nextjs-hasura-auth 0.1.2 → 0.1.3

package/APOLLO.md

@@ -1,174 +1,101 @@
-# Apollo Client Setup (`APOLLO.md`)
-
-This document describes the configured Apollo Client instance provided by this package (`lib/apollo.tsx` or similar) for interacting with your Hasura GraphQL API.
-
-## Purpose
-
-The Apollo Client setup provides a unified interface for sending GraphQL queries, mutations, and subscriptions to Hasura, automatically handling authentication based on the provided JWT token or Hasura Admin Secret.
-
-## Key Features
-
-*   **Direct Connection:** Connects directly to your Hasura GraphQL endpoint (`NEXT_PUBLIC_HASURA_GRAPHQL_URL`) for HTTP requests and WebSocket endpoint (`NEXT_PUBLIC_HASURA_WS_ENDPOINT` derived from the HTTP URL) for subscriptions.
-*   **Split Link:** Intelligently routes GraphQL operations:
-    *   **HTTP Requests (Queries/Mutations):** Sent via standard HTTP.
-    *   **WebSocket Connections (Subscriptions):** Uses a WebSocket connection (`graphql-ws`). This requires `ws: true` during client creation and only works client-side.
-*   **Flexible Authentication:**
-    *   **JWT Token Priority:** If a `token` is provided during client creation, it's sent as a `Bearer` token in the `Authorization` header (for both HTTP and WS).
-    *   **Admin Secret Fallback:** If no `token` is provided, but the `HASURA_ADMIN_SECRET` environment variable is set (or a `secret` is passed explicitly), it's sent in the `x-hasura-admin-secret` header (for both HTTP and WS).
-    *   **Public Access:** If neither a token nor a secret is available, requests are sent without authentication headers.
-*   **Server-Side Rendering (SSR) / Client-Side Rendering (CSR) Compatibility:** The client can be created and used both on the server and the client.
-*   **Convenient Provider:** The `createApolloClient` function returns an enhanced client instance that includes a `.Provider` component (`ApolloClientWithProvider`) for easily wrapping parts of your React application.
-*   **Helper Hook:** Provides `useCreateApolloClient` hook for easily creating memoized client instances in React components, especially useful for integrating with authentication state.
-
-<details>
-<summary>Core Exports & Options (`lib/apollo.tsx`)</summary>
-
-*   `createApolloClient(options: ApolloOptions): ApolloClientWithProvider`: Creates a new Apollo Client instance.
-    *   `options.url`: Hasura GraphQL endpoint URL (defaults to `process.env.NEXT_PUBLIC_HASURA_GRAPHQL_URL`).
-    *   `options.ws`: Boolean, enable WebSocket link for subscriptions (defaults to `false`, only works client-side).
-    *   `options.token`: String, JWT token for Bearer authentication.
-    *   `options.secret`: String, Hasura Admin Secret (defaults to `process.env.HASURA_ADMIN_SECRET`).
-*   `useCreateApolloClient(options: ApolloOptions): ApolloClientWithProvider`: React hook to create a memoized Apollo Client instance. Recreates the client if `options` change.
-*   `getClient(options?: ApolloOptions): ApolloClient<any>`: Gets or creates a singleton Apollo Client instance. *Note: Using the singleton pattern might be tricky if the authentication token needs to change dynamically. `useCreateApolloClient` is often preferred in React components.*
-*   `checkConnection(client?): Promise<boolean>`: Sends a simple introspection query to check connectivity to the Hasura endpoint.
-*   `getJwtSecret(): Uint8Array`: Utility to get the Hasura JWT secret key from `process.env.HASURA_JWT_SECRET` (used internally by other parts of the auth system, not typically needed directly for Apollo client setup).
-
-</details>
-
-## Usage
-
-### Client-Side (React Components - Recommended)
-
-1.  **Ensure `SessionProvider` is set up:** The Apollo client often relies on session data (like a JWT) for authentication. Make sure `next-auth/react`'s `SessionProvider` wraps your application, usually in the root layout.
