mailsentry-auth 0.1.1 → 0.1.4

package/dist/middleware.mjs

@@ -23,13 +23,32 @@ import { NextResponse } from "next/server";
 
 // src/config/middleware.ts
 var MiddlewareConfig = class {
+  /**
+   * Get the base domain from environment or use default
+   */
+  static getBaseDomain() {
+    return process.env.NEXT_PUBLIC_BASE_DOMAIN || "cutly.io";
+  }
+  /**
+   * Get the protocol based on environment
+   */
+  static getProtocol() {
+    return process.env.NODE_ENV === "production" ? "https" : "http";
+  }
+  /**
+   * Get the dashboard subdomain URL
+   */
+  static getDashboardUrl(path = "") {
+    return `${this.getProtocol()}://${this.SUBDOMAINS.DASHBOARD}.${this.getBaseDomain()}${path}`;
+  }
 };
-// Protected routes
-MiddlewareConfig.PROTECTED_ROUTES = {
-  DASHBOARD: "/"
+// Subdomain configuration
+MiddlewareConfig.SUBDOMAINS = {
+  DASHBOARD: "dashboard"
 };
-// Auth routes
-MiddlewareConfig.AUTH_ROUTES = {
+// Routes
+MiddlewareConfig.ROUTES = {
+  ROOT: "/",
   LOGIN: "/login"
 };
 // HTTP methods to process
@@ -37,7 +56,8 @@ MiddlewareConfig.ALLOWED_METHODS = ["GET", "HEAD"];
 // Query parameters
 MiddlewareConfig.QUERY_PARAMS = {
   LOGIN_REQUIRED: "sign_in_required",
-  AUTH_CHECKED: "auth_checked"
+  AUTH_CHECKED: "auth_checked",
+  REDIRECT_URL: "redirect_url"
 };
 // Query parameter values
 MiddlewareConfig.QUERY_VALUES = {
@@ -45,8 +65,7 @@ MiddlewareConfig.QUERY_VALUES = {
   AUTH_CHECKED: "1"
 };
 var middlewareMatcher = [
-  "/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)",
-  "/login"
+  "/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)"
 ];
 var config = {
   matcher: middlewareMatcher
@@ -67,12 +86,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -86,13 +111,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -182,18 +209,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    Cookies.remove(this.getAccessTokenKey(), removeOptions);
-    Cookies.remove(this.getRefreshTokenKey(), removeOptions);
+    Cookies.remove(accessKey, rootDomainOptions);
+    Cookies.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    Cookies.remove(accessKey, currentDomainOptions);
+    Cookies.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -260,18 +295,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 
@@ -356,6 +394,33 @@ LocalStorageUtils.USER_PROFILE_STORAGE_KEY = "user_profile_data";
 LocalStorageUtils.USER_PROFILE_TIMESTAMP_KEY = "user_profile_timestamp";
 LocalStorageUtils.DEFAULT_CACHE_DURATION = 5 * 60 * 1e3;
 
+// src/services/utils/url-utils.ts
+var UrlUtils = class {
+  /**
+   * Extract subdomain from hostname or URL
+   * Example: "dashboard.cutly.io" -> "dashboard"
+   * Example: "dashboard.localhost" -> "dashboard"
+   */
+  static getSubdomain(url) {
+    try {
+      const domain = new URL(`http://${url}`).hostname;
+      const parts = domain.split(".");
+      if (parts.length < 2 || domain === "localhost" || /^\d{1,3}(\.\d{1,3}){3}/.test(domain) || domain.startsWith(MiddlewareConfig.getBaseDomain())) {
+        return null;
+      }
+      return parts[0] || null;
+    } catch (e) {
+      return null;
+    }
+  }
+  /**
+   * Check if URL has auth-related query parameters
+   */
+  static hasAuthParams(url) {
+    return url.includes(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
+  }
+};
+
 // src/services/api/endpoints.ts
 var AUTH_ENDPOINTS = {
   // Email existence check
@@ -567,6 +632,12 @@ AuthenticationStatusContext.states = /* @__PURE__ */ new Map([
 
