mulguard 1.1.4 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/core/auth/oauth-state-store-cookie.d.ts +83 -0
  2. package/dist/core/auth/oauth-state-store.d.ts +1 -0
  3. package/dist/index/index.js +1 -1
  4. package/dist/index/index.mjs +617 -510
  5. package/dist/mulguard.d.ts +8 -0
  6. package/dist/{oauth-state-LE-qeq-K.mjs → oauth-state-DKle8eCr.mjs} +111 -104
  7. package/dist/oauth-state-DlvrCV11.js +1 -0
  8. package/dist/server/index.js +1 -1
  9. package/dist/server/index.mjs +1 -1
  10. package/dist/server/oauth-state.d.ts +6 -0
  11. package/package.json +1 -1
  12. package/dist/oauth-state-CzIWQq3s.js +0 -1
package/dist/index/index.mjs CHANGED
@@ -1,10 +1,10 @@
1
1
  var ne = Object.defineProperty;
2
2
  var se = (e, r, t) => r in e ? ne(e, r, { enumerable: !0, configurable: !0, writable: !0, value: t }) : e[r] = t;
3
- var U = (e, r, t) => se(e, typeof r != "symbol" ? r + "" : r, t);
4
- import { A as m, d as ie, e as oe, c as ae, g as ce } from "../actions-DeCfLtHA.mjs";
5
- import { a as ft, s as dt, b as ht, v as gt } from "../actions-DeCfLtHA.mjs";
6
- import { v as N } from "../oauth-state-LE-qeq-K.mjs";
7
- import { c as pt, p as mt, k as Et, n as yt, m as kt, j as vt, l as St, e as Rt, g as At, b as Ot, i as Tt, a as It, o as _t, f as Pt, h as Ct, r as bt, d as Ut, s as Nt } from "../oauth-state-LE-qeq-K.mjs";
3
+ var b = (e, r, t) => se(e, typeof r != "symbol" ? r + "" : r, t);
4
+ import { A as m, d as oe, e as ie, c as ae, g as ce } from "../actions-DeCfLtHA.mjs";
5
+ import { a as wt, s as pt, b as mt, v as Et } from "../actions-DeCfLtHA.mjs";
6
+ import { v as U } from "../oauth-state-DKle8eCr.mjs";
7
+ import { c as kt, p as vt, k as St, n as At, m as Rt, j as Ot, l as Tt, e as It, g as _t, b as Pt, i as Ct, a as Nt, o as bt, f as Ut, h as Ft, r as xt, d as Dt, s as Lt } from "../oauth-state-DKle8eCr.mjs";
8
8
  import { NextResponse as E } from "next/server";
9
9
  const x = typeof globalThis == "object" && "crypto" in globalThis ? globalThis.crypto : void 0;
10
10
  /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
@@ -17,8 +17,8 @@ function ue(e = 32) {
17
17
  }
18
18
  class le {
19
19
  constructor(r) {
20
- U(this, "attempts", /* @__PURE__ */ new Map());
21
- U(this, "config");
20
+ b(this, "attempts", /* @__PURE__ */ new Map());
21
+ b(this, "config");
22
22
  this.config = r;
23
23
  }
24
24
  /**
@@ -56,7 +56,7 @@ class le {
56
56
  this.attempts.clear();
57
57
  }
58
58
  }
59
- function Or(e) {
59
+ function _r(e) {
60
60
  return new le(e);
61
61
  }
62
62
  const fe = {
@@ -74,7 +74,7 @@ function H(e) {
74
74
  ...e
75
75
  };
76
76
  }
77
- function Tr(e, r) {
77
+ function Pr(e, r) {
78
78
  const t = H(r);
79
79
  for (const [n, s] of Object.entries(t))
80
80
  s && e.set(n, s);
@@ -112,7 +112,7 @@ const ge = /* @__PURE__ */ new Set([
112
112
  "guest",
113
113
  "user"
114
114
  ]), we = /012|123|234|345|456|567|678|789|abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz/i, pe = 8, me = 128;
115
- function Ir(e, r = pe) {
115
+ function Cr(e, r = pe) {
116
116
  if (typeof e != "string" || !e)
117
117
  return { valid: !1, error: "Password is required" };
118
118
  if (e.length < r)
@@ -133,11 +133,11 @@ function Ee(e) {
133
133
  let r = 0;
134
134
  return e.length >= 12 ? r += 2 : e.length >= 8 && (r += 1), /[a-z]/.test(e) && (r += 1), /[A-Z]/.test(e) && (r += 1), /[0-9]/.test(e) && (r += 1), /[^a-zA-Z0-9]/.test(e) && (r += 1), r >= 5 ? "strong" : r >= 3 ? "medium" : "weak";
135
135
  }
136
- function _r(e) {
136
+ function Nr(e) {
137
137
  return e.valid === !0 && e.sanitized !== void 0;
138
138
  }
139
139
  const ye = 100;
140
- function Pr(e) {
140
+ function br(e) {
141
141
  if (typeof e != "string" || !e)
142
142
  return { valid: !1, error: "Name is required" };
143
143
  const r = e.trim();
@@ -148,11 +148,11 @@ function Pr(e) {
148
148
  const t = r.replace(/[<>"']/g, "");
149
149
  return t.length === 0 ? { valid: !1, error: "Name contains only invalid characters" } : { valid: !0, sanitized: t };
150
150
  }
151
- function Cr(e) {
151
+ function Ur(e) {
152
152
  return e.valid === !0 && e.sanitized !== void 0;
153
153
  }
154
154
  const ke = /* @__PURE__ */ new Set(["http:", "https:"]);
155
- function br(e) {
155
+ function Fr(e) {
156
156
  if (typeof e != "string" || !e)
157
157
  return { valid: !1, error: "URL is required" };
158
158
  try {
@@ -162,32 +162,32 @@ function br(e) {
162
162
  return { valid: !1, error: "Invalid URL format" };
163
163
  }
164
164
  }
165
- function Ur(e) {
165
+ function xr(e) {
166
166
  return e.valid === !0 && e.sanitized !== void 0;
167
167
  }
168
- const ve = 16, Se = 512, Re = /^[A-Za-z0-9_-]+$/;
169
- function Nr(e, r = ve) {
170
- return typeof e != "string" || !e ? { valid: !1, error: "Token is required" } : e.length < r ? { valid: !1, error: "Token is too short" } : e.length > Se ? { valid: !1, error: "Token is too long" } : Re.test(e) ? /(.)\1{10,}/.test(e) ? { valid: !1, error: "Token contains suspicious pattern" } : { valid: !0, sanitized: e } : { valid: !1, error: "Invalid token format" };
168
+ const ve = 16, Se = 512, Ae = /^[A-Za-z0-9_-]+$/;
169
+ function Dr(e, r = ve) {
170
+ return typeof e != "string" || !e ? { valid: !1, error: "Token is required" } : e.length < r ? { valid: !1, error: "Token is too short" } : e.length > Se ? { valid: !1, error: "Token is too long" } : Ae.test(e) ? /(.)\1{10,}/.test(e) ? { valid: !1, error: "Token contains suspicious pattern" } : { valid: !0, sanitized: e } : { valid: !1, error: "Invalid token format" };
171
171
  }
172
- function Fr(e) {
172
+ function Lr(e) {
173
173
  return e.valid === !0 && e.sanitized !== void 0;
174
174
  }
175
- const Ae = 1e3;
175
+ const Re = 1e3;
176
176
  function X(e, r) {
177
- const { maxLength: t = Ae, allowHtml: n = !1, required: s = !0 } = r ?? {};
177
+ const { maxLength: t = Re, allowHtml: n = !1, required: s = !0 } = r ?? {};
178
178
  if (s && (typeof e != "string" || !e || e.trim().length === 0))
179
179
  return { valid: !1, error: "Input is required" };
180
180
  if (typeof e != "string" || !e)
181
181
  return { valid: !0, sanitized: "" };
182
- let i = e.trim();
183
- return i.length > t ? { valid: !1, error: `Input must be less than ${t} characters` } : (n || (i = i.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#x27;").replace(/\//g, "&#x2F;")), i = i.replace(/[\x00-\x1F\x7F]/g, ""), { valid: !0, sanitized: i });
182
+ let o = e.trim();
183
+ return o.length > t ? { valid: !1, error: `Input must be less than ${t} characters` } : (n || (o = o.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#x27;").replace(/\//g, "&#x2F;")), o = o.replace(/[\x00-\x1F\x7F]/g, ""), { valid: !0, sanitized: o });
184
184
  }
185
- function xr(e) {
185
+ function Mr(e) {
186
186
  return e.valid === !0 && e.sanitized !== void 0;
187
187
  }
188
188
  class Oe {
189
189
  constructor() {
190
- U(this, "tokens", /* @__PURE__ */ new Map());
190
+ b(this, "tokens", /* @__PURE__ */ new Map());
191
191
  }
192
192
  get(r) {
193
193
  const t = this.tokens.get(r);
@@ -208,8 +208,8 @@ class Oe {
208
208
  }
209
209
  class Te {
210
210
  constructor(r, t = 32) {
211
- U(this, "store");
212
- U(this, "tokenLength");
211
+ b(this, "store");
212
+ b(this, "tokenLength");
213
213
  this.store = r || new Oe(), this.tokenLength = t;
214
214
  }
215
215
  /**
@@ -242,7 +242,7 @@ class Te {
242
242
  this.store.delete(r);
243
243
  }
244
244
  }
245
- function Dr(e) {
245
+ function Vr(e) {
246
246
  return new Te(e);
247
247
  }
248
248
  function Ie(e) {
@@ -257,13 +257,13 @@ function Ie(e) {
257
257
  };
258
258
  return e.replace(/[&<>"']/g, (t) => r[t] || t);
259
259
  }
260
- function Lr(e) {
260
+ function jr(e) {
261
261
  return typeof e != "string" ? "" : e.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, "").replace(/on\w+\s*=\s*["'][^"']*["']/gi, "").replace(/javascript:/gi, "");
262
262
  }
263
- function Mr(e) {
263
+ function zr(e) {
264
264
  return typeof e != "string" ? "" : Ie(e.trim());
265
265
  }
266
- function Vr(e) {
266
+ function $r(e) {
267
267
  return typeof e != "string" ? !1 : [
268
268
  /<script/i,
269
269
  /javascript:/i,
@@ -295,35 +295,35 @@ function Q(e, r) {
295
295
  t |= e.charCodeAt(n) ^ r.charCodeAt(n);
296
296
  return t === 0;
297
297
  }
298
- function jr(e, r) {
298
+ function Wr(e, r) {
299
299
  return Q(e, r);
300
300
  }
301
- function zr(e) {
301
+ function qr(e) {
302
302
  return typeof e != "string" ? "" : e.trim().replace(/[<>]/g, "");
303
303
  }
304
304
  const Pe = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
305
- function $r(e) {
305
+ function Br(e) {
306
306
  return typeof e == "string" && Pe.test(e);
307
307
  }
308
308
  function Ce(e) {
309
309
  return !e.success && !!e.error;
310
310
  }
311
- function Wr(e) {
311
+ function Hr(e) {
312
312
  return e.requires2FA === !0 || e.errorCode === m.TWO_FA_REQUIRED;
313
313
  }
314
- function qr(e, r) {
314
+ function Gr(e, r) {
315
315
  return e.error ? e.error : r || "Authentication failed";
316
316
  }
317
- function Br(e) {
317
+ function Kr(e) {
318
318
  return e.errorCode;
319
319
  }
320
- function Hr(e) {
320
+ function Xr(e) {
321
321
  return e.success === !0 && !!e.user;
322
322
  }
323
- function Gr(e, r) {
323
+ function Jr(e, r) {
324
324
  return e.errorCode === r;
325
325
  }
326
- function Kr(e) {
326
+ function Yr(e) {
327
327
  if (!Ce(e)) return !1;
328
328
  const r = [
329
329
  m.NETWORK_ERROR,
@@ -332,7 +332,7 @@ function Kr(e) {
332
332
  ];
333
333
  return e.errorCode ? r.includes(e.errorCode) : !1;
334
334
  }
335
- function Xr(e) {
335
+ function Qr(e) {
336
336
  if (e.error) return e.error;
337
337
  switch (e.errorCode) {
338
338
  case m.INVALID_CREDENTIALS:
@@ -360,7 +360,7 @@ function Xr(e) {
360
360
  return "An unexpected error occurred. Please try again.";
361
361
  }
362
362
  }
363
- async function Jr(e, r, t) {
363
+ async function Zr(e, r, t) {
364
364
  return e.signIn(r, t);
365
365
  }
366
366
  const Z = {
@@ -396,31 +396,31 @@ const Z = {
396
396
  function j(e) {
397
397
  return Z[e] ?? null;
398
398
  }
399
- function Yr(e) {
399
+ function et(e) {
400
400
  return e in Z;
401
401
  }
402
- function be(e, r, t, n) {
402
+ function Ne(e, r, t, n) {
403
403
  const s = j(e);
404
404
  if (!s)
405
405
  throw new Error(`Unknown OAuth provider: ${e}`);
406
406
  if (!r.clientId)
407
407
  throw new Error(`OAuth provider "${e}" is missing clientId`);
408
- const i = r.redirectUri ?? `${t}/api/auth/callback/${e}`, o = r.scopes ?? s.defaultScopes, a = new URLSearchParams({
408
+ const o = r.redirectUri ?? `${t}/api/auth/callback/${e}`, i = r.scopes ?? s.defaultScopes, a = new URLSearchParams({
409
409
  client_id: r.clientId,
410
- redirect_uri: i,
410
+ redirect_uri: o,
411
411
  response_type: "code",
412
- scope: Array.isArray(o) ? o.join(" ") : String(o),
412
+ scope: Array.isArray(i) ? i.join(" ") : String(i),
413
413
  state: n
414
414
  });
415
415
  if (s.defaultParams)
416
- for (const [l, f] of Object.entries(s.defaultParams))
417
- a.append(l, f);
416
+ for (const [u, f] of Object.entries(s.defaultParams))
417
+ a.append(u, f);
418
418
  if (r.params)
419
- for (const [l, f] of Object.entries(r.params))
420
- a.set(l, f);
419
+ for (const [u, f] of Object.entries(r.params))
420
+ a.set(u, f);
421
