payload-plugin-newsletter 0.6.2 → 0.8.0

package/dist/index.cjs

@@ -31,7 +31,12 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var src_exports = {};
 __export(src_exports, {
   default: () => newsletterPlugin,
-  newsletterPlugin: () => newsletterPlugin
+  getServerSideAuth: () => getServerSideAuth,
+  getTokenFromRequest: () => getTokenFromRequest,
+  isAuthenticated: () => isAuthenticated,
+  newsletterPlugin: () => newsletterPlugin,
+  requireAuth: () => requireAuth,
+  verifyToken: () => verifyToken
 });
 module.exports = __toCommonJS(src_exports);
 
@@ -96,6 +101,238 @@ var adminOrSelf = (config) => ({ req, id }) => {
   return false;
 };
 
+// src/emails/render.tsx
+var import_render = require("@react-email/render");
+
+// src/emails/MagicLink.tsx
+var import_components = require("@react-email/components");
+
+// src/emails/styles.ts
+var styles = {
+  main: {
+    backgroundColor: "#f6f9fc",
+    fontFamily: '-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Ubuntu,sans-serif'
+  },
+  container: {
+    backgroundColor: "#ffffff",
+    border: "1px solid #f0f0f0",
+    borderRadius: "5px",
+    margin: "0 auto",
+    padding: "45px",
+    marginBottom: "64px",
+    maxWidth: "500px"
+  },
+  heading: {
+    fontSize: "24px",
+    letterSpacing: "-0.5px",
+    lineHeight: "1.3",
+    fontWeight: "600",
+    color: "#484848",
+    margin: "0 0 20px",
+    padding: "0"
+  },
+  text: {
+    fontSize: "16px",
+    lineHeight: "26px",
+    fontWeight: "400",
+    color: "#484848",
+    margin: "16px 0"
+  },
+  button: {
+    backgroundColor: "#000000",
+    borderRadius: "5px",
+    color: "#fff",
+    fontSize: "16px",
+    fontWeight: "bold",
+    textDecoration: "none",
+    textAlign: "center",
+    display: "block",
+    width: "100%",
+    padding: "14px 20px",
+    margin: "30px 0"
+  },
+  link: {
+    color: "#2754C5",
+    fontSize: "14px",
+    textDecoration: "underline",
+    wordBreak: "break-all"
+  },
+  hr: {
+    borderColor: "#e6ebf1",
+    margin: "30px 0"
+  },
+  footer: {
+    fontSize: "14px",
+    lineHeight: "24px",
+    color: "#9ca2ac",
+    textAlign: "center",
+    margin: "0"
+  },
+  code: {
+    display: "inline-block",
+    padding: "16px",
+    width: "100%",
+    backgroundColor: "#f4f4f4",
+    borderRadius: "5px",
+    border: "1px solid #eee",
+    fontSize: "14px",
+    fontFamily: "monospace",
+    textAlign: "center",
+    margin: "24px 0"
+  }
+};
+
+// src/emails/MagicLink.tsx
+var import_jsx_runtime = require("react/jsx-runtime");
+var MagicLinkEmail = ({
+  magicLink,
+  email,
+  siteName = "Newsletter",
+  expiresIn = "24 hours"
+}) => {
+  const previewText = `Sign in to ${siteName}`;
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_components.Html, { children: [
+    /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_components.Head, {}),
+    /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_components.Preview, { children: previewText }),
+    /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_components.Body, { style: styles.main, children: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_components.Container, { style: styles.container, children: [
+      /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_components.Text, { style: styles.heading, children: [
+        "Sign in to ",
+        siteName
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_components.Text, { style: styles.text, children: [
+        "Hi ",
+        email.split("@")[0],
+        ","
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_components.Text, { style: styles.text, children: [
+        "We received a request to sign in to your ",
+        siteName,
+        " account. Click the button below to complete your sign in:"
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_components.Button, { href: magicLink, style: styles.button, children: [
+        "Sign in to ",
+        siteName
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_components.Text, { style: styles.text, children: "Or copy and paste this URL into your browser:" }),
+      /* @__PURE__ */ (0, import_jsx_runtime.jsx)("code", { style: styles.code, children: magicLink }),
+      /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_components.Hr, { style: styles.hr }),
+      /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_components.Text, { style: styles.footer, children: [
+        "This link will expire in ",
+        expiresIn,
+        ". If you didn't request this email, you can safely ignore it."
