mailsentry-auth 0.1.1 → 0.1.4

package/dist/index.js

@@ -83,8 +83,8 @@ var AuthEventType = /* @__PURE__ */ ((AuthEventType3) => {
   return AuthEventType3;
 })(AuthEventType || {});
 var PageType = /* @__PURE__ */ ((PageType3) => {
-  PageType3["LOGIN"] = "/login";
-  PageType3["DASHBOARD"] = "/dashboard";
+  PageType3["LOGIN"] = "login";
+  PageType3["DASHBOARD"] = "dashboard";
   PageType3["HOME"] = "/";
   return PageType3;
 })(PageType || {});
@@ -92,30 +92,30 @@ var NavigationAction = /* @__PURE__ */ ((NavigationAction2) => {
   NavigationAction2["NONE"] = "none";
   NavigationAction2["REDIRECT"] = "redirect";
   NavigationAction2["MODAL"] = "modal";
+  NavigationAction2["CURRENT"] = "current";
   return NavigationAction2;
 })(NavigationAction || {});
 var PageTypePatterns = {
-  ["/login" /* LOGIN */]: "/login" /* LOGIN */,
-  ["/dashboard" /* DASHBOARD */]: "/dashboard" /* DASHBOARD */,
-  ["/" /* HOME */]: "/" /* HOME */
+  ["login" /* LOGIN */]: "login" /* LOGIN */,
+  ["dashboard" /* DASHBOARD */]: "dashboard" /* DASHBOARD */
 };
 var CrossTabBehaviorConfig = {
-  ["/login" /* LOGIN */]: {
-    ["auth.logged_in" /* LoggedIn */]: { action: "redirect" /* REDIRECT */, target: "/dashboard" /* DASHBOARD */ },
+  ["login" /* LOGIN */]: {
+    ["auth.logged_in" /* LoggedIn */]: { action: "redirect" /* REDIRECT */, target: "dashboard" /* DASHBOARD */ },
     ["auth.logged_out" /* LoggedOut */]: { action: "none" /* NONE */ },
     ["auth.email_verified" /* EmailVerified */]: { action: "none" /* NONE */ },
     ["auth.signin_required_modal" /* SignInRequiredModal */]: { action: "none" /* NONE */ }
   },
-  ["/dashboard" /* DASHBOARD */]: {
-    ["auth.logged_in" /* LoggedIn */]: { action: "modal" /* MODAL */ },
-    ["auth.logged_out" /* LoggedOut */]: { action: "redirect" /* REDIRECT */, target: "/dashboard" /* DASHBOARD */ },
-    ["auth.email_verified" /* EmailVerified */]: { action: "modal" /* MODAL */ },
-    ["auth.signin_required_modal" /* SignInRequiredModal */]: { action: "none" /* NONE */ }
+  ["dashboard" /* DASHBOARD */]: {
+    ["auth.logged_in" /* LoggedIn */]: { action: "current" /* CURRENT */ },
+    ["auth.logged_out" /* LoggedOut */]: { action: "current" /* CURRENT */ },
+    ["auth.email_verified" /* EmailVerified */]: { action: "current" /* CURRENT */ },
+    ["auth.signin_required_modal" /* SignInRequiredModal */]: { action: "current" /* CURRENT */ }
   },
   ["/" /* HOME */]: {
-    ["auth.logged_in" /* LoggedIn */]: { action: "modal" /* MODAL */ },
-    ["auth.logged_out" /* LoggedOut */]: { action: "redirect" /* REDIRECT */, target: "/" /* HOME */ },
-    ["auth.email_verified" /* EmailVerified */]: { action: "modal" /* MODAL */ },
+    ["auth.logged_in" /* LoggedIn */]: { action: "none" /* NONE */ },
+    ["auth.logged_out" /* LoggedOut */]: { action: "none" /* NONE */ },
+    ["auth.email_verified" /* EmailVerified */]: { action: "none" /* NONE */ },
     ["auth.signin_required_modal" /* SignInRequiredModal */]: { action: "none" /* NONE */ }
   }
 };
@@ -254,13 +254,32 @@ var getVerificationField = (codeLength = 5, options = {}) => ({
 
