next-token-auth 1.0.9 → 1.0.11

package/README.md

@@ -44,7 +44,7 @@ Most projects end up with hundreds of lines of boilerplate before a single featu
 - 401 → refresh → retry built into the HTTP client
 - `getServerSession` — read and validate the session in server components and API routes
 - `withAuth` — higher-order function to protect App Router route handlers
-- `authMiddleware` — Next.js middleware factory for edge-level route protection
+- `authMiddleware` — Next.js middleware factory for edge-level route protection with guest-only route support
 - Flexible expiry parsing: `"15m"`, `"2h"`, `"2d"`, `"7d"`, `"1w"`, or plain seconds
 - Three expiry strategies: `backend`, `config`, `hybrid`
 - Fully typed with TypeScript generics for custom user shapes
@@ -97,6 +97,13 @@ export const authConfig: AuthConfig<User> = {
     me: "/auth/me",
   },
 
+  routes: {
+    public: ["/", "/about"],
+    guestOnly: ["/login", "/register"],
+    protected: ["/dashboard/*"],
+    redirectAuthenticatedTo: "/dashboard",
+  },
+
   token: {
     storage: "cookie",
     cookieName: "myapp.session",
@@ -194,8 +201,10 @@ interface AuthConfig<User = unknown> {
   };
 
   routes?: {
-    public: string[];    // always accessible, e.g. ["/", "/login"]
+    public: string[];    // always accessible, e.g. ["/", "/about"]
     protected: string[]; // require auth, supports wildcard: "/dashboard/*"
+    guestOnly?: string[]; // accessible only when NOT authenticated, e.g. ["/login", "/register"]
+    redirectAuthenticatedTo?: string; // where to send authenticated users who hit a guestOnly route (default: "/dashboard")
   };
 
   token: {
@@ -345,21 +354,45 @@ Unauthenticated requests are redirected to `/login` by default. Pass `{ redirect
 
 ### Middleware (Edge Route Protection)
 
-Protect entire route groups at the edge using Next.js middleware:
+Protect entire route groups at the edge using Next.js middleware. The middleware supports three route categories:
+
+- `public` — always accessible, no auth check
+- `protected` — requires authentication, redirects to `/login` if not
+- `guestOnly` — accessible only when NOT authenticated (e.g. login, register pages); authenticated users are redirected away
 
 ```ts
-// middleware.ts  (project root)
+// lib/auth.ts
+export const authConfig: AuthConfig = {
+  // ...
+  routes: {
+    public: ["/", "/about"],
+    guestOnly: ["/login", "/register"],    // authenticated users get redirected away
+    protected: ["/dashboard/*", "/settings/*"],
+    redirectAuthenticatedTo: "/dashboard", // where to send authenticated users on guestOnly routes
+  },
+};
+```
+
+```ts
+// middleware.ts (project root)
 import { authMiddleware } from "next-token-auth/server";
 import { authConfig } from "@/lib/auth";
 
 export const middleware = authMiddleware(authConfig);
 
 export const config = {
-  matcher: ["/dashboard/:path*", "/settings/:path*"],
+  // Include all routes you want the middleware to run on
+  matcher: ["/login", "/register", "/dashboard/:path*", "/settings/:path*"],
 };
 ```
 
-The middleware reads the encrypted session cookie, checks whether the refresh token is still valid, and redirects to `/login` if not. Routes listed in `config.routes.public` are always allowed through.
+Route resolution order inside the middleware:
+
+1. `guestOnly` — if authenticated, redirect to `redirectAuthenticatedTo`
+2. `public` — always allow through
+3. `protected` — require valid session, redirect to `/login` if missing
+
+The `matcher` in `export const config` controls which routes Next.js even runs the middleware on. Any route not in the matcher is ignored entirely, so make sure it covers both your protected and guest-only routes.
 
