naystack 1.5.25 → 1.5.27

package/dist/auth/email/client.cjs.js

@@ -44,6 +44,9 @@ __export(client_exports, {
 module.exports = __toCommonJS(client_exports);
 var import_react = __toESM(require("react"));
 
+// src/auth/constants.ts
+var REFRESH_COOKIE_NAME = "refresh";
+
 // src/env.ts
 var getEnvValue = (key) => {
   switch (key) {
@@ -95,19 +98,33 @@ function getEnv(key, skipCheck) {
 
 // src/auth/email/client.tsx
 var TokenContext = (0, import_react.createContext)({
-  token: null,
+  token: void 0,
   setToken: () => null
 });
-var AuthWrapper = ({ children }) => {
-  const [token, setToken] = (0, import_react.useState)(null);
+var AuthWrapper = ({
+  children,
+  onTokenUpdate
+}) => {
+  const [token, setToken] = (0, import_react.useState)();
+  (0, import_react.useEffect)(() => {
+    if (onTokenUpdate && token !== void 0) {
+      onTokenUpdate(token);
+    }
+  }, [token]);
   return /* @__PURE__ */ import_react.default.createElement(TokenContext.Provider, { value: { token, setToken } }, children);
 };
-function useAuthFetch() {
+function useAuthFetch(getRefreshToken) {
   const setToken = useSetToken();
-  (0, import_react.useEffect)(() => {
+  const fetchToken = async () => {
     fetch(getEnv("NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */), {
-      credentials: "include"
+      credentials: "include",
+      body: getRefreshToken ? JSON.stringify({
+        [REFRESH_COOKIE_NAME]: await getRefreshToken()
+      }) : void 0
     }).then((res) => res.json()).then((data) => setToken(data.accessToken));
+  };
+  (0, import_react.useEffect)(() => {
+    fetchToken();
   }, []);
 }
 function AuthApply({ data }) {

package/dist/auth/email/client.d.mts

@@ -5,8 +5,8 @@ import React__default, { Dispatch, SetStateAction } from 'react';
  * @category Auth
  */
 declare const TokenContext: React__default.Context<{
-    token: string | null;
-    setToken: Dispatch<SetStateAction<string | null>>;
+    token: string | null | undefined;
+    setToken: Dispatch<SetStateAction<string | null | undefined>>;
 }>;
 /**
  * Provider that fetches the current access token from your auth endpoint and exposes it via TokenContext.
@@ -39,10 +39,11 @@ declare const TokenContext: React__default.Context<{
  *
  * @category Auth
  */
-declare const AuthWrapper: ({ children }: {
+declare const AuthWrapper: ({ children, onTokenUpdate, }: {
     children: React__default.ReactNode;
+    onTokenUpdate?: (token: string | null) => void;
 }) => React__default.JSX.Element;
-declare function useAuthFetch(): void;
+declare function useAuthFetch(getRefreshToken?: () => Promise<string>): void;
 declare function AuthApply({ data }: {
     data?: string | null;
 }): null;
@@ -73,7 +74,7 @@ declare function AuthApply({ data }: {
  *
  * @category Auth
  */
-declare function useToken(): string | null;
+declare function useToken(): string | null | undefined;
 /**
  * Returns the setter for the access token in TokenContext. Use to update token after login/signup or clear it on logout.
  * Must be used inside `AuthWrapper`. Typically you won't need this directly — use `useLogin`, `useSignUp`, and `useLogout` instead.
@@ -82,7 +83,7 @@ declare function useToken(): string | null;
  *
  * @category Auth
  */
-declare function useSetToken(): React__default.Dispatch<React__default.SetStateAction<string | null>>;
+declare function useSetToken(): React__default.Dispatch<React__default.SetStateAction<string | null | undefined>>;
 /**
  * Returns a sign-up function that POSTs to the auth endpoint with credentials. On success, the response's
  * `accessToken` is stored and the token context updates automatically.

package/dist/auth/email/client.d.ts

@@ -5,8 +5,8 @@ import React__default, { Dispatch, SetStateAction } from 'react';
  * @category Auth
  */
 declare const TokenContext: React__default.Context<{
-    token: string | null;
-    setToken: Dispatch<SetStateAction<string | null>>;
+    token: string | null | undefined;
+    setToken: Dispatch<SetStateAction<string | null | undefined>>;
 }>;
 /**
  * Provider that fetches the current access token from your auth endpoint and exposes it via TokenContext.
@@ -39,10 +39,11 @@ declare const TokenContext: React__default.Context<{
  *
  * @category Auth
  */
-declare const AuthWrapper: ({ children }: {
+declare const AuthWrapper: ({ children, onTokenUpdate, }: {
     children: React__default.ReactNode;
+    onTokenUpdate?: (token: string | null) => void;
 }) => React__default.JSX.Element;
-declare function useAuthFetch(): void;
+declare function useAuthFetch(getRefreshToken?: () => Promise<string>): void;
 declare function AuthApply({ data }: {
     data?: string | null;
 }): null;
@@ -73,7 +74,7 @@ declare function AuthApply({ data }: {
  *
  * @category Auth
  */
-declare function useToken(): string | null;
+declare function useToken(): string | null | undefined;
 /**
  * Returns the setter for the access token in TokenContext. Use to update token after login/signup or clear it on logout.
  * Must be used inside `AuthWrapper`. Typically you won't need this directly — use `useLogin`, `useSignUp`, and `useLogout` instead.
@@ -82,7 +83,7 @@ declare function useToken(): string | null;
  *
  * @category Auth
  */
-declare function useSetToken(): React__default.Dispatch<React__default.SetStateAction<string | null>>;
+declare function useSetToken(): React__default.Dispatch<React__default.SetStateAction<string | null | undefined>>;
 /**
  * Returns a sign-up function that POSTs to the auth endpoint with credentials. On success, the response's
  * `accessToken` is stored and the token context updates automatically.

