@thunderid/nextjs 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{types/ThunderIDNextClient.d.ts → ThunderIDNextClient.d.ts} +2 -9
- package/dist/ThunderIDNextClient.d.ts.map +1 -0
- package/dist/ThunderIDNextClient.js +161 -0
- package/dist/ThunderIDNextClient.js.map +1 -0
- package/dist/cjs/ThunderIDNextClient.cjs +163 -0
- package/dist/cjs/ThunderIDNextClient.cjs.map +1 -0
- package/dist/cjs/_virtual/rolldown_runtime.cjs +25 -0
- package/dist/cjs/client/components/actions/SignInButton/SignInButton.cjs +79 -0
- package/dist/cjs/client/components/actions/SignInButton/SignInButton.cjs.map +1 -0
- package/dist/cjs/client/components/actions/SignOutButton/SignOutButton.cjs +61 -0
- package/dist/cjs/client/components/actions/SignOutButton/SignOutButton.cjs.map +1 -0
- package/dist/cjs/client/components/actions/SignUpButton/SignUpButton.cjs +91 -0
- package/dist/cjs/client/components/actions/SignUpButton/SignUpButton.cjs.map +1 -0
- package/dist/cjs/client/components/control/SignedIn/SignedIn.cjs +34 -0
- package/dist/cjs/client/components/control/SignedIn/SignedIn.cjs.map +1 -0
- package/dist/cjs/client/components/control/SignedOut/SignedOut.cjs +34 -0
- package/dist/cjs/client/components/control/SignedOut/SignedOut.cjs.map +1 -0
- package/dist/cjs/client/components/presentation/SignIn/SignIn.cjs +37 -0
- package/dist/cjs/client/components/presentation/SignIn/SignIn.cjs.map +1 -0
- package/dist/cjs/client/components/presentation/SignUp/SignUp.cjs +79 -0
- package/dist/cjs/client/components/presentation/SignUp/SignUp.cjs.map +1 -0
- package/dist/cjs/client/components/presentation/User/User.cjs +49 -0
- package/dist/cjs/client/components/presentation/User/User.cjs.map +1 -0
- package/dist/cjs/client/components/presentation/UserDropdown/UserDropdown.cjs +114 -0
- package/dist/cjs/client/components/presentation/UserDropdown/UserDropdown.cjs.map +1 -0
- package/dist/cjs/client/components/presentation/UserProfile/UserProfile.cjs +52 -0
- package/dist/cjs/client/components/presentation/UserProfile/UserProfile.cjs.map +1 -0
- package/dist/cjs/client/contexts/ThunderID/ThunderIDContext.cjs +34 -0
- package/dist/cjs/client/contexts/ThunderID/ThunderIDContext.cjs.map +1 -0
- package/dist/cjs/client/contexts/ThunderID/ThunderIDProvider.cjs +165 -0
- package/dist/cjs/client/contexts/ThunderID/ThunderIDProvider.cjs.map +1 -0
- package/dist/cjs/client/contexts/ThunderID/useThunderID.cjs +19 -0
- package/dist/cjs/client/contexts/ThunderID/useThunderID.cjs.map +1 -0
- package/dist/cjs/client/index.cjs +11 -0
- package/dist/cjs/constants/sessionConstants.cjs +55 -0
- package/dist/cjs/constants/sessionConstants.cjs.map +1 -0
- package/dist/cjs/index.cjs +35 -1037
- package/dist/cjs/server/ThunderIDProvider.cjs +114 -0
- package/dist/cjs/server/ThunderIDProvider.cjs.map +1 -0
- package/dist/cjs/server/actions/clearSession.cjs +41 -0
- package/dist/cjs/server/actions/clearSession.cjs.map +1 -0
- package/dist/cjs/server/actions/getAccessToken.cjs +27 -0
- package/dist/cjs/server/actions/getAccessToken.cjs.map +1 -0
- package/dist/cjs/server/actions/getClientOrigin.cjs +18 -0
- package/dist/cjs/server/actions/getClientOrigin.cjs.map +1 -0
- package/dist/cjs/server/actions/getSessionId.cjs +28 -0
- package/dist/cjs/server/actions/getSessionId.cjs.map +1 -0
- package/dist/cjs/server/actions/getSessionPayload.cjs +29 -0
- package/dist/cjs/server/actions/getSessionPayload.cjs.map +1 -0
- package/dist/cjs/server/actions/getUserAction.cjs +30 -0
- package/dist/cjs/server/actions/getUserAction.cjs.map +1 -0
- package/dist/cjs/server/actions/getUserProfileAction.cjs +34 -0
- package/dist/cjs/server/actions/getUserProfileAction.cjs.map +1 -0
- package/dist/cjs/server/actions/handleOAuthCallbackAction.cjs +89 -0
- package/dist/cjs/server/actions/handleOAuthCallbackAction.cjs.map +1 -0
- package/dist/cjs/server/actions/isSignedIn.cjs +40 -0
- package/dist/cjs/server/actions/isSignedIn.cjs.map +1 -0
- package/dist/cjs/server/actions/refreshToken.cjs +61 -0
- package/dist/cjs/server/actions/refreshToken.cjs.map +1 -0
- package/dist/cjs/server/actions/signInAction.cjs +95 -0
- package/dist/cjs/server/actions/signInAction.cjs.map +1 -0
- package/dist/cjs/server/actions/signOutAction.cjs +57 -0
- package/dist/cjs/server/actions/signOutAction.cjs.map +1 -0
- package/dist/cjs/server/actions/signUpAction.cjs +27 -0
- package/dist/cjs/server/actions/signUpAction.cjs.map +1 -0
- package/dist/cjs/server/actions/updateUserProfileAction.cjs +30 -0
- package/dist/cjs/server/actions/updateUserProfileAction.cjs.map +1 -0
- package/dist/cjs/server/getClient.cjs +19 -0
- package/dist/cjs/server/getClient.cjs.map +1 -0
- package/dist/cjs/server/index.cjs +9 -0
- package/dist/cjs/server/proxy/createRouteMatcher.cjs +36 -0
- package/dist/cjs/server/proxy/createRouteMatcher.cjs.map +1 -0
- package/dist/cjs/server/proxy/thunderIDProxy.cjs +182 -0
- package/dist/cjs/server/proxy/thunderIDProxy.cjs.map +1 -0
- package/dist/cjs/server/thunderid.cjs +27 -0
- package/dist/cjs/server/thunderid.cjs.map +1 -0
- package/dist/cjs/utils/SessionManager.cjs +150 -0
- package/dist/cjs/utils/SessionManager.cjs.map +1 -0
- package/dist/cjs/utils/decorateConfigWithNextEnv.cjs +28 -0
- package/dist/cjs/utils/decorateConfigWithNextEnv.cjs.map +1 -0
- package/dist/cjs/utils/handleRefreshToken.cjs +62 -0
- package/dist/cjs/utils/handleRefreshToken.cjs.map +1 -0
- package/dist/cjs/utils/logger.cjs +11 -0
- package/dist/cjs/utils/logger.cjs.map +1 -0
- package/dist/cjs/utils/sessionUtils.cjs +40 -0
- package/dist/cjs/utils/sessionUtils.cjs.map +1 -0
- package/dist/client/components/actions/SignInButton/SignInButton.d.ts.map +1 -0
- package/dist/client/components/actions/SignInButton/SignInButton.js +73 -0
- package/dist/client/components/actions/SignInButton/SignInButton.js.map +1 -0
- package/dist/client/components/actions/SignOutButton/SignOutButton.d.ts.map +1 -0
- package/dist/client/components/actions/SignOutButton/SignOutButton.js +57 -0
- package/dist/client/components/actions/SignOutButton/SignOutButton.js.map +1 -0
- package/dist/client/components/actions/SignUpButton/SignUpButton.d.ts.map +1 -0
- package/dist/client/components/actions/SignUpButton/SignUpButton.js +85 -0
- package/dist/client/components/actions/SignUpButton/SignUpButton.js.map +1 -0
- package/dist/client/components/control/Loading/Loading.d.ts.map +1 -0
- package/dist/client/components/control/SignedIn/SignedIn.d.ts.map +1 -0
- package/dist/client/components/control/SignedIn/SignedIn.js +32 -0
- package/dist/client/components/control/SignedIn/SignedIn.js.map +1 -0
- package/dist/client/components/control/SignedOut/SignedOut.d.ts.map +1 -0
- package/dist/client/components/control/SignedOut/SignedOut.js +32 -0
- package/dist/client/components/control/SignedOut/SignedOut.js.map +1 -0
- package/dist/{types/client → client}/components/presentation/SignIn/SignIn.d.ts +0 -38
- package/dist/client/components/presentation/SignIn/SignIn.d.ts.map +1 -0
- package/dist/client/components/presentation/SignIn/SignIn.js +33 -0
- package/dist/client/components/presentation/SignIn/SignIn.js.map +1 -0
- package/dist/client/components/presentation/SignUp/SignUp.d.ts.map +1 -0
- package/dist/client/components/presentation/SignUp/SignUp.js +75 -0
- package/dist/client/components/presentation/SignUp/SignUp.js.map +1 -0
- package/dist/client/components/presentation/User/User.d.ts.map +1 -0
- package/dist/client/components/presentation/User/User.js +46 -0
- package/dist/client/components/presentation/User/User.js.map +1 -0
- package/dist/client/components/presentation/UserDropdown/UserDropdown.d.ts.map +1 -0
- package/dist/client/components/presentation/UserDropdown/UserDropdown.js +110 -0
- package/dist/client/components/presentation/UserDropdown/UserDropdown.js.map +1 -0
- package/dist/client/components/presentation/UserProfile/UserProfile.d.ts.map +1 -0
- package/dist/client/components/presentation/UserProfile/UserProfile.js +49 -0
- package/dist/client/components/presentation/UserProfile/UserProfile.js.map +1 -0
- package/dist/client/contexts/ThunderID/ThunderIDContext.d.ts.map +1 -0
- package/dist/client/contexts/ThunderID/ThunderIDContext.js +32 -0
- package/dist/client/contexts/ThunderID/ThunderIDContext.js.map +1 -0
- package/dist/{types/client → client}/contexts/ThunderID/ThunderIDProvider.d.ts +1 -8
- package/dist/client/contexts/ThunderID/ThunderIDProvider.d.ts.map +1 -0
- package/dist/client/contexts/ThunderID/ThunderIDProvider.js +159 -0
- package/dist/client/contexts/ThunderID/ThunderIDProvider.js.map +1 -0
- package/dist/client/contexts/ThunderID/useThunderID.d.ts.map +1 -0
- package/dist/client/contexts/ThunderID/useThunderID.js +17 -0
- package/dist/client/contexts/ThunderID/useThunderID.js.map +1 -0
- package/dist/{types/client → client}/index.d.ts +2 -10
- package/dist/client/index.d.ts.map +1 -0
- package/dist/client/index.js +13 -0
- package/dist/configs/InternalAuthAPIRoutesConfig.d.ts.map +1 -0
- package/dist/constants/sessionConstants.d.ts.map +1 -0
- package/dist/constants/sessionConstants.js +53 -0
- package/dist/constants/sessionConstants.js.map +1 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +20 -981
- package/dist/models/api.d.ts.map +1 -0
- package/dist/models/config.d.ts.map +1 -0
- package/dist/server/ThunderIDProvider.d.ts.map +1 -0
- package/dist/server/ThunderIDProvider.js +111 -0
- package/dist/server/ThunderIDProvider.js.map +1 -0
- package/dist/server/actions/clearSession.d.ts.map +1 -0
- package/dist/server/actions/clearSession.js +39 -0
- package/dist/server/actions/clearSession.js.map +1 -0
- package/dist/server/actions/getAccessToken.d.ts.map +1 -0
- package/dist/{getAccessToken-DCP_zasP.js → server/actions/getAccessToken.js} +8 -5
- package/dist/server/actions/getAccessToken.js.map +1 -0
- package/dist/server/actions/getClientOrigin.d.ts.map +1 -0
- package/dist/server/actions/getClientOrigin.js +16 -0
- package/dist/server/actions/getClientOrigin.js.map +1 -0
- package/dist/server/actions/getSessionId.d.ts.map +1 -0
- package/dist/{getSessionId-Ctmvpfgp.js → server/actions/getSessionId.js} +8 -5
- package/dist/server/actions/getSessionId.js.map +1 -0
- package/dist/server/actions/getSessionPayload.d.ts.map +1 -0
- package/dist/server/actions/getSessionPayload.js +27 -0
- package/dist/server/actions/getSessionPayload.js.map +1 -0
- package/dist/server/actions/getUserAction.d.ts.map +1 -0
- package/dist/server/actions/getUserAction.js +30 -0
- package/dist/server/actions/getUserAction.js.map +1 -0
- package/dist/server/actions/getUserProfileAction.d.ts.map +1 -0