 ---
 

package/dist/index-ChpgBFYz.d.mts

@@ -0,0 +1,91 @@
+type ExpiryInput = number | string;
+type ExpiryStrategy = "backend" | "config" | "hybrid";
+interface AuthTokens {
+    accessToken: string;
+    refreshToken: string;
+    /** Unix timestamp (ms) */
+    accessTokenExpiresAt: number;
+    /** Unix timestamp (ms) */
+    refreshTokenExpiresAt?: number;
+}
+interface AuthSession<User = unknown> {
+    user: User | null;
+    tokens: AuthTokens | null;
+    isAuthenticated: boolean;
+}
+interface LoginInput {
+    [key: string]: unknown;
+}
+interface LoginResponse<User = unknown> {
+    user: User;
+    accessToken: string;
+    refreshToken: string;
+    /** Seconds until access token expires (legacy field) */
+    expiresIn?: number;
+    accessTokenExpiresIn?: number | string;
+    refreshTokenExpiresIn?: number | string;
+}
+interface AuthConfig<User = unknown> {
+    /** Base URL of your backend API */
+    baseUrl: string;
+    endpoints: {
+        login: string;
+        register?: string;
+        refresh: string;
+        logout?: string;
+        /** Endpoint to fetch the current user profile */
+        me?: string;
+    };
+    routes?: {
+        /** Paths that are always accessible without auth */
+        public: string[];
+        /** Paths that require authentication */
+        protected: string[];
+        /**
+         * Paths only accessible when NOT authenticated (e.g. /login, /register).
+         * Authenticated users are redirected to `redirectAuthenticatedTo`.
+         */
+        guestOnly?: string[];
+        /**
+         * Where to redirect authenticated users who visit a guestOnly route.
+         * @default "/dashboard"
+         */
+        redirectAuthenticatedTo?: string;
+    };
+    token: {
+        storage: "cookie" | "memory";
+        cookieName?: string;
+        secure?: boolean;
+        sameSite?: "strict" | "lax" | "none";
+    };
+    /** Secret used for encrypting stored tokens */
+    secret: string;
+    /** Automatically refresh access token before expiry */
+    autoRefresh?: boolean;
+    /**
+     * Seconds before expiry to trigger a proactive refresh.
+     * @default 60
+     */
+    refreshThreshold?: number;
+    expiry?: {
+        accessTokenExpiresIn?: ExpiryInput;
+        refreshTokenExpiresIn?: ExpiryInput;
+        /**
+         * - "backend"  → trust expiresIn from API response
+         * - "config"   → use config values only
+         * - "hybrid"   → backend first, fallback to config
+         * @default "hybrid"
+         */
+        strategy?: ExpiryStrategy;
+    };
+    /** Optional custom fetch implementation */
+    fetchFn?: typeof fetch;
+    /** Called after a successful login */
+    onLogin?: (session: AuthSession<User>) => void;
+    /** Called after logout */
+    onLogout?: () => void;
+    /** Called when token refresh fails */
+    onRefreshError?: (error: unknown) => void;
+}
+
+export type { AuthConfig as A, ExpiryInput as E, LoginInput as L, AuthSession as a, AuthTokens as b, ExpiryStrategy as c, LoginResponse as d };

package/dist/index-ChpgBFYz.d.ts

@@ -0,0 +1,91 @@
+type ExpiryInput = number | string;
+type ExpiryStrategy = "backend" | "config" | "hybrid";
+interface AuthTokens {
+    accessToken: string;
+    refreshToken: string;
+    /** Unix timestamp (ms) */
+    accessTokenExpiresAt: number;
+    /** Unix timestamp (ms) */
+    refreshTokenExpiresAt?: number;
+}
+interface AuthSession<User = unknown> {
+    user: User | null;
+    tokens: AuthTokens | null;
+    isAuthenticated: boolean;
+}
+interface LoginInput {
+    [key: string]: unknown;
+}
+interface LoginResponse<User = unknown> {
+    user: User;
+    accessToken: string;
+    refreshToken: string;
+    /** Seconds until access token expires (legacy field) */
+    expiresIn?: number;
+    accessTokenExpiresIn?: number | string;
+    refreshTokenExpiresIn?: number | string;
+}
+interface AuthConfig<User = unknown> {
+    /** Base URL of your backend API */
+    baseUrl: string;
+    endpoints: {
+        login: string;
+        register?: string;
+        refresh: string;
+        logout?: string;
+        /** Endpoint to fetch the current user profile */
+        me?: string;
+    };
+    routes?: {
+        /** Paths that are always accessible without auth */
+        public: string[];
+        /** Paths that require authentication */
+        protected: string[];
+        /**
+         * Paths only accessible when NOT authenticated (e.g. /login, /register).
+         * Authenticated users are redirected to `redirectAuthenticatedTo`.
+         */
+        guestOnly?: string[];
+        /**
+         * Where to redirect authenticated users who visit a guestOnly route.
+         * @default "/dashboard"
+         */
+        redirectAuthenticatedTo?: string;
+    };
+    token: {
+        storage: "cookie" | "memory";
+        cookieName?: string;
+        secure?: boolean;
+        sameSite?: "strict" | "lax" | "none";
+    };
+    /** Secret used for encrypting stored tokens */
+    secret: string;
+    /** Automatically refresh access token before expiry */
+    autoRefresh?: boolean;
+    /**
+     * Seconds before expiry to trigger a proactive refresh.
+     * @default 60
+     */
+    refreshThreshold?: number;
+    expiry?: {
+        accessTokenExpiresIn?: ExpiryInput;
+        refreshTokenExpiresIn?: ExpiryInput;
+        /**
+         * - "backend"  → trust expiresIn from API response
+         * - "config"   → use config values only
+         * - "hybrid"   → backend first, fallback to config
+         * @default "hybrid"
+         */
+        strategy?: ExpiryStrategy;
+    };
+    /** Optional custom fetch implementation */
+    fetchFn?: typeof fetch;
+    /** Called after a successful login */
+    onLogin?: (session: AuthSession<User>) => void;
+    /** Called after logout */
+    onLogout?: () => void;
+    /** Called when token refresh fails */
+    onRefreshError?: (error: unknown) => void;
+}
+
+export type { AuthConfig as A, ExpiryInput as E, LoginInput as L, AuthSession as a, AuthTokens as b, ExpiryStrategy as c, LoginResponse as d };

