naystack 1.5.8 → 1.5.10

package/dist/auth/email/routes/put.esm.js

@@ -102,7 +102,6 @@ function verifyUser(user, password) {
 
 // src/auth/email/utils.ts
 import { verify as verify2 } from "jsonwebtoken";
-import { cookies as cookies2 } from "next/headers";
 async function massageRequest(req, options) {
   const data = await req.json();
   if (!data.password)

package/dist/auth/email/token.d.mts

@@ -1,15 +1,77 @@
 import { NextResponse } from 'next/server';
 import { UserOutput } from '../types.mjs';
 
+/**
+ * Generates a JWT access token for the user (2-hour expiry).
+ * @param id - User id to encode in the JWT payload.
+ * @param signingKey - Secret used to sign the token (typically `SIGNING_KEY` env var).
+ * @returns Signed JWT string.
+ * @category Auth
+ */
 declare function generateAccessToken(id: number, signingKey: string): string;
+/**
+ * Generates a JWT refresh token for the user (no expiry — persisted in httpOnly cookie).
+ * @param id - User id to encode in the JWT payload.
+ * @param refreshKey - Secret used to sign the token (typically `REFRESH_KEY` env var).
+ * @returns Signed JWT string.
+ * @category Auth
+ */
 declare function generateRefreshToken(id: number, refreshKey: string): string;
+/**
+ * Builds a NextResponse with access/refresh tokens in the JSON body and sets the refresh cookie.
+ *
+ * - If `accessToken` is omitted, the refresh cookie is cleared (logout).
+ * - If `refreshToken` is empty string, the cookie expires immediately (logout).
+ * - If `refreshToken` is a valid string, the cookie is set for 1 year.
+ *
+ * @param accessToken - Optional access JWT to include in response body.
+ * @param refreshToken - Optional refresh JWT to set as httpOnly cookie. Empty string clears the cookie.
+ * @returns NextResponse with JSON body and Set-Cookie headers.
+ * @category Auth
+ */
 declare function getTokenizedResponse(accessToken?: string, refreshToken?: string): NextResponse<{
     accessToken: string | undefined;
     refreshToken: string | undefined;
 }>;
+/**
+ * Decodes a refresh token and returns the user id from the JWT payload.
+ * @param refreshToken - JWT refresh token string.
+ * @returns User id (number) or `null` if the token is invalid, expired, or missing.
+ * @category Auth
+ */
 declare function getUserIdFromRefreshToken(refreshToken?: string): number | null;
+/**
+ * Decodes an access token and returns the user id from the JWT payload.
+ * @param refreshToken - JWT access token string (parameter name is legacy).
+ * @returns User id (number) or `null` if the token is invalid, expired, or missing.
+ * @category Auth
+ */
 declare function getUserIdFromAccessToken(refreshToken?: string): number | null;
+/**
+ * Verifies a plain password against the user's stored bcrypt hash.
+ * @param user - User object with `password` hash.
+ * @param password - Plain-text password to verify.
+ * @returns `true` if the password matches, `false` otherwise.
+ * @category Auth
+ */
 declare function verifyUser(user: UserOutput, password: string): false | Promise<boolean>;
+/**
+ * Checks if the current request has a valid refresh cookie. Optionally redirects to a URL if the user is not authorized.
+ *
+ * Use this in Server Components or layouts to gate access.
+ *
+ * @param redirectUnauthorizedURL - If set, redirects to this URL when the user is not authorized.
+ * @returns `true` if authorized. If not authorized and `redirectUnauthorizedURL` is set, triggers a redirect (never returns).
+ *
+ * @example
+ * ```ts
+ * // In a Server Component:
+ * import { checkAuthStatus } from "naystack/auth";
+ * await checkAuthStatus("/login"); // Redirects to /login if not authenticated
+ * ```
+ *
+ * @category Auth
+ */
 declare function checkAuthStatus(redirectUnauthorizedURL?: string): Promise<boolean>;
 
 export { checkAuthStatus, generateAccessToken, generateRefreshToken, getTokenizedResponse, getUserIdFromAccessToken, getUserIdFromRefreshToken, verifyUser };

package/dist/auth/email/token.d.ts

@@ -1,15 +1,77 @@
 import { NextResponse } from 'next/server';
 import { UserOutput } from '../types.js';
 
