mulguard 1.0.1

package/dist/server/actions.d.ts

@@ -0,0 +1,86 @@
+import { MulguardInstance } from '../mulguard';
+import { Verify2FAData, AuthResult, EmailCredentials, RegisterData } from '../core/types';
+/**
+ * Verify 2FA code - Server Action
+ *
+ * ✅ Works in all scenarios:
+ * - Direct import in client components
+ * - Wrapped in separate files with 'use server'
+ * - Automatic CSRF protection and cookie handling
+ *
+ * @example
+ * ```typescript
+ * // Option 1: Direct use in client component
+ * 'use client'
+ * import { verify2FAAction } from 'mulguard/server'
+ * import { auth } from '@/lib/auth'
+ *
+ * const result = await verify2FAAction(auth, { email, userId, code })
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Option 2: Wrap in separate file
+ * // lib/auth-actions.ts
+ * 'use server'
+ * import { verify2FAAction as baseVerify2FA } from 'mulguard/server'
+ * import { auth } from './auth'
+ *
+ * export async function verify2FA(data: Verify2FAData) {
+ *   return await baseVerify2FA(auth, data)
+ * }
+ *
+ * // Then use in client component:
+ * 'use client'
+ * import { verify2FA } from '@/lib/auth-actions'
+ * const result = await verify2FA({ email, userId, code })
+ * ```
+ */
+export declare function verify2FAAction(auth: MulguardInstance, data: Verify2FAData): Promise<AuthResult>;
+/**
+ * Sign out - Server Action
+ *
+ * ✅ Works in all scenarios:
+ * - Direct import in client components
+ * - Wrapped in separate files with 'use server'
+ * - Automatic cookie clearing
+ *
+ * @example
+ * ```typescript
+ * // Option 1: Direct use in client component
+ * 'use client'
+ * import { signOutAction } from 'mulguard/server'
+ * import { auth } from '@/lib/auth'
+ *
+ * await signOutAction(auth)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Option 2: Wrap in separate file
+ * // lib/auth-actions.ts
+ * 'use server'
+ * import { signOutAction as baseSignOut } from 'mulguard/server'
+ * import { auth } from './auth'
+ *
+ * export async function signOut() {
+ *   return await baseSignOut(auth)
+ * }
+ * ```
+ */
+export declare function signOutAction(auth: MulguardInstance): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+/**
+ * Sign in with email - Server Action
+ *
+ * ✅ Works in all scenarios
+ */
+export declare function signInEmailAction(auth: MulguardInstance, credentials: EmailCredentials): Promise<AuthResult>;
+/**
+ * Sign up - Server Action
+ *
+ * ✅ Works in all scenarios
+ */
+export declare function signUpAction(auth: MulguardInstance, data: RegisterData): Promise<AuthResult>;

package/dist/server/auth.d.ts

@@ -0,0 +1,65 @@
+import { Session, User } from '../core/types';
+import { MulguardInstance } from '../mulguard';
+/**
+ * Get server session using auth instance
+ *
+ * @example
+ * ```typescript
+ * import { auth } from '@/auth'
+ * import { getServerSession } from 'mulguard/server'
+ *
+ * export default async function Page() {
+ *   const session = await getServerSession(auth)
+ *   if (!session) {
+ *     redirect('/login')
+ *   }
+ *   return <div>Hello {session.user.name}</div>
+ * }
+ * ```
+ */
+export declare function getServerSession(auth: MulguardInstance): Promise<Session | null>;
+/**
+ * Require authentication - redirects if not authenticated
+ *
+ * @example
+ * ```typescript
+ * import { auth } from '@/auth'
+ * import { requireAuth } from 'mulguard/server'
+ *
+ * export default async function ProtectedPage() {
+ *   const session = await requireAuth(auth, '/login')
+ *   return <div>Hello {session.user.name}</div>
+ * }
+ * ```
+ */
+export declare function requireAuth(auth: MulguardInstance, redirectTo?: string): Promise<Session>;
+/**
+ * Require specific role
+ *
+ * @example
+ * ```typescript
+ * import { auth } from '@/auth'
+ * import { requireRole } from 'mulguard/server'
+ *
+ * export default async function AdminPage() {
+ *   const session = await requireRole(auth, 'admin', '/unauthorized')
+ *   return <div>Admin Dashboard</div>
+ * }
+ * ```
+ */
+export declare function requireRole(auth: MulguardInstance, role: string, redirectTo?: string): Promise<Session>;
+/**
+ * Get current user
+ *
+ * @example
+ * ```typescript
+ * import { auth } from '@/auth'
+ * import { getCurrentUser } from 'mulguard/server'
+ *
+ * export default async function Page() {
+ *   const user = await getCurrentUser(auth)
+ *   return <div>{user ? `Hello ${user.name}` : 'Not logged in'}</div>
+ * }
+ * ```
+ */
+export declare function getCurrentUser(auth: MulguardInstance): Promise<User | null>;