+      ] })
+    ] }) })
+  ] });
+};
+
+// src/emails/Welcome.tsx
+var import_components2 = require("@react-email/components");
+var import_jsx_runtime2 = require("react/jsx-runtime");
+var WelcomeEmail = ({
+  email,
+  siteName = "Newsletter",
+  preferencesUrl
+}) => {
+  const previewText = `Welcome to ${siteName}!`;
+  const firstName = email.split("@")[0];
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(import_components2.Html, { children: [
+    /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_components2.Head, {}),
+    /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_components2.Preview, { children: previewText }),
+    /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_components2.Body, { style: styles.main, children: /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(import_components2.Container, { style: styles.container, children: [
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(import_components2.Text, { style: styles.heading, children: [
+        "Welcome to ",
+        siteName,
+        "! \u{1F389}"
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(import_components2.Text, { style: styles.text, children: [
+        "Hi ",
+        firstName,
+        ","
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(import_components2.Text, { style: styles.text, children: [
+        "Thanks for subscribing to ",
+        siteName,
+        "! We're excited to have you as part of our community."
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_components2.Text, { style: styles.text, children: "You'll receive our newsletter based on your preferences. Speaking of which, you can update your preferences anytime:" }),
+      preferencesUrl && /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_components2.Button, { href: preferencesUrl, style: styles.button, children: "Manage Preferences" }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_components2.Text, { style: styles.text, children: "Here's what you can expect from us:" }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(import_components2.Text, { style: styles.text, children: [
+        "\u2022 Regular updates based on your chosen frequency",
+        /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("br", {}),
+        "\u2022 Content tailored to your interests",
+        /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("br", {}),
+        "\u2022 Easy unsubscribe options in every email",
+        /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("br", {}),
+        "\u2022 Your privacy respected always"
+      ] }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_components2.Hr, { style: styles.hr }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_components2.Text, { style: styles.footer, children: "If you have any questions, feel free to reply to this email. We're here to help!" })
+    ] }) })
+  ] });
+};
+
+// src/emails/SignIn.tsx
+var import_jsx_runtime3 = require("react/jsx-runtime");
+var SignInEmail = (props) => {
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(MagicLinkEmail, { ...props });
+};
+
+// src/emails/render.tsx
+var import_jsx_runtime4 = require("react/jsx-runtime");
+async function renderEmail(template, data) {
+  try {
+    switch (template) {
+      case "magic-link": {
+        const magicLinkData = data;
+        return (0, import_render.render)(
+          /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(
+            MagicLinkEmail,
+            {
+              magicLink: magicLinkData.magicLink || magicLinkData.verificationUrl || magicLinkData.magicLinkUrl || "",
+              email: magicLinkData.email || "",
+              siteName: magicLinkData.siteName,
+              expiresIn: magicLinkData.expiresIn
+            }
+          )
+        );
+      }
+      case "signin": {
+        const signinData = data;
+        return (0, import_render.render)(
+          /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(
+            SignInEmail,
+            {
+              magicLink: signinData.magicLink || signinData.verificationUrl || signinData.magicLinkUrl || "",
+              email: signinData.email || "",
+              siteName: signinData.siteName,
+              expiresIn: signinData.expiresIn
+            }
+          )
+        );
+      }
+      case "welcome": {
+        const welcomeData = data;
+        return (0, import_render.render)(