+/**
+ * Generates a JWT access token for the user (2-hour expiry).
+ * @param id - User id to encode in the JWT payload.
+ * @param signingKey - Secret used to sign the token (typically `SIGNING_KEY` env var).
+ * @returns Signed JWT string.
+ * @category Auth
+ */
 declare function generateAccessToken(id: number, signingKey: string): string;
+/**
+ * Generates a JWT refresh token for the user (no expiry — persisted in httpOnly cookie).
+ * @param id - User id to encode in the JWT payload.
+ * @param refreshKey - Secret used to sign the token (typically `REFRESH_KEY` env var).
+ * @returns Signed JWT string.
+ * @category Auth
+ */
 declare function generateRefreshToken(id: number, refreshKey: string): string;
+/**
+ * Builds a NextResponse with access/refresh tokens in the JSON body and sets the refresh cookie.
+ *
+ * - If `accessToken` is omitted, the refresh cookie is cleared (logout).
+ * - If `refreshToken` is empty string, the cookie expires immediately (logout).
+ * - If `refreshToken` is a valid string, the cookie is set for 1 year.
+ *
+ * @param accessToken - Optional access JWT to include in response body.
+ * @param refreshToken - Optional refresh JWT to set as httpOnly cookie. Empty string clears the cookie.
+ * @returns NextResponse with JSON body and Set-Cookie headers.
+ * @category Auth
+ */
 declare function getTokenizedResponse(accessToken?: string, refreshToken?: string): NextResponse<{
     accessToken: string | undefined;
     refreshToken: string | undefined;
 }>;
+/**
+ * Decodes a refresh token and returns the user id from the JWT payload.
+ * @param refreshToken - JWT refresh token string.
+ * @returns User id (number) or `null` if the token is invalid, expired, or missing.
+ * @category Auth
+ */
 declare function getUserIdFromRefreshToken(refreshToken?: string): number | null;
+/**
+ * Decodes an access token and returns the user id from the JWT payload.
+ * @param refreshToken - JWT access token string (parameter name is legacy).
+ * @returns User id (number) or `null` if the token is invalid, expired, or missing.
+ * @category Auth
+ */
 declare function getUserIdFromAccessToken(refreshToken?: string): number | null;
+/**
+ * Verifies a plain password against the user's stored bcrypt hash.
+ * @param user - User object with `password` hash.
+ * @param password - Plain-text password to verify.
+ * @returns `true` if the password matches, `false` otherwise.
+ * @category Auth
+ */
 declare function verifyUser(user: UserOutput, password: string): false | Promise<boolean>;
+/**
+ * Checks if the current request has a valid refresh cookie. Optionally redirects to a URL if the user is not authorized.
+ *
+ * Use this in Server Components or layouts to gate access.
+ *
+ * @param redirectUnauthorizedURL - If set, redirects to this URL when the user is not authorized.
+ * @returns `true` if authorized. If not authorized and `redirectUnauthorizedURL` is set, triggers a redirect (never returns).
+ *
+ * @example
+ * ```ts
+ * // In a Server Component:
+ * import { checkAuthStatus } from "naystack/auth";
+ * await checkAuthStatus("/login"); // Redirects to /login if not authenticated
+ * ```
+ *
+ * @category Auth
+ */
 declare function checkAuthStatus(redirectUnauthorizedURL?: string): Promise<boolean>;
 
 export { checkAuthStatus, generateAccessToken, generateRefreshToken, getTokenizedResponse, getUserIdFromAccessToken, getUserIdFromRefreshToken, verifyUser };

package/dist/auth/email/types.d.mts

@@ -1,6 +1,28 @@
 import { UserOutput, ErrorHandler } from '../types.mjs';
 import 'next/server';
 