-2.  **Wrap your application/layout with the client's Provider:** Use the `useCreateApolloClient` hook to create a client instance based on the session state and wrap your components using `client.Provider`.
-
-    ```typescript
-    // Example in app/layout.tsx
-    'use client'; // Layout needs to be client-side for providers and hooks
-
-    import { SessionProvider, useSession } from "next-auth/react";
-    import { useCreateApolloClient } from '@/lib/apollo'; // Adjust path
-    import { useMemo } from "react";
-    // Other imports (ThemeProvider, etc.)
-
-    // Wrapper component to manage Apollo client based on session
-    function ApolloWrapper({ children }: { children: React.ReactNode }) {
-      const { data: session } = useSession(); // Get session from next-auth
-
-      // Create Apollo Client, passing the Hasura JWT from the session
-      // The client will be recreated if the session changes
-      const client = useCreateApolloClient(useMemo(() => ({
-        // Make sure your next-auth session callback adds the correct
-        // Hasura-compatible JWT to the session object (e.g., session.accessToken)
-        token: session?.accessToken, // Pass the Hasura JWT
-        ws: true // Enable WebSocket support for subscriptions
-      }), [session]));
-
-      // Use the convenient Provider attached to the client instance
-      return (
-        <client.Provider>
-          {children}
-        </client.Provider>
-      );
-    }
-
-    export default function RootLayout({ children }: { children: React.ReactNode }) {
-      return (
-        <html lang="en" suppressHydrationWarning>
-          <head />
-          <body>
-            {/* SessionProvider is required for useSession hook */}
-            <SessionProvider>
-              {/* ApolloWrapper provides the Apollo client based on session */}
-              <ApolloWrapper>
-                {/* Other providers like ThemeProvider */}
-                {/* <ThemeProvider ...> */}
-                  {children}
-                {/* </ThemeProvider> */}
-              </ApolloWrapper>
-            </SessionProvider>
-          </body>
-        </html>
-      );
-    }
-    ```
-
-3.  **Use Apollo Hooks in Components:** Import and use hooks like `useQuery`, `useMutation`, or `useSubscription` directly. The client provided by the context will handle authentication automatically based on the token passed during its creation.
-
-    ```typescript
-    import { useQuery, gql } from '@apollo/client';
-    // import { Generator } from 'nextjs-hasura-auth'; // Optional: Use with Generator
-
-    function UserProfile() {
-      // Assume user ID is available, e.g., from session or props
-      const userId = '...';
-
-      const GET_USER = gql`
-        query GetUser($userId: uuid!) {
-          users_by_pk(id: $userId) {
-            id
-            name
-            email
-          }
-        }
-      `;
-
-      // The client from ApolloWrapper's context is used automatically
-      const { loading, error, data } = useQuery(GET_USER, {
-         variables: { userId }
-      });
-
-      // ... render logic ...
-    }
-    ```
-
-### Server-Side (SSR/SSG/Server Components/API Routes)
-
-1.  **Create Client Instance:** Use `createApolloClient` directly. You need to decide how to authenticate:
-    *   **Admin Access:** Pass the admin secret (e.g., from environment variables) using the `secret` option if you need privileged access.
-    *   **User Access:** If running in the context of a specific user request, obtain their Hasura JWT (e.g., from session data, request headers) and pass it using the `token` option.