package/dist/auth/email/client.esm.js

@@ -9,6 +9,9 @@ import React, {
   useState
 } from "react";
 
+// src/auth/constants.ts
+var REFRESH_COOKIE_NAME = "refresh";
+
 // src/env.ts
 var getEnvValue = (key) => {
   switch (key) {
@@ -60,19 +63,33 @@ function getEnv(key, skipCheck) {
 
 // src/auth/email/client.tsx
 var TokenContext = createContext({
-  token: null,
+  token: void 0,
   setToken: () => null
 });
-var AuthWrapper = ({ children }) => {
-  const [token, setToken] = useState(null);
+var AuthWrapper = ({
+  children,
+  onTokenUpdate
+}) => {
+  const [token, setToken] = useState();
+  useEffect(() => {
+    if (onTokenUpdate && token !== void 0) {
+      onTokenUpdate(token);
+    }
+  }, [token]);
   return /* @__PURE__ */ React.createElement(TokenContext.Provider, { value: { token, setToken } }, children);
 };
-function useAuthFetch() {
+function useAuthFetch(getRefreshToken) {
   const setToken = useSetToken();
-  useEffect(() => {
+  const fetchToken = async () => {
     fetch(getEnv("NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */), {
-      credentials: "include"
+      credentials: "include",
+      body: getRefreshToken ? JSON.stringify({
+        [REFRESH_COOKIE_NAME]: await getRefreshToken()
+      }) : void 0
     }).then((res) => res.json()).then((data) => setToken(data.accessToken));
+  };
+  useEffect(() => {
+    fetchToken();
   }, []);
 }
 function AuthApply({ data }) {

package/dist/auth/email/index.cjs.js

@@ -36,6 +36,7 @@ __export(email_exports, {
   getEmailAuthRoutes: () => getEmailAuthRoutes
 });
 module.exports = __toCommonJS(email_exports);
+var import_server4 = require("next/server");
 
 // src/auth/email/token.ts
 var import_bcryptjs = require("bcryptjs");
@@ -242,7 +243,9 @@ var getDeleteRoute = (options) => async (req) => {
 // src/auth/email/routes/get.ts
 var getGetRoute = (options) => async (req) => {
   const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-  const userID = getUserIdFromRefreshToken(refresh);
+  const requestBody = refresh ? null : await req.json();
+  const bodyRefresh = requestBody?.[REFRESH_COOKIE_NAME];
+  const userID = getUserIdFromRefreshToken(refresh || bodyRefresh);
   if (userID) {
     if (options.onRefresh) {
       const body = await req.json();
@@ -366,12 +369,52 @@ function AuthFetch() {
 }
 
 // src/auth/email/index.ts
+function getCorsHeaders(origin, allowedOrigins) {
+  if (!origin || !allowedOrigins.includes(origin)) return null;
+  return {
+    "Access-Control-Allow-Origin": origin,
+    "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization",
+    "Access-Control-Allow-Credentials": "true"
+  };
+}
+function withCors(handler, allowedOrigins) {
+  if (!allowedOrigins?.length) return handler;
+  return ((req) => {
+    return handler(req).then((response) => {
+      if (!response) return response;
+      const corsHeaders = getCorsHeaders(
+        req.headers.get("origin"),
+        allowedOrigins
+      );
+      if (corsHeaders) {
+        Object.entries(corsHeaders).forEach(([key, value]) => {
+          response.headers.set(key, value);
+        });
+      }
+      return response;
+    });
+  });
+}
 function getEmailAuthRoutes(options) {
+  const { allowedOrigins } = options;
   return {
-    GET: getGetRoute(options),
-    POST: getPostRoute(options),
-    PUT: getPutRoute(options),
-    DELETE: getDeleteRoute(options)
+    GET: withCors(getGetRoute(options), allowedOrigins),
+    POST: withCors(getPostRoute(options), allowedOrigins),
+    PUT: withCors(getPutRoute(options), allowedOrigins),
+    DELETE: withCors(getDeleteRoute(options), allowedOrigins),
+    ...allowedOrigins?.length ? {
+      OPTIONS: (req) => {
+        const corsHeaders = getCorsHeaders(
+          req.headers.get("origin"),
+          allowedOrigins
+        );
+        return new import_server4.NextResponse(null, {
+          status: 204,
+          headers: corsHeaders ?? void 0
+        });
+      }
+    } : {}
   };
 }
 // Annotate the CommonJS export names for ESM import in node:

package/dist/auth/email/index.d.mts

@@ -1,4 +1,4 @@
-import * as next_server from 'next/server';
+import { NextRequest, NextResponse } from 'next/server';
 import { InitRoutesOptions } from './types.mjs';
 export { default as AuthFetch } from './server.mjs';
 export { checkAuthStatus } from './token.mjs';
@@ -48,13 +48,14 @@ import '../../graphql/types.mjs';
  * @category Auth
  */
 declare function getEmailAuthRoutes(options: InitRoutesOptions): {
-    GET: (req: next_server.NextRequest) => Promise<next_server.NextResponse<{
+    OPTIONS?: ((req: NextRequest) => NextResponse<unknown>) | undefined;
+    GET: (req: NextRequest) => Promise<NextResponse<{
         accessToken: string | undefined;
         refreshToken: string | undefined;
     }>>;
-    POST: (req: next_server.NextRequest) => Promise<next_server.NextResponse<unknown> | undefined>;
-    PUT: (req: next_server.NextRequest) => Promise<next_server.NextResponse<unknown> | undefined>;
-    DELETE: (req: next_server.NextRequest) => Promise<next_server.NextResponse<{
+    POST: (req: NextRequest) => Promise<NextResponse<unknown> | undefined>;
+    PUT: (req: NextRequest) => Promise<NextResponse<unknown> | undefined>;
+    DELETE: (req: NextRequest) => Promise<NextResponse<{
         accessToken: string | undefined;
         refreshToken: string | undefined;
     }>>;

package/dist/auth/email/index.d.ts

@@ -1,4 +1,4 @@
-import * as next_server from 'next/server';
+import { NextRequest, NextResponse } from 'next/server';
 import { InitRoutesOptions } from './types.js';
 export { default as AuthFetch } from './server.js';
 export { checkAuthStatus } from './token.js';
@@ -48,13 +48,14 @@ import '../../graphql/types.js';
  * @category Auth
  */
 declare function getEmailAuthRoutes(options: InitRoutesOptions): {
-    GET: (req: next_server.NextRequest) => Promise<next_server.NextResponse<{
+    OPTIONS?: ((req: NextRequest) => NextResponse<unknown>) | undefined;
+    GET: (req: NextRequest) => Promise<NextResponse<{
         accessToken: string | undefined;
         refreshToken: string | undefined;
     }>>;
-    POST: (req: next_server.NextRequest) => Promise<next_server.NextResponse<unknown> | undefined>;
-    PUT: (req: next_server.NextRequest) => Promise<next_server.NextResponse<unknown> | undefined>;
-    DELETE: (req: next_server.NextRequest) => Promise<next_server.NextResponse<{
+    POST: (req: NextRequest) => Promise<NextResponse<unknown> | undefined>;
+    PUT: (req: NextRequest) => Promise<NextResponse<unknown> | undefined>;
+    DELETE: (req: NextRequest) => Promise<NextResponse<{
         accessToken: string | undefined;
         refreshToken: string | undefined;
     }>>;

package/dist/auth/email/index.esm.js

@@ -1,3 +1,6 @@
+// src/auth/email/index.ts
+import { NextResponse as NextResponse3 } from "next/server";
+
 // src/auth/email/token.ts
 import { compare } from "bcryptjs";
 import { JsonWebTokenError, sign, verify } from "jsonwebtoken";
@@ -203,7 +206,9 @@ var getDeleteRoute = (options) => async (req) => {
 // src/auth/email/routes/get.ts
 var getGetRoute = (options) => async (req) => {
   const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-  const userID = getUserIdFromRefreshToken(refresh);
+  const requestBody = refresh ? null : await req.json();
+  const bodyRefresh = requestBody?.[REFRESH_COOKIE_NAME];
+  const userID = getUserIdFromRefreshToken(refresh || bodyRefresh);
   if (userID) {
     if (options.onRefresh) {
       const body = await req.json();
@@ -331,12 +336,52 @@ function AuthFetch() {
 }
 
