npm - canopycms-auth-clerk - Versions diffs - 0.0.0 → 0.0.2 - Mend

canopycms-auth-clerk 0.0.0 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/clerk-plugin.d.ts +3 -0
package/dist/clerk-plugin.d.ts.map +1 -1
package/dist/clerk-plugin.js +24 -0
package/dist/clerk-plugin.js.map +1 -1
package/dist/jwt-verifier.d.ts +3 -0
package/dist/jwt-verifier.d.ts.map +1 -1
package/dist/jwt-verifier.js +3 -0
package/dist/jwt-verifier.js.map +1 -1
package/package.json +3 -4
package/src/cache-writer.ts +0 -152
package/src/clerk-plugin.test.ts +0 -385
package/src/clerk-plugin.ts +0 -315
package/src/client.ts +0 -38
package/src/index.ts +0 -6
package/src/jwt-verifier.ts +0 -62

package/dist/clerk-plugin.d.ts CHANGED Viewed

@@ -35,6 +35,9 @@ export declare class ClerkAuthPlugin implements AuthPlugin {
     private config;
     private clerkClient;
     constructor(config?: ClerkAuthConfig);
+    verifyTokenOnly(context: unknown): Promise<{
+        userId: string;
+    } | null>;
     authenticate(context: unknown): Promise<AuthenticationResult>;
     searchUsers(query: string, limit?: number): Promise<UserSearchResult[]>;
     getUserMetadata(userId: string): Promise<UserSearchResult | null>;

package/dist/clerk-plugin.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clerk-plugin.d.ts","sourceRoot":"","sources":["../src/clerk-plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACnE,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAC3F,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAEjE,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAA;IAElC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IAEf;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC7B;AAmED;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,SAAS,WAAW,KAAG,MAAM,GAAG,IAiB5D,CAAA;AAED;;;GAGG;AACH,qBAAa,eAAgB,YAAW,UAAU;IAChD,OAAO,CAAC,MAAM,CAIb;IACD,OAAO,CAAC,WAAW,CAAsC;gBAE7C,MAAM,GAAE,eAAoB;IAyBlC,YAAY,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAuE7D,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,SAAK,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAuBnE,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAgBjE,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAqBhE,UAAU,CAAC,KAAK,SAAK,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;CAqBvD;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,iBAAiB,CAAC,eAAe,CAEpE,CAAA"}
1	+ {"version":3,"file":"clerk-plugin.d.ts","sourceRoot":"","sources":["../src/clerk-plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACnE,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAC3F,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAEjE,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAA;IAElC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IAEf;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC7B;AAmED;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,SAAS,WAAW,KAAG,MAAM,GAAG,IAiB5D,CAAA;AAED;;;GAGG;AACH,qBAAa,eAAgB,YAAW,UAAU;IAChD,OAAO,CAAC,MAAM,CAIb;IACD,OAAO,CAAC,WAAW,CAAsC;gBAE7C,MAAM,GAAE,eAAoB;IAyBlC,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAwBrE,YAAY,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAuE7D,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,SAAK,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAuBnE,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAgBjE,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAqBhE,UAAU,CAAC,KAAK,SAAK,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;CAqBvD;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,iBAAiB,CAAC,eAAe,CAEpE,CAAA"}

package/dist/clerk-plugin.js CHANGED Viewed

@@ -68,6 +68,30 @@ export class ClerkAuthPlugin {
         };
         this.clerkClient = createClerkClient({ secretKey });
     }
+    async verifyTokenOnly(context) {
+        if (!this.config.jwtKey) {
+            throw new Error('ClerkAuthPlugin: jwtKey is required for verifyTokenOnly() (networkless JWT verification). ' +
+                'Set CLERK_JWT_KEY or pass jwtKey in ClerkAuthConfig.');
+        }
+        const headers = extractHeaders(context);
+        if (!headers)
+            return null;
+        const token = extractToken(headers);
+        if (!token)
+            return null;
+        try {
+            const verifyOptions = {
+                jwtKey: this.config.jwtKey,
+            };
+            if (this.config.authorizedParties)
+                verifyOptions.authorizedParties = this.config.authorizedParties;
+            const payload = await clerkVerifyToken(token, verifyOptions);
+            return payload?.sub ? { userId: payload.sub } : null;
+        }
+        catch {
+            return null;
+        }
+    }
     async authenticate(context) {
         try {
             // Extract headers from context (supports CanopyRequest and Headers)

