mailsentry-auth 0.1.3 → 0.1.4

package/dist/index.d.mts

@@ -686,11 +686,12 @@ declare class CookieUtils {
      * Get the refresh token cookie key from environment variables
      */
     static getRefreshTokenKey(): string;
-    private static readonly COOKIE_DOMAIN;
     /**
      * Get root domain for subdomain support
+     * Must match the domain used by backend when setting cookies
      */
     private static getRootDomain;
+    private static readonly COOKIE_DOMAIN;
     /**
      * Get common cookie options
      */
@@ -732,6 +733,7 @@ declare class CookieUtils {
     }>;
     /**
      * Clear all authentication cookies (client-side only)
+     * Clears cookies from both current domain and root domain
      */
     static clearAuthCookies(): void;
     /**

package/dist/index.d.ts

@@ -686,11 +686,12 @@ declare class CookieUtils {
      * Get the refresh token cookie key from environment variables
      */
     static getRefreshTokenKey(): string;
-    private static readonly COOKIE_DOMAIN;
     /**
      * Get root domain for subdomain support
+     * Must match the domain used by backend when setting cookies
      */
     private static getRootDomain;
+    private static readonly COOKIE_DOMAIN;
     /**
      * Get common cookie options
      */
@@ -732,6 +733,7 @@ declare class CookieUtils {
     }>;
     /**
      * Clear all authentication cookies (client-side only)
+     * Clears cookies from both current domain and root domain
      */
     static clearAuthCookies(): void;
     /**

package/dist/index.js

@@ -420,12 +420,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -439,13 +445,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -535,18 +543,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    api.remove(this.getAccessTokenKey(), removeOptions);
-    api.remove(this.getRefreshTokenKey(), removeOptions);
+    api.remove(accessKey, rootDomainOptions);
+    api.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    api.remove(accessKey, currentDomainOptions);
+    api.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -613,18 +629,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 

package/dist/index.mjs

@@ -420,12 +420,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -439,13 +445,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -535,18 +543,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    api.remove(this.getAccessTokenKey(), removeOptions);
-    api.remove(this.getRefreshTokenKey(), removeOptions);
+    api.remove(accessKey, rootDomainOptions);
+    api.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    api.remove(accessKey, currentDomainOptions);
+    api.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -613,18 +629,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 

package/dist/middleware.mjs

@@ -86,12 +86,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -105,13 +111,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -201,18 +209,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    Cookies.remove(this.getAccessTokenKey(), removeOptions);
-    Cookies.remove(this.getRefreshTokenKey(), removeOptions);
+    Cookies.remove(accessKey, rootDomainOptions);
+    Cookies.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    Cookies.remove(accessKey, currentDomainOptions);
+    Cookies.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -279,18 +295,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 
@@ -644,6 +663,9 @@ var BaseMiddlewareHandler = class {
       return NextResponse.next();
     }
     const currentUrl = new URL(context.request.url);
+    currentUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED);
+    currentUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
+    currentUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.REDIRECT_URL);
     currentUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED, MiddlewareConfig.QUERY_VALUES.LOGIN_REQUIRED);
     currentUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED, MiddlewareConfig.QUERY_VALUES.AUTH_CHECKED);
     currentUrl.searchParams.set(MiddlewareConfig.QUERY_PARAMS.REDIRECT_URL, context.pathname);
@@ -681,7 +703,7 @@ var BaseMiddlewareHandler = class {
     cleanUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.LOGIN_REQUIRED);
     cleanUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
     cleanUrl.searchParams.delete(MiddlewareConfig.QUERY_PARAMS.REDIRECT_URL);
-    return NextResponse.redirect(cleanUrl);
+    return NextResponse.redirect(cleanUrl, { status: 302 });
   }
   /**
    * Check if URL has auth-related query parameters that need cleanup
@@ -734,7 +756,8 @@ var AuthenticationHandler = class extends BaseMiddlewareHandler {
     if (!this.isDashboardSubdomain(hostname)) {
       return this.continue();
     }
-    if (!this.hasAuthenticationCookies(cookies)) {
+    const hasAuthCookies = this.hasAuthenticationCookies(cookies);
+    if (!hasAuthCookies) {
       return this.addLoginModalParams(context);
     }
     try {

package/dist/utils/cookie-utils.js

@@ -13,12 +13,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -32,13 +38,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -128,18 +136,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    _jscookie2.default.remove(this.getAccessTokenKey(), removeOptions);
-    _jscookie2.default.remove(this.getRefreshTokenKey(), removeOptions);
+    _jscookie2.default.remove(accessKey, rootDomainOptions);
+    _jscookie2.default.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    _jscookie2.default.remove(accessKey, currentDomainOptions);
+    _jscookie2.default.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -206,18 +222,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 