421
  return `${s.authorizationUrl}?${a.toString()}`;
422
422
  }
423
- async function Ue(e, r, t, n) {
423
+ async function be(e, r, t, n) {
424
424
  const s = j(e);
425
425
  if (!s)
426
426
  throw new Error(`Unknown OAuth provider: ${e}`);
@@ -428,41 +428,41 @@ async function Ue(e, r, t, n) {
428
428
  throw new Error("Authorization code is required");
429
429
  if (!r.clientId)
430
430
  throw new Error(`OAuth provider "${e}" is missing clientId`);
431
- const i = new URLSearchParams({
431
+ const o = new URLSearchParams({
432
432
  client_id: r.clientId,
433
433
  code: t,
434
434
  redirect_uri: n,
435
435
  grant_type: "authorization_code"
436
436
  });
437
- r.clientSecret && i.append("client_secret", r.clientSecret);
437
+ r.clientSecret && o.append("client_secret", r.clientSecret);
438
438
  try {
439
- const o = await fetch(s.tokenUrl, {
439
+ const i = await fetch(s.tokenUrl, {
440
440
  method: "POST",
441
441
  headers: {
442
442
  "Content-Type": "application/x-www-form-urlencoded",
443
443
  Accept: "application/json"
444
444
  },
445
- body: i.toString()
445
+ body: o.toString()
446
446
  });
447
- if (!o.ok) {
448
- const l = await o.text();
449
- let f = `Failed to exchange code for tokens: ${l}`;
447
+ if (!i.ok) {
448
+ const u = await i.text();
449
+ let f = `Failed to exchange code for tokens: ${u}`;
450
450
  try {
451
- const w = JSON.parse(l);
452
- f = w.error_description ?? w.error ?? f;
451
+ const g = JSON.parse(u);
452
+ f = g.error_description ?? g.error ?? f;
453
453
  } catch {
454
454
  }
455
455
  throw new Error(f);
456
456
  }
457
- const a = await o.json();
458
- if (!Ne(a))
457
+ const a = await i.json();
458
+ if (!Ue(a))
459
459
  throw new Error("Invalid token exchange response format");
460
460
  return a;
461
- } catch (o) {
462
- throw o instanceof Error ? o : new Error(`OAuth token exchange failed: ${String(o)}`);
461
+ } catch (i) {
462
+ throw i instanceof Error ? i : new Error(`OAuth token exchange failed: ${String(i)}`);
463
463
  }
464
464
  }
465
- function Ne(e) {
465
+ function Ue(e) {
466
466
  return typeof e == "object" && e !== null && "access_token" in e && typeof e.access_token == "string";
467
467
  }
468
468
  async function Fe(e, r) {
@@ -479,14 +479,14 @@ async function Fe(e, r) {
479
479
  }
480
480
  });
481
481
  if (!n.ok) {
482
- const i = await n.text();
483
- let o = `Failed to fetch user info: ${i}`;
482
+ const o = await n.text();
483
+ let i = `Failed to fetch user info: ${o}`;
484
484
  try {
485
- const a = JSON.parse(i);
486
- o = a.error_description ?? a.error ?? o;
485
+ const a = JSON.parse(o);
486
+ i = a.error_description ?? a.error ?? i;
487
487
  } catch {
488
488
  }
489
- throw new Error(o);
489
+ throw new Error(i);
490
490
  }
491
491
  const s = await n.json();
492
492
  return xe(e, s, r);
@@ -526,8 +526,8 @@ async function Le(e, r) {
526
526
  headers: { Authorization: `Bearer ${r}` }
527
527
  });
528
528
  if (s.ok) {
529
- const i = await s.json(), o = i.find((a) => a.primary) ?? i[0];
530
- t = (o == null ? void 0 : o.email) ?? `${String(e.login ?? "user")}@users.noreply.github.com`, n = { ...e, emails: i };
529
+ const o = await s.json(), i = o.find((a) => a.primary) ?? o[0];
530
+ t = (i == null ? void 0 : i.email) ?? `${String(e.login ?? "user")}@users.noreply.github.com`, n = { ...e, emails: o };
531
531
  } else
532
532
  t = `${String(e.login ?? "user")}@users.noreply.github.com`;
533
533
  } catch {
@@ -574,12 +574,100 @@ function je(e) {
574
574
  rawProfile: e
575
575
  };
576
576
  }
577
- function Qr(e) {
577
+ function rt(e) {
578
578
  return typeof e == "object" && e !== null && "clientId" in e && typeof e.clientId == "string";
579
579
  }
580
- class ze {
580
+ const ze = "__mulguard_oauth_state", $e = 10 * 60 * 1e3;
581
+ function We(e) {
582
+ const r = e.cookieName || ze, t = e.ttl || $e, n = process.env.NODE_ENV === "production", s = e.secure ?? n, o = e.sameSite || "strict", i = e.cookieHandler, a = (u) => ({
583
+ httpOnly: !0,
584
+ secure: s,
585
+ sameSite: o,
586
+ maxAge: Math.floor(u / 1e3),
587
+ // Convert to seconds
588
+ path: "/"
589
+ });
590
+ return {
591
+ async set(u, f, g) {
592
+ const w = JSON.stringify({
593
+ state: u,
594
+ provider: f.provider,
595
+ expiresAt: f.expiresAt
596
+ });
597
+ await Promise.resolve(
598
+ i.setCookie(r, w, a(t))
599
+ );
600
+ },
601
+ async get(u) {
602
+ const f = await Promise.resolve(i.getCookie(r));
603
+ if (!f)
604
+ return null;
605
+ try {
606
+ const g = JSON.parse(f);
607
+ return g.state !== u ? null : g.expiresAt < Date.now() ? (await Promise.resolve(
608
+ i.deleteCookie(r, { path: "/" })
609
+ ), null) : {
610
+ provider: g.provider,
611
+ expiresAt: g.expiresAt
612
+ };
613
+ } catch {
614
+ return await Promise.resolve(
615
+ i.deleteCookie(r, { path: "/" })
616
+ ), null;
617
+ }
618
+ },
619
+ async delete(u) {
620
+ await this.get(u) && await Promise.resolve(
621
+ i.deleteCookie(r, { path: "/" })
622
+ );
623
+ },
624
+ async cleanup() {
625
+ }
626
+ };
627
+ }
628
+ function tt() {
629
+ return We({
630
+ cookieHandler: {
631
+ async getCookie(e) {
632
+ var r;
633
+ try {
634
+ const { cookies: t } = await import("next/headers");
635
+ return ((r = (await t()).get(e)) == null ? void 0 : r.value) || null;
636
+ } catch {
637
+ return null;
638
+ }
639
+ },
640
+ async setCookie(e, r, t) {
641
+ try {
642
+ const { cookies: n } = await import("next/headers");
643
+ (await n()).set(e, r, {
644
+ httpOnly: t.httpOnly ?? !0,
645
+ secure: t.secure ?? process.env.NODE_ENV === "production",
646
+ sameSite: t.sameSite || "strict",
647
+ maxAge: t.maxAge,
648
+ path: t.path || "/"
649
+ });
650
+ } catch (n) {
651
+ console.warn("[Mulguard] Failed to set OAuth state cookie:", n);
652
+ }
653
+ },
654
+ async deleteCookie(e, r) {
655
+ try {
656
+ const { cookies: t } = await import("next/headers");
657
+ (await t()).set(e, "", {
658
+ maxAge: 0,
659
+ expires: /* @__PURE__ */ new Date(0),
660
+ path: (r == null ? void 0 : r.path) || "/"
661
+ });
662
+ } catch {
663
+ }
664
+ }
665
+ }
666
+ });
667
+ }
668
+ class qe {
581
669
  constructor() {
582
- U(this, "states", /* @__PURE__ */ new Map());
670
+ b(this, "states", /* @__PURE__ */ new Map());
583
671
  }
584
672
  set(r, t, n) {
585
673
  this.states.set(r, t), this.cleanup();
@@ -597,25 +685,25 @@ class ze {
597
685
  n.expiresAt < r && this.states.delete(t);
598
686
  }
599
687
  }
600
- function $e() {
601
- return new ze();
688
+ function Be() {
689
+ return new qe();
602
690
  }
603
- function Zr(e, r = "mulguard:oauth:state:") {
691
+ function nt(e, r = "mulguard:oauth:state:") {
604
692
  const t = (s) => `${r}${s}`, n = async (s) => {
605
- const i = t(s);
606
- await e.del(i);
693
+ const o = t(s);
694
+ await e.del(o);
607
695
  };
608
696
  return {
609
- async set(s, i, o) {
610
- const a = t(s), l = JSON.stringify(i);
611
- await e.set(a, l, "EX", Math.floor(o / 1e3));
697
+ async set(s, o, i) {
698
+ const a = t(s), u = JSON.stringify(o);
699
+ await e.set(a, u, "EX", Math.floor(i / 1e3));
612
700
  },
613
701
  async get(s) {
614
- const i = t(s), o = await e.get(i);
615
- if (!o)
702
+ const o = t(s), i = await e.get(o);
703
+ if (!i)
616
704
  return null;
617
705
  try {
618
- const a = JSON.parse(o);
706
+ const a = JSON.parse(i);
619
707
  return a.expiresAt < Date.now() ? (await n(s), null) : a;
620
708
  } catch {
621
709
  return await n(s), null;
@@ -626,14 +714,14 @@ function Zr(e, r = "mulguard:oauth:state:") {
626
714
  },
627
715
  async cleanup() {
628
716
  try {
629
- const s = await e.keys(`${r}*`), i = Date.now();
630
- for (const o of s) {
631
- const a = await e.get(o);
717
+ const s = await e.keys(`${r}*`), o = Date.now();
718
+ for (const i of s) {
719
+ const a = await e.get(i);
632
720
  if (a)
633
721
  try {
634
- JSON.parse(a).expiresAt < i && await e.del(o);
722
+ JSON.parse(a).expiresAt < o && await e.del(i);
635
723
  } catch {
636
- await e.del(o);
724
+ await e.del(i);
637
725
  }
638
726
  }
639
727
  } catch (s) {
@@ -646,93 +734,93 @@ function D(e) {
646
734
  return e.success === !0 && e.user !== void 0 && e.session !== void 0;
647
735
  }
648
736
  var ee = /* @__PURE__ */ ((e) => (e[e.DEBUG = 0] = "DEBUG", e[e.INFO = 1] = "INFO", e[e.WARN = 2] = "WARN", e[e.ERROR = 3] = "ERROR", e))(ee || {});
649
- const We = process.env.NODE_ENV === "development" ? 0 : 1;
650
- function qe(e = {}) {
737
+ const He = process.env.NODE_ENV === "development" ? 0 : 1;
738
+ function Ge(e = {}) {
651
739
  const {
652
740
  enabled: r = process.env.NODE_ENV === "development",
653
- level: t = We,
741
+ level: t = He,
654
742
  context: n,
655
- formatter: s = Be
656
- } = e, i = (a) => r && a >= t, o = (a, l, f, w) => ({
743
+ formatter: s = Ke
744
+ } = e, o = (a) => r && a >= t, i = (a, u, f, g) => ({
657
745
  level: a,
658
- message: l,
746
+ message: u,
659
747
  timestamp: /* @__PURE__ */ new Date(),
660
748
  context: n,
661
- data: f ? He(f) : void 0,
662
- error: w
749
+ data: f ? Xe(f) : void 0,
750
+ error: g
663
751
  });
664
752
  return {
665
- debug: (a, l) => {
666
- if (i(
753
+ debug: (a, u) => {
754
+ if (o(
667
755
  0
668
756
  /* DEBUG */
669
757
  )) {
670
- const f = o(0, a, l);
758
+ const f = i(0, a, u);
671
759
  console.debug(s(f));
672
760
  }
673
761
  },
674
- info: (a, l) => {
675
- if (i(
762
+ info: (a, u) => {
763
+ if (o(
676
764
  1
677
765
  /* INFO */
678
766
  )) {
679
- const f = o(1, a, l);
767
+ const f = i(1, a, u);
680
768
  console.info(s(f));
681
769
  }
682
770
  },
683
- warn: (a, l) => {
684
- if (i(
771
+ warn: (a, u) => {
772
+ if (o(
685
773
  2
686
774
  /* WARN */
687
775
  )) {
688
- const f = o(2, a, l);
776
+ const f = i(2, a, u);
689
777
  console.warn(s(f));
690
778
  }
691
779
  },
692
- error: (a, l) => {
693
- if (i(
780
+ error: (a, u) => {
781
+ if (o(
694
782
  3
695
783
  /* ERROR */
696
784
  )) {
697
- const f = l instanceof Error ? l : void 0, w = l instanceof Error ? void 0 : l, g = o(3, a, w, f);
698
- console.error(s(g)), f && console.error(f);
785
+ const f = u instanceof Error ? u : void 0, g = u instanceof Error ? void 0 : u, w = i(3, a, g, f);
786
+ console.error(s(w)), f && console.error(f);
699
787
  }
700
788
  }
701
789
  };
702
790
  }
703
- function Be(e) {
791
+ function Ke(e) {
704
792
  const r = e.timestamp.toISOString(), t = ee[e.level], n = e.context ? `[${e.context}]` : "", s = e.data ? ` ${JSON.stringify(e.data)}` : "";
705
793
  return `${r} [${t}]${n} ${e.message}${s}`;
706
794
  }
707
- function He(e) {
795
+ function Xe(e) {
708
796
  const r = /* @__PURE__ */ new Set(["password", "token", "secret", "key", "accessToken", "refreshToken"]), t = {};
709
797
  for (const [n, s] of Object.entries(e))
710
798
  if (r.has(n.toLowerCase()))
711
799
  t[n] = "***REDACTED***";
712
800
  else if (typeof s == "string" && n.toLowerCase().includes("email")) {
713
- const i = s.split("@");
714
- if (i.length === 2 && i[0]) {
715
- const o = i[0].substring(0, 3) + "***@" + i[1];
716
- t[n] = o;
801
+ const o = s.split("@");
802
+ if (o.length === 2 && o[0]) {
803
+ const i = o[0].substring(0, 3) + "***@" + o[1];
804
+ t[n] = i;
717
805
  } else
718
806
  t[n] = s;
719
807
  } else
720
808
  t[n] = s;
721
809
  return t;
722
810
  }
723
- const I = qe();
724
- function Ge(e, r, t, n = {}) {
811
+ const I = Ge();
812
