@tern-secure/nextjs 5.2.0-canary.v20251127221555 → 5.2.0-canary.v20251202162458

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/dist/cjs/__tests__/gemini_fnTernSecureNextHandler.bench.js +2 -2
  2. package/dist/cjs/__tests__/gemini_fnTernSecureNextHandler.bench.js.map +1 -1
  3. package/dist/cjs/app-router/admin/actions.js.map +1 -1
  4. package/dist/cjs/app-router/admin/endpointRouter.js +4 -13
  5. package/dist/cjs/app-router/admin/endpointRouter.js.map +1 -1
  6. package/dist/cjs/app-router/admin/{sessionHandlers.js → handlers.js} +16 -115
  7. package/dist/cjs/app-router/admin/handlers.js.map +1 -0
  8. package/dist/cjs/app-router/admin/index.js.map +1 -1
  9. package/dist/cjs/app-router/admin/request.js +1 -8
  10. package/dist/cjs/app-router/admin/request.js.map +1 -1
  11. package/dist/cjs/app-router/admin/signInCreateHandler.js.map +1 -1
  12. package/dist/cjs/app-router/admin/ternsecureNextjsHandler.js +7 -17
  13. package/dist/cjs/app-router/admin/ternsecureNextjsHandler.js.map +1 -1
  14. package/dist/cjs/app-router/admin/types.js +9 -0
  15. package/dist/cjs/app-router/admin/types.js.map +1 -1
  16. package/dist/cjs/app-router/admin/validators.js +96 -171
  17. package/dist/cjs/app-router/admin/validators.js.map +1 -1
  18. package/dist/cjs/app-router/server/TernSecureProvider.js +18 -0
  19. package/dist/cjs/app-router/server/TernSecureProvider.js.map +1 -1
  20. package/dist/cjs/server/constant.js +6 -0
  21. package/dist/cjs/server/constant.js.map +1 -1
  22. package/dist/cjs/server/data/getAuthDataFromRequest.js +16 -9
  23. package/dist/cjs/server/data/getAuthDataFromRequest.js.map +1 -1
  24. package/dist/cjs/server/headers-utils.js +3 -3
  25. package/dist/cjs/server/headers-utils.js.map +1 -1
  26. package/dist/cjs/server/protect.js +2 -2
  27. package/dist/cjs/server/protect.js.map +1 -1
  28. package/dist/cjs/server/proxy-storage.js +33 -0
  29. package/dist/cjs/server/proxy-storage.js.map +1 -0
  30. package/dist/cjs/server/ternSecureProxy.js +6 -17
  31. package/dist/cjs/server/ternSecureProxy.js.map +1 -1
  32. package/dist/cjs/server/utils.js +16 -4
  33. package/dist/cjs/server/utils.js.map +1 -1
  34. package/dist/esm/__tests__/gemini_fnTernSecureNextHandler.bench.js +1 -1
  35. package/dist/esm/__tests__/gemini_fnTernSecureNextHandler.bench.js.map +1 -1
  36. package/dist/esm/app-router/admin/actions.js.map +1 -1
  37. package/dist/esm/app-router/admin/endpointRouter.js +3 -12
  38. package/dist/esm/app-router/admin/endpointRouter.js.map +1 -1
  39. package/dist/esm/app-router/admin/{sessionHandlers.js → handlers.js} +18 -110
  40. package/dist/esm/app-router/admin/handlers.js.map +1 -0
  41. package/dist/esm/app-router/admin/index.js.map +1 -1
  42. package/dist/esm/app-router/admin/request.js +2 -14
  43. package/dist/esm/app-router/admin/request.js.map +1 -1
  44. package/dist/esm/app-router/admin/signInCreateHandler.js.map +1 -1
  45. package/dist/esm/app-router/admin/ternsecureNextjsHandler.js +9 -19
  46. package/dist/esm/app-router/admin/ternsecureNextjsHandler.js.map +1 -1
  47. package/dist/esm/app-router/admin/types.js +8 -0
  48. package/dist/esm/app-router/admin/types.js.map +1 -1
  49. package/dist/esm/app-router/admin/validators.js +88 -166
  50. package/dist/esm/app-router/admin/validators.js.map +1 -1
  51. package/dist/esm/app-router/server/TernSecureProvider.js +19 -1
  52. package/dist/esm/app-router/server/TernSecureProvider.js.map +1 -1
  53. package/dist/esm/server/constant.js +4 -0
  54. package/dist/esm/server/constant.js.map +1 -1
  55. package/dist/esm/server/data/getAuthDataFromRequest.js +18 -11
  56. package/dist/esm/server/data/getAuthDataFromRequest.js.map +1 -1
  57. package/dist/esm/server/headers-utils.js +2 -2
  58. package/dist/esm/server/headers-utils.js.map +1 -1
  59. package/dist/esm/server/protect.js +2 -2
  60. package/dist/esm/server/protect.js.map +1 -1
  61. package/dist/esm/server/proxy-storage.js +8 -0
  62. package/dist/esm/server/proxy-storage.js.map +1 -0
  63. package/dist/esm/server/ternSecureProxy.js +11 -18
  64. package/dist/esm/server/ternSecureProxy.js.map +1 -1
  65. package/dist/esm/server/utils.js +16 -4
  66. package/dist/esm/server/utils.js.map +1 -1
  67. package/dist/types/app-router/admin/actions.d.ts +2 -2
  68. package/dist/types/app-router/admin/actions.d.ts.map +1 -1
  69. package/dist/types/app-router/admin/endpointRouter.d.ts +4 -4
  70. package/dist/types/app-router/admin/endpointRouter.d.ts.map +1 -1
  71. package/dist/types/app-router/admin/handlers.d.ts +5 -0
  72. package/dist/types/app-router/admin/handlers.d.ts.map +1 -0
  73. package/dist/types/app-router/admin/index.d.ts +1 -1
  74. package/dist/types/app-router/admin/index.d.ts.map +1 -1
  75. package/dist/types/app-router/admin/request.d.ts +2 -2
  76. package/dist/types/app-router/admin/request.d.ts.map +1 -1
  77. package/dist/types/app-router/admin/signInCreateHandler.d.ts +1 -1
  78. package/dist/types/app-router/admin/signInCreateHandler.d.ts.map +1 -1
  79. package/dist/types/app-router/admin/ternsecureNextjsHandler.d.ts +6 -2
  80. package/dist/types/app-router/admin/ternsecureNextjsHandler.d.ts.map +1 -1
  81. package/dist/types/app-router/admin/types.d.ts +24 -2
  82. package/dist/types/app-router/admin/types.d.ts.map +1 -1
  83. package/dist/types/app-router/admin/validators.d.ts +36 -33
  84. package/dist/types/app-router/admin/validators.d.ts.map +1 -1
  85. package/dist/types/app-router/server/TernSecureProvider.d.ts.map +1 -1
  86. package/dist/types/server/constant.d.ts +2 -0
  87. package/dist/types/server/constant.d.ts.map +1 -1
  88. package/dist/types/server/data/getAuthDataFromRequest.d.ts.map +1 -1
  89. package/dist/types/server/headers-utils.d.ts +1 -1
  90. package/dist/types/server/headers-utils.d.ts.map +1 -1
  91. package/dist/types/server/proxy-storage.d.ts +5 -0
  92. package/dist/types/server/proxy-storage.d.ts.map +1 -0
  93. package/dist/types/server/ternSecureProxy.d.ts +1 -3
  94. package/dist/types/server/ternSecureProxy.d.ts.map +1 -1
  95. package/dist/types/server/utils.d.ts +2 -2
  96. package/dist/types/server/utils.d.ts.map +1 -1
  97. package/package.json +5 -5
  98. package/dist/cjs/app-router/admin/sessionHandlers.js.map +0 -1
  99. package/dist/esm/app-router/admin/sessionHandlers.js.map +0 -1
  100. package/dist/types/app-router/admin/sessionHandlers.d.ts +0 -7
  101. package/dist/types/app-router/admin/sessionHandlers.d.ts.map +0 -1
package/dist/types/app-router/admin/endpointRouter.d.ts CHANGED
@@ -1,12 +1,12 @@
1
- import type { RequestProcessorContext } from './c-authenticateRequestProcessor';
2
- import type { AuthEndpoint, TernSecureHandlerOptions } from './types';
1
+ import type { AuthenticateRequestOptions, RequestProcessorContext } from '@tern-secure/backend';
2
+ import type { AuthEndpoint } from '@tern-secure/types';
3
3
  export interface EndpointHandler {
4
4
  canHandle(endpoint: AuthEndpoint): boolean;
5
- handle(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;
5
+ handle(context: RequestProcessorContext, config: AuthenticateRequestOptions): Promise<Response>;
6
6
  }
7
7
  export declare class EndpointRouter {
8
8
  private static readonly handlers;
9
- static route(context: RequestProcessorContext, config: TernSecureHandlerOptions): Promise<Response>;
9
+ static route(context: RequestProcessorContext, config: AuthenticateRequestOptions): Promise<Response>;
10
10
  static addHandler(handler: EndpointHandler): void;
11
11
  static removeHandler(predicate: (handler: EndpointHandler) => boolean): void;
12
12
  }
package/dist/types/app-router/admin/endpointRouter.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"endpointRouter.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/endpointRouter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAGhF,OAAO,KAAK,EAAE,YAAY,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAEtE,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC;IAC3C,MAAM,CAAC,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,wBAAwB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC/F;AAkDD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAK9B;WAEW,KAAK,CAChB,OAAO,EAAE,uBAAuB,EAChC,MAAM,EAAE,wBAAwB,GAC/B,OAAO,CAAC,QAAQ,CAAC;IAgBpB,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI;IAIjD,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,eAAe,KAAK,OAAO,GAAG,IAAI;CAM7E"}
1
