mulguard 1.1.7 → 1.1.9

package/webauthn.js

@@ -0,0 +1,92 @@
+import { apiBaseUrl } from "./lib/client.js";
+import { startAuthentication, startRegistration } from "@simplewebauthn/browser";
+import { getCsrfToken, getProviders, __NEXTAUTH } from "./react.js";
+const logger = {
+    debug: console.debug,
+    error: console.error,
+    warn: console.warn,
+};
+/**
+ * Fetch webauthn options from server and prompt user for authentication or registration.
+ * Returns either the completed WebAuthn response or an error request.
+ */
+async function webAuthnOptions(providerID, nextAuthConfig, options) {
+    const baseUrl = apiBaseUrl(nextAuthConfig);
+    // @ts-expect-error
+    const params = new URLSearchParams(options);
+    const optionsResp = await fetch(`${baseUrl}/webauthn-options/${providerID}?${params}`);
+    if (!optionsResp.ok) {
+        return { error: optionsResp };
+    }
+    const optionsData = await optionsResp.json();
+    if (optionsData.action === "authenticate") {
+        const webAuthnResponse = await startAuthentication(optionsData.options);
+        return { data: webAuthnResponse, action: "authenticate" };
+    }
+    else {
+        const webAuthnResponse = await startRegistration(optionsData.options);
+        return { data: webAuthnResponse, action: "register" };
+    }
+}
+export async function signIn(provider, options, authorizationParams) {
+    const { callbackUrl, ...rest } = options ?? {};
+    const { redirectTo = callbackUrl ?? window.location.href, redirect = true, ...signInParams } = rest;
+    const baseUrl = apiBaseUrl(__NEXTAUTH);
+    const providers = await getProviders();
+    if (!providers) {
+        window.location.href = `${baseUrl}/error`;
+        return; // TODO: Return error if `redirect: false`
+    }
+    if (!provider ||
+        !providers[provider] ||
+        providers[provider].type !== "webauthn") {
+        // TODO: Add docs link with explanation
+        throw new TypeError([
+            `Provider id "${provider}" does not refer to a WebAuthn provider.`,
+            'Please use `import { signIn } from "next-auth/react"` instead.',
+        ].join("\n"));
+    }
+    const webAuthnBody = {};
+    const webAuthnResponse = await webAuthnOptions(provider, __NEXTAUTH, signInParams);
+    if (webAuthnResponse.error) {
+        logger.error(new Error(await webAuthnResponse.error.text()));
+        return;
+    }
+    webAuthnBody.data = JSON.stringify(webAuthnResponse.data);
+    webAuthnBody.action = webAuthnResponse.action;
+    const signInUrl = `${baseUrl}/callback/${provider}?${new URLSearchParams(authorizationParams)}`;
+    const res = await fetch(signInUrl, {
+        method: "post",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+            "X-Auth-Return-Redirect": "1",
+        },
+        body: new URLSearchParams({
+            ...signInParams,
+            ...webAuthnBody,
+            csrfToken: await getCsrfToken(),
+            callbackUrl: redirectTo,
+        }),
+    });
+    const data = await res.json();
+    if (redirect) {
+        const url = data.url ?? callbackUrl;
+        window.location.href = url;
+        // If url contains a hash, the browser does not reload the page. We reload manually
+        if (url.includes("#"))
+            window.location.reload();
+        return;
+    }
+    const error = new URL(data.url).searchParams.get("error");