- package/dist/server/actions/getUserProfileAction.js +34 -0
- package/dist/server/actions/getUserProfileAction.js.map +1 -0
- package/dist/server/actions/handleOAuthCallbackAction.d.ts.map +1 -0
- package/dist/server/actions/handleOAuthCallbackAction.js +87 -0
- package/dist/server/actions/handleOAuthCallbackAction.js.map +1 -0
- package/dist/server/actions/isSignedIn.d.ts.map +1 -0
- package/dist/server/actions/isSignedIn.js +40 -0
- package/dist/server/actions/isSignedIn.js.map +1 -0
- package/dist/server/actions/refreshToken.d.ts.map +1 -0
- package/dist/server/actions/refreshToken.js +58 -0
- package/dist/server/actions/refreshToken.js.map +1 -0
- package/dist/{types/server → server}/actions/signInAction.d.ts +3 -3
- package/dist/server/actions/signInAction.d.ts.map +1 -0
- package/dist/server/actions/signInAction.js +92 -0
- package/dist/server/actions/signInAction.js.map +1 -0
- package/dist/server/actions/signOutAction.d.ts.map +1 -0
- package/dist/server/actions/signOutAction.js +55 -0
- package/dist/server/actions/signOutAction.js.map +1 -0
- package/dist/{types/server/actions/getMyOrganizations.d.ts → server/actions/signUpAction.d.ts} +10 -5
- package/dist/server/actions/signUpAction.d.ts.map +1 -0
- package/dist/server/actions/signUpAction.js +27 -0
- package/dist/server/actions/signUpAction.js.map +1 -0
- package/dist/server/actions/updateUserProfileAction.d.ts.map +1 -0
- package/dist/server/actions/updateUserProfileAction.js +30 -0
- package/dist/server/actions/updateUserProfileAction.js.map +1 -0
- package/dist/server/getClient.d.ts.map +1 -0
- package/dist/server/getClient.js +19 -0
- package/dist/server/getClient.js.map +1 -0
- package/dist/{types/server → server}/index.d.ts +3 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +6 -0
- package/dist/server/proxy/createRouteMatcher.d.ts.map +1 -0
- package/dist/server/proxy/createRouteMatcher.js +35 -0
- package/dist/server/proxy/createRouteMatcher.js.map +1 -0
- package/dist/{types/server/middleware/thunderIDMiddleware.d.ts → server/proxy/thunderIDProxy.d.ts} +13 -13
- package/dist/server/proxy/thunderIDProxy.d.ts.map +1 -0
- package/dist/server/proxy/thunderIDProxy.js +180 -0
- package/dist/server/proxy/thunderIDProxy.js.map +1 -0
- package/dist/server/thunderid.d.ts.map +1 -0
- package/dist/server/thunderid.js +27 -0
- package/dist/server/thunderid.js.map +1 -0
- package/dist/utils/SessionManager.d.ts.map +1 -0
- package/dist/utils/SessionManager.js +147 -0
- package/dist/utils/SessionManager.js.map +1 -0
- package/dist/utils/createRouteMatcher.d.ts.map +1 -0
- package/dist/utils/decorateConfigWithNextEnv.d.ts.map +1 -0
- package/dist/utils/decorateConfigWithNextEnv.js +27 -0
- package/dist/utils/decorateConfigWithNextEnv.js.map +1 -0
- package/dist/utils/handleRefreshToken.d.ts.map +1 -0
- package/dist/utils/handleRefreshToken.js +62 -0
- package/dist/utils/handleRefreshToken.js.map +1 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +9 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/sessionUtils.d.ts.map +1 -0
- package/dist/utils/sessionUtils.js +39 -0
- package/dist/utils/sessionUtils.js.map +1 -0
- package/package.json +12 -22
- package/dist/SessionManager-BPpyyzfa.js +0 -1384
- package/dist/cache-B9tFVOO5.js +0 -8047
- package/dist/cjs/SessionManager-SBxwYnwV.js +0 -1397
- package/dist/cjs/cache-0QwhuLuy.js +0 -8050
- package/dist/cjs/dynamic-rendering-W7rdgerZ.js +0 -1540
- package/dist/cjs/getAccessToken-EiHUciAb.js +0 -22
- package/dist/cjs/getSessionId-BUDHvxX2.js +0 -5
- package/dist/cjs/getSessionId-Do242Vmz.js +0 -28
- package/dist/cjs/index2.cjs +0 -8
- package/dist/cjs/middleware.cjs +0 -5151
- package/dist/cjs/segment-CPZPzHDj.js +0 -52
- package/dist/cjs/server-BAGHs6kk.js +0 -2468
- package/dist/dynamic-rendering-CkPpk5pF.js +0 -1441
- package/dist/getSessionId-pG-rZbaH.js +0 -5
- package/dist/index2.js +0 -7
- package/dist/middleware.js +0 -5152
- package/dist/segment-D3vdYYI5.js +0 -47
- package/dist/server-Bn2BrWaL.js +0 -2418
- package/dist/types/ThunderIDNextClient.d.ts.map +0 -1
- package/dist/types/client/components/actions/SignInButton/SignInButton.d.ts.map +0 -1
- package/dist/types/client/components/actions/SignOutButton/SignOutButton.d.ts.map +0 -1
- package/dist/types/client/components/actions/SignUpButton/SignUpButton.d.ts.map +0 -1
- package/dist/types/client/components/control/Loading/Loading.d.ts.map +0 -1
- package/dist/types/client/components/control/SignedIn/SignedIn.d.ts.map +0 -1
- package/dist/types/client/components/control/SignedOut/SignedOut.d.ts.map +0 -1
- package/dist/types/client/components/presentation/CreateOrganization/CreateOrganization.d.ts +0 -68
- package/dist/types/client/components/presentation/CreateOrganization/CreateOrganization.d.ts.map +0 -1
- package/dist/types/client/components/presentation/Organization/Organization.d.ts +0 -67
- package/dist/types/client/components/presentation/Organization/Organization.d.ts.map +0 -1
- package/dist/types/client/components/presentation/OrganizationList/OrganizationList.d.ts +0 -93
- package/dist/types/client/components/presentation/OrganizationList/OrganizationList.d.ts.map +0 -1
- package/dist/types/client/components/presentation/OrganizationProfile/OrganizationProfile.d.ts +0 -120
- package/dist/types/client/components/presentation/OrganizationProfile/OrganizationProfile.d.ts.map +0 -1
- package/dist/types/client/components/presentation/OrganizationSwitcher/OrganizationSwitcher.d.ts +0 -72
- package/dist/types/client/components/presentation/OrganizationSwitcher/OrganizationSwitcher.d.ts.map +0 -1
- package/dist/types/client/components/presentation/SignIn/SignIn.d.ts.map +0 -1
- package/dist/types/client/components/presentation/SignUp/SignUp.d.ts.map +0 -1
- package/dist/types/client/components/presentation/User/User.d.ts.map +0 -1
- package/dist/types/client/components/presentation/UserDropdown/UserDropdown.d.ts.map +0 -1
- package/dist/types/client/components/presentation/UserProfile/UserProfile.d.ts.map +0 -1
- package/dist/types/client/contexts/ThunderID/ThunderIDContext.d.ts.map +0 -1
- package/dist/types/client/contexts/ThunderID/ThunderIDProvider.d.ts.map +0 -1
- package/dist/types/client/contexts/ThunderID/useThunderID.d.ts.map +0 -1
- package/dist/types/client/index.d.ts.map +0 -1
- package/dist/types/configs/InternalAuthAPIRoutesConfig.d.ts.map +0 -1
- package/dist/types/constants/sessionConstants.d.ts.map +0 -1
- package/dist/types/index.d.ts.map +0 -1
- package/dist/types/middleware.d.ts +0 -35
- package/dist/types/middleware.d.ts.map +0 -1
- package/dist/types/models/api.d.ts.map +0 -1
- package/dist/types/models/config.d.ts.map +0 -1
- package/dist/types/server/ThunderIDProvider.d.ts.map +0 -1
- package/dist/types/server/actions/clearSession.d.ts.map +0 -1
- package/dist/types/server/actions/createOrganization.d.ts +0 -24
- package/dist/types/server/actions/createOrganization.d.ts.map +0 -1
- package/dist/types/server/actions/getAccessToken.d.ts.map +0 -1
- package/dist/types/server/actions/getAllOrganizations.d.ts +0 -24
- package/dist/types/server/actions/getAllOrganizations.d.ts.map +0 -1
- package/dist/types/server/actions/getBrandingPreference.d.ts +0 -24
- package/dist/types/server/actions/getBrandingPreference.d.ts.map +0 -1
- package/dist/types/server/actions/getClientOrigin.d.ts.map +0 -1
- package/dist/types/server/actions/getCurrentOrganizationAction.d.ts +0 -31
- package/dist/types/server/actions/getCurrentOrganizationAction.d.ts.map +0 -1
- package/dist/types/server/actions/getMyOrganizations.d.ts.map +0 -1
- package/dist/types/server/actions/getOrganizationAction.d.ts +0 -31
- package/dist/types/server/actions/getOrganizationAction.d.ts.map +0 -1
- package/dist/types/server/actions/getSessionId.d.ts.map +0 -1
- package/dist/types/server/actions/getSessionPayload.d.ts.map +0 -1
- package/dist/types/server/actions/getUserAction.d.ts.map +0 -1
- package/dist/types/server/actions/getUserProfileAction.d.ts.map +0 -1
- package/dist/types/server/actions/handleOAuthCallbackAction.d.ts.map +0 -1
- package/dist/types/server/actions/isSignedIn.d.ts.map +0 -1
- package/dist/types/server/actions/refreshToken.d.ts.map +0 -1
- package/dist/types/server/actions/signInAction.d.ts.map +0 -1
- package/dist/types/server/actions/signOutAction.d.ts.map +0 -1
- package/dist/types/server/actions/signUpAction.d.ts +0 -36
- package/dist/types/server/actions/signUpAction.d.ts.map +0 -1
- package/dist/types/server/actions/switchOrganization.d.ts +0 -24
- package/dist/types/server/actions/switchOrganization.d.ts.map +0 -1
- package/dist/types/server/actions/updateUserProfileAction.d.ts.map +0 -1
- package/dist/types/server/getClient.d.ts.map +0 -1
- package/dist/types/server/index.d.ts.map +0 -1
- package/dist/types/server/middleware/createRouteMatcher.d.ts.map +0 -1
- package/dist/types/server/middleware/thunderIDMiddleware.d.ts.map +0 -1
- package/dist/types/server/thunderid.d.ts.map +0 -1
- package/dist/types/utils/SessionManager.d.ts.map +0 -1
- package/dist/types/utils/createRouteMatcher.d.ts.map +0 -1
- package/dist/types/utils/decorateConfigWithNextEnv.d.ts.map +0 -1
- package/dist/types/utils/handleRefreshToken.d.ts.map +0 -1
- package/dist/types/utils/logger.d.ts.map +0 -1
- package/dist/types/utils/sessionUtils.d.ts.map +0 -1
- /package/dist/{types/client → client}/components/actions/SignInButton/SignInButton.d.ts +0 -0
- /package/dist/{types/client → client}/components/actions/SignOutButton/SignOutButton.d.ts +0 -0
- /package/dist/{types/client → client}/components/actions/SignUpButton/SignUpButton.d.ts +0 -0
- /package/dist/{types/client → client}/components/control/Loading/Loading.d.ts +0 -0
- /package/dist/{types/client → client}/components/control/SignedIn/SignedIn.d.ts +0 -0
- /package/dist/{types/client → client}/components/control/SignedOut/SignedOut.d.ts +0 -0
- /package/dist/{types/client → client}/components/presentation/SignUp/SignUp.d.ts +0 -0
- /package/dist/{types/client → client}/components/presentation/User/User.d.ts +0 -0
- /package/dist/{types/client → client}/components/presentation/UserDropdown/UserDropdown.d.ts +0 -0
- /package/dist/{types/client → client}/components/presentation/UserProfile/UserProfile.d.ts +0 -0
- /package/dist/{types/client → client}/contexts/ThunderID/ThunderIDContext.d.ts +0 -0
- /package/dist/{types/client → client}/contexts/ThunderID/useThunderID.d.ts +0 -0
- /package/dist/{types/configs → configs}/InternalAuthAPIRoutesConfig.d.ts +0 -0
- /package/dist/{types/constants → constants}/sessionConstants.d.ts +0 -0
