mulguard 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/LICENSE +70 -0
  2. package/README.md +797 -123
  3. package/dist/client/index.js +1 -1
  4. package/dist/client/index.mjs +24 -25
  5. package/dist/core/auth/signin-unified.d.ts +1 -1
  6. package/dist/index/index.js +1 -1
  7. package/dist/index/index.mjs +824 -728
  8. package/dist/mulguard.d.ts +32 -5
  9. package/package.json +1 -1
  10. package/dist/signin-unified-BS2gxaG1.mjs +0 -30
  11. package/dist/signin-unified-Cw41EFkc.js +0 -1
package/dist/index/index.mjs CHANGED
@@ -1,39 +1,38 @@
1
- var B = Object.defineProperty;
2
- var H = (r, e, n) => e in r ? B(r, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : r[e] = n;
3
- var C = (r, e, n) => H(r, typeof e != "symbol" ? e + "" : e, n);
4
- import { A as E, e as q, c as K, g as X, d as Y } from "../actions-DeCfLtHA.mjs";
5
- import { a as Je, s as Qe, b as Ze, v as er } from "../actions-DeCfLtHA.mjs";
6
- import { s as tr } from "../signin-unified-BS2gxaG1.mjs";
7
- import { v as F } from "../oauth-state-LE-qeq-K.mjs";
8
- import { c as nr, p as or, k as ir, n as ar, m as cr, j as lr, l as ur, e as fr, g as dr, b as hr, i as gr, a as wr, o as pr, f as mr, h as yr, r as Er, d as kr, s as vr } from "../oauth-state-LE-qeq-K.mjs";
9
- import { NextResponse as u } from "next/server";
10
- const x = typeof globalThis == "object" && "crypto" in globalThis ? globalThis.crypto : void 0;
1
+ var H = Object.defineProperty;
2
+ var K = (r, e, s) => e in r ? H(r, e, { enumerable: !0, configurable: !0, writable: !0, value: s }) : r[e] = s;
3
+ var F = (r, e, s) => K(r, typeof e != "symbol" ? e + "" : e, s);
4
+ import { A as y, e as X, c as Y, g as G, d as J } from "../actions-DeCfLtHA.mjs";
5
+ import { a as Qe, s as Ze, b as er, v as rr } from "../actions-DeCfLtHA.mjs";
6
+ import { v as x } from "../oauth-state-LE-qeq-K.mjs";
7
+ import { c as sr, p as nr, k as or, n as ir, m as ar, j as cr, l as lr, e as ur, g as fr, b as dr, i as gr, a as hr, o as wr, f as pr, h as mr, r as yr, d as Er, s as kr } from "../oauth-state-LE-qeq-K.mjs";
8
+ import { NextResponse as f } from "next/server";
9
+ const j = typeof globalThis == "object" && "crypto" in globalThis ? globalThis.crypto : void 0;
11
10
  /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
12
- function G(r = 32) {
13
- if (x && typeof x.getRandomValues == "function")
14
- return x.getRandomValues(new Uint8Array(r));
15
- if (x && typeof x.randomBytes == "function")
16
- return Uint8Array.from(x.randomBytes(r));
11
+ function Q(r = 32) {
12
+ if (j && typeof j.getRandomValues == "function")
13
+ return j.getRandomValues(new Uint8Array(r));
14
+ if (j && typeof j.randomBytes == "function")
15
+ return Uint8Array.from(j.randomBytes(r));
17
16
  throw new Error("crypto.getRandomValues must be defined");
18
17
  }
19
- class J {
18
+ class Z {
20
19
  constructor(e) {
21
- C(this, "attempts", /* @__PURE__ */ new Map());
22
- C(this, "config");
20
+ F(this, "attempts", /* @__PURE__ */ new Map());
21
+ F(this, "config");
23
22
  this.config = e;
24
23
  }
25
24
  /**
26
25
  * Check if request is allowed
27
26
  */
28
27
  check(e) {
29
- const n = Date.now(), t = this.attempts.get(e);
30
- return !t || t.resetAt < n ? (this.attempts.set(e, {
28
+ const s = Date.now(), t = this.attempts.get(e);
29
+ return !t || t.resetAt < s ? (this.attempts.set(e, {
31
30
  count: 1,
32
- resetAt: n + this.config.windowMs
31
+ resetAt: s + this.config.windowMs
33
32
  }), {
34
33
  allowed: !0,
35
34
  remaining: this.config.maxAttempts - 1,
36
- resetAt: new Date(n + this.config.windowMs)
35
+ resetAt: new Date(s + this.config.windowMs)
37
36
  }) : t.count >= this.config.maxAttempts ? {
38
37
  allowed: !1,
39
38
  remaining: 0,
@@ -57,10 +56,10 @@ class J {
57
56
  this.attempts.clear();
58
57
  }
59
58
  }
60
- function Ee(r) {
61
- return new J(r);
59
+ function ve(r) {
60
+ return new Z(r);
62
61
  }
63
- const Q = {
62
+ const ee = {
64
63
  "X-Content-Type-Options": "nosniff",
65
64
  "X-Frame-Options": "DENY",
66
65
  "X-XSS-Protection": "1; mode=block",
@@ -69,24 +68,24 @@ const Q = {
69
68
  "Referrer-Policy": "strict-origin-when-cross-origin",
70
69
  "Permissions-Policy": "geolocation=(), microphone=(), camera=()"
71
70
  };
72
- function z(r) {
71
+ function q(r) {
73
72
  return {
74
- ...Q,
73
+ ...ee,
75
74
  ...r
76
75
  };
77
76
  }
78
- function ke(r, e) {
79
- const n = z(e);
80
- for (const [t, i] of Object.entries(n))
77
+ function Re(r, e) {
78
+ const s = q(e);
79
+ for (const [t, i] of Object.entries(s))
81
80
  i && r.set(t, i);
82
81
  }
83
- function ve(r) {
82
+ function M(r) {
84
83
  if (!r || typeof r != "string")
85
84
  return { valid: !1, error: "Email is required" };
86
85
  const e = r.trim().toLowerCase();
87
86
  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(e) ? e.length > 254 ? { valid: !1, error: "Email is too long" } : e.includes("..") || e.startsWith(".") || e.endsWith(".") ? { valid: !1, error: "Invalid email format" } : { valid: !0, sanitized: e } : { valid: !1, error: "Invalid email format" };
88
87
  }
89
- function Re(r, e = 8) {
88
+ function Ae(r, e = 8) {
90
89
  if (!r || typeof r != "string")
91
90
  return { valid: !1, error: "Password is required" };
92
91
  if (r.length < e)
@@ -124,7 +123,7 @@ function Se(r) {
124
123
  const e = r.trim();
125
124
  return e.length < 1 ? { valid: !1, error: "Name cannot be empty" } : e.length > 100 ? { valid: !1, error: "Name is too long" } : { valid: !0, sanitized: e.replace(/[<>\"']/g, "") };
126
125
  }
127
- function Ae(r) {
126
+ function Ie(r) {
128
127
  if (!r || typeof r != "string")
129
128
  return { valid: !1, error: "URL is required" };
130
129
  try {
@@ -134,29 +133,29 @@ function Ae(r) {
134
133
  return { valid: !1, error: "Invalid URL format" };
135
134
  }
136
135
  }
137
- function be(r, e = 16) {
136
+ function Oe(r, e = 16) {
138
137
  return !r || typeof r != "string" ? { valid: !1, error: "Token is required" } : r.length < e ? { valid: !1, error: "Token is too short" } : r.length > 512 ? { valid: !1, error: "Token is too long" } : /^[A-Za-z0-9_-]+$/.test(r) ? /(.)\1{10,}/.test(r) ? { valid: !1, error: "Token contains suspicious pattern" } : { valid: !0 } : { valid: !1, error: "Invalid token format" };
139
138
  }
140
- function Oe(r, e) {
141
- const { maxLength: n = 1e3, allowHtml: t = !1, required: i = !0 } = e || {};
139
+ function z(r, e) {
140
+ const { maxLength: s = 1e3, allowHtml: t = !1, required: i = !0 } = e || {};
142
141
  if (i && (!r || typeof r != "string" || r.trim().length === 0))
143
142
  return { valid: !1, error: "Input is required" };
144
143
  if (!r || typeof r != "string")
145
144
  return { valid: !0, sanitized: "" };
146
- let f = r.trim();
147
- return f.length > n ? { valid: !1, error: `Input must be less than ${n} characters` } : (t || (f = f.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#x27;").replace(/\//g, "&#x2F;")), f = f.replace(/[\x00-\x1F\x7F]/g, ""), { valid: !0, sanitized: f });
145
+ let d = r.trim();
146
+ return d.length > s ? { valid: !1, error: `Input must be less than ${s} characters` } : (t || (d = d.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#x27;").replace(/\//g, "&#x2F;")), d = d.replace(/[\x00-\x1F\x7F]/g, ""), { valid: !0, sanitized: d });
148
147
  }
149
- class Z {
148
+ class re {
150
149
  constructor() {
151
- C(this, "tokens", /* @__PURE__ */ new Map());
150
+ F(this, "tokens", /* @__PURE__ */ new Map());
152
151
  }
153
152
  get(e) {
154
- const n = this.tokens.get(e);
155
- return n ? n.expiresAt < Date.now() ? (this.delete(e), null) : n.value : null;
153
+ const s = this.tokens.get(e);
154
+ return s ? s.expiresAt < Date.now() ? (this.delete(e), null) : s.value : null;
156
155
  }
157
- set(e, n, t = 36e5) {
156
+ set(e, s, t = 36e5) {
158
157
  this.tokens.set(e, {
159
- value: n,
158
+ value: s,
160
159
  expiresAt: Date.now() + t
161
160
  });
162
161
  }
@@ -167,27 +166,27 @@ class Z {
167
166
  this.tokens.clear();
168
167
  }
169
168
  }
170
- class ee {
171
- constructor(e, n = 32) {
172
- C(this, "store");
173
- C(this, "tokenLength");
174
- this.store = e || new Z(), this.tokenLength = n;
169
+ class te {
170
+ constructor(e, s = 32) {
171
+ F(this, "store");
172
+ F(this, "tokenLength");
173
+ this.store = e || new re(), this.tokenLength = s;
175
174
  }
176
175
  /**
177
176
  * Generate CSRF token
178
177
  */
179
- generateToken(e, n) {
180
- const t = W(this.tokenLength);
181
- return this.store.set(e, t, n), t;
178
+ generateToken(e, s) {
179
+ const t = B(this.tokenLength);
180
+ return this.store.set(e, t, s), t;
182
181
  }
183
182
  /**
184
183
  * Validate CSRF token
185
184
  */
186
- validateToken(e, n) {
185
+ validateToken(e, s) {
187
186
  const t = this.store.get(e);
188
187
  if (!t)
189
188
  return !1;
190
- const i = se(n, t);
189
+ const i = oe(s, t);
191
190
  return i && this.store.delete(e), i;
192
191
  }
193
192
  /**
@@ -203,10 +202,10 @@ class ee {
203
202
  this.store.delete(e);
204
203
  }
205
204
  }
206
- function _e(r) {
207
- return new ee(r);
205
+ function be(r) {
206
+ return new te(r);
208
207
  }
209
- function re(r) {
208
+ function se(r) {
210
209
  if (typeof r != "string")
211
210
  return "";
212
211
  const e = {
@@ -216,13 +215,13 @@ function re(r) {
216
215
  '"': "&quot;",
217
216
  "'": "&#039;"
218
217
  };
219
- return r.replace(/[&<>"']/g, (n) => e[n] || n);
218
+ return r.replace(/[&<>"']/g, (s) => e[s] || s);
220
219
  }
221
- function Ie(r) {
220
+ function Te(r) {
222
221
  return typeof r != "string" ? "" : r.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, "").replace(/on\w+\s*=\s*["'][^"']*["']/gi, "").replace(/javascript:/gi, "");
223
222
  }
224
- function Te(r) {
225
- return typeof r != "string" ? "" : re(r.trim());
223
+ function _e(r) {
224
+ return typeof r != "string" ? "" : se(r.trim());
226
225
  }
227
226
  function Pe(r) {
228
227
  return typeof r != "string" ? !1 : [
@@ -236,85 +235,88 @@ function Pe(r) {
236
235
  /<meta/i,
237
236
  /expression\s*\(/i,
238
237
  /vbscript:/i
239
- ].some((n) => n.test(r));
238
+ ].some((s) => s.test(r));
240
239
  }
241
- function W(r = 32) {
242
- const e = G(r);
240
+ function B(r = 32) {
241
+ const e = Q(r);
243
242
  return Buffer.from(e).toString("base64url");
244
243
  }
245
- function te() {
246
- return W(32);
244
+ function ne() {
245
+ return B(32);
247
246
  }
248
- function se(r, e) {
247
+ function oe(r, e) {
249