+    const code = new URL(data.url).searchParams.get("code");
+    if (res.ok) {
+        await __NEXTAUTH._getSession({ event: "storage" });
+    }
+    return {
+        error,
+        code,
+        status: res.status,
+        ok: res.ok,
+        url: error ? null : data.url,
+    };
+}

package/dist/actions-CMtg7FGv.js

@@ -1 +0,0 @@
-"use strict";const l=require("next/headers");var t=(s=>(s.INVALID_CREDENTIALS="INVALID_CREDENTIALS",s.ACCOUNT_LOCKED="ACCOUNT_LOCKED",s.ACCOUNT_INACTIVE="ACCOUNT_INACTIVE",s.TWO_FA_REQUIRED="TWO_FA_REQUIRED",s.INVALID_TWO_FA_CODE="INVALID_TWO_FA_CODE",s.SESSION_EXPIRED="SESSION_EXPIRED",s.UNAUTHORIZED="UNAUTHORIZED",s.NETWORK_ERROR="NETWORK_ERROR",s.VALIDATION_ERROR="VALIDATION_ERROR",s.RATE_LIMITED="RATE_LIMITED",s.UNKNOWN_ERROR="UNKNOWN_ERROR",s))(t||{});const _={INVALID_CREDENTIALS:401,ACCOUNT_LOCKED:423,ACCOUNT_INACTIVE:403,TWO_FA_REQUIRED:428,INVALID_TWO_FA_CODE:401,SESSION_EXPIRED:401,UNAUTHORIZED:403,NETWORK_ERROR:502,VALIDATION_ERROR:400,RATE_LIMITED:429,UNKNOWN_ERROR:500};function d(s){return _[s]??500}async function I(s){var n;try{return(n=(await l.cookies()).get(s))==null?void 0:n.value}catch(e){const o=(e==null?void 0:e.message)||"";if(o.includes("cookies")||o.includes("request scope")||o.includes("outside")||o.includes("dynamic"))return;throw e}}async function a(s){try{return(await l.cookies()).set({name:s.name,value:s.value,maxAge:s.maxAge,expires:s.expires,httpOnly:s.httpOnly??!0,secure:s.secure,sameSite:s.sameSite??"lax",path:s.path??"/",domain:s.domain}),{success:!0}}catch(n){const e=(n==null?void 0:n.message)||"";if(e.includes("cookies")||e.includes("request scope")||e.includes("outside")||e.includes("dynamic")){const o=`Cannot set cookie "${s.name}" outside request scope. Make sure this is called from a Server Action or Route Handler.`;return process.env.NODE_ENV==="development"&&console.warn(`[Mulguard] ${o}`),{success:!1,error:e,warning:o}}throw n}}async function E(s,n){try{(await l.cookies()).set({name:s,value:"",maxAge:0,expires:new Date(0),httpOnly:!0,path:(n==null?void 0:n.path)??"/",domain:n==null?void 0:n.domain})}catch(e){const o=(e==null?void 0:e.message)||"";if(o.includes("cookies")||o.includes("request scope")||o.includes("outside")||o.includes("dynamic")){process.env.NODE_ENV==="development"&&console.warn(`[Mulguard] Cannot delete cookie "${s}" outside request scope`);return}throw e}}function u(s,n,e){const o=process.env.NODE_ENV==="production";return{name:s,value:n,maxAge:e.expiresIn,httpOnly:e.httpOnly??!0,secure:e.secure??o,sameSite:e.sameSite??"lax",path:e.path??"/"}}async function N(s,n){if(!s.verify2FA)return{success:!1,error:"2FA verification is not configured",errorCode:t.VALIDATION_ERROR};try{const e=await s.verify2FA(n,{skipCookieSave:!0});if(e.success&&e.session)try{const{cookieName:o,config:r}=s._getSessionConfig(),c=typeof e.session=="object"&&"token"in e.session?String(e.session.token):JSON.stringify(e.session),i=u(o,c,r),O=await a(i);!O.success&&process.env.NODE_ENV==="development"&&console.warn("[Mulguard] Failed to save session after 2FA verification:",O.error||O.warning)}catch(o){process.env.NODE_ENV==="development"&&console.warn("[Mulguard] Failed to save session cookie:",o)}return e}catch(e){return{success:!1,error:e instanceof Error?e.message:"2FA verification failed",errorCode:t.UNKNOWN_ERROR}}}async function R(s){var n;try{const e=await s.getSession(),o=e==null?void 0:e.user;s.signOut&&await s.signOut();const{cookieName:r,config:c}=s._getSessionConfig();await E(r,{path:c.path||"/"});const i=(n=s._getCallbacks)==null?void 0:n.call(s);return o&&(i!