 // src/auth/email/index.ts
+function getCorsHeaders(origin, allowedOrigins) {
+  if (!origin || !allowedOrigins.includes(origin)) return null;
+  return {
+    "Access-Control-Allow-Origin": origin,
+    "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization",
+    "Access-Control-Allow-Credentials": "true"
+  };
+}
+function withCors(handler, allowedOrigins) {
+  if (!allowedOrigins?.length) return handler;
+  return ((req) => {
+    return handler(req).then((response) => {
+      if (!response) return response;
+      const corsHeaders = getCorsHeaders(
+        req.headers.get("origin"),
+        allowedOrigins
+      );
+      if (corsHeaders) {
+        Object.entries(corsHeaders).forEach(([key, value]) => {
+          response.headers.set(key, value);
+        });
+      }
+      return response;
+    });
+  });
+}
 function getEmailAuthRoutes(options) {
+  const { allowedOrigins } = options;
   return {
-    GET: getGetRoute(options),
-    POST: getPostRoute(options),
-    PUT: getPutRoute(options),
-    DELETE: getDeleteRoute(options)
+    GET: withCors(getGetRoute(options), allowedOrigins),
+    POST: withCors(getPostRoute(options), allowedOrigins),
+    PUT: withCors(getPutRoute(options), allowedOrigins),
+    DELETE: withCors(getDeleteRoute(options), allowedOrigins),
+    ...allowedOrigins?.length ? {
+      OPTIONS: (req) => {
+        const corsHeaders = getCorsHeaders(
+          req.headers.get("origin"),
+          allowedOrigins
+        );
+        return new NextResponse3(null, {
+          status: 204,
+          headers: corsHeaders ?? void 0
+        });
+      }
+    } : {}
   };
 }
 export {

package/dist/auth/email/routes/get.cjs.js

@@ -124,7 +124,9 @@ function getUserIdFromRefreshToken(refreshToken) {
 // src/auth/email/routes/get.ts
 var getGetRoute = (options) => async (req) => {
   const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-  const userID = getUserIdFromRefreshToken(refresh);
+  const requestBody = refresh ? null : await req.json();
+  const bodyRefresh = requestBody?.[REFRESH_COOKIE_NAME];
+  const userID = getUserIdFromRefreshToken(refresh || bodyRefresh);
   if (userID) {
     if (options.onRefresh) {
       const body = await req.json();

package/dist/auth/email/routes/get.esm.js

@@ -98,7 +98,9 @@ function getUserIdFromRefreshToken(refreshToken) {
 // src/auth/email/routes/get.ts
 var getGetRoute = (options) => async (req) => {
   const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-  const userID = getUserIdFromRefreshToken(refresh);
+  const requestBody = refresh ? null : await req.json();
+  const bodyRefresh = requestBody?.[REFRESH_COOKIE_NAME];
+  const userID = getUserIdFromRefreshToken(refresh || bodyRefresh);
   if (userID) {
     if (options.onRefresh) {
       const body = await req.json();

package/dist/auth/email/types.d.mts

@@ -31,6 +31,7 @@ type InitRoutesOptions = {
     onLogin?: (userId: number | null, body: any) => Promise<void>;
     onRefresh?: (userId: number | null, body: any) => Promise<void>;
     onLogout?: (userId: number | null, body: any) => Promise<void>;
+    allowedOrigins?: string[];
 };
 
 export type { InitRoutesOptions };

package/dist/auth/email/types.d.ts

@@ -31,6 +31,7 @@ type InitRoutesOptions = {
     onLogin?: (userId: number | null, body: any) => Promise<void>;
     onRefresh?: (userId: number | null, body: any) => Promise<void>;
     onLogout?: (userId: number | null, body: any) => Promise<void>;
+    allowedOrigins?: string[];
 };
 
 export type { InitRoutesOptions };

package/dist/auth/index.cjs.js

@@ -41,6 +41,9 @@ __export(auth_exports, {
 });
 module.exports = __toCommonJS(auth_exports);
 
+// src/auth/email/index.ts
+var import_server4 = require("next/server");
+
 // src/auth/email/token.ts
 var import_bcryptjs = require("bcryptjs");
 var import_jsonwebtoken = require("jsonwebtoken");
@@ -258,7 +261,9 @@ var getDeleteRoute = (options) => async (req) => {
 // src/auth/email/routes/get.ts
 var getGetRoute = (options) => async (req) => {
   const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-  const userID = getUserIdFromRefreshToken(refresh);
+  const requestBody = refresh ? null : await req.json();
+  const bodyRefresh = requestBody?.[REFRESH_COOKIE_NAME];
+  const userID = getUserIdFromRefreshToken(refresh || bodyRefresh);
   if (userID) {
     if (options.onRefresh) {
       const body = await req.json();
@@ -382,18 +387,58 @@ function AuthFetch() {
 }
 
 // src/auth/email/index.ts
+function getCorsHeaders(origin, allowedOrigins) {
+  if (!origin || !allowedOrigins.includes(origin)) return null;
+  return {
+    "Access-Control-Allow-Origin": origin,
+    "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization",
+    "Access-Control-Allow-Credentials": "true"
+  };
+}
+function withCors(handler, allowedOrigins) {
+  if (!allowedOrigins?.length) return handler;
+  return ((req) => {
+    return handler(req).then((response) => {
+      if (!response) return response;
+      const corsHeaders = getCorsHeaders(
+        req.headers.get("origin"),
+        allowedOrigins
+      );
+      if (corsHeaders) {
+        Object.entries(corsHeaders).forEach(([key, value]) => {
+          response.headers.set(key, value);
+        });
+      }
+      return response;
+    });
+  });
+}
 function getEmailAuthRoutes(options) {
+  const { allowedOrigins } = options;
   return {
-    GET: getGetRoute(options),
-    POST: getPostRoute(options),
-    PUT: getPutRoute(options),
-    DELETE: getDeleteRoute(options)
+    GET: withCors(getGetRoute(options), allowedOrigins),
+    POST: withCors(getPostRoute(options), allowedOrigins),
+    PUT: withCors(getPutRoute(options), allowedOrigins),
+    DELETE: withCors(getDeleteRoute(options), allowedOrigins),
+    ...allowedOrigins?.length ? {
+      OPTIONS: (req) => {
+        const corsHeaders = getCorsHeaders(
+          req.headers.get("origin"),
+          allowedOrigins
+        );
+        return new import_server4.NextResponse(null, {
+          status: 204,
+          headers: corsHeaders ?? void 0
+        });
+      }
+    } : {}
   };
 }
 