248
  if (!r || !e || r.length !== e.length)
250
249
  return !1;
251
- let n = 0;
250
+ let s = 0;
252
251
  for (let t = 0; t < r.length; t++)
253
- n |= r.charCodeAt(t) ^ e.charCodeAt(t);
254
- return n === 0;
252
+ s |= r.charCodeAt(t) ^ e.charCodeAt(t);
253
+ return s === 0;
255
254
  }
256
- function Ue(r) {
255
+ function Ce(r) {
257
256
  return r.trim().replace(/[<>]/g, "");
258
257
  }
259
- function Ce(r) {
258
+ function Ue(r) {
260
259
  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(r);
261
260
  }
262
- function ne(r) {
261
+ function ie(r) {
263
262
  return !r.success && !!r.error;
264
263
  }
265
- function Fe(r) {
266
- return r.requires2FA === !0 || r.errorCode === E.TWO_FA_REQUIRED;
264
+ function Ne(r) {
265
+ return r.requires2FA === !0 || r.errorCode === y.TWO_FA_REQUIRED;
267
266
  }
268
- function Ne(r, e) {
267
+ function Fe(r, e) {
269
268
  return r.error ? r.error : e || "Authentication failed";
270
269
  }
271
270
  function xe(r) {
272
271
  return r.errorCode;
273
272
  }
274
- function je(r) {
273
+ function Le(r) {
275
274
  return r.success === !0 && !!r.user;
276
275
  }
277
- function De(r, e) {
276
+ function je(r, e) {
278
277
  return r.errorCode === e;
279
278
  }
280
- function Le(r) {
281
- if (!ne(r)) return !1;
279
+ function De(r) {
280
+ if (!ie(r)) return !1;
282
281
  const e = [
283
- E.NETWORK_ERROR,
284
- E.RATE_LIMITED,
285
- E.UNKNOWN_ERROR
282
+ y.NETWORK_ERROR,
283
+ y.RATE_LIMITED,
284
+ y.UNKNOWN_ERROR
286
285
  ];
287
286
  return r.errorCode ? e.includes(r.errorCode) : !1;
288
287
  }
289
- function $e(r) {
288
+ function Ve(r) {
290
289
  if (r.error) return r.error;
291
290
  switch (r.errorCode) {
292
- case E.INVALID_CREDENTIALS:
291
+ case y.INVALID_CREDENTIALS:
293
292
  return "Invalid email or password. Please try again.";
294
- case E.ACCOUNT_LOCKED:
293
+ case y.ACCOUNT_LOCKED:
295
294
  return "Your account has been temporarily locked. Please try again later.";
296
- case E.ACCOUNT_INACTIVE:
295
+ case y.ACCOUNT_INACTIVE:
297
296
  return "Your account is inactive. Please contact support.";
298
- case E.TWO_FA_REQUIRED:
297
+ case y.TWO_FA_REQUIRED:
299
298
  return "Two-factor authentication is required. Please enter your code.";
300
- case E.INVALID_TWO_FA_CODE:
299
+ case y.INVALID_TWO_FA_CODE:
301
300
  return "Invalid two-factor authentication code. Please try again.";
302
- case E.SESSION_EXPIRED:
301
+ case y.SESSION_EXPIRED:
303
302
  return "Your session has expired. Please sign in again.";
304
- case E.UNAUTHORIZED:
303
+ case y.UNAUTHORIZED:
305
304
  return "You are not authorized to perform this action.";
306
- case E.NETWORK_ERROR:
305
+ case y.NETWORK_ERROR:
307
306
  return "Network error. Please check your connection and try again.";
308
- case E.VALIDATION_ERROR:
307
+ case y.VALIDATION_ERROR:
309
308
  return "Please check your input and try again.";
310
- case E.RATE_LIMITED:
309
+ case y.RATE_LIMITED:
311
310
  return "Too many attempts. Please try again later.";
312
- case E.UNKNOWN_ERROR:
311
+ case y.UNKNOWN_ERROR:
313
312
  default:
314
313
  return "An unexpected error occurred. Please try again.";
315
314
  }
316
315
  }
317
- const oe = {
316
+ async function $e(r, e, s) {
317
+ return r.signIn(e, s);
318
+ }
319
+ const ae = {
318
320
  google: {
319
321
  authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
320
322
  tokenUrl: "https://oauth2.googleapis.com/token",
@@ -345,62 +347,62 @@ const oe = {
345
347
  }
346
348
  };
347
349
  function $(r) {
348
- return oe[r] || null;
350
+ return ae[r] || null;
349
351
  }
350
- function ie(r, e, n, t) {
352
+ function ce(r, e, s, t) {
351
353
  const i = $(r);
352
354
  if (!i)
353
355
  throw new Error(`Unknown OAuth provider: ${r}`);
354
- const f = e.redirectUri || `${n}/api/auth/callback/${r}`, l = e.scopes || i.defaultScopes, a = new URLSearchParams({
356
+ const d = e.redirectUri || `${s}/api/auth/callback/${r}`, c = e.scopes || i.defaultScopes, a = new URLSearchParams({
355
357
  client_id: e.clientId,
356
- redirect_uri: f,
358
+ redirect_uri: d,
357
359
  response_type: "code",
358
- scope: l.join(" "),
360
+ scope: c.join(" "),
359
361
  state: t,
360
362
  ...i.defaultParams,
361
363
  ...e.params
362
364
  });
363
365
  return `${i.authorizationUrl}?${a.toString()}`;
364
366
  }
365
- async function ae(r, e, n, t) {
367
+ async function le(r, e, s, t) {
366
368
  const i = $(r);
367
369
  if (!i)
368
370
  throw new Error(`Unknown OAuth provider: ${r}`);
369
- const f = new URLSearchParams({
371
+ const d = new URLSearchParams({
370
372
  client_id: e.clientId,
371
- code: n,
373
+ code: s,
372
374
  redirect_uri: t,
373
375
  grant_type: "authorization_code"
374
376
  });
375
- e.clientSecret && f.append("client_secret", e.clientSecret);
376
- const l = await fetch(i.tokenUrl, {
377
+ e.clientSecret && d.append("client_secret", e.clientSecret);
378
+ const c = await fetch(i.tokenUrl, {
377
379
  method: "POST",
378
380
  headers: {
379
381
  "Content-Type": "application/x-www-form-urlencoded",
380
382
  Accept: "application/json"
381
383
  },
382
- body: f.toString()
384
+ body: d.toString()
383
385
  });
384
- if (!l.ok) {
385
- const a = await l.text();
386
+ if (!c.ok) {
387
+ const a = await c.text();
386
388
  throw new Error(`Failed to exchange code for tokens: ${a}`);
387
389
  }
388
- return await l.json();
390
+ return await c.json();
389
391
  }
390
- async function ce(r, e) {
391
- var f, l, a, h;
392
- const n = $(r);
393
- if (!n)
392
+ async function ue(r, e) {
393
+ var d, c, a, p;
394
+ const s = $(r);
395
+ if (!s)
394
396
  throw new Error(`Unknown OAuth provider: ${r}`);
395
- const t = await fetch(n.userInfoUrl, {
397
+ const t = await fetch(s.userInfoUrl, {
396
398
  headers: {
397
399
  Authorization: `Bearer ${e}`,
398
400
  Accept: "application/json"
399
401
  }
400
402
  });
401
403
  if (!t.ok) {
402
- const m = await t.text();
403
- throw new Error(`Failed to fetch user info: ${m}`);
404
+ const v = await t.text();
405
+ throw new Error(`Failed to fetch user info: ${v}`);
404
406
  }
405
407
  const i = await t.json();
406
408
  switch (r) {
@@ -413,19 +415,19 @@ async function ce(r, e) {
413
415
  emailVerified: i.email_verified
414
416
  };
415
417
  case "github":
416
- let m = i.email;
417
- if (!m) {
418
- const d = await (await fetch("https://api.github.com/user/emails", {
418
+ let v = i.email;
419
+ if (!v) {
420
+ const g = await (await fetch("https://api.github.com/user/emails", {
419
421
  headers: { Authorization: `Bearer ${e}` }
420
422
  })).json();
421
- m = ((f = d.find((k) => k.primary)) == null ? void 0 : f.email) || ((l = d[0]) == null ? void 0 : l.email) || `${i.login}@users.noreply.github.com`;
423
+ v = ((d = g.find((A) => A.primary)) == null ? void 0 : d.email) || ((c = g[0]) == null ? void 0 : c.email) || `${i.login}@users.noreply.github.com`;
422
424
  }
423
425
  return {
424
426
  id: String(i.id),
425
- email: m,
427
+ email: v,
426
428
  name: i.name || i.login,
427
429
  avatar: i.avatar_url,
428
- emailVerified: !!m
430
+ emailVerified: !!v
429
431
  };
430
432
  case "apple":
431
433
  return {
@@ -439,7 +441,7 @@ async function ce(r, e) {
439
441
  id: i.id,
440
442
  email: i.email,
441
443
  name: i.name,
442
- avatar: (h = (a = i.picture) == null ? void 0 : a.data) == null ? void 0 : h.url,
444
+ avatar: (p = (a = i.picture) == null ? void 0 : a.data) == null ? void 0 : p.url,
443
445
  emailVerified: !0
444
446
  };
445
447
  default:
@@ -452,141 +454,141 @@ async function ce(r, e) {
452
454
  };
453
455
  }
454
456
  }
455
- class le {
457
+ class fe {
456
458
  constructor() {
457
- C(this, "states", /* @__PURE__ */ new Map());
459
+ F(this, "states", /* @__PURE__ */ new Map());
458
460
  }
459
- set(e, n, t) {
460
- this.states.set(e, n), this.cleanup();
461
+ set(e, s, t) {
462
+ this.states.set(e, s), this.cleanup();
461
463
  }
462
464
  get(e) {
463
- const n = this.states.get(e);
464
- return n ? n.expiresAt < Date.now() ? (this.delete(e), null) : n : null;
465
+ const s = this.states.get(e);
466
+ return s ? s.expiresAt < Date.now() ? (this.delete(e), null) : s : null;
465
467
  }
466
468
  delete(e) {
467
469
  this.states.delete(e);
468
470
  }
469
471
  cleanup() {
470
472
  const e = Date.now();
471
- for (const [n, t] of this.states.entries())
472
- t.expiresAt < e && this.states.delete(n);
473
+ for (const [s, t] of this.states.entries())
474
+ t.expiresAt < e && this.states.delete(s);
473
475
  }
474
476
  }
475
- function ue() {
476
- return new le();
477
+ function de() {
478
+ return new fe();
477
479
  }
478
- function fe(r = process.env.NODE_ENV === "development") {
480
+ function ge(r = process.env.NODE_ENV === "development") {
479
481
  const e = "[Mulguard]";
480
482
  return {
481
- debug: r ? (n, t) => {
482
- t !== void 0 ? console.debug(`${e} ${n}`, t) : console.debug(`${e} ${n}`);
483
+ debug: r ? (s, t) => {
484
+ t !== void 0 ? console.debug(`${e} ${s}`, t) : console.debug(`${e} ${s}`);
483
485
  } : () => {
484
486
  },
485
- info: r ? (n, t) => {
486
- t !== void 0 ? console.info(`${e} ${n}`, t) : console.info(`${e} ${n}`);
487
+ info: r ? (s, t) => {
488
+ t !== void 0 ? console.info(`${e} ${s}`, t) : console.info(`${e} ${s}`);
487
489
  } : () => {
488
490
  },
489
- warn: r ? (n, t) => {
490
- t !== void 0 ? console.warn(`${e} ${n}`, t) : console.warn(`${e} ${n}`);
491
+ warn: r ? (s, t) => {
492
+ t !== void 0 ? console.warn(`${e} ${s}`, t) : console.warn(`${e} ${s}`);
491
493
  } : () => {
492
494
  },
493
- error: r ? (n, t) => {
494
- t !== void 0 ? console.error(`${e} ${n}`, t) : console.error(`${e} ${n}`);
495
+ error: r ? (s, t) => {
496
+ t !== void 0 ? console.error(`${e} ${s}`, t) : console.error(`${e} ${s}`);
495
497
  } : () => {
496
498
  }
497
499
  };
498
500
  }
499
- const j = fe();
500
- function de(r, e, n, t = {}) {
501
+ const P = ge();
502
+ function he(r, e, s, t = {}) {
501
503
  const {
502
504
  enabled: i = !0,
503
- maxRetries: f = 1,
504
- retryDelay: l = 1e3,
505
+ maxRetries: d = 1,
506
+ retryDelay: c = 1e3,
505
507
  rateLimit: a = 3,
506
- autoSignOutOnFailure: h = !0,
507
- redirectToLogin: m = "/login",
508
- autoRedirectOnFailure: v = !0
508
+ autoSignOutOnFailure: p = !0,
509
+ redirectToLogin: v = "/login",
510
+ autoRedirectOnFailure: S = !0
509
511
  } = t;
510
- let d = null, k = !1;
511
- const R = [], S = [], _ = 60 * 1e3;
512
- let A = 0, b = !1, T = null;
513
- const L = 2, o = 60 * 1e3;