+ {"version":3,"file":"endpointRouter.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/endpointRouter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAChG,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAKvD,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC;IAC3C,MAAM,CAAC,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,0BAA0B,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACjG;AAsCD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAI9B;WAEW,KAAK,CAChB,OAAO,EAAE,uBAAuB,EAChC,MAAM,EAAE,0BAA0B,GACjC,OAAO,CAAC,QAAQ,CAAC;IAgBpB,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI;IAIjD,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,eAAe,KAAK,OAAO,GAAG,IAAI;CAM7E"}
package/dist/types/app-router/admin/handlers.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ import type { AuthenticateRequestOptions, RequestProcessorContext } from '@tern-secure/backend';
2
+ declare const sessionEndpointHandler: (context: RequestProcessorContext, config: AuthenticateRequestOptions) => Promise<Response>;
3
+ declare const signInEndpointHandler: (context: RequestProcessorContext) => Promise<Response>;
4
+ export { sessionEndpointHandler, signInEndpointHandler };
5
+ //# sourceMappingURL=handlers.d.ts.map
package/dist/types/app-router/admin/handlers.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAwBhG,QAAA,MAAM,sBAAsB,GAC1B,SAAS,uBAAuB,EAChC,QAAQ,0BAA0B,KACjC,OAAO,CAAC,QAAQ,CAuHlB,CAAA;AAGD,QAAA,MAAM,qBAAqB,GACzB,SAAS,uBAAuB,KAC/B,OAAO,CAAC,QAAQ,CAmElB,CAAA;AAED,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,CAAC"}
package/dist/types/app-router/admin/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  export { createTernSecureNextJsHandler } from './ternsecureNextjsHandler';
2
2
  export { clearSessionCookieServer, clearNextSessionCookie, createSessionCookieServer, createNextSessionCookie, setNextServerSession, setNextServerToken } from './actions';
3
3
  export { EndpointRouter } from './endpointRouter';
4
- export type { TernSecureHandlerOptions } from './types';
4
+ export type { ApiHandlerOptions, TernSecureHandlerOptions } from './types';
5
5
  //# sourceMappingURL=index.d.ts.map
package/dist/types/app-router/admin/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,2BAA2B,CAAA;AAEzE,OAAO,EACH,wBAAwB,EACxB,sBAAsB,EACtB,yBAAyB,EACzB,uBAAuB,EACvB,oBAAoB,EACpB,kBAAkB,EACrB,MAAM,WAAW,CAAA;AAElB,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAEjD,YAAY,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,2BAA2B,CAAA;AAEzE,OAAO,EACH,wBAAwB,EACxB,sBAAsB,EACtB,yBAAyB,EACzB,uBAAuB,EACvB,oBAAoB,EACpB,kBAAkB,EACrB,MAAM,WAAW,CAAA;AAElB,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAEjD,YAAY,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAA"}
package/dist/types/app-router/admin/request.d.ts CHANGED
@@ -1,4 +1,4 @@
1
1
  import type { NextCookieStore } from '../../utils/NextCookieAdapter';
2
- import type { TernSecureHandlerOptions } from './types';
3
- export declare function refreshCookieWithIdToken(idToken: string, cookieStore: NextCookieStore, config?: TernSecureHandlerOptions, referrer?: string, appCheckToken?: string): Promise<void>;
2
+ import type { ApiHandlerOptions } from './types';
3
+ export declare function refreshCookieWithIdToken(idToken: string, cookieStore: NextCookieStore, config: ApiHandlerOptions, referrer?: string, appCheckToken?: string): Promise<void>;
4
4
  //# sourceMappingURL=request.d.ts.map
package/dist/types/app-router/admin/request.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/request.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAUrE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAExD,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,eAAe,EAC5B,MAAM,CAAC,EAAE,wBAAwB,EACjC,QAAQ,CAAC,EAAE,MAAM,EACjB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CAuDf"}
1
+ {"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/request.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAKrE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAEjD,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,eAAe,EAC5B,MAAM,EAAE,iBAAiB,EACzB,QAAQ,CAAC,EAAE,MAAM,EACjB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CA+Cf"}
package/dist/types/app-router/admin/signInCreateHandler.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { RequestProcessorContext } from './c-authenticateRequestProcessor';
1
+ import type { RequestProcessorContext } from '@tern-secure/backend';
2
2
  export declare const processSignInCreate: (context: RequestProcessorContext) => Promise<Response>;
3
3
  /**
4
4
  * Processes email_code strategy
package/dist/types/app-router/admin/signInCreateHandler.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"signInCreateHandler.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/signInCreateHandler.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAOhF,eAAO,MAAM,mBAAmB,GAC9B,SAAS,uBAAuB,KAC/B,OAAO,CAAC,QAAQ,CAmDlB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,wBAAwB,GAAU,OAAO,MAAM,KAAG,OAAO,CAAC,QAAQ,CA6C9E,CAAC;AAGF,eAAO,MAAM,uBAAuB,GAAU,YAAY,MAAM,KAAG,OAAO,CAAC,QAAQ,CAmClF,CAAC;AAGF,eAAO,MAAM,wBAAwB,GAAU,aAAa,MAAM,KAAG,OAAO,CAAC,QAAQ,CAmCpF,CAAC;AAGF,eAAO,MAAM,4BAA4B,GACvC,UAAU,2BAA2B,GAAG,2BAA2B,EACnE,YAAY,MAAM,KACjB,OAAO,CAAC,QAAQ,CAmClB,CAAC"}
1
+ {"version":3,"file":"signInCreateHandler.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/signInCreateHandler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAUpE,eAAO,MAAM,mBAAmB,GAC9B,SAAS,uBAAuB,KAC/B,OAAO,CAAC,QAAQ,CAmDlB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,wBAAwB,GAAU,OAAO,MAAM,KAAG,OAAO,CAAC,QAAQ,CA6C9E,CAAC;AAGF,eAAO,MAAM,uBAAuB,GAAU,YAAY,MAAM,KAAG,OAAO,CAAC,QAAQ,CAmClF,CAAC;AAGF,eAAO,MAAM,wBAAwB,GAAU,aAAa,MAAM,KAAG,OAAO,CAAC,QAAQ,CAmCpF,CAAC;AAGF,eAAO,MAAM,4BAA4B,GACvC,UAAU,2BAA2B,GAAG,2BAA2B,EACnE,YAAY,MAAM,KACjB,OAAO,CAAC,QAAQ,CAmClB,CAAC"}
package/dist/types/app-router/admin/ternsecureNextjsHandler.d.ts CHANGED
@@ -1,5 +1,9 @@
1
- import type { TernSecureHandlerOptions } from './types';
2
- export declare function createTernSecureNextJsHandler(options: TernSecureHandlerOptions): {
1
+ import type { AuthenticateRequestOptions } from '@tern-secure/backend';
2
+ /**
3
+ * Create API route handlers with unified options
4
+ * Uses the same AuthenticateRequestOptions as middleware
5
+ */
6
+ export declare function createTernSecureNextJsHandler(options?: AuthenticateRequestOptions): {
3
7
  readonly GET: (request: Request) => Promise<Response>;
4
8
  readonly POST: (request: Request) => Promise<Response>;
5
9
  };
package/dist/types/app-router/admin/ternsecureNextjsHandler.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ternsecureNextjsHandler.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/ternsecureNextjsHandler.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAgBxD,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,wBAAwB;4BAG7C,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;6BAA3B,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;EAqB5D"}
1
+ {"version":3,"file":"ternsecureNextjsHandler.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/ternsecureNextjsHandler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAQvE;;;GAGG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,CAAC,EAAE,0BAA0B;4BAOhD,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;6BAA3B,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;EAoB5D"}
package/dist/types/app-router/admin/types.d.ts CHANGED
@@ -1,4 +1,5 @@
1
- import type { AuthEndpoint, CookieEndpointConfig, CookieOpts as CookieOptions, CorsOptions, EndpointConfig, SecurityOptions, SessionEndpointConfig, SessionSubEndpoint, SignInEndpointConfig, SignInSubEndpoint, TernSecureHandlerOptions, TokenCookieConfig } from '@tern-secure/types';
1
+ import type { AuthenticateRequestOptions } from '@tern-secure/backend';
2
+ import type { AuthEndpoint, AuthSubEndpoint, CookieEndpointConfig, CookieOpts as CookieOptions, CorsOptions, EndpointConfig, SecurityOptions, SessionEndpointConfig, SessionSubEndpoint, SignInEndpointConfig, SignInSubEndpoint, TernSecureHandlerOptions, TokenCookieConfig } from '@tern-secure/types';
2
3
  import { type NextResponse } from 'next/server';
3
4
  export declare const DEFAULT_CORS_OPTIONS: CorsOptions;
4
5
  export declare const DEFAULT_SESSION_COOKIE_OPTIONS: CookieOptions;
@@ -79,5 +80,26 @@ export declare class CookieUtils {
79
80
  static getFixedTokenConfig(tokenType: Exclude<suffix, 'session'>): TokenCookieConfig;
80
81
  static validateSessionMaxAge(maxAge: number): boolean;
81
82
  }
82
- export { AuthEndpoint, CookieOptions, CorsOptions, SecurityOptions, SessionSubEndpoint, EndpointConfig, SessionEndpointConfig, SignInEndpointConfig, SignInSubEndpoint, TernSecureHandlerOptions, };
83
+ /**
84
+ * API Handler Options - Unified with Middleware
85
+ *
86
+ * Since API routes are protected by middleware, they use the same
87
+ * AuthenticateRequestOptions type. No separate config needed.