- /package/dist/{types/index.d.ts → index.d.ts} +0 -0
- /package/dist/{types/models → models}/api.d.ts +0 -0
- /package/dist/{types/models → models}/config.d.ts +0 -0
- /package/dist/{types/server → server}/ThunderIDProvider.d.ts +0 -0
- /package/dist/{types/server → server}/actions/clearSession.d.ts +0 -0
- /package/dist/{types/server → server}/actions/getAccessToken.d.ts +0 -0
- /package/dist/{types/server → server}/actions/getClientOrigin.d.ts +0 -0
- /package/dist/{types/server → server}/actions/getSessionId.d.ts +0 -0
- /package/dist/{types/server → server}/actions/getSessionPayload.d.ts +0 -0
- /package/dist/{types/server → server}/actions/getUserAction.d.ts +0 -0
- /package/dist/{types/server → server}/actions/getUserProfileAction.d.ts +0 -0
- /package/dist/{types/server → server}/actions/handleOAuthCallbackAction.d.ts +0 -0
- /package/dist/{types/server → server}/actions/isSignedIn.d.ts +0 -0
- /package/dist/{types/server → server}/actions/refreshToken.d.ts +0 -0
- /package/dist/{types/server → server}/actions/signOutAction.d.ts +0 -0
- /package/dist/{types/server → server}/actions/updateUserProfileAction.d.ts +0 -0
- /package/dist/{types/server → server}/getClient.d.ts +0 -0
- /package/dist/{types/server/middleware → server/proxy}/createRouteMatcher.d.ts +0 -0
- /package/dist/{types/server → server}/thunderid.d.ts +0 -0
- /package/dist/{types/utils → utils}/SessionManager.d.ts +0 -0
- /package/dist/{types/utils → utils}/createRouteMatcher.d.ts +0 -0
- /package/dist/{types/utils → utils}/decorateConfigWithNextEnv.d.ts +0 -0
- /package/dist/{types/utils → utils}/handleRefreshToken.d.ts +0 -0
- /package/dist/{types/utils → utils}/logger.d.ts +0 -0
- /package/dist/{types/utils → utils}/sessionUtils.d.ts +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"refreshToken.cjs","names":["cookieStore: RequestCookies","sessionToken: string | undefined","SessionManager","ThunderIDAPIError","sessionPayload: SessionTokenPayload","config: ThunderIDNextConfig","getClient","result: HandleRefreshTokenResult","handleRefreshToken","rawExpiresIn: string | undefined","expiresInSeconds: number","expiresAt: number"],"sources":["../../../../src/server/actions/refreshToken.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {ThunderIDAPIError, logger} from '@thunderid/node';\nimport {cookies} from 'next/headers';\nimport {ThunderIDNextConfig} from '../../models/config';\nimport handleRefreshToken, {HandleRefreshTokenResult} from '../../utils/handleRefreshToken';\nimport SessionManager, {SessionTokenPayload} from '../../utils/SessionManager';\nimport getClient from '../getClient';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Client-safe result of a token refresh.\n *\n * Intentionally omits accessToken, refreshToken, idToken, and scopes — those stay\n * server-side in the HttpOnly session cookie. Returning tokens from a Server Action\n * serializes them into browser memory, defeating the HttpOnly boundary and exposing\n * them to XSS, browser extensions, and error-tracking SDKs.\n *\n * `expiresAt` is epoch seconds for the new access token; the client uses it to\n * schedule the next refresh.\n */\nexport interface RefreshResult {\n expiresAt: number;\n}\n\n/**\n * Server action to refresh the access token using the stored refresh token.\n * Exchanges the refresh token for a new token set and updates the session cookie.\n *\n * Delegates the HTTP exchange to handleRefreshToken so the same logic is shared\n * with the middleware token refresh path.\n *\n * Called from the client side (e.g. ThunderIDClientProvider refreshOnMount) where\n * Next.js allows cookie mutation. When invoked during SSR rendering the cookie\n * write is silently skipped and a warning is logged.\n */\nconst refreshToken = async (): Promise<RefreshResult> => {\n try {\n const cookieStore: RequestCookies = await cookies();\n const sessionToken: string | undefined = cookieStore.get(SessionManager.getSessionCookieName())?.value;\n\n if (!sessionToken) {\n throw new ThunderIDAPIError(\n 'No active session found. User must be signed in to refresh the token.',\n 'refreshToken-ServerActionError-002',\n 'nextjs',\n 401,\n );\n }\n\n const sessionPayload: SessionTokenPayload = await SessionManager.verifySessionTokenForRefresh(sessionToken);\n const client = getClient();\n const config: ThunderIDNextConfig = await client.getConfiguration();\n\n const result: HandleRefreshTokenResult = await handleRefreshToken(sessionPayload, {\n baseUrl: config.baseUrl ?? '',\n clientId: config.clientId ?? '',\n clientSecret: config.clientSecret ?? '',\n sessionCookie: config.sessionCookie,\n });\n\n try {\n cookieStore.set(\n SessionManager.getSessionCookieName(),\n result.newSessionToken,\n SessionManager.getSessionCookieOptions(result.sessionCookieExpiryTime),\n );\n } catch {\n // cookies().set() is only permitted inside a Server Action invoked from the client\n // or a Route Handler. When this action is called during SSR rendering the write\n // is blocked by Next.js. The middleware refresh path handles that case instead.\n logger.warn('[refreshToken] Could not write session cookie — called from SSR rendering context.');\n }\n\n const rawExpiresIn: string | undefined = result.tokenResponse.expiresIn;\n const expiresInSeconds: number = parseInt(rawExpiresIn ?? '', 10);\n if (Number.isNaN(expiresInSeconds)) {\n throw new Error(`[refreshToken] Invalid expiresIn value received: ${rawExpiresIn}`);\n }\n const expiresAt: number = Math.floor(Date.now() / 1000) + expiresInSeconds;\n\n logger.debug('[refreshToken] Token refresh succeeded.');\n return {expiresAt};\n } catch (error) {\n // Clear the dead session cookie before throwing so the browser is not left\n // holding a stale credential. This is best-effort — if called from an SSR\n // rendering context Next.js blocks cookie mutation; the middleware cleanup\n // path covers that case on the next request.\n try {\n const cookieStore: RequestCookies = await cookies();\n cookieStore.delete(SessionManager.getSessionCookieName());\n logger.debug('[refreshToken] Cleared session cookie after refresh failure.');\n } catch {\n // Intentionally swallowed — middleware handles cleanup when mutation is blocked.\n }\n\n throw new ThunderIDAPIError(\n `Failed to refresh the session: ${error instanceof Error ? error.message : JSON.stringify(error)}`,\n 'refreshToken-ServerActionError-001',\n 'nextjs',\n error instanceof ThunderIDAPIError ? error.statusCode : undefined,\n );\n }\n};\n\nexport default refreshToken;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAuDA,MAAM,eAAe,YAAoC;AACvD,KAAI;EACF,MAAMA,cAA8B,iCAAe;EACnD,MAAMC,eAAmC,YAAY,IAAIC,+BAAe,sBAAsB,CAAC,EAAE;AAEjG,MAAI,CAAC,aACH,OAAM,IAAIC,mCACR,yEACA,sCACA,UACA,IACD;EAGH,MAAMC,iBAAsC,MAAMF,+BAAe,6BAA6B,aAAa;EAE3G,MAAMG,SAA8B,MADrBC,2BAAW,CACuB,kBAAkB;EAEnE,MAAMC,SAAmC,MAAMC,mCAAmB,gBAAgB;GAChF,SAAS,OAAO,WAAW;GAC3B,UAAU,OAAO,YAAY;GAC7B,cAAc,OAAO,gBAAgB;GACrC,eAAe,OAAO;GACvB,CAAC;AAEF,MAAI;AACF,eAAY,IACVN,+BAAe,sBAAsB,EACrC,OAAO,iBACPA,+BAAe,wBAAwB,OAAO,wBAAwB,CACvE;UACK;AAIN,2BAAO,KAAK,qFAAqF;;EAGnG,MAAMO,eAAmC,OAAO,cAAc;EAC9D,MAAMC,mBAA2B,SAAS,gBAAgB,IAAI,GAAG;AACjE,MAAI,OAAO,MAAM,iBAAiB,CAChC,OAAM,IAAI,MAAM,oDAAoD,eAAe;EAErF,MAAMC,YAAoB,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK,GAAG;AAE1D,0BAAO,MAAM,0CAA0C;AACvD,SAAO,EAAC,WAAU;UACX,OAAO;AAKd,MAAI;AAEF,IADoC,iCAAe,EACvC,OAAOT,+BAAe,sBAAsB,CAAC;AACzD,2BAAO,MAAM,+DAA+D;UACtE;AAIR,QAAM,IAAIC,mCACR,kCAAkC,iBAAiB,QAAQ,MAAM,UAAU,KAAK,UAAU,MAAM,IAChG,sCACA,UACA,iBAAiBA,qCAAoB,MAAM,aAAa,OACzD;;;AAIL,2BAAe"}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
'use server';
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
|
|
5
|
+
const require_SessionManager = require('../../utils/SessionManager.cjs');
|
|
6
|
+
const require_getClient = require('../getClient.cjs');
|
|
7
|
+
const require_logger = require('../../utils/logger.cjs');
|
|
8
|
+
let __thunderid_node = require("@thunderid/node");
|
|
9
|
+
__thunderid_node = require_rolldown_runtime.__toESM(__thunderid_node);
|
|
10
|
+
let next_headers = require("next/headers");
|
|
11
|
+
next_headers = require_rolldown_runtime.__toESM(next_headers);
|
|
12
|
+
|
|
13
|
+
//#region src/server/actions/signInAction.ts
|
|
14
|
+
/**
|
|
15
|
+
* Server action for signing in a user.
|
|
16
|
+
* Handles the embedded sign-in flow and manages session cookies.
|
|
17
|
+
*
|
|
18
|
+
* @param payload - The embedded sign-in flow payload
|
|
19
|
+
* @param request - The embedded flow execute request config
|
|
20
|
+
* @returns Promise that resolves when sign-in is complete
|
|
21
|
+
*/
|
|
22
|
+
const signInAction = async (payload, request) => {
|
|
23
|
+
try {
|
|
24
|
+
const client = require_getClient.default();
|
|
25
|
+
const cookieStore = await (0, next_headers.cookies)();
|
|
26
|
+
let sessionId;
|
|
27
|
+
const existingSessionToken = cookieStore.get(require_SessionManager.default.getSessionCookieName())?.value;
|
|
28
|
+
if (existingSessionToken) try {
|
|
29
|
+
sessionId = (await require_SessionManager.default.verifySessionToken(existingSessionToken)).sessionId;
|
|
30
|
+
} catch {}
|
|
31
|
+
if (!sessionId) {
|
|
32
|
+
const tempSessionToken = cookieStore.get(require_SessionManager.default.getTempSessionCookieName())?.value;
|
|
33
|
+
if (tempSessionToken) try {
|
|
34
|
+
sessionId = (await require_SessionManager.default.verifyTempSession(tempSessionToken)).sessionId;
|
|
35
|
+
} catch {}
|
|
36
|
+
}
|
|
37
|
+
if (!sessionId) {
|
|
38
|
+
sessionId = (0, __thunderid_node.generateSessionId)();
|
|
39
|
+
const tempSessionToken = await require_SessionManager.default.createTempSession(sessionId);
|
|
40
|
+
cookieStore.set(require_SessionManager.default.getTempSessionCookieName(), tempSessionToken, require_SessionManager.default.getTempSessionCookieOptions());
|
|
41
|
+
}
|
|
42
|
+
if (!payload || (0, __thunderid_node.isEmpty)(payload)) {
|
|
43
|
+
const defaultSignInUrl = await client.getAuthorizeRequestUrl({}, sessionId);
|
|
44
|
+
return {
|
|
45
|
+
data: { signInUrl: String(defaultSignInUrl) },
|
|
46
|
+
success: true
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
const response = await client.signIn(payload, request, sessionId);
|
|
50
|
+
if (response.flowStatus === __thunderid_node.EmbeddedSignInFlowStatus.Complete) {
|
|
51
|
+
const signInResult = await client.signIn({
|
|
52
|
+
code: response?.authData?.code,
|
|
53
|
+
session_state: response?.authData?.session_state,
|
|
54
|
+
state: response?.authData?.state
|
|
55
|
+
}, {}, sessionId);
|
|
56
|
+