+/**
+ * Options for initializing email auth routes (GET/POST/PUT/DELETE) via `getEmailAuthRoutes`.
+ *
+ * @property getUser - Fetches user by request data (e.g. `{ email }`); used for login and sign-up duplicate check. Must return a {@link UserOutput} or `undefined`.
+ * @property createUser - Creates a new user with the hashed password; returns the created user as {@link UserOutput}.
+ * @property onError - Optional custom handler for validation/auth errors; return a NextResponse to override default error responses.
+ * @property onSignUp - Optional callback after successful sign-up. Receives `(userId, requestBody)`.
+ * @property onLogin - Optional callback after successful login. Receives `(userId, requestBody)`.
+ * @property onRefresh - Optional callback when GET refresh is used. Receives `(userId, requestBody)`.
+ * @property onLogout - Optional callback when DELETE logout is used. Receives `(userId, requestBody)`.
+ *
+ * @example
+ * ```ts
+ * const options: InitRoutesOptions = {
+ *   getUser: async ({ email }) => db.query.users.findFirst({ where: eq(users.email, email) }),
+ *   createUser: async (data) => (await db.insert(users).values(data).returning())[0],
+ *   onSignUp: async (userId, body) => { console.log("New user:", userId); },
+ * };
+ * ```
+ *
+ * @category Auth
+ */
 type InitRoutesOptions = {
     getUser: (data: any) => Promise<UserOutput | undefined>;
     createUser: (user: any) => Promise<UserOutput | undefined>;

package/dist/auth/email/types.d.ts

@@ -1,6 +1,28 @@
 import { UserOutput, ErrorHandler } from '../types.js';
 import 'next/server';
 
+/**
+ * Options for initializing email auth routes (GET/POST/PUT/DELETE) via `getEmailAuthRoutes`.
+ *
+ * @property getUser - Fetches user by request data (e.g. `{ email }`); used for login and sign-up duplicate check. Must return a {@link UserOutput} or `undefined`.
+ * @property createUser - Creates a new user with the hashed password; returns the created user as {@link UserOutput}.
+ * @property onError - Optional custom handler for validation/auth errors; return a NextResponse to override default error responses.
+ * @property onSignUp - Optional callback after successful sign-up. Receives `(userId, requestBody)`.
+ * @property onLogin - Optional callback after successful login. Receives `(userId, requestBody)`.
+ * @property onRefresh - Optional callback when GET refresh is used. Receives `(userId, requestBody)`.
+ * @property onLogout - Optional callback when DELETE logout is used. Receives `(userId, requestBody)`.
+ *
+ * @example
+ * ```ts
+ * const options: InitRoutesOptions = {
+ *   getUser: async ({ email }) => db.query.users.findFirst({ where: eq(users.email, email) }),
+ *   createUser: async (data) => (await db.insert(users).values(data).returning())[0],
+ *   onSignUp: async (userId, body) => { console.log("New user:", userId); },
+ * };
+ * ```
+ *
+ * @category Auth
+ */
 type InitRoutesOptions = {
     getUser: (data: any) => Promise<UserOutput | undefined>;
     createUser: (user: any) => Promise<UserOutput | undefined>;

package/dist/auth/email/utils.cjs.js

@@ -21,13 +21,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var utils_exports = {};
 __export(utils_exports, {
   getContext: () => getContext,
-  logout: () => logout,
   massageRequest: () => massageRequest,
   verifyCaptcha: () => verifyCaptcha
 });
 module.exports = __toCommonJS(utils_exports);
 var import_jsonwebtoken2 = require("jsonwebtoken");
-var import_headers2 = require("next/headers");
 
 // src/auth/email/token.ts
 var import_bcryptjs = require("bcryptjs");
@@ -177,19 +175,9 @@ var getContext = (req) => {
   }
   return { userId: null };
 };
-async function logout(data) {
-  const Cookie = await (0, import_headers2.cookies)();
-  Cookie.delete(REFRESH_COOKIE_NAME);
-  await fetch(getEnv("NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */), {
-    method: "DELETE",
-    credentials: "include",
-    body: JSON.stringify(data)
-  });
-}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   getContext,
-  logout,
   massageRequest,
   verifyCaptcha
 });

package/dist/auth/email/utils.d.mts

@@ -3,6 +3,15 @@ import { Context } from '../../graphql/types.mjs';
 import { InitRoutesOptions } from './types.mjs';
 import '../types.mjs';
 
