azirid-react 0.14.0 → 0.14.2

package/README.md

@@ -33,10 +33,7 @@ import { AziridProvider } from 'azirid-react'
 
 export default function RootLayout({ children }: { children: React.ReactNode }) {
   return (
-    <AziridProvider
-      publishableKey={process.env.NEXT_PUBLIC_AZIRID_PK!}
-      apiUrl={process.env.NEXT_PUBLIC_AZIRID_API_URL}
-    >
+    <AziridProvider publishableKey={process.env.NEXT_PUBLIC_AZIRID_PK!}>
       {children}
     </AziridProvider>
   )
@@ -76,10 +73,7 @@ export default function LoginPage() {
 
 ```env
 # .env
-NEXT_PUBLIC_AZIRID_API_URL=https://api.azirid.com
 NEXT_PUBLIC_AZIRID_PK=pk_live_...
-# Server-side only (used by middleware for JWKS validation)
-AZIRID_API_URL=https://api.azirid.com
 ```
 
 ---
@@ -93,10 +87,7 @@ AZIRID_API_URL=https://api.azirid.com
 import { AziridProvider } from 'azirid-react'
 
 createRoot(document.getElementById('root')!).render(
-  <AziridProvider
-    apiUrl={import.meta.env.VITE_AZIRID_API_URL || 'https://api.azirid.com'}
-    publishableKey={import.meta.env.VITE_AZIRID_PK}
-  >
+  <AziridProvider publishableKey={import.meta.env.VITE_AZIRID_PK}>
     <App />
   </AziridProvider>,
 )
@@ -105,7 +96,6 @@ createRoot(document.getElementById('root')!).render(
 ### 2. Configure your environment
 
 ```env
-VITE_AZIRID_API_URL=https://api.azirid.com
 VITE_AZIRID_PK=pk_live_...
 ```
 
@@ -1306,7 +1296,6 @@ function createAccessClient(
 | Prop               | Type                      | Default | Description                                                                      |
 | ------------------ | ------------------------- | ------- | -------------------------------------------------------------------------------- |
 | `children`         | `ReactNode`               | —       | **Required.** Your app tree                                                      |
-| `apiUrl`           | `string`                  | `https://api.azirid.com` | Azirid API URL. Set for local dev or custom deployments    |
 | `publishableKey`   | `string`                  | —       | Publishable key (e.g. `pk_live_...`)                                             |
 | `tenantId`         | `string`                  | —       | Tenant ID for multi-tenant apps                                                  |
 | `fetchOptions`     | `Record<string, string>`  | —       | Extra headers to send with every request                                         |
@@ -1426,7 +1415,7 @@ export function Providers({ children }: { children: React.ReactNode }) {
 
 ### Middleware — Route Protection & JWT Validation
 
-The middleware validates `__session` JWT cookies using JWKS (RS256) and protects routes.
+The middleware validates `__session` JWT cookies using JWKS (RS256) and protects routes server-side — before any HTML reaches the browser. No spinners, no flashes, no client-side redirect logic needed.
 
 #### Next.js 16+ (`proxy.ts`)
 
@@ -1435,9 +1424,25 @@ The middleware validates `__session` JWT cookies using JWKS (RS256) and protects
 import { createAziridProxy } from 'azirid-react/next/proxy'
 
 export const proxy = createAziridProxy({
-  protectedRoutes: ['/dashboard', '/settings'],
+  // Routes that REQUIRE authentication.
+  // Uses startsWith — '/dashboard' protects '/dashboard', '/dashboard/settings', etc.
+  protectedRoutes: ['/dashboard', '/admin', '/settings'],
+
+  // Where to redirect unauthenticated users (default: '/login').
+  // The original URL is preserved as ?redirect= so you can send them back after login.
   loginUrl: '/login',
-  publicRoutes: ['/login', '/signup', '/forgot-password'],
+
+  // Routes that are ALWAYS public, even if they match a protectedRoute.
+  // Default: ['/login', '/signup', '/auth/handoff']
+  publicRoutes: [
+    '/login',
+    '/register',
+    '/forgot-password',
+    '/reset-password',
+    '/pricing',
+    '/legal/terms',
+    '/legal/privacy',
+  ],
 })
 