+ function Je(e, r, t, n = {}) {
725
813
  const {
726
814
  enabled: s = !0,
727
- maxRetries: i = 1,
728
- retryDelay: o = 1e3,
815
+ maxRetries: o = 1,
816
+ retryDelay: i = 1e3,
729
817
  rateLimit: a = 3,
730
- autoSignOutOnFailure: l = !0,
818
+ autoSignOutOnFailure: u = !0,
731
819
  redirectToLogin: f = "/login",
732
- autoRedirectOnFailure: w = !0
820
+ autoRedirectOnFailure: g = !0
733
821
  } = n;
734
- let g = null, A = !1;
735
- const S = [], v = [], y = 60 * 1e3;
822
+ let w = null, R = !1;
823
+ const A = [], S = [], y = 60 * 1e3;
736
824
  let h = 0, T = !1, _ = null;
737
825
  const L = 2, M = 60 * 1e3;
738
826
  function c() {
@@ -742,22 +830,22 @@ function Ge(e, r, t, n = {}) {
742
830
  return !1;
743
831
  T = !1, _ = null, h = 0;
744
832
  }
745
- for (; v.length > 0; ) {
746
- const p = v[0];
833
+ for (; S.length > 0; ) {
834
+ const p = S[0];
747
835
  if (p !== void 0 && p < k - y)
748
- v.shift();
836
+ S.shift();
749
837
  else
750
838
  break;
751
839
  }
752
- return v.length >= a ? !1 : (v.push(k), !0);
840
+ return S.length >= a ? !1 : (S.push(k), !0);
753
841
  }
754
- function u() {
842
+ function l() {
755
843
  h++, h >= L && (T = !0, _ = Date.now() + M, process.env.NODE_ENV === "development" && console.warn("[TokenRefreshManager] Circuit breaker opened - too many consecutive failures"));
756
844
  }
757
845
  function d() {
758
846
  h = 0, T = !1, _ = null;
759
847
  }
760
- async function R(k = 1) {
848
+ async function v(k = 1) {
761
849
  if (!s)
762
850
  return null;
763
851
  if (!c())
@@ -766,12 +854,12 @@ function Ge(e, r, t, n = {}) {
766
854
  const p = await e();
767
855
  if (p)
768
856
  return d(), P(p), n.onTokenRefreshed && await Promise.resolve(n.onTokenRefreshed(p)), p;
769
- if (u(), k < i)
770
- return await $(o * k), R(k + 1);
857
+ if (l(), k < o)
858
+ return await $(i * k), v(k + 1);
771
859
  throw new Error("Token refresh failed: refresh function returned null");
772
860
  } catch (p) {
773
- if (u(), k < i && C(p))
774
- return await $(o * k), R(k + 1);
861
+ if (l(), k < o && C(p))
862
+ return await $(i * k), v(k + 1);
775
863
  throw p;
776
864
  }
777
865
  }
@@ -786,27 +874,27 @@ function Ge(e, r, t, n = {}) {
786
874
  return !1;
787
875
  }
788
876
  function P(k) {
789
- const p = [...S];
790
- S.length = 0;
791
- for (const { resolve: b } of p)
792
- b(k);
877
+ const p = [...A];
878
+ A.length = 0;
879
+ for (const { resolve: N } of p)
880
+ N(k);
793
881
  }
794
882
  function z(k) {
795
- const p = [...S];
796
- S.length = 0;
797
- for (const { reject: b } of p)
798
- b(k);
883
+ const p = [...A];
884
+ A.length = 0;
885
+ for (const { reject: N } of p)
886
+ N(k);
799
887
  }
800
888
  function $(k) {
801
889
  return new Promise((p) => setTimeout(p, k));
802
890
  }
803
891
  async function W(k) {
804
892
  try {
805
- if (n.onTokenRefreshFailed && await Promise.resolve(n.onTokenRefreshFailed(k)), l && (await t(), await r(), w && typeof window < "u")) {
893
+ if (n.onTokenRefreshFailed && await Promise.resolve(n.onTokenRefreshFailed(k)), u && (await t(), await r(), g && typeof window < "u")) {
806
894
  let p = !0;
807
895
  if (n.onBeforeRedirect && (p = await Promise.resolve(n.onBeforeRedirect(k))), p) {
808
- const b = new URL(f, window.location.origin);
809
- b.searchParams.set("reason", "session_expired"), b.searchParams.set("redirect", window.location.pathname + window.location.search), window.location.href = b.toString();
896
+ const N = new URL(f, window.location.origin);
897
+ N.searchParams.set("reason", "session_expired"), N.searchParams.set("redirect", window.location.pathname + window.location.search), window.location.href = N.toString();
810
898
  }
811
899
  }
812
900
  } catch (p) {
@@ -818,30 +906,30 @@ function Ge(e, r, t, n = {}) {
818
906
  * Refresh token with single refresh queue
819
907
  */
820
908
  async refreshToken() {
821
- return s ? g || (A = !0, g = R().then((k) => (A = !1, g = null, k)).catch((k) => {
822
- throw A = !1, g = null, z(k), W(k).catch(() => {
909
+ return s ? w || (R = !0, w = v().then((k) => (R = !1, w = null, k)).catch((k) => {
910
+ throw R = !1, w = null, z(k), W(k).catch(() => {
823
911
  }), k;
824
- }), g) : null;
912
+ }), w) : null;
825
913
  },
826
914
  /**
827
915
  * Check if refresh is in progress
828
916
  */
829
917
  isRefreshing() {
830
- return A;
918
+ return R;
831
919
  },
832
920
  /**
833
921
  * Wait for current refresh to complete
834
922
  */
835
923
  async waitForRefresh() {
836
- return g ? new Promise((k, p) => {
837
- S.push({ resolve: k, reject: p });
924
+ return w ? new Promise((k, p) => {
925
+ A.push({ resolve: k, reject: p });
838
926
  }) : null;
839
927
  },
840
928
  /**
841
929
  * Clear state
842
930
  */
843
931
  clear() {
844
- g = null, A = !1, v.length = 0, d(), z(new Error("Token refresh manager cleared"));
932
+ w = null, R = !1, S.length = 0, d(), z(new Error("Token refresh manager cleared"));
845
933
  },
846
934
  /**
847
935
  * Handle token refresh failure
@@ -851,7 +939,7 @@ function Ge(e, r, t, n = {}) {
851
939
  }
852
940
  };
853
941
  }
854
- function Ke() {
942
+ function Ye() {
855
943
  const e = process.env.NODE_ENV === "production";
856
944
  return {
857
945
  cookieName: "__mulguard_session",
@@ -864,7 +952,7 @@ function Ke() {
864
952
  path: "/"
865
953
  };
866
954
  }
867
- function Xe() {
955
+ function Qe() {
868
956
  return {
869
957
  enabled: !0,
870
958
  refreshThreshold: 300,
@@ -879,90 +967,90 @@ function Xe() {
879
967
  autoRedirectOnFailure: !0
880
968
  };
881
969
  }
882
- function Je() {
970
+ function Ze() {
883
971
  return process.env.NEXT_PUBLIC_URL ?? (process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : "http://localhost:3000");
884
972
  }
885
- function Ye(e) {
886
- const { sessionConfig: r, cacheTtl: t, getSessionAction: n, onSessionExpired: s, onError: i } = e, o = r.cookieName ?? "__mulguard_session";
973
+ function er(e) {
974
+ const { sessionConfig: r, cacheTtl: t, getSessionAction: n, onSessionExpired: s, onError: o } = e, i = r.cookieName ?? "__mulguard_session";
887
975
  let a = null;
888
- const l = async () => {
976
+ const u = async () => {
889
977
  const y = Date.now();
890
978
  if (a && y - a.timestamp < t)
891
979
  return a.session;
892
980
  if (n)
893
981
  try {
894
982
  const h = await n();
895
- if (h && N(h))
983
+ if (h && U(h))
896
984
  return a = { session: h, timestamp: y }, h;
897
- h && !N(h) && (await w(), a = null);
985
+ h && !U(h) && (await g(), a = null);
898
986
  } catch (h) {
899
- I.debug("getSession error", { error: h }), i && await i(h instanceof Error ? h : new Error(String(h)), "getSession"), a = null;
987
+ I.debug("getSession error", { error: h }), o && await o(h instanceof Error ? h : new Error(String(h)), "getSession"), a = null;
900
988
  }
901
989
  try {
902
- const h = await ce(o);
990
+ const h = await ce(i);
903
991
  if (h)
904
992
  try {
905
993
  const T = JSON.parse(h);
906
- if (N(T))
907
- return T.expiresAt && new Date(T.expiresAt) < /* @__PURE__ */ new Date() ? (s && await s(T), await w(), a = null, null) : (a = { session: T, timestamp: y }, T);
908
- await w(), a = null;
994
+ if (U(T))
995
+ return T.expiresAt && new Date(T.expiresAt) < /* @__PURE__ */ new Date() ? (s && await s(T), await g(), a = null, null) : (a = { session: T, timestamp: y }, T);
996
+ await g(), a = null;
909
997
  } catch {
910
- await w(), a = null;
998
+ await g(), a = null;
911
999
  }
912
1000
  } catch (h) {
913
1001
  const T = h instanceof Error ? h.message : String(h);
914
- !T.includes("request scope") && !T.includes("cookies") && (I.warn("getSession cookie error", { error: h }), i && await i(
1002
+ !T.includes("request scope") && !T.includes("cookies") && (I.warn("getSession cookie error", { error: h }), o && await o(
915
1003
  h instanceof Error ? h : new Error(String(h)),
916
1004
  "getSession.cookie"
917
1005
  ));
918
1006
  }
919
1007
  return null;
920
1008
  }, f = async (y) => {
921
- if (!N(y))
1009
+ if (!U(y))
922
1010
  return {
923
1011
  success: !1,
924
1012
  error: "Invalid session structure"
925
1013
  };
926
1014
  try {
927
- const h = typeof y == "object" && "token" in y ? String(y.token) : JSON.stringify(y), T = oe(o, h, r), _ = await ae(T);
1015
+ const h = typeof y == "object" && "token" in y ? String(y.token) : JSON.stringify(y), T = ie(i, h, r), _ = await ae(T);
928
1016
  return _.success && (a = { session: y, timestamp: Date.now() }), _;
929
1017
  } catch (h) {
930
1018
  const T = h instanceof Error ? h.message : "Failed to set session";
931
- return I.error("setSession error", { error: h }), i && await i(h instanceof Error ? h : new Error(String(h)), "setSession"), {
1019
+ return I.error("setSession error", { error: h }), o && await o(h instanceof Error ? h : new Error(String(h)), "setSession"), {
932
1020
  success: !1,
933
1021
  error: T
934
1022
  };
935
1023
  }
936
- }, w = async () => {
1024
+ }, g = async () => {
937
1025
  try {
938
- await ie(o, {
1026
+ await oe(i, {
939
1027
  path: r.path,
940
1028
  domain: r.domain
941
1029
  }), a = null;
942
1030
  } catch (y) {
943
1031
  I.warn("clearSessionCookie error", { error: y });
944
1032
  }
945
- }, g = async () => {
946
- const y = await l();
1033
+ }, w = async () => {
1034
+ const y = await u();
947
1035
  return y != null && y.accessToken && typeof y.accessToken == "string" ? y.accessToken : null;
948
1036
  };
949
1037
  return {
950
- getSession: l,
1038
+ getSession: u,
951
1039
  setSession: f,
952
- clearSessionCookie: w,
953
- getAccessToken: g,
1040
+ clearSessionCookie: g,
1041
+ getAccessToken: w,
954
1042
  getRefreshToken: async () => {
955
- const y = await l();
1043
+ const y = await u();
956
1044
  return y != null && y.refreshToken && typeof y.refreshToken == "string" ? y.refreshToken : null;
957
1045
  },
958
- hasValidTokens: async () => !!await g(),
1046
+ hasValidTokens: async () => !!await w(),
959
1047
  clearCache: () => {
960
1048
  a = null;
961
1049
  },
962
- getSessionConfig: () => ({ cookieName: o, config: r })
1050
+ getSessionConfig: () => ({ cookieName: i, config: r })
963
1051
  };
964
1052
  }
965
- function Qe(e) {
1053
+ function rr(e) {
966
1054
  return async (r) => {
967
1055
  try {
968
1056
  if (!r || typeof r != "object")
@@ -1002,8 +1090,8 @@ function Qe(e) {
1002
1090
  // Don't sanitize password (needed for hashing)
1003
1091
  }, s = await e.actions.signIn.email(n);
1004
1092
  if (D(s)) {
1005
- const i = await e.saveSessionAfterAuth(s);
1006
- !i.success && i.warning && I.warn("Session save warning", { warning: i.warning });
1093
+ const o = await e.saveSessionAfterAuth(s);
1094
+ !o.success && o.warning && I.warn("Session save warning", { warning: o.warning });
1007
1095
  }
1008
1096
  return s.success ? I.info("Sign in successful", {
1009
1097
  email: n.email.substring(0, 3) + "***"
@@ -1024,7 +1112,7 @@ function Qe(e) {
1024
1112
  }
1025
1113
  };
1026
1114
  }
1027
- function Ze(e, r) {
1115
+ function tr(e, r) {
1028
1116
  return async (t) => {
1029
1117
  if (!t || typeof t != "string")
1030
1118
  throw new Error("Provider is required");
@@ -1040,11 +1128,11 @@ function Ze(e, r) {
1040
1128
  throw new Error(
1041
1129
  "OAuth sign in is not configured. Either provide oauth action in signIn, or configure providers.oauth in config."