if (signInResult) {
|
|
57
|
+
const idToken = await client.getDecodedIdToken(sessionId, signInResult["idToken"] || signInResult["id_token"]);
|
|
58
|
+
const userIdFromToken = idToken.sub || signInResult["sub"] || sessionId;
|
|
59
|
+
const { accessToken } = signInResult;
|
|
60
|
+
const refreshToken = signInResult["refreshToken"] ?? "";
|
|
61
|
+
const scopes = signInResult["scope"];
|
|
62
|
+
const organizationId = idToken["user_org"] || idToken["organization_id"];
|
|
63
|
+
const rawExpiresIn = signInResult["expiresIn"] ?? signInResult["expires_in"];
|
|
64
|
+
const expiresIn = Number(rawExpiresIn);
|
|
65
|
+
if (Number.isNaN(expiresIn)) throw new Error(`[signInAction] Invalid expiresIn value received: ${rawExpiresIn}`);
|
|
66
|
+
const config = await client.getConfiguration();
|
|
67
|
+
const sessionCookieExpiryTime = require_SessionManager.default.resolveSessionCookieExpiry(config.sessionCookie?.expiryTime);
|
|
68
|
+
const sessionToken = await require_SessionManager.default.createSessionToken(accessToken, userIdFromToken, sessionId, scopes, expiresIn, refreshToken, organizationId);
|
|
69
|
+
cookieStore.set(require_SessionManager.default.getSessionCookieName(), sessionToken, require_SessionManager.default.getSessionCookieOptions(sessionCookieExpiryTime));
|
|
70
|
+
cookieStore.delete(require_SessionManager.default.getTempSessionCookieName());
|
|
71
|
+
}
|
|
72
|
+
const afterSignInUrl = await (await client.getStorageManager()).getConfigDataParameter("afterSignInUrl");
|
|
73
|
+
return {
|
|
74
|
+
data: { afterSignInUrl: String(afterSignInUrl) },
|
|
75
|
+
success: true
|
|
76
|
+
};
|
|
77
|
+
}
|
|
78
|
+
return {
|
|
79
|
+
data: response,
|
|
80
|
+
success: true
|
|
81
|
+
};
|
|
82
|
+
} catch (error) {
|
|
83
|
+
const message = error instanceof Error ? error.message : typeof error?.message === "string" ? error.message : String(error);
|
|
84
|
+
require_logger.default.error(`[signInAction] Error during sign-in: ${message}`);
|
|
85
|
+
return {
|
|
86
|
+
error: message,
|
|
87
|
+
success: false
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
};
|
|
91
|
+
var signInAction_default = signInAction;
|
|
92
|
+
|
|
93
|
+
//#endregion
|
|
94
|
+
exports.default = signInAction_default;
|
|
95
|
+
//# sourceMappingURL=signInAction.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"signInAction.cjs","names":["getClient","cookieStore: RequestCookies","sessionId: string | undefined","existingSessionToken: string | undefined","SessionManager","tempSessionToken: string | undefined","tempSessionToken: string","defaultSignInUrl: string","response: any","EmbeddedSignInFlowStatus","signInResult: Record<string, unknown>","idToken: IdToken","userIdFromToken: string","refreshToken: string","scopes: string","organizationId: string | undefined","rawExpiresIn: unknown","config: ThunderIDNextConfig","sessionCookieExpiryTime: number","sessionToken: string","afterSignInUrl: string"],"sources":["../../../../src/server/actions/signInAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {\n generateSessionId,\n EmbeddedSignInFlowStatus,\n EmbeddedFlowExecuteRequestConfig,\n IdToken,\n isEmpty,\n} from '@thunderid/node';\nimport {cookies} from 'next/headers';\nimport {ThunderIDNextConfig} from '../../models/config';\nimport logger from '../../utils/logger';\nimport SessionManager, {SessionTokenPayload} from '../../utils/SessionManager';\nimport getClient from '../getClient';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Server action for signing in a user.\n * Handles the embedded sign-in flow and manages session cookies.\n *\n * @param payload - The embedded sign-in flow payload\n * @param request - The embedded flow execute request config\n * @returns Promise that resolves when sign-in is complete\n */\nconst signInAction = async (\n payload?: any,\n request?: EmbeddedFlowExecuteRequestConfig,\n): Promise<{\n data?:\n | {\n afterSignInUrl?: string;\n signInUrl?: string;\n }\n | Record<string, unknown>;\n error?: string;\n success: boolean;\n}> => {\n try {\n const client = getClient();\n const cookieStore: RequestCookies = await cookies();\n\n let sessionId: string | undefined;\n\n const existingSessionToken: string | undefined = cookieStore.get(SessionManager.getSessionCookieName())?.value;\n\n if (existingSessionToken) {\n try {\n const sessionPayload: SessionTokenPayload = await SessionManager.verifySessionToken(existingSessionToken);\n sessionId = sessionPayload.sessionId;\n } catch {\n // Invalid session token, will create new temp session\n }\n }\n\n if (!sessionId) {\n const tempSessionToken: string | undefined = cookieStore.get(SessionManager.getTempSessionCookieName())?.value;\n\n if (tempSessionToken) {\n try {\n const tempSession: {sessionId: string} = await SessionManager.verifyTempSession(tempSessionToken);\n sessionId = tempSession.sessionId;\n } catch {\n // Invalid temp session, will create new one\n }\n }\n }\n\n if (!sessionId) {\n sessionId = generateSessionId();\n\n const tempSessionToken: string = await SessionManager.createTempSession(sessionId);\n\n cookieStore.set(\n SessionManager.getTempSessionCookieName(),\n tempSessionToken,\n SessionManager.getTempSessionCookieOptions(),\n );\n }\n\n // If no payload provided, redirect to sign-in URL for redirect-based sign-in.\n if (!payload || isEmpty(payload)) {\n const defaultSignInUrl: string = await client.getAuthorizeRequestUrl({}, sessionId);\n return {data: {signInUrl: String(defaultSignInUrl)}, success: true};\n }\n\n // Handle embedded sign-in flow\n const response: any = await client.signIn(payload, request!, sessionId);\n\n if (response.flowStatus === EmbeddedSignInFlowStatus.Complete) {\n const signInResult: Record<string, unknown> = await client.signIn(\n {\n code: response?.authData?.code,\n session_state: response?.authData?.session_state,\n state: response?.authData?.state,\n } as any,\n {},\n sessionId,\n );\n\n if (signInResult) {\n const idToken: IdToken = await client.getDecodedIdToken(\n sessionId,\n (signInResult['idToken'] || signInResult['id_token']) as string,\n );\n const userIdFromToken: string = (idToken.sub || signInResult['sub'] || sessionId) as string;\n const {accessToken}: {accessToken: string} = signInResult as {accessToken: string};\n const refreshToken: string = (signInResult['refreshToken'] as string | undefined) ?? '';\n const scopes: string = signInResult['scope'] as string;\n const organizationId: string | undefined = (idToken['user_org'] || idToken['organization_id']) as\n | string\n | undefined;\n const rawExpiresIn: unknown = signInResult['expiresIn'] ?? signInResult['expires_in'];\n const expiresIn = Number(rawExpiresIn);\n if (Number.isNaN(expiresIn)) {\n throw new Error(`[signInAction] Invalid expiresIn value received: ${rawExpiresIn}`);\n }\n const config: ThunderIDNextConfig = await client.getConfiguration();\n const sessionCookieExpiryTime: number = SessionManager.resolveSessionCookieExpiry(\n config.sessionCookie?.expiryTime,\n );\n\n const sessionToken: string = await SessionManager.createSessionToken(\n accessToken,\n userIdFromToken,\n sessionId,\n scopes,\n expiresIn,\n refreshToken,\n organizationId,\n );\n\n cookieStore.set(\n SessionManager.getSessionCookieName(),\n sessionToken,\n SessionManager.getSessionCookieOptions(sessionCookieExpiryTime),\n );\n\n cookieStore.delete(SessionManager.getTempSessionCookieName());\n }\n\n const afterSignInUrl: string = await (await client.getStorageManager()).getConfigDataParameter('afterSignInUrl');\n return {data: {afterSignInUrl: String(afterSignInUrl)}, success: true};\n }\n\n return {data: response as Record<string, unknown>, success: true};\n } catch (error) {\n const message =\n error instanceof Error\n ? error.message\n : typeof (error as any)?.message === 'string'\n ? (error as any).message\n : String(error);\n logger.error(`[signInAction] Error during sign-in: ${message}`);\n return {error: message, success: false};\n }\n};\n\nexport default signInAction;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AA2CA,MAAM,eAAe,OACnB,SACA,YAUI;AACJ,KAAI;EACF,MAAM,SAASA,2BAAW;EAC1B,MAAMC,cAA8B,iCAAe;EAEnD,IAAIC;EAEJ,MAAMC,uBAA2C,YAAY,IAAIC,+BAAe,sBAAsB,CAAC,EAAE;AAEzG,MAAI,qBACF,KAAI;AAEF,gBAD4C,MAAMA,+BAAe,mBAAmB,qBAAqB,EAC9E;UACrB;AAKV,MAAI,CAAC,WAAW;GACd,MAAMC,mBAAuC,YAAY,IAAID,+BAAe,0BAA0B,CAAC,EAAE;AAEzG,OAAI,iBACF,KAAI;AAEF,iBADyC,MAAMA,+BAAe,kBAAkB,iBAAiB,EACzE;WAClB;;AAMZ,MAAI,CAAC,WAAW;AACd,wDAA+B;GAE/B,MAAME,mBAA2B,MAAMF,+BAAe,kBAAkB,UAAU;AAElF,eAAY,IACVA,+BAAe,0BAA0B,EACzC,kBACAA,+BAAe,6BAA6B,CAC7C;;AAIH,MAAI,CAAC,yCAAmB,QAAQ,EAAE;GAChC,MAAMG,mBAA2B,MAAM,OAAO,uBAAuB,EAAE,EAAE,UAAU;AACnF,UAAO;IAAC,MAAM,EAAC,WAAW,OAAO,iBAAiB,EAAC;IAAE,SAAS;IAAK;;EAIrE,MAAMC,WAAgB,MAAM,OAAO,OAAO,SAAS,SAAU,UAAU;AAEvE,MAAI,SAAS,eAAeC,0CAAyB,UAAU;GAC7D,MAAMC,eAAwC,MAAM,OAAO,OACzD;IACE,MAAM,UAAU,UAAU;IAC1B,eAAe,UAAU,UAAU;IACnC,OAAO,UAAU,UAAU;IAC5B,EACD,EAAE,EACF,UACD;AAED,OAAI,cAAc;IAChB,MAAMC,UAAmB,MAAM,OAAO,kBACpC,WACC,aAAa,cAAc,aAAa,YAC1C;IACD,MAAMC,kBAA2B,QAAQ,OAAO,aAAa,UAAU;IACvE,MAAM,EAAC,gBAAsC;IAC7C,MAAMC,eAAwB,aAAa,mBAA0C;IACrF,MAAMC,SAAiB,aAAa;IACpC,MAAMC,iBAAsC,QAAQ,eAAe,QAAQ;IAG3E,MAAMC,eAAwB,aAAa,gBAAgB,aAAa;IACxE,MAAM,YAAY,OAAO,aAAa;AACtC,QAAI,OAAO,MAAM,UAAU,CACzB,OAAM,IAAI,MAAM,oDAAoD,eAAe;IAErF,MAAMC,SAA8B,MAAM,OAAO,kBAAkB;IACnE,MAAMC,0BAAkCd,+BAAe,2BACrD,OAAO,eAAe,WACvB;IAED,MAAMe,eAAuB,MAAMf,+BAAe,mBAChD,aACA,iBACA,WACA,QACA,WACA,cACA,eACD;AAED,gBAAY,IACVA,+BAAe,sBAAsB,EACrC,cACAA,+BAAe,wBAAwB,wBAAwB,CAChE;AAED,gBAAY,OAAOA,+BAAe,0BAA0B,CAAC;;GAG/D,MAAMgB,iBAAyB,OAAO,MAAM,OAAO,mBAAmB,EAAE,uBAAuB,iBAAiB;AAChH,UAAO;IAAC,MAAM,EAAC,gBAAgB,OAAO,eAAe,EAAC;IAAE,SAAS;IAAK;;AAGxE,SAAO;GAAC,MAAM;GAAqC,SAAS;GAAK;UAC1D,OAAO;EACd,MAAM,UACJ,iBAAiB,QACb,MAAM,UACN,OAAQ,OAAe,YAAY,WAChC,MAAc,UACf,OAAO,MAAM;AACrB,yBAAO,MAAM,wCAAwC,UAAU;AAC/D,SAAO;GAAC,OAAO;GAAS,SAAS;GAAM;;;AAI3C,2BAAe"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
'use server';
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
|
|
5
|
+
const require_SessionManager = require('../../utils/SessionManager.cjs');
|
|
6
|
+
const require_getSessionId = require('./getSessionId.cjs');
|
|
7
|
+
const require_getClient = require('../getClient.cjs');
|
|
8
|
+
const require_logger = require('../../utils/logger.cjs');
|
|
9
|
+
let next_headers = require("next/headers");
|
|
10
|
+
next_headers = require_rolldown_runtime.__toESM(next_headers);
|
|
11
|
+
|
|
12
|
+
//#region src/server/actions/signOutAction.ts
|
|
13
|
+
/**
|
|
14
|
+
* Server action for signing out a user.
|
|
15
|
+
* Clears both JWT and legacy session cookies.
