mulguard 1.1.5 → 1.1.6

package/dist/{oauth-state-LE-qeq-K.mjs → oauth-state-DKle8eCr.mjs}

@@ -1,47 +1,47 @@
-import { d as f, g as R, c as E } from "./actions-DeCfLtHA.mjs";
+import { d as f, g as R, c as v } from "./actions-DeCfLtHA.mjs";
 import { redirect as T } from "next/navigation";
-import { NextResponse as g } from "next/server";
-function d(e) {
+import { NextResponse as w } from "next/server";
+function p(e) {
   return !e || !e.expiresAt ? !1 : new Date(e.expiresAt) < /* @__PURE__ */ new Date();
 }
-function O(e, r = 5) {
+function U(e, t = 5) {
   if (!e || !e.expiresAt)
     return !1;
-  const t = new Date(e.expiresAt), s = /* @__PURE__ */ new Date(), i = (t.getTime() - s.getTime()) / (1e3 * 60);
-  return i > 0 && i < r;
+  const r = new Date(e.expiresAt), s = /* @__PURE__ */ new Date(), i = (r.getTime() - s.getTime()) / (1e3 * 60);
+  return i > 0 && i < t;
 }
-function U(e) {
+function q(e) {
   if (!e || !e.expiresAt)
     return null;
-  const r = new Date(e.expiresAt), t = /* @__PURE__ */ new Date(), s = (r.getTime() - t.getTime()) / (1e3 * 60);
+  const t = new Date(e.expiresAt), r = /* @__PURE__ */ new Date(), s = (t.getTime() - r.getTime()) / (1e3 * 60);
   return s > 0 ? Math.floor(s) : 0;
 }
-function b(e) {
-  return !(!e || !e.user || !e.user.id || !e.user.email || !e.user.name || d(e));
+function M(e) {
+  return !(!e || !e.user || !e.user.id || !e.user.email || !e.user.name || p(e));
 }
 function m(e) {
   if (!e || typeof e != "object")
     return !1;
-  const r = e;
-  if (!r.user || typeof r.user != "object")
+  const t = e;
+  if (!t.user || typeof t.user != "object")
     return !1;
-  const t = r.user;
-  if (typeof t.id != "string" || t.id.length === 0 || typeof t.email != "string" || t.email.length === 0 || typeof t.name != "string" || t.name.length === 0 || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(t.email))
+  const r = t.user;
+  if (typeof r.id != "string" || r.id.length === 0 || typeof r.email != "string" || r.email.length === 0 || typeof r.name != "string" || r.name.length === 0 || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(r.email))
     return !1;
-  if (r.expiresAt)
-    if (r.expiresAt instanceof Date) {
-      if (isNaN(r.expiresAt.getTime()))
+  if (t.expiresAt)
+    if (t.expiresAt instanceof Date) {
+      if (isNaN(t.expiresAt.getTime()))
         return !1;
-    } else if (typeof r.expiresAt == "string") {
-      const i = new Date(r.expiresAt);
+    } else if (typeof t.expiresAt == "string") {
+      const i = new Date(t.expiresAt);
       if (isNaN(i.getTime()))
         return !1;
     } else
       return !1;
   return !0;
 }
-function q(e, r) {
-  const t = r.cookieName || "__mulguard_session";
+function j(e, t) {
+  const r = t.cookieName || "__mulguard_session";
   let s = null, i = 0;
   const h = 6e4;
   return {
@@ -50,11 +50,11 @@ function q(e, r) {
      */
     async getSession(n) {
       try {
-        if (!await R(t))
+        if (!await R(r))
           return s = null, null;
         const o = Date.now();
         if (s && o - i < h) {
-          if (!(n != null && n.skipRefresh) && this.shouldRefreshSession(s, r)) {
+          if (!(n != null && n.skipRefresh) && this.shouldRefreshSession(s, t)) {