=null&&i.onSignOut)&&await i.onSignOut(o),{success:!0}}catch(e){return{success:!1,error:e instanceof Error?e.message:"Sign out failed"}}}async function g(s,n){if(!s.signIn.email)return{success:!1,error:"Email sign in is not configured",errorCode:t.VALIDATION_ERROR};try{const e=await s.signIn.email(n);if(e.success&&e.session)try{const{cookieName:o,config:r}=s._getSessionConfig(),c=typeof e.session=="object"&&"token"in e.session?String(e.session.token):JSON.stringify(e.session),i=u(o,c,r);await a(i)}catch(o){process.env.NODE_ENV==="development"&&console.warn("[Mulguard] Failed to save session cookie:",o)}return e}catch(e){return{success:!1,error:e instanceof Error?e.message:"Sign in failed",errorCode:t.UNKNOWN_ERROR}}}async function f(s,n){if(!s.signUp)return{success:!1,error:"Sign up is not configured",errorCode:t.VALIDATION_ERROR};try{const e=await s.signUp(n);if(e.success&&e.session)try{const{cookieName:o,config:r}=s._getSessionConfig(),c=typeof e.session=="object"&&"token"in e.session?String(e.session.token):JSON.stringify(e.session),i=u(o,c,r);await a(i)}catch(o){process.env.NODE_ENV==="development"&&console.warn("[Mulguard] Failed to save session cookie:",o)}return e}catch(e){return{success:!1,error:e instanceof Error?e.message:"Sign up failed",errorCode:t.UNKNOWN_ERROR}}}const A=Object.freeze(Object.defineProperty({__proto__:null,signInEmailAction:g,signOutAction:R,signUpAction:f,verify2FAAction:N},Symbol.toStringTag,{value:"Module"}));exports.AuthErrorCode=t;exports.actions=A;exports.buildCookieOptions=u;exports.deleteCookie=E;exports.getCookie=I;exports.getErrorStatusCode=d;exports.setCookie=a;exports.signInEmailAction=g;exports.signOutAction=R;exports.signUpAction=f;exports.verify2FAAction=N;

package/dist/actions-CjQUKaXF.mjs

@@ -1,200 +0,0 @@
-import { cookies as u } from "next/headers";
-var c = /* @__PURE__ */ ((s) => (s.INVALID_CREDENTIALS = "INVALID_CREDENTIALS", s.ACCOUNT_LOCKED = "ACCOUNT_LOCKED", s.ACCOUNT_INACTIVE = "ACCOUNT_INACTIVE", s.TWO_FA_REQUIRED = "TWO_FA_REQUIRED", s.INVALID_TWO_FA_CODE = "INVALID_TWO_FA_CODE", s.SESSION_EXPIRED = "SESSION_EXPIRED", s.UNAUTHORIZED = "UNAUTHORIZED", s.NETWORK_ERROR = "NETWORK_ERROR", s.VALIDATION_ERROR = "VALIDATION_ERROR", s.RATE_LIMITED = "RATE_LIMITED", s.UNKNOWN_ERROR = "UNKNOWN_ERROR", s))(c || {});
-const E = {
-  INVALID_CREDENTIALS: 401,
-  ACCOUNT_LOCKED: 423,
-  ACCOUNT_INACTIVE: 403,
-  TWO_FA_REQUIRED: 428,
-  INVALID_TWO_FA_CODE: 401,
-  SESSION_EXPIRED: 401,
-  UNAUTHORIZED: 403,
-  NETWORK_ERROR: 502,
-  VALIDATION_ERROR: 400,
-  RATE_LIMITED: 429,
-  UNKNOWN_ERROR: 500
-};
-function I(s) {
-  return E[s] ?? 500;
-}
-async function A(s) {
-  var o;
-  try {
-    return (o = (await u()).get(s)) == null ? void 0 : o.value;
-  } catch (e) {
-    const n = (e == null ? void 0 : e.message) || "";
-    if (n.includes("cookies") || n.includes("request scope") || n.includes("outside") || n.includes("dynamic"))
-      return;
-    throw e;
-  }
-}
-async function O(s) {
-  try {
-    return (await u()).set({
-      name: s.name,
-      value: s.value,
-      maxAge: s.maxAge,
-      expires: s.expires,
-      httpOnly: s.httpOnly ?? !0,
-      secure: s.secure,
-      sameSite: s.sameSite ?? "lax",
-      path: s.path ?? "/",
-      domain: s.domain
-    }), { success: !0 };