88
+ *
89
+ * Key fields used by API handlers:
90
+ * - tenantId: Multi-tenant support
91
+ * - enableCustomToken: Whether to create custom token cookie
92
+ * - debug: Debug logging
93
+ * - revokeRefreshTokensOnSignOut: Token revocation behavior
94
+ *
95
+ * Fields handled by middleware (not needed in API):
96
+ * - firebaseConfig: Used for authentication
97
+ * - firebaseAdminConfig: Server-side Firebase admin
98
+ * - checkRevoked: Token revocation checking
99
+ */
100
+ export type ApiHandlerOptions = AuthenticateRequestOptions & {
101
+ cookies?: CookieOptions;
102
+ };
103
+ export declare const DEFAULT_API_HANDLER_OPTIONS: Partial<ApiHandlerOptions>;
104
+ export { AuthEndpoint, AuthSubEndpoint, CookieOptions, CorsOptions, SecurityOptions, SessionSubEndpoint, EndpointConfig, SessionEndpointConfig, SignInEndpointConfig, SignInSubEndpoint, TernSecureHandlerOptions, };
83
105
  //# sourceMappingURL=types.d.ts.map
package/dist/types/app-router/admin/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,oBAAoB,EACpB,UAAU,IAAI,aAAa,EAC3B,WAAW,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,EACxB,iBAAiB,EAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,eAAO,MAAM,oBAAoB,EAAE,WAMlC,CAAC;AAEF,eAAO,MAAM,8BAA8B,EAAE,aAO5C,CAAC;AAEF,eAAO,MAAM,uCAAuC,EAAE,aAOrD,CAAC;AAGF,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;CAyBtB,CAAC;AAEX,eAAO,MAAM,wBAAwB,EAAE,eAStC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,cAKrC,CAAC;AAEF,eAAO,MAAM,6BAA6B,EAAE,oBAa3C,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,qBAqCrC,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,oBASpC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,wBAAwB,CAAC,GAAG;IACzE,SAAS,EAAE,QAAQ,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;CAsBzE,CAAC;AAEF,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,YAAY,CAAC;QACnB,MAAM,EAAE,cAAc,CAAC;KACxB,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,kBAAkB,CAAC;QACzB,MAAM,EAAE,cAAc,CAAC;KACxB,CAAC;IACF,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,QAAQ,CAAC;IACjB,YAAY,CAAC,EAAE,QAAQ,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,GAAG,CAAC;QACV,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,MAAM,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC;AAE3E,qBAAa,WAAW;IACtB,MAAM,CAAC,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM;IAInE,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,MAAM;;;;;;;IAUxC,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,GAAG,iBAAiB;IASxE,MAAM,CAAC,mBAAmB,CACxB,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,GACpC,iBAAiB;IAWpB,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;CAKtD;AAED,OAAO,EACL,YAAY,EACZ,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,GACzB,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AACvE,OAAO,KAAK,EACV,YAAY,EACZ,eAAe,EACf,oBAAoB,EACpB,UAAU,IAAI,aAAa,EAC3B,WAAW,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,EACxB,iBAAiB,EAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAIhD,eAAO,MAAM,oBAAoB,EAAE,WAMlC,CAAC;AAEF,eAAO,MAAM,8BAA8B,EAAE,aAO5C,CAAC;AAEF,eAAO,MAAM,uCAAuC,EAAE,aAOrD,CAAC;AAGF,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;CAyBtB,CAAC;AAEX,eAAO,MAAM,wBAAwB,EAAE,eAStC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,cAKrC,CAAC;AAEF,eAAO,MAAM,6BAA6B,EAAE,oBAa3C,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,qBAqCrC,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,oBASpC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,wBAAwB,CAAC,GAAG;IACzE,SAAS,EAAE,QAAQ,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;CAsBzE,CAAC;AAEF,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,YAAY,CAAC;QACnB,MAAM,EAAE,cAAc,CAAC;KACxB,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,kBAAkB,CAAC;QACzB,MAAM,EAAE,cAAc,CAAC;KACxB,CAAC;IACF,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,QAAQ,CAAC;IACjB,YAAY,CAAC,EAAE,QAAQ,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,GAAG,CAAC;QACV,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,MAAM,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC;AAE3E,qBAAa,WAAW;IACtB,MAAM,CAAC,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM;IAInE,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,MAAM;;;;;;;IAUxC,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,GAAG,iBAAiB;IASxE,MAAM,CAAC,mBAAmB,CACxB,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,GACpC,iBAAiB;IAWpB,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;CAKtD;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,MAAM,iBAAiB,GAAG,0BAA0B,GAAG;IAC3D,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB,CAAC;AAEF,eAAO,MAAM,2BAA2B,EAAE,OAAO,CAAC,iBAAiB,CAMlE,CAAC;AAEF,OAAO,EACL,YAAY,EACZ,eAAe,EACf,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,GACzB,CAAC"}
package/dist/types/app-router/admin/validators.d.ts CHANGED
@@ -1,44 +1,47 @@
1
- import type { AuthEndpoint, CorsOptions, SecurityOptions, SessionSubEndpoint } from './types';
1
+ import type { RequestProcessorContext } from '@tern-secure/backend';
2
2
  /**
3
- * CORS validation utilities
3
+ * Lightweight validators for API route handlers
4
+ * Note: Middleware already handles CORS, security, and CSRF validation
5
+ * These validators only handle endpoint-specific validation
4
6
  */
5
- export declare class CorsValidator {
6
- static validate(request: Request, corsOptions: CorsOptions): Promise<Response | null>;
7
- static createOptionsResponse(corsOptions: CorsOptions): Response;
8
- }
9
7
  /**
10
- * Security validation utilities
8
+ * Validates that the request body is valid JSON
11
9
  */
12
- export declare class SecurityValidator {
13
- static validate(request: Request, securityOptions: SecurityOptions): Promise<Response | null>;
14
- private static validateCsrf;
15
- private static validateRequiredHeaders;
16
- private static validateUserAgent;
17
- }
10
+ export declare function validateJsonBody(request: Request): Promise<{
11
+ body: any;
12
+ error?: Response;
13
+ }>;
18
14
  /**
19
- * CSRF token validation utilities
15
+ * Validates that an ID token is present and has correct JWT structure
20
16
  */
21
- export declare class CsrfValidator {
22
- static validate(csrfToken: string, csrfCookieValue: string | undefined): Response | null;
23
- }
17
+ export declare function validateIdToken(idToken: string | undefined): Response | null;
24
18
  /**
25
- * Route validation utilities
19
+ * Validates CSRF token matches the cookie value
20
+ * Note: This is only used for specific endpoints that need double-submit CSRF
26
21
  */
27
- export declare class RouteValidator {
28
- static validatePathStructure(pathSegments: string[]): Response | null;
29
- static validateEndpoint(_endpoint: AuthEndpoint, endpointConfig: any, method: string): Response | null;
30
- static validateSubEndpoint(subEndpoint: SessionSubEndpoint | undefined, subEndpointConfig: any, method: string): Response | null;
31
- }
22
+ export declare function validateCsrfToken(csrfToken: string | undefined): Promise<Response | null>;
32
23
  /**
33
- * Request body validation utilities
24
+ * Validates email format (basic validation)
34
25
  */
35
- export declare class RequestValidator {
36
- static validateSessionRequest(request: Request): Promise<{
37
- body: any;
38
- idToken?: string;
39
- csrfToken?: string;
40
- error?: Response;
41
- }>;
42
- static validateIdToken(idToken: string | undefined): Response | null;
43
- }
26
+ export declare function validateEmail(email: string | undefined): Response | null;
27
+ /**
28
+ * Validates password meets minimum requirements
29
+ */
30
+ export declare function validatePassword(password: string | undefined): Response | null;
31
+ /**
32
+ * Validates required fields are present in request body
33
+ */
34
+ export declare function validateRequiredFields(body: any, fields: string[]): Response | null;
35
+ /**
36