             const u = await this.refreshSession();
             if (u)
               return s = u, i = o, u;
@@ -66,23 +66,23 @@ function q(e, r) {
           return s = null, null;
         const l = c.data.session;
         if (!m(l))
-          return await f(t), s = null, null;
-        if (d(l)) {
-          if (!(n != null && n.skipRefresh) && this.shouldRefreshSession(l, r)) {
+          return await f(r), s = null, null;
+        if (p(l)) {
+          if (!(n != null && n.skipRefresh) && this.shouldRefreshSession(l, t)) {
             const u = await this.refreshSession();
             if (u)
               return s = u, i = o, u;
           }
-          return await f(t), s = null, null;
+          return await f(r), s = null, null;
         }
-        if (!(n != null && n.skipRefresh) && this.shouldRefreshSession(l, r)) {
+        if (!(n != null && n.skipRefresh) && this.shouldRefreshSession(l, t)) {
           const u = await this.refreshSession();
           if (u)
             return s = u, i = o, u;
         }
         return s = l, i = o, l;
       } catch {
-        return await f(t), s = null, null;
+        return await f(r), s = null, null;
       }
     },
     /**
@@ -94,7 +94,7 @@ function q(e, r) {
      * Clear session
      */
     async clearSession(n) {
-      await f(t, {
+      await f(r, {
         path: n.path
       }), s = null, i = 0;
     },
@@ -116,7 +116,7 @@ function q(e, r) {
      * Check if session is expired
      */
     isSessionExpired(n) {
-      return d(n);
+      return p(n);
     },
     /**
      * Check if session should be refreshed (within 5 minutes of expiration)
@@ -129,65 +129,65 @@ function q(e, r) {
     }
   };
 }
-async function M(e, r) {
+async function P(e, t) {
   try {
-    const t = await e.post("/api/auth/refresh");
-    return t.data.session ? t.data.session : null;
+    const r = await e.post("/api/auth/refresh");
+    return r.data.session ? r.data.session : null;
   } catch {
     return null;
   }
 }
-async function p(e) {
+async function g(e) {
   try {
-    const r = await e.getSession();
-    return !r || !m(r) || d(r) ? null : r;
-  } catch (r) {
-    return console.error("Failed to get server session:", r), null;
+    const t = await e.getSession();
+    return !t || !m(t) || p(t) ? null : t;
+  } catch (t) {
+    return console.error("Failed to get server session:", t), null;
   }
 }
-async function A(e, r = "/login") {
-  const t = await p(e);
-  return t || T(r), t;
+async function S(e, t = "/login") {
+  const r = await g(e);
+  return r || T(t), r;
 }
-async function _(e, r, t = "/unauthorized") {
-  const s = await A(e);
-  return (!s.user.roles || !s.user.roles.includes(r)) && T(t), s;
+async function _(e, t, r = "/unauthorized") {
+  const s = await S(e);
+  return (!s.user.roles || !s.user.roles.includes(t)) && T(r), s;
 }
-async function k(e) {
-  const r = await p(e);
-  return (r == null ? void 0 : r.user) ?? null;
+async function E(e) {
+  const t = await g(e);
+  return (t == null ? void 0 : t.user) ?? null;
 }
-function P(e, r) {
+function L(e, t) {
   return {
-    getSession: () => p(e),
-    requireAuth: (t) => A(e, t),
-    requireRole: (t, s) => _(e, t, s)
+    getSession: () => g(e),