package/dist/clerk-plugin.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clerk-plugin.js","sourceRoot":"","sources":["../src/clerk-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,WAAW,IAAI,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAGnF,OAAO,EAAE,cAAc,EAAoB,MAAM,gBAAgB,CAAA;AA2DjE;;;GAGG;AACH,SAAS,mBAAmB,CAAI,QAA0B;IACxD,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;AAC3D,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,SAAwB;IAKhD,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,SAAS,CAAA;IAC3D,OAAO;QACL,KAAK,EACH,SAAS,CAAC,mBAAmB,EAAE,YAAY,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,aAAa;QAC9F,IAAI,EAAE,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,EAAE;QACrF,SAAS,EAAE,SAAS,IAAI,SAAS;KAClC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,GAAsB;IAC/C,OAAO,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,aAAa,CAAA;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,OAAoB,EAAiB,EAAE;IAClE,iCAAiC;IACjC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAC/C,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC5B,CAAC;IAED,uBAAuB;IACvB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACpC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAED;;;GAGG;AACH,MAAM,OAAO,eAAe;IAQ1B,YAAY,SAA0B,EAAE;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;QAClE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAA;QACzD,MAAM,iBAAiB,GACrB,MAAM,CAAC,iBAAiB;YACxB,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,KAAK,CAAC,GAAG,CAAC;iBAC7C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,MAAM,CAAC,OAAO,CAAC,CAAA;QAEpB,IAAI,CAAC,MAAM,GAAG;YACZ,wBAAwB,EAAE,MAAM,CAAC,wBAAwB,IAAI,IAAI;YACjE,SAAS;YACT,MAAM;YACN,iBAAiB;SAClB,CAAA;QAED,IAAI,CAAC,WAAW,GAAG,iBAAiB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAgB;QACjC,IAAI,CAAC;YACH,oEAAoE;YACpE,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;YACvC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,2DAA2D;iBACnE,CAAA;YACH,CAAC;YAED,6BAA6B;YAC7B,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAA;YACnC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAA;YACnE,CAAC;YAED,mBAAmB;YACnB,MAAM,aAAa,GAA2C;gBAC5D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACjC,CAAA;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBACvB,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAA;YAC3C,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAClC,aAAa,CAAC,iBAAiB,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAA;YACjE,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAA;YAE5D,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAA;YAC3D,CAAC;YAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAA;YAE1B,8BAA8B;YAC9B,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAkB,CAAA;YAEjF,uCAAuC;YACvC,IAAI,cAAoC,CAAA;YACxC,IAAI,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC;gBACzC,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,6BAA6B,CAAC;oBACvE,MAAM,EAAE,SAAS,CAAC,EAAE;iBACrB,CAAC,CAA+C,CAAA;gBAEjD,MAAM,WAAW,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAA;gBAC7C,cAAc,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;YAC5D,CAAC;YAED,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAA;YAE5C,0DAA0D;YAC1D,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE;oBACJ,MAAM,EAAE,SAAS,CAAC,EAAE;oBACpB,GAAG,QAAQ;oBACX,cAAc;iBACf;aACF,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB;aACxE,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,KAAK,GAAG,EAAE;QACzC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC;gBACzD,KAAK;gBACL,KAAK;aACN,CAAC,CAAiC,CAAA;YAEnC,MAAM,KAAK,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAA;YAC3C,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACrB,MAAM,MAAM,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAA;gBAClC,OAAO;oBACL,EAAE,EAAE,CAAC,CAAC,EAAE;oBACR,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;oBACzB,SAAS,EAAE,MAAM,CAAC,SAAS;iBAC5B,CAAA;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAA;YAC3D,OAAO,EAAE,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAkB,CAAA;YAC5E,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;YACrC,OAAO;gBACL,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;gBACzB,SAAS,EAAE,MAAM,CAAC,SAAS;aAC5B,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAA;YAC/D,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAe;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAA;QACb,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,eAAe,CAAC;gBAChE,cAAc,EAAE,OAAO;aACxB,CAAC,CAAsB,CAAA;YAExB,OAAO;gBACL,EAAE,EAAE,GAAG,CAAC,EAAE;gBACV,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,WAAW,EAAE,iBAAiB,CAAC,GAAG,CAAC;aACpC,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAA;YAChE,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAK,GAAG,EAAE;QACzB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC;YAC1C,OAAO,EAAE,CAAA;QACX,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,mBAAmB,CAAC;gBACzE,KAAK;aACN,CAAC,CAAqC,CAAA;YAEvC,MAAM,IAAI,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAA;YAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACtB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,WAAW,EAAE,iBAAiB,CAAC,CAAC,CAAC;aAClC,CAAC,CAAC,CAAA;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAA;YAC1D,OAAO,EAAE,CAAA;QACX,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAuC,CAAC,MAAM,EAAE,EAAE;IAClF,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,CAAA;AACpC,CAAC,CAAA"}
1	+ {"version":3,"file":"clerk-plugin.js","sourceRoot":"","sources":["../src/clerk-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,WAAW,IAAI,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAGnF,OAAO,EAAE,cAAc,EAAoB,MAAM,gBAAgB,CAAA;AA2DjE;;;GAGG;AACH,SAAS,mBAAmB,CAAI,QAA0B;IACxD,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;AAC3D,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,SAAwB;IAKhD,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,SAAS,CAAA;IAC3D,OAAO;QACL,KAAK,EACH,SAAS,CAAC,mBAAmB,EAAE,YAAY,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,aAAa;QAC9F,IAAI,EAAE,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,EAAE;QACrF,SAAS,EAAE,SAAS,IAAI,SAAS;KAClC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,GAAsB;IAC/C,OAAO,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,aAAa,CAAA;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,OAAoB,EAAiB,EAAE;IAClE,iCAAiC;IACjC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAC/C,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC5B,CAAC;IAED,uBAAuB;IACvB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACpC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAED;;;GAGG;AACH,MAAM,OAAO,eAAe;IAQ1B,YAAY,SAA0B,EAAE;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;QAClE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAA;QACzD,MAAM,iBAAiB,GACrB,MAAM,CAAC,iBAAiB;YACxB,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,KAAK,CAAC,GAAG,CAAC;iBAC7C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,MAAM,CAAC,OAAO,CAAC,CAAA;QAEpB,IAAI,CAAC,MAAM,GAAG;YACZ,wBAAwB,EAAE,MAAM,CAAC,wBAAwB,IAAI,IAAI;YACjE,SAAS;YACT,MAAM;YACN,iBAAiB;SAClB,CAAA;QAED,IAAI,CAAC,WAAW,GAAG,iBAAiB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAgB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,4FAA4F;gBAC1F,sDAAsD,CACzD,CAAA;QACH,CAAC;QACD,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;QACvC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAA;QACzB,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACvB,IAAI,CAAC;YACH,MAAM,aAAa,GAA2C;gBAC5D,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;aAC3B,CAAA;YACD,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;gBAC/B,aAAa,CAAC,iBAAiB,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAA;YACjE,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAA;YAC5D,OAAO,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAgB;QACjC,IAAI,CAAC;YACH,oEAAoE;YACpE,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;YACvC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,2DAA2D;iBACnE,CAAA;YACH,CAAC;YAED,6BAA6B;YAC7B,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAA;YACnC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAA;YACnE,CAAC;YAED,mBAAmB;YACnB,MAAM,aAAa,GAA2C;gBAC5D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACjC,CAAA;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBACvB,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAA;YAC3C,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAClC,aAAa,CAAC,iBAAiB,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAA;YACjE,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAA;YAE5D,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAA;YAC3D,CAAC;YAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAA;YAE1B,8BAA8B;YAC9B,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAkB,CAAA;YAEjF,uCAAuC;YACvC,IAAI,cAAoC,CAAA;YACxC,IAAI,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC;gBACzC,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,6BAA6B,CAAC;oBACvE,MAAM,EAAE,SAAS,CAAC,EAAE;iBACrB,CAAC,CAA+C,CAAA;gBAEjD,MAAM,WAAW,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAA;gBAC7C,cAAc,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;YAC5D,CAAC;YAED,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAA;YAE5C,0DAA0D;YAC1D,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE;oBACJ,MAAM,EAAE,SAAS,CAAC,EAAE;oBACpB,GAAG,QAAQ;oBACX,cAAc;iBACf;aACF,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB;aACxE,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,KAAK,GAAG,EAAE;QACzC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC;gBACzD,KAAK;gBACL,KAAK;aACN,CAAC,CAAiC,CAAA;YAEnC,MAAM,KAAK,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAA;YAC3C,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACrB,MAAM,MAAM,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAA;gBAClC,OAAO;oBACL,EAAE,EAAE,CAAC,CAAC,EAAE;oBACR,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;oBACzB,SAAS,EAAE,MAAM,CAAC,SAAS;iBAC5B,CAAA;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAA;YAC3D,OAAO,EAAE,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAkB,CAAA;YAC5E,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;YACrC,OAAO;gBACL,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;gBACzB,SAAS,EAAE,MAAM,CAAC,SAAS;aAC5B,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAA;YAC/D,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAe;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAA;QACb,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,eAAe,CAAC;gBAChE,cAAc,EAAE,OAAO;aACxB,CAAC,CAAsB,CAAA;YAExB,OAAO;gBACL,EAAE,EAAE,GAAG,CAAC,EAAE;gBACV,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,WAAW,EAAE,iBAAiB,CAAC,GAAG,CAAC;aACpC,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAA;YAChE,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAK,GAAG,EAAE;QACzB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC;YAC1C,OAAO,EAAE,CAAA;QACX,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,mBAAmB,CAAC;gBACzE,KAAK;aACN,CAAC,CAAqC,CAAA;YAEvC,MAAM,IAAI,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAA;YAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACtB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,WAAW,EAAE,iBAAiB,CAAC,CAAC,CAAC;aAClC,CAAC,CAAC,CAAA;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAA;YAC1D,OAAO,EAAE,CAAA;QACX,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAuC,CAAC,MAAM,EAAE,EAAE;IAClF,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,CAAA;AACpC,CAAC,CAAA"}