514
- function s() {
515
- const p = Date.now();
516
- if (b && T) {
517
- if (p < T)
512
+ let g = null, A = !1;
513
+ const b = [], T = [], U = 60 * 1e3;
514
+ let _ = 0, I = !1, C = null;
515
+ const D = 2, V = 60 * 1e3;
516
+ function n() {
517
+ const l = Date.now();
518
+ if (I && C) {
519
+ if (l < C)
518
520
  return !1;
519
- b = !1, T = null, A = 0;
521
+ I = !1, C = null, _ = 0;
520
522
  }
521
- for (; S.length > 0; ) {
522
- const g = S[0];
523
- if (g !== void 0 && g < p - _)
524
- S.shift();
523
+ for (; T.length > 0; ) {
524
+ const w = T[0];
525
+ if (w !== void 0 && w < l - U)
526
+ T.shift();
525
527
  else
526
528
  break;
527
529
  }
528
- return S.length >= a ? !1 : (S.push(p), !0);
530
+ return T.length >= a ? !1 : (T.push(l), !0);
529
531
  }
530
- function c() {
531
- A++, A >= L && (b = !0, T = Date.now() + o, process.env.NODE_ENV === "development" && console.warn("[TokenRefreshManager] Circuit breaker opened - too many consecutive failures"));
532
+ function o() {
533
+ _++, _ >= D && (I = !0, C = Date.now() + V, process.env.NODE_ENV === "development" && console.warn("[TokenRefreshManager] Circuit breaker opened - too many consecutive failures"));
532
534
  }
533
- function w() {
534
- A = 0, b = !1, T = null;
535
+ function u() {
536
+ _ = 0, I = !1, C = null;
535
537
  }
536
- async function y(p = 1) {
538
+ async function m(l = 1) {
537
539
  if (!i)
538
540
  return null;
539
- if (!s())
541
+ if (!n())
540
542
  throw new Error("Rate limit exceeded for token refresh");
541
543
  try {
542
- const g = await r();
543
- if (g)
544
- return w(), D(g), t.onTokenRefreshed && await Promise.resolve(t.onTokenRefreshed(g)), g;
545
- if (c(), p < f)
546
- return await I(l * p), y(p + 1);
544
+ const w = await r();
545
+ if (w)
546
+ return u(), O(w), t.onTokenRefreshed && await Promise.resolve(t.onTokenRefreshed(w)), w;
547
+ if (o(), l < d)
548
+ return await h(c * l), m(l + 1);
547
549
  throw new Error("Token refresh failed: refresh function returned null");
548
- } catch (g) {
549
- if (c(), p < f && O(g))
550
- return await I(l * p), y(p + 1);
551
- throw g;
550
+ } catch (w) {
551
+ if (o(), l < d && R(w))
552
+ return await h(c * l), m(l + 1);
553
+ throw w;
552
554
  }
553
555
  }
554
- function O(p) {
555
- if (p instanceof Error) {
556
- const g = p.message.toLowerCase();
557
- if (g.includes("rate limit") || g.includes("too many requests") || g.includes("429") || g.includes("limit:") || g.includes("requests per minute") || g.includes("token_blacklisted") || g.includes("blacklisted") || g.includes("invalid") || g.includes("401") || g.includes("unauthorized") || g.includes("session has been revoked") || g.includes("session expired"))
556
+ function R(l) {
557
+ if (l instanceof Error) {
558
+ const w = l.message.toLowerCase();
559
+ if (w.includes("rate limit") || w.includes("too many requests") || w.includes("429") || w.includes("limit:") || w.includes("requests per minute") || w.includes("token_blacklisted") || w.includes("blacklisted") || w.includes("invalid") || w.includes("401") || w.includes("unauthorized") || w.includes("session has been revoked") || w.includes("session expired"))
558
560
  return !1;
559
- if (g.includes("network") || g.includes("fetch") || g.includes("timeout"))
561
+ if (w.includes("network") || w.includes("fetch") || w.includes("timeout"))
560
562
  return !0;
561
563
  }
562
564
  return !1;
563
565
  }
564
- function D(p) {
565
- const g = [...R];
566
- R.length = 0;
567
- for (const { resolve: U } of g)
568
- U(p);
566
+ function O(l) {
567
+ const w = [...b];
568
+ b.length = 0;
569
+ for (const { resolve: N } of w)
570
+ N(l);
569
571
  }
570
- function P(p) {
571
- const g = [...R];
572
- R.length = 0;
573
- for (const { reject: U } of g)
574
- U(p);
572
+ function E(l) {
573
+ const w = [...b];
574
+ b.length = 0;
575
+ for (const { reject: N } of w)
576
+ N(l);
575
577
  }
576
- function I(p) {
577
- return new Promise((g) => setTimeout(g, p));
578
+ function h(l) {
579
+ return new Promise((w) => setTimeout(w, l));
578
580
  }
579
- async function M(p) {
581
+ async function k(l) {
580
582
  try {
581
- if (t.onTokenRefreshFailed && await Promise.resolve(t.onTokenRefreshFailed(p)), h && (await n(), await e(), v && typeof window < "u")) {
582
- let g = !0;
583
- if (t.onBeforeRedirect && (g = await Promise.resolve(t.onBeforeRedirect(p))), g) {
584
- const U = new URL(m, window.location.origin);
585
- U.searchParams.set("reason", "session_expired"), U.searchParams.set("redirect", window.location.pathname + window.location.search), window.location.href = U.toString();
583
+ if (t.onTokenRefreshFailed && await Promise.resolve(t.onTokenRefreshFailed(l)), p && (await s(), await e(), S && typeof window < "u")) {
584
+ let w = !0;
585
+ if (t.onBeforeRedirect && (w = await Promise.resolve(t.onBeforeRedirect(l))), w) {
586
+ const N = new URL(v, window.location.origin);
587
+ N.searchParams.set("reason", "session_expired"), N.searchParams.set("redirect", window.location.pathname + window.location.search), window.location.href = N.toString();
586
588
  }
587
589
  }
588
- } catch (g) {
589
- process.env.NODE_ENV === "development" && console.error("[TokenRefreshManager] Error in handleRefreshFailure:", g);
590
+ } catch (w) {
591
+ process.env.NODE_ENV === "development" && console.error("[TokenRefreshManager] Error in handleRefreshFailure:", w);
590
592
  }
591
593
  }
592
594
  return {
@@ -594,40 +596,40 @@ function de(r, e, n, t = {}) {
594
596
  * Refresh token with single refresh queue
595
597
  */
596
598
  async refreshToken() {
597
- return i ? d || (k = !0, d = y().then((p) => (k = !1, d = null, p)).catch((p) => {
598
- throw k = !1, d = null, P(p), M(p).catch(() => {
599
- }), p;
600
- }), d) : null;
599
+ return i ? g || (A = !0, g = m().then((l) => (A = !1, g = null, l)).catch((l) => {
600
+ throw A = !1, g = null, E(l), k(l).catch(() => {
601
+ }), l;
602
+ }), g) : null;
601
603
  },
602
604
  /**
603
605
  * Check if refresh is in progress
604
606
  */
605
607
  isRefreshing() {
606
- return k;
608
+ return A;
607
609
  },
608
610
  /**
609
611
  * Wait for current refresh to complete
610
612
  */
611
613
  async waitForRefresh() {
612
- return d ? new Promise((p, g) => {
613
- R.push({ resolve: p, reject: g });
614
+ return g ? new Promise((l, w) => {
615
+ b.push({ resolve: l, reject: w });
614
616
  }) : null;
615
617
  },
616
618
  /**
617
619
  * Clear state
618
620
  */
619
621
  clear() {
620
- d = null, k = !1, S.length = 0, w(), P(new Error("Token refresh manager cleared"));
622
+ g = null, A = !1, T.length = 0, u(), E(new Error("Token refresh manager cleared"));
621
623
  },
622
624
  /**
623
625
  * Handle token refresh failure
624
626
  */
625
- async handleRefreshFailure(p) {
626
- return M(p);
627
+ async handleRefreshFailure(l) {
628
+ return k(l);
627
629
  }
628
630
  };
629
631
  }
630
- function he() {
632
+ function we() {
631
633
  const r = process.env.NODE_ENV === "production";
632
634
  return {
633
635
  cookieName: "__mulguard_session",
@@ -640,7 +642,7 @@ function he() {
640
642
  path: "/"
641
643
  };
642
644
  }
643
- function ge() {
645
+ function pe() {
644
646
  return {
645
647
  enabled: !0,
646
648
  refreshThreshold: 300,
@@ -656,47 +658,47 @@ function ge() {
656
658
  };
657
659
  }
658
660
  function Me(r) {
659
- var T, L;
661
+ var D, V;
660
662
  const e = {
661
- ...he(),
663
+ ...we(),
662
664
  ...r.session
663
- }, n = r.actions, t = r.callbacks || {}, i = ((T = r.providers) == null ? void 0 : T.oauth) || {}, f = process.env.NEXT_PUBLIC_URL || (process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : "http://localhost:3000"), l = {
664
- ...ge(),
665
+ }, s = r.actions, t = r.callbacks || {}, i = ((D = r.providers) == null ? void 0 : D.oauth) || {}, d = process.env.NEXT_PUBLIC_URL || (process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : "http://localhost:3000"), c = {
666
+ ...pe(),
665
667
  ...r.tokenRefresh
666
- }, a = { ...n };
667
- if (Object.keys(i).length > 0 && !a.signIn.oauth && (a.signIn.oauth = async (o) => {
668
- const s = i[o];
669
- if (!s)
670
- throw new Error(`OAuth provider "${o}" is not configured. Add it to providers.oauth in config.`);
671
- if (!s.clientId)
672
- throw new Error(`OAuth provider "${o}" is missing clientId`);
673
- const c = te();
674
- return { url: ie(o, s, f, c), state: c };
675
- }), Object.keys(i).length > 0 && !a.oauthCallback && (a.oauthCallback = async (o, s, c) => {
676
- const w = i[o];
677
- if (!w)
668
+ }, a = { ...s };
669
+ if (Object.keys(i).length > 0 && !a.signIn.oauth && (a.signIn.oauth = async (n) => {
670
+ const o = i[n];
671
+ if (!o)
672
+ throw new Error(`OAuth provider "${n}" is not configured. Add it to providers.oauth in config.`);
673
+ if (!o.clientId)
674
+ throw new Error(`OAuth provider "${n}" is missing clientId`);
675
+ const u = ne();
676
+ return { url: ce(n, o, d, u), state: u };
677
+ }), Object.keys(i).length > 0 && !a.oauthCallback && (a.oauthCallback = async (n, o, u) => {
678
+ const m = i[n];
679
+ if (!m)
678
680
  return {
679
681
  success: !1,
680
- error: `OAuth provider "${o}" is not configured`,
681
- errorCode: E.VALIDATION_ERROR
682
+ error: `OAuth provider "${n}" is not configured`,
683
+ errorCode: y.VALIDATION_ERROR
682
684
  };
683
685
  try {
684
- const y = w.redirectUri || `${f}/api/auth/callback/${o}`, O = await ae(o, w, s, y), D = await ce(o, O.access_token);
686
+ const R = m.redirectUri || `${d}/api/auth/callback/${n}`, O = await le(n, m, o, R), E = await ue(n, O.access_token);
685
687
  if (t.onOAuthUser) {
686
- const P = await d(t.onOAuthUser, D, o);
687
- if (!P)
688
+ const h = await g(t.onOAuthUser, E, n);
689
+ if (!h)
688
690
  return {
689
691
  success: !1,
690
692
  error: "Failed to create or retrieve user",
691
- errorCode: E.VALIDATION_ERROR
693
+ errorCode: y.VALIDATION_ERROR
692
694
  };
693
- const I = {
695
+ const k = {
694
696
  user: {
695
- id: P.id,
696
- email: P.email,
697
- name: P.name,
698
- avatar: D.avatar,
699
- emailVerified: D.emailVerified
697
+ id: h.id,
698
+ email: h.email,
699
+ name: h.name,
700
+ avatar: E.avatar,
701
+ emailVerified: E.emailVerified
700
702
  },
701
703
  expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1e3),
702
704
  accessToken: O.access_token,
@@ -704,87 +706,89 @@ function Me(r) {
704
706
  tokenType: "Bearer",
705
707
  expiresIn: O.expires_in
706
708
  };
707
