mailsentry-auth 0.1.5 → 0.1.7

package/dist/middleware.mjs

@@ -1,33 +1,13 @@
-var __defProp = Object.defineProperty;
-var __defProps = Object.defineProperties;
-var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
-var __getOwnPropSymbols = Object.getOwnPropertySymbols;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __propIsEnum = Object.prototype.propertyIsEnumerable;
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __spreadValues = (a, b) => {
-  for (var prop in b || (b = {}))
-    if (__hasOwnProp.call(b, prop))
-      __defNormalProp(a, prop, b[prop]);
-  if (__getOwnPropSymbols)
-    for (var prop of __getOwnPropSymbols(b)) {
-      if (__propIsEnum.call(b, prop))
-        __defNormalProp(a, prop, b[prop]);
-    }
-  return a;
-};
-var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
-
-// src/middlewares/handlers/base-middleware-handler.ts
-import { NextResponse } from "next/server";
+import { NextResponse } from 'next/server';
+import Cookies from 'js-cookie';
 
 // src/config/middleware.ts
-var MiddlewareConfig = class {
+var _MiddlewareConfig = class _MiddlewareConfig {
   /**
    * Get the base domain from environment or use default
    */
   static getBaseDomain() {
-    return process.env.NEXT_PUBLIC_BASE_DOMAIN || "cutly.io";
+    return process.env.NEXT_PUBLIC_BASE_DOMAIN;
   }
   /**
    * Get the protocol based on environment
@@ -35,35 +15,44 @@ var MiddlewareConfig = class {
   static getProtocol() {
     return process.env.NODE_ENV === "production" ? "https" : "http";
   }
-  /**
-   * Get the dashboard subdomain URL
-   */
-  static getDashboardUrl(path = "") {
-    return `${this.getProtocol()}://${this.SUBDOMAINS.DASHBOARD}.${this.getBaseDomain()}${path}`;
-  }
 };
-// Subdomain configuration
-MiddlewareConfig.SUBDOMAINS = {
-  DASHBOARD: "dashboard"
+// Common constants
+_MiddlewareConfig.CONSTANTS = {
+  LOGIN_PATH: "/login",
+  DASHBOARD_SUBDOMAIN: "dashboard",
+  PUBLIC_PATH: "/public",
+  PUBLIC_API_PATH: "/api/public"
 };
-// Routes
-MiddlewareConfig.ROUTES = {
-  ROOT: "/",
-  LOGIN: "/login"
+// Route Protection Configuration
+// PATTERNS_TO_PROTECT: Routes that require authentication (whitelist approach recommended for security)
+// PATTERNS_TO_EXCLUDE: Routes to explicitly exclude from protection (e.g., login page, public assets)
+_MiddlewareConfig.PROTECTED_ROUTES = {
+  // Routes that MUST be protected
+  INCLUDE: [
+    "/"
+    // Protect everything by default (since dashboard.cutly.io/ is the root)
+  ],
+  // Routes that should NEVER be protected (public)
+  EXCLUDE: [
+    _MiddlewareConfig.CONSTANTS.LOGIN_PATH,
+    _MiddlewareConfig.CONSTANTS.PUBLIC_PATH,
+    _MiddlewareConfig.CONSTANTS.PUBLIC_API_PATH
+  ]
 };
 // HTTP methods to process
-MiddlewareConfig.ALLOWED_METHODS = ["GET", "HEAD"];
+_MiddlewareConfig.ALLOWED_METHODS = ["GET", "HEAD"];
 // Query parameters
-MiddlewareConfig.QUERY_PARAMS = {
+_MiddlewareConfig.QUERY_PARAMS = {
   LOGIN_REQUIRED: "sign_in_required",
   AUTH_CHECKED: "auth_checked",
   REDIRECT_URL: "redirect_url"
 };
 // Query parameter values
-MiddlewareConfig.QUERY_VALUES = {
+_MiddlewareConfig.QUERY_VALUES = {
   LOGIN_REQUIRED: "true",
   AUTH_CHECKED: "1"
 };
+var MiddlewareConfig = _MiddlewareConfig;
 var middlewareMatcher = [
   "/((?!api|_next/static|_next/image|_next/webpack-hmr|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico|css|js)$).*)"
 ];
@@ -71,20 +60,55 @@ var config = {
   matcher: middlewareMatcher
 };
 
+// src/services/utils/url-utils.ts
+var UrlUtils = class {
+  /**
+   * Extract subdomain from hostname
+   * Example: "dashboard.cutly.io" -> "dashboard"
+   */
+  static getSubdomain(hostname) {
+    if (!hostname || /^\d{1,3}(\.\d{1,3}){3}/.test(hostname) || hostname.startsWith(MiddlewareConfig.getBaseDomain())) {
+      return null;
+    }
+    const parts = hostname.split(".");