+/**
+ * Parses and validates the JSON body for sign-up/login routes: ensures `password` is present and,
+ * if `TURNSTILE_KEY` is set, validates the Cloudflare Turnstile captcha.
+ *
+ * @param req - The NextRequest (body is read via `req.json()`).
+ * @param options - Same `InitRoutesOptions` passed to `getEmailAuthRoutes`; used for `onError` when validation fails.
+ * @returns Promise of either `{ error: NextResponse }` (validation failed) or `{ data: { password, ...rest } }` with the validated payload.
+ * @category Auth
+ */
 declare function massageRequest(req: NextRequest, options: InitRoutesOptions): Promise<{
     error?: NextResponse;
     data?: {
@@ -11,8 +20,38 @@ declare function massageRequest(req: NextRequest, options: InitRoutesOptions): P
         [key: string]: unknown;
     };
 }>;
+/**
+ * Verifies a Cloudflare Turnstile captcha token via the siteverify API.
+ *
+ * @param token - The response token from the Turnstile widget on the client.
+ * @param secret - Your Turnstile secret key.
+ * @returns `true` if verification succeeded, `false` otherwise.
+ * @category Auth
+ */
 declare function verifyCaptcha(token: string, secret?: string): Promise<boolean>;
+/**
+ * Builds the auth context from a NextRequest: reads either the `Authorization: Bearer <token>` header
+ * or the refresh cookie. Use this in REST API routes (outside GraphQL) to identify the current user.
+ *
+ * The GraphQL server uses this automatically — you typically only need it for custom REST endpoints.
+ *
+ * @param req - The NextRequest (headers and cookies are read).
+ * @returns `Context` with `userId: number | null`. If the user was identified via the refresh cookie
+ *   (not an access token), `isRefreshID` is set to `true`.
+ *
+ * @example
+ * ```ts
+ * import { getContext } from "naystack/auth";
+ *
+ * export const POST = async (req: NextRequest) => {
+ *   const ctx = getContext(req);
+ *   if (!ctx?.userId) return new NextResponse("Unauthorized", { status: 401 });
+ *   // ctx.userId is the authenticated user's id
+ * };
+ * ```
+ *
+ * @category Auth
+ */
 declare const getContext: (req: NextRequest) => Context;
-declare function logout(data?: object): Promise<void>;
 
-export { getContext, logout, massageRequest, verifyCaptcha };
+export { getContext, massageRequest, verifyCaptcha };

package/dist/auth/email/utils.d.ts

@@ -3,6 +3,15 @@ import { Context } from '../../graphql/types.js';
 import { InitRoutesOptions } from './types.js';
 import '../types.js';
 
+/**
+ * Parses and validates the JSON body for sign-up/login routes: ensures `password` is present and,
+ * if `TURNSTILE_KEY` is set, validates the Cloudflare Turnstile captcha.
+ *
+ * @param req - The NextRequest (body is read via `req.json()`).
+ * @param options - Same `InitRoutesOptions` passed to `getEmailAuthRoutes`; used for `onError` when validation fails.
+ * @returns Promise of either `{ error: NextResponse }` (validation failed) or `{ data: { password, ...rest } }` with the validated payload.
+ * @category Auth
+ */
 declare function massageRequest(req: NextRequest, options: InitRoutesOptions): Promise<{
     error?: NextResponse;
     data?: {
@@ -11,8 +20,38 @@ declare function massageRequest(req: NextRequest, options: InitRoutesOptions): P
         [key: string]: unknown;
     };
 }>;
+/**
+ * Verifies a Cloudflare Turnstile captcha token via the siteverify API.
+ *
+ * @param token - The response token from the Turnstile widget on the client.
+ * @param secret - Your Turnstile secret key.
+ * @returns `true` if verification succeeded, `false` otherwise.
+ * @category Auth
+ */
 declare function verifyCaptcha(token: string, secret?: string): Promise<boolean>;
+/**
+ * Builds the auth context from a NextRequest: reads either the `Authorization: Bearer <token>` header
+ * or the refresh cookie. Use this in REST API routes (outside GraphQL) to identify the current user.
+ *
+ * The GraphQL server uses this automatically — you typically only need it for custom REST endpoints.
+ *
+ * @param req - The NextRequest (headers and cookies are read).
+ * @returns `Context` with `userId: number | null`. If the user was identified via the refresh cookie
+ *   (not an access token), `isRefreshID` is set to `true`.
+ *
+ * @example
+ * ```ts
+ * import { getContext } from "naystack/auth";
+ *
+ * export const POST = async (req: NextRequest) => {
+ *   const ctx = getContext(req);
+ *   if (!ctx?.userId) return new NextResponse("Unauthorized", { status: 401 });
+ *   // ctx.userId is the authenticated user's id
+ * };
+ * ```
+ *
+ * @category Auth
+ */
 declare const getContext: (req: NextRequest) => Context;
-declare function logout(data?: object): Promise<void>;
 
