mulguard 1.1.6 → 1.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +210 -706
- package/dist/actions-CMtg7FGv.js +1 -0
- package/dist/{actions-DeCfLtHA.mjs → actions-CjQUKaXF.mjs} +54 -38
- package/dist/client/index.js +1 -1
- package/dist/client/index.mjs +84 -78
- package/dist/core/auth/email-password.d.ts +145 -0
- package/dist/core/auth/oauth/index.d.ts +14 -0
- package/dist/core/auth/oauth/oauth-handler.d.ts +172 -0
- package/dist/core/auth/oauth/pkce.d.ts +168 -0
- package/dist/core/auth/{oauth-providers.d.ts → oauth/providers.d.ts} +8 -7
- package/dist/core/auth/{oauth-state-store-cookie.d.ts → oauth/state-store-cookie.d.ts} +4 -4
- package/dist/core/auth/{oauth-state-store-redis.d.ts → oauth/state-store-redis.d.ts} +1 -1
- package/dist/core/auth/{oauth-state-store.d.ts → oauth/state-store.d.ts} +4 -1
- package/dist/core/auth/otp.d.ts +184 -0
- package/dist/core/errors/index.d.ts +269 -0
- package/dist/core/index.d.ts +1 -3
- package/dist/core/logger/index.d.ts +147 -0
- package/dist/core/mulguard/integration.d.ts +104 -0
- package/dist/core/mulguard/oauth-handler.d.ts +1 -1
- package/dist/core/security/security-manager.d.ts +236 -0
- package/dist/core/session/session-manager.d.ts +235 -0
- package/dist/core/types/index.d.ts +27 -5
- package/dist/index/index.js +1 -1
- package/dist/index/index.mjs +1388 -881
- package/dist/index.d.ts +3 -6
- package/dist/{client → nextjs/client}/hooks.d.ts +2 -2
- package/dist/nextjs/client/index.d.ts +13 -0
- package/dist/{client → nextjs/client}/provider.d.ts +1 -1
- package/dist/{client → nextjs/client}/server-actions-helper.d.ts +2 -2
- package/dist/{handlers → nextjs/handlers}/api.d.ts +1 -1
- package/dist/nextjs/handlers/index.d.ts +9 -0
- package/dist/{handlers → nextjs/handlers}/route.d.ts +1 -1
- package/dist/nextjs/index.d.ts +15 -0
- package/dist/nextjs/proxy/index.d.ts +149 -0
- package/dist/nextjs/server/actions.d.ts +30 -0
- package/dist/{server → nextjs/server}/auth.d.ts +6 -6
- package/dist/{server → nextjs/server}/cookies.d.ts +5 -6
- package/dist/nextjs/server/index.d.ts +18 -0
- package/dist/{server → nextjs/server}/oauth-state.d.ts +5 -3
- package/dist/{server → nextjs/server}/session-helpers.d.ts +1 -3
- package/dist/nextjs/server/session.d.ts +144 -0
- package/dist/oauth-state-Drwz6fES.js +1 -0
- package/dist/oauth-state-pdypStuS.mjs +210 -0
- package/dist/server/index.js +1 -1
- package/dist/server/index.mjs +27 -29
- package/package.json +64 -11
- package/dist/actions-CExpv_dD.js +0 -1
- package/dist/client/index.d.ts +0 -5
- package/dist/core/auth/index.d.ts +0 -40
- package/dist/core/auth/oauth.d.ts +0 -20
- package/dist/middleware/index.d.ts +0 -28
- package/dist/middleware/proxy.d.ts +0 -53
- package/dist/oauth-state-DKle8eCr.mjs +0 -289
- package/dist/oauth-state-DlvrCV11.js +0 -1
- package/dist/server/actions.d.ts +0 -86
- package/dist/server/helpers.d.ts +0 -10
- package/dist/server/index.d.ts +0 -14
- package/dist/server/middleware.d.ts +0 -39
- package/dist/server/session.d.ts +0 -28
- package/dist/server/utils.d.ts +0 -10
- /package/dist/{middleware → nextjs/proxy}/security.d.ts +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
"use strict";const l=require("next/headers");var t=(s=>(s.INVALID_CREDENTIALS="INVALID_CREDENTIALS",s.ACCOUNT_LOCKED="ACCOUNT_LOCKED",s.ACCOUNT_INACTIVE="ACCOUNT_INACTIVE",s.TWO_FA_REQUIRED="TWO_FA_REQUIRED",s.INVALID_TWO_FA_CODE="INVALID_TWO_FA_CODE",s.SESSION_EXPIRED="SESSION_EXPIRED",s.UNAUTHORIZED="UNAUTHORIZED",s.NETWORK_ERROR="NETWORK_ERROR",s.VALIDATION_ERROR="VALIDATION_ERROR",s.RATE_LIMITED="RATE_LIMITED",s.UNKNOWN_ERROR="UNKNOWN_ERROR",s))(t||{});const _={INVALID_CREDENTIALS:401,ACCOUNT_LOCKED:423,ACCOUNT_INACTIVE:403,TWO_FA_REQUIRED:428,INVALID_TWO_FA_CODE:401,SESSION_EXPIRED:401,UNAUTHORIZED:403,NETWORK_ERROR:502,VALIDATION_ERROR:400,RATE_LIMITED:429,UNKNOWN_ERROR:500};function d(s){return _[s]??500}async function I(s){var n;try{return(n=(await l.cookies()).get(s))==null?void 0:n.value}catch(e){const o=(e==null?void 0:e.message)||"";if(o.includes("cookies")||o.includes("request scope")||o.includes("outside")||o.includes("dynamic"))return;throw e}}async function a(s){try{return(await l.cookies()).set({name:s.name,value:s.value,maxAge:s.maxAge,expires:s.expires,httpOnly:s.httpOnly??!0,secure:s.secure,sameSite:s.sameSite??"lax",path:s.path??"/",domain:s.domain}),{success:!0}}catch(n){const e=(n==null?void 0:n.message)||"";if(e.includes("cookies")||e.includes("request scope")||e.includes("outside")||e.includes("dynamic")){const o=`Cannot set cookie "${s.name}" outside request scope. Make sure this is called from a Server Action or Route Handler.