+    return parts.length >= 2 ? parts[0] : null;
+  }
+  /**
+   * Get root domain for cookie scope
+   * Example: "dashboard.cutly.io" -> ".cutly.io"
+   * Example: "cutly.io" -> ".cutly.io"
+   */
+  static getRootDomain(hostname) {
+    if (!hostname || /^\d+\.\d+\.\d+\.\d+$/.test(hostname)) {
+      return null;
+    }
+    const parts = hostname.split(".");
+    if (parts.length >= 2) {
+      return `.${parts.slice(-2).join(".")}`;
+    }
+    return null;
+  }
+  /**
+   * Check if URL has auth-related query parameters
+   */
+  static hasAuthParams(url) {
+    return url.includes(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
+  }
+};
+
 // src/services/utils/cookie-utils.ts
-import Cookies from "js-cookie";
 var _CookieUtils = class _CookieUtils {
   /**
-   * Get the access token cookie key from environment variables
+   * Get the access token cookie key
    */
   static getAccessTokenKey() {
-    return process.env.AUTH_ACCESS_TOKEN_KEY || "auth_access_token";
+    return "auth_access_token";
   }
   /**
-   * Get the refresh token cookie key from environment variables
+   * Get the refresh token cookie key
    */
   static getRefreshTokenKey() {
-    return process.env.AUTH_REFRESH_TOKEN_KEY || "auth_refresh_token";
+    return "auth_refresh_token";
   }
   /**
    * Get root domain for subdomain support
@@ -92,26 +116,10 @@ var _CookieUtils = class _CookieUtils {
    */
   static getRootDomain() {
     if (typeof window === "undefined") {
-      const baseDomain = process.env.NEXT_PUBLIC_BASE_DOMAIN;
-      if (baseDomain && process.env.NODE_ENV === "production") {
-        return `.${baseDomain}`;
-      }
-      return void 0;
-    }
-    const hostname = window.location.hostname;
-    if (hostname === "localhost" || hostname === "127.0.0.1") {
       return void 0;
     }
-    if (/^\d+\.\d+\.\d+\.\d+$/.test(hostname)) {
-      return void 0;
-    }
-    const parts = hostname.split(".");
-    if (parts.length >= 2) {
-      return `.${parts.slice(-2).join(".")}`;
-    }
-    return void 0;
+    return UrlUtils.getRootDomain(window.location.hostname) || void 0;
   }
-  // Use current domain in development
   /**
    * Get common cookie options
    */
@@ -143,7 +151,7 @@ var _CookieUtils = class _CookieUtils {
    */
   static async getServerTokens() {
     try {
-      const { getAuthTokens } = await import("mailsentry-auth/server");
+      const { getAuthTokens } = await import('mailsentry-auth/server');
       return await getAuthTokens();
     } catch (error) {
       console.error("Failed to get server tokens:", error);
@@ -310,333 +318,30 @@ var _CookieUtils = class _CookieUtils {
   }
 };
 // Domain configuration - computed once
-_CookieUtils.COOKIE_DOMAIN = process.env.NODE_ENV === "production" ? _CookieUtils.getRootDomain() : void 0;
+_CookieUtils.COOKIE_DOMAIN = _CookieUtils.getRootDomain();
 var CookieUtils = _CookieUtils;
 
-// src/services/utils/localstorage-utils.ts
-var LocalStorageUtils = class {
-  // 5 minutes
-  /**
-   * Check if localStorage is available
-   */
-  static isAvailable() {
-    try {
-      if (typeof window === "undefined") return false;
-      localStorage.setItem("test", "test");
-      localStorage.removeItem("test");
-      return true;
-    } catch (e) {
-      return false;
-    }
-  }
-  /**
-   * Save user profile to localStorage with timestamp
-   */
-  static saveUserProfile(userProfile) {
-    if (!this.isAvailable() || !userProfile) return false;
-    try {
-      localStorage.setItem(this.USER_PROFILE_STORAGE_KEY, JSON.stringify(userProfile));
-      localStorage.setItem(this.USER_PROFILE_TIMESTAMP_KEY, Date.now().toString());
-      return true;
-    } catch (e) {
-      return false;
-    }
-  }
-  /**
-   * Get user profile from localStorage with cache validation
-   */