 // src/middlewares/handlers/base-middleware-handler.ts
 var BaseMiddlewareHandler = class {
+  /**
+   * Check if current request is on dashboard subdomain
+   */
+  isDashboardSubdomain(hostname) {
+    return UrlUtils.getSubdomain(hostname) === MiddlewareConfig.SUBDOMAINS.DASHBOARD;
+  }
   /**
    * Check if user has both access and refresh tokens
    */
@@ -575,7 +646,7 @@ var BaseMiddlewareHandler = class {
     return cookies.has(accessTokenKey) && cookies.has(refreshTokenKey);
   }
   /**
-   * Get authentication cookie keys from environment variables with fallbacks
+   * Get authentication cookie keys from environment variables
    */
   getAuthCookieKeys() {
     return {
@@ -584,49 +655,21 @@ var BaseMiddlewareHandler = class {
     };
   }
   /**
-   * Create a redirect response to the dashboard
+   * Add login modal parameters to current URL
+   * Redirects to same page with sign_in_required parameter to trigger modal
    */
-  redirectToDashboard(context) {
-    const dashboardUrl = new URL(MiddlewareConfig.PROTECTED_ROUTES.DASHBOARD, context.request.url);
-    return NextResponse.redirect(dashboardUrl);
-  }
-  /**
-   * Create a redirect response to login with authentication parameters
-   * Includes loop prevention - won't redirect if already has auth_checked parameter
-   */
-  redirectToLoginWithParams(context) {
-    const loginUrl = new URL(MiddlewareConfig.AUTH_ROUTES.LOGIN, context.request.url);
-    if (context.searchParams.get(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED) === MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED) {
+  addLoginModalParams(context) {
+    if (this.hasAuthCheckedParam(context.searchParams)) {
       return NextResponse.next();
     }
-    loginUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED, MiddlewareConfig.QUERY_VALUES.LOGIN_REQUIRED);
-    loginUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED, MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED);
-    return NextResponse.redirect(loginUrl);
-  }
-  /**
-   * Create a redirect response with custom URL and auth parameters
-   * Includes loop prevention - won't redirect if target already has auth_checked parameter
-   */
-  redirectWithAuthParams(targetUrl) {
-    const url = new URL(targetUrl.toString());
-    if (url.searchParams.get(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED) === MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED) {
-      return NextResponse.next();
-    }
-    url.searchParams.set(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED, MiddlewareConfig.QUERY_VALUES.LOGIN_REQUIRED);
-    url.searchParams.set(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED, MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED);
-    return NextResponse.redirect(url);
-  }
-  /**
-   * Check if the current path is a dashboard route
-   */
-  isDashboardRoute(pathname) {
-    return pathname.startsWith(MiddlewareConfig.PROTECTED_ROUTES.DASHBOARD);
-  }
-  /**
-   * Check if the current path is the login page
-   */
-  isLoginRoute(pathname) {
-    return pathname === MiddlewareConfig.AUTH_ROUTES.LOGIN;
+    const currentUrl = new URL(context.request.url);
+    currentUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED);
+    currentUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
+    currentUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.REDIRECT_URL);
+    currentUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED, MiddlewareConfig.QUERY_VALUES.LOGIN_REQUIRED);
+    currentUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED, MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED);
+    currentUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.REDIRECT_URL, context.pathname);
+    return NextResponse.redirect(currentUrl);
   }
   /**
    * Check if request method is allowed
@@ -653,24 +696,25 @@ var BaseMiddlewareHandler = class {
     return NextResponse.next();
   }
   /**
-   * Create a redirect response with cleaned URL (removes auth-related query parameters)
+   * Remove auth-related query parameters and redirect to clean URL
    */
-  redirectWithCleanUrl(context) {
+  removeAuthParams(context) {
     const cleanUrl = new URL(context.nextUrl.toString());
     cleanUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED);
     cleanUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
-    return NextResponse.redirect(cleanUrl);
+    cleanUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.REDIRECT_URL);
+    return NextResponse.redirect(cleanUrl, { status: 302 });
   }
   /**
    * Check if URL has auth-related query parameters that need cleanup
    */
   hasAuthQueryParams(searchParams) {
-    return searchParams.has(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED) || searchParams.has(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
+    return searchParams.has(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED) || searchParams.has(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED) || searchParams.has(MiddlewareConfig.QUERY_PARAMS.REDIRECT_URL);
   }
   /**
-   * Make an authenticated GET API call to getUserProfile endpoint
+   * Validate user authentication by calling getUserProfile API
    */
-  async makeAuthenticatedApiCall(cookies) {
+  async validateUserAuth(cookies) {
     var _a;
     const { accessTokenKey } = this.getAuthCookieKeys();
     const accessToken = (_a = cookies.get(accessTokenKey)) == null ? void 0 : _a.value;
@@ -705,63 +749,34 @@ var MethodFilterHandler = class extends BaseMiddlewareHandler {
   }
 };
 