|
|
16
|
+
*
|
|
17
|
+
* @returns Promise that resolves with success status and optional after sign-out URL
|
|
18
|
+
*/
|
|
19
|
+
const signOutAction = async () => {
|
|
20
|
+
require_logger.default.debug("[signOutAction] Initiating sign out process from the server action.");
|
|
21
|
+
const clearSessionCookies = async () => {
|
|
22
|
+
const cookieStore = await (0, next_headers.cookies)();
|
|
23
|
+
cookieStore.delete(require_SessionManager.default.getSessionCookieName());
|
|
24
|
+
cookieStore.delete(require_SessionManager.default.getTempSessionCookieName());
|
|
25
|
+
};
|
|
26
|
+
try {
|
|
27
|
+
const client = require_getClient.default();
|
|
28
|
+
const sessionId = await require_getSessionId.default();
|
|
29
|
+
let afterSignOutUrl = "/";
|
|
30
|
+
if (sessionId) {
|
|
31
|
+
require_logger.default.debug("[signOutAction] Session ID found, invoking the `signOut` to obtain the `afterSignOutUrl`.");
|
|
32
|
+
afterSignOutUrl = await client.signOut({}, sessionId);
|
|
33
|
+
}
|
|
34
|
+
await clearSessionCookies();
|
|
35
|
+
return {
|
|
36
|
+
data: { afterSignOutUrl },
|
|
37
|
+
success: true
|
|
38
|
+
};
|
|
39
|
+
} catch (error) {
|
|
40
|
+
require_logger.default.error("[signOutAction] Error during sign out from the server action:", error);
|
|
41
|
+
require_logger.default.debug("[signOutAction] Clearing session cookies due to error as a fallback.");
|
|
42
|
+
await clearSessionCookies();
|
|
43
|
+
let errorMessage;
|
|
44
|
+
if (typeof error === "string") errorMessage = error;
|
|
45
|
+
else if (error instanceof Error) errorMessage = error.message;
|
|
46
|
+
else errorMessage = JSON.stringify(error);
|
|
47
|
+
return {
|
|
48
|
+
error: errorMessage,
|
|
49
|
+
success: false
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
};
|
|
53
|
+
var signOutAction_default = signOutAction;
|
|
54
|
+
|
|
55
|
+
//#endregion
|
|
56
|
+
exports.default = signOutAction_default;
|
|
57
|
+
//# sourceMappingURL=signOutAction.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"signOutAction.cjs","names":["cookieStore: RequestCookies","SessionManager","getClient","sessionId: string | undefined","getSessionId","errorMessage: unknown"],"sources":["../../../../src/server/actions/signOutAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {cookies} from 'next/headers';\nimport getSessionId from './getSessionId';\nimport logger from '../../utils/logger';\nimport SessionManager from '../../utils/SessionManager';\nimport getClient from '../getClient';\n\ntype RequestCookies = Awaited<ReturnType<typeof cookies>>;\n\n/**\n * Server action for signing out a user.\n * Clears both JWT and legacy session cookies.\n *\n * @returns Promise that resolves with success status and optional after sign-out URL\n */\nconst signOutAction = async (): Promise<{data?: {afterSignOutUrl?: string}; error?: unknown; success: boolean}> => {\n logger.debug('[signOutAction] Initiating sign out process from the server action.');\n\n const clearSessionCookies = async (): Promise<void> => {\n const cookieStore: RequestCookies = await cookies();\n\n cookieStore.delete(SessionManager.getSessionCookieName());\n cookieStore.delete(SessionManager.getTempSessionCookieName());\n };\n\n try {\n const client = getClient();\n const sessionId: string | undefined = await getSessionId();\n\n let afterSignOutUrl = '/';\n\n if (sessionId) {\n logger.debug('[signOutAction] Session ID found, invoking the `signOut` to obtain the `afterSignOutUrl`.');\n\n afterSignOutUrl = await client.signOut({}, sessionId);\n }\n\n await clearSessionCookies();\n\n return {data: {afterSignOutUrl}, success: true};\n } catch (error) {\n logger.error('[signOutAction] Error during sign out from the server action:', error);\n\n logger.debug('[signOutAction] Clearing session cookies due to error as a fallback.');\n\n await clearSessionCookies();\n\n let errorMessage: unknown;\n if (typeof error === 'string') {\n errorMessage = error;\n } else if (error instanceof Error) {\n errorMessage = error.message;\n } else {\n errorMessage = JSON.stringify(error);\n }\n\n return {\n error: errorMessage,\n success: false,\n };\n }\n};\n\nexport default signOutAction;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAkCA,MAAM,gBAAgB,YAA6F;AACjH,wBAAO,MAAM,sEAAsE;CAEnF,MAAM,sBAAsB,YAA2B;EACrD,MAAMA,cAA8B,iCAAe;AAEnD,cAAY,OAAOC,+BAAe,sBAAsB,CAAC;AACzD,cAAY,OAAOA,+BAAe,0BAA0B,CAAC;;AAG/D,KAAI;EACF,MAAM,SAASC,2BAAW;EAC1B,MAAMC,YAAgC,MAAMC,8BAAc;EAE1D,IAAI,kBAAkB;AAEtB,MAAI,WAAW;AACb,0BAAO,MAAM,4FAA4F;AAEzG,qBAAkB,MAAM,OAAO,QAAQ,EAAE,EAAE,UAAU;;AAGvD,QAAM,qBAAqB;AAE3B,SAAO;GAAC,MAAM,EAAC,iBAAgB;GAAE,SAAS;GAAK;UACxC,OAAO;AACd,yBAAO,MAAM,iEAAiE,MAAM;AAEpF,yBAAO,MAAM,uEAAuE;AAEpF,QAAM,qBAAqB;EAE3B,IAAIC;AACJ,MAAI,OAAO,UAAU,SACnB,gBAAe;WACN,iBAAiB,MAC1B,gBAAe,MAAM;MAErB,gBAAe,KAAK,UAAU,MAAM;AAGtC,SAAO;GACL,OAAO;GACP,SAAS;GACV;;;AAIL,4BAAe"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
'use server';
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
const require_getClient = require('../getClient.cjs');
|
|
5
|
+
|
|
6
|
+
//#region src/server/actions/signUpAction.ts
|
|
7
|
+
/**
|
|
8
|
+
* Server action for initiating the sign-up redirect flow.
|
|
9
|
+
*/
|
|
10
|
+
const signUpAction = async () => {
|
|
11
|
+
try {
|
|
12
|
+
return {
|
|
13
|
+
data: { signUpUrl: require_getClient.default().getConfiguration()?.signUpUrl ?? "" },
|
|
14
|
+
success: true
|
|
15
|
+
};
|
|
16
|
+
} catch (error) {
|
|
17
|
+
return {
|
|
18
|
+
error: String(error),
|
|
19
|
+
success: false
|
|
20
|
+
};
|
|
21
|
+
}
|
|
22
|
+
};
|
|
23
|
+
var signUpAction_default = signUpAction;
|
|
24
|
+
|
|
25
|
+
//#endregion
|
|
26
|
+
exports.default = signUpAction_default;
|
|
27
|
+
//# sourceMappingURL=signUpAction.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"signUpAction.cjs","names":["getClient"],"sources":["../../../../src/server/actions/signUpAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport getClient from '../getClient';\n\n/**\n * Server action for initiating the sign-up redirect flow.\n */\nconst signUpAction = async (): Promise<{\n data?: {signUpUrl?: string};\n error?: string;\n success: boolean;\n}> => {\n try {\n const client = getClient();\n const config = client.getConfiguration() as any;\n const signUpUrl: string = config?.signUpUrl ?? '';\n\n return {data: {signUpUrl}, success: true};\n } catch (error) {\n return {error: String(error), success: false};\n }\n};\n\nexport default signUpAction;\n"],"mappings":";;;;;;;;;AAyBA,MAAM,eAAe,YAIf;AACJ,KAAI;AAKF,SAAO;GAAC,MAAM,EAAC,WAJAA,2BAAW,CACJ,kBAAkB,EACN,aAAa,IAEtB;GAAE,SAAS;GAAK;UAClC,OAAO;AACd,SAAO;GAAC,OAAO,OAAO,MAAM;GAAE,SAAS;GAAM;;;AAIjD,2BAAe"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
'use server';
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
const require_getClient = require('../getClient.cjs');
|
|
5
|
+
|
|
6
|
+
//#region src/server/actions/updateUserProfileAction.ts
|
|
7
|
+
/**
|
|
8
|
+
* Server action to get the current user.
|
|
9
|
+
* Returns the user profile if signed in.
|
|
10
|
+
*/
|
|
11
|
+
const updateUserProfileAction = async (payload, sessionId) => {
|
|
12
|
+
try {
|
|
13
|
+
return {
|
|
14
|
+
data: { user: await require_getClient.default().updateUserProfile(payload, sessionId) },
|
|
15
|
+
error: "",
|
|
16
|
+
success: true
|
|
17
|
+
};
|
|
18
|
+
} catch (error) {
|
|
19
|
+
return {
|
|
20
|
+
data: { user: {} },
|
|
21
|
+
error: `Failed to get user profile: ${error instanceof Error ? error.message : String(error)}`,
|
|
22
|
+
success: false
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
};
|
|
26
|
+
var updateUserProfileAction_default = updateUserProfileAction;
|
|
27
|
+
|
|
28
|
+
//#endregion
|
|
29
|
+
exports.default = updateUserProfileAction_default;
|
|
30
|
+
//# sourceMappingURL=updateUserProfileAction.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"updateUserProfileAction.cjs","names":["getClient"],"sources":["../../../../src/server/actions/updateUserProfileAction.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\n'use server';\n\nimport {UpdateMeProfileConfig, User} from '@thunderid/node';\nimport getClient from '../getClient';\n\n/**\n * Server action to get the current user.\n * Returns the user profile if signed in.\n */\nconst updateUserProfileAction = async (\n payload: UpdateMeProfileConfig,\n sessionId?: string,\n): Promise<{data: {user: User}; error: string; success: boolean}> => {\n try {\n const client = getClient();\n const user: User = await client.updateUserProfile(payload, sessionId);\n return {data: {user}, error: '', success: true};\n } catch (error) {\n return {\n data: {\n user: {},\n },\n error: `Failed to get user profile: ${error instanceof Error ? error.message : String(error)}`,\n success: false,\n };\n }\n};\n\nexport default updateUserProfileAction;\n"],"mappings":";;;;;;;;;;AA2BA,MAAM,0BAA0B,OAC9B,SACA,cACmE;AACnE,KAAI;AAGF,SAAO;GAAC,MAAM,EAAC,MADI,MADJA,2BAAW,CACM,kBAAkB,SAAS,UAAU,EACjD;GAAE,OAAO;GAAI,SAAS;GAAK;UACxC,OAAO;AACd,SAAO;GACL,MAAM,EACJ,MAAM,EAAE,EACT;GACD,OAAO,+BAA+B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;GAC5F,SAAS;GACV;;;AAIL,sCAAe"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
const require_ThunderIDNextClient = require('../ThunderIDNextClient.cjs');
|
|
2
|
+
|
|
3
|
+
//#region src/server/getClient.ts
|
|
4
|
+
let _instance;
|
|
5
|
+
/**
|
|
6
|
+
* Returns the shared `ThunderIDNextClient` instance for this Node.js process.
|
|
7
|
+
* Creates a new instance on first call; subsequent calls return the same instance.
|
|
8
|
+
*
|
|
9
|
+
* @returns The shared ThunderIDNextClient instance.
|
|
10
|
+
*/
|
|
11
|
+
const getClient = () => {
|
|
12
|
+
if (!_instance) _instance = new require_ThunderIDNextClient.default();
|
|
13
|
+
return _instance;
|
|
14
|
+
};
|
|
15
|
+
var getClient_default = getClient;
|
|
16
|
+
|
|
17
|
+
//#endregion
|
|
18
|
+
exports.default = getClient_default;
|
|
19
|
+
//# sourceMappingURL=getClient.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"getClient.cjs","names":["_instance: ThunderIDNextClient | undefined","ThunderIDNextClient"],"sources":["../../../src/server/getClient.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\nimport ThunderIDNextClient from '../ThunderIDNextClient';\n\nlet _instance: ThunderIDNextClient | undefined;\n\n/**\n * Returns the shared `ThunderIDNextClient` instance for this Node.js process.\n * Creates a new instance on first call; subsequent calls return the same instance.\n *\n * @returns The shared ThunderIDNextClient instance.\n */\nconst getClient = (): ThunderIDNextClient => {\n if (!_instance) {\n _instance = new ThunderIDNextClient();\n }\n return _instance;\n};\n\nexport default getClient;\n"],"mappings":";;;AAoBA,IAAIA;;;;;;;AAQJ,MAAM,kBAAuC;AAC3C,KAAI,CAAC,UACH,aAAY,IAAIC,qCAAqB;AAEvC,QAAO;;AAGT,wBAAe"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
const require_thunderid = require('./thunderid.cjs');
|
|
2
|
+
const require_ThunderIDProvider = require('./ThunderIDProvider.cjs');
|
|
3
|
+
const require_thunderIDProxy = require('./proxy/thunderIDProxy.cjs');
|
|
4
|
+
const require_createRouteMatcher = require('./proxy/createRouteMatcher.cjs');
|
|
5
|
+
|
|
6
|
+
exports.ThunderIDProvider = require_ThunderIDProvider.default;
|
|
7
|
+
exports.createRouteMatcher = require_createRouteMatcher.default;
|
|
8
|
+
exports.thunderIDProxy = require_thunderIDProxy.default;
|
|
9
|
+
exports.thunderid = require_thunderid.default;
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
|
|
2
|
+
//#region src/server/proxy/createRouteMatcher.ts
|
|
3
|
+
/**
|
|
4
|
+
* Creates a route matcher function that tests if a request matches any of the given patterns.
|
|
5
|
+
*
|
|
6
|
+
* @param patterns - Array of route patterns to match. Supports glob-like patterns.
