sanity-plugin-preview-auth 0.1.0

package/dist/index.cjs

@@ -0,0 +1,142 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: !0 });
+var sanity = require("sanity"), icons = require("@sanity/icons"), jsxRuntime = require("react/jsx-runtime"), ui = require("@sanity/ui"), react = require("react"), sanityPluginPreviewAuthValidate = require("sanity-plugin-preview-auth-validate");
+function usePreviewAuth({
+  previewOrigin,
+  previewAuthApi
+}) {
+  const client = sanity.useClient(sanity.DEFAULT_STUDIO_CLIENT_OPTIONS), currentUser = sanity.useCurrentUser(), [isAuthenticating, setIsAuthenticating] = react.useState(!1), [error, setError] = react.useState(null), redirectUrl = react.useMemo(() => typeof window > "u" ? null : new URLSearchParams(window.location.search).get("redirect"), []), fullRedirectUrl = react.useMemo(() => {
+    if (!redirectUrl || !previewOrigin)
+      return null;
+    try {
+      return new URL(redirectUrl, previewOrigin).toString();
+    } catch {
+      return `${previewOrigin}${redirectUrl}`;
+    }
+  }, [redirectUrl, previewOrigin]), handleAuthenticate = react.useCallback(async () => {
+    if (!previewOrigin) {
+      setError("No preview URL configured for this workspace.");
+      return;
+    }
+    setIsAuthenticating(!0), setError(null);
+    try {
+      const { secret } = await sanityPluginPreviewAuthValidate.createPreviewSecret({
+        client,
+        source: "sanity/preview-auth",
+        studioUrl: window.location.href,
+        userId: currentUser?.id
+      }), apiUrl = new URL(previewAuthApi, previewOrigin), redirectPath = redirectUrl?.startsWith("/preview") ? redirectUrl.replace(/^\/preview/, "") || "/" : redirectUrl || "/";
+      apiUrl.searchParams.set("sanity-preview-secret", secret), apiUrl.searchParams.set("sanity-preview-pathname", redirectPath), apiUrl.searchParams.set("response", "json");
+      const response = await fetch(apiUrl, {
+        method: "GET",
+        credentials: "include",
+        headers: { Accept: "application/json" }
+      }), payload = await response.json().catch(() => null);
+      if (!response.ok || payload?.ok === !1)
+        throw new Error(payload?.error || `Authentication failed (${response.status})`);
+      if (!payload?.redirectTo)
+        throw new Error("Missing redirect target from authentication response.");
+      window.location.href = new URL(payload.redirectTo, previewOrigin).toString();
+    } catch (err) {
+      setError(err instanceof Error ? err.message : "Failed to authenticate preview mode."), setIsAuthenticating(!1);
+    }
+  }, [client, currentUser?.id, previewAuthApi, previewOrigin, redirectUrl]);
+  return { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate };
+}
+function PreviewAuthPage({ previewOrigin, previewAuthApi }) {
+  const { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate } = usePreviewAuth({ previewOrigin, previewAuthApi });
+  return redirectUrl ? /* @__PURE__ */ jsxRuntime.jsx(ui.Card, { height: "fill", overflow: "auto", children: /* @__PURE__ */ jsxRuntime.jsx(ui.Container, { width: 1, padding: 5, children: /* @__PURE__ */ jsxRuntime.jsx(ui.Flex, { justify: "center", align: "center", style: { minHeight: "60vh" }, children: /* @__PURE__ */ jsxRuntime.jsx(ui.Card, { padding: 5, radius: 3, shadow: 1, style: { maxWidth: 480, width: "100%" }, children: /* @__PURE__ */ jsxRuntime.jsxs(ui.Stack, { space: 5, children: [