 // src/config/middleware.ts
 var MiddlewareConfig = class {
+  /**
+   * Get the base domain from environment or use default
+   */
+  static getBaseDomain() {
+    return process.env.NEXT_PUBLIC_BASE_DOMAIN || "cutly.io";
+  }
+  /**
+   * Get the protocol based on environment
+   */
+  static getProtocol() {
+    return process.env.NODE_ENV === "production" ? "https" : "http";
+  }
+  /**
+   * Get the dashboard subdomain URL
+   */
+  static getDashboardUrl(path = "") {
+    return `${this.getProtocol()}://${this.SUBDOMAINS.DASHBOARD}.${this.getBaseDomain()}${path}`;
+  }
 };
-// Protected routes
-MiddlewareConfig.PROTECTED_ROUTES = {
-  DASHBOARD: "/"
+// Subdomain configuration
+MiddlewareConfig.SUBDOMAINS = {
+  DASHBOARD: "dashboard"
 };
-// Auth routes
-MiddlewareConfig.AUTH_ROUTES = {
+// Routes
+MiddlewareConfig.ROUTES = {
+  ROOT: "/",
   LOGIN: "/login"
 };
 // HTTP methods to process
@@ -268,7 +287,8 @@ MiddlewareConfig.ALLOWED_METHODS = ["GET", "HEAD"];
 // Query parameters
 MiddlewareConfig.QUERY_PARAMS = {
   LOGIN_REQUIRED: "sign_in_required",
-  AUTH_CHECKED: "auth_checked"
+  AUTH_CHECKED: "auth_checked",
+  REDIRECT_URL: "redirect_url"
 };
 // Query parameter values
 MiddlewareConfig.QUERY_VALUES = {
@@ -276,8 +296,7 @@ MiddlewareConfig.QUERY_VALUES = {
   AUTH_CHECKED: "1"
 };
 var middlewareMatcher = [
-  "/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)",
-  "/login"
+  "/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)"
 ];
 var config = {
   matcher: middlewareMatcher
@@ -401,12 +420,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -420,13 +445,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -516,18 +543,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    api.remove(this.getAccessTokenKey(), removeOptions);
-    api.remove(this.getRefreshTokenKey(), removeOptions);
+    api.remove(accessKey, rootDomainOptions);
+    api.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    api.remove(accessKey, currentDomainOptions);
+    api.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -594,18 +629,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 
@@ -744,18 +782,53 @@ var BroadcastChannelEventBus = class _BroadcastChannelEventBus {
   }
 };
 