-  static getUserProfile(cacheDuration = this.DEFAULT_CACHE_DURATION) {
-    if (!this.isAvailable()) return null;
-    try {
-      const userProfileData = localStorage.getItem(this.USER_PROFILE_STORAGE_KEY);
-      const timestamp = localStorage.getItem(this.USER_PROFILE_TIMESTAMP_KEY);
-      if (!userProfileData || !timestamp) return null;
-      const cacheAge = Date.now() - parseInt(timestamp);
-      if (cacheAge >= cacheDuration) {
-        this.clearUserProfile();
-        return null;
-      }
-      return JSON.parse(userProfileData);
-    } catch (e) {
-      this.clearUserProfile();
-      return null;
-    }
-  }
-  /**
-   * Clear user profile data from localStorage
-   */
-  static clearUserProfile() {
-    if (!this.isAvailable()) return false;
-    try {
-      localStorage.removeItem(this.USER_PROFILE_STORAGE_KEY);
-      localStorage.removeItem(this.USER_PROFILE_TIMESTAMP_KEY);
-      return true;
-    } catch (e) {
-      return false;
-    }
-  }
-  /**
-   * Check if cached user profile is still valid
-   */
-  static isCacheValid(cacheDuration = this.DEFAULT_CACHE_DURATION) {
-    if (!this.isAvailable()) return false;
-    try {
-      const timestamp = localStorage.getItem(this.USER_PROFILE_TIMESTAMP_KEY);
-      if (!timestamp) return false;
-      const cacheAge = Date.now() - parseInt(timestamp);
-      return cacheAge < cacheDuration;
-    } catch (e) {
-      return false;
-    }
-  }
-};
-LocalStorageUtils.USER_PROFILE_STORAGE_KEY = "user_profile_data";
-LocalStorageUtils.USER_PROFILE_TIMESTAMP_KEY = "user_profile_timestamp";
-LocalStorageUtils.DEFAULT_CACHE_DURATION = 5 * 60 * 1e3;
-
-// src/services/utils/url-utils.ts
-var UrlUtils = class {
-  /**
-   * Extract subdomain from hostname or URL
-   * Example: "dashboard.cutly.io" -> "dashboard"
-   * Example: "dashboard.localhost" -> "dashboard"
-   */
-  static getSubdomain(url) {
-    try {
-      const domain = new URL(`http://${url}`).hostname;
-      const parts = domain.split(".");
-      if (parts.length < 2 || domain === "localhost" || /^\d{1,3}(\.\d{1,3}){3}/.test(domain) || domain.startsWith(MiddlewareConfig.getBaseDomain())) {
-        return null;
-      }
-      return parts[0] || null;
-    } catch (e) {
-      return null;
-    }
-  }
-  /**
-   * Check if URL has auth-related query parameters
-   */
-  static hasAuthParams(url) {
-    return url.includes(MiddlewareConfig.QUERY_PARAMS.AUTH_CHECKED);
-  }
-};
-
 // src/services/api/endpoints.ts
 var AUTH_ENDPOINTS = {
-  // Email existence check
-  CHECK_EMAIL_EXISTS: (email) => `/auth/user/exist-email/${encodeURIComponent(email)}`,
-  // User authentication
-  LOGIN: "/auth/user/login",
-  VERIFY_EMAIL: "/auth/user/verify",
   // User profile
-  GET_USER_PROFILE: "/auth/user/profile",
-  // User logout
-  LOGOUT: "/auth/logout"
-};
-var EndpointBuilder = class {
-};
-EndpointBuilder.auth = AUTH_ENDPOINTS;
-
-// src/services/auth/patterns/command/auth-result-factory.ts
-var AuthResultFactory = class {
-  /**
-   * Creates a successful authentication result
-   */
-  static createSuccess(message, data) {
-    return {
-      success: true,
-      data,
-      message
-    };
-  }
-  /**
-   * Creates a failed authentication result
-   */
-  static createFailure(message, error) {
-    const errorMessage = error instanceof Error ? error.message : typeof error === "string" ? error : error ? String(error) : "Authentication failed";
-    return {
-      success: false,
-      error: errorMessage,
-      message
-    };
-  }
-};
-
-// src/services/auth/patterns/logger/development-logger.ts
-var DevelopmentLogger = class {
-  log(message, data) {
-    console.log(message, data);
-  }
-  warn(message, data) {
-    console.warn(message, data);
-  }
-  error(message, data) {
-    console.error(message, data);
-  }
-};
-
-// src/services/auth/patterns/logger/production-logger.ts