package/dist/jwt-verifier.d.ts CHANGED Viewed

@@ -23,6 +23,9 @@ export interface ClerkJwtVerifierConfig {
  * with no internet access.
  *
  * Returns a TokenVerifier compatible with CachingAuthPlugin.
+ *
+ * @deprecated Use `ClerkAuthPlugin.verifyTokenOnly()` instead. The plugin's method is
+ * automatically wired into CachingAuthPlugin by `createNextCanopyContext()` in prod/prod-sim.
  */
 export declare function createClerkJwtVerifier(config: ClerkJwtVerifierConfig): TokenVerifier;
 //# sourceMappingURL=jwt-verifier.d.ts.map

package/dist/jwt-verifier.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"jwt-verifier.d.ts","sourceRoot":"","sources":["../src/jwt-verifier.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAGnD,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC7B;AAED~~;;;;;;;;GAQG~~;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,sBAAsB,GAAG,aAAa,CA8BpF"}
1	+ {"version":3,"file":"jwt-verifier.d.ts","sourceRoot":"","sources":["../src/jwt-verifier.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAGnD,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC7B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,sBAAsB,GAAG,aAAa,CA8BpF"}

package/dist/jwt-verifier.js CHANGED Viewed

@@ -9,6 +9,9 @@ import { extractToken } from './clerk-plugin';
  * with no internet access.
  *
  * Returns a TokenVerifier compatible with CachingAuthPlugin.
+ *
+ * @deprecated Use `ClerkAuthPlugin.verifyTokenOnly()` instead. The plugin's method is
+ * automatically wired into CachingAuthPlugin by `createNextCanopyContext()` in prod/prod-sim.
  */
 export function createClerkJwtVerifier(config) {
     return async (context) => {

package/dist/jwt-verifier.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"jwt-verifier.js","sourceRoot":"","sources":["../src/jwt-verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,IAAI,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAE/C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAmB7C~~;;;;;;;;GAQG~~;AACH,MAAM,UAAU,sBAAsB,CAAC,MAA8B;IACnE,OAAO,KAAK,EAAE,OAAgB,EAAE,EAAE;QAChC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;QACvC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAA;QAEzB,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QAEvB,IAAI,CAAC;YACH,MAAM,aAAa,GAA2C,EAAE,CAAA;YAEhE,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,aAAa,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;YACtC,CAAC;YACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,aAAa,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAA;YAC5C,CAAC;YACD,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAC7B,aAAa,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAA;YAC5D,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAA;YAE5D,IAAI,CAAC,OAAO,EAAE,GAAG;gBAAE,OAAO,IAAI,CAAA;YAE9B,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,EAAE,CAAA;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC,CAAA;AACH,CAAC"}
1	+ {"version":3,"file":"jwt-verifier.js","sourceRoot":"","sources":["../src/jwt-verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,IAAI,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAE/C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAmB7C;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAA8B;IACnE,OAAO,KAAK,EAAE,OAAgB,EAAE,EAAE;QAChC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;QACvC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAA;QAEzB,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QAEvB,IAAI,CAAC;YACH,MAAM,aAAa,GAA2C,EAAE,CAAA;YAEhE,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,aAAa,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;YACtC,CAAC;YACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,aAAa,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAA;YAC5C,CAAC;YACD,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAC7B,aAAa,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAA;YAC5D,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAA;YAE5D,IAAI,CAAC,OAAO,EAAE,GAAG;gBAAE,OAAO,IAAI,CAAA;YAE9B,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,EAAE,CAAA;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC,CAAA;AACH,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "canopycms-auth-clerk",
-  "version": "0.0.0",
+  "version": "0.0.2",
   "description": "Clerk authentication provider for CanopyCMS",
   "license": "MIT",
   "repository": {
@@ -18,8 +18,7 @@
     "./cache-writer": "./src/cache-writer.ts"
   },
   "files": [
-    "dist",
-    "src"
+    "dist"
   ],
   "publishConfig": {
     "exports": {
@@ -46,7 +45,7 @@
     "node": ">=18"
   },
   "peerDependencies": {
-    "canopycms": "*",
+    "canopycms": "^0.0.2",
     "@clerk/backend": "^2.0.0"
   },
   "devDependencies": {