1042
1130
  );
1043
- const i = await e.actions.signIn.oauth(s);
1044
- return await r(i.state, s), I.info("OAuth sign in initiated", { provider: s }), i;
1131
+ const o = await e.actions.signIn.oauth(s);
1132
+ return await r(o.state, s), I.info("OAuth sign in initiated", { provider: s }), o;
1045
1133
  };
1046
1134
  }
1047
- function er(e) {
1135
+ function nr(e) {
1048
1136
  return async (r, t) => {
1049
1137
  if (!r || typeof r != "string")
1050
1138
  return {
@@ -1074,8 +1162,8 @@ function er(e) {
1074
1162
  try {
1075
1163
  const s = await e.actions.signIn.otp(n.sanitized, t);
1076
1164
  if (D(s)) {
1077
- const i = await e.saveSessionAfterAuth(s);
1078
- !i.success && i.warning && I.warn("Session save warning", { warning: i.warning });
1165
+ const o = await e.saveSessionAfterAuth(s);
1166
+ !o.success && o.warning && I.warn("Session save warning", { warning: o.warning });
1079
1167
  }
1080
1168
  return s.success ? I.info("OTP sign in successful", {
1081
1169
  email: n.sanitized.substring(0, 3) + "***"
@@ -1097,7 +1185,7 @@ function er(e) {
1097
1185
  }
1098
1186
  };
1099
1187
  }
1100
- function rr(e) {
1188
+ function sr(e) {
1101
1189
  return async (r) => {
1102
1190
  if (!e.actions.signIn.passkey)
1103
1191
  throw new Error("PassKey sign in is not configured. Provide passkey action in signIn.");
@@ -1119,38 +1207,38 @@ function rr(e) {
1119
1207
  }
1120
1208
  };
1121
1209
  }
1122
- function tr(e, r) {
1123
- const t = Qe(e), n = Ze(e, r), s = er(e), i = rr(e);
1124
- return Object.assign(async (l, f) => {
1125
- if (!l || typeof l != "string")
1210
+ function or(e, r) {
1211
+ const t = rr(e), n = tr(e, r), s = nr(e), o = sr(e);
1212
+ return Object.assign(async (u, f) => {
1213
+ if (!u || typeof u != "string")
1126
1214
  throw new Error("Provider is required");
1127
- const w = X(l, {
1215
+ const g = X(u, {
1128
1216
  maxLength: 50,
1129
1217
  allowHtml: !1,
1130
1218
  required: !0
1131
1219
  });
1132
- if (!w.valid || !w.sanitized)
1220
+ if (!g.valid || !g.sanitized)
1133
1221
  throw new Error("Invalid provider");
1134
- const g = w.sanitized.toLowerCase();
1135
- if (g === "google" || g === "github" || g === "apple" || g === "facebook" || typeof g == "string" && !["credentials", "otp", "passkey"].includes(g))
1136
- return n(g);
1137
- if (g === "credentials")
1222
+ const w = g.sanitized.toLowerCase();
1223
+ if (w === "google" || w === "github" || w === "apple" || w === "facebook" || typeof w == "string" && !["credentials", "otp", "passkey"].includes(w))
1224
+ return n(w);
1225
+ if (w === "credentials")
1138
1226
  return !f || !("email" in f) || !("password" in f) ? {
1139
1227
  success: !1,
1140
1228
  error: "Credentials are required",
1141
1229
  errorCode: m.VALIDATION_ERROR
1142
1230
  } : t(f);
1143
- if (g === "otp") {
1231
+ if (w === "otp") {
1144
1232
  if (!f || !("email" in f))
1145
1233
  return {
1146
1234
  success: !1,
1147
1235
  error: "Email is required",
1148
1236
  errorCode: m.VALIDATION_ERROR
1149
1237
  };
1150
- const A = f;
1151
- return s(A.email, A.code);
1238
+ const R = f;
1239
+ return s(R.email, R.code);
1152
1240
  }
1153
- return g === "passkey" ? i(f) : {
1241
+ return w === "passkey" ? o(f) : {
1154
1242
  success: !1,
1155
1243
  error: "Invalid provider",
1156
1244
  errorCode: m.VALIDATION_ERROR
@@ -1158,11 +1246,11 @@ function tr(e, r) {
1158
1246
  }, {
1159
1247
  email: t,
1160
1248
  oauth: e.actions.signIn.oauth ? n : void 0,
1161
- passkey: e.actions.signIn.passkey ? i : void 0,
1249
+ passkey: e.actions.signIn.passkey ? o : void 0,
1162
1250
  otp: e.actions.signIn.otp ? s : void 0
1163
1251
  });
1164
1252
  }
1165
- function nr(e) {
1253
+ function ir(e) {
1166
1254
  return async (r) => {
1167
1255
  if (!e.actions.signUp)
1168
1256
  throw new Error("Sign up is not configured. Provide signUp action in config.");
@@ -1184,22 +1272,22 @@ function nr(e) {
1184
1272
  }
1185
1273
  };
1186
1274
  }
1187
- function sr(e, r) {
1275
+ function ar(e, r) {
1188
1276
  return async (t, n, s) => {
1189
- const i = e.oauthProviders[t];
1190
- if (!i)
1277
+ const o = e.oauthProviders[t];
1278
+ if (!o)
1191
1279
  return {
1192
1280
  success: !1,
1193
1281
  error: `OAuth provider "${t}" is not configured`,
1194
1282
  errorCode: m.VALIDATION_ERROR
1195
1283
  };
1196
1284
  try {
1197
- const o = i.redirectUri ?? `${e.baseUrl}/api/auth/callback/${t}`, a = await Ue(t, i, n, o), l = await Fe(t, a.access_token), f = {
1198
- id: l.id,
1199
- email: l.email,
1200
- name: l.name,
1201
- avatar: l.avatar,
1202
- emailVerified: l.emailVerified,
1285
+ const i = o.redirectUri ?? `${e.baseUrl}/api/auth/callback/${t}`, a = await be(t, o, n, i), u = await Fe(t, a.access_token), f = {
1286
+ id: u.id,
1287
+ email: u.email,
1288
+ name: u.name,
1289
+ avatar: u.avatar,
1290
+ emailVerified: u.emailVerified,
1203
1291
  provider: t,
1204
1292
  accessToken: a.access_token,
1205
1293
  refreshToken: a.refresh_token,
@@ -1210,36 +1298,36 @@ function sr(e, r) {
1210
1298
  token_type: a.token_type,
1211
1299
  id_token: a.id_token
1212
1300
  },
1213
- rawProfile: l.rawProfile
1301
+ rawProfile: u.rawProfile
1214
1302
  };
1215
1303
  if (e.callbacks.onOAuthUser) {
1216
- const w = await q(
1304
+ const g = await q(
1217
1305
  e.callbacks.onOAuthUser,
1218
1306
  [f, t],
1219
1307
  e.onError
1220
1308
  );
1221
- if (!w)
1309
+ if (!g)
1222
1310
  return {
1223
1311
  success: !1,
1224
1312
  error: "Failed to create or retrieve user",
1225
1313
  errorCode: m.VALIDATION_ERROR
1226
1314
  };
1227
- const g = e.createSession(w, f, a);
1228
- return await e.saveSession(g), e.callbacks.onSignIn && await q(
1315
+ const w = e.createSession(g, f, a);
1316
+ return await e.saveSession(w), e.callbacks.onSignIn && await q(
1229
1317
  e.callbacks.onSignIn,
1230
- [g.user, g],
1318
+ [w.user, w],
1231
1319
  e.onError
1232
- ), { success: !0, user: g.user, session: g };
1320
+ ), { success: !0, user: w.user, session: w };
1233
1321
  }
1234
1322
  return {
1235
1323
  success: !1,
1236
1324
  error: "OAuth user callback not implemented. Provide onOAuthUser callback or implement oauthCallback action.",
1237
1325
  errorCode: m.VALIDATION_ERROR
1238
1326
  };
1239
- } catch (o) {
1240
- return I.error("OAuth callback failed", { provider: t, error: o }), {
1327
+ } catch (i) {
1328
+ return I.error("OAuth callback failed", { provider: t, error: i }), {
1241
1329
  success: !1,
1242
- error: o instanceof Error ? o.message : "OAuth callback failed",
1330
+ error: i instanceof Error ? i.message : "OAuth callback failed",
1243
1331
  errorCode: m.NETWORK_ERROR
1244
1332
  };
1245
1333
  }
@@ -1256,62 +1344,69 @@ async function q(e, r, t) {
1256
1344
  ), n;
1257
1345
  }
1258
1346
  }
1259
- function ir(e, r, t, n) {
1347
+ function cr(e, r, t, n) {
1260
1348
  if (Object.keys(e).length !== 0)
1261
1349
  return async (s) => {
1262
- const i = e[s];
1263
- if (!i)
1350
+ const o = e[s];
1351
+ if (!o)
1264
1352
  throw new Error(`OAuth provider "${s}" is not configured. Add it to providers.oauth in config.`);
1265
- if (!i.clientId)
1353
+ if (!o.clientId)
1266
1354
  throw new Error(`OAuth provider "${s}" is missing clientId`);
1267
- const o = t();
1268
- return { url: n(s, i, r, o), state: o };
1355
+ const i = t();
1356
+ return { url: n(s, o, r, i), state: i };
1269
1357
  };
1270
1358
  }
1271
- function et(e) {
1359
+ function st(e) {
1272
1360
  var L, M;
1273
1361
  const r = {
1274
- ...Ke(),
1362
+ ...Ye(),
1275
1363
  ...e.session
1276
- }, t = e.actions, n = e.callbacks || {}, s = ((L = e.providers) == null ? void 0 : L.oauth) || {}, i = Je(), o = {
1277
- ...Xe(),
1364
+ }, t = e.actions, n = e.callbacks || {}, s = ((L = e.providers) == null ? void 0 : L.oauth) || {}, o = Ze(), i = {
1365
+ ...Qe(),
1278
1366
  ...e.tokenRefresh
1279
- }, a = ((M = e.session) == null ? void 0 : M.cacheTtl) ?? e.sessionCacheTtl ?? 5e3, l = e.oauthStateStore || $e(), f = { ...t }, w = async (c, u) => {
1367
+ }, a = ((M = e.session) == null ? void 0 : M.cacheTtl) ?? e.sessionCacheTtl ?? 5e3, u = e.oauthStateStore || Be(), f = { ...t }, g = async (c, l) => {
1280
1368
  const d = {
1281
- provider: u,
1369
+ provider: l,
1282
1370
  expiresAt: Date.now() + 6e5
1283
1371
  // 10 minutes
1284
1372
  };
1285
- await Promise.resolve(l.set(c, d, 10 * 60 * 1e3)), l.cleanup && await Promise.resolve(l.cleanup());
1286
- }, g = async (c, u) => {
1287
- const d = await Promise.resolve(l.get(c));
1288
- return d ? d.expiresAt < Date.now() ? (await Promise.resolve(l.delete(c)), !1) : d.provider !== u ? !1 : (await Promise.resolve(l.delete(c)), !0) : !1;
1289
- }, A = ir(
1373
+ await Promise.resolve(u.set(c, d, 10 * 60 * 1e3)), u.cleanup && await Promise.resolve(u.cleanup());