-  } catch (o) {
-    const e = (o == null ? void 0 : o.message) || "";
-    if (e.includes("cookies") || e.includes("request scope") || e.includes("outside") || e.includes("dynamic")) {
-      const n = `Cannot set cookie "${s.name}" outside request scope. Make sure this is called from a Server Action or Route Handler.`;
-      return process.env.NODE_ENV === "development" && console.warn(`[Mulguard] ${n}`), {
-        success: !1,
-        error: e,
-        warning: n
-      };
-    }
-    throw o;
-  }
-}
-async function N(s, o) {
-  try {
-    (await u()).set({
-      name: s,
-      value: "",
-      maxAge: 0,
-      expires: /* @__PURE__ */ new Date(0),
-      httpOnly: !0,
-      path: (o == null ? void 0 : o.path) ?? "/",
-      domain: o == null ? void 0 : o.domain
-    });
-  } catch (e) {
-    const n = (e == null ? void 0 : e.message) || "";
-    if (n.includes("cookies") || n.includes("request scope") || n.includes("outside") || n.includes("dynamic")) {
-      process.env.NODE_ENV === "development" && console.warn(`[Mulguard] Cannot delete cookie "${s}" outside request scope`);
-      return;
-    }
-    throw e;
-  }
-}
-function l(s, o, e) {
-  const n = process.env.NODE_ENV === "production";
-  return {
-    name: s,
-    value: o,
-    maxAge: e.expiresIn,
-    httpOnly: e.httpOnly ?? !0,
-    secure: e.secure ?? n,
-    sameSite: e.sameSite ?? "lax",
-    path: e.path ?? "/"
-  };
-}
-async function R(s, o) {
-  if (!s.verify2FA)
-    return {
-      success: !1,
-      error: "2FA verification is not configured",
-      errorCode: c.VALIDATION_ERROR
-    };
-  try {
-    const e = await s.verify2FA(o, { skipCookieSave: !0 });
-    if (e.success && e.session)
-      try {
-        const { cookieName: n, config: r } = s._getSessionConfig(), t = typeof e.session == "object" && "token" in e.session ? String(e.session.token) : JSON.stringify(e.session), i = l(n, t, r), a = await O(i);
-        !a.success && process.env.NODE_ENV === "development" && console.warn("[Mulguard] Failed to save session after 2FA verification:", a.error || a.warning);
-      } catch (n) {
-        process.env.NODE_ENV === "development" && console.warn("[Mulguard] Failed to save session cookie:", n);
-      }
-    return e;
-  } catch (e) {
-    return {
-      success: !1,
-      error: e instanceof Error ? e.message : "2FA verification failed",
-      errorCode: c.UNKNOWN_ERROR
-    };
-  }
-}
-async function f(s) {
-  var o;
-  try {
-    const e = await s.getSession(), n = e == null ? void 0 : e.user;
-    s.signOut && await s.signOut();
-    const { cookieName: r, config: t } = s._getSessionConfig();
-    await N(r, {
-      path: t.path || "/"
-    });
-    const i = (o = s._getCallbacks) == null ? void 0 : o.call(s);
-    return n && (i != null && i.onSignOut) && await i.onSignOut(n), { success: !0 };
-  } catch (e) {
-    return {
-      success: !1,
-      error: e instanceof Error ? e.message : "Sign out failed"
-    };
-  }
-}
-async function g(s, o) {
-  if (!s.signIn.email)
-    return {
-      success: !1,
-      error: "Email sign in is not configured",
-      errorCode: c.VALIDATION_ERROR
-    };
-  try {
-    const e = await s.signIn.email(o);
-    if (e.success && e.session)
-      try {
-        const { cookieName: n, config: r } = s._getSessionConfig(), t = typeof e.session == "object" && "token" in e.session ? String(e.session.token) : JSON.stringify(e.session), i = l(n, t, r);