package/src/cache-writer.ts DELETED Viewed

@@ -1,152 +0,0 @@
-import { createClerkClient } from '@clerk/backend'
-import { writeAuthCacheSnapshot } from 'canopycms/auth/cache'
-/**
- * Response types that handle both camelCase and snake_case Clerk SDK variants.
- */
-interface ClerkUserData {
-  id: string
-  username?: string
-  fullName?: string | null
-  full_name?: string | null
-  imageUrl?: string | null
-  image_url?: string | null
-  primaryEmailAddress?: { emailAddress: string } | null
-  email_addresses?: Array<{ email_address: string }> | null
-}
-interface ClerkOrganization {
-  id: string
-  name: string
-  membersCount?: number
-  members_count?: number
-}
-interface ClerkOrganizationMembership {
-  organization: ClerkOrganization
-}
-interface ClerkPaginatedResponse<T> {
-  data: T[]
-}
-type ClerkResponse<T> = T[] | ClerkPaginatedResponse<T>
-function unwrapClerkResponse<T>(response: ClerkResponse<T>): T[] {
-  return Array.isArray(response) ? response : response.data
-}
-export interface RefreshClerkCacheOptions {
-  /** Clerk Secret Key (CLERK_SECRET_KEY) */
-  secretKey: string
-  /** Directory to write cache files to (e.g., /mnt/efs/workspace/.cache) */
-  cachePath: string
-  /** Whether to treat Clerk organizations as groups (default: true) */
-  useOrganizationsAsGroups?: boolean
-}
-export interface RefreshClerkCacheResult {
-  userCount: number
-  groupCount: number
-  membershipCount: number
-}
-/**
- * Fetches all user/org metadata from Clerk API and writes to JSON cache files.
- *
- * Used by the EC2 worker to populate the cache that FileBasedAuthCache reads.
- * Writes atomically (write to temp file, then rename) to avoid partial reads.
- *
- * Output files:
- * - {cachePath}/users.json    — { users: UserSearchResult[] }
- * - {cachePath}/orgs.json     — { groups: GroupMetadata[] }
- * - {cachePath}/memberships.json — { memberships: { [userId]: groupId[] } }
- */
-export async function refreshClerkCache(
-  options: RefreshClerkCacheOptions,
-): Promise<RefreshClerkCacheResult> {
-  const { secretKey, cachePath, useOrganizationsAsGroups = true } = options
-  const clerkClient = createClerkClient({ secretKey })
-  // Fetch all users (paginate to handle large organizations)
-  const clerkUsers: ClerkUserData[] = []
-  const pageSize = 500
-  let offset = 0
-  // eslint-disable-next-line no-constant-condition
-  while (true) {
-    const usersResponse = (await clerkClient.users.getUserList({
-      limit: pageSize,
-      offset,
-    })) as ClerkResponse<ClerkUserData>
-    const page = unwrapClerkResponse(usersResponse)
-    clerkUsers.push(...page)
-    if (page.length < pageSize) break
-    offset += pageSize
-  }
-  const users = clerkUsers.map((u) => ({
-    id: u.id,
-    name: u.fullName ?? u.full_name ?? u.username ?? u.id,
-    email: u.primaryEmailAddress?.emailAddress ?? u.email_addresses?.[0]?.email_address ?? '',
-    avatarUrl: u.imageUrl ?? u.image_url ?? undefined,
-  }))
-  let groups: Array<{ id: string; name: string; memberCount?: number }> = []
-  const memberships: Record<string, string[]> = {}
-  if (useOrganizationsAsGroups) {
-    // Fetch all organizations (paginate)
-    const clerkOrgs: ClerkOrganization[] = []
-    let orgOffset = 0
-    const orgPageSize = 100
-    // eslint-disable-next-line no-constant-condition
-    while (true) {
-      const orgsResponse = (await clerkClient.organizations.getOrganizationList({
-        limit: orgPageSize,
-        offset: orgOffset,
-      })) as ClerkResponse<ClerkOrganization>
-      const page = unwrapClerkResponse(orgsResponse)
-      clerkOrgs.push(...page)
-      if (page.length < orgPageSize) break
-      orgOffset += orgPageSize
-    }
-    groups = clerkOrgs.map((o) => ({
-      id: o.id,
-      name: o.name,
-      memberCount: o.membersCount ?? o.members_count,
-    }))
-    // Fetch memberships per user
-    for (const user of clerkUsers) {
-      try {
-        const membershipResponse = (await clerkClient.users.getOrganizationMembershipList({
-          userId: user.id,
-        })) as ClerkResponse<ClerkOrganizationMembership>
-        const userMemberships = unwrapClerkResponse(membershipResponse)
-        if (userMemberships.length > 0) {
-          memberships[user.id] = userMemberships.map((m) => m.organization.id)
-        }
-      } catch (err) {
-        console.warn(
-          `Failed to fetch memberships for user ${user.id}:`,
-          err instanceof Error ? err.message : err,
-        )
-      }
-    }
-  }
-  // Write cache files atomically via snapshot directory + symlink swap
-  await writeAuthCacheSnapshot(cachePath, {
-    'users.json': { users },
-    'orgs.json': { groups },
-    'memberships.json': { memberships },
-  })
-  return {
-    userCount: users.length,
-    groupCount: groups.length,
-    membershipCount: Object.keys(memberships).length,
-  }
-}