 // src/auth/google/get.ts
 var import_googleapis = require("googleapis");
-var import_server5 = require("next/server");
+var import_server6 = require("next/server");
 var import_uuid = require("uuid");
 var getGoogleGetRoute = ({
   getUserIdFromEmail,
@@ -423,7 +468,7 @@ var getGoogleGetRoute = ({
         prompt: "consent",
         redirect_uri: url
       });
-      const res = import_server5.NextResponse.redirect(authorizationUrl);
+      const res = import_server6.NextResponse.redirect(authorizationUrl);
       res.cookies.set("state", state2, {
         httpOnly: true,
         secure: true
@@ -432,12 +477,12 @@ var getGoogleGetRoute = ({
     }
     const errorURL = errorRedirectURL || redirectURL;
     if (error) {
-      return import_server5.NextResponse.redirect(errorURL);
+      return import_server6.NextResponse.redirect(errorURL);
     }
     const state = req.nextUrl.searchParams.get("state") || void 0;
     if (code && state) {
       const localState = req.cookies.get("state")?.value;
-      if (localState !== state) return import_server5.NextResponse.redirect(errorURL);
+      if (localState !== state) return import_server6.NextResponse.redirect(errorURL);
       const { tokens } = await oauth2Client.getToken(code);
       oauth2Client.setCredentials(tokens);
       const userInfoRequest = await import_googleapis.google.oauth2({
@@ -449,7 +494,7 @@ var getGoogleGetRoute = ({
         const { data } = JSON.parse(localState);
         const id = await getUserIdFromEmail(user, data);
         if (id) {
-          const res = import_server5.NextResponse.redirect(redirectURL);
+          const res = import_server6.NextResponse.redirect(redirectURL);
           res.cookies.set(
             REFRESH_COOKIE_NAME,
             generateRefreshToken(id, getEnv("REFRESH_KEY" /* REFRESH_KEY */)),
@@ -467,7 +512,7 @@ var getGoogleGetRoute = ({
         }
       }
     }
-    return import_server5.NextResponse.redirect(errorURL);
+    return import_server6.NextResponse.redirect(errorURL);
   };
 };
 
@@ -479,7 +524,7 @@ function initGoogleAuth(props) {
 }
 
 // src/auth/instagram/route.ts
-var import_server7 = require("next/server");
+var import_server8 = require("next/server");
 
 // src/auth/instagram/utils.ts
 async function getRefreshedInstagramAccessToken(token) {
@@ -541,7 +586,7 @@ var getInstagramUser = (token, id, fields) => {
 };
 
 // src/socials/meta-webhook.ts
-var import_server6 = require("next/server");
+var import_server7 = require("next/server");
 
 // src/auth/instagram/route.ts
 var getInstagramRoute = ({
@@ -549,7 +594,7 @@ var getInstagramRoute = ({
   errorRedirectURL,
   onUser
 }) => {
-  const handleError2 = (message) => import_server7.NextResponse.redirect(`${errorRedirectURL}?error=${message}`);
+  const handleError2 = (message) => import_server8.NextResponse.redirect(`${errorRedirectURL}?error=${message}`);
   return async (req) => {
     const accessCode = req.nextUrl.searchParams.get("code");
     const error = req.nextUrl.searchParams.get("error");
@@ -573,7 +618,7 @@ var getInstagramRoute = ({
       instagramData.accessToken
     );
     if (errorMessage) return handleError2(errorMessage);
-    return import_server7.NextResponse.redirect(redirectURL);
+    return import_server8.NextResponse.redirect(redirectURL);
   };
 };
 

package/dist/auth/index.esm.js

@@ -1,3 +1,6 @@
+// src/auth/email/index.ts
+import { NextResponse as NextResponse3 } from "next/server";
+
 // src/auth/email/token.ts
 import { compare } from "bcryptjs";
 import { JsonWebTokenError, sign, verify } from "jsonwebtoken";
@@ -215,7 +218,9 @@ var getDeleteRoute = (options) => async (req) => {
 // src/auth/email/routes/get.ts
 var getGetRoute = (options) => async (req) => {
   const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-  const userID = getUserIdFromRefreshToken(refresh);
+  const requestBody = refresh ? null : await req.json();
+  const bodyRefresh = requestBody?.[REFRESH_COOKIE_NAME];
+  const userID = getUserIdFromRefreshToken(refresh || bodyRefresh);
   if (userID) {
     if (options.onRefresh) {
       const body = await req.json();
@@ -343,18 +348,58 @@ function AuthFetch() {
 }
 
