mulguard 1.1.6 → 1.1.7

package/dist/oauth-state-DKle8eCr.mjs

@@ -1,289 +0,0 @@
-import { d as f, g as R, c as v } from "./actions-DeCfLtHA.mjs";
-import { redirect as T } from "next/navigation";
-import { NextResponse as w } from "next/server";
-function p(e) {
-  return !e || !e.expiresAt ? !1 : new Date(e.expiresAt) < /* @__PURE__ */ new Date();
-}
-function U(e, t = 5) {
-  if (!e || !e.expiresAt)
-    return !1;
-  const r = new Date(e.expiresAt), s = /* @__PURE__ */ new Date(), i = (r.getTime() - s.getTime()) / (1e3 * 60);
-  return i > 0 && i < t;
-}
-function q(e) {
-  if (!e || !e.expiresAt)
-    return null;
-  const t = new Date(e.expiresAt), r = /* @__PURE__ */ new Date(), s = (t.getTime() - r.getTime()) / (1e3 * 60);
-  return s > 0 ? Math.floor(s) : 0;
-}
-function M(e) {
-  return !(!e || !e.user || !e.user.id || !e.user.email || !e.user.name || p(e));
-}
-function m(e) {
-  if (!e || typeof e != "object")
-    return !1;
-  const t = e;
-  if (!t.user || typeof t.user != "object")
-    return !1;
-  const r = t.user;
-  if (typeof r.id != "string" || r.id.length === 0 || typeof r.email != "string" || r.email.length === 0 || typeof r.name != "string" || r.name.length === 0 || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(r.email))
-    return !1;
-  if (t.expiresAt)
-    if (t.expiresAt instanceof Date) {
-      if (isNaN(t.expiresAt.getTime()))
-        return !1;
-    } else if (typeof t.expiresAt == "string") {
-      const i = new Date(t.expiresAt);
-      if (isNaN(i.getTime()))
-        return !1;
-    } else
-      return !1;
-  return !0;
-}
-function j(e, t) {
-  const r = t.cookieName || "__mulguard_session";
-  let s = null, i = 0;
-  const h = 6e4;
-  return {
-    /**
-     * Get current session from backend with automatic refresh
-     */
-    async getSession(n) {
-      try {
-        if (!await R(r))
-          return s = null, null;
-        const o = Date.now();
-        if (s && o - i < h) {
-          if (!(n != null && n.skipRefresh) && this.shouldRefreshSession(s, t)) {
-            const u = await this.refreshSession();
-            if (u)
-              return s = u, i = o, u;
-          }
-          return s;
-        }
-        const c = await e.get("/api/auth/session");
-        if (!c.data.session)
-          return s = null, null;
-        const l = c.data.session;
-        if (!m(l))
-          return await f(r), s = null, null;
-        if (p(l)) {
-          if (!(n != null && n.skipRefresh) && this.shouldRefreshSession(l, t)) {
-            const u = await this.refreshSession();
-            if (u)
-              return s = u, i = o, u;
-          }
-          return await f(r), s = null, null;
-        }
-        if (!(n != null && n.skipRefresh) && this.shouldRefreshSession(l, t)) {
-          const u = await this.refreshSession();
-          if (u)
-            return s = u, i = o, u;
-        }
-        return s = l, i = o, l;
-      } catch {
-        return await f(r), s = null, null;
-      }
-    },
-    /**
-     * Set session cookie
-     */
-    setSession(n, a) {
-    },
-    /**
-     * Clear session
-     */
-    async clearSession(n) {
-      await f(r, {
-        path: n.path
-      }), s = null, i = 0;
-    },
-    /**
-     * Refresh session
-     */
-    async refreshSession() {
-      try {
-        const n = await e.post("/api/auth/refresh");
-        if (!n.data.session)
-          return s = null, null;
-        const a = n.data.session;
-        return m(a) ? (s = a, i = Date.now(), a) : (s = null, null);
-      } catch {
-        return s = null, null;
-      }
-    },
-    /**
-     * Check if session is expired
-     */
-    isSessionExpired(n) {
-      return p(n);
-    },
-    /**
-     * Check if session should be refreshed (within 5 minutes of expiration)
-     */
-    shouldRefreshSession(n, a) {
-      if (!n.expiresAt)
-        return !1;