package/src/clerk-plugin.test.ts DELETED Viewed

@@ -1,385 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from 'vitest'
-import { mockConsole } from '../../canopycms/src/test-utils/console-spy.js'
-// Create mock objects
-const mockGetUser = vi.fn()
-const mockGetUserList = vi.fn()
-const mockGetOrganizationMembershipList = vi.fn()
-const mockGetOrganization = vi.fn()
-const mockGetOrganizationList = vi.fn()
-const mockClerkClient = {
-  users: {
-    getUser: mockGetUser,
-    getUserList: mockGetUserList,
-    getOrganizationMembershipList: mockGetOrganizationMembershipList,
-  },
-  organizations: {
-    getOrganization: mockGetOrganization,
-    getOrganizationList: mockGetOrganizationList,
-  },
-}
-// Mock @clerk/backend - must be hoisted before imports
-vi.mock('@clerk/backend', () => ({
-  createClerkClient: vi.fn(() => mockClerkClient),
-  verifyToken: vi.fn(),
-}))
-import { ClerkAuthPlugin } from './clerk-plugin'
-import { verifyToken } from '@clerk/backend'
-import type { CanopyRequest } from 'canopycms/http'
-const mockVerifyToken = verifyToken as any
-describe('ClerkAuthPlugin', () => {
-  beforeEach(() => {
-    vi.clearAllMocks()
-    // Set default env var
-    process.env.CLERK_SECRET_KEY = 'sk_test_1234'
-  })
-  describe('constructor', () => {
-    it('throws error if CLERK_SECRET_KEY not provided', () => {
-      delete process.env.CLERK_SECRET_KEY
-      expect(() => new ClerkAuthPlugin()).toThrow('CLERK_SECRET_KEY')
-    })
-    it('uses env var for secret key by default', () => {
-      const plugin = new ClerkAuthPlugin()
-      expect(plugin).toBeDefined()
-    })
-    it('uses default config values', () => {
-      const plugin = new ClerkAuthPlugin()
-      // Config is private, but we can test behavior
-      expect(plugin).toBeDefined()
-    })
-  })
-  describe('authenticate', () => {
-    it('returns failure if no token in request', async () => {
-      const plugin = new ClerkAuthPlugin()
-      const req = {
-        method: 'GET',
-        header: vi.fn().mockReturnValue(null),
-      } as unknown as CanopyRequest
-      const result = await plugin.authenticate(req)
-      expect(result.success).toBe(false)
-      expect(result.error).toBe('No authentication token found')
-    })
-    it('returns failure if token verification fails', async () => {
-      const plugin = new ClerkAuthPlugin()
-      const req = {
-        method: 'GET',
-        header: vi.fn().mockImplementation((name: string) => {
-          if (name === 'Authorization') return 'Bearer test_token'
-          return null
-        }),
-      } as unknown as CanopyRequest
-      mockVerifyToken.mockRejectedValue(new Error('Invalid token'))
-      const result = await plugin.authenticate(req)
-      expect(result.success).toBe(false)
-      expect(result.error).toBe('Invalid token')
-    })
-    it('verifies valid session and returns user identity', async () => {
-      const plugin = new ClerkAuthPlugin()
-      const req = {
-        method: 'GET',
-        header: vi.fn().mockImplementation((name: string) => {
-          if (name === 'Authorization') return 'Bearer valid_token'
-          return null
-        }),
-      } as unknown as CanopyRequest
-      mockVerifyToken.mockResolvedValue({
-        sub: 'user_123',
-        sid: 'sess_123',
-      })
-      mockGetUser.mockResolvedValue({
-        id: 'user_123',
-        fullName: 'John Doe',
-        primaryEmailAddress: { emailAddress: 'john@example.com' },
-      })
-      mockGetOrganizationMembershipList.mockResolvedValue({
-        data: [{ organization: { id: 'org_1' } }, { organization: { id: 'org_2' } }],
-      })
-      const result = await plugin.authenticate(req)
-      expect(result.success).toBe(true)
-      expect(result.user).toEqual({
-        userId: 'user_123',
-        name: 'John Doe',
-        email: 'john@example.com',
-        externalGroups: ['org_1', 'org_2'],
-      })
-    })
-    it('returns user without external groups if organizations disabled', async () => {
-      const plugin = new ClerkAuthPlugin({ useOrganizationsAsGroups: false })
-      const req = {
-        method: 'GET',
-        header: vi.fn().mockImplementation((name: string) => {
-          if (name === 'Authorization') return 'Bearer valid_token'
-          return null
-        }),
-      } as unknown as CanopyRequest
-      mockVerifyToken.mockResolvedValue({
-        sub: 'user_123',
-        sid: 'sess_123',
-      })
-      mockGetUser.mockResolvedValue({
-        id: 'user_123',
-        fullName: 'Jane Doe',
-        primaryEmailAddress: { emailAddress: 'jane@example.com' },
-      })
-      const result = await plugin.authenticate(req)
-      expect(result.success).toBe(true)
-      expect(result.user?.externalGroups).toBeUndefined()
-      expect(mockGetOrganizationMembershipList).not.toHaveBeenCalled()
-    })
-    it('handles errors gracefully', async () => {
-      const plugin = new ClerkAuthPlugin()
-      const req = {
-        method: 'GET',
-        header: vi.fn().mockImplementation((name: string) => {
-          if (name === 'Authorization') return 'Bearer valid_token'
-          return null
-        }),
-      } as unknown as CanopyRequest
-      mockVerifyToken.mockRejectedValue(new Error('Network error'))
-      const result = await plugin.authenticate(req)
-      expect(result.success).toBe(false)
-      expect(result.error).toBe('Network error')
-    })
-    it('extracts token from __session cookie', async () => {
-      const plugin = new ClerkAuthPlugin()
-      const req = {
-        method: 'GET',
-        header: vi.fn().mockImplementation((name: string) => {
-          if (name === 'Cookie') return '__session=cookie_token; other=value'
-          return null
-        }),
-      } as unknown as CanopyRequest
-      mockVerifyToken.mockResolvedValue({