`;return process.env.NODE_ENV==="development"&&console.warn(`[Mulguard] ${o}`),{success:!1,error:e,warning:o}}throw n}}async function E(s,n){try{(await l.cookies()).set({name:s,value:"",maxAge:0,expires:new Date(0),httpOnly:!0,path:(n==null?void 0:n.path)??"/",domain:n==null?void 0:n.domain})}catch(e){const o=(e==null?void 0:e.message)||"";if(o.includes("cookies")||o.includes("request scope")||o.includes("outside")||o.includes("dynamic")){process.env.NODE_ENV==="development"&&console.warn(`[Mulguard] Cannot delete cookie "${s}" outside request scope`);return}throw e}}function u(s,n,e){const o=process.env.NODE_ENV==="production";return{name:s,value:n,maxAge:e.expiresIn,httpOnly:e.httpOnly??!0,secure:e.secure??o,sameSite:e.sameSite??"lax",path:e.path??"/"}}async function N(s,n){if(!s.verify2FA)return{success:!1,error:"2FA verification is not configured",errorCode:t.VALIDATION_ERROR};try{const e=await s.verify2FA(n,{skipCookieSave:!0});if(e.success&&e.session)try{const{cookieName:o,config:r}=s._getSessionConfig(),c=typeof e.session=="object"&&"token"in e.session?String(e.session.token):JSON.stringify(e.session),i=u(o,c,r),O=await a(i);!O.success&&process.env.NODE_ENV==="development"&&console.warn("[Mulguard] Failed to save session after 2FA verification:",O.error||O.warning)}catch(o){process.env.NODE_ENV==="development"&&console.warn("[Mulguard] Failed to save session cookie:",o)}return e}catch(e){return{success:!1,error:e instanceof Error?e.message:"2FA verification failed",errorCode:t.UNKNOWN_ERROR}}}async function R(s){var n;try{const e=await s.getSession(),o=e==null?void 0:e.user;s.signOut&&await s.signOut();const{cookieName:r,config:c}=s._getSessionConfig();await E(r,{path:c.path||"/"});const i=(n=s._getCallbacks)==null?void 0:n.call(s);return o&&(i!=null&&i.onSignOut)&&await i.onSignOut(o),{success:!0}}catch(e){return{success:!1,error:e instanceof Error?e.message:"Sign out failed"}}}async function g(s,n){if(!s.signIn.email)return{success:!1,error:"Email sign in is not configured",errorCode:t.VALIDATION_ERROR};try{const e=await s.signIn.email(n);if(e.success&&e.session)try{const{cookieName:o,config:r}=s._getSessionConfig(),c=typeof e.session=="object"&&"token"in e.session?String(e.session.token):JSON.stringify(e.session),i=u(o,c,r);await a(i)}catch(o){process.env.NODE_ENV==="development"&&console.warn("[Mulguard] Failed to save session cookie:",o)}return e}catch(e){return{success:!1,error:e instanceof Error?e.message:"Sign in failed",errorCode:t.UNKNOWN_ERROR}}}async function f(s,n){if(!s.signUp)return{success:!1,error:"Sign up is not configured",errorCode:t.VALIDATION_ERROR};try{const e=await s.signUp(n);if(e.success&&e.session)try{const{cookieName:o,config:r}=s._getSessionConfig(),c=typeof e.session=="object"&&"token"in e.session?String(e.session.token):JSON.stringify(e.session),i=u(o,c,r);await a(i)}catch(o){process.env.NODE_ENV==="development"&&console.warn("[Mulguard] Failed to save session cookie:",o)}return e}catch(e){return{success:!1,error:e instanceof Error?e.message:"Sign up failed",errorCode:t.UNKNOWN_ERROR}}}const A=Object.freeze(Object.defineProperty({__proto__:null,signInEmailAction:g,signOutAction:R,signUpAction:f,verify2FAAction:N},Symbol.toStringTag,{value:"Module"}));exports.AuthErrorCode=t;exports.actions=A;exports.buildCookieOptions=u;exports.deleteCookie=E;exports.getCookie=I;exports.getErrorStatusCode=d;exports.setCookie=a;exports.signInEmailAction=g;exports.signOutAction=R;exports.signUpAction=f;exports.verify2FAAction=N;
|
|
@@ -1,6 +1,22 @@
|
|
|
1
1
|
import { cookies as u } from "next/headers";
|
|
2
2
|
var c = /* @__PURE__ */ ((s) => (s.INVALID_CREDENTIALS = "INVALID_CREDENTIALS", s.ACCOUNT_LOCKED = "ACCOUNT_LOCKED", s.ACCOUNT_INACTIVE = "ACCOUNT_INACTIVE", s.TWO_FA_REQUIRED = "TWO_FA_REQUIRED", s.INVALID_TWO_FA_CODE = "INVALID_TWO_FA_CODE", s.SESSION_EXPIRED = "SESSION_EXPIRED", s.UNAUTHORIZED = "UNAUTHORIZED", s.NETWORK_ERROR = "NETWORK_ERROR", s.VALIDATION_ERROR = "VALIDATION_ERROR", s.RATE_LIMITED = "RATE_LIMITED", s.UNKNOWN_ERROR = "UNKNOWN_ERROR", s))(c || {});
|
|
3
|
-
|
|
3
|
+
const E = {
|
|
4
|
+
INVALID_CREDENTIALS: 401,
|
|
5
|
+
ACCOUNT_LOCKED: 423,
|
|
6
|
+
ACCOUNT_INACTIVE: 403,
|
|
7
|
+
TWO_FA_REQUIRED: 428,
|
|
8
|
+
INVALID_TWO_FA_CODE: 401,
|
|
9
|
+
SESSION_EXPIRED: 401,
|
|
10
|
+
UNAUTHORIZED: 403,
|
|
11
|
+
NETWORK_ERROR: 502,
|
|
12
|
+
VALIDATION_ERROR: 400,
|
|
13
|
+
RATE_LIMITED: 429,
|
|
14
|
+
UNKNOWN_ERROR: 500
|
|
15
|
+
};
|
|
16
|
+
function I(s) {
|
|
17
|
+
return E[s] ?? 500;