-
-    ```typescript
-    // Example in an API Route or Server Component
-    import { createApolloClient } from '@/lib/apollo'; // Adjust path
-    import { gql } from '@apollo/client';
-    // import { getToken } from "next-auth/jwt"
-
-    async function getUserDataOnServer(userId: string, request?: Request) {
-      // Option 1: Use Admin Secret for privileged access
-      // const client = createApolloClient({
-      //   secret: process.env.HASURA_ADMIN_SECRET // Ensure secret is available server-side
-      // });
-
-      // Option 2: Use User Token (if available from request/session)
-      // Example: const sessionToken = await getToken({ req: request, secret: process.env.NEXTAUTH_SECRET });
-      // const hasuraToken = sessionToken?.accessToken;
-      const client = createApolloClient({
-        token: process.env.SOME_SERVICE_ACCOUNT_TOKEN_IF_NEEDED // Or fetch user token if applicable
-        // url: process.env.NEXT_PUBLIC_HASURA_GRAPHQL_URL // URL can also be passed explicitly
-      });
-
-      const GET_USER = gql`...`; // Your query
-
-      try {
-        const { data } = await client.query({
-          query: GET_USER,
-          variables: { userId },
-          // Important for server-side: Avoid using client-side cache
-          fetchPolicy: 'network-only',
-        });
-        return data.users_by_pk;
-      } catch (error) {
-        console.error('Error fetching user data:', error);
-        return null;
-      }
-    }
-    ```
-
-2.  **Fetch Data:** Use `client.query(...)` or `client.mutate(...)`.
-
-## Important Considerations
-
-*   **JWT Token:** Ensure your authentication system (like `next-auth`) generates a Hasura-compatible JWT containing the necessary `https://hasura.io/jwt/claims` and includes it in the session data (e.g., as `session.accessToken`) for the client-side integration to work.
-*   **Environment Variables:** Securely manage `HASURA_ADMIN_SECRET`, `NEXTAUTH_SECRET`, and potentially `HASURA_JWT_SECRET` using environment variable configuration in your hosting provider (e.g., Vercel). `NEXT_PUBLIC_HASURA_GRAPHQL_URL` needs to be accessible client-side.
-*   **WebSocket Security:** WebSocket connections initiated from the client include the token/secret directly in the `connectionParams`. Ensure your Hasura endpoint is properly secured (e.g., using HTTPS/WSS). 
+# Apollo Client Setup (`lib/apollo.tsx`)
+
+This file provides the `useCreateApolloClient` hook, a crucial part of the library for interacting with your Hasura GraphQL backend.
+
+## `useCreateApolloClient` Hook
+
+A React hook to create and memoize an Apollo Client instance configured for the Hasura backend.
+
+```tsx
+import { useCreateApolloClient } from 'nextjs-hasura-auth';
+
+function MyComponent() {
+  // Create client for HTTP only
+  const apolloClientHttp = useCreateApolloClient({ token: 'your-auth-token' });
+
+  // Create client for HTTP and WebSocket (subscriptions)
+  const apolloClientWs = useCreateApolloClient({ token: 'your-auth-token', ws: true });
+
+  // ... use apolloClient
+}
+```
+
+### Purpose
+
+This hook simplifies the setup of an Apollo Client tailored for Hasura environments, handling both HTTP and WebSocket connections, authentication headers, and role management.
+
+### Arguments
+
+-   `options` (object):
+    -   `token` (string | undefined): Optional authentication token (JWT) to be included in headers.
+    -   `ws` (boolean): Optional flag (default: `false`) to enable WebSocket connection for subscriptions.
+
+### Return Value
+
+-   `ApolloClient<NormalizedCacheObject>`: An initialized and memoized Apollo Client instance.
+
+### Key Features
+
+1.  **HTTP Link (`httpLink`)**: Configured for standard GraphQL operations (queries, mutations) using `createHttpLink`.
+2.  **WebSocket Link (`wsLink`)**: Configured for GraphQL subscriptions using `graphql-ws`. Enabled only if `ws: true` is passed in the options. It uses `createClient` from `graphql-ws`.
+3.  **Role Link (`roleLink`)**: **New!** This is an `ApolloLink` middleware using `setContext` that intercepts outgoing **HTTP requests**. It checks the `context` object passed to the Apollo operation (e.g., in `useQuery`, `useMutation`). If a `role` property is found in the operation's context, it adds the `X-Hasura-Role` header to the HTTP request with the specified role.