-        sub: 'user_123',
-      })
-      mockGetUser.mockResolvedValue({
-        id: 'user_123',
-        fullName: 'Cookie User',
-        primaryEmailAddress: { emailAddress: 'cookie@example.com' },
-      })
-      mockGetOrganizationMembershipList.mockResolvedValue({ data: [] })
-      const result = await plugin.authenticate(req)
-      expect(result.success).toBe(true)
-      expect(mockVerifyToken).toHaveBeenCalledWith('cookie_token', expect.any(Object))
-    })
-  })
-  describe('searchUsers', () => {
-    it('searches users and returns results', async () => {
-      const plugin = new ClerkAuthPlugin()
-      mockGetUserList.mockResolvedValue({
-        data: [
-          {
-            id: 'user_1',
-            fullName: 'Alice Smith',
-            primaryEmailAddress: { emailAddress: 'alice@example.com' },
-            imageUrl: 'https://example.com/alice.jpg',
-          },
-          {
-            id: 'user_2',
-            username: 'bob',
-            primaryEmailAddress: { emailAddress: 'bob@example.com' },
-            imageUrl: 'https://example.com/bob.jpg',
-          },
-        ],
-      })
-      const results = await plugin.searchUsers('alice')
-      expect(results).toHaveLength(2)
-      expect(results[0]).toEqual({
-        id: 'user_1',
-        name: 'Alice Smith',
-        email: 'alice@example.com',
-        avatarUrl: 'https://example.com/alice.jpg',
-      })
-      expect(results[1]).toEqual({
-        id: 'user_2',
-        name: 'bob',
-        email: 'bob@example.com',
-        avatarUrl: 'https://example.com/bob.jpg',
-      })
-      expect(mockGetUserList).toHaveBeenCalledWith({
-        query: 'alice',
-        limit: 10,
-      })
-    })
-    it('returns empty array on error', async () => {
-      const consoleSpy = mockConsole()
-      const plugin = new ClerkAuthPlugin()
-      mockGetUserList.mockRejectedValue(new Error('API error'))
-      const results = await plugin.searchUsers('test')
-      expect(results).toEqual([])
-      consoleSpy.restore()
-    })
-  })
-  describe('getUserMetadata', () => {
-    it('gets user metadata by ID', async () => {
-      const plugin = new ClerkAuthPlugin()
-      mockGetUser.mockResolvedValue({
-        id: 'user_123',
-        fullName: 'Test User',
-        primaryEmailAddress: { emailAddress: 'test@example.com' },
-        imageUrl: 'https://example.com/test.jpg',
-      })
-      const result = await plugin.getUserMetadata('user_123')
-      expect(result).toEqual({
-        id: 'user_123',
-        name: 'Test User',
-        email: 'test@example.com',
-        avatarUrl: 'https://example.com/test.jpg',
-      })
-    })
-    it('returns null on error', async () => {
-      const consoleSpy = mockConsole()
-      const plugin = new ClerkAuthPlugin()
-      mockGetUser.mockRejectedValue(new Error('User not found'))
-      const result = await plugin.getUserMetadata('user_123')
-      expect(result).toBeNull()
-      consoleSpy.restore()
-    })
-  })
-  describe('getGroupMetadata', () => {
-    it('gets organization metadata when enabled', async () => {
-      const plugin = new ClerkAuthPlugin({ useOrganizationsAsGroups: true })
-      mockGetOrganization.mockResolvedValue({
-        id: 'org_123',
-        name: 'Test Org',
-        membersCount: 42,
-      })
-      const result = await plugin.getGroupMetadata('org_123')
-      expect(result).toEqual({
-        id: 'org_123',
-        name: 'Test Org',
-        memberCount: 42,
-      })
-    })
-    it('returns null when organizations disabled', async () => {
-      const plugin = new ClerkAuthPlugin({ useOrganizationsAsGroups: false })
-      const result = await plugin.getGroupMetadata('org_123')
-      expect(result).toBeNull()
-      expect(mockGetOrganization).not.toHaveBeenCalled()
-    })
-    it('returns null on error', async () => {
-      const consoleSpy = mockConsole()
-      const plugin = new ClerkAuthPlugin({ useOrganizationsAsGroups: true })
-      mockGetOrganization.mockRejectedValue(new Error('Org not found'))
-      const result = await plugin.getGroupMetadata('org_123')
-      expect(result).toBeNull()
-      consoleSpy.restore()
-    })
-  })
-  describe('listGroups', () => {
-    it('lists organizations when enabled', async () => {
-      const plugin = new ClerkAuthPlugin({ useOrganizationsAsGroups: true })
-      mockGetOrganizationList.mockResolvedValue({
-        data: [
-          { id: 'org_1', name: 'Org One', membersCount: 10 },
-          { id: 'org_2', name: 'Org Two', membersCount: 20 },
-        ],
-      })
-      const results = await plugin.listGroups(50)
-      expect(results).toHaveLength(2)
-      expect(results[0]).toEqual({
-        id: 'org_1',
-        name: 'Org One',
-        memberCount: 10,
-      })
-      expect(mockGetOrganizationList).toHaveBeenCalledWith({ limit: 50 })
-    })
-    it('returns empty array when organizations disabled', async () => {
-      const plugin = new ClerkAuthPlugin({ useOrganizationsAsGroups: false })
-      const results = await plugin.listGroups()
-      expect(results).toEqual([])
-      expect(mockGetOrganizationList).not.toHaveBeenCalled()
-    })
-    it('returns empty array on error', async () => {
-      const consoleSpy = mockConsole()
-      const plugin = new ClerkAuthPlugin({ useOrganizationsAsGroups: true })
-      mockGetOrganizationList.mockRejectedValue(new Error('API error'))
-      const results = await plugin.listGroups()
-      expect(results).toEqual([])
-      consoleSpy.restore()
-    })
-  })
-  describe('createClerkAuthPlugin factory', () => {
-    it('creates plugin instance', async () => {
-      const { createClerkAuthPlugin } = await import('./clerk-plugin')
-      const plugin = createClerkAuthPlugin({})
-      expect(plugin).toBeInstanceOf(ClerkAuthPlugin)
-    })
-  })
-})