+    requireAuth: (r) => S(e, r),
+    requireRole: (r, s) => _(e, r, s)
   };
 }
-function j(e) {
+function z(e) {
   return {
-    getSession: () => p(e),
-    requireAuth: (r) => A(e, r),
-    requireRole: (r, t) => _(e, r, t),
-    getCurrentUser: () => k(e)
+    getSession: () => g(e),
+    requireAuth: (t) => S(e, t),
+    requireRole: (t, r) => _(e, t, r),
+    getCurrentUser: () => E(e)
   };
 }
-function x(e, r = []) {
+function x(e, t = []) {
   return [...[
     "/auth/login",
     "/auth/register",
     "/auth/forgot-password",
     "/auth/reset-password",
     "/auth/verify-email"
-  ], ...r].some((i) => e.startsWith(i));
+  ], ...t].some((i) => e.startsWith(i));
 }
-function D(e, r = {}) {
+function D(e, t = {}) {
   const {
-    redirectTo: t = "/auth/login",
+    redirectTo: r = "/auth/login",
     requireAuth: s = !1,
     allowedRoles: i = [],
     publicRoutes: h = []
-  } = r;
+  } = t;
   return async (n) => {
     const { pathname: a } = n.nextUrl;
     if (x(a, h) || a.startsWith("/api/") || a.startsWith("/_next/") || a.startsWith("/favicon.ico") || a.match(/\.(ico|png|jpg|jpeg|svg|gif|webp|css|js|woff|woff2|ttf|eot)$/))
@@ -195,88 +195,95 @@ function D(e, r = {}) {
     try {
       const o = await e.getSession();
       if (s && !o) {
-        const c = new URL(t, n.url);
-        return c.searchParams.set("redirect", a), g.redirect(c);
+        const c = new URL(r, n.url);
+        return c.searchParams.set("redirect", a), w.redirect(c);
       }
       if (o && i.length > 0) {
         const c = o.user.roles || [];
         if (!i.some((u) => c.includes(u)))
-          return g.redirect(new URL("/unauthorized", n.url));
+          return w.redirect(new URL("/unauthorized", n.url));
       }
-      return o && x(a, h) ? g.redirect(new URL("/", n.url)) : null;
+      return o && x(a, h) ? w.redirect(new URL("/", n.url)) : null;
     } catch (o) {
       return process.env.NODE_ENV === "development" && console.error("[Mulguard Middleware] Error:", o), null;
     }
   };
 }
-function L(e, r = "/auth/login") {
+function H(e, t = "/auth/login") {
   return D(e, {
     requireAuth: !0,
-    redirectTo: r
+    redirectTo: t
   });
 }
-function H(e, r, t = "/unauthorized") {
+function V(e, t, r = "/unauthorized") {
   return D(e, {
     requireAuth: !0,
-    allowedRoles: r,
-    redirectTo: t
+    allowedRoles: t,
+    redirectTo: r
   });
 }
-const S = "__mulguard_oauth_state", y = 10 * 60;
-async function V(e, r) {
+const A = "__mulguard_oauth_state", y = 10 * 60;
+async function k(e, t) {
   try {
-    const t = JSON.stringify({ state: e, provider: r, expiresAt: Date.now() + y * 1e3 }), s = process.env.NODE_ENV === "production";
-    return await E({
-      name: S,
-      value: t,
+    const r = JSON.stringify({ state: e, provider: t, expiresAt: Date.now() + y * 1e3 }), s = process.env.NODE_ENV === "production";
+    return await v({
+      name: A,
+      value: r,
       httpOnly: !0,
       secure: s,
       sameSite: "strict",
       maxAge: y,
       path: "/"
     });
-  } catch (t) {
+  } catch (r) {
     return {
       success: !1,
-      error: t instanceof Error ? t.message : "Failed to store OAuth state"
+      error: r instanceof Error ? r.message : "Failed to store OAuth state"