+    *   **Important Note:** This dynamic role setting via context currently **only works for HTTP requests** (queries and mutations). It **does not** dynamically set the role for WebSocket connections (subscriptions). For subscriptions, the role is determined by the `connectionParams` when the WebSocket connection is established, which typically uses the `token` provided to `useCreateApolloClient` to infer the role on the backend.
+4.  **Authentication Headers**:
+    *   For HTTP requests, it automatically includes `Authorization: Bearer <token>` (if provided) and `X-Hasura-Admin-Secret` (if `process.env.HASURA_ADMIN_SECRET` is set). The `roleLink` adds the `X-Hasura-Role` header if a `role` is provided in the operation's context.
+    *   For WebSocket connections, `connectionParams` are set with `headers` containing `Authorization` and `X-Hasura-Admin-Secret`.
+5.  **Request Splitting**: Uses `split` to direct operations to `httpLink` (via `roleLink` and `authLink`) or `wsLink` based on the operation type. Subscriptions go to `wsLink` (if `ws: true`), others go to `httpLink`.
+6.  **Error Handling (`errorLink`)**: Includes basic error logging for GraphQL and network errors using `onError`.
+7.  **Caching**: Uses `InMemoryCache` for client-side caching.
+8.  **Memoization**: The `useMemo` hook ensures the client instance is created only once per component lifecycle or when the `token` or `ws` options change, preventing unnecessary client recreations.
+
+### How `roleLink` Works
+
+The `roleLink` leverages Apollo Link's `setContext` middleware.
+
+```typescript
+// Simplified logic within useCreateApolloClient
+import { setContext } from '@apollo/client/link/context';
+
+const roleLink = setContext((_operation, context) => {
+  // context here is the *link* context, which includes headers etc.
+  // and importantly, the context passed from the hook/operation call.
+  const operationContext = context?.graphqlContext || {}; // Access context passed from useQuery/useMutation etc.
+  const role = operationContext.role; // Get the role from the operation's context
+
+  // If a role is provided in the operation's context, add it to the headers
+  if (role) {
+    return {
+      headers: {
+        ...context.headers, // Preserve existing headers (like Authorization)
+        'X-Hasura-Role': role,
+      },
+    };
+  }
+
+  // Otherwise, return the existing headers unchanged
+  return {
+    headers: context.headers,
+  };
+});
+
+// This roleLink is then chained before the httpLink:
+// link: from([errorLink, roleLink, authLink, httpLink]) // for HTTP
+```
+
+When you use the data fetching hooks from `lib/client.tsx` (like `useQuery`, `useMutation`) and pass a `role` in the `hookOptions`, that `role` becomes part of the operation's context (`graphqlContext`), which `roleLink` then reads to set the appropriate `X-Hasura-Role` header for that specific HTTP request.
+
+```tsx
+// Example using useQuery with a role
+const { data } = useQuery(GET_POSTS, {
+  hookOptions: {
+    // These options are passed to Apollo's useQuery
+    variables: { limit: 10 },
+    // This context object is passed along the link chain
+    context: {
+      role: 'editor', // roleLink will pick this up
+    },
+  },
+});
+```
+
+This allows for fine-grained role control on a per-operation basis for queries and mutations. Remember, WebSocket subscriptions rely on the role established during the initial connection based on the token.