package/src/clerk-plugin.ts DELETED Viewed

@@ -1,315 +0,0 @@
-import { createClerkClient, verifyToken as clerkVerifyToken } from '@clerk/backend'
-import type { AuthPlugin, AuthPluginFactory } from 'canopycms/auth'
-import type { UserSearchResult, GroupMetadata, AuthenticationResult } from 'canopycms/auth'
-import { extractHeaders, type HeadersLike } from 'canopycms/auth'
-export interface ClerkAuthConfig {
-  /**
-   * Use organizations as groups
-   * @default true
-   */
-  useOrganizationsAsGroups?: boolean
-  /**
-   * Clerk Secret Key. If not provided, will use CLERK_SECRET_KEY env var.
-   */
-  secretKey?: string
-  /**
-   * PEM public key for networkless JWT verification.
-   * If not provided, will use CLERK_JWT_KEY env var.
-   */
-  jwtKey?: string
-  /**
-   * List of authorized parties (domains) for CSRF protection.
-   * If not provided, will parse from CLERK_AUTHORIZED_PARTIES env var.
-   */
-  authorizedParties?: string[]
-}
-// Clerk API Response Types
-// These handle both camelCase and snake_case variants from different Clerk SDK versions
-interface ClerkUserData {
-  id: string
-  username?: string
-  fullName?: string | null
-  full_name?: string | null
-  imageUrl?: string | null
-  image_url?: string | null
-  primaryEmailAddress?: { emailAddress: string } | null
-  email_addresses?: Array<{ email_address: string }> | null
-}
-interface ClerkOrganization {
-  id: string
-  name: string
-  membersCount?: number
-  members_count?: number
-}
-interface ClerkOrganizationMembership {
-  organization: ClerkOrganization
-}
-interface ClerkPaginatedResponse<T> {
-  data: T[]
-  totalCount?: number
-}
-type ClerkResponse<T> = T[] | ClerkPaginatedResponse<T>
-/**
- * Unwrap Clerk paginated response to array.
- * Clerk SDK sometimes returns arrays directly, sometimes paginated objects.
- */
-function unwrapClerkResponse<T>(response: ClerkResponse<T>): T[] {
-  return Array.isArray(response) ? response : response.data
-}
-/**
- * Map Clerk user data to Canopy user metadata.
- * Handles both camelCase and snake_case property variants.
- */
-function mapClerkUserData(clerkUser: ClerkUserData): {
-  email?: string
-  name: string
-  avatarUrl?: string
-} {
-  const avatarUrl = clerkUser.imageUrl ?? clerkUser.image_url
-  return {
-    email:
-      clerkUser.primaryEmailAddress?.emailAddress ?? clerkUser.email_addresses?.[0]?.email_address,
-    name: clerkUser.fullName ?? clerkUser.full_name ?? clerkUser.username ?? clerkUser.id,
-    avatarUrl: avatarUrl ?? undefined,
-  }
-}
-/**
- * Get member count from organization, handling property name variants.
- */
-function getOrgMemberCount(org: ClerkOrganization): number | undefined {
-  return org.membersCount ?? org.members_count
-}
-/**
- * Extract token from headers.
- * Looks for Bearer token in Authorization header or __session cookie.
- */
-export const extractToken = (headers: HeadersLike): string | null => {
-  // Try Authorization header first
-  const authHeader = headers.get('Authorization')
-  if (authHeader?.startsWith('Bearer ')) {
-    return authHeader.slice(7)
-  }
-  // Try __session cookie
-  const cookie = headers.get('Cookie')
-  if (cookie) {
-    const match = cookie.match(/__session=([^;]+)/)
-    if (match) {
-      return match[1]
-    }
-  }
-  return null
-}
-/**
- * Clerk authentication plugin implementation for CanopyCMS.
- * Uses @clerk/backend for framework-agnostic JWT verification.
- */
-export class ClerkAuthPlugin implements AuthPlugin {
-  private config: Required<Omit<ClerkAuthConfig, 'secretKey' | 'jwtKey' | 'authorizedParties'>> & {
-    secretKey: string
-    jwtKey?: string
-    authorizedParties?: string[]
-  }
-  private clerkClient: ReturnType<typeof createClerkClient>
-  constructor(config: ClerkAuthConfig = {}) {
-    const secretKey = config.secretKey ?? process.env.CLERK_SECRET_KEY
-    if (!secretKey) {
-      throw new Error(
-        'ClerkAuthPlugin: CLERK_SECRET_KEY environment variable or secretKey config is required',
-      )
-    }
-    const jwtKey = config.jwtKey ?? process.env.CLERK_JWT_KEY
-    const authorizedParties =
-      config.authorizedParties ??
-      process.env.CLERK_AUTHORIZED_PARTIES?.split(',')
-        .map((s) => s.trim())
-        .filter(Boolean)
-    this.config = {
-      useOrganizationsAsGroups: config.useOrganizationsAsGroups ?? true,
-      secretKey,
-      jwtKey,
-      authorizedParties,
-    }
-    this.clerkClient = createClerkClient({ secretKey })
-  }
-  async authenticate(context: unknown): Promise<AuthenticationResult> {
-    try {
-      // Extract headers from context (supports CanopyRequest and Headers)
-      const headers = extractHeaders(context)
-      if (!headers) {
-        return {
-          success: false,
-          error: 'Invalid context: expected CanopyRequest or Headers object',
-        }
-      }
-      // Extract token from headers
-      const token = extractToken(headers)
-      if (!token) {
-        return { success: false, error: 'No authentication token found' }
-      }
-      // Verify the token
-      const verifyOptions: Parameters<typeof clerkVerifyToken>[1] = {
-        secretKey: this.config.secretKey,
-      }
-      if (this.config.jwtKey) {
-        verifyOptions.jwtKey = this.config.jwtKey
-      }
-      if (this.config.authorizedParties) {
-        verifyOptions.authorizedParties = this.config.authorizedParties
-      }
-      const payload = await clerkVerifyToken(token, verifyOptions)
-      if (!payload || !payload.sub) {
-        return { success: false, error: 'Invalid token payload' }
-      }
-      const userId = payload.sub
-      // Get user details from Clerk
-      const clerkUser = (await this.clerkClient.users.getUser(userId)) as ClerkUserData
-      // Get organizations as external groups
-      let externalGroups: string[] | undefined
-      if (this.config.useOrganizationsAsGroups) {
-        const orgs = (await this.clerkClient.users.getOrganizationMembershipList({
-          userId: clerkUser.id,
-        })) as ClerkResponse<ClerkOrganizationMembership>
-        const memberships = unwrapClerkResponse(orgs)
-        externalGroups = memberships.map((m) => m.organization.id)
-      }
-      const userData = mapClerkUserData(clerkUser)
-      // Return identity only - core will apply bootstrap admins
-      return {
-        success: true,
-        user: {
-          userId: clerkUser.id,
-          ...userData,
-          externalGroups,
-        },
-      }
-    } catch (error) {
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : 'Authentication failed',
-      }
-    }
-  }
-  async searchUsers(query: string, limit = 10): Promise<UserSearchResult[]> {
-    try {
-      const response = (await this.clerkClient.users.getUserList({
-        query,
-        limit,
-      })) as ClerkResponse<ClerkUserData>
-      const users = unwrapClerkResponse(response)
-      return users.map((u) => {
-        const mapped = mapClerkUserData(u)
-        return {
-          id: u.id,
-          name: mapped.name,
-          email: mapped.email ?? '',
-          avatarUrl: mapped.avatarUrl,
-        }
-      })
-    } catch (error) {
-      console.error('ClerkAuthPlugin: searchUsers failed', error)
-      return []
-    }
-  }
-  async getUserMetadata(userId: string): Promise<UserSearchResult | null> {
-    try {
-      const user = (await this.clerkClient.users.getUser(userId)) as ClerkUserData
-      const mapped = mapClerkUserData(user)
-      return {
-        id: user.id,
-        name: mapped.name,
-        email: mapped.email ?? '',
-        avatarUrl: mapped.avatarUrl,
-      }
-    } catch (error) {
-      console.error('ClerkAuthPlugin: getUserMetadata failed', error)
-      return null
-    }
-  }
-  async getGroupMetadata(groupId: string): Promise<GroupMetadata | null> {
-    if (!this.config.useOrganizationsAsGroups) {
-      return null
-    }
-    try {
-      const org = (await this.clerkClient.organizations.getOrganization({
-        organizationId: groupId,
-      })) as ClerkOrganization
-      return {
-        id: org.id,
-        name: org.name,
-        memberCount: getOrgMemberCount(org),
-      }
-    } catch (error) {
-      console.error('ClerkAuthPlugin: getGroupMetadata failed', error)
-      return null
-    }
-  }
-  async listGroups(limit = 50): Promise<GroupMetadata[]> {
-    if (!this.config.useOrganizationsAsGroups) {
-      return []
-    }
-    try {
-      const response = (await this.clerkClient.organizations.getOrganizationList({
-        limit,
-      })) as ClerkResponse<ClerkOrganization>
-      const orgs = unwrapClerkResponse(response)
-      return orgs.map((o) => ({
-        id: o.id,
-        name: o.name,
-        memberCount: getOrgMemberCount(o),
-      }))
-    } catch (error) {
-      console.error('ClerkAuthPlugin: listGroups failed', error)
-      return []
-    }
-  }
-}
-/**
- * Factory function to create a Clerk auth plugin instance
- */
-export const createClerkAuthPlugin: AuthPluginFactory<ClerkAuthConfig> = (config) => {
-  return new ClerkAuthPlugin(config)
-}

