mailsentry-auth 0.1.0

package/dist/middleware.mjs

@@ -0,0 +1,803 @@
+var __defProp = Object.defineProperty;
+var __defProps = Object.defineProperties;
+var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __spreadValues = (a, b) => {
+  for (var prop in b || (b = {}))
+    if (__hasOwnProp.call(b, prop))
+      __defNormalProp(a, prop, b[prop]);
+  if (__getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(b)) {
+      if (__propIsEnum.call(b, prop))
+        __defNormalProp(a, prop, b[prop]);
+    }
+  return a;
+};
+var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
+
+// src/middlewares/handlers/base-middleware-handler.ts
+import { NextResponse } from "next/server";
+
+// src/config/middleware.ts
+var MiddlewareConfig = class {
+};
+// Protected routes
+MiddlewareConfig.PROTECTED_ROUTES = {
+  DASHBOARD: "/"
+};
+// Auth routes
+MiddlewareConfig.AUTH_ROUTES = {
+  LOGIN: "/login"
+};
+// HTTP methods to process
+MiddlewareConfig.ALLOWED_METHODS = ["GET", "HEAD"];
+// Query parameters
+MiddlewareConfig.QUERY_PARAMS = {
+  LOGIN_REQUIRED: "sign_in_required",
+  AUTH_CHECKED: "auth_checked"
+};
+// Query parameter values
+MiddlewareConfig.QUERY_VALUES = {
+  LOGIN_REQUIRED: "true",
+  AUTH_CHECKED: "1"
+};
+var middlewareMatcher = [
+  "/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)",
+  "/login"
+];
+var config = {
+  matcher: middlewareMatcher
+};
+
+// src/services/utils/cookie-utils.ts
+import Cookies from "js-cookie";
+var _CookieUtils = class _CookieUtils {
+  /**
+   * Get the access token cookie key from environment variables
+   */
+  static getAccessTokenKey() {
+    return process.env.AUTH_ACCESS_TOKEN_KEY || "auth_access_token";
+  }
+  /**
+   * Get the refresh token cookie key from environment variables
+   */
+  static getRefreshTokenKey() {
+    return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
+  }
+  // Use current domain in development
+  /**
+   * Get root domain for subdomain support
+   */
+  static getRootDomain() {
+    if (typeof window === "undefined") return void 0;
+    const hostname = window.location.hostname;
+    if (hostname === "localhost" || hostname === "127.0.0.1") {
+      return void 0;
+    }
+    if (/^\d+\.\d+\.\d+\.\d+$/.test(hostname)) {
+      return void 0;
+    }
+    const parts = hostname.split(".");
+    if (parts.length >= 2) {
+      return `.${parts.slice(-2).join(".")}`;
+    }
+    return void 0;
+  }
+  /**
+   * Get common cookie options
+   */
+  static getCookieOptions() {
+    return {
+      path: "/",
+      sameSite: "strict",
+      secure: process.env.NODE_ENV === "production",
+      // Only secure in production
+      domain: this.COOKIE_DOMAIN
+      // Support subdomains
+    };
+  }
+  /**
+   * Check if running on client side
+   */
+  static isClientSide() {
+    return typeof window !== "undefined";
+  }
+  /**
+   * Check if running on server side
+   */
+  static isServerSide() {
+    return typeof window === "undefined";
+  }
+  /**
+   * Dynamically import server action for server-side operations
+   */
+  static async getServerTokens() {
+    try {
+      const { getAuthTokens } = await import("mailsentry-auth/server");
+      return await getAuthTokens();
+    } catch (error) {
+      console.error("Failed to get server tokens:", error);
+      return { accessToken: null, refreshToken: null };
+    }
+  }
+  /**
+   * Set access token in cookie (client-side only)
+   */
+  static setAccessToken(token) {
+    if (this.isServerSide()) {
+      console.warn("setAccessToken called on server side - use server actions instead");
+      return;
+    }
+    const options = this.getCookieOptions();
+    Cookies.set(this.getAccessTokenKey(), token, options);
+  }