package/dist/lib/apollo.d.ts

@@ -31,6 +31,8 @@ export declare function getClient(options?: {}): ApolloClient<any>;
  * @returns Apollo client instance
  */
 export declare function useCreateApolloClient(options: ApolloOptions): ApolloClientWithProvider;
+export declare const CHECK_CONNECTION_SUBSCRIPTION: import("@apollo/client").DocumentNode;
+export declare const CHECK_CONNECTION_QUERY: import("@apollo/client").DocumentNode;
 /**
  * Check connection to Hasura GraphQL endpoint
  * @returns {Promise<boolean>} True if connection is successful

package/dist/lib/apollo.js

@@ -0,0 +1,243 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CHECK_CONNECTION_QUERY = exports.CHECK_CONNECTION_SUBSCRIPTION = void 0;
+exports.createApolloClient = createApolloClient;
+exports.getClient = getClient;
+exports.useCreateApolloClient = useCreateApolloClient;
+exports.checkConnection = checkConnection;
+const jsx_runtime_1 = require("react/jsx-runtime");
+const client_1 = require("@apollo/client");
+const context_1 = require("@apollo/client/link/context");
+const utilities_1 = require("@apollo/client/utilities");
+// Restore GraphQLWsLink imports
+const subscriptions_1 = require("@apollo/client/link/subscriptions");
+const graphql_ws_1 = require("graphql-ws");
+const cross_fetch_1 = __importDefault(require("cross-fetch"));
+const debug_1 = __importDefault(require("./debug"));
+const react_1 = require("react");
+const jwt_1 = require("./jwt");
+// Remove deprecated WebSocketLink import
+// import { WebSocketLink } from '@apollo/client/link/ws'; 
+const error_1 = require("@apollo/client/link/error");
+// Create a debug logger for this module
+const debug = (0, debug_1.default)('apollo');
+// Determine if running on client
+const isClient = typeof window !== 'undefined';
+const createRoleLink = () => (0, context_1.setContext)((request, previousContext) => {
+    // Get the role from the operation's context passed in the hook options
+    const role = previousContext === null || previousContext === void 0 ? void 0 : previousContext.role; // Correctly access context via the second argument
+    debug(`roleLink: Role from context: ${role}`);
+    if (role) {
+        return {
+            headers: Object.assign(Object.assign({}, previousContext.headers), { 'X-Hasura-Role': role }),
+        };
+    }
+    // If no role is provided in the context, don't add the header
+    return {};
+});
+/**
+ * Create Apollo Client
+ *
+ * @param {Object} options - Options for creating the client
+ * @param {boolean} options.ws - Use WebSocket connection
+ * @param {string} options.token - JWT token for authorization
+ * @param {string} options.secret - Admin secret for Hasura
+ * @returns {ApolloClient} Apollo Client
+ */
+function createApolloClient(options = {}) {
+    // Default values
+    const { url = process.env.NEXT_PUBLIC_HASURA_GRAPHQL_URL, ws = false, token = undefined, secret = process.env.HASURA_ADMIN_SECRET } = options;
+    if (!url) {
+        throw new Error('❌ options.url or NEXT_PUBLIC_HASURA_GRAPHQL_URL not defined');
+    }
+    debug('apollo', '🔌 Creating Apollo client with endpoint:', url);
+    // --- NEW: Link to set Hasura Role Header ---
+    const roleLink = createRoleLink();
+    // --- END NEW ---
+    // --- Existing Links ---
+    // Create base HttpLink (no auth here initially)
+    const baseHttpLink = new client_1.HttpLink({
+        uri: url,
+        fetch: cross_fetch_1.default,
+    });
+    // Create link for adding auth (JWT or Admin Secret)
+    const authHeaderLink = (0, context_1.setContext)((_, { headers }) => {
+        // Return the headers to the context so httpLink can read them
+        if (token) {
+            debug('apollo', '🔒 Using JWT token for Authorization header');
+            return {
+                headers: Object.assign(Object.assign({}, headers), { Authorization: `Bearer ${token}` })
+            };
+        }
+        else if (secret) {
+            debug('apollo', '🔑 Using Admin Secret for x-hasura-admin-secret header');
+            return {
+                headers: Object.assign(Object.assign({}, headers), { 'x-hasura-admin-secret': secret })
+            };
+        }