-      const o = new Date(n.expiresAt), c = /* @__PURE__ */ new Date(), l = o.getTime() - c.getTime(), u = 5 * 60 * 1e3;
-      return l > 0 && l < u;
-    }
-  };
-}
-async function P(e, t) {
-  try {
-    const r = await e.post("/api/auth/refresh");
-    return r.data.session ? r.data.session : null;
-  } catch {
-    return null;
-  }
-}
-async function g(e) {
-  try {
-    const t = await e.getSession();
-    return !t || !m(t) || p(t) ? null : t;
-  } catch (t) {
-    return console.error("Failed to get server session:", t), null;
-  }
-}
-async function S(e, t = "/login") {
-  const r = await g(e);
-  return r || T(t), r;
-}
-async function _(e, t, r = "/unauthorized") {
-  const s = await S(e);
-  return (!s.user.roles || !s.user.roles.includes(t)) && T(r), s;
-}
-async function E(e) {
-  const t = await g(e);
-  return (t == null ? void 0 : t.user) ?? null;
-}
-function L(e, t) {
-  return {
-    getSession: () => g(e),
-    requireAuth: (r) => S(e, r),
-    requireRole: (r, s) => _(e, r, s)
-  };
-}
-function z(e) {
-  return {
-    getSession: () => g(e),
-    requireAuth: (t) => S(e, t),
-    requireRole: (t, r) => _(e, t, r),
-    getCurrentUser: () => E(e)
-  };
-}
-function x(e, t = []) {
-  return [...[
-    "/auth/login",
-    "/auth/register",
-    "/auth/forgot-password",
-    "/auth/reset-password",
-    "/auth/verify-email"
-  ], ...t].some((i) => e.startsWith(i));
-}
-function D(e, t = {}) {
-  const {
-    redirectTo: r = "/auth/login",
-    requireAuth: s = !1,
-    allowedRoles: i = [],
-    publicRoutes: h = []
-  } = t;
-  return async (n) => {
-    const { pathname: a } = n.nextUrl;
-    if (x(a, h) || a.startsWith("/api/") || a.startsWith("/_next/") || a.startsWith("/favicon.ico") || a.match(/\.(ico|png|jpg|jpeg|svg|gif|webp|css|js|woff|woff2|ttf|eot)$/))
-      return null;
-    try {
-      const o = await e.getSession();
-      if (s && !o) {
-        const c = new URL(r, n.url);
-        return c.searchParams.set("redirect", a), w.redirect(c);
-      }
-      if (o && i.length > 0) {
-        const c = o.user.roles || [];
-        if (!i.some((u) => c.includes(u)))
-          return w.redirect(new URL("/unauthorized", n.url));
-      }
-      return o && x(a, h) ? w.redirect(new URL("/", n.url)) : null;
-    } catch (o) {
-      return process.env.NODE_ENV === "development" && console.error("[Mulguard Middleware] Error:", o), null;
-    }
-  };
-}
-function H(e, t = "/auth/login") {
-  return D(e, {
-    requireAuth: !0,
-    redirectTo: t
-  });
-}
-function V(e, t, r = "/unauthorized") {
-  return D(e, {
-    requireAuth: !0,
-    allowedRoles: t,
-    redirectTo: r
-  });
-}
-const A = "__mulguard_oauth_state", y = 10 * 60;
-async function k(e, t) {
-  try {
-    const r = JSON.stringify({ state: e, provider: t, expiresAt: Date.now() + y * 1e3 }), s = process.env.NODE_ENV === "production";
-    return await v({
-      name: A,
-      value: r,
-      httpOnly: !0,
-      secure: s,
-      sameSite: "strict",
-      maxAge: y,
-      path: "/"
-    });
-  } catch (r) {
-    return {
-      success: !1,
-      error: r instanceof Error ? r.message : "Failed to store OAuth state"
-    };
-  }
-}
-async function N() {
-  try {
-    const e = await R(A);
-    if (!e)
-      return null;
-    const t = JSON.parse(e);
-    return t.expiresAt < Date.now() ? (await d(), null) : (await d(), {
-      state: t.state,
-      provider: t.provider
-    });
-  } catch {
-    return await d(), null;
-  }
-}
-async function d() {
-  await f(A, { path: "/" });
-}
-const W = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
-  __proto__: null,
-  deleteOAuthStateCookie: d,
-  getOAuthStateCookie: N,
-  storeOAuthStateCookie: k
-}, Symbol.toStringTag, { value: "Module" }));
-export {
-  M as a,
-  p as b,
-  D as c,
-  V as d,
-  g as e,
-  S as f,
-  q as g,
-  _ as h,
-  U as i,
-  E as j,
-  z as k,
-  N as l,
-  d as m,
-  j as n,
-  P as o,
-  L as p,
-  W as q,
-  H as r,
-  k as s,
-  m as v
-};