+  /**
+   * Set refresh token in cookie (client-side only)
+   */
+  static setRefreshToken(token) {
+    if (this.isServerSide()) {
+      console.warn("setRefreshToken called on server side - use server actions instead");
+      return;
+    }
+    const options = this.getCookieOptions();
+    Cookies.set(this.getRefreshTokenKey(), token, options);
+  }
+  /**
+   * Get access token - automatically handles client/server side
+   */
+  static async getAccessToken() {
+    if (this.isClientSide()) {
+      return Cookies.get(this.getAccessTokenKey()) || null;
+    } else {
+      const { accessToken } = await this.getServerTokens();
+      return accessToken;
+    }
+  }
+  /**
+   * Get refresh token - automatically handles client/server side
+   */
+  static async getRefreshToken() {
+    if (this.isClientSide()) {
+      return Cookies.get(this.getRefreshTokenKey()) || null;
+    } else {
+      const { refreshToken } = await this.getServerTokens();
+      return refreshToken;
+    }
+  }
+  /**
+   * Get both tokens - automatically handles client/server side
+   */
+  static async getTokens() {
+    if (this.isClientSide()) {
+      return {
+        accessToken: Cookies.get(this.getAccessTokenKey()) || null,
+        refreshToken: Cookies.get(this.getRefreshTokenKey()) || null
+      };
+    } else {
+      return await this.getServerTokens();
+    }
+  }
+  /**
+   * Clear all authentication cookies (client-side only)
+   */
+  static clearAuthCookies() {
+    if (this.isServerSide()) {
+      console.warn("clearAuthCookies called on server side - use server actions instead");
+      return;
+    }
+    const removeOptions = {
+      path: "/",
+      domain: this.COOKIE_DOMAIN
+    };
+    Cookies.remove(this.getAccessTokenKey(), removeOptions);
+    Cookies.remove(this.getRefreshTokenKey(), removeOptions);
+  }
+  /**
+   * Check if cookies are supported/enabled (client-side only)
+   */
+  static areCookiesEnabled() {
+    if (this.isServerSide()) {
+      console.warn("areCookiesEnabled called on server side - not applicable");
+      return false;
+    }
+    try {
+      const testKey = "test_cookie_support";
+      const testOptions = this.getCookieOptions();
+      Cookies.set(testKey, "test", testOptions);
+      const value = Cookies.get(testKey);
+      Cookies.remove(testKey, {
+        path: "/",
+        domain: this.COOKIE_DOMAIN
+      });
+      return value === "test";
+    } catch (e) {
+      return false;
+    }
+  }
+  /**
+   * Get all authentication cookies - automatically handles client/server side
+   */
+  static async getAllAuthCookies() {
+    if (this.isClientSide()) {
+      return {
+        accessToken: Cookies.get(this.getAccessTokenKey()) || "",
+        refreshToken: Cookies.get(this.getRefreshTokenKey()) || ""
+      };
+    } else {
+      const { accessToken, refreshToken } = await this.getServerTokens();
+      return {
+        accessToken: accessToken || "",
+        refreshToken: refreshToken || ""
+      };
+    }
+  }
+  /**
+   * Set multiple tokens at once (client-side only)
+   */
+  static setTokens(accessToken, refreshToken) {
+    if (this.isServerSide()) {
+      console.warn("setTokens called on server side - use server actions instead");
+      return;
+    }
+    this.setAccessToken(accessToken);
+    this.setRefreshToken(refreshToken);
+  }
+  /**
+   * Check if user has valid tokens - automatically handles client/server side
+   */
+  static async hasValidTokens() {
+    const tokens = await this.getTokens();
+    return !!(tokens.accessToken && tokens.refreshToken);
+  }
+  /**
+   * Get current domain information for debugging
+   */
+  static getDomainInfo() {
+    if (this.isServerSide()) {