+    /* @__PURE__ */ jsxRuntime.jsx(ui.Flex, { justify: "center", children: /* @__PURE__ */ jsxRuntime.jsx(ui.Card, { padding: 3, radius: "full", tone: "primary", children: /* @__PURE__ */ jsxRuntime.jsx(ui.Text, { size: 4, children: /* @__PURE__ */ jsxRuntime.jsx(icons.EyeOpenIcon, {}) }) }) }),
+    /* @__PURE__ */ jsxRuntime.jsxs(ui.Stack, { space: 3, style: { textAlign: "center" }, children: [
+      /* @__PURE__ */ jsxRuntime.jsx(ui.Heading, { size: 2, children: "Preview Mode Authentication" }),
+      /* @__PURE__ */ jsxRuntime.jsx(ui.Text, { muted: !0, size: 2, children: "Authenticate to access the preview environment. This generates a secure token valid for 3 months." })
+    ] }),
+    fullRedirectUrl && /* @__PURE__ */ jsxRuntime.jsx(ui.Card, { padding: 3, radius: 2, tone: "positive", children: /* @__PURE__ */ jsxRuntime.jsxs(ui.Stack, { space: 3, children: [
+      /* @__PURE__ */ jsxRuntime.jsx(ui.Text, { size: 0, muted: !0, weight: "medium", children: "Redirecting to:" }),
+      /* @__PURE__ */ jsxRuntime.jsx(ui.Text, { size: 1, style: { wordBreak: "break-all" }, children: fullRedirectUrl })
+    ] }) }),
+    error && /* @__PURE__ */ jsxRuntime.jsx(ui.Card, { padding: 3, radius: 2, tone: "critical", children: /* @__PURE__ */ jsxRuntime.jsx(ui.Text, { size: 1, children: error }) }),
+    /* @__PURE__ */ jsxRuntime.jsx(
+      ui.Button,
+      {
+        fontSize: 2,
+        padding: 4,
+        tone: "primary",
+        loading: isAuthenticating,
+        text: isAuthenticating ? "Authenticating\u2026" : "Authenticate Preview Mode",
+        icon: icons.EyeOpenIcon,
+        onClick: handleAuthenticate,
+        disabled: isAuthenticating || !previewOrigin
+      }
+    )
+  ] }) }) }) }) }) : /* @__PURE__ */ jsxRuntime.jsx(ui.Card, { height: "fill", overflow: "auto", children: /* @__PURE__ */ jsxRuntime.jsx(ui.Container, { width: 1, padding: 5, children: /* @__PURE__ */ jsxRuntime.jsx(ui.Flex, { justify: "center", align: "center", style: { minHeight: "60vh" }, children: /* @__PURE__ */ jsxRuntime.jsx(ui.Card, { padding: 5, radius: 3, shadow: 1, style: { maxWidth: 480, width: "100%" }, children: /* @__PURE__ */ jsxRuntime.jsxs(ui.Stack, { space: 4, style: { textAlign: "center" }, children: [
+    /* @__PURE__ */ jsxRuntime.jsx(ui.Heading, { size: 4, children: "404" }),
+    /* @__PURE__ */ jsxRuntime.jsx(ui.Text, { muted: !0, size: 2, children: "Preview authentication requires a redirect URL." })
+  ] }) }) }) }) });
+}
+const previewAuthSecret = sanity.defineType({
+  name: sanityPluginPreviewAuthValidate.PREVIEW_AUTH_SECRET_TYPE,
+  type: "document",
+  title: "Preview Auth Secret",
+  fields: [
+    sanity.defineField({ name: "secret", type: "string", title: "Secret" }),
+    sanity.defineField({ name: "source", type: "string", title: "Source" }),
+    sanity.defineField({ name: "studioUrl", type: "string", title: "Studio URL" }),
+    sanity.defineField({ name: "userId", type: "string", title: "User ID" }),
+    sanity.defineField({ name: "expiresAt", type: "datetime", title: "Expires At" })
+  ]
+}), TOOL_NAME = "preview-auth", previewAuthPlugin = sanity.definePlugin((options) => ({
+  name: TOOL_NAME,
+  schema: {
+    types: [previewAuthSecret]
+  },
+  tools: [
+    {
+      name: TOOL_NAME,
+      title: "Preview Auth",
+      icon: icons.EyeOpenIcon,
+      component: () => PreviewAuthPage(options)
+    }
+  ],
+  studio: {
+    components: {
+      toolMenu: (props) => {
+        const filteredTools = props.tools.filter((tool) => tool.name !== TOOL_NAME);
+        return props.renderDefault({ ...props, tools: filteredTools });
+      }
+    }
+  }
+}));
+function createAction(options) {