 // src/auth/email/index.ts
+function getCorsHeaders(origin, allowedOrigins) {
+  if (!origin || !allowedOrigins.includes(origin)) return null;
+  return {
+    "Access-Control-Allow-Origin": origin,
+    "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization",
+    "Access-Control-Allow-Credentials": "true"
+  };
+}
+function withCors(handler, allowedOrigins) {
+  if (!allowedOrigins?.length) return handler;
+  return ((req) => {
+    return handler(req).then((response) => {
+      if (!response) return response;
+      const corsHeaders = getCorsHeaders(
+        req.headers.get("origin"),
+        allowedOrigins
+      );
+      if (corsHeaders) {
+        Object.entries(corsHeaders).forEach(([key, value]) => {
+          response.headers.set(key, value);
+        });
+      }
+      return response;
+    });
+  });
+}
 function getEmailAuthRoutes(options) {
+  const { allowedOrigins } = options;
   return {
-    GET: getGetRoute(options),
-    POST: getPostRoute(options),
-    PUT: getPutRoute(options),
-    DELETE: getDeleteRoute(options)
+    GET: withCors(getGetRoute(options), allowedOrigins),
+    POST: withCors(getPostRoute(options), allowedOrigins),
+    PUT: withCors(getPutRoute(options), allowedOrigins),
+    DELETE: withCors(getDeleteRoute(options), allowedOrigins),
+    ...allowedOrigins?.length ? {
+      OPTIONS: (req) => {
+        const corsHeaders = getCorsHeaders(
+          req.headers.get("origin"),
+          allowedOrigins
+        );
+        return new NextResponse3(null, {
+          status: 204,
+          headers: corsHeaders ?? void 0
+        });
+      }
+    } : {}
   };
 }
 
 // src/auth/google/get.ts
 import { google } from "googleapis";
-import { NextResponse as NextResponse3 } from "next/server";
+import { NextResponse as NextResponse4 } from "next/server";
 import { v4 } from "uuid";
 var getGoogleGetRoute = ({
   getUserIdFromEmail,
@@ -384,7 +429,7 @@ var getGoogleGetRoute = ({
         prompt: "consent",
         redirect_uri: url
       });
-      const res = NextResponse3.redirect(authorizationUrl);
+      const res = NextResponse4.redirect(authorizationUrl);
       res.cookies.set("state", state2, {
         httpOnly: true,
         secure: true
@@ -393,12 +438,12 @@ var getGoogleGetRoute = ({
     }
     const errorURL = errorRedirectURL || redirectURL;
     if (error) {
-      return NextResponse3.redirect(errorURL);
+      return NextResponse4.redirect(errorURL);
     }
     const state = req.nextUrl.searchParams.get("state") || void 0;
     if (code && state) {
       const localState = req.cookies.get("state")?.value;
-      if (localState !== state) return NextResponse3.redirect(errorURL);
+      if (localState !== state) return NextResponse4.redirect(errorURL);
       const { tokens } = await oauth2Client.getToken(code);
       oauth2Client.setCredentials(tokens);
       const userInfoRequest = await google.oauth2({
@@ -410,7 +455,7 @@ var getGoogleGetRoute = ({
         const { data } = JSON.parse(localState);
         const id = await getUserIdFromEmail(user, data);
         if (id) {
-          const res = NextResponse3.redirect(redirectURL);
+          const res = NextResponse4.redirect(redirectURL);
           res.cookies.set(
             REFRESH_COOKIE_NAME,
             generateRefreshToken(id, getEnv("REFRESH_KEY" /* REFRESH_KEY */)),
@@ -428,7 +473,7 @@ var getGoogleGetRoute = ({
         }
       }
     }
-    return NextResponse3.redirect(errorURL);
+    return NextResponse4.redirect(errorURL);
   };
 };
 
@@ -440,7 +485,7 @@ function initGoogleAuth(props) {
 }
 
 // src/auth/instagram/route.ts
-import { NextResponse as NextResponse5 } from "next/server";
+import { NextResponse as NextResponse6 } from "next/server";
 
 // src/auth/instagram/utils.ts
 async function getRefreshedInstagramAccessToken(token) {
@@ -502,7 +547,7 @@ var getInstagramUser = (token, id, fields) => {
 };
 
 // src/socials/meta-webhook.ts
-import { NextResponse as NextResponse4 } from "next/server";
+import { NextResponse as NextResponse5 } from "next/server";
 