|
|
7
|
+
* @returns Function that tests if a request matches any of the patterns
|
|
8
|
+
*
|
|
9
|
+
* @example
|
|
10
|
+
* ```typescript
|
|
11
|
+
* const isProtectedRoute = createRouteMatcher([
|
|
12
|
+
* '/dashboard(.*)',
|
|
13
|
+
* '/admin(.*)',
|
|
14
|
+
* '/profile'
|
|
15
|
+
* ]);
|
|
16
|
+
*
|
|
17
|
+
* if (isProtectedRoute(req)) {
|
|
18
|
+
* // Route is protected
|
|
19
|
+
* }
|
|
20
|
+
* ```
|
|
21
|
+
*/
|
|
22
|
+
const createRouteMatcher = (patterns) => {
|
|
23
|
+
const regexPatterns = patterns.map((pattern) => {
|
|
24
|
+
const regexPattern = pattern.replace(/\./g, "\\.").replace(/\*/g, ".*").replace(/\(\.\*\)/g, "(.*)");
|
|
25
|
+
return /* @__PURE__ */ new RegExp(`^${regexPattern}$`);
|
|
26
|
+
});
|
|
27
|
+
return (req) => {
|
|
28
|
+
const { pathname } = req.nextUrl;
|
|
29
|
+
return regexPatterns.some((regex) => regex.test(pathname));
|
|
30
|
+
};
|
|
31
|
+
};
|
|
32
|
+
var createRouteMatcher_default = createRouteMatcher;
|
|
33
|
+
|
|
34
|
+
//#endregion
|
|
35
|
+
exports.default = createRouteMatcher_default;
|
|
36
|
+
//# sourceMappingURL=createRouteMatcher.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"createRouteMatcher.cjs","names":["regexPatterns: RegExp[]","regexPattern: string"],"sources":["../../../../src/server/proxy/createRouteMatcher.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\nimport {NextRequest} from 'next/server';\n\n/**\n * Creates a route matcher function that tests if a request matches any of the given patterns.\n *\n * @param patterns - Array of route patterns to match. Supports glob-like patterns.\n * @returns Function that tests if a request matches any of the patterns\n *\n * @example\n * ```typescript\n * const isProtectedRoute = createRouteMatcher([\n * '/dashboard(.*)',\n * '/admin(.*)',\n * '/profile'\n * ]);\n *\n * if (isProtectedRoute(req)) {\n * // Route is protected\n * }\n * ```\n */\nconst createRouteMatcher = (patterns: string[]): ((req: NextRequest) => boolean) => {\n const regexPatterns: RegExp[] = patterns.map((pattern: string): RegExp => {\n // Convert glob-like patterns to regex\n const regexPattern: string = pattern\n .replace(/\\./g, '\\\\.') // Escape dots\n .replace(/\\*/g, '.*') // Convert * to .*\n .replace(/\\(\\.\\*\\)/g, '(.*)'); // Handle explicit (.*) patterns\n\n return new RegExp(`^${regexPattern}$`);\n });\n\n return (req: NextRequest): boolean => {\n const {pathname} = req.nextUrl;\n return regexPatterns.some((regex: RegExp): boolean => regex.test(pathname));\n };\n};\n\nexport default createRouteMatcher;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAuCA,MAAM,sBAAsB,aAAwD;CAClF,MAAMA,gBAA0B,SAAS,KAAK,YAA4B;EAExE,MAAMC,eAAuB,QAC1B,QAAQ,OAAO,MAAM,CACrB,QAAQ,OAAO,KAAK,CACpB,QAAQ,aAAa,OAAO;AAE/B,yBAAO,IAAI,OAAO,IAAI,aAAa,GAAG;GACtC;AAEF,SAAQ,QAA8B;EACpC,MAAM,EAAC,aAAY,IAAI;AACvB,SAAO,cAAc,MAAM,UAA2B,MAAM,KAAK,SAAS,CAAC;;;AAI/E,iCAAe"}
|
|
@@ -0,0 +1,182 @@
|
|
|
1
|
+
const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
|
|
2
|
+
const require_sessionConstants = require('../../constants/sessionConstants.cjs');
|
|
3
|
+
const require_SessionManager = require('../../utils/SessionManager.cjs');
|
|
4
|
+
const require_decorateConfigWithNextEnv = require('../../utils/decorateConfigWithNextEnv.cjs');
|
|
5
|
+
const require_handleRefreshToken = require('../../utils/handleRefreshToken.cjs');
|
|
6
|
+
const require_sessionUtils = require('../../utils/sessionUtils.cjs');
|
|
7
|
+
let next_server = require("next/server");
|
|
8
|
+
next_server = require_rolldown_runtime.__toESM(next_server);
|
|
9
|
+
|
|
10
|
+
//#region src/server/proxy/thunderIDProxy.ts
|
|
11
|
+
/**
|
|
12
|
+
* Removes a named cookie from a raw Cookie header string.
|
|
13
|
+
*/
|
|
14
|
+
const removeCookieFromHeader = (cookieHeader, name) => cookieHeader.split(";").map((p) => p.trim()).filter((p) => {
|
|
15
|
+
const eqIdx = p.indexOf("=");
|
|
16
|
+
return (eqIdx === -1 ? p : p.slice(0, eqIdx).trim()) !== name;
|
|
17
|
+
}).join("; ");
|
|
18
|
+
/**
|
|
19
|
+
* Replaces the value of a named cookie inside a raw Cookie header string.
|
|
20
|
+
* If the cookie does not already appear in the header it is appended.
|
|
21
|
+
*/
|
|
22
|
+
const replaceCookieInHeader = (cookieHeader, name, value) => {
|
|
23
|
+
const parts = cookieHeader.split(";").map((p) => p.trim()).filter(Boolean);
|
|
24
|
+
let found = false;
|
|
25
|
+
const updated = parts.map((part) => {
|
|
26
|
+
const eqIdx = part.indexOf("=");
|
|
27
|
+
if ((eqIdx === -1 ? part : part.slice(0, eqIdx).trim()) === name) {
|
|
28
|
+
found = true;
|
|
29
|
+
return `${name}=${value}`;
|
|
30
|
+
}
|
|
31
|
+
return part;
|
|
32
|
+
});
|
|
33
|
+
if (!found) updated.push(`${name}=${value}`);
|
|
34
|
+
return updated.join("; ");
|
|
35
|
+
};
|
|
36
|
+
/**
|
|
37
|
+
* ThunderID proxy that integrates authentication into your Next.js application.
|
|
38
|
+
* Similar to Clerk's clerkMiddleware pattern.
|
|
39
|
+
*
|
|
40
|
+
* Proactively refreshes the access token when it is within REFRESH_BUFFER_SECONDS of
|
|
41
|
+
* expiry so that Server Components always receive a fresh session. The refresh also
|
|
42
|
+
* recovers expired tokens as long as a refresh token is present.
|
|
43
|
+
*
|
|
44
|
+
* The updated session cookie is written to:
|
|
45
|
+
* - The response → browser stores the new cookie for subsequent requests.
|
|
46
|
+
* - The forwarded request headers → the same-request Server Component render sees
|
|
47
|
+
* the fresh token immediately without waiting for the next navigation.
|
|
48
|
+
*
|
|
49
|
+
* Token refresh requires baseUrl, clientId, and clientSecret. These are resolved from
|
|
50
|
+
* the options argument first, then from the standard ThunderID environment variables
|
|
51
|
+
* (NEXT_PUBLIC_THUNDERID_BASE_URL, NEXT_PUBLIC_THUNDERID_CLIENT_ID,
|
|
52
|
+
* THUNDERID_CLIENT_SECRET). If none are available the refresh step is skipped silently.
|
|
53
|
+
*
|
|
54
|
+
* @param handler - Optional handler function to customize proxy behavior
|
|
55
|
+
* @param options - Configuration options for the proxy
|
|
56
|
+
* @returns Next.js middleware function
|
|
57
|
+
*
|
|
58
|
+
* @example
|
|
59
|
+
* ```typescript
|
|
60
|
+
* // middleware.ts - Basic usage (config read from env vars automatically)
|
|
61
|
+
* import { thunderIDProxy } from '@thunderid/nextjs/server';
|
|
62
|
+
*
|
|
63
|
+
* export default thunderIDProxy();
|
|
64
|
+
*
|
|
65
|
+
* export const config = {
|
|
66
|
+
* matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
|
|
67
|
+
* };
|
|
68
|
+
* ```
|
|
69
|
+
*
|
|
70
|
+
* @example
|
|
71
|
+
* ```typescript
|
|
72
|
+
* // With route protection
|
|
73
|
+
* import { thunderIDProxy, createRouteMatcher } from '@thunderid/nextjs/server';
|
|
74
|
+
*
|
|
75
|
+
* const isProtectedRoute = createRouteMatcher(['/dashboard(.*)']);
|
|
76
|
+
*
|
|
77
|
+
* export default thunderIDProxy(async (thunderid, req) => {
|
|
78
|
+
* if (isProtectedRoute(req)) {
|
|
79
|
+
* await thunderid.protectRoute();
|
|
80
|
+
* }
|
|
81
|
+
* });
|
|
82
|
+
* ```
|
|
83
|
+
*/
|
|
84
|
+
const thunderIDProxy = (handler, options) => async (request) => {
|
|
85
|
+
const resolvedConfig = require_decorateConfigWithNextEnv.default(typeof options === "function" ? options(request) : options || {});
|
|
86
|
+
const url = new URL(request.url);
|
|
87
|
+
const hasCallbackParams = url.searchParams.has("code") && url.searchParams.has("state");
|
|
88
|
+
let isValidOAuthCallback = false;
|
|
89
|
+
if (hasCallbackParams && !url.searchParams.has("error")) {
|
|
90
|
+
const tempSessionToken = request.cookies.get(require_SessionManager.default.getTempSessionCookieName())?.value;
|
|
91
|
+
if (tempSessionToken) try {
|
|
92
|
+
await require_SessionManager.default.verifyTempSession(tempSessionToken);
|
|
93
|
+
isValidOAuthCallback = true;
|
|
94
|
+
} catch {
|
|
95
|
+
isValidOAuthCallback = false;
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
const verifiedSession = await require_sessionUtils.getSessionFromRequest(request);
|
|
99
|
+
let expiredSession;
|
|
100
|
+
if (!verifiedSession) {
|
|
101
|
+
const rawToken = request.cookies.get(require_SessionManager.default.getSessionCookieName())?.value;
|
|
102
|
+
if (rawToken) try {
|
|
103
|
+
const decoded = await require_SessionManager.default.verifySessionTokenForRefresh(rawToken);
|
|
104
|
+
if (decoded.refreshToken) expiredSession = decoded;
|
|
105
|
+
} catch {}
|
|
106
|
+
}
|
|
107
|
+
const now = Math.floor(Date.now() / 1e3);
|
|
108
|
+
const candidateSession = verifiedSession ?? expiredSession;
|
|
109
|
+
const hasRefreshConfig = !!(resolvedConfig.baseUrl && resolvedConfig.clientId && resolvedConfig.clientSecret);
|
|
110
|
+
const needsRefresh = !isValidOAuthCallback && hasRefreshConfig && !!candidateSession?.refreshToken && (!!verifiedSession && verifiedSession.exp <= now + require_sessionConstants.REFRESH_BUFFER_SECONDS || !!expiredSession);
|
|
111
|
+
let activeSession = verifiedSession;
|
|
112
|
+
let refreshCookieUpdate;
|
|
113
|
+
if (needsRefresh && candidateSession) try {
|
|
114
|
+
const { newSessionToken, sessionCookieExpiryTime } = await require_handleRefreshToken.default(candidateSession, {
|
|
115
|
+
baseUrl: resolvedConfig.baseUrl,
|
|
116
|
+
clientId: resolvedConfig.clientId,
|
|
117
|
+
clientSecret: resolvedConfig.clientSecret,
|
|
118
|
+
sessionCookie: resolvedConfig.sessionCookie
|
|
119
|
+
});
|
|
120
|
+
activeSession = await require_SessionManager.default.verifySessionToken(newSessionToken);
|
|
121
|
+
refreshCookieUpdate = {
|
|
122
|
+
expiry: sessionCookieExpiryTime,
|
|
123
|
+
token: newSessionToken
|
|
124
|
+
};
|
|
125
|
+
} catch {
|
|
126
|
+
activeSession = void 0;
|
|
127
|
+
}
|
|
128
|
+
const rawSessionCookie = request.cookies.get(require_SessionManager.default.getSessionCookieName())?.value;
|
|
129
|
+
let shouldClearCookie = false;
|
|
130
|
+
if (!isValidOAuthCallback && rawSessionCookie && !activeSession && !refreshCookieUpdate) shouldClearCookie = true;
|
|
131
|
+
const sessionId = activeSession?.sessionId ?? await require_sessionUtils.getSessionIdFromRequest(request);
|
|
132
|
+
const isAuthenticated = !!activeSession;
|
|
133
|
+
const handlerResponse = handler ? await handler({
|
|
134
|
+
getSession: async () => activeSession,
|
|
135
|
+
getSessionId: () => sessionId,
|
|
136
|
+
isSignedIn: () => isAuthenticated,
|
|
137
|
+
protectRoute: async (routeOptions) => {
|
|
138
|
+
if (isValidOAuthCallback) return;
|
|
139
|
+
if (!isAuthenticated) {
|
|
140
|
+
const referer = request.headers.get("referer");
|
|
141
|
+
let fallbackRedirect = "/";
|
|
142
|
+
if (referer) try {
|
|
143
|
+
const refererUrl = new URL(referer);
|
|
144
|
+
const requestUrl = new URL(request.url);
|
|
145
|
+
if (refererUrl.origin === requestUrl.origin) fallbackRedirect = refererUrl.pathname + refererUrl.search;
|
|
146
|
+
} catch {}
|
|
147
|
+
const redirectUrl = routeOptions?.redirect ?? resolvedConfig.signInUrl ?? fallbackRedirect;
|
|
148
|
+
return next_server.NextResponse.redirect(new URL(redirectUrl, request.url));
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
}, request) : void 0;
|
|
152
|
+
if (shouldClearCookie) {
|
|
153
|
+
const cookieName$1 = require_SessionManager.default.getSessionCookieName();