+  const { previewOrigin, slugField = "slug" } = options, OpenPreviewAction = (props) => {
+    const client = sanity.useClient(sanity.DEFAULT_STUDIO_CLIENT_OPTIONS), currentUser = sanity.useCurrentUser(), [isGenerating, setIsGenerating] = react.useState(!1), slug = (props.draft ?? props.published)?.[slugField], slugValue = typeof slug == "string" ? slug : slug?.current;
+    return slugValue ? {
+      label: isGenerating ? "Opening\u2026" : "Open Preview",
+      icon: icons.EyeOpenIcon,
+      disabled: isGenerating,
+      onHandle: async () => {
+        setIsGenerating(!0);
+        try {
+          const { secret } = await sanityPluginPreviewAuthValidate.createPreviewSecret({
+            client,
+            source: "sanity/open-preview-action",
+            studioUrl: window.location.href,
+            userId: currentUser?.id
+          }), previewPath = slugValue.startsWith("/") ? slugValue : `/${slugValue}`, url = new URL(`/preview${previewPath}`, previewOrigin);
+          url.searchParams.set("sanity-preview-secret", secret), window.open(url.toString(), "_blank", "noopener,noreferrer");
+        } finally {
+          setIsGenerating(!1), props.onComplete();
+        }
+      }
+    } : null;
+  };
+  return OpenPreviewAction.action = "openPreview", OpenPreviewAction;
+}
+function openPreviewAction(options) {
+  return createAction(options);
+}
+exports.openPreviewAction = openPreviewAction;
+exports.previewAuthPlugin = previewAuthPlugin;
+exports.previewAuthSecret = previewAuthSecret;
+exports.usePreviewAuth = usePreviewAuth;
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs","sources":["../src/hooks/usePreviewAuth.ts","../src/components/PreviewAuthPage.tsx","../src/schema/previewAuthSecret.ts","../src/plugin.ts","../src/actions/openPreviewAction.ts"],"sourcesContent":["import { useState, useCallback, useMemo } from 'react'\nimport { useClient, useCurrentUser, DEFAULT_STUDIO_CLIENT_OPTIONS } from 'sanity'\nimport { createPreviewSecret } from 'sanity-plugin-preview-auth-validate'\n\n/** @public */\nexport type UsePreviewAuthOptions = {\n\tpreviewOrigin: string\n\tpreviewAuthApi: string\n}\n\n/** @public */\nexport type UsePreviewAuthResult = {\n\tredirectUrl: string | null\n\tfullRedirectUrl: string | null\n\tisAuthenticating: boolean\n\terror: string | null\n\thandleAuthenticate: () => Promise<void>\n}\n\n/** @public */\nexport function usePreviewAuth({\n\tpreviewOrigin,\n\tpreviewAuthApi,\n}: UsePreviewAuthOptions): UsePreviewAuthResult {\n\tconst client = useClient(DEFAULT_STUDIO_CLIENT_OPTIONS)\n  const currentUser = useCurrentUser()\n  \n\tconst [isAuthenticating, setIsAuthenticating] = useState(false)\n\tconst [error, setError] = useState<string | null>(null)\n\n\tconst redirectUrl = useMemo(() => {\n\t\tif (typeof window === 'undefined') {\n\t\t\treturn null\n\t\t}\n\n\t\treturn new URLSearchParams(window.location.search).get('redirect')\n\t}, [])\n\n\tconst fullRedirectUrl = useMemo(() => {\n\t\tif (!redirectUrl || !previewOrigin) {\n\t\t\treturn null\n\t\t}\n\n\t\ttry {\n\t\t\treturn new URL(redirectUrl, previewOrigin).toString()\n\t\t} catch {\n\t\t\treturn `${previewOrigin}${redirectUrl}`\n\t\t}\n\t}, [redirectUrl, previewOrigin])\n\n\tconst handleAuthenticate = useCallback(async () => {\n\t\tif (!previewOrigin) {\n\t\t\tsetError('No preview URL configured for this workspace.')