+// src/services/utils/url-utils.ts
+var UrlUtils = class {
+  /**
+   * Extract subdomain from hostname or URL
+   * Example: "dashboard.cutly.io" -> "dashboard"
+   * Example: "dashboard.localhost" -> "dashboard"
+   */
+  static getSubdomain(url) {
+    try {
+      const domain = new URL(`http://${url}`).hostname;
+      const parts = domain.split(".");
+      if (parts.length < 2 || domain === "localhost" || /^\d{1,3}(\.\d{1,3}){3}/.test(domain) || domain.startsWith(MiddlewareConfig.getBaseDomain())) {
+        return null;
+      }
+      return parts[0] || null;
+    } catch (e) {
+      return null;
+    }
+  }
+  /**
+   * Check if URL has auth-related query parameters
+   */
+  static hasAuthParams(url) {
+    return url.includes(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
+  }
+};
+
 // src/services/utils/cross-tab-behavior-handler.ts
 var CrossTabBehaviorHandler = class {
   /**
-   * Get current page type based on pathname using pattern matching
+   * Get current page type using object lookup pattern
    */
   static getCurrentPageType() {
-    var _a, _b;
+    var _a;
     if (typeof window === "undefined") return "/" /* HOME */;
-    const pathname = window.location.pathname;
-    return (_b = (_a = Object.entries(PageTypePatterns).find(
-      ([pattern]) => pathname.includes(pattern)
-    )) == null ? void 0 : _a[1]) != null ? _b : "/" /* HOME */;
+    try {
+      const pathname = window.location.pathname;
+      const subdomain = UrlUtils.getSubdomain(window.location.hostname);
+      const pageTypeMatchers = {
+        ["login" /* LOGIN */]: pathname === MiddlewareConfig.ROUTES.LOGIN,
+        ["dashboard" /* DASHBOARD */]: subdomain === MiddlewareConfig.SUBDOMAINS.DASHBOARD
+      };
+      const matchedPageType = (_a = Object.entries(pageTypeMatchers).find(([, matches]) => matches)) == null ? void 0 : _a[0];
+      return matchedPageType != null ? matchedPageType : "dashboard" /* DASHBOARD */;
+    } catch (e) {
+      return "dashboard" /* DASHBOARD */;
+    }
   }
   /**
    * Get the action configuration for current route and event
@@ -766,18 +839,12 @@ var CrossTabBehaviorHandler = class {
   }
   /**
    * Check if current route requires redirect for given event
+   * Returns PageType to redirect to, or null if no redirect needed
    */
   static shouldRedirect(currentPageType, eventType) {
     const action = this.getAction(currentPageType, eventType);
     return action.action === "redirect" /* REDIRECT */ ? action.target : null;
   }
-  /**
-   * Check if current route should show modal for given event
-   */
-  static shouldShowModal(currentPageType, eventType) {
-    const action = this.getAction(currentPageType, eventType);
-    return action.action === "modal" /* MODAL */;
-  }
 };
 
 // src/services/auth/manager/token-manager.ts
@@ -2315,6 +2382,13 @@ var useAuthEventBus = ({ onLoggedOut, onLoggedIn } = {}) => {
             window.location.replace(target);
           }
         },
+        ["current" /* CURRENT */]: () => {
+          const isAuthAction = e.type === "auth.logged_in" /* LoggedIn */ || e.type === "auth.logged_out" /* LoggedOut */;
+          const hasParams = UrlUtils.hasAuthParams(window.location.href);
+          if (isAuthAction || !hasParams) {
+            window.location.reload();
+          }
+        },
         ["modal" /* MODAL */]: () => {
           if (e.type === "auth.logged_in" /* LoggedIn */) {
             window.location.replace(window.location.href);
@@ -2988,7 +3062,8 @@ var CrossTabDemo = () => {
 
 
 