|
|
18
|
+
}
|
|
19
|
+
async function A(s) {
|
|
4
20
|
var o;
|
|
5
21
|
try {
|
|
6
22
|
return (o = (await u()).get(s)) == null ? void 0 : o.value;
|
|
@@ -11,7 +27,7 @@ async function _(s) {
|
|
|
11
27
|
throw e;
|
|
12
28
|
}
|
|
13
29
|
}
|
|
14
|
-
async function
|
|
30
|
+
async function O(s) {
|
|
15
31
|
try {
|
|
16
32
|
return (await u()).set({
|
|
17
33
|
name: s.name,
|
|
@@ -37,7 +53,7 @@ async function l(s) {
|
|
|
37
53
|
throw o;
|
|
38
54
|
}
|
|
39
55
|
}
|
|
40
|
-
async function
|
|
56
|
+
async function N(s, o) {
|
|
41
57
|
try {
|
|
42
58
|
(await u()).set({
|
|
43
59
|
name: s,
|
|
@@ -57,7 +73,7 @@ async function O(s, o) {
|
|
|
57
73
|
throw e;
|
|
58
74
|
}
|
|
59
75
|
}
|
|
60
|
-
function
|
|
76
|
+
function l(s, o, e) {
|
|
61
77
|
const n = process.env.NODE_ENV === "production";
|
|
62
78
|
return {
|
|
63
79
|
name: s,
|
|
@@ -69,7 +85,7 @@ function f(s, o, e) {
|
|
|
69
85
|
path: e.path ?? "/"
|
|
70
86
|
};
|
|
71
87
|
}
|
|
72
|
-
async function
|
|
88
|
+
async function R(s, o) {
|
|
73
89
|
if (!s.verify2FA)
|
|
74
90
|
return {
|
|
75
91
|
success: !1,
|
|
@@ -80,8 +96,8 @@ async function g(s, o) {
|
|
|
80
96
|
const e = await s.verify2FA(o, { skipCookieSave: !0 });
|
|
81
97
|
if (e.success && e.session)
|
|
82
98
|
try {
|
|
83
|
-
const { cookieName: n, config: r } = s._getSessionConfig(), t = typeof e.session == "object" && "token" in e.session ? String(e.session.token) : JSON.stringify(e.session), i =
|
|
84
|
-
a.success
|
|
99
|
+
const { cookieName: n, config: r } = s._getSessionConfig(), t = typeof e.session == "object" && "token" in e.session ? String(e.session.token) : JSON.stringify(e.session), i = l(n, t, r), a = await O(i);
|
|
100
|
+
!a.success && process.env.NODE_ENV === "development" && console.warn("[Mulguard] Failed to save session after 2FA verification:", a.error || a.warning);
|
|
85
101
|
} catch (n) {
|
|
86
102
|
process.env.NODE_ENV === "development" && console.warn("[Mulguard] Failed to save session cookie:", n);
|
|
87
103
|
}
|
|
@@ -94,13 +110,13 @@ async function g(s, o) {
|
|
|
94
110
|
};
|
|
95
111
|
}
|
|
96
112
|
}
|
|
97
|
-
async function
|
|
113
|
+
async function f(s) {
|
|
98
114
|
var o;
|
|
99
115
|
try {
|
|
100
116
|
const e = await s.getSession(), n = e == null ? void 0 : e.user;
|
|
101
117
|
s.signOut && await s.signOut();
|
|
102
118
|
const { cookieName: r, config: t } = s._getSessionConfig();
|
|
103
|
-
await
|
|
119
|
+
await N(r, {
|
|
104
120
|
path: t.path || "/"
|
|
105
121
|
});
|
|
106
122
|
const i = (o = s._getCallbacks) == null ? void 0 : o.call(s);
|
|
@@ -112,33 +128,32 @@ async function N(s) {
|
|
|
112
128
|
};
|
|
113
129
|
}
|
|
114
130
|
}
|
|
115
|
-
async function
|
|
116
|
-
|
|
117
|
-
if (!((e = s.signIn) != null && e.email))
|
|
131
|
+
async function g(s, o) {
|
|
132
|
+
if (!s.signIn.email)
|
|
118
133
|
return {
|
|
119
134
|
success: !1,
|
|
120
135
|
error: "Email sign in is not configured",
|
|
121
136
|
errorCode: c.VALIDATION_ERROR
|
|
122
137
|
};
|
|
123
138
|
try {
|
|
124
|
-
const
|
|
125
|
-
if (
|
|
139
|
+
const e = await s.signIn.email(o);
|
|
140
|
+
if (e.success && e.session)
|
|
126
141
|
try {
|
|
127
|
-
const { cookieName:
|
|
128
|
-
await
|
|
129
|
-
} catch (
|
|
130
|
-
process.env.NODE_ENV === "development" && console.warn("[Mulguard] Failed to save session cookie:",
|
|
142
|
+
const { cookieName: n, config: r } = s._getSessionConfig(), t = typeof e.session == "object" && "token" in e.session ? String(e.session.token) : JSON.stringify(e.session), i = l(n, t, r);
|
|
143
|
+
await O(i);
|
|
144
|
+
} catch (n) {
|
|
145
|
+
process.env.NODE_ENV === "development" && console.warn("[Mulguard] Failed to save session cookie:", n);
|
|
131
146
|
}
|
|
132
|
-
return
|
|
133
|
-
} catch (
|
|
147
|
+
return e;
|
|
148
|
+
} catch (e) {
|
|
134
149
|
return {
|
|
135
150
|
success: !1,
|
|
136
|
-
error:
|
|
151
|
+
error: e instanceof Error ? e.message : "Sign in failed",
|
|
137
152
|
errorCode: c.UNKNOWN_ERROR
|
|
138
153
|
};
|
|
139
154
|
}
|
|
140
155
|
}
|
|
141
|
-
async function
|
|
156
|
+
async function _(s, o) {
|
|
142
157
|
if (!s.signUp)
|
|
143
158
|
return {
|
|
144
159
|
success: !1,
|
|
@@ -149,8 +164,8 @@ async function E(s, o) {
|
|
|
149
164
|
const e = await s.signUp(o);
|
|
150
165
|
if (e.success && e.session)
|
|
151
166
|
try {
|
|
152
|
-
const { cookieName: n, config: r } = s._getSessionConfig(), t = typeof e.session == "object" && "token" in e.session ? String(e.session.token) : JSON.stringify(e.session), i =
|
|
153
|
-
await
|
|