package/dist/index.d.mts

@@ -1,85 +1,8 @@
-import * as react_jsx_runtime from 'react/jsx-runtime';
-import React from 'react';
-
-type ExpiryInput = number | string;
-type ExpiryStrategy = "backend" | "config" | "hybrid";
-interface AuthTokens {
-    accessToken: string;
-    refreshToken: string;
-    /** Unix timestamp (ms) */
-    accessTokenExpiresAt: number;
-    /** Unix timestamp (ms) */
-    refreshTokenExpiresAt?: number;
-}
-interface AuthSession<User = unknown> {
-    user: User | null;
-    tokens: AuthTokens | null;
-    isAuthenticated: boolean;
-}
-interface LoginInput {
-    [key: string]: unknown;
-}
-interface LoginResponse<User = unknown> {
-    user: User;
-    accessToken: string;
-    refreshToken: string;
-    /** Seconds until access token expires (legacy field) */
-    expiresIn?: number;
-    accessTokenExpiresIn?: number | string;
-    refreshTokenExpiresIn?: number | string;
-}
-interface AuthConfig<User = unknown> {
-    /** Base URL of your backend API */
-    baseUrl: string;
-    endpoints: {
-        login: string;
-        register?: string;
-        refresh: string;
-        logout?: string;
-        /** Endpoint to fetch the current user profile */
-        me?: string;
-    };
-    routes?: {
-        /** Paths that are always accessible without auth */
-        public: string[];
-        /** Paths that require authentication */
-        protected: string[];
-    };
-    token: {
-        storage: "cookie" | "memory";
-        cookieName?: string;
-        secure?: boolean;
-        sameSite?: "strict" | "lax" | "none";
-    };
-    /** Secret used for encrypting stored tokens */
-    secret: string;
-    /** Automatically refresh access token before expiry */
-    autoRefresh?: boolean;
-    /**
-     * Seconds before expiry to trigger a proactive refresh.
-     * @default 60
-     */
-    refreshThreshold?: number;
-    expiry?: {
-        accessTokenExpiresIn?: ExpiryInput;
-        refreshTokenExpiresIn?: ExpiryInput;
-        /**
-         * - "backend"  → trust expiresIn from API response
-         * - "config"   → use config values only
-         * - "hybrid"   → backend first, fallback to config
-         * @default "hybrid"
-         */
-        strategy?: ExpiryStrategy;
-    };
-    /** Optional custom fetch implementation */
-    fetchFn?: typeof fetch;
-    /** Called after a successful login */
-    onLogin?: (session: AuthSession<User>) => void;
-    /** Called after logout */
-    onLogout?: () => void;
-    /** Called when token refresh fails */
-    onRefreshError?: (error: unknown) => void;
-}
+import { A as AuthConfig, b as AuthTokens, a as AuthSession, L as LoginInput, E as ExpiryInput } from './index-ChpgBFYz.mjs';
+export { c as ExpiryStrategy, d as LoginResponse } from './index-ChpgBFYz.mjs';
+export { AuthProvider, UseAuthReturn, UseRequireAuthOptions, useAuth, useRequireAuth, useSession } from './react/index.mjs';
+import 'react/jsx-runtime';
+import 'react';
 