package/dist/server/cookies.d.ts

@@ -0,0 +1,42 @@
+import { SessionConfig } from '../core/types';
+export interface CookieOptions {
+    name: string;
+    value: string;
+    maxAge?: number;
+    expires?: Date;
+    httpOnly?: boolean;
+    secure?: boolean;
+    sameSite?: 'strict' | 'lax' | 'none';
+    path?: string;
+    domain?: string;
+}
+/**
+ * Get cookie value from Next.js cookies
+ */
+export declare function getCookie(name: string): Promise<string | undefined>;
+/**
+ * Result of setting a cookie
+ */
+export interface SetCookieResult {
+    success: boolean;
+    error?: string;
+    warning?: string;
+}
+/**
+ * Set cookie in Next.js response
+ * Note: This requires using Next.js 15+ with async cookies() or response cookies
+ *
+ * @returns Result indicating success or failure with error message
+ */
+export declare function setCookie(options: CookieOptions): Promise<SetCookieResult>;
+/**
+ * Delete cookie
+ */
+export declare function deleteCookie(name: string, options?: {
+    path?: string;
+    domain?: string;
+}): Promise<void>;
+/**
+ * Build cookie options from session config
+ */
+export declare function buildCookieOptions(name: string, value: string, config: SessionConfig): CookieOptions;

package/dist/server/helpers.d.ts

@@ -0,0 +1,10 @@
+import { MulguardInstance } from '../mulguard';
+import { MulguardConfig } from '../core/types';
+/**
+ * Create server-side auth helpers with pre-configured instance
+ */
+export declare function createServerHelpers(_auth: MulguardInstance, _config: MulguardConfig): {
+    getSession: () => Promise<import('..').Session | null>;
+    requireAuth: (redirectTo?: string) => Promise<import('..').Session>;
+    requireRole: (role: string, redirectTo?: string) => Promise<import('..').Session>;
+};

package/dist/server/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Server-side utilities for Next.js
+ */
+export * from './cookies';
+export * from './session';
+export * from './auth';
+export * from './helpers';
+export * from './utils';
+export { isSessionExpiringSoon, getSessionTimeUntilExpiry, isSessionValid, validateSessionStructure, isSessionExpiredNullable, } from './session-helpers';
+export { createAuthMiddleware as createServerAuthMiddleware, requireAuthMiddleware as requireServerAuthMiddleware, requireRoleMiddleware as requireServerRoleMiddleware, } from './middleware';
+export { getServerSession, requireAuth, requireRole, getCurrentUser } from './auth';
+export { createServerUtils } from './utils';
+export { verify2FAAction, signOutAction, signInEmailAction, signUpAction, } from './actions';
+export { storeOAuthStateCookie, getOAuthStateCookie, deleteOAuthStateCookie, } from './oauth-state';