package/dist/oauth-state-DlvrCV11.js

@@ -1 +0,0 @@
-"use strict";const f=require("./actions-CExpv_dD.js"),C=require("next/navigation"),A=require("next/server");function d(e){return!e||!e.expiresAt?!1:new Date(e.expiresAt)<new Date}function E(e,t=5){if(!e||!e.expiresAt)return!1;const r=new Date(e.expiresAt),s=new Date,i=(r.getTime()-s.getTime())/(1e3*60);return i>0&&i<t}function D(e){if(!e||!e.expiresAt)return null;const t=new Date(e.expiresAt),r=new Date,s=(t.getTime()-r.getTime())/(1e3*60);return s>0?Math.floor(s):0}function N(e){return!(!e||!e.user||!e.user.id||!e.user.email||!e.user.name||d(e))}function S(e){if(!e||typeof e!="object")return!1;const t=e;if(!t.user||typeof t.user!="object")return!1;const r=t.user;if(typeof r.id!="string"||r.id.length===0||typeof r.email!="string"||r.email.length===0||typeof r.name!="string"||r.name.length===0||!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(r.email))return!1;if(t.expiresAt)if(t.expiresAt instanceof Date){if(isNaN(t.expiresAt.getTime()))return!1}else if(typeof t.expiresAt=="string"){const i=new Date(t.expiresAt);if(isNaN(i.getTime()))return!1}else return!1;return!0}function O(e,t){const r=t.cookieName||"__mulguard_session";let s=null,i=0;const p=6e4;return{async getSession(n){try{if(!await f.getCookie(r))return s=null,null;const a=Date.now();if(s&&a-i<p){if(!(n!=null&&n.skipRefresh)&&this.shouldRefreshSession(s,t)){const o=await this.refreshSession();if(o)return s=o,i=a,o}return s}const c=await e.get("/api/auth/session");if(!c.data.session)return s=null,null;const l=c.data.session;if(!S(l))return await f.deleteCookie(r),s=null,null;if(d(l)){if(!(n!=null&&n.skipRefresh)&&this.shouldRefreshSession(l,t)){const o=await this.refreshSession();if(o)return s=o,i=a,o}return await f.deleteCookie(r),s=null,null}if(!(n!=null&&n.skipRefresh)&&this.shouldRefreshSession(l,t)){const o=await this.refreshSession();if(o)return s=o,i=a,o}return s=l,i=a,l}catch{return await f.deleteCookie(r),s=null,null}},setSession(n,u){},async clearSession(n){await f.deleteCookie(r,{path:n.path}),s=null,i=0},async refreshSession(){try{const n=await e.post("/api/auth/refresh");if(!n.data.session)return s=null,null;const u=n.data.session;return S(u)?(s=u,i=Date.now(),u):(s=null,null)}catch{return s=null,null}},isSessionExpired(n){return d(n)},shouldRefreshSession(n,u){if(!n.expiresAt)return!1;const a=new Date(n.expiresAt),c=new Date,l=a.getTime()-c.getTime(),o=5*60*1e3;return l>0&&l<o}}}async function q(e,t){try{const r=await e.post("/api/auth/refresh");return r.data.session?r.data.session:null}catch{return null}}async function g(e){try{const t=await e.getSession();return!t||!S(t)||d(t)?null:t}catch(t){return console.error("Failed to get server session:",t),null}}async function w(e,t="/login"){const r=await g(e);return r||C.redirect(t),r}async function m(e,t,r="/unauthorized"){const s=await w(e);return(!s.user.roles||!s.user.roles.includes(t))&&C.redirect(r),s}async function _(e){const t=await g(e);return(t==null?void 0:t.user)??null}function M(e,t){return{getSession:()=>g(e),requireAuth:r=>w(e,r),requireRole:(r,s)=>m(e,r,s)}}function U(e){return{getSession:()=>g(e),requireAuth:t=>w(e,t),requireRole:(t,r)=>m(e,t,r),getCurrentUser:()=>_(e)}}function y(e,t=[]){return[...