-export { getContext, logout, massageRequest, verifyCaptcha };
+export { getContext, massageRequest, verifyCaptcha };

package/dist/auth/email/utils.esm.js

@@ -1,6 +1,5 @@
 // src/auth/email/utils.ts
 import { verify as verify2 } from "jsonwebtoken";
-import { cookies as cookies2 } from "next/headers";
 
 // src/auth/email/token.ts
 import { compare } from "bcryptjs";
@@ -150,18 +149,8 @@ var getContext = (req) => {
   }
   return { userId: null };
 };
-async function logout(data) {
-  const Cookie = await cookies2();
-  Cookie.delete(REFRESH_COOKIE_NAME);
-  await fetch(getEnv("NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */), {
-    method: "DELETE",
-    credentials: "include",
-    body: JSON.stringify(data)
-  });
-}
 export {
   getContext,
-  logout,
   massageRequest,
   verifyCaptcha
 };

package/dist/auth/google/get.d.mts

@@ -2,6 +2,11 @@ import { NextRequest, NextResponse } from 'next/server';
 import { InitGoogleAuthOptions } from './index.mjs';
 import 'googleapis';
 
+/**
+ * Returns the GET route handler for Google OAuth (initiate and callback).
+ * @param options - InitGoogleAuthOptions
+ * @returns Async route handler
+ */
 declare const getGoogleGetRoute: ({ getUserIdFromEmail, redirectURL, errorRedirectURL, }: InitGoogleAuthOptions) => (req: NextRequest) => Promise<NextResponse<unknown>>;
 
 export { getGoogleGetRoute };

package/dist/auth/google/get.d.ts

@@ -2,6 +2,11 @@ import { NextRequest, NextResponse } from 'next/server';
 import { InitGoogleAuthOptions } from './index.js';
 import 'googleapis';
 
+/**
+ * Returns the GET route handler for Google OAuth (initiate and callback).
+ * @param options - InitGoogleAuthOptions
+ * @returns Async route handler
+ */
 declare const getGoogleGetRoute: ({ getUserIdFromEmail, redirectURL, errorRedirectURL, }: InitGoogleAuthOptions) => (req: NextRequest) => Promise<NextResponse<unknown>>;
 
 export { getGoogleGetRoute };

package/dist/auth/google/index.d.mts

@@ -1,12 +1,51 @@
 import * as next_server from 'next/server';
 import { oauth2_v2 } from 'googleapis';
 
+/** Google OAuth userinfo schema (from googleapis). */
 type Schema$Userinfo = oauth2_v2.Schema$Userinfo;
+/**
+ * Options for initializing Google OAuth via {@link initGoogleAuth}.
+ *
+ * @property getUserIdFromEmail - Given Google userinfo (email, name, picture, etc.), resolves to your app's user id. Return `null` if the user should not be authenticated.
+ * @property redirectURL - Where to redirect after successful Google auth (e.g. `"/dashboard"`).
+ * @property errorRedirectURL - Optional; where to redirect on error. Defaults to `redirectURL` if omitted.
+ *
+ * @category Auth
+ */
 interface InitGoogleAuthOptions {
     getUserIdFromEmail: (email: Schema$Userinfo) => Promise<number | null>;
     redirectURL: string;
     errorRedirectURL?: string;
 }
+/**
+ * Initializes Google OAuth. Returns a GET handler that initiates the OAuth flow (redirects to Google)
+ * and handles the callback (exchanges code for tokens, calls `getUserIdFromEmail`, sets refresh cookie).
+ *
+ * Mount the GET handler on your Google auth route (e.g. `app/api/(auth)/google/route.ts`).
+ *
+ * Requires env vars: `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`, `NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT`.
+ *
+ * @param props - Options. See {@link InitGoogleAuthOptions}.
+ * @returns Object with `GET` — export as your route's GET handler.
+ *
+ * @example
+ * ```ts
+ * // app/api/(auth)/google/route.ts
+ * import { initGoogleAuth } from "naystack/auth";
+ *
+ * export const { GET } = initGoogleAuth({
+ *   getUserIdFromEmail: async (googleUser) => {
+ *     // Find or create user by Google email
+ *     const user = await findOrCreateUserByEmail(googleUser.email!);
+ *     return user?.id ?? null;
+ *   },
+ *   redirectURL: "/dashboard",
+ *   errorRedirectURL: "/login",
+ * });
+ * ```
+ *
+ * @category Auth
+ */
 declare function initGoogleAuth(props: InitGoogleAuthOptions): {
     GET: (req: next_server.NextRequest) => Promise<next_server.NextResponse<unknown>>;
 };