167
|
+
const { cookieName: n, config: r } = s._getSessionConfig(), t = typeof e.session == "object" && "token" in e.session ? String(e.session.token) : JSON.stringify(e.session), i = l(n, t, r);
|
|
168
|
+
await O(i);
|
|
154
169
|
} catch (n) {
|
|
155
170
|
process.env.NODE_ENV === "development" && console.warn("[Mulguard] Failed to save session cookie:", n);
|
|
156
171
|
}
|
|
@@ -163,22 +178,23 @@ async function E(s, o) {
|
|
|
163
178
|
};
|
|
164
179
|
}
|
|
165
180
|
}
|
|
166
|
-
const
|
|
181
|
+
const S = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
|
|
167
182
|
__proto__: null,
|
|
168
|
-
signInEmailAction:
|
|
169
|
-
signOutAction:
|
|
170
|
-
signUpAction:
|
|
171
|
-
verify2FAAction:
|
|
183
|
+
signInEmailAction: g,
|
|
184
|
+
signOutAction: f,
|
|
185
|
+
signUpAction: _,
|
|
186
|
+
verify2FAAction: R
|
|
172
187
|
}, Symbol.toStringTag, { value: "Module" }));
|
|
173
188
|
export {
|
|
174
189
|
c as A,
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
190
|
+
g as a,
|
|
191
|
+
_ as b,
|
|
192
|
+
O as c,
|
|
193
|
+
N as d,
|
|
194
|
+
l as e,
|
|
195
|
+
I as f,
|
|
196
|
+
A as g,
|
|
197
|
+
S as h,
|
|
198
|
+
f as s,
|
|
199
|
+
R as v
|
|
184
200
|
};
|
package/dist/client/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("react"),
|
|
1
|
+
"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("react"),N=require("react/jsx-runtime");function v(){return typeof window>"u"}async function h(){try{return await Promise.resolve().then(()=>require("../actions-CMtg7FGv.js")).then(l=>l.actions)}catch{return null}}async function _(e,l){if(v())return e.verify2FA?e.verify2FA(l):{success:!1,error:"2FA verification is not configured"};try{const r=await h();if(r)return await r.verify2FAAction(e,l)}catch{}try{const r=await fetch("/api/auth/verify-2fa",{method:"POST",headers:{"Content-Type":"application/json"},credentials:"include",body:JSON.stringify(l)});if(!r.ok){const a=await r.json().catch(()=>({}));return{success:!1,error:a.error||"2FA verification failed",errorCode:a.errorCode}}return await r.json()}catch(r){return{success:!1,error:r instanceof Error?r.message:"2FA verification failed"}}}async function D(e,l){var r;if(v())return(r=e.signIn)!=null&&r.email?e.signIn.email(l):{success:!1,error:"Email sign in is not configured"};try{const a=await h();if(a)return await a.signInEmailAction(e,l)}catch{}try{const a=await fetch("/api/auth/sign-in",{method:"POST",headers:{"Content-Type":"application/json"},credentials:"include",body:JSON.stringify({provider:"email",credentials:l})});if(!a.ok){const u=await a.json().catch(()=>({}));return{success:!1,error:u.error||"Sign in failed",errorCode:u.errorCode}}return await a.json()}catch(a){return{success:!1,error:a instanceof Error?a.message:"Sign in failed"}}}async function L(e,l){if(v())return e.signUp?e.signUp(l):{success:!1,error:"Sign up is not configured"};try{const r=await h();if(r)return await r.signUpAction(e,l)}catch{}try{const r=await fetch("/api/auth/sign-up",{method:"POST",headers:{"Content-Type":"application/json"},credentials:"include",body:JSON.stringify(l)});if(!r.ok){const a=await r.json().catch(()=>({}));return{success:!1,error:a.error||"Sign up failed",errorCode:a.errorCode}}return await r.json()}catch(r){return{success:!1,error:r instanceof Error?r.message:"Sign up failed"}}}function E(e){const[l,r]=o.useState(null),[a,u]=o.useState(!0),c=o.useCallback(async(s=!1)=>{u(!0);try{const n="/api/auth/session"+(s?`?t=${Date.now()}`:""),i=await fetch(n,{method:"GET",credentials:"include",headers:{"Content-Type":"application/json","Cache-Control":"no-cache, no-store, must-revalidate",Pragma:"no-cache",Expires:"0"},cache:"no-store"});if(i.status===401||i.status===403){r(null);return}if(i.ok){const t=await i.json();t.session?r(t.session):r(null)}else r(null)}catch(n){process.env.NODE_ENV==="development"&&console.error("Failed to load session:",n),r(null)}finally{u(!1)}},[e]),w=o.useCallback(s=>{if(!s||!s.expiresAt||!e.refreshSession)return()=>{};const n=new Date(s.expiresAt),i=new Date,t=n.getTime()-i.getTime(),f=5*60*1e3;if(t>0&&t<f)return e.refreshSession().catch(()=>{}),()=>{};if(t>f){const p=t-f,S=setTimeout(()=>{var C;(C=e.refreshSession)==null||C.call(e).catch(()=>{})},p);return()=>clearTimeout(S)}return()=>{}},[e]);o.useEffect(()=>{let s=null;(async()=>{await c();try{const t=await fetch("/api/auth/session",{method:"GET",credentials:"include",headers:{"Content-Type":"application/json"},cache:"no-store"});if(t.ok){const f=await t.json();f.session?s=w(f.session):r(null)}else r(null)}catch(t){process.env.NODE_ENV==="development"&&console.debug("Failed to schedule proactive refresh:",t),r(null)}})();const i=setInterval(()=>{fetch("/api/auth/session",{method:"GET",credentials:"include",headers:{"Content-Type":"application/json"},cache:"no-store"}).then(t=>t.status===401||t.status===403?