+        debug('apollo', '🔓 Sending request without authentication headers');
+        return { headers };
+    });
+    // Chain the links: roleLink -> authHeaderLink -> baseHttpLink
+    const httpLink = client_1.ApolloLink.from([roleLink, authHeaderLink, baseHttpLink]);
+    // --- End Existing Links Modification ---
+    // --- WebSocket Link Setup (Remains largely the same) ---
+    let link = httpLink; // Start with the combined HTTP link
+    // --- Debugging WS Link Creation ---
+    debug('apollo', `🚀 Checking WS setup: ws=${ws}, isClient=${isClient}`);
+    if (ws && isClient) {
+        debug('apollo', '✅ Entering WS Link creation block.'); // Log entry
+        const wsEndpoint = url.replace('http', 'ws').replace('https://', 'wss');
+        debug('apollo', '🔌 Setting up GraphQLWsLink for:', wsEndpoint);
+        // --- Restore GraphQLWsLink --- 
+        const wsLink = new subscriptions_1.GraphQLWsLink((0, graphql_ws_1.createClient)({
+            url: wsEndpoint,
+            connectionParams: () => __awaiter(this, void 0, void 0, function* () {
+                debug('apollo', '⚙️ Evaluating connectionParams function...');
+                const params = {};
+                if (token) {
+                    debug('apollo', '🔒 Using JWT token for WS connectionParams (from function)');
+                    params.headers = { Authorization: `Bearer ${token}` };
+                }
+                else if (secret) {
+                    debug('apollo', '🔑 Using Admin Secret for WS connectionParams (from function)');
+                    params.headers = { 'x-hasura-admin-secret': secret };
+                }
+                else {
+                    debug('apollo', '🔓 WebSocket connection without specific auth params (from function)');
+                }
+                debug('apollo', '⚙️ connectionParams function returning:', params);
+                return params;
+            }),
+            // Note: Dynamically changing headers per subscription via context
+            // is not standard in GraphQLWsLink. The roleLink above won't affect this.
+            // --- Add event handlers for diagnostics ---
+            on: {
+                connected: (socket) => debug('apollo', '🔗 [graphql-ws] WebSocket connected:', socket),
+                ping: (received) => debug('apollo', `➡️ [graphql-ws] Ping ${received ? 'received' : 'sent'}`),
+                pong: (received) => debug('apollo', `⬅️ [graphql-ws] Pong ${received ? 'received' : 'sent'}`),
+                error: (err) => debug('apollo', '❌ [graphql-ws] WebSocket error:', err),
+                closed: (event) => debug('apollo', '🚪 [graphql-ws] WebSocket closed:', event),
+            }
+            // --- End event handlers ---
+        }));
+        /* --- Remove Deprecated WebSocketLink ---
+        const wsLink = new WebSocketLink({
+          uri: wsEndpoint,
+          options: {
+            reconnect: true,
+            connectionParams: connectionParams, // Pass prepared headers here
+            // Note: Timeout options might be needed depending on env
+          }
+        });
+        debug('apollo', '🔗 DEPRECATED WebSocketLink created.');
+        */
+        // Split based on operation type
+        link = (0, client_1.split)(({ query }) => {
+            const definition = (0, utilities_1.getMainDefinition)(query);
+            const isSubscription = definition.kind === 'OperationDefinition' &&
+                definition.operation === 'subscription';
+            debug('apollo', `🔗 Split link decision: isSubscription=${isSubscription}`);
+            return (definition.kind === 'OperationDefinition' &&
+                definition.operation === 'subscription');
+        }, wsLink, // Use wsLink for subscriptions
+        httpLink // Use httpLink (with roleLink and authHeaderLink) for query/mutation
+        );
+    }
+    else {
+        debug('apollo', '❌ Skipping WS Link creation.', { ws, isClient });
+    }
+    // --- End WebSocket Setup ---
+    // Create Apollo Client with the final composed link
+    const apolloClient = new client_1.ApolloClient({
+        link: link, // Use the potentially split link