     };
   }
 }
-async function W() {
+async function N() {
   try {
-    const e = await R(S);
+    const e = await R(A);
     if (!e)
       return null;
-    const r = JSON.parse(e);
-    return r.expiresAt < Date.now() ? (await w(), null) : (await w(), {
-      state: r.state,
-      provider: r.provider
+    const t = JSON.parse(e);
+    return t.expiresAt < Date.now() ? (await d(), null) : (await d(), {
+      state: t.state,
+      provider: t.provider
     });
   } catch {
-    return await w(), null;
+    return await d(), null;
   }
 }
-async function w() {
-  await f(S, { path: "/" });
+async function d() {
+  await f(A, { path: "/" });
 }
+const W = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  deleteOAuthStateCookie: d,
+  getOAuthStateCookie: N,
+  storeOAuthStateCookie: k
+}, Symbol.toStringTag, { value: "Module" }));
 export {
-  b as a,
-  d as b,
+  M as a,
+  p as b,
   D as c,
-  H as d,
-  p as e,
-  A as f,
-  U as g,
+  V as d,
+  g as e,
+  S as f,
+  q as g,
   _ as h,
-  O as i,
-  k as j,
-  j as k,
-  W as l,
-  w as m,
-  q as n,
-  M as o,
-  P as p,
-  L as r,
-  V as s,
+  U as i,
+  E as j,
+  z as k,
+  N as l,
+  d as m,
+  j as n,
+  P as o,
+  L as p,
+  W as q,
+  H as r,
+  k as s,
   m as v
 };

package/dist/oauth-state-DlvrCV11.js

@@ -0,0 +1 @@
+"use strict";const f=require("./actions-CExpv_dD.js"),C=require("next/navigation"),A=require("next/server");function d(e){return!e||!e.expiresAt?!1:new Date(e.expiresAt)<new Date}function E(e,t=5){if(!e||!e.expiresAt)return!1;const r=new Date(e.expiresAt),s=new Date,i=(r.getTime()-s.getTime())/(1e3*60);return i>0&&i<t}function D(e){if(!e||!e.expiresAt)return null;const t=new Date(e.expiresAt),r=new Date,s=(t.getTime()-r.getTime())/(1e3*60);return s>0?Math.floor(s):0}function N(e){return!(!e||!e.user||!e.user.id||!e.user.email||!e.user.name||d(e))}function S(e){if(!e||typeof e!="object")return!1;const t=e;if(!t.user||typeof t.user!="object")return!1;const r=t.user;if(typeof r.id!="string"||r.id.length===0||typeof r.email!="string"||r.email.length===0||typeof r.name!="string"||r.name.length===0||!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(r.email))return!1;if(t.expiresAt)if(t.expiresAt instanceof Date){if(isNaN(t.expiresAt.getTime()))return!1}else if(typeof t.expiresAt=="string"){const i=new Date(t.expiresAt);if(isNaN(i.getTime()))return!1}else return!1;return!0}function O(e,t){const r=t.cookieName||"__mulguard_session";let s=null,i=0;const p=6e4;return{async getSession(n){try{if(!await f.getCookie(r))return s=null,null;const a=Date.now();if(s&&a-i<p){if(!(n!=null&&n.skipRefresh)&&this.shouldRefreshSession(s,t)){const o=await this.refreshSession();if(o)return s=o,i=a,o}return s}const c=await e.get("/api/auth/session");if(!c.data.session)return s=null,null;const l=c.data.session;if(!S(l))return await f.deleteCookie(r),s=null,null;if(d(l)){if(!(n!=null&&n.skipRefresh)&&this.shouldRefreshSession(l,t)){const o=await this.refreshSession();if(o)return s=o,i=a,o}return await f.deleteCookie(r),s=null,null}if(!(n!