+      return {
+        error: "Server-side rendering - no domain info available",
+        environment: process.env.NODE_ENV || "unknown",
+        recommendation: "Use server actions for server-side cookie access"
+      };
+    }
+    return {
+      hostname: window.location.hostname,
+      domain: this.COOKIE_DOMAIN || "current domain",
+      environment: process.env.NODE_ENV || "unknown",
+      protocol: window.location.protocol
+    };
+  }
+};
+// Domain configuration
+_CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
+var CookieUtils = _CookieUtils;
+
+// src/services/utils/localstorage-utils.ts
+var LocalStorageUtils = class {
+  // 5 minutes
+  /**
+   * Check if localStorage is available
+   */
+  static isAvailable() {
+    try {
+      if (typeof window === "undefined") return false;
+      localStorage.setItem("test", "test");
+      localStorage.removeItem("test");
+      return true;
+    } catch (e) {
+      return false;
+    }
+  }
+  /**
+   * Save user profile to localStorage with timestamp
+   */
+  static saveUserProfile(userProfile) {
+    if (!this.isAvailable() || !userProfile) return false;
+    try {
+      localStorage.setItem(this.USER_PROFILE_STORAGE_KEY, JSON.stringify(userProfile));
+      localStorage.setItem(this.USER_PROFILE_TIMESTAMP_KEY, Date.now().toString());
+      return true;
+    } catch (e) {
+      return false;
+    }
+  }
+  /**
+   * Get user profile from localStorage with cache validation
+   */
+  static getUserProfile(cacheDuration = this.DEFAULT_CACHE_DURATION) {
+    if (!this.isAvailable()) return null;
+    try {
+      const userProfileData = localStorage.getItem(this.USER_PROFILE_STORAGE_KEY);
+      const timestamp = localStorage.getItem(this.USER_PROFILE_TIMESTAMP_KEY);
+      if (!userProfileData || !timestamp) return null;
+      const cacheAge = Date.now() - parseInt(timestamp);
+      if (cacheAge >= cacheDuration) {
+        this.clearUserProfile();
+        return null;
+      }
+      return JSON.parse(userProfileData);
+    } catch (e) {
+      this.clearUserProfile();
+      return null;
+    }
+  }
+  /**
+   * Clear user profile data from localStorage
+   */
+  static clearUserProfile() {
+    if (!this.isAvailable()) return false;
+    try {
+      localStorage.removeItem(this.USER_PROFILE_STORAGE_KEY);
+      localStorage.removeItem(this.USER_PROFILE_TIMESTAMP_KEY);
+      return true;
+    } catch (e) {
+      return false;
+    }
+  }
+  /**
+   * Check if cached user profile is still valid
+   */
+  static isCacheValid(cacheDuration = this.DEFAULT_CACHE_DURATION) {
+    if (!this.isAvailable()) return false;
+    try {
+      const timestamp = localStorage.getItem(this.USER_PROFILE_TIMESTAMP_KEY);
+      if (!timestamp) return false;
+      const cacheAge = Date.now() - parseInt(timestamp);
+      return cacheAge < cacheDuration;
+    } catch (e) {
+      return false;
+    }
+  }
+};
+LocalStorageUtils.USER_PROFILE_STORAGE_KEY = "user_profile_data";
+LocalStorageUtils.USER_PROFILE_TIMESTAMP_KEY = "user_profile_timestamp";
+LocalStorageUtils.DEFAULT_CACHE_DURATION = 5 * 60 * 1e3;
+
+// src/services/api/endpoints.ts
+var AUTH_ENDPOINTS = {
+  // Email existence check
+  CHECK_EMAIL_EXISTS: (email) => `/auth/user/exist-email/${encodeURIComponent(email)}`,
+  // User authentication
+  LOGIN: "/auth/user/login",
+  VERIFY_EMAIL: "/auth/user/verify",
+  // User profile
+  GET_USER_PROFILE: "/auth/user/profile",
+  // User logout
+  LOGOUT: "/auth/logout"
+};
+var EndpointBuilder = class {
+};
+EndpointBuilder.auth = AUTH_ENDPOINTS;
+
+// src/services/auth/patterns/command/auth-result-factory.ts
+var AuthResultFactory = class {
+  /**
+   * Creates a successful authentication result
+   */