+ * Validates that a sub-endpoint exists in the URL
37
+ */
38
+ export declare function validateSubEndpointPresent(context: RequestProcessorContext, endpointType: string): Response | null;
39
+ /**
40
+ * Helper to extract and validate session request data
41
+ */
42
+ export declare function extractSessionRequestData(request: Request): Promise<{
43
+ idToken?: string;
44
+ csrfToken?: string;
45
+ error?: Response;
46
+ }>;
44
47
  //# sourceMappingURL=validators.d.ts.map
package/dist/types/app-router/admin/validators.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/validators.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAE9F;;GAEG;AACH,qBAAa,aAAa;WACX,QAAQ,CACnB,OAAO,EAAE,OAAO,EAChB,WAAW,EAAE,WAAW,GACvB,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IA0B3B,MAAM,CAAC,qBAAqB,CAAC,WAAW,EAAE,WAAW,GAAG,QAAQ;CA4BjE;AAED;;GAEG;AACH,qBAAa,iBAAiB;WACf,QAAQ,CACnB,OAAO,EAAE,OAAO,EAChB,eAAe,EAAE,eAAe,GAC/B,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAqB3B,OAAO,CAAC,MAAM,CAAC,YAAY;IAwB3B,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAmBtC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CA4BjC;AAED;;GAEG;AACH,qBAAa,aAAa;IACxB,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,IAAI;CAezF;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB,MAAM,CAAC,qBAAqB,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,QAAQ,GAAG,IAAI;IAWrE,MAAM,CAAC,gBAAgB,CACrB,SAAS,EAAE,YAAY,EACvB,cAAc,EAAE,GAAG,EACnB,MAAM,EAAE,MAAM,GACb,QAAQ,GAAG,IAAI;IAYlB,MAAM,CAAC,mBAAmB,CACxB,WAAW,EAAE,kBAAkB,GAAG,SAAS,EAC3C,iBAAiB,EAAE,GAAG,EACtB,MAAM,EAAE,MAAM,GACb,QAAQ,GAAG,IAAI;CAenB;AAED;;GAEG;AACH,qBAAa,gBAAgB;WACd,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC;QAC7D,IAAI,EAAE,GAAG,CAAC;QACV,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,QAAQ,CAAC;KAClB,CAAC;IAYF,MAAM,CAAC,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,IAAI;CAUrE"}
1
+ {"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/validators.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAMpE;;;;GAIG;AAEH;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC;IAChE,IAAI,EAAE,GAAG,CAAC;IACV,KAAK,CAAC,EAAE,QAAQ,CAAC;CAClB,CAAC,CAUD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,IAAI,CAkB5E;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAiB1B;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,IAAI,CAYxE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,IAAI,CAc9E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,GAAG,EACT,MAAM,EAAE,MAAM,EAAE,GACf,QAAQ,GAAG,IAAI,CAYjB;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,uBAAuB,EAChC,YAAY,EAAE,MAAM,GACnB,QAAQ,GAAG,IAAI,CAUjB;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC;IACzE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,QAAQ,CAAC;CAClB,CAAC,CAWD"}
package/dist/types/app-router/server/TernSecureProvider.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"TernSecureProvider.d.ts","sourceRoot":"","sources":["../../../../src/app-router/server/TernSecureProvider.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,MAAM,OAAO,CAAC;AAK1B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAWvD,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,mBAAmB,mFA4ClE"}
1
+ {"version":3,"file":"TernSecureProvider.d.ts","sourceRoot":"","sources":["../../../../src/app-router/server/TernSecureProvider.tsx"],"names":[],"mappings":"AAGA,OAAO,KAAK,MAAM,OAAO,CAAC;AAK1B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAoBvD,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,mBAAmB,mFAyDlE"}
package/dist/types/server/constant.d.ts CHANGED
@@ -5,6 +5,8 @@ export declare const FIREBASE_STORAGE_BUCKET: string;
5
5
  export declare const FIREBASE_MESSAGING_SENDER_ID: string;
6
6
  export declare const FIREBASE_APP_ID: string;
7
7
  export declare const FIREBASE_MEASUREMENT_ID: string;
8
+ export declare const FIREBASE_CLIENT_EMAIL: string;
9
+ export declare const FIREBASE_PRIVATE_KEY: string | undefined;
8
10
  export declare const API_KEY: string;
9
11
  export declare const API_URL: string;
10
12
  export declare const API_VERSION: string;
package/dist/types/server/constant.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constant.d.ts","sourceRoot":"","sources":["../../../src/server/constant.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,gBAAgB,QAAiD,CAAC;AAC/E,eAAO,MAAM,oBAAoB,QAAqD,CAAC;AACvF,eAAO,MAAM,mBAAmB,QAAoD,CAAC;AACrF,eAAO,MAAM,uBAAuB,QAAwD,CAAC;AAC7F,eAAO,MAAM,4BAA4B,QAA6D,CAAC;AACvG,eAAO,MAAM,eAAe,QAAgD,CAAC;AAC7E,eAAO,MAAM,uBAAuB,QAAwD,CAAC;AAE7F,eAAO,MAAM,OAAO,QAAiD,CAAC;AACtE,eAAO,MAAM,OAAO,QAAuC,CAAC;AAC5D,eAAO,MAAM,WAAW,QAA6C,CAAC;AACtE,eAAO,MAAM,WAAW,QAA4C,CAAC;AACrE,eAAO,MAAM,WAAW,QAA4C,CAAC"}
1
+ {"version":3,"file":"constant.d.ts","sourceRoot":"","sources":["../../../src/server/constant.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,gBAAgB,QAAiD,CAAC;AAC/E,eAAO,MAAM,oBAAoB,QAAqD,CAAC;AACvF,eAAO,MAAM,mBAAmB,QAAoD,CAAC;AACrF,eAAO,MAAM,uBAAuB,QAAwD,CAAC;AAC7F,eAAO,MAAM,4BAA4B,QAA6D,CAAC;AACvG,eAAO,MAAM,eAAe,QAAgD,CAAC;AAC7E,eAAO,MAAM,uBAAuB,QAAwD,CAAC;AAE7F,eAAO,MAAM,qBAAqB,QAA0C,CAAC;AAC7E,eAAO,MAAM,oBAAoB,oBAAmC,CAAA;AAEpE,eAAO,MAAM,OAAO,QAAiD,CAAC;AACtE,eAAO,MAAM,OAAO,QAAuC,CAAC;AAC5D,eAAO,MAAM,WAAW,QAA6C,CAAC;AACtE,eAAO,MAAM,WAAW,QAA4C,CAAC;AACrE,eAAO,MAAM,WAAW,QAA4C,CAAC"}
package/dist/types/server/data/getAuthDataFromRequest.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getAuthDataFromRequest.d.ts","sourceRoot":"","sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAGvD,OAAO,KAAK,EAAiC,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAOxF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAYtD;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,CAAC,KAAG,CAKvF,CAAC;AAEF,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,WAAW,EAAE,YAAY,KAAK;;;;;;;;;;;;EAG3E;AAED,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,WAAW,GAAG,UAAU,CAetE;AAGD,MAAM,MAAM,0BAA0B,GAAG,IAAI,CAAC,cAAc,EAAE,QAAQ,GAAG,YAAY,GAAG,kBAAkB,GAAG,QAAQ,GAAG,QAAQ,CAAC,CAAC;AAElI,MAAM,MAAM,IAAI,GAAG;IACjB,IAAI,EAAE,0BAA0B,GAAG,IAAI,CAAA;IACvC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;CACtB,CAAA;AAID;;;;;;;GAOG;AACH,eAAO,MAAM,wBAAwB,GAAI,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxE,KAAK,CAAC,KACL,CAKF,CAAC;AAEF,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,WAAW,EAChB,YAAY,KAAK;;;;;;UAzBX,0BAA0B,GAAG,IAAI;;;;;;;UAAjC,0BAA0B,GAAG,IAAI;GA6BxC;AAED,wBAAsB,sBAAsB,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CA+BzF;AA+ED,OAAO,EAAE,cAAc,EAAE,CAAA"}
1
+ {"version":3,"file":"getAuthDataFromRequest.d.ts","sourceRoot":"","sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAIvD,OAAO,KAAK,EAAiC,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAOxF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAYtD;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,CAAC,KAAG,CAKvF,CAAC;AAEF,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,WAAW,EAAE,YAAY,KAAK;;;;;;;;;;;;EAG3E;AAED,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,WAAW,GAAG,UAAU,CAatE;AAGD,MAAM,MAAM,0BAA0B,GAAG,IAAI,CAAC,cAAc,EAAE,QAAQ,GAAG,YAAY,GAAG,kBAAkB,GAAG,QAAQ,GAAG,QAAQ,CAAC,CAAC;AAElI,MAAM,MAAM,IAAI,GAAG;IACjB,IAAI,EAAE,0BAA0B,GAAG,IAAI,CAAA;IACvC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;CACtB,CAAA;AAID;;;;;;;GAOG;AACH,eAAO,MAAM,wBAAwB,GAAI,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxE,KAAK,CAAC,KACL,CAKF,CAAC;AAEF,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,WAAW,EAChB,YAAY,KAAK;;;;;;UAzBX,0BAA0B,GAAG,IAAI;;;;;;;UAAjC,0BAA0B,GAAG,IAAI;GA6BxC;AAED,wBAAsB,sBAAsB,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CA6BzF;AAyFD,OAAO,EAAE,cAAc,EAAE,CAAA"}
package/dist/types/server/headers-utils.d.ts CHANGED
@@ -4,7 +4,7 @@ import type { RequestLike } from './types';
4
4
  export declare function getCustomAttributeFromRequest(req: RequestLike, key: string): string | null | undefined;
5
5