+          /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(
+            WelcomeEmail,
+            {
+              email: welcomeData.email || "",
+              siteName: welcomeData.siteName,
+              preferencesUrl: welcomeData.preferencesUrl
+            }
+          )
+        );
+      }
+      default:
+        throw new Error(`Unknown email template: ${template}`);
+    }
+  } catch (error) {
+    console.error(`Failed to render email template ${template}:`, error);
+    throw error;
+  }
+}
+
 // src/collections/Subscribers.ts
 var createSubscribersCollection = (pluginConfig) => {
   const slug = pluginConfig.subscribersSlug || "subscribers";
@@ -305,7 +542,24 @@ var createSubscribersCollection = (pluginConfig) => {
             }
             if (doc.subscriptionStatus === "active" && emailService) {
               try {
-              } catch {
+                const settings = await req.payload.findGlobal({
+                  slug: pluginConfig.settingsSlug || "newsletter-settings"
+                });
+                const serverURL = req.payload.config.serverURL || process.env.PAYLOAD_PUBLIC_SERVER_URL || "";
+                const html = await renderEmail("welcome", {
+                  email: doc.email,
+                  siteName: settings?.brandSettings?.siteName || "Newsletter",
+                  preferencesUrl: `${serverURL}/account/preferences`
+                  // This could be customized
+                });
+                await emailService.send({
+                  to: doc.email,
+                  subject: settings?.brandSettings?.siteName ? `Welcome to ${settings.brandSettings.siteName}!` : "Welcome!",
+                  html
+                });
+                console.log(`Welcome email sent to: ${doc.email}`);
+              } catch (error) {
+                console.error("Failed to send welcome email:", error);
               }
             }
             if (pluginConfig.hooks?.afterSubscribe) {
@@ -1110,6 +1364,86 @@ function validateSubscriberData(data) {
   };
 }
 
+// src/utils/jwt.ts
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"), 1);
+function getJWTSecret() {
+  const secret = process.env.JWT_SECRET || process.env.PAYLOAD_SECRET;
+  if (!secret) {
+    console.warn(
+      "WARNING: No JWT_SECRET or PAYLOAD_SECRET found in environment variables. Magic link authentication will not work properly. Please set JWT_SECRET in your environment."
+    );
+    return "INSECURE_DEVELOPMENT_SECRET_PLEASE_SET_JWT_SECRET";
+  }
+  return secret;
+}
+function generateMagicLinkToken(subscriberId, email, config) {
+  const payload = {
+    subscriberId,
+    email,
+    type: "magic-link"
+  };
+  const expiresIn = config.auth?.tokenExpiration || "7d";
+  return import_jsonwebtoken.default.sign(payload, getJWTSecret(), {
+    expiresIn,
+    issuer: "payload-newsletter-plugin"
+  });
+}
+function verifyMagicLinkToken(token) {
+  try {
+    const payload = import_jsonwebtoken.default.verify(token, getJWTSecret(), {
+      issuer: "payload-newsletter-plugin"
+    });
+    if (payload.type !== "magic-link") {
+      throw new Error("Invalid token type");
+    }
+    return payload;
+  } catch (error) {
+    if (error instanceof Error && error.name === "TokenExpiredError") {
+      throw new Error("Magic link has expired. Please request a new one.");
+    }
+    if (error instanceof Error && error.name === "JsonWebTokenError") {
+      throw new Error("Invalid magic link token");
+    }
+    throw error;
+  }
+}
+function generateSessionToken(subscriberId, email) {
+  const payload = {
+    subscriberId,
+    email,
+    type: "session"
+  };
+  return import_jsonwebtoken.default.sign(payload, getJWTSecret(), {
+    expiresIn: "30d",
+    issuer: "payload-newsletter-plugin"
+  });
+}
+function verifySessionToken(token) {
+  try {
+    const payload = import_jsonwebtoken.default.verify(token, getJWTSecret(), {
+      issuer: "payload-newsletter-plugin"
+    });
+    if (payload.type !== "session") {
+      throw new Error("Invalid token type");
+    }
+    return payload;
+  } catch (error) {
+    if (error instanceof Error && error.name === "TokenExpiredError") {
+      throw new Error("Session has expired. Please sign in again.");
+    }
+    if (error instanceof Error && error.name === "JsonWebTokenError") {
+      throw new Error("Invalid session token");
+    }
+    throw error;
+  }
+}