+  static createSuccess(message, data) {
+    return {
+      success: true,
+      data,
+      message
+    };
+  }
+  /**
+   * Creates a failed authentication result
+   */
+  static createFailure(message, error) {
+    const errorMessage = error instanceof Error ? error.message : typeof error === "string" ? error : error ? String(error) : "Authentication failed";
+    return {
+      success: false,
+      error: errorMessage,
+      message
+    };
+  }
+};
+
+// src/services/auth/patterns/logger/development-logger.ts
+var DevelopmentLogger = class {
+  log(message, data) {
+    console.log(message, data);
+  }
+  warn(message, data) {
+    console.warn(message, data);
+  }
+  error(message, data) {
+    console.error(message, data);
+  }
+};
+
+// src/services/auth/patterns/logger/production-logger.ts
+var ProductionLogger = class {
+  log(_message, _data) {
+  }
+  warn(_message, _data) {
+  }
+  error(_message, _data) {
+  }
+};
+
+// src/services/auth/patterns/logger/logger-factory.ts
+var LoggerFactory = class {
+  static create(environment) {
+    const env = environment || process.env.NODE_ENV || "development";
+    const loggerFactory = this.loggers.get(env) || this.loggers.get("development");
+    return loggerFactory();
+  }
+};
+LoggerFactory.loggers = /* @__PURE__ */ new Map([
+  ["development", () => new DevelopmentLogger()],
+  ["production", () => new ProductionLogger()],
+  ["test", () => new DevelopmentLogger()]
+]);
+
+// src/services/auth/patterns/strategy/signup-flow-strategy.ts
+var SignupFlowStrategy = class {
+  constructor(authService, tokenManager) {
+    this.authService = authService;
+    this.tokenManager = tokenManager;
+  }
+  async execute(credentials) {
+    const loginResult = await this.authService.login(credentials);
+    if (!loginResult.data.isVerifiedEmail) {
+      return AuthResultFactory.createFailure("Email verification required");
+    }
+    return this.handleSuccessfulAuthentication(loginResult);
+  }
+  async handleSuccessfulAuthentication(loginResult) {
+    if (loginResult.data.accessToken) {
+      this.tokenManager.saveTokens(
+        loginResult.data.accessToken,
+        loginResult.data.refreshToken
+      );
+      LoggerFactory.create("development").log("Tokens saved successfully:", {
+        hasAccessToken: !!loginResult.data.accessToken,
+        hasRefreshToken: !!loginResult.data.refreshToken,
+        domainInfo: this.tokenManager.getDomainInfo()
+      });
+      const profile = await this.authService.getUserProfile();
+      return AuthResultFactory.createSuccess("Login successful", __spreadProps(__spreadValues({}, loginResult.data), {
+        profile: profile.data,
+        tokenInfo: {
+          domain: this.tokenManager.getDomainInfo().domain
+        }
+      }));
+    }
+    return AuthResultFactory.createFailure("Authentication failed - no access token received");
+  }
+};
+
+// src/services/auth/patterns/strategy/existing-user-login-strategy.ts
+var ExistingUserLoginStrategy = class {
+  constructor(authService, tokenManager) {
+    this.authService = authService;
+    this.tokenManager = tokenManager;
+  }
+  async execute(credentials) {
+    const loginResult = await this.authService.login(credentials);
+    return this.handleSuccessfulAuthentication(loginResult);
+  }
+  async handleSuccessfulAuthentication(loginResult) {
+    if (loginResult.data.accessToken) {
+      this.tokenManager.saveTokens(
+        loginResult.data.accessToken,
+        loginResult.data.refreshToken
+      );
+      LoggerFactory.create("development").log("Tokens saved successfully:", {
+        hasAccessToken: !!loginResult.data.accessToken,
+        hasRefreshToken: !!loginResult.data.refreshToken,