  export declare function getAuthKeyFromRequest(req: RequestLike, key: keyof typeof constants.Attributes): string | null | undefined;
6
6
  export declare function getHeader(req: RequestLike, name: string): string | null | undefined;
7
- export declare function detectClerkMiddleware(req: RequestLike): boolean;
7
+ export declare function detectTernSecureMiddleware(req: RequestLike): boolean;
8
8
  export declare function isNextRequest(val: unknown): val is NextRequest;
9
9
  export declare function isRequestWebAPI(val: unknown): val is Request;
10
10
  //# sourceMappingURL=headers-utils.d.ts.map
package/dist/types/server/headers-utils.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"headers-utils.d.ts","sourceRoot":"","sources":["../../../src/server/headers-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C,wBAAgB,6BAA6B,CAAC,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CAGtG;AAED,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,WAAW,EAChB,GAAG,EAAE,MAAM,OAAO,SAAS,CAAC,UAAU,GACrC,MAAM,GAAG,IAAI,GAAG,SAAS,CAE3B;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CASnF;AAED,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAE/D;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,WAAW,CAW9D;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,OAAO,CAO5D"}
1
+ {"version":3,"file":"headers-utils.d.ts","sourceRoot":"","sources":["../../../src/server/headers-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C,wBAAgB,6BAA6B,CAAC,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CAGtG;AAED,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,WAAW,EAChB,GAAG,EAAE,MAAM,OAAO,SAAS,CAAC,UAAU,GACrC,MAAM,GAAG,IAAI,GAAG,SAAS,CAE3B;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CASnF;AAED,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAEpE;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,WAAW,CAW9D;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,OAAO,CAO5D"}
package/dist/types/server/proxy-storage.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ import { AsyncLocalStorage } from 'node:async_hooks';
2
+ import type { AuthenticateRequestOptions } from '@tern-secure/backend';
3
+ export declare const ternSecureProxyRequestDataStore: Map<"requestData", AuthenticateRequestOptions>;
4
+ export declare const ternSecureProxyRequestDataStorage: AsyncLocalStorage<Map<"requestData", AuthenticateRequestOptions>>;
5
+ //# sourceMappingURL=proxy-storage.d.ts.map
package/dist/types/server/proxy-storage.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"proxy-storage.d.ts","sourceRoot":"","sources":["../../../src/server/proxy-storage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAEvE,eAAO,MAAM,+BAA+B,gDAAuD,CAAC;AACpG,eAAO,MAAM,iCAAiC,mEAAkE,CAAC"}
package/dist/types/server/ternSecureProxy.d.ts CHANGED
@@ -12,9 +12,7 @@ export interface MiddlewareAuth {
12
12
  protect: AuthProtect;
13
13
  }
14
14
  type MiddlewareHandler = (auth: MiddlewareAuth, request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam) => NextMiddlewareReturn;
15
- export interface MiddlewareOptions extends AuthenticateRequestOptions {
16
- debug?: boolean;
17
- }
15
+ export type MiddlewareOptions = AuthenticateRequestOptions;
18
16
  type MiddlewareOptionsCallback = (req: NextRequest) => MiddlewareOptions | Promise<MiddlewareOptions>;
19
17
  interface TernSecureMiddleware {
20
18
  /**
package/dist/types/server/ternSecureProxy.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ternSecureProxy.d.ts","sourceRoot":"","sources":["../../../src/server/ternSecureProxy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,UAAU,EACV,WAAW,EAGZ,MAAM,sBAAsB,CAAC;AAG9B,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAc3C,OAAO,EAAE,KAAK,WAAW,EAAiB,MAAM,WAAW,CAAC;AAE5D,OAAO,KAAK,EACV,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACrB,MAAM,SAAS,CAAC;AAGjB,MAAM,MAAM,oBAAoB,GAAG,UAAU,GAAG;IAC9C,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxC,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;CACzC,CAAC;AAEF,MAAM,WAAW,cAAc;IAC7B,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAElC,OAAO,EAAE,WAAW,CAAC;CACtB;AAED,KAAK,iBAAiB,GAAG,CACvB,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE,0BAA0B,EACnC,KAAK,EAAE,sBAAsB,KAC1B,oBAAoB,CAAC;AAE1B,MAAM,WAAW,iBAAkB,SAAQ,0BAA0B;IACnE,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AACD,KAAK,yBAAyB,GAAG,CAC/B,GAAG,EAAE,WAAW,KACb,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEpD,UAAU,oBAAoB;IAC5B;;;OAGG;IACH,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAE1E;;;OAGG;IACH,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,yBAAyB,GAAG,cAAc,CAAC;IAElF;;;OAGG;IACH,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAC9C;;;OAGG;IACH,CAAC,OAAO,EAAE,0BAA0B,EAAE,KAAK,EAAE,sBAAsB,GAAG,oBAAoB,CAAC;CAC5F;AAED,eAAO,MAAM,eAAe,EAwGtB,oBAAoB,CAAC;AA4E3B,eAAO,MAAM,eAAe,GAAI,KAAK,MAAM,GAAG,GAAG,0BAIhD,CAAC"}
1
+ {"version":3,"file":"ternSecureProxy.d.ts","sourceRoot":"","sources":["../../../src/server/ternSecureProxy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,UAAU,EACV,WAAW,EAGZ,MAAM,sBAAsB,CAAC;AAG9B,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAkB3C,OAAO,EAAE,KAAK,WAAW,EAAiB,MAAM,WAAW,CAAC;AAE5D,OAAO,KAAK,EACV,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACrB,MAAM,SAAS,CAAC;AAGjB,MAAM,MAAM,oBAAoB,GAAG,UAAU,GAAG;IAC9C,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxC,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;CACzC,CAAC;AAEF,MAAM,WAAW,cAAc;IAC7B,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAElC,OAAO,EAAE,WAAW,CAAC;CACtB;AAED,KAAK,iBAAiB,GAAG,CACvB,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE,0BAA0B,EACnC,KAAK,EAAE,sBAAsB,KAC1B,oBAAoB,CAAC;AAG1B,MAAM,MAAM,iBAAiB,GAAG,0BAA0B,CAAC;AAE3D,KAAK,yBAAyB,GAAG,CAC/B,GAAG,EAAE,WAAW,KACb,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEpD,UAAU,oBAAoB;IAC5B;;;OAGG;IACH,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAE1E;;;OAGG;IACH,CAAC,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,yBAAyB,GAAG,cAAc,CAAC;IAElF;;;OAGG;IACH,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,cAAc,CAAC;IAC9C;;;OAGG;IACH,CAAC,OAAO,EAAE,0BAA0B,EAAE,KAAK,EAAE,sBAAsB,GAAG,oBAAoB,CAAC;CAC5F;AAED,eAAO,MAAM,eAAe,EA6FtB,oBAAoB,CAAC;AA4E3B,eAAO,MAAM,eAAe,GAAI,KAAK,MAAM,GAAG,GAAG,0BAIhD,CAAC"}
package/dist/types/server/utils.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { RequestState, TernSecureRequest } from "@tern-secure/backend";
1
+ import type { AuthenticateRequestOptions, RequestState, TernSecureRequest } from "@tern-secure/backend";
2
2
  import { NextRequest, NextResponse } from 'next/server';
3
3
  import type { User } from "./types";
4
4
  interface RequestContext {
@@ -21,7 +21,7 @@ export declare class Store {
21
21
  static cleanup(): void;
22
22
  }
23
23
  export declare const setRequestHeadersOnNextResponse: (res: NextResponse | Response, req: Request, newHeaders: Record<string, string>) => void;
24
- export declare function decorateRequest(req: TernSecureRequest, res: Response, requestState: RequestState, appCheckToken?: string): Response;
24
+ export declare function decorateRequest(req: TernSecureRequest, res: Response, requestState: RequestState, requestData: AuthenticateRequestOptions, appCheckToken?: string): Response;
25
25
  export declare const isPrerenderingBailout: (e: unknown) => boolean;
26
26
  export declare function buildRequestLike(): Promise<NextRequest>;
27
27
  export declare function getScriptNonceFromHeader(cspHeaderValue: string): string | undefined;