package/dist/auth/google/index.d.ts

@@ -1,12 +1,51 @@
 import * as next_server from 'next/server';
 import { oauth2_v2 } from 'googleapis';
 
+/** Google OAuth userinfo schema (from googleapis). */
 type Schema$Userinfo = oauth2_v2.Schema$Userinfo;
+/**
+ * Options for initializing Google OAuth via {@link initGoogleAuth}.
+ *
+ * @property getUserIdFromEmail - Given Google userinfo (email, name, picture, etc.), resolves to your app's user id. Return `null` if the user should not be authenticated.
+ * @property redirectURL - Where to redirect after successful Google auth (e.g. `"/dashboard"`).
+ * @property errorRedirectURL - Optional; where to redirect on error. Defaults to `redirectURL` if omitted.
+ *
+ * @category Auth
+ */
 interface InitGoogleAuthOptions {
     getUserIdFromEmail: (email: Schema$Userinfo) => Promise<number | null>;
     redirectURL: string;
     errorRedirectURL?: string;
 }
+/**
+ * Initializes Google OAuth. Returns a GET handler that initiates the OAuth flow (redirects to Google)
+ * and handles the callback (exchanges code for tokens, calls `getUserIdFromEmail`, sets refresh cookie).
+ *
+ * Mount the GET handler on your Google auth route (e.g. `app/api/(auth)/google/route.ts`).
+ *
+ * Requires env vars: `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`, `NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT`.
+ *
+ * @param props - Options. See {@link InitGoogleAuthOptions}.
+ * @returns Object with `GET` — export as your route's GET handler.
+ *
+ * @example
+ * ```ts
+ * // app/api/(auth)/google/route.ts
+ * import { initGoogleAuth } from "naystack/auth";
+ *
+ * export const { GET } = initGoogleAuth({
+ *   getUserIdFromEmail: async (googleUser) => {
+ *     // Find or create user by Google email
+ *     const user = await findOrCreateUserByEmail(googleUser.email!);
+ *     return user?.id ?? null;
+ *   },
+ *   redirectURL: "/dashboard",
+ *   errorRedirectURL: "/login",
+ * });
+ * ```
+ *
+ * @category Auth
+ */
 declare function initGoogleAuth(props: InitGoogleAuthOptions): {
     GET: (req: next_server.NextRequest) => Promise<next_server.NextResponse<unknown>>;
 };

package/dist/auth/index.cjs.js

@@ -25,8 +25,7 @@ __export(auth_exports, {
   getEmailAuthRoutes: () => getEmailAuthRoutes,
   getRefreshToken: () => getRefreshToken,
   initGoogleAuth: () => initGoogleAuth,
-  initInstagramAuth: () => initInstagramAuth,
-  logout: () => logout
+  initInstagramAuth: () => initInstagramAuth
 });
 module.exports = __toCommonJS(auth_exports);
 
@@ -157,7 +156,6 @@ async function checkAuthStatus(redirectUnauthorizedURL) {
 
 // src/auth/email/utils.ts
 var import_jsonwebtoken2 = require("jsonwebtoken");
-var import_headers2 = require("next/headers");
 
 // src/auth/utils/errors.ts
 var import_server2 = require("next/server");
@@ -234,15 +232,6 @@ var getContext = (req) => {
   }
   return { userId: null };
 };
-async function logout(data) {
-  const Cookie = await (0, import_headers2.cookies)();
-  Cookie.delete(REFRESH_COOKIE_NAME);
-  await fetch(getEnv("NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */), {
-    method: "DELETE",
-    credentials: "include",
-    body: JSON.stringify(data)
-  });
-}
 
 // src/auth/email/routes/delete.ts
 var getDeleteRoute = (options) => async (req) => {
@@ -526,9 +515,9 @@ function initInstagramAuth(props) {
 }
 