-var ProductionLogger = class {
-  log(_message, _data) {
-  }
-  warn(_message, _data) {
-  }
-  error(_message, _data) {
-  }
-};
-
-// src/services/auth/patterns/logger/logger-factory.ts
-var LoggerFactory = class {
-  static create(environment) {
-    const env = environment || process.env.NODE_ENV || "development";
-    const loggerFactory = this.loggers.get(env) || this.loggers.get("development");
-    return loggerFactory();
-  }
-};
-LoggerFactory.loggers = /* @__PURE__ */ new Map([
-  ["development", () => new DevelopmentLogger()],
-  ["production", () => new ProductionLogger()],
-  ["test", () => new DevelopmentLogger()]
-]);
-
-// src/services/auth/patterns/strategy/signup-flow-strategy.ts
-var SignupFlowStrategy = class {
-  constructor(authService, tokenManager) {
-    this.authService = authService;
-    this.tokenManager = tokenManager;
-  }
-  async execute(credentials) {
-    const loginResult = await this.authService.login(credentials);
-    if (!loginResult.data.isVerifiedEmail) {
-      return AuthResultFactory.createFailure("Email verification required");
-    }
-    return this.handleSuccessfulAuthentication(loginResult);
-  }
-  async handleSuccessfulAuthentication(loginResult) {
-    if (loginResult.data.accessToken) {
-      this.tokenManager.saveTokens(
-        loginResult.data.accessToken,
-        loginResult.data.refreshToken
-      );
-      LoggerFactory.create("development").log("Tokens saved successfully:", {
-        hasAccessToken: !!loginResult.data.accessToken,
-        hasRefreshToken: !!loginResult.data.refreshToken,
-        domainInfo: this.tokenManager.getDomainInfo()
-      });
-      const profile = await this.authService.getUserProfile();
-      return AuthResultFactory.createSuccess("Login successful", __spreadProps(__spreadValues({}, loginResult.data), {
-        profile: profile.data,
-        tokenInfo: {
-          domain: this.tokenManager.getDomainInfo().domain
-        }
-      }));
-    }
-    return AuthResultFactory.createFailure("Authentication failed - no access token received");
-  }
-};
-
-// src/services/auth/patterns/strategy/existing-user-login-strategy.ts
-var ExistingUserLoginStrategy = class {
-  constructor(authService, tokenManager) {
-    this.authService = authService;
-    this.tokenManager = tokenManager;
-  }
-  async execute(credentials) {
-    const loginResult = await this.authService.login(credentials);
-    return this.handleSuccessfulAuthentication(loginResult);
-  }
-  async handleSuccessfulAuthentication(loginResult) {
-    if (loginResult.data.accessToken) {
-      this.tokenManager.saveTokens(
-        loginResult.data.accessToken,
-        loginResult.data.refreshToken
-      );
-      LoggerFactory.create("development").log("Tokens saved successfully:", {
-        hasAccessToken: !!loginResult.data.accessToken,
-        hasRefreshToken: !!loginResult.data.refreshToken,
-        domainInfo: this.tokenManager.getDomainInfo()
-      });
-      const profile = await this.authService.getUserProfile();
-      return AuthResultFactory.createSuccess("Login successful", __spreadProps(__spreadValues({}, loginResult.data), {
-        profile: profile.data,
-        tokenInfo: {
-          domain: this.tokenManager.getDomainInfo().domain
-        }
-      }));
-    }
-    return AuthResultFactory.createFailure("Authentication failed - no access token received");
-  }
-};
-
-// src/services/auth/patterns/strategy/login-flow-strategy-factory.ts
-var LoginFlowStrategyFactory = class {
-  static createStrategy(action, authService, tokenManager) {
-    const strategyFactory = this.strategies.get(action);
-    if (!strategyFactory) {
-      throw new Error(`No strategy found for action: ${action}`);
-    }
-    return strategyFactory(authService, tokenManager);
-  }
-};
-LoginFlowStrategyFactory.strategies = /* @__PURE__ */ new Map([