- return await S(I), h = { session: I, timestamp: Date.now() }, t.onSignIn && await d(t.onSignIn, I.user, I), { success: !0, user: I.user, session: I };
709
+ return await T(k), p = { session: k, timestamp: Date.now() }, t.onSignIn && await g(t.onSignIn, k.user, k), { success: !0, user: k.user, session: k };
708
710
  }
709
711
  return {
710
712
  success: !1,
711
713
  error: "OAuth user callback not implemented. Provide onOAuthUser callback or implement oauthCallback action.",
712
- errorCode: E.VALIDATION_ERROR
714
+ errorCode: y.VALIDATION_ERROR
713
715
  };
714
- } catch (y) {
715
- return j.error("OAuth callback failed", { provider: o, error: y }), {
716
+ } catch (R) {
717
+ return P.error("OAuth callback failed", { provider: n, error: R }), {
716
718
  success: !1,
717
- error: y instanceof Error ? y.message : "OAuth callback failed",
718
- errorCode: E.NETWORK_ERROR
719
+ error: R instanceof Error ? R.message : "OAuth callback failed",
720
+ errorCode: y.NETWORK_ERROR
719
721
  };
720
722
  }
721
723
  }), !a.signIn || !a.signIn.email)
722
724
  throw new Error("mulguard: signIn.email action is required");
723
- let h = null;
724
- const m = ((L = r.session) == null ? void 0 : L.cacheTtl) ?? r.sessionCacheTtl ?? 5e3, v = r.oauthStateStore || ue(), d = async (o, ...s) => {
725
- if (o)
725
+ let p = null;
726
+ const v = ((V = r.session) == null ? void 0 : V.cacheTtl) ?? r.sessionCacheTtl ?? 5e3, S = r.oauthStateStore || de(), g = async (n, ...o) => {
727
+ if (n)
726
728
  try {
727
- return await o(...s);
728
- } catch (c) {
729
- throw t.onError && await t.onError(c instanceof Error ? c : new Error(String(c)), "callback"), c;
729
+ return await n(...o);
730
+ } catch (u) {
731
+ throw t.onError && await t.onError(u instanceof Error ? u : new Error(String(u)), "callback"), u;
730
732
  }
731
- }, k = async (o, s) => {
732
- const c = {
733
- provider: s,
733
+ }, A = async (n, o) => {
734
+ const u = {
735
+ provider: o,
734
736
  expiresAt: Date.now() + 6e5
735
737
  // 10 minutes
736
738
  };
737
- await Promise.resolve(v.set(o, c, 10 * 60 * 1e3)), v.cleanup && await Promise.resolve(v.cleanup());
738
- }, R = async (o, s) => {
739
- const c = await Promise.resolve(v.get(o));
740
- return c ? c.expiresAt < Date.now() ? (await Promise.resolve(v.delete(o)), !1) : c.provider !== s ? !1 : (await Promise.resolve(v.delete(o)), !0) : !1;
741
- }, S = async (o) => {
742
- const s = e.cookieName || "__mulguard_session", c = typeof o == "object" && "token" in o ? String(o.token) : JSON.stringify(o), w = q(s, c, e);
743
- return await K(w);
744
- }, _ = async (o) => {
745
- if (!o.success || !o.session)
739
+ await Promise.resolve(S.set(n, u, 10 * 60 * 1e3)), S.cleanup && await Promise.resolve(S.cleanup());
740
+ }, b = async (n, o) => {
741
+ const u = await Promise.resolve(S.get(n));
742
+ return u ? u.expiresAt < Date.now() ? (await Promise.resolve(S.delete(n)), !1) : u.provider !== o ? !1 : (await Promise.resolve(S.delete(n)), !0) : !1;
743
+ }, T = async (n) => {
744
+ const o = e.cookieName || "__mulguard_session", u = typeof n == "object" && "token" in n ? String(n.token) : JSON.stringify(n), m = X(o, u, e);
745
+ return await Y(m);
746
+ }, U = async (n) => {
747
+ if (!n.success || !n.session)
746
748
  return { success: !0 };
747
- const s = await S(o.session);
748
- return h = { session: o.session, timestamp: Date.now() }, o.user && t.onSignIn && await d(t.onSignIn, o.user, o.session), s;
749
- }, A = async () => {
750
- const o = e.cookieName || "__mulguard_session";
751
- await Y(o, {
749
+ const o = await T(n.session);
750
+ return p = { session: n.session, timestamp: Date.now() }, n.user && t.onSignIn && await g(t.onSignIn, n.user, n.session), o;
751
+ }, _ = async () => {
752
+ const n = e.cookieName || "__mulguard_session";
753
+ await J(n, {
752
754
  path: e.path,
753
755
  domain: e.domain
754
756
  });
755
- }, b = {
757
+ };
758
+ let I = null;
759
+ const C = {
756
760
  /**
757
761
  * Get current session
758
762
  * Uses custom getSession action if provided, otherwise falls back to reading from cookie
759
763
  * ✅ IMPROVEMENT: Added session caching for better performance
760
764
  */
761
765
  async getSession() {
762
- const o = Date.now();
763
- if (h && o - h.timestamp < m)
764
- return h.session;
765
- if (n.getSession)
766
+ const n = Date.now();
767
+ if (p && n - p.timestamp < v)
768
+ return p.session;
769
+ if (s.getSession)
766
770
  try {
767
- const s = await n.getSession();
768
- if (s && F(s))
769
- return h = { session: s, timestamp: o }, s;
770
- s && !F(s) && (await A(), h = null);
771
- } catch (s) {
772
- j.debug("getSession error", { error: s }), t.onError && await d(t.onError, s instanceof Error ? s : new Error(String(s)), "getSession"), h = null;
771
+ const o = await s.getSession();
772
+ if (o && x(o))
773
+ return p = { session: o, timestamp: n }, o;
774
+ o && !x(o) && (await _(), p = null);
775
+ } catch (o) {
776
+ P.debug("getSession error", { error: o }), t.onError && await g(t.onError, o instanceof Error ? o : new Error(String(o)), "getSession"), p = null;
773
777
  }
774
778
  try {
775
- const s = e.cookieName || "__mulguard_session", c = await X(s);
776
- if (c)
779
+ const o = e.cookieName || "__mulguard_session", u = await G(o);
780
+ if (u)
777
781
  try {
778
- const w = JSON.parse(c);
779
- if (F(w))
780
- return w.expiresAt && new Date(w.expiresAt) < /* @__PURE__ */ new Date() ? (t.onSessionExpired && await d(t.onSessionExpired, w), await A(), h = null, null) : (h = { session: w, timestamp: o }, w);
781
- await A(), h = null;
782
+ const m = JSON.parse(u);
783
+ if (x(m))
784
+ return m.expiresAt && new Date(m.expiresAt) < /* @__PURE__ */ new Date() ? (t.onSessionExpired && await g(t.onSessionExpired, m), await _(), p = null, null) : (p = { session: m, timestamp: n }, m);
785
+ await _(), p = null;
782
786
  } catch {
783
- await A(), h = null;
787
+ await _(), p = null;
784
788
  }
785
- } catch (s) {
786
- const c = s instanceof Error ? s.message : String(s);
787
- !c.includes("request scope") && !c.includes("cookies") && (j.warn("getSession cookie error", { error: s }), t.onError && await d(t.onError, s instanceof Error ? s : new Error(String(s)), "getSession.cookie"));
789
+ } catch (o) {
790
+ const u = o instanceof Error ? o.message : String(o);
791
+ !u.includes("request scope") && !u.includes("cookies") && (P.warn("getSession cookie error", { error: o }), t.onError && await g(t.onError, o instanceof Error ? o : new Error(String(o)), "getSession.cookie"));
788
792
  }
789
793
  return null;
790
794
  },
@@ -792,15 +796,15 @@ function Me(r) {
792
796
  * Get access token from current session
793
797
  */
794
798
  async getAccessToken() {
795
- const o = await this.getSession();
796
- return o != null && o.accessToken && typeof o.accessToken == "string" ? o.accessToken : null;
799
+ const n = await this.getSession();
800
+ return n != null && n.accessToken && typeof n.accessToken == "string" ? n.accessToken : null;
797
801
  },
798
802
  /**
799
803
  * Get refresh token from current session
800
804
  */
801
805
  async getRefreshToken() {
802
- const o = await this.getSession();
803
- return o != null && o.refreshToken && typeof o.refreshToken == "string" ? o.refreshToken : null;
806
+ const n = await this.getSession();
807
+ return n != null && n.refreshToken && typeof n.refreshToken == "string" ? n.refreshToken : null;
804
808
  },
805
809
  /**
806
810
  * Check if session has valid tokens
@@ -809,99 +813,172 @@ function Me(r) {
809
813
  return !!await this.getAccessToken();
810
814
  },
811
815
  /**
812
- * Sign in methods - uses custom actions from config
816
+ * Unified sign in method - supports both unified and direct method calls
817
+ * ✅ IMPROVEMENT: Single unified logic for all sign-in methods
813
818
  */
814
- signIn: {
815
- /**
816
- * Sign in with email/password
817
- */
818
- async email(o) {
819
+ signIn: (() => {
820
+ const n = async (E) => {
819
821
  try {
820
- const s = await a.signIn.email(o);
821
- return s.success && s.session && await _(s), s;
822
- } catch (s) {
823
- return t.onError && await d(t.onError, s instanceof Error ? s : new Error(String(s)), "signIn.email"), {
822
+ if (!E || typeof E != "object")
823
+ return {
824
+ success: !1,
825
+ error: "Invalid credentials",
826
+ errorCode: y.VALIDATION_ERROR
827
+ };
828
+ if (!E.email || typeof E.email != "string")
829
+ return {
830
+ success: !1,
831
+ error: "Email is required",
832
+ errorCode: y.VALIDATION_ERROR
833
+ };
834
+ const h = M(E.email);
835
+ if (!h.valid)
836
+ return {
837
+ success: !1,
838
+ error: h.error || "Invalid email format",
839
+ errorCode: y.VALIDATION_ERROR
840
+ };
841
+ if (!E.password || typeof E.password != "string")
842
+ return {
843
+ success: !1,
844
+ error: "Password is required",
845
+ errorCode: y.VALIDATION_ERROR
846
+ };
847
+ if (E.password.length > 128)
848
+ return {
849
+ success: !1,
850
+ error: "Invalid credentials",
851
+ errorCode: y.VALIDATION_ERROR
852
+ };
853
+ const k = {
854
+ email: h.sanitized,
855
+ password: E.password
856
+ // Don't sanitize password (needed for hashing)
857
+ }, l = await a.signIn.email(k);
858
+ return l.success && l.session && await U(l), l.success ? P.info("Sign in successful", { email: k.email.substring(0, 3) + "***" }) : P.warn("Sign in failed", { email: k.email.substring(0, 3) + "***", errorCode: l.errorCode }), l;
859
+ } catch (h) {
860
+ const k = h instanceof Error ? h.message : "Sign in failed";
861
+ return P.error("Sign in error", { error: k, context: "signIn.email" }), t.onError && await g(t.onError, h instanceof Error ? h : new Error(String(h)), "signIn.email"), {
824
862
  success: !1,
825
- error: s instanceof Error ? s.message : "Sign in failed"
863
+ error: "Sign in failed. Please try again.",
864
+ errorCode: y.UNKNOWN_ERROR
826
865
  };
827
866
  }
828
- },
829
- /**
830
- * Initiate OAuth sign in
831
- * Auto-generated if providers.oauth is configured in config
832
- */
833
- async oauth(o) {
867
+ }, o = async (E) => {
868
+ if (!E || typeof E != "string")
869
+ throw new Error("Provider is required");
870
+ const h = z(E, { maxLength: 50, allowHtml: !1, required: !0 });
871
+ if (!h.valid || !h.sanitized)
872
+ throw new Error("Invalid provider");
873
+ const k = h.sanitized.toLowerCase();
834
874
  if (!a.signIn.oauth)
835
875
  throw new Error(
836
876
  "OAuth sign in is not configured. Either provide oauth action in signIn, or configure providers.oauth in config."