package/dist/server/index.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const i=require("../actions-CExpv_dD.js"),e=require("../oauth-state-CzIWQq3s.js");exports.buildCookieOptions=i.buildCookieOptions;exports.deleteCookie=i.deleteCookie;exports.getCookie=i.getCookie;exports.setCookie=i.setCookie;exports.signInEmailAction=i.signInEmailAction;exports.signOutAction=i.signOutAction;exports.signUpAction=i.signUpAction;exports.verify2FAAction=i.verify2FAAction;exports.createServerAuthMiddleware=e.createAuthMiddleware;exports.createServerHelpers=e.createServerHelpers;exports.createServerUtils=e.createServerUtils;exports.createSessionManager=e.createSessionManager;exports.deleteOAuthStateCookie=e.deleteOAuthStateCookie;exports.getCurrentUser=e.getCurrentUser;exports.getOAuthStateCookie=e.getOAuthStateCookie;exports.getServerSession=e.getServerSession;exports.getSessionTimeUntilExpiry=e.getSessionTimeUntilExpiry;exports.isSessionExpiredNullable=e.isSessionExpiredNullable;exports.isSessionExpiringSoon=e.isSessionExpiringSoon;exports.isSessionValid=e.isSessionValid;exports.refreshSession=e.refreshSession;exports.requireAuth=e.requireAuth;exports.requireRole=e.requireRole;exports.requireServerAuthMiddleware=e.requireAuthMiddleware;exports.requireServerRoleMiddleware=e.requireRoleMiddleware;exports.storeOAuthStateCookie=e.storeOAuthStateCookie;exports.validateSessionStructure=e.validateSessionStructure;

package/dist/server/index.mjs

@@ -0,0 +1,31 @@
+import { e as a, d as i, g as r, c as t, a as o, s as n, b as S, v as l } from "../actions-DeCfLtHA.mjs";
+import { c as d, p as g, k as c, n as A, m as v, j as p, l as h, e as k, g as C, b as f, i as m, a as x, o as O, f as b, h as q, r as E, d as M, s as U, v as w } from "../oauth-state-LE-qeq-K.mjs";
+export {
+  a as buildCookieOptions,
+  d as createServerAuthMiddleware,
+  g as createServerHelpers,
+  c as createServerUtils,
+  A as createSessionManager,
+  i as deleteCookie,
+  v as deleteOAuthStateCookie,
+  r as getCookie,
+  p as getCurrentUser,
+  h as getOAuthStateCookie,
+  k as getServerSession,
+  C as getSessionTimeUntilExpiry,
+  f as isSessionExpiredNullable,
+  m as isSessionExpiringSoon,
+  x as isSessionValid,
+  O as refreshSession,
+  b as requireAuth,
+  q as requireRole,
+  E as requireServerAuthMiddleware,
+  M as requireServerRoleMiddleware,
+  t as setCookie,
+  o as signInEmailAction,
+  n as signOutAction,
+  S as signUpAction,
+  U as storeOAuthStateCookie,
+  w as validateSessionStructure,
+  l as verify2FAAction
+};

package/dist/server/middleware.d.ts

@@ -0,0 +1,39 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { MulguardInstance } from '../mulguard';
+export interface AuthMiddlewareOptions {
+    /** Redirect to this URL if authentication is required but user is not authenticated */
+    redirectTo?: string;
+    /** Require authentication for all routes */
+    requireAuth?: boolean;
+    /** Require specific roles */
+    allowedRoles?: string[];
+    /** Public routes that don't require authentication */
+    publicRoutes?: string[];
+}
+/**
+ * Create authentication middleware for Next.js
+ *
+ * @example
+ * ```typescript
+ * // middleware.ts
+ * import { auth } from '@/lib/auth'
+ * import { createAuthMiddleware } from 'mulguard/server'
+ *
+ * export const middleware = createAuthMiddleware(auth, {
+ *   requireAuth: true,
+ *   redirectTo: '/auth/login',
+ *   allowedRoles: ['admin'],
+ * })
+ * ```
+ */
+export declare function createAuthMiddleware(auth: MulguardInstance, options?: AuthMiddlewareOptions): (request: NextRequest) => Promise<NextResponse | null>;
+/**
+ * Require authentication middleware
+ * Shortcut for createAuthMiddleware with requireAuth: true
+ */
+export declare function requireAuthMiddleware(auth: MulguardInstance, redirectTo?: string): (request: NextRequest) => Promise<NextResponse | null>;
+/**
+ * Require role middleware
+ * Shortcut for createAuthMiddleware with allowedRoles
+ */
+export declare function requireRoleMiddleware(auth: MulguardInstance, roles: string[], redirectTo?: string): (request: NextRequest) => Promise<NextResponse | null>;