1374
+ }, w = async (c, l) => {
1375
+ let d = await Promise.resolve(u.get(c));
1376
+ if (!d)
1377
+ try {
1378
+ const { getOAuthStateCookie: v } = await import("../oauth-state-DKle8eCr.mjs").then((P) => P.q), C = await v();
1379
+ if (C && C.state === c && C.provider === l)
1380
+ return !0;
1381
+ } catch {
1382
+ }
1383
+ return d ? d.expiresAt < Date.now() ? (await Promise.resolve(u.delete(c)), !1) : d.provider !== l ? !1 : (await Promise.resolve(u.delete(c)), !0) : !1;
1384
+ }, R = cr(
1290
1385
  s,
1291
- i,
1386
+ o,
1292
1387
  _e,
1293
- be
1388
+ Ne
1294
1389
  );
1295
- if (A && !f.signIn.oauth) {
1390
+ if (R && !f.signIn.oauth) {
1296
1391
  const c = f.signIn;
1297
1392
  f.signIn = {
1298
1393
  ...c,
1299
- oauth: async (u) => {
1300
- const d = await A(u);
1301
- return await w(d.state, u), d;
1394
+ oauth: async (l) => {
1395
+ const d = await R(l);
1396
+ return await g(d.state, l), d;
1302
1397
  }
1303
1398
  };
1304
1399
  }
1305
1400
  if (!f.signIn || !f.signIn.email)
1306
1401
  throw new Error("mulguard: signIn.email action is required");
1307
- const S = async (c, ...u) => {
1402
+ const A = async (c, ...l) => {
1308
1403
  if (c)
1309
1404
  try {
1310
- return await c(...u);
1405
+ return await c(...l);
1311
1406
  } catch (d) {
1312
1407
  throw n.onError && await n.onError(d instanceof Error ? d : new Error(String(d)), "callback"), d;
1313
1408
  }
1314
- }, v = Ye({
1409
+ }, S = er({
1315
1410
  sessionConfig: r,
1316
1411
  cacheTtl: a,
1317
1412
  getSessionAction: t.getSession,
@@ -1320,44 +1415,44 @@ function et(e) {
1320
1415
  }), y = async (c) => {
1321
1416
  if (!D(c) || !c.session)
1322
1417
  return { success: !0 };
1323
- const u = await v.setSession(c.session);
1324
- return c.user && n.onSignIn && await S(n.onSignIn, c.user, c.session), u;
1418
+ const l = await S.setSession(c.session);
1419
+ return c.user && n.onSignIn && await A(n.onSignIn, c.user, c.session), l;
1325
1420
  };
1326
1421
  if (Object.keys(s).length > 0 && !f.oauthCallback) {
1327
- const c = sr(
1422
+ const c = ar(
1328
1423
  {
1329
1424
  oauthProviders: s,
1330
- baseUrl: i,
1425
+ baseUrl: o,
1331
1426
  callbacks: n,
1332
- createSession: (u, d, R) => ({
1427
+ createSession: (l, d, v) => ({
1333
1428
  user: {
1334
- ...u,
1429
+ ...l,
1335
1430
  avatar: d.avatar,
1336
1431
  emailVerified: d.emailVerified
1337
1432
  },
1338
1433
  expiresAt: new Date(Date.now() + (r.expiresIn || 604800) * 1e3),
1339
- accessToken: R.access_token,
1340
- refreshToken: R.refresh_token,
1434
+ accessToken: v.access_token,
1435
+ refreshToken: v.refresh_token,
1341
1436
  tokenType: "Bearer",
1342
- expiresIn: R.expires_in
1437
+ expiresIn: v.expires_in
1343
1438
  }),
1344
- saveSession: async (u) => {
1345
- await v.setSession(u);
1439
+ saveSession: async (l) => {
1440
+ await S.setSession(l);
1346
1441
  },
1347
1442
  onError: n.onError
1348
1443
  }
1349
1444
  );
1350
1445
  f.oauthCallback = c;
1351
1446
  }
1352
- const h = tr(
1447
+ const h = or(
1353
1448
  {
1354
1449
  actions: f,
1355
1450
  callbacks: n,
1356
1451
  saveSessionAfterAuth: y,
1357
1452
  onError: n.onError
1358
1453
  },
1359
- w
1360
- ), T = nr({
1454
+ g
1455
+ ), T = ir({
1361
1456
  actions: f,
1362
1457
  callbacks: n,
1363
1458
  saveSessionAfterAuth: y,
@@ -1368,25 +1463,25 @@ function et(e) {
1368
1463
  * Uses custom getSession action if provided, otherwise falls back to reading from cookie
1369
1464
  */
1370
1465
  async getSession() {
1371
- return await v.getSession();
1466
+ return await S.getSession();
1372
1467
  },
1373
1468
  /**
1374
1469
  * Get access token from current session
1375
1470
  */
1376
1471
  async getAccessToken() {
1377
- return await v.getAccessToken();
1472
+ return await S.getAccessToken();
1378
1473
  },
1379
1474
  /**
1380
1475
  * Get refresh token from current session
1381
1476
  */
1382
1477
  async getRefreshToken() {
1383
- return await v.getRefreshToken();
1478
+ return await S.getRefreshToken();
1384
1479
  },
1385
1480
  /**
1386
1481
  * Check if session has valid tokens
1387
1482
  */
1388
1483
  async hasValidTokens() {
1389
- return await v.hasValidTokens();
1484
+ return await S.hasValidTokens();
1390
1485
  },
1391
1486
  /**
1392
1487
  * Unified sign in method - supports both unified and direct method calls
@@ -1405,10 +1500,10 @@ function et(e) {
1405
1500
  */
1406
1501
  async signOut() {
1407
1502
  try {
1408
- const c = await this.getSession(), u = c == null ? void 0 : c.user;
1409
- return t.signOut && await t.signOut(), await v.clearSessionCookie(), v.clearCache(), u && n.onSignOut && await S(n.onSignOut, u), { success: !0 };
1503
+ const c = await this.getSession(), l = c == null ? void 0 : c.user;
1504
+ return t.signOut && await t.signOut(), await S.clearSessionCookie(), S.clearCache(), l && n.onSignOut && await A(n.onSignOut, l), { success: !0 };
1410
1505
  } catch (c) {
1411
- return await v.clearSessionCookie(), v.clearCache(), n.onError && await S(n.onError, c instanceof Error ? c : new Error(String(c)), "signOut"), {
1506
+ return await S.clearSessionCookie(), S.clearCache(), n.onError && await A(n.onError, c instanceof Error ? c : new Error(String(c)), "signOut"), {
1412
1507
  success: !1,
1413
1508
  error: c instanceof Error ? c.message : "Sign out failed"
1414
1509
  };
@@ -1422,10 +1517,10 @@ function et(e) {
1422
1517
  throw new Error("Password reset is not configured. Provide resetPassword action in config.");
1423
1518
  try {
1424
1519
  return await t.resetPassword(c);
1425
- } catch (u) {
1426
- return n.onError && await S(n.onError, u instanceof Error ? u : new Error(String(u)), "resetPassword"), {
1520
+ } catch (l) {
1521
+ return n.onError && await A(n.onError, l instanceof Error ? l : new Error(String(l)), "resetPassword"), {
1427
1522
  success: !1,
1428
- error: u instanceof Error ? u.message : "Password reset failed"
1523
+ error: l instanceof Error ? l.message : "Password reset failed"
1429
1524
  };
1430
1525
  }
1431
1526
  },
@@ -1437,10 +1532,10 @@ function et(e) {
1437
1532
  throw new Error("Email verification is not configured. Provide verifyEmail action in config.");
1438
1533
  try {
1439
1534
  return await t.verifyEmail(c);
1440
- } catch (u) {
1441
- return n.onError && await S(n.onError, u instanceof Error ? u : new Error(String(u)), "verifyEmail"), {
1535
+ } catch (l) {
1536
+ return n.onError && await A(n.onError, l instanceof Error ? l : new Error(String(l)), "verifyEmail"), {
1442
1537
  success: !1,
1443
- error: u instanceof Error ? u.message : "Email verification failed"
1538
+ error: l instanceof Error ? l.message : "Email verification failed"
1444
1539
  };
1445
1540
  }
1446
1541
  },
@@ -1453,49 +1548,49 @@ function et(e) {
1453
1548
  return this.getSession();
1454
1549
  try {
1455
1550
  const c = await t.refreshSession();
1456
- if (c && N(c)) {
1457
- if (await v.setSession(c), n.onSessionUpdate) {
1458
- const u = await S(n.onSessionUpdate, c);
1459
- if (u && N(u)) {
1460
- if (await v.setSession(u), n.onTokenRefresh) {
1551
+ if (c && U(c)) {
1552
+ if (await S.setSession(c), n.onSessionUpdate) {
1553
+ const l = await A(n.onSessionUpdate, c);
1554
+ if (l && U(l)) {
1555
+ if (await S.setSession(l), n.onTokenRefresh) {
1461
1556
  const d = await this.getSession();
1462
- d && await S(n.onTokenRefresh, d, u);
1557
+ d && await A(n.onTokenRefresh, d, l);
1463
1558
  }
1464
- return u;
1559
+ return l;
1465
1560
  }
1466
1561
  }
1467
1562
  if (n.onTokenRefresh) {
1468
- const u = await this.getSession();
1469
- u && await S(n.onTokenRefresh, u, c);
1563
+ const l = await this.getSession();
1564
+ l && await A(n.onTokenRefresh, l, c);
1470
1565
  }
1471
1566
  return c;
1472
- } else if (c && !N(c))
1473
- return await v.clearSessionCookie(), v.clearCache(), null;
1567
+ } else if (c && !U(c))
1568
+ return await S.clearSessionCookie(), S.clearCache(), null;
1474
1569
  return null;
1475
1570
  } catch (c) {
1476
- return await v.clearSessionCookie(), v.clearCache(), n.onError && await S(n.onError, c instanceof Error ? c : new Error(String(c)), "refreshSession"), null;
1571
+ return await S.clearSessionCookie(), S.clearCache(), n.onError && await A(n.onError, c instanceof Error ? c : new Error(String(c)), "refreshSession"), null;
1477
1572
  }
1478
1573
  },
1479
1574
  /**
1480
1575
  * OAuth callback handler
1481
1576
  * ✅ Auto-generated if providers.oauth is configured in config
1482
1577
  */
1483
- async oauthCallback(c, u, d) {
1578
+ async oauthCallback(c, l, d) {
1484
1579
  if (!f.oauthCallback)
1485
1580
  throw new Error(
1486
1581
  "OAuth callback is not configured. Either provide oauthCallback action, or configure providers.oauth in config."