837
877
  );
838
- const s = await a.signIn.oauth(o);
839
- return await k(s.state, o), s;
840
- },
841
- /**
842
- * Sign in with PassKey
843
- */
844
- async passkey(o) {
878
+ const l = await a.signIn.oauth(k);
879
+ return await A(l.state, k), P.info("OAuth sign in initiated", { provider: k }), l;
880
+ }, u = async (E) => {
845
881
  if (!a.signIn.passkey)
846
882
  throw new Error("PassKey sign in is not configured. Provide passkey action in signIn.");
847
883
  try {
848
- const s = await a.signIn.passkey(o);
849
- return s.success && s.session && await _(s), s;
850
- } catch (s) {
851
- return t.onError && await d(t.onError, s instanceof Error ? s : new Error(String(s)), "signIn.passkey"), {
884
+ const h = await a.signIn.passkey(E);
885
+ return h.success && h.session && await U(h), h;
886
+ } catch (h) {
887
+ return t.onError && await g(t.onError, h instanceof Error ? h : new Error(String(h)), "signIn.passkey"), {
852
888
  success: !1,
853
- error: s instanceof Error ? s.message : "PassKey sign in failed"
889
+ error: h instanceof Error ? h.message : "PassKey sign in failed"
854
890
  };
855
891
  }
856
- },
857
- /**
858
- * Sign in with OTP
859
- */
860
- async otp(o, s) {
892
+ }, m = async (E, h) => {
893
+ if (!E || typeof E != "string")
894
+ return {
895
+ success: !1,
896
+ error: "Email is required",
897
+ errorCode: y.VALIDATION_ERROR
898
+ };
899
+ const k = M(E);
900
+ if (!k.valid)
901
+ return {
902
+ success: !1,
903
+ error: k.error || "Invalid email format",
904
+ errorCode: y.VALIDATION_ERROR
905
+ };
906
+ if (h !== void 0 && (typeof h != "string" || h.length < 4 || h.length > 10))
907
+ return {
908
+ success: !1,
909
+ error: "Invalid OTP code format",
910
+ errorCode: y.VALIDATION_ERROR
911
+ };
861
912
  if (!a.signIn.otp)
862
- throw new Error("OTP sign in is not configured. Provide otp action in signIn.");
913
+ return {
914
+ success: !1,
915
+ error: "OTP sign in is not configured",
916
+ errorCode: y.VALIDATION_ERROR
917
+ };
863
918
  try {
864
- const c = await a.signIn.otp(o, s);
865
- return c.success && c.session && await _(c), c;
866
- } catch (c) {
867
- return t.onError && await d(t.onError, c instanceof Error ? c : new Error(String(c)), "signIn.otp"), {
919
+ const l = await a.signIn.otp(k.sanitized, h);
920
+ return l.success && l.session && await U(l), l.success ? P.info("OTP sign in successful", { email: k.sanitized.substring(0, 3) + "***" }) : P.warn("OTP sign in failed", { email: k.sanitized.substring(0, 3) + "***" }), l;
921
+ } catch (l) {
922
+ return P.error("OTP sign in error", { error: l instanceof Error ? l.message : "Unknown error", context: "signIn.otp" }), t.onError && await g(t.onError, l instanceof Error ? l : new Error(String(l)), "signIn.otp"), {
868
923
  success: !1,
869
- error: c instanceof Error ? c.message : "OTP sign in failed"
924
+ error: "OTP sign in failed. Please try again.",
925
+ errorCode: y.UNKNOWN_ERROR
870
926
  };
871
927
  }
872
- }
873
- },
874
- /**
875
- * Sign in methods - alias for signIn (for backward compatibility)
876
- */
877
- signInMethods: {
878
- email: (o) => b.signIn.email(o),
879
- oauth: (o) => {
880
- var s, c;
881
- return ((c = (s = b.signIn).oauth) == null ? void 0 : c.call(s, o)) || Promise.reject(new Error("OAuth not configured"));
882
- },
883
- passkey: (o) => {
884
- var s, c;
885
- return ((c = (s = b.signIn).passkey) == null ? void 0 : c.call(s, o)) || Promise.reject(new Error("Passkey not configured"));
886
- },
887
- otp: (o, s) => {
888
- var c, w;
889
- return ((w = (c = b.signIn).otp) == null ? void 0 : w.call(c, o, s)) || Promise.reject(new Error("OTP not configured"));
890
- }
891
- },
928
+ }, O = Object.assign(
929
+ async (E, h) => {
930
+ if (!E || typeof E != "string")
931
+ throw new Error("Provider is required");
932
+ const k = z(E, { maxLength: 50, allowHtml: !1, required: !0 });
933
+ if (!k.valid || !k.sanitized)
934
+ throw new Error("Invalid provider");
935
+ const l = k.sanitized.toLowerCase();
936
+ if (l === "google" || l === "github" || l === "apple" || l === "facebook" || typeof l == "string" && !["credentials", "otp", "passkey"].includes(l))
937
+ return o(l);
938
+ if (l === "credentials")
939
+ return !h || !("email" in h) || !("password" in h) ? {
940
+ success: !1,
941
+ error: "Credentials are required",
942
+ errorCode: y.VALIDATION_ERROR
943
+ } : n(h);
944
+ if (l === "otp") {
945
+ if (!h || !("email" in h))
946
+ return {
947
+ success: !1,
948
+ error: "Email is required",
949
+ errorCode: y.VALIDATION_ERROR
950
+ };
951
+ const w = h;
952
+ return m(w.email, w.code);
953
+ }
954
+ return l === "passkey" ? u(h) : {
955
+ success: !1,
956
+ error: "Invalid provider",
957
+ errorCode: y.VALIDATION_ERROR
958
+ };
959
+ },
960
+ {
961
+ email: n,
962
+ oauth: a.signIn.oauth ? o : void 0,
963
+ passkey: a.signIn.passkey ? u : void 0,
964
+ otp: a.signIn.otp ? m : void 0
965
+ }
966
+ );
967
+ return I = O, O;
968
+ })(),
892
969
  /**
893
970
  * Sign up new user
894
971
  */
895
- async signUp(o) {
972
+ async signUp(n) {
896
973
  if (!a.signUp)
897
974
  throw new Error("Sign up is not configured. Provide signUp action in config.");
898
975
  try {
899
- const s = await a.signUp(o);
900
- return s.success && s.session && await _(s), s;
901
- } catch (s) {
902
- return t.onError && await d(t.onError, s instanceof Error ? s : new Error(String(s)), "signUp"), {
976
+ const o = await a.signUp(n);
977
+ return o.success && o.session && await U(o), o;
978
+ } catch (o) {
979
+ return t.onError && await g(t.onError, o instanceof Error ? o : new Error(String(o)), "signUp"), {
903
980
  success: !1,
904
- error: s instanceof Error ? s.message : "Sign up failed"
981
+ error: o instanceof Error ? o.message : "Sign up failed"
905
982
  };
906
983
  }
907
984
  },
@@ -910,42 +987,42 @@ function Me(r) {
910
987
  */
911
988
  async signOut() {
912
989
  try {
913
- const o = await this.getSession(), s = o == null ? void 0 : o.user;
914
- return n.signOut && await n.signOut(), await A(), h = null, s && t.onSignOut && await d(t.onSignOut, s), { success: !0 };
915
- } catch (o) {
916
- return await A(), t.onError && await d(t.onError, o instanceof Error ? o : new Error(String(o)), "signOut"), {
990
+ const n = await this.getSession(), o = n == null ? void 0 : n.user;
991
+ return s.signOut && await s.signOut(), await _(), p = null, o && t.onSignOut && await g(t.onSignOut, o), { success: !0 };
992
+ } catch (n) {
993
+ return await _(), t.onError && await g(t.onError, n instanceof Error ? n : new Error(String(n)), "signOut"), {
917
994
  success: !1,
918
- error: o instanceof Error ? o.message : "Sign out failed"
995
+ error: n instanceof Error ? n.message : "Sign out failed"
919
996
  };
920
997
  }
921
998
  },
922
999
  /**
923
1000
  * Request password reset
924
1001
  */
925
- async resetPassword(o) {
926
- if (!n.resetPassword)
1002
+ async resetPassword(n) {
1003
+ if (!s.resetPassword)
927
1004
  throw new Error("Password reset is not configured. Provide resetPassword action in config.");
928
1005
  try {
929
- return await n.resetPassword(o);
930
- } catch (s) {
931
- return t.onError && await d(t.onError, s instanceof Error ? s : new Error(String(s)), "resetPassword"), {
1006
+ return await s.resetPassword(n);
1007
+ } catch (o) {
1008
+ return t.onError && await g(t.onError, o instanceof Error ? o : new Error(String(o)), "resetPassword"), {
932
1009
  success: !1,
933
- error: s instanceof Error ? s.message : "Password reset failed"
1010
+ error: o instanceof Error ? o.message : "Password reset failed"
934
1011
  };
935
1012
  }
936
1013
  },
937
1014
  /**
938
1015
  * Verify email address
939
1016
  */
940
- async verifyEmail(o) {
941
- if (!n.verifyEmail)
1017
+ async verifyEmail(n) {
1018
+ if (!s.verifyEmail)
942
1019
  throw new Error("Email verification is not configured. Provide verifyEmail action in config.");
943
1020
  try {
944
- return await n.verifyEmail(o);
945
- } catch (s) {
946
- return t.onError && await d(t.onError, s instanceof Error ? s : new Error(String(s)), "verifyEmail"), {
1021
+ return await s.verifyEmail(n);
1022
+ } catch (o) {
1023
+ return t.onError && await g(t.onError, o instanceof Error ? o : new Error(String(o)), "verifyEmail"), {
947
1024
  success: !1,
948
- error: s instanceof Error ? s.message : "Email verification failed"
1025
+ error: o instanceof Error ? o.message : "Email verification failed"
949
1026
  };
950
1027
  }
951
1028
  },
@@ -954,73 +1031,73 @@ function Me(r) {
954
1031
  * Executes custom refreshSession action with improved error handling and callbacks
955
1032
  */
956
1033
  async refreshSession() {
957
- if (!n.refreshSession)
1034
+ if (!s.refreshSession)
958
1035
  return this.getSession();
959
1036
  try {
960
- const o = await n.refreshSession();
961
- if (o && F(o)) {
962
- if (await S(o), h = { session: o, timestamp: Date.now() }, t.onSessionUpdate) {
963
- const s = await d(t.onSessionUpdate, o);
964
- if (s && F(s)) {
965
- if (await S(s), t.onTokenRefresh) {
966
- const c = await this.getSession();
967
- c && await d(t.onTokenRefresh, c, s);
1037
+ const n = await s.refreshSession();
1038
+ if (n && x(n)) {
1039
+ if (await T(n), p = { session: n, timestamp: Date.now() }, t.onSessionUpdate) {
1040
+ const o = await g(t.onSessionUpdate, n);
1041
+ if (o && x(o)) {
1042
+ if (await T(o), t.onTokenRefresh) {
1043
+ const u = await this.getSession();
1044
+ u && await g(t.onTokenRefresh, u, o);
968
1045
  }
969
- return s;
1046
+ return o;
970
1047
  }
971
1048
  }
972
1049
  if (t.onTokenRefresh) {
973
- const s = await this.getSession();
974
- s && await d(t.onTokenRefresh, s, o);
1050
+ const o = await this.getSession();
1051
+ o && await g(t.onTokenRefresh, o, n);
975
1052
  }
976
- return o;
977
- } else if (o && !F(o))
978
- return await A(), null;
1053
+ return n;
1054
+ } else if (n && !x(n))
1055
+ return await _(), null;
979
1056
  return null;
980
- } catch (o) {
981
- return await A(), t.onError && await d(t.onError, o instanceof Error ? o : new Error(String(o)), "refreshSession"), null;
1057
+ } catch (n) {
1058
+ return await _(), t.onError && await g(t.onError, n instanceof Error ? n : new Error(String(n)), "refreshSession"), null;
982
1059
  }
983
1060
  },
984
1061
  /**
985
1062
  * OAuth callback handler
986
1063
  * ✅ Auto-generated if providers.oauth is configured in config
987
1064
  */
988
- async oauthCallback(o, s, c) {
1065
+ async oauthCallback(n, o, u) {
989
1066
  if (!a.oauthCallback)
990
1067
  throw new Error(
991
1068
  "OAuth callback is not configured. Either provide oauthCallback action, or configure providers.oauth in config."
992
1069
  );
993
- if (!o || !s || !c)
1070
+ if (!n || !o || !u)
994
1071
  return {
995
1072
  success: !1,
996
1073
  error: "Missing required OAuth parameters (provider, code, or state)",
997
- errorCode: E.VALIDATION_ERROR
1074
+ errorCode: y.VALIDATION_ERROR
998
1075
  };
999
- if (!await R(c, o))
1076
+ if (!await b(u, n))
1000
1077
  return {
1001
1078
  success: !1,
1002
1079
  error: "Invalid or expired state parameter",
1003
- errorCode: E.VALIDATION_ERROR
1080
+ errorCode: y.VALIDATION_ERROR
1004
1081
  };
1005
1082
  try {
1006
- const y = await a.oauthCallback(o, s, c);
1007
- if (y.success && y.session) {
1008
- const O = await _(y);
1009
- O.success || (process.env.NODE_ENV === "development" && j.debug("Failed to save session cookie after oauthCallback", {
1083
+ const R = await a.oauthCallback(n, o, u);
1084
+ if (R.success && R.session) {
1085
+ const O = await U(R);
1086
+ O.success || (process.env.NODE_ENV === "development" && P.debug("Failed to save session cookie after oauthCallback", {
1010
1087
  error: O.error,
1011
1088
  warning: O.warning
1012
- }), t.onError && await d(
1089
+ }), t.onError && await g(
1013
1090
  t.onError,
1014
1091
  new Error(O.warning || O.error || "Failed to save session cookie"),
1015
1092
  "oauthCallback.setSession"
1016
1093
  ));
1017
1094
  }
1018
- return y;
1019
- } catch (y) {
1020
- return t.onError && await d(t.onError, y instanceof Error ? y : new Error(String(y)), "oauthCallback"), {
1095
+ return R;
1096
+ } catch (R) {
1097
+ return t.onError && await g(t.onError, R instanceof Error ? R : new Error(String(R)), "oauthCallback"), {
1021
1098
  success: !1,
1022
- error: y instanceof Error ? y.message : "OAuth callback failed",
1023
- errorCode: E.NETWORK_ERROR
1099
+ error: R instanceof Error ? R.message : "OAuth callback failed",
1100
+ errorCode: y.NETWORK_ERROR
1024
1101
  };
1025
1102
  }
1026
1103
  },
@@ -1028,28 +1105,28 @@ function Me(r) {
1028
1105
  * Verify 2FA code after initial sign in
1029
1106
  * Used when signIn returns requires2FA: true
1030
1107
  */
1031
- async verify2FA(o, s) {
1032
- if (!n.verify2FA)
1108
+ async verify2FA(n, o) {
1109
+ if (!s.verify2FA)
1033
1110
  throw new Error("2FA verification is not configured. Provide verify2FA action in config.");
1034
1111
  try {
1035
- const c = await n.verify2FA(o);
1036
- if (c.success && c.session && !(s != null && s.skipCookieSave)) {
1037
- const w = await _(c);
1038
- w.success || (process.env.NODE_ENV === "development" && j.debug("Failed to save session cookie after verify2FA", {
1039
- error: w.error,
1040
- warning: w.warning
1041
- }), t.onError && await d(
1112
+ const u = await s.verify2FA(n);
1113
+ if (u.success && u.session && !(o != null && o.skipCookieSave)) {
1114
+ const m = await U(u);
1115
+ m.success || (process.env.NODE_ENV === "development" && P.debug("Failed to save session cookie after verify2FA", {
1116
+ error: m.error,
1117
+ warning: m.warning
1118
+ }), t.onError && await g(
1042
1119
  t.onError,
1043
- new Error(w.warning || w.error || "Failed to save session cookie"),
1120
+ new Error(m.warning || m.error || "Failed to save session cookie"),
1044
1121
  "verify2FA.setSession"
1045
1122
  ));
1046
1123
  }
1047
- return c;
1048
- } catch (c) {
1049
- return t.onError && await d(t.onError, c instanceof Error ? c : new Error(String(c)), "verify2FA"), {
1124