-exports.AUTH_ENDPOINTS = AUTH_ENDPOINTS; exports.AlertDisplay = AlertDisplay; exports.AuthEventType = AuthEventType; exports.AuthFlowContainer = AuthFlowContainer; exports.AuthFlowModal = AuthFlowModal; exports.AuthFlowStep = AuthFlowStep; exports.AuthInitializer = AuthInitializer; exports.AuthOrchestrator = AuthOrchestrator; exports.AuthOrchestratorFactory = AuthOrchestratorFactory; exports.AuthResultFactory = AuthResultFactory; exports.AuthService = AuthService; exports.AuthenticatedState = AuthenticatedState; exports.AuthenticationStatusContext = AuthenticationStatusContext; exports.BaseErrorHandler = BaseErrorHandler; exports.BaseEventBus = BaseEventBus; exports.BaseForm = BaseForm; exports.BaseService = BaseService; exports.BroadcastChannelEventBus = BroadcastChannelEventBus; exports.Channel = Channel; exports.CookieUtils = CookieUtils; exports.CrossTabBehaviorConfig = CrossTabBehaviorConfig; exports.CrossTabBehaviorHandler = CrossTabBehaviorHandler; exports.CrossTabDemo = CrossTabDemo; exports.DevelopmentLogger = DevelopmentLogger; exports.EMAIL_SUBMISSION_NAVIGATION = EMAIL_SUBMISSION_NAVIGATION; exports.EmailStep = EmailStep; exports.EndpointBuilder = EndpointBuilder; exports.ExistingUserLoginStrategy = ExistingUserLoginStrategy; exports.FormFields = FormFields; exports.FormHeader = FormHeader; exports.GenericErrorHandler = GenericErrorHandler; exports.HttpClient = HttpClient; exports.HttpMethod = HttpMethod; exports.LocalStorageUtils = LocalStorageUtils; exports.LoggerFactory = LoggerFactory; exports.LoginFlowStrategyFactory = LoginFlowStrategyFactory; exports.MiddlewareConfig = MiddlewareConfig; exports.NavigationAction = NavigationAction; exports.NetworkErrorHandler = NetworkErrorHandler; exports.NextAction = NextAction; exports.PASSWORD_SUBMISSION_NAVIGATION = PASSWORD_SUBMISSION_NAVIGATION; exports.PageType = PageType; exports.PageTypePatterns = PageTypePatterns; exports.PasswordStep = PasswordStep; exports.ProductionLogger = ProductionLogger; exports.ProfileStateRenderer = ProfileStateRenderer; exports.ProfileUIState = ProfileUIState; exports.RoleType = RoleType; exports.SignupFlowStrategy = SignupFlowStrategy; exports.TokenManager = TokenManager; exports.UnauthenticatedState = UnauthenticatedState; exports.UserStorageManager = UserStorageManager; exports.VERIFICATION_SUBMISSION_NAVIGATION = VERIFICATION_SUBMISSION_NAVIGATION; exports.ValidationErrorHandler = ValidationErrorHandler; exports.VerificationStep = VerificationStep; exports.config = config; exports.createAuthSteps = createAuthSteps; exports.createPropsFactoryRegistry = createPropsFactoryRegistry; exports.createStepRegistry = createStepRegistry; exports.getAuthPageStepMessage = getAuthPageStepMessage; exports.getEmailField = getEmailField; exports.getEmailStepComponent = getEmailStepComponent; exports.getPasswordField = getPasswordField; exports.getPasswordStepComponent = getPasswordStepComponent; exports.getStepForEmailSubmission = getStepForEmailSubmission; exports.getStepForPasswordSubmission = getStepForPasswordSubmission; exports.getStepForVerificationSubmission = getStepForVerificationSubmission; exports.getStepProgressMessage = getStepProgressMessage; exports.getVerificationField = getVerificationField; exports.getVerificationStepComponent = getVerificationStepComponent; exports.middlewareMatcher = middlewareMatcher; exports.useAuth = useAuth; exports.useAuthActionHandler = useAuthActionHandler; exports.useAuthEventBus = useAuthEventBus; exports.useAuthFlowModal = useAuthFlowModal; exports.useAuthInitializer = useAuthInitializer; exports.useIsAuthenticated = useIsAuthenticated; exports.useLogout = useLogout; exports.useRefreshUser = useRefreshUser; exports.useSharedEventBus = useSharedEventBus; exports.useSignInRequiredParams = useSignInRequiredParams; exports.useStepRegistry = useStepRegistry; exports.useStepRenderer = useStepRenderer; exports.useStepper = useStepper; exports.useUser = useUser; exports.useUserActions = useUserActions; exports.useUserData = useUserData; exports.useUserError = useUserError; exports.useUserLoading = useUserLoading; exports.useUserProfile = useUserProfile; exports.useUserStore = useUserStore; exports.userSelectors = userSelectors;
+