1487
1582
  );
1488
- if (!u || !d)
1583
+ if (!l || !d)
1489
1584
  return {
1490
1585
  success: !1,
1491
1586
  error: "Missing required OAuth parameters (code or state)",
1492
1587
  errorCode: m.VALIDATION_ERROR
1493
1588
  };
1494
- let R = c;
1495
- if (!R) {
1496
- const P = await Promise.resolve(l.get(d));
1589
+ let v = c;
1590
+ if (!v) {
1591
+ const P = await Promise.resolve(u.get(d));
1497
1592
  if (P && P.provider)
1498
- R = P.provider;
1593
+ v = P.provider;
1499
1594
  else
1500
1595
  return {
1501
1596
  success: !1,
@@ -1503,16 +1598,16 @@ function et(e) {
1503
1598
  errorCode: m.VALIDATION_ERROR
1504
1599
  };
1505
1600
  }
1506
- if (!await g(d, R))
1601
+ if (!await w(d, v))
1507
1602
  return {
1508
1603
  success: !1,
1509
1604
  error: "Invalid or expired state parameter",
1510
1605
  errorCode: m.VALIDATION_ERROR
1511
1606
  };
1512
1607
  try {
1513
- return await f.oauthCallback(R, u, d);
1608
+ return await f.oauthCallback(v, l, d);
1514
1609
  } catch (P) {
1515
- return n.onError && await S(n.onError, P instanceof Error ? P : new Error(String(P)), "oauthCallback"), {
1610
+ return n.onError && await A(n.onError, P instanceof Error ? P : new Error(String(P)), "oauthCallback"), {
1516
1611
  success: !1,
1517
1612
  error: P instanceof Error ? P.message : "OAuth callback failed",
1518
1613
  errorCode: m.NETWORK_ERROR
@@ -1523,25 +1618,25 @@ function et(e) {
1523
1618
  * Verify 2FA code after initial sign in
1524
1619
  * Used when signIn returns requires2FA: true
1525
1620
  */
1526
- async verify2FA(c, u) {
1621
+ async verify2FA(c, l) {
1527
1622
  if (!t.verify2FA)
1528
1623
  throw new Error("2FA verification is not configured. Provide verify2FA action in config.");
1529
1624
  try {
1530
1625
  const d = await t.verify2FA(c);
1531
- if (d.success && d.session && !(u != null && u.skipCookieSave)) {
1532
- const R = await y(d);
1533
- R.success || (process.env.NODE_ENV === "development" && I.debug("Failed to save session cookie after verify2FA", {
1534
- error: R.error,
1535
- warning: R.warning
1536
- }), n.onError && await S(
1626
+ if (d.success && d.session && !(l != null && l.skipCookieSave)) {
1627
+ const v = await y(d);
1628
+ v.success || (process.env.NODE_ENV === "development" && I.debug("Failed to save session cookie after verify2FA", {
1629
+ error: v.error,
1630
+ warning: v.warning
1631
+ }), n.onError && await A(
1537
1632
  n.onError,
1538
- new Error(R.warning || R.error || "Failed to save session cookie"),
1633
+ new Error(v.warning || v.error || "Failed to save session cookie"),
1539
1634
  "verify2FA.setSession"
1540
1635
  ));
1541
1636
  }
1542
1637
  return d;
1543
1638
  } catch (d) {
1544
- return n.onError && await S(n.onError, d instanceof Error ? d : new Error(String(d)), "verify2FA"), {
1639
+ return n.onError && await A(n.onError, d instanceof Error ? d : new Error(String(d)), "verify2FA"), {
1545
1640
  success: !1,
1546
1641
  error: d instanceof Error ? d.message : "2FA verification failed",
1547
1642
  errorCode: m.TWO_FA_REQUIRED
@@ -1553,7 +1648,7 @@ function et(e) {
1553
1648
  * Useful for Server Actions that need to save session manually
1554
1649
  */
1555
1650
  async setSession(c) {
1556
- return await v.setSession(c);
1651
+ return await S.setSession(c);
1557
1652
  },
1558
1653
  /**
1559
1654
  * Internal method to get session config for Server Actions
@@ -1561,33 +1656,43 @@ function et(e) {
1561
1656
  * @internal
1562
1657
  */
1563
1658
  _getSessionConfig() {
1564
- return v.getSessionConfig();
1659
+ return S.getSessionConfig();
1565
1660
  },
1566
1661
  _getCallbacks() {
1567
1662
  return n;
1568
1663
  },
1664
+ /**
1665
+ * Store OAuth state for validation (useful when using external backend API)
1666
+ * This allows storing state generated by backend APIs in mulguard's state store
1667
+ *
1668
+ * @param state - OAuth state token
1669
+ * @param provider - OAuth provider name
1670
+ */
1671
+ async storeOAuthState(c, l) {
1672
+ await g(c, l);
1673
+ },
1569
1674
  /**
1570
1675
  * PassKey methods
1571
1676
  */
1572
1677
  passkey: t.passkey ? {
1573
1678
  register: t.passkey.register,
1574
1679
  authenticate: async (c) => {
1575
- var u;
1576
- if (!((u = t.passkey) != null && u.authenticate))
1680
+ var l;
1681
+ if (!((l = t.passkey) != null && l.authenticate))
1577
1682
  throw new Error("PassKey authenticate is not configured.");
1578
1683
  try {
1579
1684
  const d = await t.passkey.authenticate(c);
1580
1685
  return d.success && d.session && await y(d), d;
1581
1686
  } catch (d) {
1582
- return n.onError && await S(n.onError, d instanceof Error ? d : new Error(String(d)), "passkey.authenticate"), {
1687
+ return n.onError && await A(n.onError, d instanceof Error ? d : new Error(String(d)), "passkey.authenticate"), {
1583
1688
  success: !1,
1584
1689
  error: d instanceof Error ? d.message : "PassKey authentication failed"
1585
1690
  };
1586
1691
  }
1587
1692
  },
1588
1693
  list: t.passkey.list ? async () => {
1589
- var u;
1590
- if (!((u = t.passkey) != null && u.list))
1694
+ var l;
1695
+ if (!((l = t.passkey) != null && l.list))
1591
1696
  throw new Error("PassKey list is not configured.");
1592
1697
  return [...await t.passkey.list()];
1593
1698
  } : void 0,
@@ -1604,27 +1709,27 @@ function et(e) {
1604
1709
  isEnabled: t.twoFactor.isEnabled,
1605
1710
  verify2FA: async (c) => {
1606
1711
  var d;
1607
- const u = ((d = t.twoFactor) == null ? void 0 : d.verify2FA) || t.verify2FA;
1608
- if (!u)
1712
+ const l = ((d = t.twoFactor) == null ? void 0 : d.verify2FA) || t.verify2FA;
1713
+ if (!l)
1609
1714
  throw new Error("2FA verification is not configured. Provide verify2FA action in config.");
1610
1715
  try {
1611
- const R = await u(c);
1612
- if (R.success && R.session) {
1613
- const C = await y(R);
1716
+ const v = await l(c);
1717
+ if (v.success && v.session) {
1718
+ const C = await y(v);
1614
1719
  C.success || (process.env.NODE_ENV === "development" && I.debug("Failed to save session cookie after twoFactor.verify2FA", {
1615
1720
  error: C.error,
1616
1721
  warning: C.warning
1617
- }), n.onError && await S(
1722
+ }), n.onError && await A(
1618
1723
  n.onError,
1619
1724
  new Error(C.warning || C.error || "Failed to save session cookie"),
1620
1725
  "twoFactor.verify2FA.setSession"
1621
1726
  ));
1622
1727
  }
1623
- return R;
1624
- } catch (R) {
1625
- return n.onError && await S(n.onError, R instanceof Error ? R : new Error(String(R)), "twoFactor.verify2FA"), {
1728
+ return v;
1729
+ } catch (v) {
1730
+ return n.onError && await A(n.onError, v instanceof Error ? v : new Error(String(v)), "twoFactor.verify2FA"), {
1626
1731
  success: !1,
1627
- error: R instanceof Error ? R.message : "2FA verification failed",
1732
+ error: v instanceof Error ? v.message : "2FA verification failed",
1628
1733
  errorCode: m.UNKNOWN_ERROR
1629
1734
  };
1630
1735
  }
@@ -1636,61 +1741,61 @@ function et(e) {
1636
1741
  signInMethods: {
1637
1742
  email: (c) => h.email(c),
1638
1743
  oauth: (c) => {
1639
- var u;
1640
- return ((u = h.oauth) == null ? void 0 : u.call(h, c)) || Promise.reject(new Error("OAuth not configured"));
1744
+ var l;
1745
+ return ((l = h.oauth) == null ? void 0 : l.call(h, c)) || Promise.reject(new Error("OAuth not configured"));
1641
1746
  },
1642
1747
  passkey: (c) => {
1643
- var u;
1644
- return ((u = h.passkey) == null ? void 0 : u.call(h, c)) || Promise.reject(new Error("Passkey not configured"));
1748
+ var l;
1749
+ return ((l = h.passkey) == null ? void 0 : l.call(h, c)) || Promise.reject(new Error("Passkey not configured"));
1645
1750
  },
1646
- otp: (c, u) => {
1751
+ otp: (c, l) => {
1647
1752
  var d;
1648
- return ((d = h.otp) == null ? void 0 : d.call(h, c, u)) || Promise.reject(new Error("OTP not configured"));
1753
+ return ((d = h.otp) == null ? void 0 : d.call(h, c, l)) || Promise.reject(new Error("OTP not configured"));
1649
1754
  }
1650
1755
  }
1651
1756
  };
1652
1757
  if (t.refreshSession) {
1653
- const c = Ge(
1758
+ const c = Je(
1654
1759
  async () => await _.refreshSession(),
1655
1760
  async () => await _.signOut(),
1656
1761
  async () => {
1657
- await v.clearSessionCookie(), v.clearCache();
1762
+ await S.clearSessionCookie(), S.clearCache();
1658
1763
  },
1659
1764
  {
1660
- ...o,
1661
- onTokenRefreshed: o.onTokenRefreshed,
1662
- onTokenRefreshFailed: o.onTokenRefreshFailed,
1663
- onBeforeRedirect: o.onBeforeRedirect
1765
+ ...i,
1766
+ onTokenRefreshed: i.onTokenRefreshed,
1767
+ onTokenRefreshFailed: i.onTokenRefreshFailed,
1768
+ onBeforeRedirect: i.onBeforeRedirect
1664
1769
  }
1665
1770
  );
1666
1771
  _._tokenRefreshManager = c, _._getTokenRefreshManager = () => c;
1667
1772
  }
1668
1773
  return _;
1669
1774
  }
1670
- function rt(e) {
1775
+ function ot(e) {
1671
1776
  return {
1672
1777
  GET: async (r) => B(r, e, "GET"),
1673
1778
  POST: async (r) => B(r, e, "POST")
1674
1779
  };
1675
1780
  }
1676
1781
  async function B(e, r, t) {
1677
- const n = new URL(e.url), s = or(n.pathname), i = s.split("/").filter(Boolean);
1782
+ const n = new URL(e.url), s = ur(n.pathname), o = s.split("/").filter(Boolean);
1678
1783
  try {
1679
- return t === "GET" ? await ar(e, r, s, i, n) : t === "POST" ? await cr(e, r, s, i, n) : O("Method not allowed", 405);
1680
- } catch (o) {
1784
+ return t === "GET" ? await lr(e, r, s, o, n) : t === "POST" ? await fr(e, r, s, o, n) : O("Method not allowed", 405);
1785
+ } catch (i) {
1681
1786
  return O(
1682
- o instanceof Error ? o.message : "Request failed",
1787
+ i instanceof Error ? i.message : "Request failed",
1683
1788
  500
1684
1789
  );
1685
1790
  }
1686
1791
  }
1687
- function or(e) {
1792
+ function ur(e) {
1688
1793
  return e.replace(/^\/api\/auth/, "") || "/session";
1689
1794
  }
1690
- async function ar(e, r, t, n, s) {
1795
+ async function lr(e, r, t, n, s) {
1691
1796
  if (t === "/session" || t === "/") {
1692
- const i = await r.getSession();
1693
- return E.json({ session: i });
1797
+ const o = await r.getSession();
1798
+ return E.json({ session: o });
1694
1799
  }
1695
1800
  return t === "/providers" ? E.json({
1696
1801
  providers: {
@@ -1700,11 +1805,11 @@ async function ar(e, r, t, n, s) {
1700
1805
  }