+function generateMagicLinkURL(token, baseURL, config) {
+  const path = config.auth?.magicLinkPath || "/newsletter/verify";
+  const url = new URL(path, baseURL);
+  url.searchParams.set("token", token);
+  return url.toString();
+}
+
 // src/endpoints/subscribe.ts
 var createSubscribeEndpoint = (config) => {
   return {
@@ -1233,6 +1567,33 @@ var createSubscribeEndpoint = (config) => {
         if (config.features?.surveys?.enabled && surveyResponses) {
         }
         if (settings?.subscriptionSettings?.requireDoubleOptIn) {
+          try {
+            const token = generateMagicLinkToken(
+              String(subscriber.id),
+              subscriber.email,
+              config
+            );
+            const serverURL = req.payload.config.serverURL || process.env.PAYLOAD_PUBLIC_SERVER_URL || "";
+            const magicLinkURL = generateMagicLinkURL(token, serverURL, config);
+            const emailService = req.payload.newsletterEmailService;
+            if (emailService) {
+              const html = await renderEmail("magic-link", {
+                magicLink: magicLinkURL,
+                email: subscriber.email,
+                siteName: settings?.brandSettings?.siteName || "Newsletter",
+                expiresIn: config.auth?.tokenExpiration || "7d"
+              });
+              await emailService.send({
+                to: subscriber.email,
+                subject: settings?.brandSettings?.siteName ? `Verify your email for ${settings.brandSettings.siteName}` : "Verify your email",
+                html
+              });
+            } else {
+              console.warn("Email service not initialized, cannot send magic link");
+            }
+          } catch (error) {
+            console.error("Failed to send magic link email:", error);
+          }
         }
         res.json({
           success: true,
@@ -1253,68 +1614,6 @@ var createSubscribeEndpoint = (config) => {
   };
 };
 
-// src/utils/jwt.ts
-var import_jsonwebtoken = __toESM(require("jsonwebtoken"), 1);
-function getJWTSecret() {
-  const secret = process.env.JWT_SECRET || process.env.PAYLOAD_SECRET;
-  if (!secret) {
-    console.warn(
-      "WARNING: No JWT_SECRET or PAYLOAD_SECRET found in environment variables. Magic link authentication will not work properly. Please set JWT_SECRET in your environment."
-    );
-    return "INSECURE_DEVELOPMENT_SECRET_PLEASE_SET_JWT_SECRET";
-  }
-  return secret;
-}
-function verifyMagicLinkToken(token) {
-  try {
-    const payload = import_jsonwebtoken.default.verify(token, getJWTSecret(), {
-      issuer: "payload-newsletter-plugin"
-    });
-    if (payload.type !== "magic-link") {
-      throw new Error("Invalid token type");
-    }
-    return payload;
-  } catch (error) {
-    if (error instanceof Error && error.name === "TokenExpiredError") {
-      throw new Error("Magic link has expired. Please request a new one.");
-    }
-    if (error instanceof Error && error.name === "JsonWebTokenError") {
-      throw new Error("Invalid magic link token");
-    }
-    throw error;
-  }
-}
-function generateSessionToken(subscriberId, email) {
-  const payload = {
-    subscriberId,
-    email,
-    type: "session"
-  };
-  return import_jsonwebtoken.default.sign(payload, getJWTSecret(), {
-    expiresIn: "30d",
-    issuer: "payload-newsletter-plugin"
-  });
-}
-function verifySessionToken(token) {
-  try {
-    const payload = import_jsonwebtoken.default.verify(token, getJWTSecret(), {
-      issuer: "payload-newsletter-plugin"
-    });
-    if (payload.type !== "session") {
-      throw new Error("Invalid token type");
-    }
-    return payload;
-  } catch (error) {
-    if (error instanceof Error && error.name === "TokenExpiredError") {
-      throw new Error("Session has expired. Please sign in again.");
-    }
-    if (error instanceof Error && error.name === "JsonWebTokenError") {
-      throw new Error("Invalid session token");
-    }
-    throw error;
-  }
-}
-
 // src/endpoints/verify-magic-link.ts
 var createVerifyMagicLinkEndpoint = (config) => {
   return {
@@ -1366,6 +1665,7 @@ var createVerifyMagicLinkEndpoint = (config) => {
           id: subscriber.id,
           email: subscriber.email
         };
+        let isNewlyActivated = false;
         if (subscriber.subscriptionStatus === "pending") {
           await req.payload.update({
             collection: config.subscribersSlug || "subscribers",