["/auth/login","/auth/register","/auth/forgot-password","/auth/reset-password","/auth/verify-email"],...t].some(i=>e.startsWith(i))}function x(e,t={}){const{redirectTo:r="/auth/login",requireAuth:s=!1,allowedRoles:i=[],publicRoutes:p=[]}=t;return async n=>{const{pathname:u}=n.nextUrl;if(y(u,p)||u.startsWith("/api/")||u.startsWith("/_next/")||u.startsWith("/favicon.ico")||u.match(/\.(ico|png|jpg|jpeg|svg|gif|webp|css|js|woff|woff2|ttf|eot)$/))return null;try{const a=await e.getSession();if(s&&!a){const c=new URL(r,n.url);return c.searchParams.set("redirect",u),A.NextResponse.redirect(c)}if(a&&i.length>0){const c=a.user.roles||[];if(!i.some(o=>c.includes(o)))return A.NextResponse.redirect(new URL("/unauthorized",n.url))}return a&&y(u,p)?A.NextResponse.redirect(new URL("/",n.url)):null}catch(a){return process.env.NODE_ENV==="development"&&console.error("[Mulguard Middleware] Error:",a),null}}}function b(e,t="/auth/login"){return x(e,{requireAuth:!0,redirectTo:t})}function P(e,t,r="/unauthorized"){return x(e,{requireAuth:!0,allowedRoles:t,redirectTo:r})}const R="__mulguard_oauth_state",T=10*60;async function k(e,t){try{const r=JSON.stringify({state:e,provider:t,expiresAt:Date.now()+T*1e3}),s=process.env.NODE_ENV==="production";return await f.setCookie({name:R,value:r,httpOnly:!0,secure:s,sameSite:"strict",maxAge:T,path:"/"})}catch(r){return{success:!1,error:r instanceof Error?r.message:"Failed to store OAuth state"}}}async function v(){try{const e=await f.getCookie(R);if(!e)return null;const t=JSON.parse(e);return t.expiresAt<Date.now()?(await h(),null):(await h(),{state:t.state,provider:t.provider})}catch{return await h(),null}}async function h(){await f.deleteCookie(R,{path:"/"})}const j=Object.freeze(Object.defineProperty({__proto__:null,deleteOAuthStateCookie:h,getOAuthStateCookie:v,storeOAuthStateCookie:k},Symbol.toStringTag,{value:"Module"}));exports.createAuthMiddleware=x;exports.createServerHelpers=M;exports.createServerUtils=U;exports.createSessionManager=O;exports.deleteOAuthStateCookie=h;exports.getCurrentUser=_;exports.getOAuthStateCookie=v;exports.getServerSession=g;exports.getSessionTimeUntilExpiry=D;exports.isSessionExpiredNullable=d;exports.isSessionExpiringSoon=E;exports.isSessionValid=N;exports.oauthState=j;exports.refreshSession=q;exports.requireAuth=w;exports.requireAuthMiddleware=b;exports.requireRole=m;exports.requireRoleMiddleware=P;exports.storeOAuthStateCookie=k;exports.validateSessionStructure=S;