+        domainInfo: this.tokenManager.getDomainInfo()
+      });
+      const profile = await this.authService.getUserProfile();
+      return AuthResultFactory.createSuccess("Login successful", __spreadProps(__spreadValues({}, loginResult.data), {
+        profile: profile.data,
+        tokenInfo: {
+          domain: this.tokenManager.getDomainInfo().domain
+        }
+      }));
+    }
+    return AuthResultFactory.createFailure("Authentication failed - no access token received");
+  }
+};
+
+// src/services/auth/patterns/strategy/login-flow-strategy-factory.ts
+var LoginFlowStrategyFactory = class {
+  static createStrategy(action, authService, tokenManager) {
+    const strategyFactory = this.strategies.get(action);
+    if (!strategyFactory) {
+      throw new Error(`No strategy found for action: ${action}`);
+    }
+    return strategyFactory(authService, tokenManager);
+  }
+};
+LoginFlowStrategyFactory.strategies = /* @__PURE__ */ new Map([
+  ["signup" /* SIGNUP */, (authService, tokenManager) => new SignupFlowStrategy(authService, tokenManager)],
+  ["login" /* LOGIN */, (authService, tokenManager) => new ExistingUserLoginStrategy(authService, tokenManager)]
+]);
+
+// src/services/auth/patterns/state/authenticated-state.ts
+var AuthenticatedState = class {
+  async getStatus(tokenManager) {
+    const authStatus = await this.buildAuthStatus(tokenManager, true);
+    return AuthResultFactory.createSuccess("User is authenticated", authStatus);
+  }
+  async buildAuthStatus(tokenManager, isAuthenticated) {
+    return {
+      isAuthenticated,
+      hasAccessToken: !!await tokenManager.getAccessToken(),
+      hasRefreshToken: !!await tokenManager.getRefreshToken(),
+      cookiesSupported: tokenManager.areCookiesSupported(),
+      domainInfo: tokenManager.getDomainInfo()
+    };
+  }
+};
+
+// src/services/auth/patterns/state/unauthenticated-state.ts
+var UnauthenticatedState = class {
+  async getStatus(tokenManager) {
+    const authStatus = await this.buildAuthStatus(tokenManager, false);
+    return AuthResultFactory.createFailure("User is not authenticated", authStatus);
+  }
+  async buildAuthStatus(tokenManager, isAuthenticated) {
+    return {
+      isAuthenticated,
+      hasAccessToken: !!await tokenManager.getAccessToken(),
+      hasRefreshToken: !!await tokenManager.getRefreshToken(),
+      cookiesSupported: tokenManager.areCookiesSupported(),
+      domainInfo: tokenManager.getDomainInfo()
+    };
+  }
+};
+
+// src/services/auth/patterns/state/authentication-status-context.ts
+var AuthenticationStatusContext = class {
+  static async getStatus(tokenManager) {
+    const isAuthenticated = !!await tokenManager.getAccessToken();
+    const state = this.states.get(isAuthenticated) || new UnauthenticatedState();
+    return await state.getStatus(tokenManager);
+  }
+};
+AuthenticationStatusContext.states = /* @__PURE__ */ new Map([
+  [true, new AuthenticatedState()],
+  [false, new UnauthenticatedState()]
+]);
+
+// src/middlewares/handlers/base-middleware-handler.ts
+var BaseMiddlewareHandler = class {
+  /**
+   * Check if user has both access and refresh tokens
+   */
+  hasAuthenticationCookies(cookies) {
+    const { accessTokenKey, refreshTokenKey } = this.getAuthCookieKeys();
+    return cookies.has(accessTokenKey) && cookies.has(refreshTokenKey);
+  }
+  /**
+   * Get authentication cookie keys from environment variables with fallbacks
+   */
+  getAuthCookieKeys() {
+    return {
+      accessTokenKey: process.env.AUTH_ACCESS_TOKEN_KEY || "",
+      refreshTokenKey: process.env.AUTH_REFRESH_TOKEN_KEY || ""
+    };
+  }
+  /**
+   * Create a redirect response to the dashboard
+   */
+  redirectToDashboard(context) {