-  ["signup" /* SIGNUP */, (authService, tokenManager) => new SignupFlowStrategy(authService, tokenManager)],
-  ["login" /* LOGIN */, (authService, tokenManager) => new ExistingUserLoginStrategy(authService, tokenManager)]
-]);
-
-// src/services/auth/patterns/state/authenticated-state.ts
-var AuthenticatedState = class {
-  async getStatus(tokenManager) {
-    const authStatus = await this.buildAuthStatus(tokenManager, true);
-    return AuthResultFactory.createSuccess("User is authenticated", authStatus);
-  }
-  async buildAuthStatus(tokenManager, isAuthenticated) {
-    return {
-      isAuthenticated,
-      hasAccessToken: !!await tokenManager.getAccessToken(),
-      hasRefreshToken: !!await tokenManager.getRefreshToken(),
-      cookiesSupported: tokenManager.areCookiesSupported(),
-      domainInfo: tokenManager.getDomainInfo()
-    };
-  }
-};
-
-// src/services/auth/patterns/state/unauthenticated-state.ts
-var UnauthenticatedState = class {
-  async getStatus(tokenManager) {
-    const authStatus = await this.buildAuthStatus(tokenManager, false);
-    return AuthResultFactory.createFailure("User is not authenticated", authStatus);
-  }
-  async buildAuthStatus(tokenManager, isAuthenticated) {
-    return {
-      isAuthenticated,
-      hasAccessToken: !!await tokenManager.getAccessToken(),
-      hasRefreshToken: !!await tokenManager.getRefreshToken(),
-      cookiesSupported: tokenManager.areCookiesSupported(),
-      domainInfo: tokenManager.getDomainInfo()
-    };
-  }
-};
-
-// src/services/auth/patterns/state/authentication-status-context.ts
-var AuthenticationStatusContext = class {
-  static async getStatus(tokenManager) {
-    const isAuthenticated = !!await tokenManager.getAccessToken();
-    const state = this.states.get(isAuthenticated) || new UnauthenticatedState();
-    return await state.getStatus(tokenManager);
-  }
-};
-AuthenticationStatusContext.states = /* @__PURE__ */ new Map([
-  [true, new AuthenticatedState()],
-  [false, new UnauthenticatedState()]
-]);
+  GET_USER_PROFILE: "/auth/user/profile"};
 
 // src/middlewares/handlers/base-middleware-handler.ts
 var BaseMiddlewareHandler = class {
   /**
-   * Check if current request is on dashboard subdomain
+   * Check if current route requires authentication
+   * Uses inclusive (PROTECTED_ROUTES.INCLUDE) and exclusive (PROTECTED_ROUTES.EXCLUDE) lists
    */
-  isDashboardSubdomain(hostname) {
-    return UrlUtils.getSubdomain(hostname) === MiddlewareConfig.SUBDOMAINS.DASHBOARD;
+  requiresAuthentication(pathname) {
+    const isExcluded = MiddlewareConfig.PROTECTED_ROUTES.EXCLUDE.some(
+      (route) => pathname.startsWith(route) || pathname === route
+    );
+    if (isExcluded) {
+      return false;
+    }
+    return MiddlewareConfig.PROTECTED_ROUTES.INCLUDE.some(
+      (route) => pathname.startsWith(route) || pathname === route
+    );
   }
   /**
    * Check if user has both access and refresh tokens
@@ -647,11 +352,12 @@ var BaseMiddlewareHandler = class {
   }
   /**
    * Get authentication cookie keys from environment variables
+   * Now uses CookieUtils for consistent retrieval
    */
   getAuthCookieKeys() {
     return {
-      accessTokenKey: process.env.AUTH_ACCESS_TOKEN_KEY || "",
-      refreshTokenKey: process.env.AUTH_REFRESH_TOKEN_KEY || ""
+      accessTokenKey: CookieUtils.getAccessTokenKey(),
+      refreshTokenKey: CookieUtils.getRefreshTokenKey()
     };
   }
   /**
@@ -752,8 +458,8 @@ var MethodFilterHandler = class extends BaseMiddlewareHandler {
 // src/middlewares/handlers/authentication-handler.ts
 var AuthenticationHandler = class extends BaseMiddlewareHandler {
   async handle(context) {
-    const { cookies, hostname } = context;
-    if (!this.isDashboardSubdomain(hostname)) {
+    const { cookies, pathname } = context;
+    if (!this.requiresAuthentication(pathname)) {