-        await O(i);
-      } catch (n) {
-        process.env.NODE_ENV === "development" && console.warn("[Mulguard] Failed to save session cookie:", n);
-      }
-    return e;
-  } catch (e) {
-    return {
-      success: !1,
-      error: e instanceof Error ? e.message : "Sign in failed",
-      errorCode: c.UNKNOWN_ERROR
-    };
-  }
-}
-async function _(s, o) {
-  if (!s.signUp)
-    return {
-      success: !1,
-      error: "Sign up is not configured",
-      errorCode: c.VALIDATION_ERROR
-    };
-  try {
-    const e = await s.signUp(o);
-    if (e.success && e.session)
-      try {
-        const { cookieName: n, config: r } = s._getSessionConfig(), t = typeof e.session == "object" && "token" in e.session ? String(e.session.token) : JSON.stringify(e.session), i = l(n, t, r);
-        await O(i);
-      } catch (n) {
-        process.env.NODE_ENV === "development" && console.warn("[Mulguard] Failed to save session cookie:", n);
-      }
-    return e;
-  } catch (e) {
-    return {
-      success: !1,
-      error: e instanceof Error ? e.message : "Sign up failed",
-      errorCode: c.UNKNOWN_ERROR
-    };
-  }
-}
-const S = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
-  __proto__: null,
-  signInEmailAction: g,
-  signOutAction: f,
-  signUpAction: _,
-  verify2FAAction: R
-}, Symbol.toStringTag, { value: "Module" }));
-export {
-  c as A,
-  g as a,
-  _ as b,
-  O as c,
-  N as d,
-  l as e,
-  I as f,
-  A as g,
-  S as h,
-  f as s,
-  R as v
-};

package/dist/client/index.js

@@ -1 +0,0 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("react"),N=require("react/jsx-runtime");function v(){return typeof window>"u"}async function h(){try{return await Promise.resolve().then(()=>require("../actions-CMtg7FGv.js")).then(l=>l.actions)}catch{return null}}async function _(e,l){if(v())return e.verify2FA?e.verify2FA(l):{success:!1,error:"2FA verification is not configured"};try{const r=await h();if(r)return await r.verify2FAAction(e,l)}catch{}try{const r=await fetch("/api/auth/verify-2fa",{method:"POST",headers:{"Content-Type":"application/json"},credentials:"include",body:JSON.stringify(l)});if(!r.ok){const a=await r.json().catch(()=>({}));return{success:!1,error:a.error||"2FA verification failed",errorCode:a.errorCode}}return await r.json()}catch(r){return{success:!1,error:r instanceof Error?r.message:"2FA verification failed"}}}async function D(e,l){var r;if(v())return(r=e.signIn)!=null&&r.email?e.signIn.email(l):{success:!1,error:"Email sign in is not configured"};try{const a=await h();if(a)return await a.signInEmailAction(e,l)}catch{}try{const a=await fetch("/api/auth/sign-in",{method:"POST",headers:{"Content-Type":"application/json"},credentials:"include",body:JSON.stringify({provider:"email",credentials:l})});if(!a.ok){const u=await a.json().catch(()=>({}));return{success:!1,error:u.error||"Sign in failed",errorCode:u.errorCode}}return await a.json()}catch(a){return{success:!1,error:a instanceof Error?a.message:"Sign in failed"}}}async function L(e,l){if(v())return e.signUp?e.signUp(l):{success:!1,error:"Sign up is not configured"};try{const r=await h();if(r)return await r.signUpAction(e,l)}catch{}try{const r=await fetch("/api/auth/sign-up",{method:"POST",headers:{"Content-Type":"application/json"},credentials:"include",body:JSON.stringify(l)});if(!r.ok){const a=await r.json().catch(()=>({}));return{success:!1,error:a.error||"Sign up failed",errorCode:a.errorCode}}return await r.json()}catch(r){return{success:!1,error:r instanceof Error?r.message:"Sign up failed"}}}function E(e){const[l,r]=o.useState(null),[a,u]=o.useState(!0),c=o.useCallback(async(s=!1)=>{u(!0);try{const n="/api/auth/session"+(s?