@@ -1376,6 +1676,7 @@ var createVerifyMagicLinkEndpoint = (config) => {
             overrideAccess: false,
             user: syntheticUser
           });
+          isNewlyActivated = true;
         }
         await req.payload.update({
           collection: config.subscribersSlug || "subscribers",
@@ -1391,6 +1692,40 @@ var createVerifyMagicLinkEndpoint = (config) => {
           String(subscriber.id),
           subscriber.email
         );
+        if (isNewlyActivated) {
+          try {
+            const emailService = req.payload.newsletterEmailService;
+            if (emailService) {
+              const settings = await req.payload.findGlobal({
+                slug: config.settingsSlug || "newsletter-settings"
+              });
+              const serverURL = req.payload.config.serverURL || process.env.PAYLOAD_PUBLIC_SERVER_URL || "";
+              const html = await renderEmail("welcome", {
+                email: subscriber.email,
+                siteName: settings?.brandSettings?.siteName || "Newsletter",
+                preferencesUrl: `${serverURL}/account/preferences`
+                // This could be customized
+              });
+              await emailService.send({
+                to: subscriber.email,
+                subject: settings?.brandSettings?.siteName ? `Welcome to ${settings.brandSettings.siteName}!` : "Welcome!",
+                html
+              });
+            } else {
+              console.warn("Email service not initialized, cannot send welcome email");
+            }
+          } catch (error) {
+            console.error("Failed to send welcome email:", error);
+          }
+        }
+        res.cookie("newsletter-auth", sessionToken, {
+          httpOnly: true,
+          secure: process.env.NODE_ENV === "production",
+          sameSite: "lax",
+          path: "/",
+          maxAge: 30 * 24 * 60 * 60 * 1e3
+          // 30 days
+        });
         res.json({
           success: true,
           sessionToken,
@@ -1558,8 +1893,8 @@ var createUnsubscribeEndpoint = (config) => {
         let subscriber;
         if (token) {
           try {
-            const jwt2 = await import("jsonwebtoken");
-            const payload = jwt2.verify(
+            const jwt3 = await import("jsonwebtoken");
+            const payload = jwt3.verify(
               token,
               process.env.JWT_SECRET || process.env.PAYLOAD_SECRET || ""
             );
@@ -1640,6 +1975,224 @@ var createUnsubscribeEndpoint = (config) => {
   };
 };
 
+// src/utils/rate-limiter.ts
+var RateLimiter = class {
+  constructor(options) {
+    this.attempts = /* @__PURE__ */ new Map();
+    this.options = options;
+  }
+  async checkLimit(key) {
+    const now = Date.now();
+    const record = this.attempts.get(key);
+    if (!record || record.resetTime < now) {
+      this.attempts.set(key, {
+        count: 1,
+        resetTime: now + this.options.windowMs
+      });
+      return true;
+    }
+    if (record.count >= this.options.maxAttempts) {
+      return false;
+    }
+    record.count++;
+    return true;
+  }
+  async incrementAttempt(key) {
+    const now = Date.now();
+    const record = this.attempts.get(key);
+    if (!record || record.resetTime < now) {
+      this.attempts.set(key, {
+        count: 1,
+        resetTime: now + this.options.windowMs
+      });
+    } else {
+      record.count++;
+    }
+  }
+  async reset(key) {
+    this.attempts.delete(key);
+  }
+  async resetAll() {
+    this.attempts.clear();
+  }
+};
+
+// src/endpoints/signin.ts
+var signinRateLimiter = new RateLimiter({
+  maxAttempts: 5,
+  windowMs: 15 * 60 * 1e3,
+  // 15 minutes
+  prefix: "signin"
+});
+var createSigninEndpoint = (config) => {
+  return {
+    path: "/newsletter/signin",
+    method: "post",
+    handler: async (req, res) => {
+      try {
+        const { email } = req.body;
+        const validation = validateSubscriberData({ email });
+        if (!validation.valid) {
+          return res.status(400).json({
+            success: false,
+            errors: validation.errors
+          });
+        }
+        const rateLimitKey = `signin:${email.toLowerCase()}`;
+        const allowed = await signinRateLimiter.checkLimit(rateLimitKey);
+        if (!allowed) {
+          return res.status(429).json({
+            success: false,
+            error: "Too many sign-in attempts. Please try again later."