package/dist/types/server/utils.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/server/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,iBAAiB,EAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,WAAW,EAAC,YAAY,EAAE,MAAM,aAAa,CAAC;AAGvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AAKnC,UAAU,cAAc;IACtB,IAAI,EAAE,IAAI,CAAA;IACV,SAAS,EAAE,MAAM,CAAA;CAClB;AAYD,qBAAa,KAAK;IAChB,OAAO,CAAC,MAAM,CAAC,QAAQ;IAcvB,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,cAAc;IAoBzC,MAAM,CAAC,UAAU,IAAI,cAAc,GAAG,IAAI;IAwB1C,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI;IAK/C,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAKjD,MAAM,CAAC,KAAK;;;;;;;IAWZ,MAAM,CAAC,OAAO;CAcf;AAGD,eAAO,MAAM,+BAA+B,GAC1C,KAAK,YAAY,GAAG,QAAQ,EAC5B,KAAK,OAAO,EACZ,YAAY,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,SAiBnC,CAAC;AAEF,wBAAgB,eAAe,CAC7B,GAAG,EAAE,iBAAiB,EACtB,GAAG,EAAE,QAAQ,EACb,YAAY,EAAE,YAAY,EAC1B,aAAa,CAAC,EAAE,MAAM,GACrB,QAAQ,CA6CV;AAGD,eAAO,MAAM,qBAAqB,GAAI,GAAG,OAAO,YAiB/C,CAAC;AAEF,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC,CAkB7D;AAGD,wBAAgB,wBAAwB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CA0CnF"}
1
+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/server/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,YAAY,EACZ,iBAAiB,EAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,WAAW,EAAC,YAAY,EAAE,MAAM,aAAa,CAAC;AAGvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AAKnC,UAAU,cAAc;IACtB,IAAI,EAAE,IAAI,CAAA;IACV,SAAS,EAAE,MAAM,CAAA;CAClB;AAYD,qBAAa,KAAK;IAChB,OAAO,CAAC,MAAM,CAAC,QAAQ;IAcvB,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,cAAc;IAoBzC,MAAM,CAAC,UAAU,IAAI,cAAc,GAAG,IAAI;IAwB1C,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI;IAK/C,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAKjD,MAAM,CAAC,KAAK;;;;;;;IAWZ,MAAM,CAAC,OAAO;CAcf;AAGD,eAAO,MAAM,+BAA+B,GAC1C,KAAK,YAAY,GAAG,QAAQ,EAC5B,KAAK,OAAO,EACZ,YAAY,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,SAiBnC,CAAC;AAiBF,wBAAgB,eAAe,CAC7B,GAAG,EAAE,iBAAiB,EACtB,GAAG,EAAE,QAAQ,EACb,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,0BAA0B,EACvC,aAAa,CAAC,EAAE,MAAM,GACrB,QAAQ,CAgDV;AAGD,eAAO,MAAM,qBAAqB,GAAI,GAAG,OAAO,YAiB/C,CAAC;AAEF,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC,CAkB7D;AAGD,wBAAgB,wBAAwB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CA0CnF"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@tern-secure/nextjs",
3
- "version": "5.2.0-canary.v20251127221555",
3
+ "version": "5.2.0-canary.v20251202162458",
4
4
  "publishConfig": {
5
5
  "access": "public"
6
6
  },
@@ -61,10 +61,10 @@
61
61
  "jose": "^5.9.6",
62
62
  "server-only": "^0.0.1",
63
63
  "tslib": "2.8.1",
64
- "@tern-secure/backend": "1.2.0-canary.v20251127221555",
65
- "@tern-secure/react": "1.2.0-canary.v20251127221555",
66
- "@tern-secure/shared": "1.3.0-canary.v20251127221555",
67
- "@tern-secure/types": "1.1.0-canary.v20251127221555"
64
+ "@tern-secure/backend": "1.2.0-canary.v20251202162458",
65
+ "@tern-secure/react": "1.2.0-canary.v20251202162458",
66
+ "@tern-secure/shared": "1.3.0-canary.v20251202162458",
67
+ "@tern-secure/types": "1.1.0-canary.v20251202162458"
68
68
  },
69
69
  "peerDependencies": {
70
70
  "firebase": "^12.0.0",
package/dist/cjs/app-router/admin/sessionHandlers.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { constants } from '@tern-secure/backend';\nimport { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport type { CookieSubEndpoint } from '@tern-secure/types';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { FIREBASE_API_KEY } from './constants';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport {\n createApiErrorResponse,\n createApiSuccessResponse,\n HttpResponseHelper,\n SessionResponseHelper,\n} from './responses';\nimport { processSignInCreate } from './signInCreateHandler';\nimport type { SessionSubEndpoint, SignInSubEndpoint, TernSecureHandlerOptions } from './types';\n\nconst sessionEndpointHandler = async (\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> => {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const sessionCookie = context.sessionTokenInCookie;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get(constants.Cookies.CsrfToken);\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer, context.appCheckToken);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n console.error('[SessionHandler - createsession] Error:', error);\n const errorMessage = error instanceof Error ? error.message : 'Session creation failed';\n return createApiErrorResponse('SESSION_CREATION_FAILED', errorMessage, 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(\n idToken,\n cookieStore,\n config,\n undefined,\n context.appCheckToken,\n );\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : 'Session refresh failed';\n return createApiErrorResponse('REFRESH_FAILED', errorMessage, 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n const idTokenError = validateIdToken(idToken);\n if (idTokenError) return idTokenError;\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nconst cookieEndpointHandler = async (\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> => {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n const { validateSecurity } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Cookie sub-endpoint required', 400);\n }\n\n const cookiesConfig = config.endpoints?.cookies;\n const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint as CookieSubEndpoint];\n\n if (!subEndpointConfig || !subEndpointConfig.enabled) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Cookie endpoint not found or disabled', 404);\n }\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const CookieGetHandler = async (subEndpoint: CookieSubEndpoint): Promise<Response> => {\n const handleGetCookie = async (): Promise<Response> => {\n try {\n const url = new URL(context.ternUrl);\n const tokenName = url.searchParams.get('tokenName');\n\n if (!tokenName) {\n return createApiErrorResponse('TOKEN_NAME_REQUIRED', 'tokenName query parameter is required', 400);\n }\n\n let cookieValue: string | undefined;\n\n switch (tokenName) {\n case 'idToken':\n cookieValue = context.idTokenInCookie;\n break;\n case 'sessionToken':\n cookieValue = context.sessionTokenInCookie;\n break;\n case 'refreshToken':\n cookieValue = context.refreshTokenInCookie;\n break;\n case 'customToken':\n cookieValue = context.customTokenInCookie;\n break;\n default:\n return createApiErrorResponse('INVALID_TOKEN_NAME', 'Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken', 400);\n }\n\n if (!cookieValue) {\n return createApiErrorResponse(\n 'TOKEN_NOT_FOUND',\n `${tokenName} not found in httpOnly cookies`,\n 404\n );\n }\n\n return createApiSuccessResponse({\n token: cookieValue,\n });\n } catch (error) {\n return createApiErrorResponse('COOKIE_RETRIEVAL_FAILED', 'Failed to retrieve cookie', 500);\n }\n };\n\n switch (subEndpoint) {\n case 'get':\n return handleGetCookie();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return CookieGetHandler(subEndpoint as CookieSubEndpoint);\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nconst signInEndpointHandler = async (\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions\n): Promise<Response> => {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Sign_ins sub-endpoint required', 400);\n }\n\n const signInsConfig = config.endpoints?.signIns;\n const subEndpointConfig = signInsConfig?.subEndpoints?.[subEndpoint as SignInSubEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const PostHandler = async (subEndpoint: SignInSubEndpoint): Promise<Response> => {\n const create = async (): Promise<Response> => {\n return await processSignInCreate(context);\n };\n\n const passwordResetEmail = async (): Promise<Response> => {\n try {\n const body = await context.request.json();\n const { email } = body;\n\n if (!email || typeof email !