-// src/middlewares/handlers/route-protection-handler.ts
-var RouteProtectionHandler = class extends BaseMiddlewareHandler {
-  handle(context) {
-    const { pathname } = context;
-    if (!this.isDashboardRoute(pathname)) {
-      return this.continue();
-    }
-    return this.continue();
-  }
-};
-
 // src/middlewares/handlers/authentication-handler.ts
 var AuthenticationHandler = class extends BaseMiddlewareHandler {
   async handle(context) {
-    const { cookies, nextUrl, pathname } = context;
+    const { cookies, hostname } = context;
+    if (!this.isDashboardSubdomain(hostname)) {
+      return this.continue();
+    }
     const hasAuthCookies = this.hasAuthenticationCookies(cookies);
     if (!hasAuthCookies) {
-      if (this.isDashboardRoute(pathname)) {
-        return this.redirectWithAuthParams(nextUrl);
-      }
-      return this.continue();
+      return this.addLoginModalParams(context);
     }
     try {
-      const response = await this.makeAuthenticatedApiCall(cookies);
+      const response = await this.validateUserAuth(cookies);
       if (!response.ok) {
         throw new Error(`HTTP ${response.status}: ${response.statusText}`);
       }
       await response.json();
       if (this.hasAuthQueryParams(context.searchParams)) {
-        return this.redirectWithCleanUrl(context);
+        return this.removeAuthParams(context);
       }
       return this.allow();
     } catch (error) {
       console.log("JWT validation failed:", error instanceof Error ? error.message : "Unknown error");
-      if (this.isDashboardRoute(pathname)) {
-        return this.redirectWithAuthParams(nextUrl);
-      }
-      return this.continue();
+      return this.addLoginModalParams(context);
     }
   }
 };
 
-// src/middlewares/handlers/login-redirect-handler.ts
-var LoginRedirectHandler = class extends BaseMiddlewareHandler {
-  handle(context) {
-    const { pathname, cookies } = context;
-    if (!this.isLoginRoute(pathname)) {
-      return this.continue();
-    }
-    const isAuthenticated = this.hasAuthenticationCookies(cookies);
-    if (isAuthenticated) {
-      return this.redirectToDashboard(context);
-    }
-    return this.continue();
-  }
-};
-
 // src/middlewares/handlers/middleware-chain.ts
 import { NextResponse as NextResponse2 } from "next/server";
 var MiddlewareChain = class {
@@ -785,15 +800,17 @@ var MiddlewareChain = class {
 