+          });
+        }
+        const result = await req.payload.find({
+          collection: config.subscribersSlug || "subscribers",
+          where: {
+            email: { equals: email.toLowerCase() },
+            subscriptionStatus: { equals: "active" }
+          },
+          limit: 1,
+          overrideAccess: true
+          // Need to check subscriber exists
+        });
+        if (result.docs.length === 0) {
+          return res.status(404).json({
+            success: false,
+            error: "Email not found. Please subscribe first."
+          });
+        }
+        const subscriber = result.docs[0];
+        const token = generateMagicLinkToken(
+          String(subscriber.id),
+          subscriber.email,
+          config
+        );
+        const serverURL = req.payload.config.serverURL || process.env.PAYLOAD_PUBLIC_SERVER_URL || "";
+        const magicLinkURL = generateMagicLinkURL(token, serverURL, config);
+        const emailService = req.payload.newsletterEmailService;
+        if (emailService) {
+          const settings = await req.payload.findGlobal({
+            slug: config.settingsSlug || "newsletter-settings"
+          });
+          const html = await renderEmail("signin", {
+            magicLink: magicLinkURL,
+            email: subscriber.email,
+            siteName: settings?.brandSettings?.siteName || "Newsletter",
+            expiresIn: config.auth?.tokenExpiration || "7d"
+          });
+          await emailService.send({
+            to: subscriber.email,
+            subject: settings?.brandSettings?.siteName ? `Sign in to ${settings.brandSettings.siteName}` : "Sign in to your account",
+            html
+          });
+        } else {
+          console.warn("Email service not initialized, cannot send sign-in link");
+        }
+        res.json({
+          success: true,
+          message: "Check your email for the sign-in link"
+        });
+      } catch (error) {
+        console.error("Sign-in error:", error);
+        res.status(500).json({
+          success: false,
+          error: "Failed to process sign-in request"
+        });
+      }
+    }
+  };
+};
+
+// src/endpoints/me.ts
+var createMeEndpoint = (config) => {
+  return {
+    path: "/newsletter/me",
+    method: "get",
+    handler: async (req, res) => {
+      try {
+        const token = req.cookies?.["newsletter-auth"];
+        if (!token) {
+          return res.status(401).json({
+            success: false,
+            error: "Not authenticated"
+          });
+        }
+        let payload;
+        try {
+          payload = verifySessionToken(token);
+        } catch {
+          return res.status(401).json({
+            success: false,
+            error: "Invalid or expired session"
+          });
+        }
+        const subscriber = await req.payload.findByID({
+          collection: config.subscribersSlug || "subscribers",
+          id: payload.subscriberId,
+          overrideAccess: true
+          // Need to get subscriber data
+        });
+        if (!subscriber || subscriber.subscriptionStatus !== "active") {
+          return res.status(401).json({
+            success: false,
+            error: "Not authenticated"
+          });
+        }
+        res.json({
+          success: true,
+          subscriber: {
+            id: subscriber.id,
+            email: subscriber.email,
+            name: subscriber.name,
+            status: subscriber.subscriptionStatus,
+            preferences: {
+              frequency: subscriber.emailPreferences?.frequency,
+              categories: subscriber.emailPreferences?.categories
+            },
+            createdAt: subscriber.createdAt,
+            updatedAt: subscriber.updatedAt
+          }
+        });
+      } catch (error) {
+        console.error("Me endpoint error:", error);
+        res.status(500).json({