`?t=${Date.now()}`:""),i=await fetch(n,{method:"GET",credentials:"include",headers:{"Content-Type":"application/json","Cache-Control":"no-cache, no-store, must-revalidate",Pragma:"no-cache",Expires:"0"},cache:"no-store"});if(i.status===401||i.status===403){r(null);return}if(i.ok){const t=await i.json();t.session?r(t.session):r(null)}else r(null)}catch(n){process.env.NODE_ENV==="development"&&console.error("Failed to load session:",n),r(null)}finally{u(!1)}},[e]),w=o.useCallback(s=>{if(!s||!s.expiresAt||!e.refreshSession)return()=>{};const n=new Date(s.expiresAt),i=new Date,t=n.getTime()-i.getTime(),f=5*60*1e3;if(t>0&&t<f)return e.refreshSession().catch(()=>{}),()=>{};if(t>f){const p=t-f,S=setTimeout(()=>{var C;(C=e.refreshSession)==null||C.call(e).catch(()=>{})},p);return()=>clearTimeout(S)}return()=>{}},[e]);o.useEffect(()=>{let s=null;(async()=>{await c();try{const t=await fetch("/api/auth/session",{method:"GET",credentials:"include",headers:{"Content-Type":"application/json"},cache:"no-store"});if(t.ok){const f=await t.json();f.session?s=w(f.session):r(null)}else r(null)}catch(t){process.env.NODE_ENV==="development"&&console.debug("Failed to schedule proactive refresh:",t),r(null)}})();const i=setInterval(()=>{fetch("/api/auth/session",{method:"GET",credentials:"include",headers:{"Content-Type":"application/json"},cache:"no-store"}).then(t=>t.status===401||t.status===403?(r(null),s&&(s(),s=null),typeof window<"u"&&window.location.pathname!=="/auth/login"&&window.location.replace("/auth/login?reason=session_expired"),null):t.json()).then(t=>{t&&(t.session?(r(t.session),s&&s(),s=w(t.session)):(r(null),s&&(s(),s=null)))}).catch(()=>{r(null),s&&(s(),s=null)})},60*1e3);return()=>{clearInterval(i),s&&s()}},[c,w]);const y=o.useCallback(async s=>{try{const n=await D(e,s);return n.success&&await c(),n}catch(n){return{success:!1,error:n instanceof Error?n.message:"Sign in failed"}}},[e,c]),g=o.useCallback(async s=>{if(!e.signIn.oauth)throw new Error("OAuth sign in is not configured");return e.signIn.oauth(s)},[e]),d=o.useCallback(async s=>{if(!e.signIn.passkey)return{success:!1,error:"PassKey sign in is not configured"};try{const n=await e.signIn.passkey(s);return n.success&&await c(),n}catch(n){return{success:!1,error:n instanceof Error?n.message:"PassKey authentication failed"}}},[e,c]),m=o.useCallback(async s=>{if(!e.signUp)return{success:!1,error:"Sign up is not configured"};try{const n=await L(e,s);return n.success&&await c(),n}catch(n){return{success:!1,error:n instanceof Error?n.message:"Sign up failed"}}},[e,c]),U=o.useCallback(async()=>{var s,n;try{if(r(null),u(!0),typeof window<"u"){try{window.sessionStorage.clear()}catch{}try{const i=(s=e._getSessionConfig)==null?void 0:s.call(e),t=(i==null?void 0:i.cookieName)||"__mulguard_session";try{window.localStorage.removeItem(t)}catch{}}catch{}}if(await e.signOut(),await c(!0),r(null),u(!1),typeof window<"u"){const i="/auth/login",t=window.location.pathname,f=window.location.search;if(t===i||t.startsWith("/auth/")){window.location.reload();return}const p=new URL(i,window.location.origin);t&&t!