nexport type SerializableTernSecureUser = Omit<TernSecureUser, 'delete' | 'getIdToken' | 'getIdTokenResult' | 'reload' | 'toJSON'>;\n\nexport type Aobj = {\n user: SerializableTernSecureUser | null\n userId: string | null\n}\n\n\n// Serializable auth object type\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const authObjectToSerializable = <T extends Record<string, unknown>>(\n obj: T\n): T => {\n // remove any non-serializable props from the returned object\n\n const { require, ...rest } = obj as unknown as AuthObject;\n return rest as unknown as T;\n};\n\nexport async function getTernSecureAuthData(\n req: RequestLike,\n initialState = {}\n) {\n const authObject = await getAuthDataFromRequest(req);\n return authObjectToSerializable({ ...initialState, ...authObject });\n}\n\nexport async function getAuthDataFromRequest(req: RequestLike): Promise<AuthObject & Aobj> {\n const authStatus = getAuthKeyFromRequest(req, \"AuthStatus\");\n const authToken = getAuthKeyFromRequest(req, \"AuthToken\");\n const appCheckToken = getHeader(req, \"X-Firebase-AppCheck\");\n\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n return {\n ...signedOutAuthObject(),\n user: null,\n userId: null\n }\n }\n\n const firebaseUser = await authenticateRequest(\n authToken as string, \n req as any, \n appCheckToken as string | undefined\n );\n if (!firebaseUser || !firebaseUser.claims) {\n return {\n ...signedOutAuthObject(),\n user: null,\n userId: null\n }\n }\n const { user, claims } = firebaseUser;\n const authObject = signedInAuthObject(authToken as string, claims as any);\n return {\n ...authObject,\n user: user || null,\n };\n}\n\nconst authenticateRequest = async (\n token: string,\n request: Request,\n appCheckToken?: string\n): Promise<{ user: SerializableTernSecureUser; claims: ParsedToken } | null> => {\n try {\n //console.log(\"[getAuthDataFromRequest] App Check Token:\", appCheckToken);\n const origin = new URL(request.url).origin;\n\n const requestHeaders = new Headers(request.headers);\n requestHeaders.set(\"referer\", origin);\n requestHeaders.set(\"Referer\", origin);\n\n const mockRequest = {\n headers: requestHeaders,\n };\n\n const config: TernSecureConfig = {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n measurementId: FIREBASE_MEASUREMENT_ID,\n };\n\n const firebaseServerApp: FirebaseServerApp = initializeServerApp(\n config,\n {\n authIdToken: token,\n appCheckToken: appCheckToken,\n releaseOnDeref: mockRequest,\n }\n );\n\n const auth: Auth = getAuth(firebaseServerApp);\n await auth.authStateReady();\n\n if (auth.currentUser) {\n const idTokenResult = await auth.currentUser.getIdTokenResult();\n const claims = idTokenResult.claims;\n\n const userObj: SerializableTernSecureUser = {\n uid: auth.currentUser.uid,\n email: auth.currentUser.email,\n emailVerified: auth.currentUser.emailVerified,\n displayName: auth.currentUser.displayName,\n isAnonymous: auth.currentUser.isAnonymous,\n phoneNumber: auth.currentUser.phoneNumber,\n photoURL: auth.currentUser.photoURL,\n providerId: auth.currentUser.providerId,\n tenantId: auth.currentUser.tenantId,\n refreshToken: auth.currentUser.refreshToken,\n metadata: {\n creationTime: auth.currentUser.metadata.creationTime,\n lastSignInTime: auth.currentUser.metadata.lastSignInTime,\n },\n providerData: auth.currentUser.providerData.map((provider) => ({\n uid: provider.uid,\n displayName: provider.displayName,\n email: provider.email,\n phoneNumber: provider.phoneNumber,\n photoURL: provider.photoURL,\n providerId: provider.providerId,\n })),\n };\n\n return { user: userObj, claims };\n }\n\n return null;\n } catch (error) {\n return null;\n }\n};\n\nexport { TernSecureUser }\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAAoE;AACpE,iBAA8B;AAG9B,iBAAoC;AAEpC,kBAAwB;AAExB,2BAAiD;AAEjD,sBAQO;AAWA,MAAM,8BAA8B,CAAoC,QAAc;AAG3F,QAAM,EAAE,SAAAA,UAAS,GAAG,KAAK,IAAI;AAC7B,SAAO;AACT;AAEO,SAAS,yBAAyB,KAAkB,eAAe,CAAC,GAAG;AAC5E,QAAM,aAAa,0BAA0B,GAAG;AAChD,SAAO,yBAAyB,EAAE,GAAG,cAAc,GAAG,WAAW,CAAC;AACpE;AAEO,SAAS,0BAA0B,KAA8B;AACtE,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAC1D,QAAM,gBAAY,4CAAsB,KAAK,WAAW;AACxD,QAAM,oBAAgB,4CAAsB,KAAK,eAAe;AAChE,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAE1D,MAAI;AACJ,MAAI,CAAC,cAAc,eAAe,0BAAW,UAAU;AACrD,qBAAa,oCAAoB;AAAA,EACnC,OAAO;AACL,UAAM,UAAM,0BAAc,SAAmB;AAE7C,qBAAa,mCAAmB,IAAI,IAAI,MAAM,IAAI,OAAO;AAAA,EAC3D;AACA,SAAO;AACT;AAoBO,MAAM,2BAA2B,CACtC,QACM;AAGN,QAAM,EAAE,SAAAA,UAAS,GAAG,KAAK,IAAI;AAC7B,SAAO;AACT;AAEA,eAAsB,sBACpB,KACA,eAAe,CAAC,GAChB;AACA,QAAM,aAAa,MAAM,uBAAuB,GAAG;AACnD,SAAO,yBAAyB,EAAE,GAAG,cAAc,GAAG,WAAW,CAAC;AACpE;AAEA,eAAsB,uBAAuB,KAA8C;AACzF,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAC1D,QAAM,gBAAY,4CAAsB,KAAK,WAAW;AACxD,QAAM,oBAAgB,gCAAU,KAAK,qBAAqB;AAE1D,MAAI,CAAC,cAAc,eAAe,0BAAW,UAAU;AACrD,WAAO;AAAA,MACL,OAAG,oCAAoB;AAAA,MACvB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,QAAM,eAAe,MAAM;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI,CAAC,gBAAgB,CAAC,aAAa,QAAQ;AACzC,WAAO;AAAA,MACL,OAAG,oCAAoB;AAAA,MACvB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,EACF;AACA,QAAM,EAAE,MAAM,OAAO,IAAI;AACzB,QAAM,iBAAa,mCAAmB,WAAqB,MAAa;AACxE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,MAAM,QAAQ;AAAA,EAChB;AACF;AAEA,MAAM,sBAAsB,OAC1B,OACA,SACA,kBAC8E;AAC9E,MAAI;AAEF,UAAM,SAAS,IAAI,IAAI,QAAQ,GAAG,EAAE;AAEpC,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAClD,mBAAe,IAAI,WAAW,MAAM;AACpC,mBAAe,IAAI,WAAW,MAAM;AAEpC,UAAM,cAAc;AAAA,MAClB,SAAS;AAAA,IACX;AAEA,UAAM,SAA2B;AAAA,MAC/B,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,MACf,mBAAmB;AAAA,MACnB,OAAO;AAAA,MACP,eAAe;AAAA,IACjB;AAEA,UAAM,wBAAuC;AAAA,MAC3C;AAAA,MACA;AAAA,QACE,aAAa;AAAA,QACb;AAAA,QACA,gBAAgB;AAAA,MAClB;AAAA,IACF;AAEA,UAAM,WAAa,qBAAQ,iBAAiB;AAC5C,UAAM,KAAK,eAAe;AAE1B,QAAI,KAAK,aAAa;AACpB,YAAM,gBAAgB,MAAM,KAAK,YAAY,iBAAiB;AAC9D,YAAM,SAAS,cAAc;AAE7B,YAAM,UAAsC;AAAA,QAC1C,KAAK,KAAK,YAAY;AAAA,QACtB,OAAO,KAAK,YAAY;AAAA,QACxB,eAAe,KAAK,YAAY;AAAA,QAChC,aAAa,KAAK,YAAY;AAAA,QAC9B,aAAa,KAAK,YAAY;AAAA,QAC9B,aAAa,KAAK,YAAY;AAAA,QAC9B,UAAU,KAAK,YAAY;AAAA,QAC3B,YAAY,KAAK,YAAY;AAAA,QAC7B,UAAU,KAAK,YAAY;AAAA,QAC3B,cAAc,KAAK,YAAY;AAAA,QAC/B,UAAU;AAAA,UACR,cAAc,KAAK,YAAY,SAAS;AAAA,UACxC,gBAAgB,KAAK,YAAY,SAAS;AAAA,QAC5C;AAAA,QACA,cAAc,KAAK,YAAY,aAAa,IAAI,CAAC,cAAc;AAAA,UAC7D,KAAK,SAAS;AAAA,UACd,aAAa,SAAS;AAAA,UACtB,OAAO,SAAS;AAAA,UAChB,aAAa,SAAS;AAAA,UACtB,UAAU,SAAS;AAAA,UACnB,YAAY,SAAS;AAAA,QACvB,EAAE;AAAA,MACJ;AAEA,aAAO,EAAE,MAAM,SAAS,OAAO;AAAA,IACjC;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;","names":["require"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export {
|
|
1
|
+
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export { ternSecureProxy } from \"./ternSecureProxy\";\r\nexport { ternSecureInstrumentation } from \"./instrumentation\";\r\nexport { createRouteMatcher } from \"./routeMatcher\";\r\nexport { ternSecureBackendClient } from \"./ternsecureClient\";\r\nexport {\r\n auth\r\n} from \"../app-router/server/auth\";\r\nexport type { AuthResult } from \"../app-router/server/auth\";\r\nexport type { BaseUser, SessionResult } from \"./types\";\r\nexport { NextCookieStore } from \"../utils/NextCookieAdapter\";\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,6BAAgC;AAChC,6BAA0C;AAC1C,0BAAmC;AACnC,8BAAwC;AACxC,kBAEO;AAGP,+BAAgC;","names":[]}
|