package/dist/server/actions.d.ts

@@ -1,86 +0,0 @@
-import { MulguardInstance } from '../mulguard';
-import { Verify2FAData, AuthResult, EmailCredentials, RegisterData } from '../core/types';
-/**
- * Verify 2FA code - Server Action
- *
- * ✅ Works in all scenarios:
- * - Direct import in client components
- * - Wrapped in separate files with 'use server'
- * - Automatic CSRF protection and cookie handling
- *
- * @example
- * ```typescript
- * // Option 1: Direct use in client component
- * 'use client'
- * import { verify2FAAction } from 'mulguard/server'
- * import { auth } from '@/lib/auth'
- *
- * const result = await verify2FAAction(auth, { email, userId, code })
- * ```
- *
- * @example
- * ```typescript
- * // Option 2: Wrap in separate file
- * // lib/auth-actions.ts
- * 'use server'
- * import { verify2FAAction as baseVerify2FA } from 'mulguard/server'
- * import { auth } from './auth'
- *
- * export async function verify2FA(data: Verify2FAData) {
- *   return await baseVerify2FA(auth, data)
- * }
- *
- * // Then use in client component:
- * 'use client'
- * import { verify2FA } from '@/lib/auth-actions'
- * const result = await verify2FA({ email, userId, code })
- * ```
- */
-export declare function verify2FAAction(auth: MulguardInstance, data: Verify2FAData): Promise<AuthResult>;
-/**
- * Sign out - Server Action
- *
- * ✅ Works in all scenarios:
- * - Direct import in client components
- * - Wrapped in separate files with 'use server'
- * - Automatic cookie clearing
- *
- * @example
- * ```typescript
- * // Option 1: Direct use in client component
- * 'use client'
- * import { signOutAction } from 'mulguard/server'
- * import { auth } from '@/lib/auth'
- *
- * await signOutAction(auth)
- * ```
- *
- * @example
- * ```typescript
- * // Option 2: Wrap in separate file
- * // lib/auth-actions.ts
- * 'use server'
- * import { signOutAction as baseSignOut } from 'mulguard/server'
- * import { auth } from './auth'
- *
- * export async function signOut() {
- *   return await baseSignOut(auth)
- * }
- * ```
- */
-export declare function signOutAction(auth: MulguardInstance): Promise<{
-    success: boolean;
-    error?: string;
-}>;
-/**
- * Sign in with email - Server Action
- *
- * ✅ Works in all scenarios
- */
-export declare function signInEmailAction(auth: MulguardInstance, credentials: EmailCredentials): Promise<AuthResult>;
-/**
- * Sign up - Server Action
- *
- * ✅ Works in all scenarios
- */
-export declare function signUpAction(auth: MulguardInstance, data: RegisterData): Promise<AuthResult>;

package/dist/server/helpers.d.ts

@@ -1,10 +0,0 @@
-import { MulguardInstance } from '../mulguard';
-import { MulguardConfig } from '../core/types';
-/**
- * Create server-side auth helpers with pre-configured instance
- */
-export declare function createServerHelpers(_auth: MulguardInstance, _config: MulguardConfig): {
-    getSession: () => Promise<import('..').Session<import('..').User> | null>;
-    requireAuth: (redirectTo?: string) => Promise<import('..').Session<import('..').User>>;
-    requireRole: (role: string, redirectTo?: string) => Promise<import('..').Session<import('..').User>>;
-};