+    const dashboardUrl = new URL(MiddlewareConfig.PROTECTED_ROUTES.DASHBOARD, context.request.url);
+    return NextResponse.redirect(dashboardUrl);
+  }
+  /**
+   * Create a redirect response to login with authentication parameters
+   * Includes loop prevention - won't redirect if already has auth_checked parameter
+   */
+  redirectToLoginWithParams(context) {
+    const loginUrl = new URL(MiddlewareConfig.AUTH_ROUTES.LOGIN, context.request.url);
+    if (context.searchParams.get(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED) === MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED) {
+      return NextResponse.next();
+    }
+    loginUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED, MiddlewareConfig.QUERY_VALUES.LOGIN_REQUIRED);
+    loginUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED, MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED);
+    return NextResponse.redirect(loginUrl);
+  }
+  /**
+   * Create a redirect response with custom URL and auth parameters
+   * Includes loop prevention - won't redirect if target already has auth_checked parameter
+   */
+  redirectWithAuthParams(targetUrl) {
+    const url = new URL(targetUrl.toString());
+    if (url.searchParams.get(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED) === MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED) {
+      return NextResponse.next();
+    }
+    url.searchParams.set(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED, MiddlewareConfig.QUERY_VALUES.LOGIN_REQUIRED);
+    url.searchParams.set(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED, MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED);
+    return NextResponse.redirect(url);
+  }
+  /**
+   * Check if the current path is a dashboard route
+   */
+  isDashboardRoute(pathname) {
+    return pathname.startsWith(MiddlewareConfig.PROTECTED_ROUTES.DASHBOARD);
+  }
+  /**
+   * Check if the current path is the login page
+   */
+  isLoginRoute(pathname) {
+    return pathname === MiddlewareConfig.AUTH_ROUTES.LOGIN;
+  }
+  /**
+   * Check if request method is allowed
+   */
+  isAllowedMethod(method) {
+    return MiddlewareConfig.ALLOWED_METHODS.includes(method);
+  }
+  /**
+   * Check if the request has auth checked parameter (loop prevention)
+   */
+  hasAuthCheckedParam(searchParams) {
+    return searchParams.get(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED) === MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED;
+  }
+  /**
+   * Continue to next handler
+   */
+  continue() {
+    return null;
+  }
+  /**
+   * Allow request to proceed
+   */
+  allow() {
+    return NextResponse.next();
+  }
+  /**
+   * Create a redirect response with cleaned URL (removes auth-related query parameters)
+   */
+  redirectWithCleanUrl(context) {
+    const cleanUrl = new URL(context.nextUrl.toString());
+    cleanUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED);
+    cleanUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
+    return NextResponse.redirect(cleanUrl);
+  }
+  /**
+   * Check if URL has auth-related query parameters that need cleanup
+   */
+  hasAuthQueryParams(searchParams) {
+    return searchParams.has(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED) || searchParams.has(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
+  }
+  /**
+   * Make an authenticated GET API call to getUserProfile endpoint
+   */
+  async makeAuthenticatedApiCall(cookies) {
+    var _a;
+    const { accessTokenKey } = this.getAuthCookieKeys();
+    const accessToken = (_a = cookies.get(accessTokenKey)) == null ? void 0 : _a.value;
+    if (!accessToken) {
+      throw new Error("Access token not found in cookies");
+    }
+    const baseURL = process.env.NEXT_PUBLIC_API_BASE_URL || "";