+exports.AUTH_ENDPOINTS = AUTH_ENDPOINTS; exports.AlertDisplay = AlertDisplay; exports.AuthEventType = AuthEventType; exports.AuthFlowContainer = AuthFlowContainer; exports.AuthFlowModal = AuthFlowModal; exports.AuthFlowStep = AuthFlowStep; exports.AuthInitializer = AuthInitializer; exports.AuthOrchestrator = AuthOrchestrator; exports.AuthOrchestratorFactory = AuthOrchestratorFactory; exports.AuthResultFactory = AuthResultFactory; exports.AuthService = AuthService; exports.AuthenticatedState = AuthenticatedState; exports.AuthenticationStatusContext = AuthenticationStatusContext; exports.BaseErrorHandler = BaseErrorHandler; exports.BaseEventBus = BaseEventBus; exports.BaseForm = BaseForm; exports.BaseService = BaseService; exports.BroadcastChannelEventBus = BroadcastChannelEventBus; exports.Channel = Channel; exports.CookieUtils = CookieUtils; exports.CrossTabBehaviorConfig = CrossTabBehaviorConfig; exports.CrossTabBehaviorHandler = CrossTabBehaviorHandler; exports.CrossTabDemo = CrossTabDemo; exports.DevelopmentLogger = DevelopmentLogger; exports.EMAIL_SUBMISSION_NAVIGATION = EMAIL_SUBMISSION_NAVIGATION; exports.EmailStep = EmailStep; exports.EndpointBuilder = EndpointBuilder; exports.ExistingUserLoginStrategy = ExistingUserLoginStrategy; exports.FormFields = FormFields; exports.FormHeader = FormHeader; exports.GenericErrorHandler = GenericErrorHandler; exports.HttpClient = HttpClient; exports.HttpMethod = HttpMethod; exports.LocalStorageUtils = LocalStorageUtils; exports.LoggerFactory = LoggerFactory; exports.LoginFlowStrategyFactory = LoginFlowStrategyFactory; exports.MiddlewareConfig = MiddlewareConfig; exports.NavigationAction = NavigationAction; exports.NetworkErrorHandler = NetworkErrorHandler; exports.NextAction = NextAction; exports.PASSWORD_SUBMISSION_NAVIGATION = PASSWORD_SUBMISSION_NAVIGATION; exports.PageType = PageType; exports.PageTypePatterns = PageTypePatterns; exports.PasswordStep = PasswordStep; exports.ProductionLogger = ProductionLogger; exports.ProfileStateRenderer = ProfileStateRenderer; exports.ProfileUIState = ProfileUIState; exports.RoleType = RoleType; exports.SignupFlowStrategy = SignupFlowStrategy; exports.TokenManager = TokenManager; exports.UnauthenticatedState = UnauthenticatedState; exports.UrlUtils = UrlUtils; exports.UserStorageManager = UserStorageManager; exports.VERIFICATION_SUBMISSION_NAVIGATION = VERIFICATION_SUBMISSION_NAVIGATION; exports.ValidationErrorHandler = ValidationErrorHandler; exports.VerificationStep = VerificationStep; exports.config = config; exports.createAuthSteps = createAuthSteps; exports.createPropsFactoryRegistry = createPropsFactoryRegistry; exports.createStepRegistry = createStepRegistry; exports.getAuthPageStepMessage = getAuthPageStepMessage; exports.getEmailField = getEmailField; exports.getEmailStepComponent = getEmailStepComponent; exports.getPasswordField = getPasswordField; exports.getPasswordStepComponent = getPasswordStepComponent; exports.getStepForEmailSubmission = getStepForEmailSubmission; exports.getStepForPasswordSubmission = getStepForPasswordSubmission; exports.getStepForVerificationSubmission = getStepForVerificationSubmission; exports.getStepProgressMessage = getStepProgressMessage; exports.getVerificationField = getVerificationField; exports.getVerificationStepComponent = getVerificationStepComponent; exports.middlewareMatcher = middlewareMatcher; exports.useAuth = useAuth; exports.useAuthActionHandler = useAuthActionHandler; exports.useAuthEventBus = useAuthEventBus; exports.useAuthFlowModal = useAuthFlowModal; exports.useAuthInitializer = useAuthInitializer; exports.useIsAuthenticated = useIsAuthenticated; exports.useLogout = useLogout; exports.useRefreshUser = useRefreshUser; exports.useSharedEventBus = useSharedEventBus; exports.useSignInRequiredParams = useSignInRequiredParams; exports.useStepRegistry = useStepRegistry; exports.useStepRenderer = useStepRenderer; exports.useStepper = useStepper; exports.useUser = useUser; exports.useUserActions = useUserActions; exports.useUserData = useUserData; exports.useUserError = useUserError; exports.useUserLoading = useUserLoading; exports.useUserProfile = useUserProfile; exports.useUserStore = useUserStore; exports.userSelectors = userSelectors;
 /*! Bundled license information:
 