=null&&n.skipRefresh)&&this.shouldRefreshSession(l,t)){const o=await this.refreshSession();if(o)return s=o,i=a,o}return s=l,i=a,l}catch{return await f.deleteCookie(r),s=null,null}},setSession(n,u){},async clearSession(n){await f.deleteCookie(r,{path:n.path}),s=null,i=0},async refreshSession(){try{const n=await e.post("/api/auth/refresh");if(!n.data.session)return s=null,null;const u=n.data.session;return S(u)?(s=u,i=Date.now(),u):(s=null,null)}catch{return s=null,null}},isSessionExpired(n){return d(n)},shouldRefreshSession(n,u){if(!n.expiresAt)return!1;const a=new Date(n.expiresAt),c=new Date,l=a.getTime()-c.getTime(),o=5*60*1e3;return l>0&&l<o}}}async function q(e,t){try{const r=await e.post("/api/auth/refresh");return r.data.session?r.data.session:null}catch{return null}}async function g(e){try{const t=await e.getSession();return!t||!S(t)||d(t)?null:t}catch(t){return console.error("Failed to get server session:",t),null}}async function w(e,t="/login"){const r=await g(e);return r||C.redirect(t),r}async function m(e,t,r="/unauthorized"){const s=await w(e);return(!s.user.roles||!s.user.roles.includes(t))&&C.redirect(r),s}async function _(e){const t=await g(e);return(t==null?void 0:t.user)??null}function M(e,t){return{getSession:()=>g(e),requireAuth:r=>w(e,r),requireRole:(r,s)=>m(e,r,s)}}function U(e){return{getSession:()=>g(e),requireAuth:t=>w(e,t),requireRole:(t,r)=>m(e,t,r),getCurrentUser:()=>_(e)}}function y(e,t=[]){return[...["/auth/login","/auth/register","/auth/forgot-password","/auth/reset-password","/auth/verify-email"],...t].some(i=>e.startsWith(i))}function x(e,t={}){const{redirectTo:r="/auth/login",requireAuth:s=!1,allowedRoles:i=[],publicRoutes:p=[]}=t;return async n=>{const{pathname:u}=n.nextUrl;if(y(u,p)||u.startsWith("/api/")||u.startsWith("/_next/")||u.startsWith("/favicon.ico")||u.match(/\.(ico|png|jpg|jpeg|svg|gif|webp|css|js|woff|woff2|ttf|eot)$/))return null;try{const a=await e.getSession();if(s&&!a){const c=new URL(r,n.url);return c.searchParams.set("redirect",u),A.NextResponse.redirect(c)}if(a&&i.length>0){const c=a.user.roles||[];if(!i.some(o=>c.includes(o)))return A.NextResponse.redirect(new URL("/unauthorized",n.url))}return a&&y(u,p)?A.NextResponse.redirect(new URL("/",n.url)):null}catch(a){return process.env.NODE_ENV==="development"&&console.error("[Mulguard Middleware] Error:",a),null}}}function b(e,t="/auth/login"){return x(e,{requireAuth:!0,redirectTo:t})}function P(e,t,r="/unauthorized"){return x(e,{requireAuth:!0,allowedRoles:t,redirectTo:r})}const R="__mulguard_oauth_state",T=10*60;async function k(e,t){try{const r=JSON.stringify({state:e,provider:t,expiresAt:Date.now()+T*1e3}),s=process.env.NODE_ENV==="production";return await f.setCookie({name:R,value:r,httpOnly:!0,secure:s,sameSite:"strict",maxAge:T,path:"/"})}catch(r){return{success:!1,error:r instanceof Error?r.message:"Failed to store OAuth state"}}}async function v(){try{const e=await f.getCookie(R);if(!e)return null;const t=JSON.parse(e);return t.expiresAt<Date.now()?