== 'string') {\n return createApiErrorResponse('EMAIL_REQUIRED', 'Email is required', 400);\n }\n\n const backendClient = await ternSecureBackendClient();\n\n const response = await backendClient.signIn.resetPasswordEmail(FIREBASE_API_KEY, {\n email,\n requestType: 'PASSWORD_RESET',\n });\n\n if (!response) {\n return createApiErrorResponse(\n 'PASSWORD_RESET_FAILED',\n 'Failed to send password reset email',\n 500,\n );\n }\n\n return createApiSuccessResponse({\n email,\n });\n } catch (error) {\n return createApiErrorResponse(\n 'PASSWORD_RESET_ERROR',\n error instanceof Error\n ? error.message\n : 'An error occurred while sending password reset email',\n 500,\n );\n }\n };\n\n switch (subEndpoint) {\n case 'create':\n return create();\n case 'resetPasswordEmail':\n return passwordResetEmail();\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'POST':\n return PostHandler(subEndpoint as SignInSubEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n\n}\n\nexport { cookieEndpointHandler, sessionEndpointHandler, signInEndpointHandler };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAA0B;AAC1B,mBAAmC;AACnC,iBAAuC;AAGvC,8BAAwC;AACxC,+BAAgC;AAEhC,uBAAiC;AACjC,0BAAiC;AACjC,qBAAyC;AACzC,uBAKO;AACP,iCAAoC;AAGpC,MAAM,yBAAyB,OAC7B,SACA,WACsB;AACtB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,gBAAgB,QAAQ;AAC9B,YAAI,CAAC,eAAe;AAClB,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,QAAI,mCAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,uCAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,yBAAU,QAAQ,SAAS;AACzE,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,kBAAM,yCAAyBA,UAASD,cAAa,QAAQ,UAAU,QAAQ,aAAa;AAC5F,eAAO,uCAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,gBAAQ,MAAM,2CAA2CA,MAAK;AAC9D,cAAM,eAAeA,kBAAiB,QAAQA,OAAM,UAAU;AAC9D,mBAAO,yCAAuB,2BAA2B,cAAc,GAAG;AAAA,MAC5E;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,qBAAiB,mCAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,qBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,UAAM;AAAA,UACvBA;AAAA,UACAD;AAAA,UACA;AAAA,UACA;AAAA,UACA,QAAQ;AAAA,QACV;AACA,eAAO,uCAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,cAAM,eAAeA,kBAAiB,QAAQA,OAAM,UAAU;AAC9D,mBAAO,yCAAuB,kBAAkB,cAAc,GAAG;AAAA,MACnE;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,UAAM,iCAAmBA,YAAW;AAChD,aAAO,uCAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,cAAM,eAAe,gBAAgB,OAAO;AAC5C,YAAI,aAAc,QAAO;AAEzB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,MAAM,wBAAwB,OAC5B,SACA,WACsB;AACtB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,iBAAa,sCAAiB,OAAO;AAC3C,QAAM,EAAE,iBAAiB,IAAI;AAE7B,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,gCAAgC,GAAG;AAAA,EAC5F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,MAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,eAAO,yCAAuB,sBAAsB,yCAAyC,GAAG;AAAA,EAClG;AAEA,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,mBAAmB,OAAOA,iBAAsD;AACpF,UAAM,kBAAkB,YAA+B;AACrD,UAAI;AACF,cAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,cAAM,YAAY,IAAI,aAAa,IAAI,WAAW;AAElD,YAAI,CAAC,WAAW;AACd,qBAAO,yCAAuB,uBAAuB,yCAAyC,GAAG;AAAA,QACnG;AAEA,YAAI;AAEJ,gBAAQ,WAAW;AAAA,UACjB,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF;AACE,uBAAO,yCAAuB,sBAAsB,wFAAwF,GAAG;AAAA,QACnJ;AAEA,YAAI,CAAC,aAAa;AAChB,qBAAO;AAAA,YACL;AAAA,YACA,GAAG,SAAS;AAAA,YACZ;AAAA,UACF;AAAA,QACF;AAEA,mBAAO,2CAAyB;AAAA,UAC9B,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,OAAO;AACd,mBAAO,yCAAuB,2BAA2B,6BAA6B,GAAG;AAAA,MAC3F;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,gBAAgB;AAAA,MACzB;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,iBAAiB,WAAgC;AAAA,IAC1D;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,MAAM,wBAAwB,OAC5B,SACA,WACsB;AACtB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,kCAAkC,GAAG;AAAA,EAC9F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,cAAc,OAAOA,iBAAsD;AAC/E,UAAM,SAAS,YAA+B;AAC5C,aAAO,UAAM,gDAAoB,OAAO;AAAA,IAC1C;AAEA,UAAM,qBAAqB,YAA+B;AACxD,UAAI;AACF,cAAM,OAAO,MAAM,QAAQ,QAAQ,KAAK;AACxC,cAAM,EAAE,MAAM,IAAI;AAElB,YAAI,CAAC,SAAS,OAAO,UAAU,UAAU;AACvC,qBAAO,yCAAuB,kBAAkB,qBAAqB,GAAG;AAAA,QAC1E;AAEA,cAAM,gBAAgB,UAAM,iDAAwB;AAEpD,cAAM,WAAW,MAAM,cAAc,OAAO,mBAAmB,mCAAkB;AAAA,UAC/E;AAAA,UACA,aAAa;AAAA,QACf,CAAC;AAED,YAAI,CAAC,UAAU;AACb,qBAAO;AAAA,YACL;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AAEA,mBAAO,2CAAyB;AAAA,UAC9B;AAAA,QACF,CAAC;AAAA,MACH,SAAS,OAAO;AACd,mBAAO;AAAA,UACL;AAAA,UACA,iBAAiB,QACb,MAAM,UACN;AAAA,UACJ;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,OAAO;AAAA,MAChB,KAAK;AACH,eAAO,mBAAmB;AAAA,MAC5B;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,YAAY,WAAgC;AAAA,IAErD;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AAEF;","names":["subEndpoint","cookieStore","idToken","error"]}
package/dist/esm/app-router/admin/sessionHandlers.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { constants } from '@tern-secure/backend';\nimport { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport type { CookieSubEndpoint } from '@tern-secure/types';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { FIREBASE_API_KEY } from './constants';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport {\n createApiErrorResponse,\n createApiSuccessResponse,\n HttpResponseHelper,\n SessionResponseHelper,\n} from './responses';\nimport { processSignInCreate } from './signInCreateHandler';\nimport type { SessionSubEndpoint, SignInSubEndpoint, TernSecureHandlerOptions } from './types';\n\nconst sessionEndpointHandler = async (\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> => {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const sessionCookie = context.sessionTokenInCookie;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get(constants.Cookies.CsrfToken);\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer, context.appCheckToken);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n console.error('[SessionHandler - createsession] Error:', error);\n const errorMessage = error instanceof Error ? error.message : 'Session creation failed';\n return createApiErrorResponse('SESSION_CREATION_FAILED', errorMessage, 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(\n idToken,\n cookieStore,\n config,\n undefined,\n context.appCheckToken,\n );\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : 'Session refresh failed';\n return createApiErrorResponse('REFRESH_FAILED', errorMessage, 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n const idTokenError = validateIdToken(idToken);\n if (idTokenError) return idTokenError;\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nconst cookieEndpointHandler = async (\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> => {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n const { validateSecurity } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Cookie sub-endpoint required', 400);\n }\n\n const cookiesConfig = config.endpoints?.cookies;\n const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint as CookieSubEndpoint];\n\n if (!subEndpointConfig || !subEndpointConfig.enabled) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Cookie endpoint not found or disabled', 404);\n }\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const CookieGetHandler = async (subEndpoint: CookieSubEndpoint): Promise<Response> => {\n const handleGetCookie = async (): Promise<Response> => {\n try {\n const url = new URL(context.ternUrl);\n const tokenName = url.searchParams.get('tokenName');\n\n if (!tokenName) {\n return createApiErrorResponse('TOKEN_NAME_REQUIRED', 'tokenName query parameter is required', 400);\n }\n\n let cookieValue: string | undefined;\n\n switch (tokenName) {\n case 'idToken':\n cookieValue = context.idTokenInCookie;\n break;\n case 'sessionToken':\n cookieValue = context.sessionTokenInCookie;\n break;\n case 'refreshToken':\n cookieValue = context.refreshTokenInCookie;\n break;\n case 'customToken':\n cookieValue = context.customTokenInCookie;\n break;\n default:\n return createApiErrorResponse('INVALID_TOKEN_NAME', 'Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken', 400);\n }\n\n if (!cookieValue) {\n return createApiErrorResponse(\n 'TOKEN_NOT_FOUND',\n `${tokenName} not found in httpOnly cookies`,\n 404\n );\n }\n\n return createApiSuccessResponse({\n token: cookieValue,\n });\n } catch (error) {\n return createApiErrorResponse('COOKIE_RETRIEVAL_FAILED', 'Failed to retrieve cookie', 500);\n }\n };\n\n switch (subEndpoint) {\n case 'get':\n return handleGetCookie();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return CookieGetHandler(subEndpoint as CookieSubEndpoint);\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nconst signInEndpointHandler = async (\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions\n): Promise<Response> => {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Sign_ins sub-endpoint required', 400);\n }\n\n const signInsConfig = config.endpoints?.signIns;\n const subEndpointConfig = signInsConfig?.subEndpoints?.