(r(null),s&&(s(),s=null),typeof window<"u"&&window.location.pathname!=="/auth/login"&&window.location.replace("/auth/login?reason=session_expired"),null):t.json()).then(t=>{t&&(t.session?(r(t.session),s&&s(),s=w(t.session)):(r(null),s&&(s(),s=null)))}).catch(()=>{r(null),s&&(s(),s=null)})},60*1e3);return()=>{clearInterval(i),s&&s()}},[c,w]);const y=o.useCallback(async s=>{try{const n=await D(e,s);return n.success&&await c(),n}catch(n){return{success:!1,error:n instanceof Error?n.message:"Sign in failed"}}},[e,c]),g=o.useCallback(async s=>{if(!e.signIn.oauth)throw new Error("OAuth sign in is not configured");return e.signIn.oauth(s)},[e]),d=o.useCallback(async s=>{if(!e.signIn.passkey)return{success:!1,error:"PassKey sign in is not configured"};try{const n=await e.signIn.passkey(s);return n.success&&await c(),n}catch(n){return{success:!1,error:n instanceof Error?n.message:"PassKey authentication failed"}}},[e,c]),m=o.useCallback(async s=>{if(!e.signUp)return{success:!1,error:"Sign up is not configured"};try{const n=await L(e,s);return n.success&&await c(),n}catch(n){return{success:!1,error:n instanceof Error?n.message:"Sign up failed"}}},[e,c]),U=o.useCallback(async()=>{var s,n;try{if(r(null),u(!0),typeof window<"u"){try{window.sessionStorage.clear()}catch{}try{const i=(s=e._getSessionConfig)==null?void 0:s.call(e),t=(i==null?void 0:i.cookieName)||"__mulguard_session";try{window.localStorage.removeItem(t)}catch{}}catch{}}if(await e.signOut(),await c(!0),r(null),u(!1),typeof window<"u"){const i="/auth/login",t=window.location.pathname,f=window.location.search;if(t===i||t.startsWith("/auth/")){window.location.reload();return}const p=new URL(i,window.location.origin);t&&t!=="/"&&p.searchParams.set("redirect",t+f),window.location.replace(p.toString())}}catch(i){if(process.env.NODE_ENV==="development"&&console.error("Sign out error:",i),r(null),u(!1),typeof window<"u"){try{window.sessionStorage.clear();const f=(n=e._getSessionConfig)==null?void 0:n.call(e),p=(f==null?void 0:f.cookieName)||"__mulguard_session";try{window.localStorage.removeItem(p)}catch{}}catch{}const t="/auth/login";window.location.pathname!==t&&!window.location.pathname.startsWith("/auth/")?window.location.replace(t):window.location.reload()}}},[e,c]),T=o.useCallback(async s=>{if(!e.resetPassword)throw new Error("Password reset is not configured");return e.resetPassword(s)},[e]),F=o.useCallback(async s=>{if(!e.verifyEmail)throw new Error("Email verification is not configured");return e.verifyEmail(s)},[e]),x=o.useCallback(async s=>{if(!e.verify2FA)return{success:!1,error:"2FA verification is not configured"};try{const n=await _(e,s);return n.success&&(await new Promise(i=>setTimeout(i,100)),await c()),n}catch(n){return{success:!1,error:n instanceof Error?n.message:"2FA verification failed"}}},[e,c]),j=o.useCallback(async(s,n)=>s==="credentials"?!n||!("email"in n)||!("password"in n)?{success:!1,error:"Credentials are required"}:e.signIn("credentials",n):s==="otp"?!n||!("email"in n)?{success:!1,error:"Email is required"}:e.signIn("otp",n):s==="passkey"?e.signIn("passkey",n):e.signIn(s),[e]);return{session:l,isLoading:a,signIn:j,signInMethods:{email:y,oauth:g,passkey:d,otp:o.useCallback(async(s,n)=>{if(!e.signIn.otp)return{success:!1,error:"OTP sign in is not configured"};try{const i=await e.signIn.otp(s,n);return i.success&&await c(),i}catch(i){return{success:!1,error:i instanceof Error?i.message:"OTP sign in failed"}}},[e,c])},signUp:m,signOut:U,resetPassword:T,verifyEmail:F,verify2FA:x}}function A(e){const[l,r]=o.useState(null),[a,u]=o.useState(!0),[c,w]=o.useState(null),y=o.useCallback(async()=>{u(!0),w(null);try{const g=await e.getSession();r(g)}catch(g){const d=g instanceof Error?g:new Error("Failed to load session");w(d),r(null)}finally{u(!1)}},[e]);return o.useEffect(()=>{y();const g=setInterval(()=>{y()},5*60*1e3);return()=>clearInterval(g)},[y]),{session:l,isLoading:a,error:c}}function P(e){const[l,r]=o.useState([]),[a,u]=o.useState(!0),c=o.useCallback(async()=>{if(!e.accountPicker){r([]),u(!1);return}u(!0);try{const d=await e.accountPicker.getLastUsers();r(d)}catch(d){process.env.NODE_ENV==="development"&&console.error("Failed to load last users:",d),r([])}finally{u(!1)}},[e]);o.useEffect(()=>{c()},[c]);const w=o.useCallback(async(d,m)=>{e.accountPicker&&(await