 /**
  * Manages storage, retrieval, and expiry checks for auth tokens.
@@ -203,55 +126,6 @@ declare class AuthClient<User = unknown> {
     private notifyListeners;
 }
 
-interface AuthProviderProps<User = unknown> {
-    config: AuthConfig<User>;
-    children: React.ReactNode;
-}
-declare function AuthProvider<User = unknown>({ config, children, }: AuthProviderProps<User>): react_jsx_runtime.JSX.Element;
-
-interface UseAuthReturn<User = unknown> {
-    session: AuthSession<User>;
-    login: (input: LoginInput) => Promise<void>;
-    logout: () => Promise<void>;
-    refresh: () => Promise<void>;
-    isLoading: boolean;
-}
-/**
- * Primary hook for authentication operations.
- *
- * @example
- * const { session, login, logout, isLoading } = useAuth();
- */
-declare function useAuth<User = unknown>(): UseAuthReturn<User>;
-
-/**
- * Returns the current auth session without exposing login/logout actions.
- *
- * @example
- * const { user, isAuthenticated } = useSession();
- */
-declare function useSession<User = unknown>(): AuthSession<User>;
-
-interface UseRequireAuthOptions {
-    /** Path to redirect unauthenticated users to. @default "/login" */
-    redirectTo?: string;
-    /** Called when the user is not authenticated (use for custom redirect logic) */
-    onUnauthenticated?: () => void;
-}
-/**
- * Redirects unauthenticated users to the login page.
- * Works with both Next.js App Router and Pages Router.
- *
- * @example
- * // App Router (client component)
- * useRequireAuth({ redirectTo: "/login" });
- *
- * @example
- * // Custom handler
- * useRequireAuth({ onUnauthenticated: () => router.push("/login") });
- */
-declare function useRequireAuth(options?: UseRequireAuthOptions): void;
-
 /**
  * Parses an expiry value into seconds.
  * Accepts:
@@ -280,4 +154,4 @@ declare function encrypt(data: string, secret: string): Promise<string>;
  */
 declare function decrypt(data: string, secret: string): Promise<string>;
 
-export { AuthClient, type AuthConfig, AuthProvider, type AuthSession, type AuthTokens, type ExpiryInput, type ExpiryStrategy, HttpClient, type LoginInput, type LoginResponse, SessionManager, TokenManager, type UseAuthReturn, type UseRequireAuthOptions, decrypt, encrypt, parseExpiry, safeParseExpiry, useAuth, useRequireAuth, useSession };
+export { AuthClient, AuthConfig, AuthSession, AuthTokens, ExpiryInput, HttpClient, LoginInput, SessionManager, TokenManager, decrypt, encrypt, parseExpiry, safeParseExpiry };