[subEndpoint as SignInSubEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const PostHandler = async (subEndpoint: SignInSubEndpoint): Promise<Response> => {\n const create = async (): Promise<Response> => {\n return await processSignInCreate(context);\n };\n\n const passwordResetEmail = async (): Promise<Response> => {\n try {\n const body = await context.request.json();\n const { email } = body;\n\n if (!email || typeof email !== 'string') {\n return createApiErrorResponse('EMAIL_REQUIRED', 'Email is required', 400);\n }\n\n const backendClient = await ternSecureBackendClient();\n\n const response = await backendClient.signIn.resetPasswordEmail(FIREBASE_API_KEY, {\n email,\n requestType: 'PASSWORD_RESET',\n });\n\n if (!response) {\n return createApiErrorResponse(\n 'PASSWORD_RESET_FAILED',\n 'Failed to send password reset email',\n 500,\n );\n }\n\n return createApiSuccessResponse({\n email,\n });\n } catch (error) {\n return createApiErrorResponse(\n 'PASSWORD_RESET_ERROR',\n error instanceof Error\n ? error.message\n : 'An error occurred while sending password reset email',\n 500,\n );\n }\n };\n\n switch (subEndpoint) {\n case 'create':\n return create();\n case 'resetPasswordEmail':\n return passwordResetEmail();\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'POST':\n return PostHandler(subEndpoint as SignInSubEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n\n}\n\nexport { cookieEndpointHandler, sessionEndpointHandler, signInEndpointHandler };\n"],"mappings":"AAAA,SAAS,iBAAiB;AAC1B,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,+BAA+B;AACxC,SAAS,uBAAuB;AAEhC,SAAS,wBAAwB;AACjC,SAAS,wBAAwB;AACjC,SAAS,gCAAgC;AACzC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,2BAA2B;AAGpC,MAAM,yBAAyB,OAC7B,SACA,WACsB;AACtB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,aAAa,iBAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,WAAO,uBAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,gBAAgB,QAAQ;AAC9B,YAAI,CAAC,eAAe;AAClB,iBAAO,sBAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,IAAI,uBAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,sBAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,sBAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,sBAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,mBAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,gBAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,UAAU,QAAQ,SAAS;AACzE,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,yBAAyBA,UAASD,cAAa,QAAQ,UAAU,QAAQ,aAAa;AAC5F,eAAO,sBAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,gBAAQ,MAAM,2CAA2CA,MAAK;AAC9D,cAAM,eAAeA,kBAAiB,QAAQA,OAAM,UAAU;AAC9D,eAAO,uBAAuB,2BAA2B,cAAc,GAAG;AAAA,MAC5E;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,iBAAiB,uBAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,iBAAO,uBAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,MAAM;AAAA,UACvBA;AAAA,UACAD;AAAA,UACA;AAAA,UACA;AAAA,UACA,QAAQ;AAAA,QACV;AACA,eAAO,sBAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,cAAM,eAAeA,kBAAiB,QAAQA,OAAM,UAAU;AAC9D,eAAO,uBAAuB,kBAAkB,cAAc,GAAG;AAAA,MACnE;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,MAAM,mBAAmBA,YAAW;AAChD,aAAO,sBAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,cAAM,eAAe,gBAAgB,OAAO;AAC5C,YAAI,aAAc,QAAO;AAEzB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,mBAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,mBAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,MAAM,wBAAwB,OAC5B,SACA,WACsB;AACtB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,aAAa,iBAAiB,OAAO;AAC3C,QAAM,EAAE,iBAAiB,IAAI;AAE7B,MAAI,CAAC,aAAa;AAChB,WAAO,uBAAuB,yBAAyB,gCAAgC,GAAG;AAAA,EAC5F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,MAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,WAAO,uBAAuB,sBAAsB,yCAAyC,GAAG;AAAA,EAClG;AAEA,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,mBAAmB,OAAOA,iBAAsD;AACpF,UAAM,kBAAkB,YAA+B;AACrD,UAAI;AACF,cAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,cAAM,YAAY,IAAI,aAAa,IAAI,WAAW;AAElD,YAAI,CAAC,WAAW;AACd,iBAAO,uBAAuB,uBAAuB,yCAAyC,GAAG;AAAA,QACnG;AAEA,YAAI;AAEJ,gBAAQ,WAAW;AAAA,UACjB,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF;AACE,mBAAO,uBAAuB,sBAAsB,wFAAwF,GAAG;AAAA,QACnJ;AAEA,YAAI,CAAC,aAAa;AAChB,iBAAO;AAAA,YACL;AAAA,YACA,GAAG,SAAS;AAAA,YACZ;AAAA,UACF;AAAA,QACF;AAEA,eAAO,yBAAyB;AAAA,UAC9B,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,OAAO;AACd,eAAO,uBAAuB,2BAA2B,6BAA6B,GAAG;AAAA,MAC3F;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,gBAAgB;AAAA,MACzB;AACE,eAAO,mBAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,iBAAiB,WAAgC;AAAA,IAC1D;AACE,aAAO,mBAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,MAAM,wBAAwB,OAC5B,SACA,WACsB;AACtB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,aAAa,iBAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,WAAO,uBAAuB,yBAAyB,kCAAkC,GAAG;AAAA,EAC9F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,cAAc,OAAOA,iBAAsD;AAC/E,UAAM,SAAS,YAA+B;AAC5C,aAAO,MAAM,oBAAoB,OAAO;AAAA,IAC1C;AAEA,UAAM,qBAAqB,YAA+B;AACxD,UAAI;AACF,cAAM,OAAO,MAAM,QAAQ,QAAQ,KAAK;AACxC,cAAM,EAAE,MAAM,IAAI;AAElB,YAAI,CAAC,SAAS,OAAO,UAAU,UAAU;AACvC,iBAAO,uBAAuB,kBAAkB,qBAAqB,GAAG;AAAA,QAC1E;AAEA,cAAM,gBAAgB,MAAM,wBAAwB;AAEpD,cAAM,WAAW,MAAM,cAAc,OAAO,mBAAmB,kBAAkB;AAAA,UAC/E;AAAA,UACA,aAAa;AAAA,QACf,CAAC;AAED,YAAI,CAAC,UAAU;AACb,iBAAO;AAAA,YACL;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AAEA,eAAO,yBAAyB;AAAA,UAC9B;AAAA,QACF,CAAC;AAAA,MACH,SAAS,OAAO;AACd,eAAO;AAAA,UACL;AAAA,UACA,iBAAiB,QACb,MAAM,UACN;AAAA,UACJ;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,OAAO;AAAA,MAChB,KAAK;AACH,eAAO,mBAAmB;AAAA,MAC5B;AACE,eAAO,mBAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,YAAY,WAAgC;AAAA,IAErD;AACE,aAAO,mBAAmB,+BAA+B;AAAA,EAC7D;AAEF;","names":["subEndpoint","cookieStore","idToken","error"]}
package/dist/types/app-router/admin/sessionHandlers.d.ts DELETED
@@ -1,7 +0,0 @@
1
- import { type RequestProcessorContext } from './c-authenticateRequestProcessor';
2
- import type { TernSecureHandlerOptions } from './types';
3
- declare const sessionEndpointHandler: (context: RequestProcessorContext, config: TernSecureHandlerOptions) => Promise<Response>;
4
- declare const cookieEndpointHandler: (context: RequestProcessorContext, config: TernSecureHandlerOptions) => Promise<Response>;
5
- declare const signInEndpointHandler: (context: RequestProcessorContext, config: TernSecureHandlerOptions) => Promise<Response>;
6
- export { cookieEndpointHandler, sessionEndpointHandler, signInEndpointHandler };
7
- //# sourceMappingURL=sessionHandlers.d.ts.map
package/dist/types/app-router/admin/sessionHandlers.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"sessionHandlers.d.ts","sourceRoot":"","sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,KAAK,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAWhF,OAAO,KAAK,EAAyC,wBAAwB,EAAE,MAAM,SAAS,CAAC;AAE/F,QAAA,MAAM,sBAAsB,GAC1B,SAAS,uBAAuB,EAChC,QAAQ,wBAAwB,KAC/B,OAAO,CAAC,QAAQ,CA0IlB,CAAA;AAED,QAAA,MAAM,qBAAqB,GACzB,SAAS,uBAAuB,EAChC,QAAQ,wBAAwB,KAC/B,OAAO,CAAC,QAAQ,CAgFlB,CAAA;AAED,QAAA,MAAM,qBAAqB,GACzB,SAAS,uBAAuB,EAChC,QAAQ,wBAAwB,KAC/B,OAAO,CAAC,QAAQ,CAoFlB,CAAA;AAED,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,CAAC"}