 js-cookie/dist/js.cookie.mjs:

package/dist/index.mjs

@@ -83,8 +83,8 @@ var AuthEventType = /* @__PURE__ */ ((AuthEventType3) => {
   return AuthEventType3;
 })(AuthEventType || {});
 var PageType = /* @__PURE__ */ ((PageType3) => {
-  PageType3["LOGIN"] = "/login";
-  PageType3["DASHBOARD"] = "/dashboard";
+  PageType3["LOGIN"] = "login";
+  PageType3["DASHBOARD"] = "dashboard";
   PageType3["HOME"] = "/";
   return PageType3;
 })(PageType || {});
@@ -92,30 +92,30 @@ var NavigationAction = /* @__PURE__ */ ((NavigationAction2) => {
   NavigationAction2["NONE"] = "none";
   NavigationAction2["REDIRECT"] = "redirect";
   NavigationAction2["MODAL"] = "modal";
+  NavigationAction2["CURRENT"] = "current";
   return NavigationAction2;
 })(NavigationAction || {});
 var PageTypePatterns = {
-  ["/login" /* LOGIN */]: "/login" /* LOGIN */,
-  ["/dashboard" /* DASHBOARD */]: "/dashboard" /* DASHBOARD */,
-  ["/" /* HOME */]: "/" /* HOME */
+  ["login" /* LOGIN */]: "login" /* LOGIN */,
+  ["dashboard" /* DASHBOARD */]: "dashboard" /* DASHBOARD */
 };
 var CrossTabBehaviorConfig = {
-  ["/login" /* LOGIN */]: {
-    ["auth.logged_in" /* LoggedIn */]: { action: "redirect" /* REDIRECT */, target: "/dashboard" /* DASHBOARD */ },
+  ["login" /* LOGIN */]: {
+    ["auth.logged_in" /* LoggedIn */]: { action: "redirect" /* REDIRECT */, target: "dashboard" /* DASHBOARD */ },
     ["auth.logged_out" /* LoggedOut */]: { action: "none" /* NONE */ },
     ["auth.email_verified" /* EmailVerified */]: { action: "none" /* NONE */ },
     ["auth.signin_required_modal" /* SignInRequiredModal */]: { action: "none" /* NONE */ }
   },
-  ["/dashboard" /* DASHBOARD */]: {
-    ["auth.logged_in" /* LoggedIn */]: { action: "modal" /* MODAL */ },
-    ["auth.logged_out" /* LoggedOut */]: { action: "redirect" /* REDIRECT */, target: "/dashboard" /* DASHBOARD */ },
-    ["auth.email_verified" /* EmailVerified */]: { action: "modal" /* MODAL */ },
-    ["auth.signin_required_modal" /* SignInRequiredModal */]: { action: "none" /* NONE */ }
+  ["dashboard" /* DASHBOARD */]: {
+    ["auth.logged_in" /* LoggedIn */]: { action: "current" /* CURRENT */ },
+    ["auth.logged_out" /* LoggedOut */]: { action: "current" /* CURRENT */ },
+    ["auth.email_verified" /* EmailVerified */]: { action: "current" /* CURRENT */ },
+    ["auth.signin_required_modal" /* SignInRequiredModal */]: { action: "current" /* CURRENT */ }
   },
   ["/" /* HOME */]: {
-    ["auth.logged_in" /* LoggedIn */]: { action: "modal" /* MODAL */ },
-    ["auth.logged_out" /* LoggedOut */]: { action: "redirect" /* REDIRECT */, target: "/" /* HOME */ },
-    ["auth.email_verified" /* EmailVerified */]: { action: "modal" /* MODAL */ },
+    ["auth.logged_in" /* LoggedIn */]: { action: "none" /* NONE */ },
+    ["auth.logged_out" /* LoggedOut */]: { action: "none" /* NONE */ },
+    ["auth.email_verified" /* EmailVerified */]: { action: "none" /* NONE */ },
     ["auth.signin_required_modal" /* SignInRequiredModal */]: { action: "none" /* NONE */ }
   }
 };
@@ -254,13 +254,32 @@ var getVerificationField = (codeLength = 5, options = {}) => ({
 