1701
1806
  }) : re(t, n) ? await te(e, r, t, n, s, "GET") : O("Not found", 404);
1702
1807
  }
1703
- async function cr(e, r, t, n, s) {
1704
- const i = await ur(e);
1705
- return t === "/sign-in" || n[0] === "sign-in" ? await fr(r, i) : t === "/sign-up" || n[0] === "sign-up" ? await dr(r, i) : t === "/sign-out" || n[0] === "sign-out" ? await hr(r) : t === "/reset-password" || n[0] === "reset-password" ? await gr(r, i) : t === "/verify-email" || n[0] === "verify-email" ? await wr(r, i) : t === "/refresh" || n[0] === "refresh" ? await pr(r) : re(t, n) ? await te(e, r, t, n, s, "POST", i) : t.startsWith("/passkey") ? await Er(r, t, n, i) : t === "/verify-2fa" || n[0] === "verify-2fa" ? await mr(r, i) : t.startsWith("/two-factor") ? await yr(r, n, i) : O("Not found", 404);
1808
+ async function fr(e, r, t, n, s) {
1809
+ const o = await dr(e);
1810
+ return t === "/sign-in" || n[0] === "sign-in" ? await gr(r, o) : t === "/sign-up" || n[0] === "sign-up" ? await wr(r, o) : t === "/sign-out" || n[0] === "sign-out" ? await pr(r) : t === "/reset-password" || n[0] === "reset-password" ? await mr(r, o) : t === "/verify-email" || n[0] === "verify-email" ? await Er(r, o) : t === "/refresh" || n[0] === "refresh" ? await yr(r) : re(t, n) ? await te(e, r, t, n, s, "POST", o) : t.startsWith("/passkey") ? await vr(r, t, n, o) : t === "/verify-2fa" || n[0] === "verify-2fa" ? await kr(r, o) : t.startsWith("/two-factor") ? await Sr(r, n, o) : O("Not found", 404);
1706
1811
  }
1707
- async function ur(e) {
1812
+ async function dr(e) {
1708
1813
  try {
1709
1814
  return await e.json();
1710
1815
  } catch {
@@ -1714,23 +1819,23 @@ async function ur(e) {
1714
1819
  function re(e, r) {
1715
1820
  return e === "/callback" || e.startsWith("/oauth/callback") || r[0] === "oauth" && r[1] === "callback" || r[0] === "callback";
1716
1821
  }
1717
- async function te(e, r, t, n, s, i, o) {
1822
+ async function te(e, r, t, n, s, o, i) {
1718
1823
  if (!r.oauthCallback)
1719
- return i === "GET" ? V(e.url, "oauth_not_configured") : O("OAuth callback is not configured", 400);
1720
- const a = lr(n, s, o), l = (o == null ? void 0 : o.code) ?? s.searchParams.get("code"), f = (o == null ? void 0 : o.state) ?? s.searchParams.get("state");
1721
- if (!l || !f)
1722
- return i === "GET" ? V(e.url, "oauth_missing_params") : O("Missing required OAuth parameters. Code and state are required.", 400);
1824
+ return o === "GET" ? V(e.url, "oauth_not_configured") : O("OAuth callback is not configured", 400);
1825
+ const a = hr(n, s, i), u = (i == null ? void 0 : i.code) ?? s.searchParams.get("code"), f = (i == null ? void 0 : i.state) ?? s.searchParams.get("state");
1826
+ if (!u || !f)
1827
+ return o === "GET" ? V(e.url, "oauth_missing_params") : O("Missing required OAuth parameters. Code and state are required.", 400);
1723
1828
  try {
1724
- const w = await r.oauthCallback(a ?? "", l, f);
1725
- return i === "GET" ? w.success ? kr(e.url, s.searchParams.get("callbackUrl")) : V(e.url, w.error ?? "oauth_failed") : E.json(w);
1726
- } catch (w) {
1727
- return i === "GET" ? V(e.url, w instanceof Error ? w.message : "oauth_error") : O(w instanceof Error ? w.message : "OAuth callback failed", 500);
1829
+ const g = await r.oauthCallback(a ?? "", u, f);
1830
+ return o === "GET" ? g.success ? Ar(e.url, s.searchParams.get("callbackUrl")) : V(e.url, g.error ?? "oauth_failed") : E.json(g);
1831
+ } catch (g) {
1832
+ return o === "GET" ? V(e.url, g instanceof Error ? g.message : "oauth_error") : O(g instanceof Error ? g.message : "OAuth callback failed", 500);
1728
1833
  }
1729
1834
  }
1730
- function lr(e, r, t) {
1835
+ function hr(e, r, t) {
1731
1836
  return t != null && t.provider ? t.provider : e[0] === "callback" && e[1] ? e[1] : e[0] === "oauth" && e[1] === "callback" && e[2] ? e[2] : r.searchParams.get("provider");
1732
1837
  }
1733
- async function fr(e, r) {
1838
+ async function gr(e, r) {
1734
1839
  if (r.provider === "email" && r.email && r.password) {
1735
1840
  const t = {
1736
1841
  email: r.email,
@@ -1752,17 +1857,17 @@ async function fr(e, r) {
1752
1857
  }
1753
1858
  return O("Invalid sign in request", 400);
1754
1859
  }
1755
- async function dr(e, r) {
1860
+ async function wr(e, r) {
1756
1861
  if (!e.signUp)
1757
1862
  return O("Sign up is not configured", 400);
1758
1863
  const t = await e.signUp(r);
1759
1864
  return E.json(t);
1760
1865
  }
1761
- async function hr(e) {
1866
+ async function pr(e) {
1762
1867
  const r = await e.signOut();
1763
1868
  return E.json(r);
1764
1869
  }
1765
- async function gr(e, r) {
1870
+ async function mr(e, r) {
1766
1871
  if (!e.resetPassword)
1767
1872
  return O("Password reset is not configured", 400);
1768
1873
  if (!r.email || typeof r.email != "string")
@@ -1770,7 +1875,7 @@ async function gr(e, r) {
1770
1875
  const t = await e.resetPassword(r.email);
1771
1876
  return E.json(t);
1772
1877
  }
1773
- async function wr(e, r) {
1878
+ async function Er(e, r) {
1774
1879
  if (!e.verifyEmail)
1775
1880
  return O("Email verification is not configured", 400);
1776
1881
  if (!r.token || typeof r.token != "string")
@@ -1778,7 +1883,7 @@ async function wr(e, r) {
1778
1883
  const t = await e.verifyEmail(r.token);
1779
1884
  return E.json(t);
1780
1885
  }
1781
- async function pr(e) {
1886
+ async function yr(e) {
1782
1887
  if (!e.refreshSession) {
1783
1888
  const t = await e.getSession();
1784
1889
  return E.json({ session: t });
@@ -1786,7 +1891,7 @@ async function pr(e) {
1786
1891
  const r = await e.refreshSession();
1787
1892
  return E.json({ session: r });
1788
1893
  }
1789
- async function mr(e, r) {
1894
+ async function kr(e, r) {
1790
1895
  if (!e.verify2FA)
1791
1896
  return O("2FA verification is not configured", 400);
1792
1897
  if (!r.email || !r.userId || !r.code)
@@ -1798,27 +1903,27 @@ async function mr(e, r) {
1798
1903
  }, n = await e.verify2FA(t);
1799
1904
  return E.json(n);
1800
1905
  }
1801
- async function Er(e, r, t, n) {
1906
+ async function vr(e, r, t, n) {
1802
1907
  if (!e.passkey)
1803
1908
  return O("PassKey is not configured", 400);
1804
1909
  const s = t[1];
1805
1910
  if (s === "register" && e.passkey.register) {
1806
- const i = await e.passkey.register(n.options);
1807
- return E.json(i);
1911
+ const o = await e.passkey.register(n.options);
1912
+ return E.json(o);
1808
1913
  }
1809
1914
  if (s === "list" && e.passkey.list) {
1810
- const i = await e.passkey.list();
1811
- return E.json(i);
1915
+ const o = await e.passkey.list();
1916
+ return E.json(o);
1812
1917
  }
1813
1918
  if (s === "remove" && e.passkey.remove) {
1814
1919
  if (!n.passkeyId || typeof n.passkeyId != "string")
1815
1920
  return O("Passkey ID is required", 400);
1816
- const i = await e.passkey.remove(n.passkeyId);
1817
- return E.json(i);
1921
+ const o = await e.passkey.remove(n.passkeyId);
1922
+ return E.json(o);
1818
1923
  }
1819
1924
  return O("Invalid Passkey request", 400);
1820
1925
  }
1821
- async function yr(e, r, t) {
1926
+ async function Sr(e, r, t) {
1822
1927
  if (!e.twoFactor)
1823
1928
  return O("Two-Factor Authentication is not configured", 400);
1824
1929
  const n = r[1];
@@ -1858,52 +1963,52 @@ function O(e, r) {
1858
1963
  function V(e, r) {
1859
1964
  return E.redirect(new URL(`/login?error=${encodeURIComponent(r)}`, e));
1860
1965
  }
1861
- function kr(e, r) {
1966
+ function Ar(e, r) {
1862
1967
  const t = r ?? "/";
1863
1968
  return E.redirect(new URL(t, e));
1864
1969
  }
1865
- function tt(e) {
1970
+ function it(e) {
1866
1971
  return async (r) => {
1867
- const { method: t, nextUrl: n } = r, i = n.pathname.replace(/^\/api\/auth/, "") || "/";
1972
+ const { method: t, nextUrl: n } = r, o = n.pathname.replace(/^\/api\/auth/, "") || "/";
1868
1973
  try {
1869
- let o;
1974
+ let i;
1870
1975
  if (t !== "GET" && t !== "HEAD")
1871
1976
  try {
1872
- o = await r.json();
1977
+ i = await r.json();
1873
1978
  } catch {
1874
1979
  }
1875
- const a = Object.fromEntries(n.searchParams.entries()), l = await fetch(
1876
- `${process.env.NEXT_PUBLIC_API_URL || ""}/api/auth${i}${Object.keys(a).length > 0 ? `?${new URLSearchParams(a).toString()}` : ""}`,
1980
+ const a = Object.fromEntries(n.searchParams.entries()), u = await fetch(
1981
+ `${process.env.NEXT_PUBLIC_API_URL || ""}/api/auth${o}${Object.keys(a).length > 0 ? `?${new URLSearchParams(a).toString()}` : ""}`,
1877
1982
  {
1878
1983
  method: t,
1879
1984
  headers: {
1880
1985
  "Content-Type": "application/json",
1881
1986
  ...Object.fromEntries(r.headers.entries())
1882
1987
  },
1883
- body: o ? JSON.stringify(o) : void 0
1988
+ body: i ? JSON.stringify(i) : void 0
1884
1989
  }
1885
- ), f = await l.json();
1990
+ ), f = await u.json();
1886
1991
  return E.json(f, {
1887
- status: l.status,
1992
+ status: u.status,
1888
1993
  headers: {
1889
- ...Object.fromEntries(l.headers.entries())
1994
+ ...Object.fromEntries(u.headers.entries())
1890
1995
  }
1891
1996
  });
1892
- } catch (o) {
1893
- return console.error("API handler error:", o), E.json(
1997
+ } catch (i) {
1998
+ return console.error("API handler error:", i), E.json(
1894
1999
  {
1895
2000
  success: !1,
1896
- error: o instanceof Error ? o.message : "Internal server error"
2001
+ error: i instanceof Error ? i.message : "Internal server error"
1897
2002
  },
1898
2003
  { status: 500 }
1899
2004
  );
1900
2005
  }
1901
2006
  };
1902
2007
  }
1903
- function nt(e) {
2008
+ function at(e) {
1904
2009
  return async (r) => {
1905
- const { searchParams: t } = r.nextUrl, n = t.get("provider"), s = t.get("code"), i = t.get("state");
1906
- if (!n || !s || !i)
2010
+ const { searchParams: t } = r.nextUrl, n = t.get("provider"), s = t.get("code"), o = t.get("state");
2011
+ if (!n || !s || !o)
1907
2012
  return E.redirect(
1908
2013
  new URL("/login?error=oauth_missing_params", r.url)
1909
2014
  );
@@ -1912,20 +2017,20 @@ function nt(e) {
1912
2017
  return E.redirect(
1913
2018
  new URL("/login?error=oauth_not_configured", r.url)
1914
2019
  );
1915
- const o = await e.oauthCallback(n, s, i);
1916
- if (o.success) {
2020
+ const i = await e.oauthCallback(n, s, o);
2021
+ if (i.success) {
1917
2022
  const a = t.get("callbackUrl") || "/";
1918
2023