 // src/auth/utils/token.ts
-var import_headers3 = require("next/headers");
+var import_headers2 = require("next/headers");
 async function getRefreshToken() {
-  const Cookie = await (0, import_headers3.cookies)();
+  const Cookie = await (0, import_headers2.cookies)();
   return Cookie.get(REFRESH_COOKIE_NAME)?.value || null;
 }
 // Annotate the CommonJS export names for ESM import in node:
@@ -538,6 +527,5 @@ async function getRefreshToken() {
   getEmailAuthRoutes,
   getRefreshToken,
   initGoogleAuth,
-  initInstagramAuth,
-  logout
+  initInstagramAuth
 });

package/dist/auth/index.d.mts

@@ -3,7 +3,7 @@ export { initGoogleAuth } from './google/index.mjs';
 export { initInstagramAuth } from './instagram/index.mjs';
 export { getRefreshToken } from './utils/token.mjs';
 export { checkAuthStatus } from './email/token.mjs';
-export { getContext, logout } from './email/utils.mjs';
+export { getContext } from './email/utils.mjs';
 import 'next/server';
 import './email/types.mjs';
 import './types.mjs';

package/dist/auth/index.d.ts

@@ -3,7 +3,7 @@ export { initGoogleAuth } from './google/index.js';
 export { initInstagramAuth } from './instagram/index.js';
 export { getRefreshToken } from './utils/token.js';
 export { checkAuthStatus } from './email/token.js';
-export { getContext, logout } from './email/utils.js';
+export { getContext } from './email/utils.js';
 import 'next/server';
 import './email/types.js';
 import './types.js';

package/dist/auth/index.esm.js

@@ -125,7 +125,6 @@ async function checkAuthStatus(redirectUnauthorizedURL) {
 
 // src/auth/email/utils.ts
 import { verify as verify2 } from "jsonwebtoken";
-import { cookies as cookies2 } from "next/headers";
 
 // src/auth/utils/errors.ts
 import { NextResponse as NextResponse2 } from "next/server";
@@ -202,15 +201,6 @@ var getContext = (req) => {
   }
   return { userId: null };
 };
-async function logout(data) {
-  const Cookie = await cookies2();
-  Cookie.delete(REFRESH_COOKIE_NAME);
-  await fetch(getEnv("NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */), {
-    method: "DELETE",
-    credentials: "include",
-    body: JSON.stringify(data)
-  });
-}
 
 // src/auth/email/routes/delete.ts
 var getDeleteRoute = (options) => async (req) => {
@@ -494,9 +484,9 @@ function initInstagramAuth(props) {
 }
 
 // src/auth/utils/token.ts
-import { cookies as cookies3 } from "next/headers";
+import { cookies as cookies2 } from "next/headers";
 async function getRefreshToken() {
-  const Cookie = await cookies3();
+  const Cookie = await cookies2();
   return Cookie.get(REFRESH_COOKIE_NAME)?.value || null;
 }
 export {
@@ -505,6 +495,5 @@ export {
   getEmailAuthRoutes,
   getRefreshToken,
   initGoogleAuth,
-  initInstagramAuth,
-  logout
+  initInstagramAuth
 };

package/dist/auth/instagram/client.d.mts

@@ -1,3 +1,22 @@
+/**
+ * Creates a function that builds the Instagram OAuth authorization URL for a given state token.
+ * The state token is typically the user's access token, used to link the Instagram account to the logged-in user.
+ *
+ * @param redirectURL - The OAuth redirect URI registered with Instagram (e.g. `NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT`).
+ * @returns A function `(stateToken: string) => string` that returns the full authorization URL.
+ *
+ * @example
+ * ```ts
+ * import { getInstagramAuthorizationURLSetup } from "naystack/auth/instagram/client";
+ *
+ * const getAuthURL = getInstagramAuthorizationURLSetup("/api/instagram");
+ * const url = getAuthURL(userAccessToken);
+ * // => "https://www.instagram.com/oauth/authorize?client_id=...&state=...&redirect_uri=..."
+ * window.location.href = url;
+ * ```
+ *
+ * @category Auth
+ */
 declare const getInstagramAuthorizationURLSetup: (redirectURL: string) => (token: string) => string;
 
 export { getInstagramAuthorizationURLSetup };