 // src/config/middleware.ts
 var MiddlewareConfig = class {
+  /**
+   * Get the base domain from environment or use default
+   */
+  static getBaseDomain() {
+    return process.env.NEXT_PUBLIC_BASE_DOMAIN || "cutly.io";
+  }
+  /**
+   * Get the protocol based on environment
+   */
+  static getProtocol() {
+    return process.env.NODE_ENV === "production" ? "https" : "http";
+  }
+  /**
+   * Get the dashboard subdomain URL
+   */
+  static getDashboardUrl(path = "") {
+    return `${this.getProtocol()}://${this.SUBDOMAINS.DASHBOARD}.${this.getBaseDomain()}${path}`;
+  }
 };
-// Protected routes
-MiddlewareConfig.PROTECTED_ROUTES = {
-  DASHBOARD: "/"
+// Subdomain configuration
+MiddlewareConfig.SUBDOMAINS = {
+  DASHBOARD: "dashboard"
 };
-// Auth routes
-MiddlewareConfig.AUTH_ROUTES = {
+// Routes
+MiddlewareConfig.ROUTES = {
+  ROOT: "/",
   LOGIN: "/login"
 };
 // HTTP methods to process
@@ -268,7 +287,8 @@ MiddlewareConfig.ALLOWED_METHODS = ["GET", "HEAD"];
 // Query parameters
 MiddlewareConfig.QUERY_PARAMS = {
   LOGIN_REQUIRED: "sign_in_required",
-  AUTH_CHECKED: "auth_checked"
+  AUTH_CHECKED: "auth_checked",
+  REDIRECT_URL: "redirect_url"
 };
 // Query parameter values
 MiddlewareConfig.QUERY_VALUES = {
@@ -276,8 +296,7 @@ MiddlewareConfig.QUERY_VALUES = {
   AUTH_CHECKED: "1"
 };
 var middlewareMatcher = [
-  "/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)",
-  "/login"
+  "/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)"
 ];
 var config = {
   matcher: middlewareMatcher
@@ -401,12 +420,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -420,13 +445,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -516,18 +543,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    api.remove(this.getAccessTokenKey(), removeOptions);
-    api.remove(this.getRefreshTokenKey(), removeOptions);
+    api.remove(accessKey, rootDomainOptions);
+    api.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    api.remove(accessKey, currentDomainOptions);
+    api.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -594,18 +629,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 
@@ -744,18 +782,53 @@ var BroadcastChannelEventBus = class _BroadcastChannelEventBus {
   }
 };
 