+    const apiKey = process.env.NEXT_PUBLIC_API_KEY || "";
+    const origin = process.env.NEXT_PUBLIC_API_ORIGIN || "";
+    const url = `${baseURL}${AUTH_ENDPOINTS.GET_USER_PROFILE}`;
+    const response = await fetch(url, {
+      method: "GET" /* GET */,
+      headers: {
+        "Content-Type": "application/json",
+        "Origin": origin,
+        "x-api-key": apiKey,
+        "authorization": `Bearer ${accessToken}`
+      }
+    });
+    return response;
+  }
+};
+
+// src/middlewares/handlers/method-filter-handler.ts
+var MethodFilterHandler = class extends BaseMiddlewareHandler {
+  handle(context) {
+    const { method } = context;
+    if (!this.isAllowedMethod(method)) {
+      return this.allow();
+    }
+    return this.continue();
+  }
+};
+
+// src/middlewares/handlers/route-protection-handler.ts
+var RouteProtectionHandler = class extends BaseMiddlewareHandler {
+  handle(context) {
+    const { pathname } = context;
+    if (!this.isDashboardRoute(pathname)) {
+      return this.continue();
+    }
+    return this.continue();
+  }
+};
+
+// src/middlewares/handlers/authentication-handler.ts
+var AuthenticationHandler = class extends BaseMiddlewareHandler {
+  async handle(context) {
+    const { cookies, nextUrl, pathname } = context;
+    const hasAuthCookies = this.hasAuthenticationCookies(cookies);
+    if (!hasAuthCookies) {
+      if (this.isDashboardRoute(pathname)) {
+        return this.redirectWithAuthParams(nextUrl);
+      }
+      return this.continue();
+    }
+    try {
+      const response = await this.makeAuthenticatedApiCall(cookies);
+      if (!response.ok) {
+        throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+      }
+      await response.json();
+      if (this.hasAuthQueryParams(context.searchParams)) {
+        return this.redirectWithCleanUrl(context);
+      }
+      return this.allow();
+    } catch (error) {
+      console.log("JWT validation failed:", error instanceof Error ? error.message : "Unknown error");
+      if (this.isDashboardRoute(pathname)) {
+        return this.redirectWithAuthParams(nextUrl);
+      }
+      return this.continue();
+    }
+  }
+};
+
+// src/middlewares/handlers/login-redirect-handler.ts
+var LoginRedirectHandler = class extends BaseMiddlewareHandler {
+  handle(context) {
+    const { pathname, cookies } = context;
+    if (!this.isLoginRoute(pathname)) {
+      return this.continue();
+    }
+    const isAuthenticated = this.hasAuthenticationCookies(cookies);
+    if (isAuthenticated) {
+      return this.redirectToDashboard(context);
+    }
+    return this.continue();
+  }
+};
+
+// src/middlewares/handlers/middleware-chain.ts
+import { NextResponse as NextResponse2 } from "next/server";
+var MiddlewareChain = class {
+  constructor() {
+    this.handlers = [];
+  }
+  addHandler(handler) {
+    this.handlers.push(handler);
+    return this;
+  }
+  async process(context) {
+    for (const handler of this.handlers) {
+      const result = await handler.handle(context);
+      if (result !== null) {
+        return result;
+      }
+    }
+    return NextResponse2.next();
+  }
+};
+
+// src/middleware.ts
+async function middleware(req) {
+  const context = {
+    request: req,
+    method: req.method,
+    pathname: req.nextUrl.pathname,
+    searchParams: req.nextUrl.searchParams,
+    cookies: req.cookies,
+    nextUrl: req.nextUrl
+  };
+  const chain = new MiddlewareChain().addHandler(new MethodFilterHandler()).addHandler(new RouteProtectionHandler()).addHandler(new LoginRedirectHandler()).addHandler(new AuthenticationHandler());
+  return await chain.process(context);
+}
+export {
+  config,
+  middleware,
+  middlewareMatcher
+};