package/dist/index.d.ts

@@ -1,85 +1,8 @@
-import * as react_jsx_runtime from 'react/jsx-runtime';
-import React from 'react';
-
-type ExpiryInput = number | string;
-type ExpiryStrategy = "backend" | "config" | "hybrid";
-interface AuthTokens {
-    accessToken: string;
-    refreshToken: string;
-    /** Unix timestamp (ms) */
-    accessTokenExpiresAt: number;
-    /** Unix timestamp (ms) */
-    refreshTokenExpiresAt?: number;
-}
-interface AuthSession<User = unknown> {
-    user: User | null;
-    tokens: AuthTokens | null;
-    isAuthenticated: boolean;
-}
-interface LoginInput {
-    [key: string]: unknown;
-}
-interface LoginResponse<User = unknown> {
-    user: User;
-    accessToken: string;
-    refreshToken: string;
-    /** Seconds until access token expires (legacy field) */
-    expiresIn?: number;
-    accessTokenExpiresIn?: number | string;
-    refreshTokenExpiresIn?: number | string;
-}
-interface AuthConfig<User = unknown> {
-    /** Base URL of your backend API */
-    baseUrl: string;
-    endpoints: {
-        login: string;
-        register?: string;
-        refresh: string;
-        logout?: string;
-        /** Endpoint to fetch the current user profile */
-        me?: string;
-    };
-    routes?: {
-        /** Paths that are always accessible without auth */
-        public: string[];
-        /** Paths that require authentication */
-        protected: string[];
-    };
-    token: {
-        storage: "cookie" | "memory";
-        cookieName?: string;
-        secure?: boolean;
-        sameSite?: "strict" | "lax" | "none";
-    };
-    /** Secret used for encrypting stored tokens */
-    secret: string;
-    /** Automatically refresh access token before expiry */
-    autoRefresh?: boolean;
-    /**
-     * Seconds before expiry to trigger a proactive refresh.
-     * @default 60
-     */
-    refreshThreshold?: number;
-    expiry?: {
-        accessTokenExpiresIn?: ExpiryInput;
-        refreshTokenExpiresIn?: ExpiryInput;
-        /**
-         * - "backend"  → trust expiresIn from API response
-         * - "config"   → use config values only
-         * - "hybrid"   → backend first, fallback to config
-         * @default "hybrid"
-         */
-        strategy?: ExpiryStrategy;
-    };
-    /** Optional custom fetch implementation */
-    fetchFn?: typeof fetch;
-    /** Called after a successful login */
-    onLogin?: (session: AuthSession<User>) => void;
-    /** Called after logout */
-    onLogout?: () => void;
-    /** Called when token refresh fails */
-    onRefreshError?: (error: unknown) => void;
-}
+import { A as AuthConfig, b as AuthTokens, a as AuthSession, L as LoginInput, E as ExpiryInput } from './index-ChpgBFYz.js';
+export { c as ExpiryStrategy, d as LoginResponse } from './index-ChpgBFYz.js';
+export { AuthProvider, UseAuthReturn, UseRequireAuthOptions, useAuth, useRequireAuth, useSession } from './react/index.js';
+import 'react/jsx-runtime';
+import 'react';
 
 /**
  * Manages storage, retrieval, and expiry checks for auth tokens.
@@ -203,55 +126,6 @@ declare class AuthClient<User = unknown> {
     private notifyListeners;
 }
 
-interface AuthProviderProps<User = unknown> {
-    config: AuthConfig<User>;
-    children: React.ReactNode;
-}
-declare function AuthProvider<User = unknown>({ config, children, }: AuthProviderProps<User>): react_jsx_runtime.JSX.Element;
-
-interface UseAuthReturn<User = unknown> {
-    session: AuthSession<User>;
-    login: (input: LoginInput) => Promise<void>;
-    logout: () => Promise<void>;
-    refresh: () => Promise<void>;
-    isLoading: boolean;
-}
-/**
- * Primary hook for authentication operations.
- *
- * @example
- * const { session, login, logout, isLoading } = useAuth();
- */
-declare function useAuth<User = unknown>(): UseAuthReturn<User>;
-
-/**
- * Returns the current auth session without exposing login/logout actions.
- *
- * @example
- * const { user, isAuthenticated } = useSession();
- */
-declare function useSession<User = unknown>(): AuthSession<User>;
-
-interface UseRequireAuthOptions {
-    /** Path to redirect unauthenticated users to. @default "/login" */
-    redirectTo?: string;
-    /** Called when the user is not authenticated (use for custom redirect logic) */
-    onUnauthenticated?: () => void;
-}
-/**
- * Redirects unauthenticated users to the login page.
- * Works with both Next.js App Router and Pages Router.
- *
- * @example
- * // App Router (client component)
- * useRequireAuth({ redirectTo: "/login" });
- *
- * @example
- * // Custom handler
- * useRequireAuth({ onUnauthenticated: () => router.push("/login") });
- */
-declare function useRequireAuth(options?: UseRequireAuthOptions): void;
-
 /**
  * Parses an expiry value into seconds.
  * Accepts:
@@ -280,4 +154,4 @@ declare function encrypt(data: string, secret: string): Promise<string>;
  */
 declare function decrypt(data: string, secret: string): Promise<string>;
 