e.accountPicker.rememberUser(d,m),await c())},[e,c]),y=o.useCallback(async d=>{e.accountPicker&&(await e.accountPicker.clearUser(d),await c())},[e,c]),g=o.useCallback(async()=>{e.accountPicker&&(await e.accountPicker.clearAll(),await c())},[e,c]);return{lastUsers:l,isLoading:a,rememberUser:w,clearUser:y,clearAll:g,refresh:c}}const I=o.createContext(null);function b({auth:e,children:l}){const r=A(e),a=P(e);return N.jsx(I.Provider,{value:{auth:e,session:r,accountPicker:a},children:l})}function k(){const e=o.useContext(I);if(!e)throw new Error("useMulguardContext must be used within MulguardProvider");return e}function M(){const{auth:e}=k();return E(e)}const q=b,R=k;exports.AuthProvider=q;exports.MulguardProvider=b;exports.useAccountPicker=P;exports.useAuth=E;exports.useAuthContext=R;exports.useAuthFromContext=M;exports.useMulguardContext=k;exports.useSession=A;
|
package/dist/client/index.mjs
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
import { useState as
|
|
2
|
-
import { jsx as
|
|
1
|
+
import { useState as p, useCallback as l, useEffect as h, createContext as x, useContext as N } from "react";
|
|
2
|
+
import { jsx as _ } from "react/jsx-runtime";
|
|
3
3
|
function E() {
|
|
4
4
|
return typeof window > "u";
|
|
5
5
|
}
|
|
6
6
|
async function S() {
|
|
7
7
|
try {
|
|
8
|
-
return await import("../actions-
|
|
8
|
+
return await import("../actions-CjQUKaXF.mjs").then((a) => a.h);
|
|
9
9
|
} catch {
|
|
10
10
|
return null;
|
|
11
11
|
}
|
|
12
12
|
}
|
|
13
|
-
async function
|
|
13
|
+
async function b(e, a) {
|
|
14
14
|
if (E())
|
|
15
15
|
return e.verify2FA ? e.verify2FA(a) : {
|
|
16
16
|
success: !1,
|
|
@@ -47,7 +47,7 @@ async function _(e, a) {
|
|
|
47
47
|
};
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
|
-
async function
|
|
50
|
+
async function D(e, a) {
|
|
51
51
|
var r;
|
|
52
52
|
if (E())
|
|
53
53
|
return (r = e.signIn) != null && r.email ? e.signIn.email(a) : {
|
|
@@ -85,7 +85,7 @@ async function b(e, a) {
|
|
|
85
85
|
};
|
|
86
86
|
}
|
|
87
87
|
}
|
|
88
|
-
async function
|
|
88
|
+
async function L(e, a) {
|
|
89
89
|
if (E())
|
|
90
90
|
return e.signUp ? e.signUp(a) : {
|
|
91
91
|
success: !1,
|
|
@@ -122,11 +122,11 @@ async function D(e, a) {
|
|
|
122
122
|
};
|
|
123
123
|
}
|
|
124
124
|
}
|
|
125
|
-
function
|
|
126
|
-
const [a, r] =
|
|
125
|
+
function M(e) {
|
|
126
|
+
const [a, r] = p(null), [c, f] = p(!0), t = l(async (n = !1) => {
|
|
127
127
|
f(!0);
|
|
128
128
|
try {
|
|
129
|
-
const s = "/api/auth/session" + (n ? `?t=${Date.now()}` : ""),
|
|
129
|
+
const s = "/api/auth/session" + (n ? `?t=${Date.now()}` : ""), i = await fetch(s, {
|
|
130
130
|
method: "GET",
|
|
131
131
|
credentials: "include",
|
|
132
132
|
// Include cookies in request
|
|
@@ -140,12 +140,12 @@ function L(e) {
|
|
|
140
140
|
cache: "no-store"
|
|
141
141
|
// ✅ FIX: Prevent caching
|
|
142
142
|
});
|
|
143
|
-
if (
|
|
143
|
+
if (i.status === 401 || i.status === 403) {
|
|
144
144
|
r(null);
|
|
145
145
|
return;
|
|
146
146
|
}
|
|
147
|
-
if (
|
|
148
|
-
const o = await
|
|
147
|
+
if (i.ok) {
|
|
148
|
+
const o = await i.json();
|
|
149
149
|
o.session ? r(o.session) : r(null);
|
|
150
150
|
} else
|
|
151
151
|
r(null);
|
|
@@ -158,15 +158,15 @@ function L(e) {
|
|
|
158
158
|
if (!n || !n.expiresAt || !e.refreshSession)
|
|
159
159
|
return () => {
|
|
160
160
|
};
|
|
161
|
-
const s = new Date(n.expiresAt),
|
|
161
|
+
const s = new Date(n.expiresAt), i = /* @__PURE__ */ new Date(), o = s.getTime() - i.getTime(), u = 5 * 60 * 1e3;
|
|
162
162
|
if (o > 0 && o < u)
|
|
163
163
|
return e.refreshSession().catch(() => {
|
|
164
164
|
}), () => {
|
|
165
165
|
};
|
|
166
166
|
if (o > u) {
|
|
167
167
|
const m = o - u, A = setTimeout(() => {
|
|
168
|
-
var
|
|
169
|
-
(
|
|
168
|
+
var I;
|
|
169
|
+
(I = e.refreshSession) == null || I.call(e).catch(() => {
|
|
170
170
|
});
|
|
171
171
|
}, m);
|
|
172
172
|
return () => clearTimeout(A);
|
|
@@ -177,7 +177,7 @@ function L(e) {
|
|
|
177
177
|
h(() => {
|
|
178
178
|
let n = null;
|
|
179
179
|
(async () => {
|
|
180
|
-
await
|
|
180
|
+
await t();
|
|
181
181
|
try {
|
|
182
182
|
const o = await fetch("/api/auth/session", {
|
|
183
183
|
method: "GET",
|
|
@@ -197,7 +197,7 @@ function L(e) {
|
|
|
197
197
|
process.env.NODE_ENV === "development" && console.debug("Failed to schedule proactive refresh:", o), r(null);
|
|
198
198
|
}
|
|
199
199
|
})();
|
|
200
|
-
const
|
|
200
|
+
const i = setInterval(() => {
|
|
201
201
|
fetch("/api/auth/session", {
|
|
202
202
|
method: "GET",
|
|
203
203