(await h(),null):(await h(),{state:t.state,provider:t.provider})}catch{return await h(),null}}async function h(){await f.deleteCookie(R,{path:"/"})}const j=Object.freeze(Object.defineProperty({__proto__:null,deleteOAuthStateCookie:h,getOAuthStateCookie:v,storeOAuthStateCookie:k},Symbol.toStringTag,{value:"Module"}));exports.createAuthMiddleware=x;exports.createServerHelpers=M;exports.createServerUtils=U;exports.createSessionManager=O;exports.deleteOAuthStateCookie=h;exports.getCurrentUser=_;exports.getOAuthStateCookie=v;exports.getServerSession=g;exports.getSessionTimeUntilExpiry=D;exports.isSessionExpiredNullable=d;exports.isSessionExpiringSoon=E;exports.isSessionValid=N;exports.oauthState=j;exports.refreshSession=q;exports.requireAuth=w;exports.requireAuthMiddleware=b;exports.requireRole=m;exports.requireRoleMiddleware=P;exports.storeOAuthStateCookie=k;exports.validateSessionStructure=S;

package/dist/server/index.js

@@ -1 +1 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const i=require("../actions-CExpv_dD.js"),e=require("../oauth-state-CzIWQq3s.js");exports.buildCookieOptions=i.buildCookieOptions;exports.deleteCookie=i.deleteCookie;exports.getCookie=i.getCookie;exports.setCookie=i.setCookie;exports.signInEmailAction=i.signInEmailAction;exports.signOutAction=i.signOutAction;exports.signUpAction=i.signUpAction;exports.verify2FAAction=i.verify2FAAction;exports.createServerAuthMiddleware=e.createAuthMiddleware;exports.createServerHelpers=e.createServerHelpers;exports.createServerUtils=e.createServerUtils;exports.createSessionManager=e.createSessionManager;exports.deleteOAuthStateCookie=e.deleteOAuthStateCookie;exports.getCurrentUser=e.getCurrentUser;exports.getOAuthStateCookie=e.getOAuthStateCookie;exports.getServerSession=e.getServerSession;exports.getSessionTimeUntilExpiry=e.getSessionTimeUntilExpiry;exports.isSessionExpiredNullable=e.isSessionExpiredNullable;exports.isSessionExpiringSoon=e.isSessionExpiringSoon;exports.isSessionValid=e.isSessionValid;exports.refreshSession=e.refreshSession;exports.requireAuth=e.requireAuth;exports.requireRole=e.requireRole;exports.requireServerAuthMiddleware=e.requireAuthMiddleware;exports.requireServerRoleMiddleware=e.requireRoleMiddleware;exports.storeOAuthStateCookie=e.storeOAuthStateCookie;exports.validateSessionStructure=e.validateSessionStructure;
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const i=require("../actions-CExpv_dD.js"),e=require("../oauth-state-DlvrCV11.js");exports.buildCookieOptions=i.buildCookieOptions;exports.deleteCookie=i.deleteCookie;exports.getCookie=i.getCookie;exports.setCookie=i.setCookie;exports.signInEmailAction=i.signInEmailAction;exports.signOutAction=i.signOutAction;exports.signUpAction=i.signUpAction;exports.verify2FAAction=i.verify2FAAction;exports.createServerAuthMiddleware=e.createAuthMiddleware;exports.createServerHelpers=e.createServerHelpers;exports.createServerUtils=e.createServerUtils;exports.createSessionManager=e.createSessionManager;exports.deleteOAuthStateCookie=e.deleteOAuthStateCookie;exports.getCurrentUser=e.getCurrentUser;exports.getOAuthStateCookie=e.getOAuthStateCookie;exports.getServerSession=e.getServerSession;exports.getSessionTimeUntilExpiry=e.getSessionTimeUntilExpiry;exports.isSessionExpiredNullable=e.isSessionExpiredNullable;exports.isSessionExpiringSoon=e.isSessionExpiringSoon;exports.isSessionValid=e.isSessionValid;exports.refreshSession=e.refreshSession;exports.requireAuth=e.requireAuth;exports.requireRole=e.requireRole;exports.requireServerAuthMiddleware=e.requireAuthMiddleware;exports.requireServerRoleMiddleware=e.requireRoleMiddleware;exports.storeOAuthStateCookie=e.storeOAuthStateCookie;exports.validateSessionStructure=e.validateSessionStructure;