|
|
154
|
+
if (handlerResponse) {
|
|
155
|
+
handlerResponse.cookies.delete(cookieName$1);
|
|
156
|
+
return handlerResponse;
|
|
157
|
+
}
|
|
158
|
+
const requestHeaders$1 = new Headers(request.headers);
|
|
159
|
+
requestHeaders$1.set("cookie", removeCookieFromHeader(request.headers.get("cookie") ?? "", cookieName$1));
|
|
160
|
+
const cleanResponse = next_server.NextResponse.next({ request: { headers: requestHeaders$1 } });
|
|
161
|
+
cleanResponse.cookies.delete(cookieName$1);
|
|
162
|
+
return cleanResponse;
|
|
163
|
+
}
|
|
164
|
+
if (!refreshCookieUpdate) return handlerResponse ?? next_server.NextResponse.next();
|
|
165
|
+
const cookieName = require_SessionManager.default.getSessionCookieName();
|
|
166
|
+
const cookieOptions = require_SessionManager.default.getSessionCookieOptions(refreshCookieUpdate.expiry);
|
|
167
|
+
if (handlerResponse) {
|
|
168
|
+
handlerResponse.cookies.set(cookieName, refreshCookieUpdate.token, cookieOptions);
|
|
169
|
+
return handlerResponse;
|
|
170
|
+
}
|
|
171
|
+
const requestHeaders = new Headers(request.headers);
|
|
172
|
+
const updatedCookieHeader = replaceCookieInHeader(request.headers.get("cookie") ?? "", cookieName, refreshCookieUpdate.token);
|
|
173
|
+
requestHeaders.set("cookie", updatedCookieHeader);
|
|
174
|
+
const response = next_server.NextResponse.next({ request: { headers: requestHeaders } });
|
|
175
|
+
response.cookies.set(cookieName, refreshCookieUpdate.token, cookieOptions);
|
|
176
|
+
return response;
|
|
177
|
+
};
|
|
178
|
+
var thunderIDProxy_default = thunderIDProxy;
|
|
179
|
+
|
|
180
|
+
//#endregion
|
|
181
|
+
exports.default = thunderIDProxy_default;
|
|
182
|
+
//# sourceMappingURL=thunderIDProxy.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"thunderIDProxy.cjs","names":["eqIdx: number","parts: string[]","updated: string[]","resolvedConfig: ThunderIDNextConfig","decorateConfigWithNextEnv","url: URL","hasCallbackParams: boolean","tempSessionToken: string | undefined","SessionManager","verifiedSession: SessionTokenPayload | undefined","getSessionFromRequest","expiredSession: SessionTokenPayload | undefined","rawToken: string | undefined","decoded: SessionTokenPayload","now: number","candidateSession: SessionTokenPayload | undefined","needsRefresh: boolean","REFRESH_BUFFER_SECONDS","activeSession: SessionTokenPayload | undefined","refreshCookieUpdate: {expiry: number; token: string} | undefined","handleRefreshToken","rawSessionCookie: string | undefined","sessionId: string | undefined","getSessionIdFromRequest","handlerResponse: NextResponse | void","referer: string | null","refererUrl: URL","requestUrl: URL","redirectUrl: string","NextResponse","cookieName: string","cookieName","requestHeaders: Headers","cleanResponse: NextResponse","requestHeaders","cookieOptions: ReturnType<typeof SessionManager.getSessionCookieOptions>","updatedCookieHeader: string","response: NextResponse"],"sources":["../../../../src/server/proxy/thunderIDProxy.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\nimport {NextRequest, NextResponse} from 'next/server';\nimport {REFRESH_BUFFER_SECONDS} from '../../constants/sessionConstants';\nimport {ThunderIDNextConfig} from '../../models/config';\nimport decorateConfigWithNextEnv from '../../utils/decorateConfigWithNextEnv';\nimport handleRefreshToken from '../../utils/handleRefreshToken';\nimport SessionManager, {SessionTokenPayload} from '../../utils/SessionManager';\nimport {getSessionFromRequest, getSessionIdFromRequest} from '../../utils/sessionUtils';\n\nexport type ThunderIDProxyOptions = Partial<ThunderIDNextConfig>;\n\nexport interface ThunderIDProxyContext {\n /** Get the session payload from JWT session if available */\n getSession: () => Promise<SessionTokenPayload | undefined>;\n /** Get the session ID from the current request */\n getSessionId: () => string | undefined;\n /** Check if the current request has a valid ThunderID session */\n isSignedIn: () => boolean;\n /**\n * Protect a route by redirecting unauthenticated users.\n * Redirect URL fallback order:\n * 1. options.redirect\n * 2. resolvedOptions.signInUrl\n * 3. resolvedOptions.defaultRedirect\n * 4. referer (if from same origin)\n * If none are available, falls back to '/'.\n */\n protectRoute: (routeOptions?: {redirect?: string}) => Promise<NextResponse | void>;\n}\n\ntype ThunderIDProxyHandler = (\n thunderid: ThunderIDProxyContext,\n req: NextRequest,\n) => Promise<NextResponse | void> | NextResponse | void;\n\n/**\n * Removes a named cookie from a raw Cookie header string.\n */\nconst removeCookieFromHeader = (cookieHeader: string, name: string): string =>\n cookieHeader\n .split(';')\n .map((p: string) => p.trim())\n .filter((p: string) => {\n const eqIdx: number = p.indexOf('=');\n const partName: string = eqIdx === -1 ? p : p.slice(0, eqIdx).trim();\n return partName !== name;\n })\n .join('; ');\n\n/**\n * Replaces the value of a named cookie inside a raw Cookie header string.\n * If the cookie does not already appear in the header it is appended.\n */\nconst replaceCookieInHeader = (cookieHeader: string, name: string, value: string): string => {\n const parts: string[] = cookieHeader\n .split(';')\n .map((p: string) => p.trim())\n .filter(Boolean);\n\n let found = false;\n const updated: string[] = parts.map((part: string) => {\n const eqIdx: number = part.indexOf('=');\n const partName: string = eqIdx === -1 ? part : part.slice(0, eqIdx).trim();\n if (partName === name) {\n found = true;\n return `${name}=${value}`;\n }\n return part;\n });\n\n if (!found) {\n updated.push(`${name}=${value}`);\n }\n\n return updated.join('; ');\n};\n\n/**\n * ThunderID proxy that integrates authentication into your Next.js application.\n * Similar to Clerk's clerkMiddleware pattern.\n *\n * Proactively refreshes the access token when it is within REFRESH_BUFFER_SECONDS of\n * expiry so that Server Components always receive a fresh session. The refresh also\n * recovers expired tokens as long as a refresh token is present.\n *\n * The updated session cookie is written to:\n * - The response → browser stores the new cookie for subsequent requests.\n * - The forwarded request headers → the same-request Server Component render sees\n * the fresh token immediately without waiting for the next navigation.\n *\n * Token refresh requires baseUrl, clientId, and clientSecret. These are resolved from\n * the options argument first, then from the standard ThunderID environment variables\n * (NEXT_PUBLIC_THUNDERID_BASE_URL, NEXT_PUBLIC_THUNDERID_CLIENT_ID,\n * THUNDERID_CLIENT_SECRET). If none are available the refresh step is skipped silently.\n *\n * @param handler - Optional handler function to customize proxy behavior\n * @param options - Configuration options for the proxy\n * @returns Next.js middleware function\n *\n * @example\n * ```typescript\n * // middleware.ts - Basic usage (config read from env vars automatically)\n * import { thunderIDProxy } from '@thunderid/nextjs/server';\n *\n * export default thunderIDProxy();\n *\n * export const config = {\n * matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],\n * };\n * ```\n *\n * @example\n * ```typescript\n * // With route protection\n * import { thunderIDProxy, createRouteMatcher } from '@thunderid/nextjs/server';\n *\n * const isProtectedRoute = createRouteMatcher(['/dashboard(.*)']);\n *\n * export default thunderIDProxy(async (thunderid, req) => {\n * if (isProtectedRoute(req)) {\n * await thunderid.protectRoute();\n * }\n * });\n * ```\n */\nconst thunderIDProxy =\n (\n handler?: ThunderIDProxyHandler,\n options?: ThunderIDProxyOptions | ((req: NextRequest) => ThunderIDProxyOptions),\n ): ((request: NextRequest) => Promise<NextResponse>) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const resolvedOptions: ThunderIDProxyOptions = typeof options === 'function' ? options(request) : options || {};\n\n // Resolve full config from passed options + environment variable fallbacks.\n const resolvedConfig: ThunderIDNextConfig = decorateConfigWithNextEnv(resolvedOptions as ThunderIDNextConfig);\n\n // ── OAuth callback detection ──────────────────────────────────────────────\n const url: URL = new URL(request.url);\n const hasCallbackParams: boolean = url.searchParams.has('code') && url.searchParams.has('state');\n\n let isValidOAuthCallback = false;\n if (hasCallbackParams && !url.searchParams.has('error')) {\n const tempSessionToken: string | undefined = request.cookies.get(\n SessionManager.getTempSessionCookieName(),\n )?.value;\n if (tempSessionToken) {\n try {\n await SessionManager.verifyTempSession(tempSessionToken);\n isValidOAuthCallback = true;\n } catch {\n isValidOAuthCallback = false;\n }\n }\n }\n\n // ── Session resolution ────────────────────────────────────────────────────\n // Step 1: Attempt to get a fully verified (signature + expiry) session.\n const verifiedSession: SessionTokenPayload | undefined = await getSessionFromRequest(request);\n\n // Step 2: If no verified session exists, verify the raw cookie's signature\n // without enforcing expiry. This allows the proxy to recover from an\n // expired access token as long as the JWT is authentic and a refresh token\n // is present. Skipping the signature check here would let a tampered cookie\n // drive identity-confusion attacks since handleRefreshToken reuses `sub`,\n // `sessionId`, and `organizationId` from the input payload when minting the\n // new session JWT.\n let expiredSession: SessionTokenPayload | undefined;\n if (!verifiedSession) {\n const rawToken: string | undefined = request.cookies.get(SessionManager.getSessionCookieName())?.value;\n if (rawToken) {\n try {\n const decoded: SessionTokenPayload = await SessionManager.verifySessionTokenForRefresh(rawToken);\n if (decoded.refreshToken) {\n expiredSession = decoded;\n }\n } catch {\n // Forged, tampered, wrong type, or malformed — ignore.\n }\n }\n }\n\n // ── Token refresh ─────────────────────────────────────────────────────────\n const now: number = Math.floor(Date.now() / 1000);\n const candidateSession: SessionTokenPayload | undefined = verifiedSession ?? expiredSession;\n\n // Config is required to call the token endpoint.\n const hasRefreshConfig = !!(resolvedConfig.baseUrl && resolvedConfig.clientId && resolvedConfig.clientSecret);\n\n // Refresh when:\n // a) Token is verified but within the proactive buffer window, OR\n // b) Token has already expired but a refresh token is available.\n const needsRefresh: boolean =\n !isValidOAuthCallback &&\n hasRefreshConfig &&\n !!candidateSession?.refreshToken &&\n ((!!verifiedSession && verifiedSession.exp <= now + REFRESH_BUFFER_SECONDS) || !!expiredSession);\n\n let activeSession: SessionTokenPayload | undefined = verifiedSession;\n let refreshCookieUpdate: {expiry: number; token: string} | undefined;\n\n if (needsRefresh && candidateSession) {\n try {\n const {newSessionToken, sessionCookieExpiryTime} = await handleRefreshToken(candidateSession, {\n baseUrl: resolvedConfig.baseUrl!,\n clientId: resolvedConfig.clientId!,\n clientSecret: resolvedConfig.clientSecret!,\n sessionCookie: resolvedConfig.sessionCookie,\n });\n // Verify the newly minted token so activeSession reflects fresh claims.