=="/"&&p.searchParams.set("redirect",t+f),window.location.replace(p.toString())}}catch(i){if(process.env.NODE_ENV==="development"&&console.error("Sign out error:",i),r(null),u(!1),typeof window<"u"){try{window.sessionStorage.clear();const f=(n=e._getSessionConfig)==null?void 0:n.call(e),p=(f==null?void 0:f.cookieName)||"__mulguard_session";try{window.localStorage.removeItem(p)}catch{}}catch{}const t="/auth/login";window.location.pathname!==t&&!window.location.pathname.startsWith("/auth/")?window.location.replace(t):window.location.reload()}}},[e,c]),T=o.useCallback(async s=>{if(!e.resetPassword)throw new Error("Password reset is not configured");return e.resetPassword(s)},[e]),F=o.useCallback(async s=>{if(!e.verifyEmail)throw new Error("Email verification is not configured");return e.verifyEmail(s)},[e]),x=o.useCallback(async s=>{if(!e.verify2FA)return{success:!1,error:"2FA verification is not configured"};try{const n=await _(e,s);return n.success&&(await new Promise(i=>setTimeout(i,100)),await c()),n}catch(n){return{success:!1,error:n instanceof Error?n.message:"2FA verification failed"}}},[e,c]),j=o.useCallback(async(s,n)=>s==="credentials"?!n||!("email"in n)||!("password"in n)?{success:!1,error:"Credentials are required"}:e.signIn("credentials",n):s==="otp"?!n||!("email"in n)?{success:!1,error:"Email is required"}:e.signIn("otp",n):s==="passkey"?e.signIn("passkey",n):e.signIn(s),[e]);return{session:l,isLoading:a,signIn:j,signInMethods:{email:y,oauth:g,passkey:d,otp:o.useCallback(async(s,n)=>{if(!e.signIn.otp)return{success:!1,error:"OTP sign in is not configured"};try{const i=await e.signIn.otp(s,n);return i.success&&await c(),i}catch(i){return{success:!1,error:i instanceof Error?i.message:"OTP sign in failed"}}},[e,c])},signUp:m,signOut:U,resetPassword:T,verifyEmail:F,verify2FA:x}}function A(e){const[l,r]=o.useState(null),[a,u]=o.useState(!0),[c,w]=o.useState(null),y=o.useCallback(async()=>{u(!0),w(null);try{const g=await e.getSession();r(g)}catch(g){const d=g instanceof Error?g:new Error("Failed to load session");w(d),r(null)}finally{u(!1)}},[e]);return o.useEffect(()=>{y();const g=setInterval(()=>{y()},5*60*1e3);return()=>clearInterval(g)},[y]),{session:l,isLoading:a,error:c}}function P(e){const[l,r]=o.useState([]),[a,u]=o.useState(!0),c=o.useCallback(async()=>{if(!e.accountPicker){r([]),u(!1);return}u(!0);try{const d=await e.accountPicker.getLastUsers();r(d)}catch(d){process.env.NODE_ENV==="development"&&console.error("Failed to load last users:",d),r([])}finally{u(!1)}},[e]);o.useEffect(()=>{c()},[c]);const w=o.useCallback(async(d,m)=>{e.accountPicker&&(await e.accountPicker.rememberUser(d,m),await c())},[e,c]),y=o.useCallback(async d=>{e.accountPicker&&(await e.accountPicker.clearUser(d),await c())},[e,c]),g=o.useCallback(async()=>{e.accountPicker&&(await e.accountPicker.clearAll(),await c())},[e,c]);return{lastUsers:l,isLoading:a,rememberUser:w,clearUser:y,clearAll:g,refresh:c}}const I=o.createContext(null);function b({auth:e,children:l}){const r=A(e),a=P(e);return N.jsx(I.Provider,{value:{auth:e,session:r,accountPicker:a},children:l})}function k(){const e=o.useContext(I);if(!e)throw new Error("useMulguardContext must be used within MulguardProvider");return e}function M(){const{auth:e}=k();return E(e)}const q=b,R=k;exports.AuthProvider=q;exports.MulguardProvider=b;exports.useAccountPicker=P;exports.useAuth=E;exports.useAuthContext=R;exports.useAuthFromContext=M;exports.useMulguardContext=k;exports.useSession=A;