 export const config = {
@@ -1445,19 +1450,25 @@ export const config = {
 }
 ```
 
-| Option             | Type       | Default       | Description                                      |
-| ------------------ | ---------- | ------------- | ------------------------------------------------ |
-| `cookieName`       | `string`   | `"__session"` | Cookie carrying the access token JWT             |
-| `protectedRoutes`  | `string[]` | —             | Routes that require authentication               |
-| `loginUrl`         | `string`   | `"/login"`    | Redirect target for unauthenticated users        |
-| `publicRoutes`     | `string[]` | login/signup  | Always-accessible routes                         |
-| `jwksUrl`          | `string`   | auto          | Override JWKS endpoint URL                       |
+#### How it works
 
-Environment: set `AZIRID_API_URL` (server-side only) so the middleware knows where to fetch JWKS from.
+1. User visits `/dashboard/settings` without a valid token
+2. Middleware checks: is `/dashboard/settings` protected? Yes (`startsWith('/dashboard')`)
+3. Middleware checks: is it public? No
+4. Middleware redirects to `/login?redirect=/dashboard/settings`
+5. After login, you can read `?redirect=` and send them back
 
-```env
-AZIRID_API_URL=http://localhost:3000
-```
+Routes not listed in `protectedRoutes` are accessible to everyone (e.g. `/`, `/pricing`, `/about`).
+
+#### Options
+
+| Option             | Type       | Default                          | Description                                                   |
+| ------------------ | ---------- | -------------------------------- | ------------------------------------------------------------- |
+| `protectedRoutes`  | `string[]` | —                                | Routes that require auth (matched with `startsWith`)          |
+| `loginUrl`         | `string`   | `"/login"`                       | Redirect target for unauthenticated users                     |
+| `publicRoutes`     | `string[]` | `["/login", "/signup", "/auth/handoff"]` | Always-accessible routes, even if inside a protected path |
+| `cookieName`       | `string`   | `"__session"`                    | Cookie carrying the access token JWT                          |
+| `jwksUrl`          | `string`   | auto                             | Override JWKS endpoint URL                                    |
 
 ---
 
@@ -1489,7 +1500,7 @@ export async function getProfile() {
   const token = await getSessionToken()
   if (!token) throw new Error('Not authenticated')
 
-  const res = await fetch(`${process.env.AZIRID_API_URL}/v1/users/auth/me`, {
+  const res = await fetch('https://api.azirid.com/v1/users/auth/me', {
     headers: { Authorization: `Bearer ${token}` },
   })
   return res.json()
@@ -1507,7 +1518,7 @@ export default async function DashboardPage() {
   const token = await getSessionToken()
   if (!token) redirect('/login')
 
-  const res = await fetch(`${process.env.AZIRID_API_URL}/v1/users/auth/me`, {
+  const res = await fetch('https://api.azirid.com/v1/users/auth/me', {
     headers: { Authorization: `Bearer ${token}` },
   })
   const user = await res.json()

package/dist/index.cjs

@@ -4853,7 +4853,7 @@ function usePasswordToggle() {
 }
 
 // src/index.ts
-var SDK_VERSION = "0.14.0";
+var SDK_VERSION = "0.14.2";
 
 exports.AUTH_BASE_PATH = AUTH_BASE_PATH;
 exports.AuthForm = AuthForm;

package/dist/index.d.cts

@@ -202,16 +202,7 @@ interface RegisterPasskeyData {
 }
 interface AziridProviderProps {
     children: ReactNode;
-    /**
-     * Azirid API URL. Defaults to `https://api.azirid.com`.
-     *
-     * Set this to your API URL for local development or custom deployments.
-     *
-     * @example
-     * ```tsx
-     * <AziridProvider apiUrl="http://localhost:3000" publishableKey="pk_dev_...">
-     * ```
-     */
+    /** @internal Override API URL. Only for Azirid monorepo development. */
     apiUrl?: string;
     /** Extra headers to send with every request */
     fetchOptions?: Record<string, string>;

package/dist/index.d.ts

@@ -202,16 +202,7 @@ interface RegisterPasskeyData {
 }
 interface AziridProviderProps {
     children: ReactNode;
-    /**
-     * Azirid API URL. Defaults to `https://api.azirid.com`.
-     *
-     * Set this to your API URL for local development or custom deployments.
-     *
-     * @example
-     * ```tsx
-     * <AziridProvider apiUrl="http://localhost:3000" publishableKey="pk_dev_...">
-     * ```
-     */
+    /** @internal Override API URL. Only for Azirid monorepo development. */
     apiUrl?: string;
     /** Extra headers to send with every request */
     fetchOptions?: Record<string, string>;

package/dist/index.js

@@ -4851,7 +4851,7 @@ function usePasswordToggle() {
 }
 
 // src/index.ts
-var SDK_VERSION = "0.14.0";
+var SDK_VERSION = "0.14.2";
 
 export { AUTH_BASE_PATH, AuthForm, AziridProvider, CheckoutButton, ForgotPasswordForm, HandoffCallback, InvoiceList, LoginForm, PATHS, PayButton, PayphoneCallback, PayphoneWidgetRenderer, PricingTable, ReferralCard, ReferralStats, ResetPasswordForm, SDK_VERSION, SignupForm, SubscriptionBadge, buildPaths, changePasswordSchema, cn, createAccessClient, createForgotPasswordSchema, createLoginSchema, createMutationHook, createResetPasswordConfirmSchema, createSignupSchema, en, es, forgotPasswordSchema, isAuthError, loginSchema, magicLinkRequestSchema, magicLinkVerifySchema, passkeyRegisterStartSchema, removeStyles, resetPasswordConfirmSchema, resolveMessages, signupSchema, socialLoginSchema, useAccessClient, useAzirid, useBootstrap, useBranches, useBranding, useChangePassword, useCheckout, useFormState, useInvoices, useLogin, useLogout, useMagicLink, useMessages, usePasskeys, usePasswordReset, usePasswordToggle, usePayButton, usePaymentMethods, usePaymentProviders, usePayphoneCheckout, usePayphoneConfirm, usePlans, useReferral, useReferralStats, useRefresh, useSession, useSignup, useSocialLogin, useSubmitTransferProof, useSubscription, useSwitchTenant, useTenantMembers, useTenants, useTransferPayment, useTransferProofs, useUploadTransferProof };
 //# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "azirid-react",
-  "version": "0.14.0",
+  "version": "0.14.2",
   "description": "Authentication components for React and Next.js — Login, Register, powered by TanStack Query and Zod.",
   "author": "Azirid",
   "license": "MIT",