\n activeSession = await SessionManager.verifySessionToken(newSessionToken);\n refreshCookieUpdate = {expiry: sessionCookieExpiryTime, token: newSessionToken};\n } catch {\n // Refresh failed — clear the irrecoverable session.\n activeSession = undefined;\n }\n }\n\n // ── Session cleanup detection ─────────────────────────────────────────────\n // Mark stale cookies for deletion when the session is irrecoverable. Skipped\n // during OAuth callbacks where a session cookie may not exist yet.\n const rawSessionCookie: string | undefined = request.cookies.get(SessionManager.getSessionCookieName())?.value;\n\n let shouldClearCookie = false;\n\n if (!isValidOAuthCallback && rawSessionCookie && !activeSession && !refreshCookieUpdate) {\n // A cookie was present but all resolution paths (verify, decode, refresh)\n // failed — the session is dead and cannot be recovered.\n shouldClearCookie = true;\n }\n\n const sessionId: string | undefined = activeSession?.sessionId ?? (await getSessionIdFromRequest(request));\n const isAuthenticated = !!activeSession;\n\n // ── Proxy context ─────────────────────────────────────────────────────────\n const thunderid: ThunderIDProxyContext = {\n getSession: async (): Promise<SessionTokenPayload | undefined> => activeSession,\n getSessionId: (): string | undefined => sessionId,\n isSignedIn: (): boolean => isAuthenticated,\n protectRoute: async (routeOptions?: {redirect?: string}): Promise<NextResponse | void> => {\n // Skip during a valid OAuth callback to avoid redirecting before the\n // callback action has had a chance to complete.\n if (isValidOAuthCallback) {\n return undefined;\n }\n\n if (!isAuthenticated) {\n const referer: string | null = request.headers.get('referer');\n let fallbackRedirect = '/';\n\n if (referer) {\n try {\n const refererUrl: URL = new URL(referer);\n const requestUrl: URL = new URL(request.url);\n if (refererUrl.origin === requestUrl.origin) {\n fallbackRedirect = refererUrl.pathname + refererUrl.search;\n }\n } catch {\n // Invalid referer — ignore.\n }\n }\n\n const redirectUrl: string = routeOptions?.redirect ?? resolvedConfig.signInUrl! ?? fallbackRedirect;\n\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n }\n\n return undefined;\n },\n };\n\n // ── Handler ───────────────────────────────────────────────────────────────\n const handlerResponse: NextResponse | void = handler ? await handler(thunderid, request) : undefined;\n\n // ── Build final response ──────────────────────────────────────────────────\n if (shouldClearCookie) {\n const cookieName: string = SessionManager.getSessionCookieName();\n\n if (handlerResponse) {\n // Handler returned a response (e.g. a redirect from protectRoute).\n // Attach the deletion so the browser discards the stale cookie.\n handlerResponse.cookies.delete(cookieName);\n return handlerResponse;\n }\n\n // Pass-through: strip the dead cookie from the forwarded request headers\n // so the same-request Server Component render sees no session at all.\n const requestHeaders: Headers = new Headers(request.headers);\n requestHeaders.set('cookie', removeCookieFromHeader(request.headers.get('cookie') ?? '', cookieName));\n const cleanResponse: NextResponse = NextResponse.next({request: {headers: requestHeaders}});\n cleanResponse.cookies.delete(cookieName);\n return cleanResponse;\n }\n\n if (!refreshCookieUpdate) {\n return handlerResponse ?? NextResponse.next();\n }\n\n // A token refresh occurred — the new session cookie must be applied to:\n // 1. The HTTP response so the browser stores the updated cookie.\n // 2. The forwarded request headers so the same-request Server Component\n // render reads the fresh session token instead of the expired one.\n const cookieName: string = SessionManager.getSessionCookieName();\n const cookieOptions: ReturnType<typeof SessionManager.getSessionCookieOptions> =\n SessionManager.getSessionCookieOptions(refreshCookieUpdate.expiry);\n\n if (handlerResponse) {\n // Handler returned a response (e.g. a redirect from protectRoute).\n // Attach the refresh cookie so the browser receives it even on redirects.\n handlerResponse.cookies.set(cookieName, refreshCookieUpdate.token, cookieOptions);\n return handlerResponse;\n }\n\n // Default pass-through: update both the response cookie and the request\n // Cookie header so the downstream Server Component render is not stale.\n const requestHeaders: Headers = new Headers(request.headers);\n const updatedCookieHeader: string = replaceCookieInHeader(\n request.headers.get('cookie') ?? '',\n cookieName,\n refreshCookieUpdate.token,\n );\n requestHeaders.set('cookie', updatedCookieHeader);\n\n const response: NextResponse = NextResponse.next({request: {headers: requestHeaders}});\n response.cookies.set(cookieName, refreshCookieUpdate.token, cookieOptions);\n return response;\n };\n\nexport default thunderIDProxy;\n"],"mappings":";;;;;;;;;;;;;AAuDA,MAAM,0BAA0B,cAAsB,SACpD,aACG,MAAM,IAAI,CACV,KAAK,MAAc,EAAE,MAAM,CAAC,CAC5B,QAAQ,MAAc;CACrB,MAAMA,QAAgB,EAAE,QAAQ,IAAI;AAEpC,SADyB,UAAU,KAAK,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,MAChD;EACpB,CACD,KAAK,KAAK;;;;;AAMf,MAAM,yBAAyB,cAAsB,MAAc,UAA0B;CAC3F,MAAMC,QAAkB,aACrB,MAAM,IAAI,CACV,KAAK,MAAc,EAAE,MAAM,CAAC,CAC5B,OAAO,QAAQ;CAElB,IAAI,QAAQ;CACZ,MAAMC,UAAoB,MAAM,KAAK,SAAiB;EACpD,MAAMF,QAAgB,KAAK,QAAQ,IAAI;AAEvC,OADyB,UAAU,KAAK,OAAO,KAAK,MAAM,GAAG,MAAM,CAAC,MAAM,MACzD,MAAM;AACrB,WAAQ;AACR,UAAO,GAAG,KAAK,GAAG;;AAEpB,SAAO;GACP;AAEF,KAAI,CAAC,MACH,SAAQ,KAAK,GAAG,KAAK,GAAG,QAAQ;AAGlC,QAAO,QAAQ,KAAK,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmD3B,MAAM,kBAEF,SACA,YAEF,OAAO,YAAgD;CAIrD,MAAMG,iBAAsCC,0CAHG,OAAO,YAAY,aAAa,QAAQ,QAAQ,GAAG,WAAW,EAAE,CAGF;CAG7G,MAAMC,MAAW,IAAI,IAAI,QAAQ,IAAI;CACrC,MAAMC,oBAA6B,IAAI,aAAa,IAAI,OAAO,IAAI,IAAI,aAAa,IAAI,QAAQ;CAEhG,IAAI,uBAAuB;AAC3B,KAAI,qBAAqB,CAAC,IAAI,aAAa,IAAI,QAAQ,EAAE;EACvD,MAAMC,mBAAuC,QAAQ,QAAQ,IAC3DC,+BAAe,0BAA0B,CAC1C,EAAE;AACH,MAAI,iBACF,KAAI;AACF,SAAMA,+BAAe,kBAAkB,iBAAiB;AACxD,0BAAuB;UACjB;AACN,0BAAuB;;;CAO7B,MAAMC,kBAAmD,MAAMC,2CAAsB,QAAQ;CAS7F,IAAIC;AACJ,KAAI,CAAC,iBAAiB;EACpB,MAAMC,WAA+B,QAAQ,QAAQ,IAAIJ,+BAAe,sBAAsB,CAAC,EAAE;AACjG,MAAI,SACF,KAAI;GACF,MAAMK,UAA+B,MAAML,+BAAe,6BAA6B,SAAS;AAChG,OAAI,QAAQ,aACV,kBAAiB;UAEb;;CAOZ,MAAMM,MAAc,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;CACjD,MAAMC,mBAAoD,mBAAmB;CAG7E,MAAM,mBAAmB,CAAC,EAAE,eAAe,WAAW,eAAe,YAAY,eAAe;CAKhG,MAAMC,eACJ,CAAC,wBACD,oBACA,CAAC,CAAC,kBAAkB,iBAClB,CAAC,CAAC,mBAAmB,gBAAgB,OAAO,MAAMC,mDAA2B,CAAC,CAAC;CAEnF,IAAIC,gBAAiD;CACrD,IAAIC;AAEJ,KAAI,gBAAgB,iBAClB,KAAI;EACF,MAAM,EAAC,iBAAiB,4BAA2B,MAAMC,mCAAmB,kBAAkB;GAC5F,SAAS,eAAe;GACxB,UAAU,eAAe;GACzB,cAAc,eAAe;GAC7B,eAAe,eAAe;GAC/B,CAAC;AAEF,kBAAgB,MAAMZ,+BAAe,mBAAmB,gBAAgB;AACxE,wBAAsB;GAAC,QAAQ;GAAyB,OAAO;GAAgB;SACzE;AAEN,kBAAgB;;CAOpB,MAAMa,mBAAuC,QAAQ,QAAQ,IAAIb,+BAAe,sBAAsB,CAAC,EAAE;CAEzG,IAAI,oBAAoB;AAExB,KAAI,CAAC,wBAAwB,oBAAoB,CAAC,iBAAiB,CAAC,oBAGlE,qBAAoB;CAGtB,MAAMc,YAAgC,eAAe,aAAc,MAAMC,6CAAwB,QAAQ;CACzG,MAAM,kBAAkB,CAAC,CAAC;CAwC1B,MAAMC,kBAAuC,UAAU,MAAM,QArCpB;EACvC,YAAY,YAAsD;EAClE,oBAAwC;EACxC,kBAA2B;EAC3B,cAAc,OAAO,iBAAqE;AAGxF,OAAI,qBACF;AAGF,OAAI,CAAC,iBAAiB;IACpB,MAAMC,UAAyB,QAAQ,QAAQ,IAAI,UAAU;IAC7D,IAAI,mBAAmB;AAEvB,QAAI,QACF,KAAI;KACF,MAAMC,aAAkB,IAAI,IAAI,QAAQ;KACxC,MAAMC,aAAkB,IAAI,IAAI,QAAQ,IAAI;AAC5C,SAAI,WAAW,WAAW,WAAW,OACnC,oBAAmB,WAAW,WAAW,WAAW;YAEhD;IAKV,MAAMC,cAAsB,cAAc,YAAY,eAAe,aAAc;AAEnF,WAAOC,yBAAa,SAAS,IAAI,IAAI,aAAa,QAAQ,IAAI,CAAC;;;EAKpE,EAG+E,QAAQ,GAAG;AAG3F,KAAI,mBAAmB;EACrB,MAAMC,eAAqBtB,+BAAe,sBAAsB;AAEhE,MAAI,iBAAiB;AAGnB,mBAAgB,QAAQ,OAAOuB,aAAW;AAC1C,UAAO;;EAKT,MAAMC,mBAA0B,IAAI,QAAQ,QAAQ,QAAQ;AAC5D,mBAAe,IAAI,UAAU,uBAAuB,QAAQ,QAAQ,IAAI,SAAS,IAAI,IAAID,aAAW,CAAC;EACrG,MAAME,gBAA8BJ,yBAAa,KAAK,EAAC,SAAS,EAAC,SAASK,kBAAe,EAAC,CAAC;AAC3F,gBAAc,QAAQ,OAAOH,aAAW;AACxC,SAAO;;AAGT,KAAI,CAAC,oBACH,QAAO,mBAAmBF,yBAAa,MAAM;CAO/C,MAAMC,aAAqBtB,+BAAe,sBAAsB;CAChE,MAAM2B,gBACJ3B,+BAAe,wBAAwB,oBAAoB,OAAO;AAEpE,KAAI,iBAAiB;AAGnB,kBAAgB,QAAQ,IAAI,YAAY,oBAAoB,OAAO,cAAc;AACjF,SAAO;;CAKT,MAAMwB,iBAA0B,IAAI,QAAQ,QAAQ,QAAQ;CAC5D,MAAMI,sBAA8B,sBAClC,QAAQ,QAAQ,IAAI,SAAS,IAAI,IACjC,YACA,oBAAoB,MACrB;AACD,gBAAe,IAAI,UAAU,oBAAoB;CAEjD,MAAMC,WAAyBR,yBAAa,KAAK,EAAC,SAAS,EAAC,SAAS,gBAAe,EAAC,CAAC;AACtF,UAAS,QAAQ,IAAI,YAAY,oBAAoB,OAAO,cAAc;AAC1E,QAAO;;AAGX,6BAAe"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
const require_getSessionId = require('./actions/getSessionId.cjs');
|
|
2
|
+
const require_getClient = require('./getClient.cjs');
|
|
3
|
+
|
|
4
|
+
//#region src/server/thunderid.ts
|
|
5
|
+
const thunderid = async () => {
|
|
6
|
+
const getAccessToken = async (sessionId) => {
|
|
7
|
+
return require_getClient.default().getAccessToken(sessionId);
|
|
8
|
+
};
|
|
9
|
+
const getSessionId = async () => require_getSessionId.default();
|
|
10
|
+
const exchangeToken = async (config, sessionId) => {
|
|
11
|
+
return require_getClient.default().exchangeToken(config, sessionId);
|
|
12
|
+
};
|
|
13
|
+
const reInitialize = async (config) => {
|
|
14
|
+
return require_getClient.default().reInitialize(config);
|
|
15
|
+
};
|
|
16
|
+
return {
|
|
17
|
+
exchangeToken,
|
|
18
|
+
getAccessToken,
|
|
19
|
+
getSessionId,
|
|
20
|
+
reInitialize
|
|
21
|
+
};
|
|
22
|
+
};
|
|
23
|
+
var thunderid_default = thunderid;
|
|
24
|
+
|
|
25
|
+
//#endregion
|
|
26
|
+
exports.default = thunderid_default;
|
|
27
|
+
//# sourceMappingURL=thunderid.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"thunderid.cjs","names":["getClient","getSessionIdAction"],"sources":["../../../src/server/thunderid.ts"],"sourcesContent":["/**\n * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).\n *\n * WSO2 LLC. licenses this file to you under the Apache License,\n * Version 2.0 (the \"License\"); you may not use this file except\n * in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\nimport {TokenExchangeRequestConfig, TokenResponse} from '@thunderid/node';\nimport getSessionIdAction from './actions/getSessionId';\nimport getClient from './getClient';\nimport {ThunderIDNextConfig} from '../models/config';\n\nconst thunderid = async (): Promise<{\n exchangeToken: (config: TokenExchangeRequestConfig, sessionId: string) => Promise<TokenResponse | Response>;\n getAccessToken: (sessionId: string) => Promise<string>;\n getSessionId: () => Promise<string | undefined>;\n reInitialize: (config: Partial<ThunderIDNextConfig>) => Promise<boolean>;\n}> => {\n const getAccessToken = async (sessionId: string): Promise<string> => {\n const client = getClient();\n return client.getAccessToken(sessionId);\n };\n\n const getSessionId = async (): Promise<string | undefined> => getSessionIdAction();\n\n const exchangeToken = async (\n config: TokenExchangeRequestConfig,\n sessionId: string,\n ): Promise<TokenResponse | Response> => {\n const client = getClient();\n return client.exchangeToken(config, sessionId);\n };\n\n const reInitialize = async (config: Partial<ThunderIDNextConfig>): Promise<boolean> => {\n const client = getClient();\n return client.reInitialize(config);\n };\n\n return {\n exchangeToken,\n getAccessToken,\n getSessionId,\n reInitialize,\n };\n};\n\nexport default thunderid;\n"],"mappings":";;;;AAuBA,MAAM,YAAY,YAKZ;CACJ,MAAM,iBAAiB,OAAO,cAAuC;AAEnE,SADeA,2BAAW,CACZ,eAAe,UAAU;;CAGzC,MAAM,eAAe,YAAyCC,8BAAoB;CAElF,MAAM,gBAAgB,OACpB,QACA,cACsC;AAEtC,SADeD,2BAAW,CACZ,cAAc,QAAQ,UAAU;;CAGhD,MAAM,eAAe,OAAO,WAA2D;AAErF,SADeA,2BAAW,CACZ,aAAa,OAAO;;AAGpC,QAAO;EACL;EACA;EACA;EACA;EACD;;AAGH,wBAAe"}
|