+ return u;
1125
+ } catch (u) {
1126
+ return t.onError && await g(t.onError, u instanceof Error ? u : new Error(String(u)), "verify2FA"), {
1050
1127
  success: !1,
1051
- error: c instanceof Error ? c.message : "2FA verification failed",
1052
- errorCode: E.TWO_FA_REQUIRED
1128
+ error: u instanceof Error ? u.message : "2FA verification failed",
1129
+ errorCode: y.TWO_FA_REQUIRED
1053
1130
  };
1054
1131
  }
1055
1132
  },
@@ -1057,8 +1134,8 @@ function Me(r) {
1057
1134
  * Set session directly
1058
1135
  * Useful for Server Actions that need to save session manually
1059
1136
  */
1060
- async setSession(o) {
1061
- return F(o) ? await S(o) : {
1137
+ async setSession(n) {
1138
+ return x(n) ? await T(n) : {
1062
1139
  success: !1,
1063
1140
  error: "Invalid session structure"
1064
1141
  };
@@ -1080,249 +1157,268 @@ function Me(r) {
1080
1157
  /**
1081
1158
  * PassKey methods
1082
1159
  */
1083
- passkey: n.passkey ? {
1084
- register: n.passkey.register,
1085
- authenticate: async (o) => {
1086
- var s;
1087
- if (!((s = n.passkey) != null && s.authenticate))
1160
+ passkey: s.passkey ? {
1161
+ register: s.passkey.register,
1162
+ authenticate: async (n) => {
1163
+ var o;
1164
+ if (!((o = s.passkey) != null && o.authenticate))
1088
1165
  throw new Error("PassKey authenticate is not configured.");
1089
1166
  try {
1090
- const c = await n.passkey.authenticate(o);
1091
- return c.success && c.session && await _(c), c;
1092
- } catch (c) {
1093
- return t.onError && await d(t.onError, c instanceof Error ? c : new Error(String(c)), "passkey.authenticate"), {
1167
+ const u = await s.passkey.authenticate(n);
1168
+ return u.success && u.session && await U(u), u;
1169
+ } catch (u) {
1170
+ return t.onError && await g(t.onError, u instanceof Error ? u : new Error(String(u)), "passkey.authenticate"), {
1094
1171
  success: !1,
1095
- error: c instanceof Error ? c.message : "PassKey authentication failed"
1172
+ error: u instanceof Error ? u.message : "PassKey authentication failed"
1096
1173
  };
1097
1174
  }
1098
1175
  },
1099
- list: n.passkey.list,
1100
- remove: n.passkey.remove
1176
+ list: s.passkey.list,
1177
+ remove: s.passkey.remove
1101
1178
  } : void 0,
1102
1179
  /**
1103
1180
  * Two-Factor Authentication methods
1104
1181
  */
1105
- twoFactor: n.twoFactor ? {
1106
- enable: n.twoFactor.enable,
1107
- verify: n.twoFactor.verify,
1108
- disable: n.twoFactor.disable,
1109
- generateBackupCodes: n.twoFactor.generateBackupCodes,
1110
- isEnabled: n.twoFactor.isEnabled,
1111
- verify2FA: async (o) => {
1112
- var c;
1113
- const s = ((c = n.twoFactor) == null ? void 0 : c.verify2FA) || n.verify2FA;
1114
- if (!s)
1182
+ twoFactor: s.twoFactor ? {
1183
+ enable: s.twoFactor.enable,
1184
+ verify: s.twoFactor.verify,
1185
+ disable: s.twoFactor.disable,
1186
+ generateBackupCodes: s.twoFactor.generateBackupCodes,
1187
+ isEnabled: s.twoFactor.isEnabled,
1188
+ verify2FA: async (n) => {
1189
+ var u;
1190
+ const o = ((u = s.twoFactor) == null ? void 0 : u.verify2FA) || s.verify2FA;
1191
+ if (!o)
1115
1192
  throw new Error("2FA verification is not configured. Provide verify2FA action in config.");
1116
1193
  try {
1117
- const w = await s(o);
1118
- if (w.success && w.session) {
1119
- const y = await _(w);
1120
- y.success || (process.env.NODE_ENV === "development" && j.debug("Failed to save session cookie after twoFactor.verify2FA", {
1121
- error: y.error,
1122
- warning: y.warning
1123
- }), t.onError && await d(
1194
+ const m = await o(n);
1195
+ if (m.success && m.session) {
1196
+ const R = await U(m);
1197
+ R.success || (process.env.NODE_ENV === "development" && P.debug("Failed to save session cookie after twoFactor.verify2FA", {
1198
+ error: R.error,
1199
+ warning: R.warning
1200
+ }), t.onError && await g(
1124
1201
  t.onError,
1125
- new Error(y.warning || y.error || "Failed to save session cookie"),
1202
+ new Error(R.warning || R.error || "Failed to save session cookie"),
1126
1203
  "twoFactor.verify2FA.setSession"
1127
1204
  ));
1128
1205
  }
1129
- return w;
1130
- } catch (w) {
1131
- return t.onError && await d(t.onError, w instanceof Error ? w : new Error(String(w)), "twoFactor.verify2FA"), {
1206
+ return m;
1207
+ } catch (m) {
1208
+ return t.onError && await g(t.onError, m instanceof Error ? m : new Error(String(m)), "twoFactor.verify2FA"), {
1132
1209
  success: !1,
1133
- error: w instanceof Error ? w.message : "2FA verification failed",
1134
- errorCode: E.UNKNOWN_ERROR
1210
+ error: m instanceof Error ? m.message : "2FA verification failed",
1211
+ errorCode: y.UNKNOWN_ERROR
1135
1212
  };
1136
1213
  }
1137
1214
  }
1138
- } : void 0
1215
+ } : void 0,
1216
+ /**
1217
+ * Sign in methods - alias for signIn (for backward compatibility)
1218
+ * ✅ IMPROVEMENT: Uses unified signIn logic
1219
+ */
1220
+ signInMethods: {
1221
+ email: (n) => I.email(n),
1222
+ oauth: (n) => {
1223
+ var o;
1224
+ return ((o = I.oauth) == null ? void 0 : o.call(I, n)) || Promise.reject(new Error("OAuth not configured"));
1225
+ },
1226
+ passkey: (n) => {
1227
+ var o;
1228
+ return ((o = I.passkey) == null ? void 0 : o.call(I, n)) || Promise.reject(new Error("Passkey not configured"));
1229
+ },
1230
+ otp: (n, o) => {
1231
+ var u;
1232
+ return ((u = I.otp) == null ? void 0 : u.call(I, n, o)) || Promise.reject(new Error("OTP not configured"));
1233
+ }
1234
+ }
1139
1235
  };
1140
- if (n.refreshSession) {
1141
- const o = de(
1142
- async () => await b.refreshSession(),
1143
- async () => await b.signOut(),
1236
+ if (s.refreshSession) {
1237
+ const n = he(
1238
+ async () => await C.refreshSession(),
1239
+ async () => await C.signOut(),
1144
1240
  async () => {
1145
- await A();
1241
+ await _();
1146
1242
  },
1147
1243
  {
1148
- ...l,
1149
- onTokenRefreshed: l.onTokenRefreshed,
1150
- onTokenRefreshFailed: l.onTokenRefreshFailed,
1151
- onBeforeRedirect: l.onBeforeRedirect
1244
+ ...c,
1245
+ onTokenRefreshed: c.onTokenRefreshed,
1246
+ onTokenRefreshFailed: c.onTokenRefreshFailed,
1247
+ onBeforeRedirect: c.onBeforeRedirect
1152
1248
  }
1153
1249
  );
1154
- b._tokenRefreshManager = o, b._getTokenRefreshManager = () => o;
1250
+ C._tokenRefreshManager = n, C._getTokenRefreshManager = () => n;
1155
1251
  }
1156
- return b;
1252
+ return C;
1157
1253
  }
1158
- function Ve(r) {
1254
+ function ze(r) {
1159
1255
  return {
1160
- GET: async (e) => V(e, r, "GET"),
1161
- POST: async (e) => V(e, r, "POST")
1256
+ GET: async (e) => W(e, r, "GET"),
1257
+ POST: async (e) => W(e, r, "POST")
1162
1258
  };
1163
1259
  }
1164
- async function V(r, e, n) {
1165
- const t = new URL(r.url), i = t.pathname.replace(/^\/api\/auth/, "") || "/session", f = i.split("/").filter(Boolean);
1260
+ async function W(r, e, s) {
1261
+ const t = new URL(r.url), i = t.pathname.replace(/^\/api\/auth/, "") || "/session", d = i.split("/").filter(Boolean);
1166
1262
  try {
1167
- if (n === "GET") {
1263
+ if (s === "GET") {
1168
1264
  if (i === "/session" || i === "/") {
1169
- const l = await e.getSession();
1170
- return u.json({ session: l });
1265
+ const c = await e.getSession();
1266
+ return f.json({ session: c });
1171
1267
  }
1172
1268
  if (i === "/providers")
1173
- return u.json({
1269
+ return f.json({
1174
1270
  providers: {
1175
1271
  email: !!e.signIn.email,
1176
1272
  oauth: !!e.signIn.oauth,
1177
1273
  passkey: !!e.signIn.passkey
1178
1274
  }
1179
1275
  });
1180
- if (i.startsWith("/oauth/callback") || f[0] === "oauth" && f[1] === "callback") {
1276
+ if (i.startsWith("/oauth/callback") || d[0] === "oauth" && d[1] === "callback") {
1181
1277
  if (!e.oauthCallback)
1182
- return u.redirect(new URL("/login?error=oauth_not_configured", r.url));
1183
- const l = f[2] || t.searchParams.get("provider"), a = t.searchParams.get("code"), h = t.searchParams.get("state");
1184
- if (!l || !a || !h)
1185
- return u.redirect(new URL("/login?error=oauth_missing_params", r.url));
1278
+ return f.redirect(new URL("/login?error=oauth_not_configured", r.url));
1279
+ const c = d[2] || t.searchParams.get("provider"), a = t.searchParams.get("code"), p = t.searchParams.get("state");
1280
+ if (!c || !a || !p)
1281
+ return f.redirect(new URL("/login?error=oauth_missing_params", r.url));
1186
1282
  try {
1187
- const m = await e.oauthCallback(l, a, h);
1188
- if (m.success) {
1189
- const v = t.searchParams.get("callbackUrl") || "/";
1190
- return u.redirect(new URL(v, r.url));
1283
+ const v = await e.oauthCallback(c, a, p);
1284
+ if (v.success) {
1285
+ const S = t.searchParams.get("callbackUrl") || "/";
1286
+ return f.redirect(new URL(S, r.url));
1191
1287
  } else
1192
- return u.redirect(
1193
- new URL(`/login?error=${encodeURIComponent(m.error || "oauth_failed")}`, r.url)
1288
+ return f.redirect(
1289
+ new URL(`/login?error=${encodeURIComponent(v.error || "oauth_failed")}`, r.url)
1194
1290
  );
1195
- } catch (m) {
1196
- return u.redirect(
1291
+ } catch (v) {
1292
+ return f.redirect(
1197
1293
  new URL(
1198
- `/login?error=${encodeURIComponent(m instanceof Error ? m.message : "oauth_error")}`,
1294
+ `/login?error=${encodeURIComponent(v instanceof Error ? v.message : "oauth_error")}`,
1199
1295
  r.url
1200
1296
  )
1201
1297
  );
1202
1298
  }
1203
1299
  }
1204
- return u.json(
1300
+ return f.json(
1205
1301
  { error: "Not found" },
1206
1302
  { status: 404 }
1207
1303
  );
1208
1304
  }
1209
- if (n === "POST") {
1210
- const l = await r.json().catch(() => ({}));
1211
- if (i === "/sign-in" || f[0] === "sign-in") {
1212
- if (l.provider === "email" && l.email && l.password) {
1305
+ if (s === "POST") {
1306
+ const c = await r.json().catch(() => ({}));
1307
+ if (i === "/sign-in" || d[0] === "sign-in") {
1308
+ if (c.provider === "email" && c.email && c.password) {
1213
1309
  const a = await e.signIn.email({
1214
- email: l.email,
1215
- password: l.password
1310
+ email: c.email,
1311
+ password: c.password
1216
1312
  });
1217
- return u.json(a);
1313
+ return f.json(a);
1218
1314
  }
1219
- if (l.provider === "oauth" && l.providerName) {
1315
+ if (c.provider === "oauth" && c.providerName) {
1220
1316
  if (!e.signIn.oauth)
1221
- return u.json(
1317
+ return f.json(
1222
1318
  { success: !1, error: "OAuth is not configured" },
1223
1319
  { status: 400 }
1224
1320
  );
1225
- const a = await e.signIn.oauth(l.providerName);
1226
- return u.json(a);
1321
+ const a = await e.signIn.oauth(c.providerName);
1322
+ return f.json(a);
1227
1323
  }
1228
- if (l.provider === "passkey") {
1324
+ if (c.provider === "passkey") {
1229
1325
  if (!e.signIn.passkey)
1230
- return u.json(
1326
+ return f.json(
1231
1327
  { success: !1, error: "PassKey is not configured" },
1232
1328
  { status: 400 }
1233
1329
  );
1234
- const a = await e.signIn.passkey(l.options);
1235
- return u.json(a);
1330
+ const a = await e.signIn.passkey(c.options);
1331
+ return f.json(a);
1236
1332
  }
1237
- return u.json(
1333
+ return f.json(
1238
1334
  { success: !1, error: "Invalid sign in request" },
1239
1335
  { status: 400 }
1240
1336
  );
1241
1337
  }
1242
- if (i === "/sign-up" || f[0] === "sign-up") {
1338
+ if (i === "/sign-up" || d[0] === "sign-up") {
1243
1339
  if (!e.signUp)
1244
- return u.json(
1340
+ return f.json(
1245
1341
  { success: !1, error: "Sign up is not configured" },
1246
1342
  { status: 400 }
1247
1343
  );
1248
- const a = await e.signUp(l);
1249
- return u.json(a);
1344
+ const a = await e.signUp(c);
1345
+ return f.json(a);
1250
1346
  }
1251
- if (i === "/sign-out" || f[0] === "sign-out") {
1347
+ if (i === "/sign-out" || d[0] === "sign-out") {
1252
1348
  const a = await e.signOut();
1253
- return u.json(a);
1349
+ return f.json(a);
1254
1350
  }
1255
- if (i === "/reset-password" || f[0] === "reset-password") {
1351
+ if (i === "/reset-password" || d[0] === "reset-password") {
1256
1352
  if (!e.resetPassword)
1257
- return u.json(
1353
+ return f.json(
1258
1354
  { success: !1, error: "Password reset is not configured" },
1259
1355
  { status: 400 }
1260
1356
  );
1261
- const a = await e.resetPassword(l.email);
1262
- return u.json(a);
1357
+ const a = await e.resetPassword(c.email);
1358
+ return f.json(a);
1263
1359
  }
1264
- if (i === "/verify-email" || f[0] === "verify-email") {
1360
+ if (i === "/verify-email" || d[0] === "verify-email") {
1265
1361
  if (!e.verifyEmail)
1266
- return u.json(
1362
+ return f.json(
1267
1363
  { success: !1, error: "Email verification is not configured" },
1268
1364
  { status: 400 }
1269
1365
  );
1270
- const a = await e.verifyEmail(l.token);
1271
- return u.json(a);
1366
+ const a = await e.verifyEmail(c.token);
1367
+ return f.json(a);
1272
1368
  }
1273
- if (i === "/refresh" || f[0] === "refresh") {
1369
+ if (i === "/refresh" || d[0] === "refresh") {
1274
1370
  if (!e.refreshSession) {
1275
- const h = await e.getSession();
1276
- return u.json({ session: h });
1371
+ const p = await e.getSession();
1372
+ return f.json({ session: p });
1277
1373
  }
1278
1374
  const a = await e.refreshSession();
1279
- return u.json({ session: a });
1375
+ return f.json({ session: a });
1280
1376
  }
1281
- if (i.startsWith("/oauth/callback") || f[0] === "oauth" && f[1] === "callback") {
1377
+ if (i.startsWith("/oauth/callback") || d[0] === "oauth" && d[1] === "callback") {
1282
1378
  if (!e.oauthCallback)
1283
- return u.json(
1379
+ return f.json(
1284
1380
  { success: !1, error: "OAuth callback is not configured" },
1285
1381
  { status: 400 }
1286
1382
  );
1287
- const a = l.provider || f[2] || t.searchParams.get("provider"), h = l.code || t.searchParams.get("code"), m = l.state || t.searchParams.get("state");
1288
- if (!a || !h || !m)
1289
- return u.json(
1383
+ const a = c.provider || d[2] || t.searchParams.get("provider"), p = c.code || t.searchParams.get("code"), v = c.state || t.searchParams.get("state");
1384
+ if (!a || !p || !v)
1385
+ return f.json(
1290
1386
  {
1291
1387
  success: !1,
1292
1388
  error: "Missing required OAuth parameters. Provider, code, and state are required."