       return this.continue();
     }
     const hasAuthCookies = this.hasAuthenticationCookies(cookies);
@@ -772,13 +478,10 @@ var AuthenticationHandler = class extends BaseMiddlewareHandler {
       return this.allow();
     } catch (error) {
       console.log("JWT validation failed:", error instanceof Error ? error.message : "Unknown error");
-      return this.continue();
+      return this.addLoginModalParams(context);
     }
   }
 };
-
-// src/middlewares/handlers/middleware-chain.ts
-import { NextResponse as NextResponse2 } from "next/server";
 var MiddlewareChain = class {
   constructor() {
     this.handlers = [];
@@ -794,7 +497,7 @@ var MiddlewareChain = class {
         return result;
       }
     }
-    return NextResponse2.next();
+    return NextResponse.next();
   }
 };
 
@@ -813,8 +516,5 @@ async function middleware(req) {
   const chain = new MiddlewareChain().addHandler(new MethodFilterHandler()).addHandler(new AuthenticationHandler());
   return await chain.process(context);
 }
-export {
-  config,
-  middleware,
-  middlewareMatcher
-};
+
+export { config, middleware, middlewareMatcher };

package/dist/utils/cookie-utils.d.mts

@@ -0,0 +1,86 @@
+/**
+ * Cookie utility for managing authentication tokens with automatic SSR and client-side support
+ * Automatically chooses the right method based on environment
+ */
+declare class CookieUtils {
+    /**
+     * Get the access token cookie key
+     */
+    static getAccessTokenKey(): string;
+    /**
+     * Get the refresh token cookie key
+     */
+    static getRefreshTokenKey(): string;
+    /**
+     * Get root domain for subdomain support
+     * Must match the domain used by backend when setting cookies
+     */
+    private static getRootDomain;
+    private static readonly COOKIE_DOMAIN;
+    /**
+     * Get common cookie options
+     */
+    private static getCookieOptions;
+    /**
+     * Check if running on client side
+     */
+    private static isClientSide;
+    /**
+     * Check if running on server side
+     */
+    private static isServerSide;
+    /**
+     * Dynamically import server action for server-side operations
+     */
+    private static getServerTokens;
+    /**
+     * Set access token in cookie (client-side only)
+     */
+    static setAccessToken(token: string): void;
+    /**
+     * Set refresh token in cookie (client-side only)
+     */
+    static setRefreshToken(token: string): void;
+    /**
+     * Get access token - automatically handles client/server side
+     */
+    static getAccessToken(): Promise<string | null>;
+    /**
+     * Get refresh token - automatically handles client/server side
+     */
+    static getRefreshToken(): Promise<string | null>;
+    /**
+     * Get both tokens - automatically handles client/server side
+     */
+    static getTokens(): Promise<{
+        accessToken: string | null;
+        refreshToken: string | null;
+    }>;
+    /**
+     * Clear all authentication cookies (client-side only)
+     * Clears cookies from both current domain and root domain
+     */
+    static clearAuthCookies(): void;
+    /**
+     * Check if cookies are supported/enabled (client-side only)
+     */
+    static areCookiesEnabled(): boolean;
+    /**
+     * Get all authentication cookies - automatically handles client/server side
+     */
+    static getAllAuthCookies(): Promise<Record<string, string>>;
+    /**
+     * Set multiple tokens at once (client-side only)
+     */
+    static setTokens(accessToken: string, refreshToken: string): void;
+    /**
+     * Check if user has valid tokens - automatically handles client/server side
+     */
+    static hasValidTokens(): Promise<boolean>;
+    /**
+     * Get current domain information for debugging
+     */
+    static getDomainInfo(): Record<string, string>;
+}
+
+export { CookieUtils };