+        cache: new client_1.InMemoryCache(),
+        defaultOptions: {
+            watchQuery: {
+                fetchPolicy: 'network-only',
+                errorPolicy: 'all',
+            },
+            query: {
+                fetchPolicy: 'network-only',
+                errorPolicy: 'all',
+            },
+            mutate: {
+                errorPolicy: 'all',
+            },
+        }
+    });
+    apolloClient.Provider = function Provider({ children }) {
+        return (0, jsx_runtime_1.jsx)(client_1.ApolloProvider, { client: apolloClient, children: children });
+    };
+    return apolloClient;
+}
+// Default client instance
+let clientInstance = null;
+/**
+ * Get or create Apollo client instance
+ * @param options Client options
+ * @returns Apollo client instance
+ */
+function getClient(options = {}) {
+    if (!clientInstance) {
+        clientInstance = createApolloClient(options);
+    }
+    return clientInstance;
+}
+/**
+ * React hook to get Apollo client instance
+ * @returns Apollo client instance
+ */
+function useCreateApolloClient(options) {
+    return (0, react_1.useMemo)(() => createApolloClient(options), [options]);
+}
+exports.CHECK_CONNECTION_SUBSCRIPTION = (0, client_1.gql) `
+subscription CheckConnection {
+  __schema {
+    queryType {
+      name
+    }
+  }
+}
+`;
+exports.CHECK_CONNECTION_QUERY = (0, client_1.gql) `
+query CheckConnection {
+  __schema {
+    queryType {
+      name
+    }
+  }
+}
+`;
+/**
+ * Check connection to Hasura GraphQL endpoint
+ * @returns {Promise<boolean>} True if connection is successful
+ */
+function checkConnection() {
+    return __awaiter(this, arguments, void 0, function* (client = getClient()) {
+        var _a, _b, _c;
+        const result = yield client.query({ query: exports.CHECK_CONNECTION_QUERY });
+        return !!((_c = (_b = (_a = result.data) === null || _a === void 0 ? void 0 : _a.__schema) === null || _b === void 0 ? void 0 : _b.queryType) === null || _c === void 0 ? void 0 : _c.name);
+    });
+}
+const errorLink = (0, error_1.onError)(({ graphQLErrors, networkError, operation, forward }) => {
+    // Handle errors
+});
+exports.default = {
+    createApolloClient,
+    getClient,
+    getJwtSecret: jwt_1.getJwtSecret,
+    checkConnection
+};

package/dist/lib/authDbUtils.d.ts

@@ -0,0 +1,48 @@
+import { Client } from 'nextjs-hasura-auth';
+/**
+ * Hashes a password using bcrypt.
+ * @param password The plain text password.
+ * @returns The hashed password.
+ */
+export declare function hashPassword(password: string): Promise<string>;
+/**
+ * Compares a plain text password with a hash.
+ * @param password The plain text password.
+ * @param hash The hash to compare against.
+ * @returns True if the password matches the hash, false otherwise.
+ */
+export declare function comparePassword(password: string, hash: string): Promise<boolean>;
+interface UserProfileFromProvider {
+    name?: string | null;
+    email?: string | null;
+    image?: string | null;
+}
+export interface HasuraUser {
+    id: string;
+    name?: string | null;
+    email?: string | null;
+    email_verified?: string | null;
+    image?: string | null;
+    password?: string | null;
+    created_at: string;
+    updated_at: string;
+    is_admin?: boolean | null;
+    hasura_role?: string | null;
+    accounts?: {
+        provider: string;
+        provider_account_id: string;
+    }[];
+}
+/**
+ * Finds or creates a user and their associated account based on provider information.
+ * This function handles the core logic of linking OAuth/Credentials logins to Hasura users.
+ *
+ * @param client The initialized NHA Client instance.
+ * @param provider The OAuth provider name (e.g., 'google', 'credentials').
+ * @param providerAccountId The user's unique ID from the provider.
+ * @param profile Optional profile information from the provider (name, email, image).
+ * @returns The Hasura user object associated with the account.
+ * @throws Error if user/account processing fails.
+ */
+export declare function getOrCreateUserAndAccount(client: Client, provider: string, providerAccountId: string, profile?: UserProfileFromProvider | null): Promise<HasuraUser>;
+export {};