1293
1389
  },
1294
1390
  { status: 400 }
1295
1391
  );
1296
- const v = await e.oauthCallback(a, h, m);
1297
- return u.json(v);
1392
+ const S = await e.oauthCallback(a, p, v);
1393
+ return f.json(S);
1298
1394
  }
1299
1395
  if (i.startsWith("/passkey")) {
1300
1396
  if (!e.passkey)
1301
- return u.json(
1397
+ return f.json(
1302
1398
  { success: !1, error: "PassKey is not configured" },
1303
1399
  { status: 400 }
1304
1400
  );
1305
- if (f[1] === "register" && e.passkey.register) {
1306
- const a = await e.passkey.register(l.options);
1307
- return u.json(a);
1401
+ if (d[1] === "register" && e.passkey.register) {
1402
+ const a = await e.passkey.register(c.options);
1403
+ return f.json(a);
1308
1404
  }
1309
- if (f[1] === "list" && e.passkey.list) {
1405
+ if (d[1] === "list" && e.passkey.list) {
1310
1406
  const a = await e.passkey.list();
1311
- return u.json(a);
1407
+ return f.json(a);
1312
1408
  }
1313
- if (f[1] === "remove" && e.passkey.remove) {
1314
- const a = await e.passkey.remove(l.passkeyId);
1315
- return u.json(a);
1409
+ if (d[1] === "remove" && e.passkey.remove) {
1410
+ const a = await e.passkey.remove(c.passkeyId);
1411
+ return f.json(a);
1316
1412
  }
1317
1413
  }
1318
- if (i === "/verify-2fa" || f[0] === "verify-2fa") {
1414
+ if (i === "/verify-2fa" || d[0] === "verify-2fa") {
1319
1415
  if (!e.verify2FA)
1320
- return u.json(
1416
+ return f.json(
1321
1417
  { success: !1, error: "2FA verification is not configured" },
1322
1418
  { status: 400 }
1323
1419
  );
1324
- if (!l.email || !l.userId || !l.code)
1325
- return u.json(
1420
+ if (!c.email || !c.userId || !c.code)
1421
+ return f.json(
1326
1422
  {
1327
1423
  success: !1,
1328
1424
  error: "Missing required parameters. Email, userId, and code are required."
@@ -1330,304 +1426,304 @@ async function V(r, e, n) {
1330
1426
  { status: 400 }
1331
1427
  );
1332
1428
  const a = await e.verify2FA({
1333
- email: l.email,
1334
- userId: l.userId,
1335
- code: l.code
1429
+ email: c.email,
1430
+ userId: c.userId,
1431
+ code: c.code
1336
1432
  });
1337
- return u.json(a);
1433
+ return f.json(a);
1338
1434
  }
1339
1435
  if (i.startsWith("/two-factor")) {
1340
1436
  if (!e.twoFactor)
1341
- return u.json(
1437
+ return f.json(
1342
1438
  { success: !1, error: "Two-Factor Authentication is not configured" },
1343
1439
  { status: 400 }
1344
1440
  );
1345
- if (f[1] === "enable" && e.twoFactor.enable) {
1441
+ if (d[1] === "enable" && e.twoFactor.enable) {
1346
1442
  const a = await e.twoFactor.enable();
1347
- return u.json(a);
1443
+ return f.json(a);
1348
1444
  }
1349
- if (f[1] === "verify" && e.twoFactor.verify) {
1350
- const a = await e.twoFactor.verify(l.code);
1351
- return u.json(a);
1445
+ if (d[1] === "verify" && e.twoFactor.verify) {
1446
+ const a = await e.twoFactor.verify(c.code);
1447
+ return f.json(a);
1352
1448
  }
1353
- if (f[1] === "disable" && e.twoFactor.disable) {
1449
+ if (d[1] === "disable" && e.twoFactor.disable) {
1354
1450
  const a = await e.twoFactor.disable();
1355
- return u.json(a);
1451
+ return f.json(a);
1356
1452
  }
1357
- if (f[1] === "backup-codes" && e.twoFactor.generateBackupCodes) {
1453
+ if (d[1] === "backup-codes" && e.twoFactor.generateBackupCodes) {
1358
1454
  const a = await e.twoFactor.generateBackupCodes();
1359
- return u.json(a);
1455
+ return f.json(a);
1360
1456
  }
1361
- if (f[1] === "is-enabled" && e.twoFactor.isEnabled) {
1457
+ if (d[1] === "is-enabled" && e.twoFactor.isEnabled) {
1362
1458
  const a = await e.twoFactor.isEnabled();
1363
- return u.json({ enabled: a });
1459
+ return f.json({ enabled: a });
1364
1460
  }
1365
1461
  }
1366
- return u.json(
1462
+ return f.json(
1367
1463
  { error: "Not found" },
1368
1464
  { status: 404 }
1369
1465
  );
1370
1466
  }
1371
- return u.json(
1467
+ return f.json(
1372
1468
  { error: "Method not allowed" },
1373
1469
  { status: 405 }
1374
1470
  );
1375
- } catch (l) {
1376
- return u.json(
1471
+ } catch (c) {
1472
+ return f.json(
1377
1473
  {
1378
1474
  success: !1,
1379
- error: l instanceof Error ? l.message : "Request failed"
1475
+ error: c instanceof Error ? c.message : "Request failed"
1380
1476
  },
1381
1477
  { status: 500 }
1382
1478
  );
1383
1479
  }
1384
1480
  }
1385
- function ze(r) {
1481
+ function We(r) {
1386
1482
  return async (e) => {
1387
- const { method: n, nextUrl: t } = e, f = t.pathname.replace(/^\/api\/auth/, "") || "/";
1483
+ const { method: s, nextUrl: t } = e, d = t.pathname.replace(/^\/api\/auth/, "") || "/";
1388
1484
  try {
1389
- let l;
1390
- if (n !== "GET" && n !== "HEAD")
1485
+ let c;
1486
+ if (s !== "GET" && s !== "HEAD")
1391
1487
  try {
1392
- l = await e.json();
1488
+ c = await e.json();
1393
1489
  } catch {
1394
1490
  }
1395
- const a = Object.fromEntries(t.searchParams.entries()), h = await fetch(
1396
- `${process.env.NEXT_PUBLIC_API_URL || ""}/api/auth${f}${Object.keys(a).length > 0 ? `?${new URLSearchParams(a).toString()}` : ""}`,
1491
+ const a = Object.fromEntries(t.searchParams.entries()), p = await fetch(
1492
+ `${process.env.NEXT_PUBLIC_API_URL || ""}/api/auth${d}${Object.keys(a).length > 0 ? `?${new URLSearchParams(a).toString()}` : ""}`,
1397
1493
  {
1398
- method: n,
1494
+ method: s,
1399
1495
  headers: {
1400
1496
  "Content-Type": "application/json",
1401
1497
  ...Object.fromEntries(e.headers.entries())
1402
1498
  },
1403
- body: l ? JSON.stringify(l) : void 0
1499
+ body: c ? JSON.stringify(c) : void 0
1404
1500
  }
1405
- ), m = await h.json();
1406
- return u.json(m, {
1407
- status: h.status,
1501
+ ), v = await p.json();
1502
+ return f.json(v, {
1503
+ status: p.status,
1408
1504
  headers: {
1409
- ...Object.fromEntries(h.headers.entries())
1505
+ ...Object.fromEntries(p.headers.entries())
1410
1506
  }
1411
1507
  });
1412
- } catch (l) {
1413
- return console.error("API handler error:", l), u.json(
1508
+ } catch (c) {
1509
+ return console.error("API handler error:", c), f.json(
1414
1510
  {
1415
1511
  success: !1,
1416
- error: l instanceof Error ? l.message : "Internal server error"
1512
+ error: c instanceof Error ? c.message : "Internal server error"
1417
1513
  },
1418
1514
  { status: 500 }
1419
1515
  );
1420
1516
  }
1421
1517
  };
1422
1518
  }
1423
- function We(r) {
1519
+ function qe(r) {
1424
1520
  return async (e) => {
1425
- const { searchParams: n } = e.nextUrl, t = n.get("provider"), i = n.get("code"), f = n.get("state");
1426
- if (!t || !i || !f)
1427
- return u.redirect(
1521
+ const { searchParams: s } = e.nextUrl, t = s.get("provider"), i = s.get("code"), d = s.get("state");
1522
+ if (!t || !i || !d)
1523
+ return f.redirect(
1428
1524
  new URL("/login?error=oauth_missing_params", e.url)
1429
1525
  );
1430
1526
  try {
1431
1527
  if (!r.oauthCallback)
1432
- return u.redirect(
1528
+ return f.redirect(
1433
1529
  new URL("/login?error=oauth_not_configured", e.url)
1434
1530
  );
1435
- const l = await r.oauthCallback(t, i, f);
1436
- if (l.success) {
1437
- const a = n.get("callbackUrl") || "/";
1438
- return u.redirect(new URL(a, e.url));
1531
+ const c = await r.oauthCallback(t, i, d);
1532
+ if (c.success) {
1533
+ const a = s.get("callbackUrl") || "/";
1534
+ return f.redirect(new URL(a, e.url));
1439
1535
  } else {
1440
- const a = l.errorCode ? `${encodeURIComponent(l.error || "oauth_failed")}&code=${l.errorCode}` : encodeURIComponent(l.error || "oauth_failed");
1441
- return u.redirect(
1536
+ const a = c.errorCode ? `${encodeURIComponent(c.error || "oauth_failed")}&code=${c.errorCode}` : encodeURIComponent(c.error || "oauth_failed");
1537
+ return f.redirect(
1442
1538
  new URL(`/login?error=${a}`, e.url)
1443
1539
  );
1444
1540
  }
1445
- } catch (l) {
1446
- return process.env.NODE_ENV === "development" && console.error("[Mulguard] OAuth callback error:", l), u.redirect(
1541
+ } catch (c) {
1542
+ return process.env.NODE_ENV === "development" && console.error("[Mulguard] OAuth callback error:", c), f.redirect(
1447
1543
  new URL(
1448
- `/login?error=${encodeURIComponent(l instanceof Error ? l.message : "oauth_error")}`,
1544
+ `/login?error=${encodeURIComponent(c instanceof Error ? c.message : "oauth_error")}`,
1449
1545
  e.url
1450
1546
  )
1451
1547
  );
1452
1548
  }
1453
1549
  };
1454
1550
  }
1455
- function N(r, e) {
1456
- const n = z({
1551
+ function L(r, e) {
1552
+ const s = q({
1457
1553
  // Customize headers if needed
1458
1554
  "X-Frame-Options": "SAMEORIGIN"
1459
1555
  // Allow same-origin framing
1460
1556
  });
1461
- for (const [t, i] of Object.entries(n))
1557
+ for (const [t, i] of Object.entries(s))
1462
1558
  i && typeof i == "string" && e.headers.set(t, i);
1463
1559
  return e;
1464
1560
  }
1465
1561
  function Be() {
1466
1562
  return async (r) => {
1467
- const e = u.next();
1468
- return N(r, e);
1563
+ const e = f.next();
1564
+ return L(r, e);
1469
1565
  };
1470
1566
  }
1471
1567
  function He(r, e = {}) {
1472
1568
  const {