|
credentials: "include",
|
|
@@ -213,14 +213,14 @@ function L(e) {
|
|
|
213
213
|
});
|
|
214
214
|
}, 60 * 1e3);
|
|
215
215
|
return () => {
|
|
216
|
-
clearInterval(
|
|
216
|
+
clearInterval(i), n && n();
|
|
217
217
|
};
|
|
218
|
-
}, [
|
|
219
|
-
const
|
|
218
|
+
}, [t, g]);
|
|
219
|
+
const y = l(
|
|
220
220
|
async (n) => {
|
|
221
221
|
try {
|
|
222
|
-
const s = await
|
|
223
|
-
return s.success && await
|
|
222
|
+
const s = await D(e, n);
|
|
223
|
+
return s.success && await t(), s;
|
|
224
224
|
} catch (s) {
|
|
225
225
|
return {
|
|
226
226
|
success: !1,
|
|
@@ -228,7 +228,7 @@ function L(e) {
|
|
|
228
228
|
};
|
|
229
229
|
}
|
|
230
230
|
},
|
|
231
|
-
[e,
|
|
231
|
+
[e, t]
|
|
232
232
|
), w = l(
|
|
233
233
|
async (n) => {
|
|
234
234
|
if (!e.signIn.oauth)
|
|
@@ -245,7 +245,7 @@ function L(e) {
|
|
|
245
245
|
};
|
|
246
246
|
try {
|
|
247
247
|
const s = await e.signIn.passkey(n);
|
|
248
|
-
return s.success && await
|
|
248
|
+
return s.success && await t(), s;
|
|
249
249
|
} catch (s) {
|
|
250
250
|
return {
|
|
251
251
|
success: !1,
|
|
@@ -253,7 +253,7 @@ function L(e) {
|
|
|
253
253
|
};
|
|
254
254
|
}
|
|
255
255
|
},
|
|
256
|
-
[e,
|
|
256
|
+
[e, t]
|
|
257
257
|
), v = l(
|
|
258
258
|
async (n) => {
|
|
259
259
|
if (!e.signUp)
|
|
@@ -262,8 +262,8 @@ function L(e) {
|
|
|
262
262
|
error: "Sign up is not configured"
|
|
263
263
|
};
|
|
264
264
|
try {
|
|
265
|
-
const s = await
|
|
266
|
-
return s.success && await
|
|
265
|
+
const s = await L(e, n);
|
|
266
|
+
return s.success && await t(), s;
|
|
267
267
|
} catch (s) {
|
|
268
268
|
return {
|
|
269
269
|
success: !1,
|
|
@@ -271,7 +271,7 @@ function L(e) {
|
|
|
271
271
|
};
|
|
272
272
|
}
|
|
273
273
|
},
|
|
274
|
-
[e,
|
|
274
|
+
[e, t]
|
|
275
275
|
), C = l(async () => {
|
|
276
276
|
var n, s;
|
|
277
277
|
try {
|
|
@@ -281,7 +281,7 @@ function L(e) {
|
|
|
281
281
|
} catch {
|
|
282
282
|
}
|
|
283
283
|
try {
|
|
284
|
-
const
|
|
284
|
+
const i = (n = e._getSessionConfig) == null ? void 0 : n.call(e), o = (i == null ? void 0 : i.cookieName) || "__mulguard_session";
|
|
285
285
|
try {
|
|
286
286
|
window.localStorage.removeItem(o);
|
|
287
287
|
} catch {
|
|
@@ -289,17 +289,17 @@ function L(e) {
|
|
|
289
289
|
} catch {
|
|
290
290
|
}
|
|
291
291
|
}
|
|
292
|
-
if (await e.signOut(), await
|
|
293
|
-
const
|
|
294
|
-
if (o ===
|
|
292
|
+
if (await e.signOut(), await t(!0), r(null), f(!1), typeof window < "u") {
|
|
293
|
+
const i = "/auth/login", o = window.location.pathname, u = window.location.search;
|
|
294
|
+
if (o === i || o.startsWith("/auth/")) {
|
|
295
295
|
window.location.reload();
|
|
296
296
|
return;
|
|
297
297
|
}
|
|
298
|
-
const m = new URL(
|
|
298
|
+
const m = new URL(i, window.location.origin);
|
|
299
299
|
o && o !== "/" && m.searchParams.set("redirect", o + u), window.location.replace(m.toString());
|
|
300
300
|
}
|
|
301
|
-
} catch (
|
|
302
|
-
if (process.env.NODE_ENV === "development" && console.error("Sign out error:",
|
|
301
|
+
} catch (i) {
|
|
302
|
+
if (process.env.NODE_ENV === "development" && console.error("Sign out error:", i), r(null), f(!1), typeof window < "u") {
|
|
303
303
|
try {
|
|
304
304
|
window.sessionStorage.clear();
|
|
305
305
|
const u = (s = e._getSessionConfig) == null ? void 0 : s.call(e), m = (u == null ? void 0 : u.cookieName) || "__mulguard_session";
|
|
@@ -313,7 +313,7 @@ function L(e) {
|
|
|
313
313
|
window.location.pathname !== o && !window.location.pathname.startsWith("/auth/") ? window.location.replace(o) : window.location.reload();
|
|
314
314
|
}
|
|
315
315
|
}
|
|
316
|
-
}, [e,
|
|
316
|
+
}, [e, t]), U = l(
|
|
317
317
|
async (n) => {
|
|
318
318
|
if (!e.resetPassword)
|
|
319
319
|
throw new Error("Password reset is not configured");
|
|
@@ -335,8 +335,8 @@ function L(e) {
|
|
|
335
335
|
error: "2FA verification is not configured"
|
|
336
336
|
};
|
|
337
337
|
try {
|
|
338
|
-
const s = await
|
|
339
|
-
return s.success && (await new Promise((
|
|
338
|
+
const s = await b(e, n);
|
|
339
|
+
return s.success && (await new Promise((i) => setTimeout(i, 100)), await t()), s;
|
|
340
340
|
} catch (s) {
|
|
341
341
|
return {
|
|
342
342
|
success: !1,
|
|
@@ -344,9 +344,15 @@ function L(e) {
|
|
|
344
344
|
};
|
|
345
345
|
}
|
|
346
346
|
},
|
|
347
|
-
[e,
|
|
347
|
+
[e, t]
|
|
348
348
|
), j = l(
|
|
349
|
-
async (n, s) =>
|
|
349
|
+
async (n, s) => n === "credentials" ? !s || !("email" in s) || !("password" in s) ? {
|
|
350
|
+
success: !1,
|
|
351
|
+
error: "Credentials are required"