package/dist/server/index.mjs

@@ -1,5 +1,5 @@
 import { e as a, d as i, g as r, c as t, a as o, s as n, b as S, v as l } from "../actions-DeCfLtHA.mjs";
-import { c as d, p as g, k as c, n as A, m as v, j as p, l as h, e as k, g as C, b as f, i as m, a as x, o as O, f as b, h as q, r as E, d as M, s as U, v as w } from "../oauth-state-LE-qeq-K.mjs";
+import { c as d, p as g, k as c, n as A, m as v, j as p, l as h, e as k, g as C, b as f, i as m, a as x, o as O, f as b, h as q, r as E, d as M, s as U, v as w } from "../oauth-state-DKle8eCr.mjs";
 export {
   a as buildCookieOptions,
   d as createServerAuthMiddleware,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mulguard",
-  "version": "1.1.5",
+  "version": "1.1.6",
   "description": "Mulguard is a modern authentication backend-first library for Next.js",
   "main": "./dist/index/index.js",
   "module": "./dist/index/index.mjs",

package/dist/oauth-state-CzIWQq3s.js

@@ -1 +0,0 @@
-"use strict";const f=require("./actions-CExpv_dD.js"),C=require("next/navigation"),A=require("next/server");function h(e){return!e||!e.expiresAt?!1:new Date(e.expiresAt)<new Date}function v(e,t=5){if(!e||!e.expiresAt)return!1;const r=new Date(e.expiresAt),s=new Date,i=(r.getTime()-s.getTime())/(1e3*60);return i>0&&i<t}function E(e){if(!e||!e.expiresAt)return null;const t=new Date(e.expiresAt),r=new Date,s=(t.getTime()-r.getTime())/(1e3*60);return s>0?Math.floor(s):0}function _(e){return!(!e||!e.user||!e.user.id||!e.user.email||!e.user.name||h(e))}function w(e){if(!e||typeof e!="object")return!1;const t=e;if(!t.user||typeof t.user!="object")return!1;const r=t.user;if(typeof r.id!="string"||r.id.length===0||typeof r.email!="string"||r.email.length===0||typeof r.name!="string"||r.name.length===0||!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(r.email))return!1;if(t.expiresAt)if(t.expiresAt instanceof Date){if(isNaN(t.expiresAt.getTime()))return!1}else if(typeof t.expiresAt=="string"){const i=new Date(t.expiresAt);if(isNaN(i.getTime()))return!1}else return!1;return!0}function D(e,t){const r=t.cookieName||"__mulguard_session";let s=null,i=0;const g=6e4;return{async getSession(n){try{if(!await f.getCookie(r))return s=null,null;const a=Date.now();if(s&&a-i<g){if(!(n!=null&&n.skipRefresh)&&this.shouldRefreshSession(s,t)){const o=await this.refreshSession();if(o)return s=o,i=a,o}return s}const c=await e.get("/api/auth/session");if(!c.data.session)return s=null,null;const l=c.data.session;if(!w(l))return await f.deleteCookie(r),s=null,null;if(h(l)){if(!(n!=null&&n.skipRefresh)&&this.shouldRefreshSession(l,t)){const o=await this.refreshSession();if(o)return s=o,i=a,o}return await f.deleteCookie(r),s=null,null}if(!(n!=null&&n.skipRefresh)&&this.shouldRefreshSession(l,t)){const o=await this.refreshSession();if(o)return s=o,i=a,o}return s=l,i=a,l}catch{return await f.deleteCookie(r),s=null,null}},setSession(n,u){},async clearSession(n){await f.deleteCookie(r,{path:n.path}),s=null,i=0},async refreshSession(){try{const n=await e.post("/api/auth/refresh");if(!n.data.session)return s=null,null;const u=n.data.session;return w(u)?