+          success: false,
+          error: "Internal server error"
+        });
+      }
+    }
+  };
+};
+
+// src/endpoints/signout.ts
+var createSignoutEndpoint = (_config) => {
+  return {
+    path: "/newsletter/signout",
+    method: "post",
+    handler: (req, res) => {
+      try {
+        res.clearCookie("newsletter-auth", {
+          httpOnly: true,
+          secure: process.env.NODE_ENV === "production",
+          sameSite: "lax",
+          path: "/"
+        });
+        res.json({
+          success: true,
+          message: "Signed out successfully"
+        });
+      } catch (error) {
+        console.error("Signout error:", error);
+        res.status(500).json({
+          success: false,
+          error: "Failed to sign out"
+        });
+      }
+    }
+  };
+};
+
 // src/endpoints/index.ts
 function createNewsletterEndpoints(config) {
   const endpoints = [
@@ -1650,7 +2203,10 @@ function createNewsletterEndpoints(config) {
     endpoints.push(
       createVerifyMagicLinkEndpoint(config),
       createPreferencesEndpoint(config),
-      createUpdatePreferencesEndpoint(config)
+      createUpdatePreferencesEndpoint(config),
+      createSigninEndpoint(config),
+      createMeEndpoint(config),
+      createSignoutEndpoint(config)
     );
   }
   return endpoints;
@@ -1825,6 +2381,83 @@ function createMarkdownFieldInternal(config) {
   };
 }
 
+// src/utilities/session.ts
+var import_jsonwebtoken2 = __toESM(require("jsonwebtoken"), 1);
+var getTokenFromRequest = (req) => {
+  const cookies = req.cookies || req.headers?.cookie;
+  if (!cookies) return null;
+  if (typeof cookies === "string") {
+    const parsed = cookies.split(";").reduce((acc, cookie) => {
+      const [key, value] = cookie.trim().split("=");
+      acc[key] = value;
+      return acc;
+    }, {});
+    return parsed["newsletter-auth"] || null;
+  }
+  return cookies["newsletter-auth"] || null;
+};
+var verifyToken = (token, secret) => {
+  try {
+    const decoded = import_jsonwebtoken2.default.verify(token, secret);
+    return decoded;
+  } catch {
+    return null;
+  }
+};
+var getServerSideAuth = async (context, secret) => {
+  const token = getTokenFromRequest(context.req);
+  if (!token) {
+    return { subscriber: null, isAuthenticated: false };
+  }
+  const payloadSecret = secret || process.env.PAYLOAD_SECRET;
+  if (!payloadSecret) {
+    console.error("No secret provided for token verification");
+    return { subscriber: null, isAuthenticated: false };
+  }
+  const decoded = verifyToken(token, payloadSecret);
+  if (!decoded) {
+    return { subscriber: null, isAuthenticated: false };
+  }
+  return {
+    subscriber: decoded,
+    isAuthenticated: true
+  };
+};
+var requireAuth = (gssp) => {
+  return async (context) => {
+    const { isAuthenticated: isAuthenticated2, subscriber } = await getServerSideAuth(context);
+    if (!isAuthenticated2) {
+      return {
+        redirect: {
+          destination: "/auth/signin",
+          permanent: false
+        }
+      };
+    }
+    if (gssp) {
+      const result = await gssp(context);
+      return {
+        ...result,
+        props: {
+          ...result.props,
+          subscriber
+        }
+      };
+    }
+    return {
+      props: {
+        subscriber
+      }
+    };
+  };
+};
+var isAuthenticated = (req, secret) => {
+  const token = getTokenFromRequest(req);
+  if (!token) return false;
+  const decoded = verifyToken(token, secret);
+  return !!decoded;
+};
+
 // src/index.ts
 var newsletterPlugin = (pluginConfig) => (incomingConfig) => {
   const config = {
@@ -1927,6 +2560,11 @@ var newsletterPlugin = (pluginConfig) => (incomingConfig) => {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  newsletterPlugin
+  getServerSideAuth,
+  getTokenFromRequest,
+  isAuthenticated,
+  newsletterPlugin,
+  requireAuth,
+  verifyToken
 });
 //# sourceMappingURL=index.cjs.map