|
|
352
|
+
} : e.signIn("credentials", s) : n === "otp" ? !s || !("email" in s) ? {
|
|
353
|
+
success: !1,
|
|
354
|
+
error: "Email is required"
|
|
355
|
+
} : e.signIn("otp", s) : n === "passkey" ? e.signIn("passkey", s) : e.signIn(n),
|
|
350
356
|
[e]
|
|
351
357
|
);
|
|
352
358
|
return {
|
|
@@ -354,7 +360,7 @@ function L(e) {
|
|
|
354
360
|
isLoading: c,
|
|
355
361
|
signIn: j,
|
|
356
362
|
signInMethods: {
|
|
357
|
-
email:
|
|
363
|
+
email: y,
|
|
358
364
|
oauth: w,
|
|
359
365
|
passkey: d,
|
|
360
366
|
otp: l(
|
|
@@ -365,16 +371,16 @@ function L(e) {
|
|
|
365
371
|
error: "OTP sign in is not configured"
|
|
366
372
|
};
|
|
367
373
|
try {
|
|
368
|
-
const
|
|
369
|
-
return
|
|
370
|
-
} catch (
|
|
374
|
+
const i = await e.signIn.otp(n, s);
|
|
375
|
+
return i.success && await t(), i;
|
|
376
|
+
} catch (i) {
|
|
371
377
|
return {
|
|
372
378
|
success: !1,
|
|
373
|
-
error:
|
|
379
|
+
error: i instanceof Error ? i.message : "OTP sign in failed"
|
|
374
380
|
};
|
|
375
381
|
}
|
|
376
382
|
},
|
|
377
|
-
[e,
|
|
383
|
+
[e, t]
|
|
378
384
|
)
|
|
379
385
|
},
|
|
380
386
|
signUp: v,
|
|
@@ -384,8 +390,8 @@ function L(e) {
|
|
|
384
390
|
verify2FA: F
|
|
385
391
|
};
|
|
386
392
|
}
|
|
387
|
-
function
|
|
388
|
-
const [a, r] =
|
|
393
|
+
function W(e) {
|
|
394
|
+
const [a, r] = p(null), [c, f] = p(!0), [t, g] = p(null), y = l(async () => {
|
|
389
395
|
f(!0), g(null);
|
|
390
396
|
try {
|
|
391
397
|
const w = await e.getSession();
|
|
@@ -398,19 +404,19 @@ function M(e) {
|
|
|
398
404
|
}
|
|
399
405
|
}, [e]);
|
|
400
406
|
return h(() => {
|
|
401
|
-
|
|
407
|
+
y();
|
|
402
408
|
const w = setInterval(() => {
|
|
403
|
-
|
|
409
|
+
y();
|
|
404
410
|
}, 5 * 60 * 1e3);
|
|
405
411
|
return () => clearInterval(w);
|
|
406
|
-
}, [
|
|
412
|
+
}, [y]), {
|
|
407
413
|
session: a,
|
|
408
414
|
isLoading: c,
|
|
409
|
-
error:
|
|
415
|
+
error: t
|
|
410
416
|
};
|
|
411
417
|
}
|
|
412
|
-
function
|
|
413
|
-
const [a, r] =
|
|
418
|
+
function R(e) {
|
|
419
|
+
const [a, r] = p([]), [c, f] = p(!0), t = l(async () => {
|
|
414
420
|
if (!e.accountPicker) {
|
|
415
421
|
r([]), f(!1);
|
|
416
422
|
return;
|
|
@@ -426,53 +432,53 @@ function W(e) {
|
|
|
426
432
|
}
|
|
427
433
|
}, [e]);
|
|
428
434
|
h(() => {
|
|
429
|
-
|
|
430
|
-
}, [
|
|
435
|
+
t();
|
|
436
|
+
}, [t]);
|
|
431
437
|
const g = l(
|
|
432
438
|
async (d, v) => {
|
|
433
|
-
e.accountPicker && (await e.accountPicker.rememberUser(d, v), await
|
|
439
|
+
e.accountPicker && (await e.accountPicker.rememberUser(d, v), await t());
|
|
434
440
|
},
|
|
435
|
-
[e,
|
|
436
|
-
),
|
|
441
|
+
[e, t]
|
|
442
|
+
), y = l(
|
|
437
443
|
async (d) => {
|
|
438
|
-
e.accountPicker && (await e.accountPicker.clearUser(d), await
|
|
444
|
+
e.accountPicker && (await e.accountPicker.clearUser(d), await t());
|
|
439
445
|
},
|
|
440
|
-
[e,
|
|
446
|
+
[e, t]
|
|
441
447
|
), w = l(async () => {
|
|
442
|
-
e.accountPicker && (await e.accountPicker.clearAll(), await
|
|
443
|
-
}, [e,
|
|
448
|
+
e.accountPicker && (await e.accountPicker.clearAll(), await t());
|
|
449
|
+
}, [e, t]);
|
|
444
450
|
return {
|
|
445
451
|
lastUsers: a,
|
|
446
452
|
isLoading: c,
|
|
447
453
|
rememberUser: g,
|
|
448
|
-
clearUser:
|
|
454
|
+
clearUser: y,
|
|
449
455
|
clearAll: w,
|
|
450
|
-
refresh:
|
|
456
|
+
refresh: t
|
|
451
457
|
};
|
|
452
458
|
}
|
|
453
|
-
const
|
|
454
|
-
function
|
|
455
|
-
const r =
|
|
456
|
-
return /* @__PURE__ */
|
|
459
|
+
const P = x(null);
|
|
460
|
+
function V({ auth: e, children: a }) {
|
|
461
|
+
const r = W(e), c = R(e);
|
|
462
|
+
return /* @__PURE__ */ _(P.Provider, { value: { auth: e, session: r, accountPicker: c }, children: a });
|
|
457
463
|
}
|
|
458
464
|
function k() {
|
|
459
|
-
const e =
|
|
465
|
+
const e = N(P);
|
|
460
466
|
if (!e)
|
|
461
467
|
throw new Error("useMulguardContext must be used within MulguardProvider");
|
|
462
468
|
return e;
|
|
463
469
|
}
|
|
464
|
-
function
|
|
470
|
+
function q() {
|
|
465
471
|
const { auth: e } = k();
|
|
466
|
-
return
|
|
472
|
+
return M(e);
|
|
467
473
|
}
|
|
468
|
-
const z =
|
|
474
|
+
const z = V, K = k;
|
|
469
475
|
export {
|
|
470
476
|
z as AuthProvider,
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
477
|
+
V as MulguardProvider,
|
|
478
|
+
R as useAccountPicker,
|
|
479
|
+
M as useAuth,
|
|
474
480
|
K as useAuthContext,
|
|
475
|
-
|
|
481
|
+
q as useAuthFromContext,
|
|
476
482
|
k as useMulguardContext,
|
|
477
|
-
|
|
483
|
+
W as useSession
|
|
478
484
|
};
|