 // src/auth/instagram/route.ts
 var getInstagramRoute = ({
@@ -510,7 +555,7 @@ var getInstagramRoute = ({
   errorRedirectURL,
   onUser
 }) => {
-  const handleError2 = (message) => NextResponse5.redirect(`${errorRedirectURL}?error=${message}`);
+  const handleError2 = (message) => NextResponse6.redirect(`${errorRedirectURL}?error=${message}`);
   return async (req) => {
     const accessCode = req.nextUrl.searchParams.get("code");
     const error = req.nextUrl.searchParams.get("error");
@@ -534,7 +579,7 @@ var getInstagramRoute = ({
       instagramData.accessToken
     );
     if (errorMessage) return handleError2(errorMessage);
-    return NextResponse5.redirect(redirectURL);
+    return NextResponse6.redirect(redirectURL);
   };
 };
 

package/dist/graphql/client.cjs.js

@@ -32,6 +32,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var client_exports = {};
 __export(client_exports, {
   ApolloWrapper: () => ApolloWrapper,
+  ApolloWrapperNext: () => ApolloWrapperNext,
   tokenContext: () => tokenContext,
   useAuthMutation: () => useAuthMutation,
   useAuthQuery: () => useAuthQuery
@@ -92,19 +93,33 @@ function getEnv(key, skipCheck) {
 }
 
 // src/graphql/client.tsx
+function makeClient(cacheConfig) {
+  return new import_client_integration_nextjs.ApolloClient({
+    cache: new import_client_integration_nextjs.InMemoryCache(cacheConfig),
+    link: new import_client.HttpLink({
+      uri: getEnv("NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */)
+    })
+  });
+}
+var ApolloWrapperNext = ({
+  children,
+  cacheConfig
+}) => {
+  return /* @__PURE__ */ import_react.default.createElement(import_client_integration_nextjs.ApolloNextAppProvider, { makeClient: () => makeClient(cacheConfig) }, children);
+};
+function makeClientBasic(cacheConfig) {
+  return new import_client.ApolloClient({
+    cache: new import_client.InMemoryCache(cacheConfig),
+    link: new import_client.HttpLink({
+      uri: getEnv("NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */)
+    })
+  });
+}
 var ApolloWrapper = ({
   children,
   cacheConfig
 }) => {
-  function makeClient() {
-    return new import_client_integration_nextjs.ApolloClient({
-      cache: new import_client_integration_nextjs.InMemoryCache(cacheConfig),
-      link: new import_client.HttpLink({
-        uri: getEnv("NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */)
-      })
-    });
-  }
-  return /* @__PURE__ */ import_react.default.createElement(import_client_integration_nextjs.ApolloNextAppProvider, { makeClient }, children);
+  return /* @__PURE__ */ import_react.default.createElement(import_client.ApolloProvider, { client: makeClientBasic(cacheConfig) }, children);
 };
 var tokenContext = (token) => {
   if (!token) return void 0;
@@ -157,6 +172,7 @@ function useAuthMutation(mutation, options) {
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ApolloWrapper,
+  ApolloWrapperNext,
   tokenContext,
   useAuthMutation,
   useAuthQuery

package/dist/graphql/client.d.mts

@@ -3,38 +3,9 @@ import { InMemoryCacheConfig, OperationVariables, MutationHookOptions } from '@a
 import { TypedDocumentNode } from '@graphql-typed-document-node/core';
 import React__default, { PropsWithChildren } from 'react';
 
-/**
- * Apollo Client provider for Next.js. Wrap your app (or a subtree) so client components can run GraphQL queries and mutations.
- * The GraphQL endpoint is read from `NEXT_PUBLIC_GRAPHQL_ENDPOINT` env var.
- *
- * Must be placed **inside** `AuthWrapper` (since `useAuthQuery` / `useAuthMutation` depend on the auth token).
- *
- * @param props - Component props.
- * @param props.children - React children (your app or page content).
- * @param props.cacheConfig - Optional `InMemoryCache` config (e.g. `typePolicies`, `addTypename`). Passed to Apollo's `InMemoryCache`.
- * @returns Provider component that supplies Apollo Client to the tree.
- *
- * @example
- * ```tsx
- * // app/layout.tsx
- * import { AuthWrapper } from "naystack/auth/email/client";
- * import { ApolloWrapper } from "naystack/graphql/client";
- *
- * export default function RootLayout({ children }: { children: React.ReactNode }) {
- *   return (
- *     <html lang="en">
- *       <body>
- *         <AuthWrapper>
- *           <ApolloWrapper>{children}</ApolloWrapper>
- *         </AuthWrapper>
- *       </body>
- *     </html>
- *   );
- * }
- * ```
- *
- * @category GraphQL
- */
+declare const ApolloWrapperNext: ({ children, cacheConfig, }: PropsWithChildren<{
+    cacheConfig?: InMemoryCacheConfig;
+}>) => React__default.JSX.Element;
 declare const ApolloWrapper: ({ children, cacheConfig, }: PropsWithChildren<{
     cacheConfig?: InMemoryCacheConfig;
 }>) => React__default.JSX.Element;
@@ -128,4 +99,4 @@ declare function useAuthQuery<T, V extends OperationVariables>(query: TypedDocum
  */
 declare function useAuthMutation<T, V extends OperationVariables>(mutation: TypedDocumentNode<T, V>, options?: MutationHookOptions<T, V>): readonly [(input?: V["input"]) => Promise<_apollo_client.FetchResult<T>>, _apollo_client.MutationResult<T>];
 