1473
- protectedRoutes: n = [],
1569
+ protectedRoutes: s = [],
1474
1570
  publicRoutes: t = [],
1475
1571
  redirectTo: i = "/login",
1476
- redirectIfAuthenticated: f
1572
+ redirectIfAuthenticated: d
1477
1573
  } = e;
1478
- return async (l) => {
1479
- const { pathname: a } = l.nextUrl, h = n.some((d) => a.startsWith(d));
1480
- let m = null;
1574
+ return async (c) => {
1575
+ const { pathname: a } = c.nextUrl, p = s.some((g) => a.startsWith(g));
1576
+ let v = null;
1481
1577
  try {
1482
- m = await r.getSession();
1483
- } catch (d) {
1484
- console.error("Middleware: Failed to get session:", d);
1578
+ v = await r.getSession();
1579
+ } catch (g) {
1580
+ console.error("Middleware: Failed to get session:", g);
1485
1581
  }
1486
- if (h && !m) {
1487
- const d = l.nextUrl.clone();
1488
- return d.pathname = i, d.searchParams.set("callbackUrl", a), u.redirect(d);
1582
+ if (p && !v) {
1583
+ const g = c.nextUrl.clone();
1584
+ return g.pathname = i, g.searchParams.set("callbackUrl", a), f.redirect(g);
1489
1585
  }
1490
- if (f && m && (a.startsWith("/login") || a.startsWith("/register"))) {
1491
- const k = l.nextUrl.clone();
1492
- k.pathname = f;
1493
- const R = u.redirect(k);
1494
- return N(l, R);
1586
+ if (d && v && (a.startsWith("/login") || a.startsWith("/register"))) {
1587
+ const A = c.nextUrl.clone();
1588
+ A.pathname = d;
1589
+ const b = f.redirect(A);
1590
+ return L(c, b);
1495
1591
  }
1496
- const v = u.next();
1497
- return N(l, v);
1592
+ const S = f.next();
1593
+ return L(c, S);
1498
1594
  };
1499
1595
  }
1500
- async function qe(r, e) {
1501
- var n;
1596
+ async function Ke(r, e) {
1597
+ var s;
1502
1598
  try {
1503
1599
  const t = await r.getSession();
1504
- return t ? ((n = t.user.roles) == null ? void 0 : n.includes(e)) ?? !1 : !1;
1600
+ return t ? ((s = t.user.roles) == null ? void 0 : s.includes(e)) ?? !1 : !1;
1505
1601
  } catch {
1506
1602
  return !1;
1507
1603
  }
1508
1604
  }
1509
- function Ke(r) {
1605
+ function Xe(r) {
1510
1606
  const {
1511
1607
  auth: e,
1512
- protectedRoutes: n = [],
1608
+ protectedRoutes: s = [],
1513
1609
  publicRoutes: t = [],
1514
1610
  redirectTo: i = "/login",
1515
- redirectIfAuthenticated: f,
1516
- apiPrefix: l = "/api/auth"
1611
+ redirectIfAuthenticated: d,
1612
+ apiPrefix: c = "/api/auth"
1517
1613
  } = r;
1518
1614
  return async (a) => {
1519
- const { pathname: h } = a.nextUrl;
1520
- if (h.startsWith(l)) {
1521
- const k = u.next();
1522
- return N(a, k);
1615
+ const { pathname: p } = a.nextUrl;
1616
+ if (p.startsWith(c)) {
1617
+ const A = f.next();
1618
+ return L(a, A);
1523
1619
  }
1524
- const m = n.some((k) => h.startsWith(k));
1525
- let v = null;
1526
- if (m || f)
1620
+ const v = s.some((A) => p.startsWith(A));
1621
+ let S = null;
1622
+ if (v || d)
1527
1623
  try {
1528
- v = await e.getSession();
1529
- } catch (k) {
1530
- console.error("Middleware: Failed to get session:", k);
1624
+ S = await e.getSession();
1625
+ } catch (A) {
1626
+ console.error("Middleware: Failed to get session:", A);
1531
1627
  }
1532
- if (m && !v) {
1533
- const k = a.nextUrl.clone();
1534
- k.pathname = i, k.searchParams.set("callbackUrl", h);
1535
- const R = u.redirect(k);
1536
- return N(a, R);
1628
+ if (v && !S) {
1629
+ const A = a.nextUrl.clone();
1630
+ A.pathname = i, A.searchParams.set("callbackUrl", p);
1631
+ const b = f.redirect(A);
1632
+ return L(a, b);
1537
1633
  }
1538
- if (f && v && (h.startsWith("/login") || h.startsWith("/register"))) {
1539
- const R = a.nextUrl.clone();
1540
- R.pathname = f;
1541
- const S = u.redirect(R);
1542
- return N(a, S);
1634
+ if (d && S && (p.startsWith("/login") || p.startsWith("/register"))) {
1635
+ const b = a.nextUrl.clone();
1636
+ b.pathname = d;
1637
+ const T = f.redirect(b);
1638
+ return L(a, T);
1543
1639
  }
1544
- const d = u.next();
1545
- return N(a, d);
1640
+ const g = f.next();
1641
+ return L(a, g);
1546
1642
  };
1547
1643
  }
1548
- async function Xe(r, e) {
1549
- var n;
1644
+ async function Ye(r, e) {
1645
+ var s;
1550
1646
  try {
1551
1647
  const t = await r.getSession();
1552
- return t ? ((n = t.user.roles) == null ? void 0 : n.includes(e)) ?? !1 : !1;
1648
+ return t ? ((s = t.user.roles) == null ? void 0 : s.includes(e)) ?? !1 : !1;
1553
1649
  } catch {
1554
1650
  return !1;
1555
1651
  }
1556
1652
  }
1557
1653
  export {
1558
- ee as CSRFProtection,
1559
- Q as DEFAULT_SECURITY_HEADERS,
1560
- Z as MemoryCSRFStore,
1561
- le as MemoryOAuthStateStore,
1562
- J as RateLimiter,
1563
- ke as applySecurityHeaders,
1564
- q as buildCookieOptions,
1565
- ie as buildOAuthAuthorizationUrl,
1566
- qe as checkRole,
1567
- Xe as checkRoleProxy,
1654
+ te as CSRFProtection,
1655
+ ee as DEFAULT_SECURITY_HEADERS,
1656
+ re as MemoryCSRFStore,
1657
+ fe as MemoryOAuthStateStore,
1658
+ Z as RateLimiter,
1659
+ Re as applySecurityHeaders,
1660
+ X as buildCookieOptions,
1661
+ ce as buildOAuthAuthorizationUrl,
1662
+ Ke as checkRole,
1663
+ Ye as checkRoleProxy,
1568
1664
  Pe as containsXSSPattern,
1569
- ze as createApiHandler,
1665
+ We as createApiHandler,
1570
1666
  He as createAuthMiddleware,
1571
- _e as createCSRFProtection,
1572
- ue as createMemoryOAuthStateStore,
1573
- We as createOAuthCallbackHandler,
1574
- Ke as createProxyMiddleware,
1575
- Ee as createRateLimiter,
1667
+ be as createCSRFProtection,
1668
+ de as createMemoryOAuthStateStore,
1669
+ qe as createOAuthCallbackHandler,
1670
+ Xe as createProxyMiddleware,
1671
+ ve as createRateLimiter,
1576
1672
  Be as createSecurityMiddleware,
1577
- nr as createServerAuthMiddleware,
1578
- or as createServerHelpers,
1579
- ir as createServerUtils,
1580
- ar as createSessionManager,
1581
- Y as deleteCookie,
1582
- cr as deleteOAuthStateCookie,
1583
- re as escapeHTML,
1584
- ae as exchangeOAuthCode,
1585
- te as generateCSRFToken,
1586
- W as generateToken,
1587
- X as getCookie,
1588
- lr as getCurrentUser,
1673
+ sr as createServerAuthMiddleware,
1674
+ nr as createServerHelpers,
1675
+ or as createServerUtils,
1676
+ ir as createSessionManager,
1677
+ J as deleteCookie,
1678
+ ar as deleteOAuthStateCookie,
1679
+ se as escapeHTML,
1680
+ le as exchangeOAuthCode,
1681
+ ne as generateCSRFToken,
1682
+ B as generateToken,
1683
+ G as getCookie,
1684
+ cr as getCurrentUser,
1589
1685
  xe as getErrorCode,
1590
- Ne as getErrorMessage,
1591
- ur as getOAuthStateCookie,
1592
- ce as getOAuthUserInfo,
1686
+ Fe as getErrorMessage,
1687
+ lr as getOAuthStateCookie,
1688
+ ue as getOAuthUserInfo,
1593
1689
  $ as getProviderMetadata,
1594
- z as getSecurityHeaders,
1595
- fr as getServerSession,
1596
- dr as getSessionTimeUntilExpiry,
1597
- $e as getUserFriendlyError,
1598
- De as hasErrorCode,
1599
- ne as isAuthError,
1600
- je as isAuthSuccess,
1601
- Le as isRetryableError,
1602
- hr as isSessionExpiredNullable,
1690
+ q as getSecurityHeaders,
1691
+ ur as getServerSession,
1692
+ fr as getSessionTimeUntilExpiry,
1693
+ Ve as getUserFriendlyError,
1694
+ je as hasErrorCode,
1695
+ ie as isAuthError,
1696
+ Le as isAuthSuccess,
1697
+ De as isRetryableError,
1698
+ dr as isSessionExpiredNullable,
1603
1699
  gr as isSessionExpiringSoon,
1604
- wr as isSessionValid,
1605
- Fe as isTwoFactorRequired,
1606
- Ce as isValidEmail,
1700
+ hr as isSessionValid,
1701
+ Ne as isTwoFactorRequired,
1702
+ Ue as isValidEmail,
1607
1703
  Me as mulguard,
1608
- pr as refreshSession,
1609
- mr as requireAuth,
1610
- yr as requireRole,
1611
- Er as requireServerAuthMiddleware,
1612
- kr as requireServerRoleMiddleware,
1613
- Ie as sanitizeHTML,
1614
- Ue as sanitizeInput,
1615
- Te as sanitizeUserInput,
1616
- K as setCookie,
1617
- tr as signIn,
1618
- Je as signInEmailAction,
1619
- Qe as signOutAction,
1620
- Ze as signUpAction,
1621
- vr as storeOAuthStateCookie,
1622
- Ve as toNextJsHandler,
1623
- ve as validateAndSanitizeEmail,
1624
- Oe as validateAndSanitizeInput,
1704
+ wr as refreshSession,
1705
+ pr as requireAuth,
1706
+ mr as requireRole,
1707
+ yr as requireServerAuthMiddleware,
1708
+ Er as requireServerRoleMiddleware,
1709
+ Te as sanitizeHTML,
1710
+ Ce as sanitizeInput,
1711
+ _e as sanitizeUserInput,
1712
+ Y as setCookie,
1713
+ $e as signIn,
1714
+ Qe as signInEmailAction,
1715
+ Ze as signOutAction,
1716
+ er as signUpAction,
1717
+ kr as storeOAuthStateCookie,
1718
+ ze as toNextJsHandler,
1719
+ M as validateAndSanitizeEmail,
1720
+ z as validateAndSanitizeInput,
1625
1721
  Se as validateAndSanitizeName,
1626
- Re as validateAndSanitizePassword,
1627
- se as validateCSRFToken,
1628
- F as validateSessionStructure,
1629
- be as validateToken,
1630
- Ae as validateURL,
1631
- er as verify2FAAction,
1632
- N as withSecurityHeaders
1722
+ Ae as validateAndSanitizePassword,
1723
+ oe as validateCSRFToken,
1724
+ x as validateSessionStructure,
1725
+ Oe as validateToken,
1726
+ Ie as validateURL,
1727
+ rr as verify2FAAction,
1728
+ L as withSecurityHeaders
1633
1729
  };