  return E.redirect(new URL(a, r.url));
1919
2024
  } else {
1920
- const a = o.errorCode ? `${encodeURIComponent(o.error || "oauth_failed")}&code=${o.errorCode}` : encodeURIComponent(o.error || "oauth_failed");
2025
+ const a = i.errorCode ? `${encodeURIComponent(i.error || "oauth_failed")}&code=${i.errorCode}` : encodeURIComponent(i.error || "oauth_failed");
1921
2026
  return E.redirect(
1922
2027
  new URL(`/login?error=${a}`, r.url)
1923
2028
  );
1924
2029
  }
1925
- } catch (o) {
1926
- return process.env.NODE_ENV === "development" && console.error("[Mulguard] OAuth callback error:", o), E.redirect(
2030
+ } catch (i) {
2031
+ return process.env.NODE_ENV === "development" && console.error("[Mulguard] OAuth callback error:", i), E.redirect(
1927
2032
  new URL(
1928
- `/login?error=${encodeURIComponent(o instanceof Error ? o.message : "oauth_error")}`,
2033
+ `/login?error=${encodeURIComponent(i instanceof Error ? i.message : "oauth_error")}`,
1929
2034
  r.url
1930
2035
  )
1931
2036
  );
@@ -1942,42 +2047,42 @@ function F(e, r) {
1942
2047
  s && typeof s == "string" && r.headers.set(n, s);
1943
2048
  return r;
1944
2049
  }
1945
- function st() {
2050
+ function ct() {
1946
2051
  return async (e) => {
1947
2052
  const r = E.next();
1948
2053
  return F(e, r);
1949
2054
  };
1950
2055
  }
1951
- function it(e, r = {}) {
2056
+ function ut(e, r = {}) {
1952
2057
  const {
1953
2058
  protectedRoutes: t = [],
1954
2059
  publicRoutes: n = [],
1955
2060
  redirectTo: s = "/login",
1956
- redirectIfAuthenticated: i
2061
+ redirectIfAuthenticated: o
1957
2062
  } = r;
1958
- return async (o) => {
1959
- const { pathname: a } = o.nextUrl, l = t.some((g) => a.startsWith(g));
2063
+ return async (i) => {
2064
+ const { pathname: a } = i.nextUrl, u = t.some((w) => a.startsWith(w));
1960
2065
  let f = null;
1961
2066
  try {
1962
2067
  f = await e.getSession();
1963
- } catch (g) {
1964
- console.error("Middleware: Failed to get session:", g);
2068
+ } catch (w) {
2069
+ console.error("Middleware: Failed to get session:", w);
1965
2070
  }
1966
- if (l && !f) {
1967
- const g = o.nextUrl.clone();
1968
- return g.pathname = s, g.searchParams.set("callbackUrl", a), E.redirect(g);
2071
+ if (u && !f) {
2072
+ const w = i.nextUrl.clone();
2073
+ return w.pathname = s, w.searchParams.set("callbackUrl", a), E.redirect(w);
1969
2074
  }
1970
- if (i && f && (a.startsWith("/login") || a.startsWith("/register"))) {
1971
- const A = o.nextUrl.clone();
1972
- A.pathname = i;
1973
- const S = E.redirect(A);
1974
- return F(o, S);
2075
+ if (o && f && (a.startsWith("/login") || a.startsWith("/register"))) {
2076
+ const R = i.nextUrl.clone();
2077
+ R.pathname = o;
2078
+ const A = E.redirect(R);
2079
+ return F(i, A);
1975
2080
  }
1976
- const w = E.next();
1977
- return F(o, w);
2081
+ const g = E.next();
2082
+ return F(i, g);
1978
2083
  };
1979
2084
  }
1980
- async function ot(e, r) {
2085
+ async function lt(e, r) {
1981
2086
  var t;
1982
2087
  try {
1983
2088
  const n = await e.getSession();
@@ -1986,46 +2091,46 @@ async function ot(e, r) {
1986
2091
  return !1;
1987
2092
  }
1988
2093
  }
1989
- function at(e) {
2094
+ function ft(e) {
1990
2095
  const {
1991
2096
  auth: r,
1992
2097
  protectedRoutes: t = [],
1993
2098
  publicRoutes: n = [],
1994
2099
  redirectTo: s = "/login",
1995
- redirectIfAuthenticated: i,
1996
- apiPrefix: o = "/api/auth"
2100
+ redirectIfAuthenticated: o,
2101
+ apiPrefix: i = "/api/auth"
1997
2102
  } = e;
1998
2103
  return async (a) => {
1999
- const { pathname: l } = a.nextUrl;
2000
- if (l.startsWith(o)) {
2001
- const A = E.next();
2002
- return F(a, A);
2104
+ const { pathname: u } = a.nextUrl;
2105
+ if (u.startsWith(i)) {
2106
+ const R = E.next();
2107
+ return F(a, R);
2003
2108
  }
2004
- const f = t.some((A) => l.startsWith(A));
2005
- let w = null;
2006
- if (f || i)
2109
+ const f = t.some((R) => u.startsWith(R));
2110
+ let g = null;
2111
+ if (f || o)
2007
2112
  try {
2008
- w = await r.getSession();
2009
- } catch (A) {
2010
- console.error("Middleware: Failed to get session:", A);
2113
+ g = await r.getSession();
2114
+ } catch (R) {
2115
+ console.error("Middleware: Failed to get session:", R);
2011
2116
  }
2012
- if (f && !w) {
2117
+ if (f && !g) {
2118
+ const R = a.nextUrl.clone();
2119
+ R.pathname = s, R.searchParams.set("callbackUrl", u);
2120
+ const A = E.redirect(R);
2121
+ return F(a, A);
2122
+ }
2123
+ if (o && g && (u.startsWith("/login") || u.startsWith("/register"))) {
2013
2124
  const A = a.nextUrl.clone();
2014
- A.pathname = s, A.searchParams.set("callbackUrl", l);
2125
+ A.pathname = o;
2015
2126
  const S = E.redirect(A);
2016
2127
  return F(a, S);
2017
2128
  }
2018
- if (i && w && (l.startsWith("/login") || l.startsWith("/register"))) {
2019
- const S = a.nextUrl.clone();
2020
- S.pathname = i;
2021
- const v = E.redirect(S);
2022
- return F(a, v);
2023
- }
2024
- const g = E.next();
2025
- return F(a, g);
2129
+ const w = E.next();
2130
+ return F(a, w);
2026
2131
  };
2027
2132
  }
2028
- async function ct(e, r) {
2133
+ async function dt(e, r) {
2029
2134
  var t;
2030
2135
  try {
2031
2136
  const n = await e.getSession();
@@ -2038,85 +2143,87 @@ export {
2038
2143
  Te as CSRFProtection,
2039
2144
  fe as DEFAULT_SECURITY_HEADERS,
2040
2145
  Oe as MemoryCSRFStore,
2041
- ze as MemoryOAuthStateStore,
2146
+ qe as MemoryOAuthStateStore,
2042
2147
  le as RateLimiter,
2043
- Tr as applySecurityHeaders,
2044
- oe as buildCookieOptions,
2045
- be as buildOAuthAuthorizationUrl,
2046
- ot as checkRole,
2047
- ct as checkRoleProxy,
2048
- Vr as containsXSSPattern,
2049
- tt as createApiHandler,
2050
- it as createAuthMiddleware,
2051
- Dr as createCSRFProtection,
2052
- $e as createMemoryOAuthStateStore,
2053
- nt as createOAuthCallbackHandler,
2054
- at as createProxyMiddleware,
2055
- Or as createRateLimiter,
2056
- Zr as createRedisOAuthStateStore,
2057
- st as createSecurityMiddleware,
2058
- pt as createServerAuthMiddleware,
2059
- mt as createServerHelpers,
2060
- Et as createServerUtils,
2061
- yt as createSessionManager,
2062
- ie as deleteCookie,
2063
- kt as deleteOAuthStateCookie,
2148
+ Pr as applySecurityHeaders,
2149
+ ie as buildCookieOptions,
2150
+ Ne as buildOAuthAuthorizationUrl,
2151
+ lt as checkRole,
2152
+ dt as checkRoleProxy,
2153
+ $r as containsXSSPattern,
2154
+ it as createApiHandler,
2155
+ ut as createAuthMiddleware,
2156
+ Vr as createCSRFProtection,
2157
+ We as createCookieOAuthStateStore,
2158
+ Be as createMemoryOAuthStateStore,
2159
+ tt as createNextJsCookieOAuthStateStore,
2160
+ at as createOAuthCallbackHandler,
2161
+ ft as createProxyMiddleware,
2162
+ _r as createRateLimiter,
2163
+ nt as createRedisOAuthStateStore,
2164
+ ct as createSecurityMiddleware,
2165
+ kt as createServerAuthMiddleware,
2166
+ vt as createServerHelpers,
2167
+ St as createServerUtils,
2168
+ At as createSessionManager,
2169
+ oe as deleteCookie,
2170
+ Rt as deleteOAuthStateCookie,
2064
2171
  Ie as escapeHTML,
2065
- Ue as exchangeOAuthCode,
2172
+ be as exchangeOAuthCode,
2066
2173
  _e as generateCSRFToken,
2067
2174
  Y as generateToken,
2068
2175
  ce as getCookie,
2069
- vt as getCurrentUser,
2070
- Br as getErrorCode,
2071
- qr as getErrorMessage,
2072
- St as getOAuthStateCookie,
2176
+ Ot as getCurrentUser,
2177
+ Kr as getErrorCode,
2178
+ Gr as getErrorMessage,
2179
+ Tt as getOAuthStateCookie,
2073
2180
  Fe as getOAuthUserInfo,
2074
2181
  j as getProviderMetadata,
2075
2182
  H as getSecurityHeaders,
2076
- Rt as getServerSession,
2077
- At as getSessionTimeUntilExpiry,
2078
- Xr as getUserFriendlyError,
2079
- Gr as hasErrorCode,
2183
+ It as getServerSession,
2184
+ _t as getSessionTimeUntilExpiry,
2185
+ Qr as getUserFriendlyError,
2186
+ Jr as hasErrorCode,
2080
2187
  Ce as isAuthError,
2081
- Hr as isAuthSuccess,
2082
- Qr as isOAuthProviderConfig,
2083
- Kr as isRetryableError,
2084
- Ot as isSessionExpiredNullable,
2085
- Tt as isSessionExpiringSoon,
2086
- It as isSessionValid,
2087
- Yr as isSupportedProvider,
2088
- Wr as isTwoFactorRequired,
2089
- jr as isValidCSRFToken,
2090
- $r as isValidEmail,
2091
- xr as isValidInput,
2092
- Cr as isValidName,
2093
- _r as isValidPassword,
2094
- Fr as isValidToken,
2095
- Ur as isValidURL,
2096
- et as mulguard,
2097
- _t as refreshSession,
2098
- Pt as requireAuth,
2099
- Ct as requireRole,
2100
- bt as requireServerAuthMiddleware,
2101
- Ut as requireServerRoleMiddleware,
2102
- Lr as sanitizeHTML,
2103
- zr as sanitizeInput,
2104
- Mr as sanitizeUserInput,
2188
+ Xr as isAuthSuccess,
2189
+ rt as isOAuthProviderConfig,
2190
+ Yr as isRetryableError,
2191
+ Pt as isSessionExpiredNullable,
2192
+ Ct as isSessionExpiringSoon,
2193
+ Nt as isSessionValid,
2194
+ et as isSupportedProvider,
2195
+ Hr as isTwoFactorRequired,
2196
+ Wr as isValidCSRFToken,
2197
+ Br as isValidEmail,
2198
+ Mr as isValidInput,
2199
+ Ur as isValidName,
2200
+ Nr as isValidPassword,
2201
+ Lr as isValidToken,
2202
+ xr as isValidURL,
2203
+ st as mulguard,
2204
+ bt as refreshSession,
2205
+ Ut as requireAuth,
2206
+ Ft as requireRole,
2207
+ xt as requireServerAuthMiddleware,
2208
+ Dt as requireServerRoleMiddleware,
2209
+ jr as sanitizeHTML,
2210
+ qr as sanitizeInput,
2211
+ zr as sanitizeUserInput,
2105
2212
  ae as setCookie,
2106
- Jr as signIn,
2107
- ft as signInEmailAction,
2108
- dt as signOutAction,
2109
- ht as signUpAction,
2110
- Nt as storeOAuthStateCookie,
2111
- rt as toNextJsHandler,
2213
+ Zr as signIn,
2214
+ wt as signInEmailAction,
2215
+ pt as signOutAction,
2216
+ mt as signUpAction,
2217
+ Lt as storeOAuthStateCookie,
2218
+ ot as toNextJsHandler,
2112
2219
  G as validateAndSanitizeEmail,
2113
2220
  X as validateAndSanitizeInput,
2114
- Pr as validateAndSanitizeName,
2115
- Ir as validateAndSanitizePassword,
2221
+ br as validateAndSanitizeName,
2222
+ Cr as validateAndSanitizePassword,
2116
2223
  Q as validateCSRFToken,
2117
- N as validateSessionStructure,
2118
- Nr as validateToken,
2119
- br as validateURL,
2120
- gt as verify2FAAction,
2224
+ U as validateSessionStructure,
2225
+ Dr as validateToken,
2226
+ Fr as validateURL,
2227
+ Et as verify2FAAction,
2121
2228
  F as withSecurityHeaders
2122
2229
  };