+// src/services/utils/url-utils.ts
+var UrlUtils = class {
+  /**
+   * Extract subdomain from hostname or URL
+   * Example: "dashboard.cutly.io" -> "dashboard"
+   * Example: "dashboard.localhost" -> "dashboard"
+   */
+  static getSubdomain(url) {
+    try {
+      const domain = new URL(`http://${url}`).hostname;
+      const parts = domain.split(".");
+      if (parts.length < 2 || domain === "localhost" || /^\d{1,3}(\.\d{1,3}){3}/.test(domain) || domain.startsWith(MiddlewareConfig.getBaseDomain())) {
+        return null;
+      }
+      return parts[0] || null;
+    } catch (e) {
+      return null;
+    }
+  }
+  /**
+   * Check if URL has auth-related query parameters
+   */
+  static hasAuthParams(url) {
+    return url.includes(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
+  }
+};
+
 // src/services/utils/cross-tab-behavior-handler.ts
 var CrossTabBehaviorHandler = class {
   /**
-   * Get current page type based on pathname using pattern matching
+   * Get current page type using object lookup pattern
    */
   static getCurrentPageType() {
-    var _a, _b;
+    var _a;
     if (typeof window === "undefined") return "/" /* HOME */;
-    const pathname = window.location.pathname;
-    return (_b = (_a = Object.entries(PageTypePatterns).find(
-      ([pattern]) => pathname.includes(pattern)
-    )) == null ? void 0 : _a[1]) != null ? _b : "/" /* HOME */;
+    try {
+      const pathname = window.location.pathname;
+      const subdomain = UrlUtils.getSubdomain(window.location.hostname);
+      const pageTypeMatchers = {
+        ["login" /* LOGIN */]: pathname === MiddlewareConfig.ROUTES.LOGIN,
+        ["dashboard" /* DASHBOARD */]: subdomain === MiddlewareConfig.SUBDOMAINS.DASHBOARD
+      };
+      const matchedPageType = (_a = Object.entries(pageTypeMatchers).find(([, matches]) => matches)) == null ? void 0 : _a[0];
+      return matchedPageType != null ? matchedPageType : "dashboard" /* DASHBOARD */;
+    } catch (e) {
+      return "dashboard" /* DASHBOARD */;
+    }
   }
   /**
    * Get the action configuration for current route and event
@@ -766,18 +839,12 @@ var CrossTabBehaviorHandler = class {
   }
   /**
    * Check if current route requires redirect for given event
+   * Returns PageType to redirect to, or null if no redirect needed
    */
   static shouldRedirect(currentPageType, eventType) {
     const action = this.getAction(currentPageType, eventType);
     return action.action === "redirect" /* REDIRECT */ ? action.target : null;
   }
-  /**
-   * Check if current route should show modal for given event
-   */
-  static shouldShowModal(currentPageType, eventType) {
-    const action = this.getAction(currentPageType, eventType);
-    return action.action === "modal" /* MODAL */;
-  }
 };
 
 // src/services/auth/manager/token-manager.ts
@@ -2315,6 +2382,13 @@ var useAuthEventBus = ({ onLoggedOut, onLoggedIn } = {}) => {
             window.location.replace(target);
           }
         },
+        ["current" /* CURRENT */]: () => {
+          const isAuthAction = e.type === "auth.logged_in" /* LoggedIn */ || e.type === "auth.logged_out" /* LoggedOut */;
+          const hasParams = UrlUtils.hasAuthParams(window.location.href);
+          if (isAuthAction || !hasParams) {
+            window.location.reload();
+          }
+        },
         ["modal" /* MODAL */]: () => {
           if (e.type === "auth.logged_in" /* LoggedIn */) {
             window.location.replace(window.location.href);
@@ -2947,6 +3021,7 @@ export {
   SignupFlowStrategy,
   TokenManager,
   UnauthenticatedState,
+  UrlUtils,
   UserStorageManager,
   VERIFICATION_SUBMISSION_NAVIGATION,
   ValidationErrorHandler,

package/dist/middleware.d.mts

@@ -1,27 +1,22 @@
 import { NextRequest, NextResponse } from 'next/server';
 
 /**
- * Middleware matcher patterns - exported separately for static analysis
- * Pattern includes:
- * - / (home route and all other routes for authentication protection)
- * - /login route (for authenticated user redirection)
- * Excludes: API routes, Next.js internals, static assets, and file extensions
+ * Middleware matcher patterns
+ * Matches all routes except API routes, Next.js internals, and static assets
  */
-declare const middlewareMatcher: readonly ["/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)", "/login"];
+declare const middlewareMatcher: readonly ["/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)"];
 /**
- * Middleware configuration - runs on all routes (including home) and login page
+ * Middleware configuration
  */
 declare const config: {
-    matcher: readonly ["/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)", "/login"];
+    matcher: readonly ["/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)"];
 };
 
 /**
- * Authentication middleware entry point
+ * Authentication middleware for subdomain-based routing
  * Chain order:
  * 1. MethodFilterHandler - filters HTTP methods (GET/HEAD only)
- * 2. RouteProtectionHandler - identifies protected routes
- * 3. LoginRedirectHandler - redirects authenticated users away from login
- * 4. AuthenticationHandler - validates JWT and handles query parameter cleanup
+ * 2. AuthenticationHandler - validates JWT and adds login params if needed
  */
 declare function middleware(req: NextRequest): Promise<NextResponse>;