package/dist/server/index.d.ts

@@ -1,14 +0,0 @@
-/**
- * Server-side utilities for Next.js
- */
-export * from './cookies';
-export * from './session';
-export * from './auth';
-export * from './helpers';
-export * from './utils';
-export { isSessionExpiringSoon, getSessionTimeUntilExpiry, isSessionValid, validateSessionStructure, isSessionExpiredNullable, } from './session-helpers';
-export { createAuthMiddleware as createServerAuthMiddleware, requireAuthMiddleware as requireServerAuthMiddleware, requireRoleMiddleware as requireServerRoleMiddleware, } from './middleware';
-export { getServerSession, requireAuth, requireRole, getCurrentUser } from './auth';
-export { createServerUtils } from './utils';
-export { verify2FAAction, signOutAction, signInEmailAction, signUpAction, } from './actions';
-export { storeOAuthStateCookie, getOAuthStateCookie, deleteOAuthStateCookie, } from './oauth-state';

package/dist/server/middleware.d.ts

@@ -1,39 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { MulguardInstance } from '../mulguard';
-export interface AuthMiddlewareOptions {
-    /** Redirect to this URL if authentication is required but user is not authenticated */
-    redirectTo?: string;
-    /** Require authentication for all routes */
-    requireAuth?: boolean;
-    /** Require specific roles */
-    allowedRoles?: string[];
-    /** Public routes that don't require authentication */
-    publicRoutes?: string[];
-}
-/**
- * Create authentication middleware for Next.js
- *
- * @example
- * ```typescript
- * // middleware.ts
- * import { auth } from '@/lib/auth'
- * import { createAuthMiddleware } from 'mulguard/server'
- *
- * export const middleware = createAuthMiddleware(auth, {
- *   requireAuth: true,
- *   redirectTo: '/auth/login',
- *   allowedRoles: ['admin'],
- * })
- * ```
- */
-export declare function createAuthMiddleware(auth: MulguardInstance, options?: AuthMiddlewareOptions): (request: NextRequest) => Promise<NextResponse | null>;
-/**
- * Require authentication middleware
- * Shortcut for createAuthMiddleware with requireAuth: true
- */
-export declare function requireAuthMiddleware(auth: MulguardInstance, redirectTo?: string): (request: NextRequest) => Promise<NextResponse | null>;
-/**
- * Require role middleware
- * Shortcut for createAuthMiddleware with allowedRoles
- */
-export declare function requireRoleMiddleware(auth: MulguardInstance, roles: string[], redirectTo?: string): (request: NextRequest) => Promise<NextResponse | null>;

package/dist/server/session.d.ts

@@ -1,28 +0,0 @@
-import { Session, SessionConfig } from '../core/types';
-type ApiClient = {
-    get: <T>(url: string) => Promise<{
-        data: T;
-    }>;
-    post: <T>(url: string, data?: unknown) => Promise<{
-        data: T;
-    }>;
-};
-export interface SessionManager {
-    getSession(options?: {
-        skipRefresh?: boolean;
-    }): Promise<Session | null>;
-    setSession(session: Session, config: SessionConfig): void;
-    clearSession(config: SessionConfig): Promise<void>;
-    refreshSession(): Promise<Session | null>;
-    isSessionExpired(session: Session): boolean;
-    shouldRefreshSession(session: Session, config: SessionConfig): boolean;
-}
-/**
- * Create session manager with automatic refresh
- */
-export declare function createSessionManager(client: ApiClient, config: SessionConfig): SessionManager;
-/**
- * Refresh session
- */
-export declare function refreshSession(client: ApiClient, _config: SessionConfig): Promise<Session | null>;
-export {};

package/dist/server/utils.d.ts

@@ -1,10 +0,0 @@
-import { MulguardInstance } from '../mulguard';
-/**
- * Create server-side helpers with pre-configured auth instance
- */
-export declare function createServerUtils(auth: MulguardInstance): {
-    getSession: () => Promise<import('..').Session<import('..').User> | null>;
-    requireAuth: (redirectTo?: string) => Promise<import('..').Session<import('..').User>>;
-    requireRole: (role: string, redirectTo?: string) => Promise<import('..').Session<import('..').User>>;
-    getCurrentUser: () => Promise<import('..').User | null>;
-};