package/dist/server/oauth-state.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Server-side OAuth state management
+ * Stores OAuth state in httpOnly cookies for security
+ */
+/**
+ * Store OAuth state in httpOnly cookie
+ * ✅ SECURE: Uses httpOnly cookie to prevent XSS attacks
+ */
+export declare function storeOAuthStateCookie(state: string, provider: string): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+/**
+ * Get and validate OAuth state from cookie
+ * ✅ SECURE: Validates state and deletes after use (one-time use)
+ */
+export declare function getOAuthStateCookie(): Promise<{
+    state: string;
+    provider: string;
+} | null>;
+/**
+ * Delete OAuth state cookie
+ */
+export declare function deleteOAuthStateCookie(): Promise<void>;

package/dist/server/session-helpers.d.ts

@@ -0,0 +1,26 @@
+import { Session } from '../core/types';
+/**
+ * Check if session is expired (helper version that accepts null)
+ * Note: The main isSessionExpired is exported from session.ts
+ * This is a convenience helper for nullable sessions
+ */
+export declare function isSessionExpiredNullable(session: Session | null): boolean;
+/**
+ * Check if session is expiring soon
+ * @param session - Session to check
+ * @param thresholdMinutes - Minutes before expiration to consider "soon" (default: 5)
+ */
+export declare function isSessionExpiringSoon(session: Session | null, thresholdMinutes?: number): boolean;
+/**
+ * Get time until session expiration in minutes
+ */
+export declare function getSessionTimeUntilExpiry(session: Session | null): number | null;
+/**
+ * Check if session is valid (not expired and has required fields)
+ */
+export declare function isSessionValid(session: Session | null): session is Session;
+/**
+ * Validate session structure
+ * Centralized validation logic used across the library
+ */
+export declare function validateSessionStructure(session: unknown): session is Session;

package/dist/server/session.d.ts

@@ -0,0 +1,28 @@
+import { Session, SessionConfig } from '../core/types';
+type ApiClient = {
+    get: <T>(url: string) => Promise<{
+        data: T;
+    }>;
+    post: <T>(url: string, data?: unknown) => Promise<{
+        data: T;
+    }>;
+};
+export interface SessionManager {
+    getSession(options?: {
+        skipRefresh?: boolean;
+    }): Promise<Session | null>;
+    setSession(session: Session, config: SessionConfig): void;
+    clearSession(config: SessionConfig): Promise<void>;
+    refreshSession(): Promise<Session | null>;
+    isSessionExpired(session: Session): boolean;
+    shouldRefreshSession(session: Session, config: SessionConfig): boolean;
+}
+/**
+ * Create session manager with automatic refresh
+ */
+export declare function createSessionManager(client: ApiClient, config: SessionConfig): SessionManager;
+/**
+ * Refresh session
+ */
+export declare function refreshSession(client: ApiClient, _config: SessionConfig): Promise<Session | null>;
+export {};

package/dist/server/utils.d.ts

@@ -0,0 +1,10 @@
+import { MulguardInstance } from '../mulguard';
+/**
+ * Create server-side helpers with pre-configured auth instance
+ */
+export declare function createServerUtils(auth: MulguardInstance): {
+    getSession: () => Promise<import('..').Session | null>;
+    requireAuth: (redirectTo?: string) => Promise<import('..').Session>;
+    requireRole: (role: string, redirectTo?: string) => Promise<import('..').Session>;
+    getCurrentUser: () => Promise<import('..').User | null>;
+};