-export { AuthClient, type AuthConfig, AuthProvider, type AuthSession, type AuthTokens, type ExpiryInput, type ExpiryStrategy, HttpClient, type LoginInput, type LoginResponse, SessionManager, TokenManager, type UseAuthReturn, type UseRequireAuthOptions, decrypt, encrypt, parseExpiry, safeParseExpiry, useAuth, useRequireAuth, useSession };
+export { AuthClient, AuthConfig, AuthSession, AuthTokens, ExpiryInput, HttpClient, LoginInput, SessionManager, TokenManager, decrypt, encrypt, parseExpiry, safeParseExpiry };

package/dist/react/index.d.mts

@@ -0,0 +1,54 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import React from 'react';
+import { A as AuthConfig, a as AuthSession, L as LoginInput } from '../index-ChpgBFYz.mjs';
+
+interface AuthProviderProps<User = unknown> {
+    config: AuthConfig<User>;
+    children: React.ReactNode;
+}
+declare function AuthProvider<User = unknown>({ config, children, }: AuthProviderProps<User>): react_jsx_runtime.JSX.Element;
+
+interface UseAuthReturn<User = unknown> {
+    session: AuthSession<User>;
+    login: (input: LoginInput) => Promise<void>;
+    logout: () => Promise<void>;
+    refresh: () => Promise<void>;
+    isLoading: boolean;
+}
+/**
+ * Primary hook for authentication operations.
+ *
+ * @example
+ * const { session, login, logout, isLoading } = useAuth();
+ */
+declare function useAuth<User = unknown>(): UseAuthReturn<User>;
+
+/**
+ * Returns the current auth session without exposing login/logout actions.
+ *
+ * @example
+ * const { user, isAuthenticated } = useSession();
+ */
+declare function useSession<User = unknown>(): AuthSession<User>;
+
+interface UseRequireAuthOptions {
+    /** Path to redirect unauthenticated users to. @default "/login" */
+    redirectTo?: string;
+    /** Called when the user is not authenticated (use for custom redirect logic) */
+    onUnauthenticated?: () => void;
+}
+/**
+ * Redirects unauthenticated users to the login page.
+ * Works with both Next.js App Router and Pages Router.
+ *
+ * @example
+ * // App Router (client component)
+ * useRequireAuth({ redirectTo: "/login" });
+ *
+ * @example
+ * // Custom handler
+ * useRequireAuth({ onUnauthenticated: () => router.push("/login") });
+ */
+declare function useRequireAuth(options?: UseRequireAuthOptions): void;
+
+export { AuthProvider, type UseAuthReturn, type UseRequireAuthOptions, useAuth, useRequireAuth, useSession };

package/dist/react/index.d.ts

@@ -0,0 +1,54 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import React from 'react';
+import { A as AuthConfig, a as AuthSession, L as LoginInput } from '../index-ChpgBFYz.js';
+
+interface AuthProviderProps<User = unknown> {
+    config: AuthConfig<User>;
+    children: React.ReactNode;
+}
+declare function AuthProvider<User = unknown>({ config, children, }: AuthProviderProps<User>): react_jsx_runtime.JSX.Element;
+
+interface UseAuthReturn<User = unknown> {
+    session: AuthSession<User>;
+    login: (input: LoginInput) => Promise<void>;
+    logout: () => Promise<void>;
+    refresh: () => Promise<void>;
+    isLoading: boolean;
+}
+/**
+ * Primary hook for authentication operations.
+ *
+ * @example
+ * const { session, login, logout, isLoading } = useAuth();
+ */
+declare function useAuth<User = unknown>(): UseAuthReturn<User>;
+
+/**
+ * Returns the current auth session without exposing login/logout actions.
+ *
+ * @example
+ * const { user, isAuthenticated } = useSession();
+ */
+declare function useSession<User = unknown>(): AuthSession<User>;
+
+interface UseRequireAuthOptions {
+    /** Path to redirect unauthenticated users to. @default "/login" */
+    redirectTo?: string;
+    /** Called when the user is not authenticated (use for custom redirect logic) */
+    onUnauthenticated?: () => void;
+}
+/**
+ * Redirects unauthenticated users to the login page.
+ * Works with both Next.js App Router and Pages Router.
+ *
+ * @example
+ * // App Router (client component)
+ * useRequireAuth({ redirectTo: "/login" });
+ *
+ * @example
+ * // Custom handler
+ * useRequireAuth({ onUnauthenticated: () => router.push("/login") });
+ */
+declare function useRequireAuth(options?: UseRequireAuthOptions): void;
+
+export { AuthProvider, type UseAuthReturn, type UseRequireAuthOptions, useAuth, useRequireAuth, useSession };