package/src/client.ts DELETED Viewed

@@ -1,38 +0,0 @@
-'use client'
-import { useClerk } from '@clerk/nextjs'
-import { UserButton } from '@clerk/nextjs'
-import type { CanopyClientConfig } from 'canopycms/client'
-/**
- * Hook that provides Clerk-specific auth handlers and components for CanopyCMS editor.
- * Use this in your edit page to integrate Clerk authentication with CanopyCMS.
- *
- * @example
- * ```tsx
- * import { useClerkAuthConfig } from 'canopycms-auth-clerk/client'
- * import config from '../../canopycms.config'
- *
- * export default function EditPage() {
- *   const clerkAuth = useClerkAuthConfig()
- *   const editorConfig = config.client(clerkAuth)
- *   return <CanopyEditorPage config={editorConfig} />
- * }
- * ```
- */
-export function useClerkAuthConfig(): Pick<CanopyClientConfig, 'editor'> {
-  const { signOut } = useClerk()
-  return {
-    editor: {
-      AccountComponent: UserButton,
-      onLogoutClick: async () => {
-        try {
-          await signOut()
-        } catch (error) {
-          console.error('Failed to sign out:', error)
-        }
-      },
-    },
-  }
-}

package/src/index.ts DELETED Viewed

@@ -1,6 +0,0 @@
-export { ClerkAuthPlugin, createClerkAuthPlugin } from './clerk-plugin'
-export type { ClerkAuthConfig } from './clerk-plugin'
-export { createClerkJwtVerifier } from './jwt-verifier'
-export type { ClerkJwtVerifierConfig } from './jwt-verifier'
-export { refreshClerkCache } from './cache-writer'
-export type { RefreshClerkCacheOptions, RefreshClerkCacheResult } from './cache-writer'

package/src/jwt-verifier.ts DELETED Viewed

@@ -1,62 +0,0 @@
-import { verifyToken as clerkVerifyToken } from '@clerk/backend'
-import { extractHeaders } from 'canopycms/auth'
-import type { TokenVerifier } from 'canopycms/auth'
-import { extractToken } from './clerk-plugin'
-export interface ClerkJwtVerifierConfig {
-  /**
-   * PEM public key for networkless JWT verification.
-   * Required for operation without internet access.
-   */
-  jwtKey: string
-  /**
-   * Clerk Secret Key as fallback (requires internet).
-   * If not provided, only jwtKey verification is attempted.
-   */
-  secretKey?: string
-  /**
-   * Authorized parties for CSRF protection.
-   */
-  authorizedParties?: string[]
-}
-/**
- * Creates a token verifier function that uses Clerk's JWT verification.
- *
- * When jwtKey (PEM public key) is provided, verification is **networkless** —
- * no Clerk API calls are made. This is used in Lambda environments
- * with no internet access.
- *
- * Returns a TokenVerifier compatible with CachingAuthPlugin.
- */
-export function createClerkJwtVerifier(config: ClerkJwtVerifierConfig): TokenVerifier {
-  return async (context: unknown) => {
-    const headers = extractHeaders(context)
-    if (!headers) return null
-    const token = extractToken(headers)
-    if (!token) return null
-    try {
-      const verifyOptions: Parameters<typeof clerkVerifyToken>[1] = {}
-      if (config.jwtKey) {
-        verifyOptions.jwtKey = config.jwtKey
-      }
-      if (config.secretKey) {
-        verifyOptions.secretKey = config.secretKey
-      }
-      if (config.authorizedParties) {
-        verifyOptions.authorizedParties = config.authorizedParties
-      }
-      const payload = await clerkVerifyToken(token, verifyOptions)
-      if (!payload?.sub) return null
-      return { userId: payload.sub }
-    } catch {
-      return null
-    }
-  }
-}