package/dist/signin-unified-BS2gxaG1.mjs

@@ -0,0 +1,30 @@
+async function e(o, n, i) {
+  if (n === "google" || n === "github" || n === "apple" || n === "facebook" || typeof n == "string" && !["credentials", "otp", "passkey"].includes(n)) {
+    if (!o.signIn.oauth)
+      throw new Error("OAuth sign in is not configured. Provide oauth action in signIn.");
+    return o.signIn.oauth(n);
+  }
+  if (n === "credentials") {
+    if (!i || !("email" in i) || !("password" in i))
+      throw new Error("Credentials are required for credentials provider");
+    return o.signIn.email(i);
+  }
+  if (n === "otp") {
+    if (!i || !("email" in i))
+      throw new Error("Email is required for OTP provider");
+    const s = i;
+    if (!o.signIn.otp)
+      throw new Error("OTP sign in is not configured. Provide otp action in signIn.");
+    return o.signIn.otp(s.email, s.code);
+  }
+  if (n === "passkey") {
+    const s = i;
+    if (!o.signIn.passkey)
+      throw new Error("PassKey sign in is not configured. Provide passkey action in signIn.");
+    return o.signIn.passkey(s);
+  }
+  throw new Error(`Unknown provider: ${n}`);
+}
+export {
+  e as s
+};

package/dist/signin-unified-Cw41EFkc.js

@@ -0,0 +1 @@
+"use strict";async function e(o,n,i){if(n==="google"||n==="github"||n==="apple"||n==="facebook"||typeof n=="string"&&!["credentials","otp","passkey"].includes(n)){if(!o.signIn.oauth)throw new Error("OAuth sign in is not configured. Provide oauth action in signIn.");return o.signIn.oauth(n)}if(n==="credentials"){if(!i||!("email"in i)||!("password"in i))throw new Error("Credentials are required for credentials provider");return o.signIn.email(i)}if(n==="otp"){if(!i||!("email"in i))throw new Error("Email is required for OTP provider");const s=i;if(!o.signIn.otp)throw new Error("OTP sign in is not configured. Provide otp action in signIn.");return o.signIn.otp(s.email,s.code)}if(n==="passkey"){const s=i;if(!o.signIn.passkey)throw new Error("PassKey sign in is not configured. Provide passkey action in signIn.");return o.signIn.passkey(s)}throw new Error(`Unknown provider: ${n}`)}exports.signIn=e;

package/package.json

@@ -0,0 +1,73 @@
+{
+  "name": "mulguard",
+  "version": "1.0.1",
+  "description": "Mulguard is a modern authentication backend-first library for Next.js",
+  "main": "./dist/index/index.js",
+  "module": "./dist/index/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index/index.mjs",
+      "require": "./dist/index/index.js"
+    },
+    "./server": {
+      "types": "./dist/server/index.d.ts",
+      "import": "./dist/server/index.mjs",
+      "require": "./dist/server/index.js"
+    },
+    "./client": {
+      "types": "./dist/client/index.d.ts",
+      "import": "./dist/client/index.mjs",
+      "require": "./dist/client/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "vite build",
+    "dev": "vite build --watch",
+    "test": "vitest",
+    "test:watch": "vitest --watch",
+    "test:coverage": "vitest --coverage",
+    "type-check": "tsc --noEmit",
+    "clean": "node -e \"require('fs').rmSync('dist', {recursive: true, force: true})\"",
+    "prepublishOnly": "npm run build",
+    "changeset": "changeset add",
+    "version": "changeset version",
+    "release": "changeset version && npm run build && changeset publish"
+  },
+  "keywords": [
+    "nextjs",
+    "mulguard",
+    "mulink",
+    "mukey",
+    "mulverse",
+    "MxHabob",
+    "authentication",
+    "auth",
+    "next-auth"
+  ],
+  "author": "Mulguard Team",
+  "license": "MUV ",
+  "dependencies": {
+    "@noble/hashes": "^1.3.3"
+  },
+  "devDependencies": {
+    "@changesets/cli": "^2.27.1",
+    "@types/node": "^20.11.5",
+    "@types/react": "^18.2.48",
+    "next": "^16.0.10",
+    "turbo": "^2.0.0",
+    "typescript": "^5.3.3",
+    "vite": "^5.1.0",
+    "vite-plugin-dts": "^4.5.4",
+    "vitest": "^1.2.0"
+  },
+  "peerDependencies": {
+    "next": ">=14.0.0",
+    "react": ">=18.0.0 || ^19.0.0",
+    "react-dom": ">=18.0.0 || ^19.0.0"
+  }
+}