package/dist/utils/cookie-utils.mjs

@@ -13,12 +13,18 @@ var _CookieUtils = class _CookieUtils {
   static getRefreshTokenKey() {
     return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
   }
-  // Use current domain in development
   /**
    * Get root domain for subdomain support
+   * Must match the domain used by backend when setting cookies
    */
   static getRootDomain() {
-    if (typeof window === "undefined") return void 0;
+    if (typeof window === "undefined") {
+      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
+      if (baseDomain && process.env.NODE_ENV === "production") {
+        return `.${baseDomain}`;
+      }
+      return void 0;
+    }
     const hostname = window.location.hostname;
     if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
@@ -32,13 +38,15 @@ var _CookieUtils = class _CookieUtils {
     }
     return void 0;
   }
+  // Use current domain in development
   /**
    * Get common cookie options
    */
   static getCookieOptions() {
     return {
       path: "/",
-      sameSite: "strict",
+      sameSite: "lax",
+      // Changed from 'strict' to 'lax' for cross-subdomain
       secure: process.env.NODE_ENV === "production",
       // Only secure in production
       domain: this.COOKIE_DOMAIN
@@ -128,18 +136,26 @@ var _CookieUtils = class _CookieUtils {
   }
   /**
    * Clear all authentication cookies (client-side only)
+   * Clears cookies from both current domain and root domain
    */
   static clearAuthCookies() {
     if (this.isServerSide()) {
       console.warn("clearAuthCookies called on server side - use server actions instead");
       return;
     }
-    const removeOptions = {
+    const accessKey = this.getAccessTokenKey();
+    const refreshKey = this.getRefreshTokenKey();
+    const rootDomainOptions = {
       path: "/",
       domain: this.COOKIE_DOMAIN
     };
-    Cookies.remove(this.getAccessTokenKey(), removeOptions);
-    Cookies.remove(this.getRefreshTokenKey(), removeOptions);
+    Cookies.remove(accessKey, rootDomainOptions);
+    Cookies.remove(refreshKey, rootDomainOptions);
+    const currentDomainOptions = {
+      path: "/"
+    };
+    Cookies.remove(accessKey, currentDomainOptions);
+    Cookies.remove(refreshKey, currentDomainOptions);
   }
   /**
    * Check if cookies are supported/enabled (client-side only)
@@ -206,18 +222,21 @@ var _CookieUtils = class _CookieUtils {
       return {
         error: "Server-side rendering - no domain info available",
         environment: process.env.NODE_ENV || "unknown",
+        cookieDomain: this.COOKIE_DOMAIN || "undefined",
+        baseDomain: process.env.NEXT_PUBLIC_BASE_DOMAIN || "undefined",
         recommendation: "Use server actions for server-side cookie access"
       };
     }
     return {
       hostname: window.location.hostname,
-      domain: this.COOKIE_DOMAIN || "current domain",
+      cookieDomain: this.COOKIE_DOMAIN || "current domain",
       environment: process.env.NODE_ENV || "unknown",
-      protocol: window.location.protocol
+      protocol: window.location.protocol,
+      sameSite: "lax"
     };
   }
 };
-// Domain configuration
+// Domain configuration - computed once
 _CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
 var CookieUtils = _CookieUtils;
 export {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mailsentry-auth",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "Next.js 15 authentication package with multi-step auth flow, cross-tab sync, and Zustand state management",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -38,21 +38,6 @@
     "README.md",
     "ZUSTAND_MIGRATION.md"
   ],
-  "scripts": {
-    "dev": "next dev --turbopack",
-    "build": "next build",
-    "build:package": "tsup",
-    "build:package:watch": "tsup --watch",
-    "build:link": "npm run build:package && npm link",
-    "link:sample": "cd ../nextjs-sample && npm link mailsentry-auth",
-    "build:link:sample": "npm run build:link && npm run link:sample",
-    "link:cutly": "cd ../cutly && pnpm link ../auth-nextjs",
-    "build:link:cutly": "pnpm run build:package && pnpm run link:cutly",
-    "start": "next start",
-    "lint": "next lint",
-    "format": "prettier --write \"src/**/*.{ts,tsx,js,jsx,json,css,scss}\"",
-    "prepublishOnly": "npm run build:package"
-  },
   "peerDependencies": {
     "next": ">=15.0.0",
     "react": ">=18.0.0 || >=19.0.0",
@@ -99,5 +84,22 @@
     "url": "https://github.com/danielaei/mailsentry-auth.git"
   },
   "author": "danielaei",
-  "license": "MIT"
-}
+  "license": "MIT",
+  "scripts": {
+    "dev": "next dev --turbopack",
+    "build": "next build",
+    "build:package": "tsup",
+    "build:package:watch": "tsup --watch",
+    "build:link": "npm run build:package && npm link",
+    "link:sample": "cd ../nextjs-sample && npm link mailsentry-auth",
+    "build:link:sample": "npm run build:link && npm run link:sample",
+    "link:cutly": "cd ../cutly && pnpm link ../auth-nextjs",
+    "build:link:cutly": "pnpm run build:package && pnpm run link:cutly",
+    "start": "next start",
+    "lint": "next lint",
+    "format": "prettier --write \"src/**/*.{ts,tsx,js,jsx,json,css,scss}\"",
+    "publish:patch": "bash scripts/publish-package.sh patch",
+    "publish:minor": "bash scripts/publish-package.sh minor",
+    "publish:major": "bash scripts/publish-package.sh major"
+  }
+}