(s=u,i=Date.now(),u):(s=null,null)}catch{return s=null,null}},isSessionExpired(n){return h(n)},shouldRefreshSession(n,u){if(!n.expiresAt)return!1;const a=new Date(n.expiresAt),c=new Date,l=a.getTime()-c.getTime(),o=5*60*1e3;return l>0&&l<o}}}async function N(e,t){try{const r=await e.post("/api/auth/refresh");return r.data.session?r.data.session:null}catch{return null}}async function d(e){try{const t=await e.getSession();return!t||!w(t)||h(t)?null:t}catch(t){return console.error("Failed to get server session:",t),null}}async function S(e,t="/login"){const r=await d(e);return r||C.redirect(t),r}async function m(e,t,r="/unauthorized"){const s=await S(e);return(!s.user.roles||!s.user.roles.includes(t))&&C.redirect(r),s}async function k(e){const t=await d(e);return(t==null?void 0:t.user)??null}function q(e,t){return{getSession:()=>d(e),requireAuth:r=>S(e,r),requireRole:(r,s)=>m(e,r,s)}}function O(e){return{getSession:()=>d(e),requireAuth:t=>S(e,t),requireRole:(t,r)=>m(e,t,r),getCurrentUser:()=>k(e)}}function y(e,t=[]){return[...["/auth/login","/auth/register","/auth/forgot-password","/auth/reset-password","/auth/verify-email"],...t].some(i=>e.startsWith(i))}function x(e,t={}){const{redirectTo:r="/auth/login",requireAuth:s=!1,allowedRoles:i=[],publicRoutes:g=[]}=t;return async n=>{const{pathname:u}=n.nextUrl;if(y(u,g)||u.startsWith("/api/")||u.startsWith("/_next/")||u.startsWith("/favicon.ico")||u.match(/\.(ico|png|jpg|jpeg|svg|gif|webp|css|js|woff|woff2|ttf|eot)$/))return null;try{const a=await e.getSession();if(s&&!a){const c=new URL(r,n.url);return c.searchParams.set("redirect",u),A.NextResponse.redirect(c)}if(a&&i.length>0){const c=a.user.roles||[];if(!i.some(o=>c.includes(o)))return A.NextResponse.redirect(new URL("/unauthorized",n.url))}return a&&y(u,g)?A.NextResponse.redirect(new URL("/",n.url)):null}catch(a){return process.env.NODE_ENV==="development"&&console.error("[Mulguard Middleware] Error:",a),null}}}function U(e,t="/auth/login"){return x(e,{requireAuth:!0,redirectTo:t})}function M(e,t,r="/unauthorized"){return x(e,{requireAuth:!0,allowedRoles:t,redirectTo:r})}const R="__mulguard_oauth_state",T=10*60;async function b(e,t){try{const r=JSON.stringify({state:e,provider:t,expiresAt:Date.now()+T*1e3}),s=process.env.NODE_ENV==="production";return await f.setCookie({name:R,value:r,httpOnly:!0,secure:s,sameSite:"strict",maxAge:T,path:"/"})}catch(r){return{success:!1,error:r instanceof Error?r.message:"Failed to store OAuth state"}}}async function P(){try{const e=await f.getCookie(R);if(!e)return null;const t=JSON.parse(e);return t.expiresAt<Date.now()?(await p(),null):(await p(),{state:t.state,provider:t.provider})}catch{return await p(),null}}async function p(){await f.deleteCookie(R,{path:"/"})}exports.createAuthMiddleware=x;exports.createServerHelpers=q;exports.createServerUtils=O;exports.createSessionManager=D;exports.deleteOAuthStateCookie=p;exports.getCurrentUser=k;exports.getOAuthStateCookie=P;exports.getServerSession=d;exports.getSessionTimeUntilExpiry=E;exports.isSessionExpiredNullable=h;exports.isSessionExpiringSoon=v;exports.isSessionValid=_;exports.refreshSession=N;exports.requireAuth=S;exports.requireAuthMiddleware=U;exports.requireRole=m;exports.requireRoleMiddleware=M;exports.storeOAuthStateCookie=b;exports.validateSessionStructure=w;