-export { ApolloWrapper, tokenContext, useAuthMutation, useAuthQuery };
+export { ApolloWrapper, ApolloWrapperNext, tokenContext, useAuthMutation, useAuthQuery };

package/dist/graphql/client.d.ts

@@ -3,38 +3,9 @@ import { InMemoryCacheConfig, OperationVariables, MutationHookOptions } from '@a
 import { TypedDocumentNode } from '@graphql-typed-document-node/core';
 import React__default, { PropsWithChildren } from 'react';
 
-/**
- * Apollo Client provider for Next.js. Wrap your app (or a subtree) so client components can run GraphQL queries and mutations.
- * The GraphQL endpoint is read from `NEXT_PUBLIC_GRAPHQL_ENDPOINT` env var.
- *
- * Must be placed **inside** `AuthWrapper` (since `useAuthQuery` / `useAuthMutation` depend on the auth token).
- *
- * @param props - Component props.
- * @param props.children - React children (your app or page content).
- * @param props.cacheConfig - Optional `InMemoryCache` config (e.g. `typePolicies`, `addTypename`). Passed to Apollo's `InMemoryCache`.
- * @returns Provider component that supplies Apollo Client to the tree.
- *
- * @example
- * ```tsx
- * // app/layout.tsx
- * import { AuthWrapper } from "naystack/auth/email/client";
- * import { ApolloWrapper } from "naystack/graphql/client";
- *
- * export default function RootLayout({ children }: { children: React.ReactNode }) {
- *   return (
- *     <html lang="en">
- *       <body>
- *         <AuthWrapper>
- *           <ApolloWrapper>{children}</ApolloWrapper>
- *         </AuthWrapper>
- *       </body>
- *     </html>
- *   );
- * }
- * ```
- *
- * @category GraphQL
- */
+declare const ApolloWrapperNext: ({ children, cacheConfig, }: PropsWithChildren<{
+    cacheConfig?: InMemoryCacheConfig;
+}>) => React__default.JSX.Element;
 declare const ApolloWrapper: ({ children, cacheConfig, }: PropsWithChildren<{
     cacheConfig?: InMemoryCacheConfig;
 }>) => React__default.JSX.Element;
@@ -128,4 +99,4 @@ declare function useAuthQuery<T, V extends OperationVariables>(query: TypedDocum
  */
 declare function useAuthMutation<T, V extends OperationVariables>(mutation: TypedDocumentNode<T, V>, options?: MutationHookOptions<T, V>): readonly [(input?: V["input"]) => Promise<_apollo_client.FetchResult<T>>, _apollo_client.MutationResult<T>];
 
-export { ApolloWrapper, tokenContext, useAuthMutation, useAuthQuery };
+export { ApolloWrapper, ApolloWrapperNext, tokenContext, useAuthMutation, useAuthQuery };

package/dist/graphql/client.esm.js

@@ -2,7 +2,10 @@
 
 // src/graphql/client.tsx
 import {
+  ApolloClient as ApolloClientBasic,
+  ApolloProvider,
   HttpLink,
+  InMemoryCache as InMemoryCacheBasic,
   useLazyQuery,
   useMutation
 } from "@apollo/client";
@@ -68,19 +71,33 @@ function getEnv(key, skipCheck) {
 }
 
 // src/graphql/client.tsx
+function makeClient(cacheConfig) {
+  return new ApolloClient({
+    cache: new InMemoryCache(cacheConfig),
+    link: new HttpLink({
+      uri: getEnv("NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */)
+    })
+  });
+}
+var ApolloWrapperNext = ({
+  children,
+  cacheConfig
+}) => {
+  return /* @__PURE__ */ React.createElement(ApolloNextAppProvider, { makeClient: () => makeClient(cacheConfig) }, children);
+};
+function makeClientBasic(cacheConfig) {
+  return new ApolloClientBasic({
+    cache: new InMemoryCacheBasic(cacheConfig),
+    link: new HttpLink({
+      uri: getEnv("NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */)
+    })
+  });
+}
 var ApolloWrapper = ({
   children,
   cacheConfig
 }) => {
-  function makeClient() {
-    return new ApolloClient({
-      cache: new InMemoryCache(cacheConfig),
-      link: new HttpLink({
-        uri: getEnv("NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */)
-      })
-    });
-  }
-  return /* @__PURE__ */ React.createElement(ApolloNextAppProvider, { makeClient }, children);
+  return /* @__PURE__ */ React.createElement(ApolloProvider, { client: makeClientBasic(cacheConfig) }, children);
 };
 var tokenContext = (token) => {
   if (!token) return void 0;
@@ -132,6 +149,7 @@ function useAuthMutation(mutation, options) {
 }
 export {
   ApolloWrapper,
+  ApolloWrapperNext,
   tokenContext,
   useAuthMutation,
   useAuthQuery

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "naystack",
-  "version": "1.5.25",
+  "version": "1.5.27",
   "description": "A stack built with Next + GraphQL + S3 + Auth",
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",