 // src/middleware.ts
 async function middleware(req) {
+  const hostname = req.headers.get("host") || req.nextUrl.hostname;
   const context = {
     request: req,
     method: req.method,
     pathname: req.nextUrl.pathname,
     searchParams: req.nextUrl.searchParams,
     cookies: req.cookies,
-    nextUrl: req.nextUrl
+    nextUrl: req.nextUrl,
+    hostname
   };
-  const chain = new MiddlewareChain().addHandler(new MethodFilterHandler()).addHandler(new RouteProtectionHandler()).addHandler(new LoginRedirectHandler()).addHandler(new AuthenticationHandler());
+  const chain = new MiddlewareChain().addHandler(new MethodFilterHandler()).addHandler(new AuthenticationHandler());
   return await chain.process(context);
 }
 export {

package/dist/utils/cookie-utils.js

@@ -13,12 +13,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -32,13 +38,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -128,18 +136,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    _jscookie2.default.remove(this.getAccessTokenKey(), removeOptions);
-    _jscookie2.default.remove(this.getRefreshTokenKey(), removeOptions);
+    _jscookie2.default.remove(accessKey, rootDomainOptions);
+    _jscookie2.default.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    _jscookie2.default.remove(accessKey, currentDomainOptions);
+    _jscookie2.default.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -206,18 +222,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 

package/dist/utils/cookie-utils.mjs

@@ -13,12 +13,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -32,13 +38,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -128,18 +136,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    Cookies.remove(this.getAccessTokenKey(), removeOptions);
-    Cookies.remove(this.getRefreshTokenKey(), removeOptions);
+    Cookies.remove(accessKey, rootDomainOptions);
+    Cookies.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    Cookies.remove(accessKey, currentDomainOptions);
+    Cookies.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -206,18 +222,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 export {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mailsentry-auth",
-  "version": "0.1.1",
+  "version": "0.1.4",
   "description": "Next.js 15 authentication package with multi-step auth flow, cross-tab sync, and Zustand state management",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -38,21 +38,6 @@
     "README.md",
     "ZUSTAND_MIGRATION.md"
   ],
-  "scripts": {
-    "dev": "next dev --turbopack",
-    "build": "next build",
-    "build:package": "tsup",
-    "build:package:watch": "tsup --watch",
-    "build:link": "npm run build:package && npm link",
-    "link:sample": "cd ../nextjs-sample && npm link mailsentry-auth",
-    "build:link:sample": "npm run build:link && npm run link:sample",
-    "link:cutly": "cd ../cutly && pnpm link ../auth-nextjs",
-    "build:link:cutly": "pnpm run build:package && pnpm run link:cutly",
-    "start": "next start",
-    "lint": "next lint",
-    "format": "prettier --write \"src/**/*.{ts,tsx,js,jsx,json,css,scss}\"",
-    "prepublishOnly": "npm run build:package"
-  },
   "peerDependencies": {
     "next": ">=15.0.0",
     "react": ">=18.0.0 || >=19.0.0",
@@ -99,5 +84,22 @@
     "url": "https://github.com/danielaei/mailsentry-auth.git"
   },
   "author": "danielaei",
-  "license": "MIT"
-}
+  "license": "MIT",
+  "scripts": {
+    "dev": "next dev --turbopack",
+    "build": "next build",
+    "build:package": "tsup",
+    "build:package:watch": "tsup --watch",
+    "build:link": "npm run build:package && npm link",
+    "link:sample": "cd ../nextjs-sample && npm link mailsentry-auth",
+    "build:link:sample": "npm run build:link && npm run link:sample",
+    "link:cutly": "cd ../cutly && pnpm link ../auth-nextjs",
+    "build:link:cutly": "pnpm run build:package && pnpm run link:cutly",
+    "start": "next start",
+    "lint": "next lint",
+    "format": "prettier --write \"src/**/*.{ts,tsx,js,jsx,json,css,scss}\"",
+    "publish:patch": "bash scripts/publish-package.sh patch",
+    "publish:minor": "bash scripts/publish-package.sh minor",
+    "publish:major": "bash scripts/publish-package.sh major"
+  }
+}