\n\n\t\t\treturn\n\t\t}\n\n\t\tsetIsAuthenticating(true)\n\t\tsetError(null)\n\n\t\ttry {\n\t\t\tconst { secret } = await createPreviewSecret({\n\t\t\t\tclient,\n\t\t\t\tsource: 'sanity/preview-auth',\n\t\t\t\tstudioUrl: window.location.href,\n\t\t\t\tuserId: currentUser?.id,\n\t\t\t})\n\n\t\t\tconst apiUrl = new URL(previewAuthApi, previewOrigin)\n\t\t\tconst redirectPath = redirectUrl?.startsWith('/preview')\n\t\t\t\t? redirectUrl.replace(/^\\/preview/, '') || '/'\n\t\t\t\t: redirectUrl || '/'\n\n\t\t\tapiUrl.searchParams.set('sanity-preview-secret', secret)\n\t\t\tapiUrl.searchParams.set('sanity-preview-pathname', redirectPath)\n\t\t\tapiUrl.searchParams.set('response', 'json')\n\n\t\t\tconst response = await fetch(apiUrl, {\n\t\t\t\tmethod: 'GET',\n\t\t\t\tcredentials: 'include',\n\t\t\t\theaders: { Accept: 'application/json' },\n\t\t\t})\n\n\t\t\tconst payload = await response.json().catch(() => null)\n\n\t\t\tif (!response.ok || payload?.ok === false) {\n\t\t\t\tthrow new Error(payload?.error || `Authentication failed (${response.status})`)\n\t\t\t}\n\n\t\t\tif (!payload?.redirectTo) {\n\t\t\t\tthrow new Error('Missing redirect target from authentication response.')\n\t\t\t}\n\n\t\t\twindow.location.href = new URL(payload.redirectTo, previewOrigin).toString()\n\t\t} catch (err) {\n\t\t\tsetError(err instanceof Error ? err.message : 'Failed to authenticate preview mode.')\n\t\t\tsetIsAuthenticating(false)\n\t\t}\n\t}, [client, currentUser?.id, previewAuthApi, previewOrigin, redirectUrl])\n\n\treturn { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate }\n}\n","import React from 'react'\nimport { Button, Card, Container, Flex, Heading, Stack, Text } from '@sanity/ui'\nimport { EyeOpenIcon } from '@sanity/icons'\nimport { usePreviewAuth } from '../hooks/usePreviewAuth'\n\nexport type PreviewAuthPageProps = {\n\tpreviewOrigin: string\n\tpreviewAuthApi: string\n}\n\nexport function PreviewAuthPage({ previewOrigin, previewAuthApi }: PreviewAuthPageProps) {\n\tconst { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate } =\n\t\tusePreviewAuth({ previewOrigin, previewAuthApi })\n\n\tif (!redirectUrl) {\n\t\treturn (\n\t\t\t<Card height='fill' overflow='auto'>\n\t\t\t\t<Container width={1} padding={5}>\n\t\t\t\t\t<Flex justify='center' align='center' style={{ minHeight: '60vh' }}>\n\t\t\t\t\t\t<Card padding={5} radius={3} shadow={1} style={{ maxWidth: 480, width: '100%' }}>\n\t\t\t\t\t\t\t<Stack space={4} style={{ textAlign: 'center' }}>\n\t\t\t\t\t\t\t\t<Heading size={4}>404</Heading>\n\t\t\t\t\t\t\t\t<Text muted size={2}>\n\t\t\t\t\t\t\t\t\tPreview authentication requires a redirect URL.\n\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t</Stack>\n\t\t\t\t\t\t</Card>\n\t\t\t\t\t</Flex>\n\t\t\t\t</Container>\n\t\t\t</Card>\n\t\t)\n\t}\n\n\treturn (\n\t\t<Card height='fill' overflow='auto'>\n\t\t\t<Container width={1} padding={5}>\n\t\t\t\t<Flex justify='center' align='center' style={{ minHeight: '60vh' }}>\n\t\t\t\t\t<Card padding={5} radius={3} shadow={1} style={{ maxWidth: 480, width: '100%' }}>\n\t\t\t\t\t\t<Stack space={5}>\n\t\t\t\t\t\t\t<Flex justify='center'>\n\t\t\t\t\t\t\t\t<Card padding={3} radius='full' tone='primary'>\n\t\t\t\t\t\t\t\t\t<Text size={4}>\n\t\t\t\t\t\t\t\t\t\t<EyeOpenIcon />\n\t\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t\t</Card>\n\t\t\t\t\t\t\t</Flex>\n\n\t\t\t\t\t\t\t<Stack space={3} style={{ textAlign: 'center' }}>\n\t\t\t\t\t\t\t\t<Heading size={2}>Preview Mode Authentication</Heading>\n\t\t\t\t\t\t\t\t<Text muted size={2}>\n\t\t\t\t\t\t\t\t\tAuthenticate to access the preview environment. This generates a secure token\n\t\t\t\t\t\t\t\t\tvalid for 3 months.\n\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t</Stack>\n\n\t\t\t\t\t\t\t{fullRedirectUrl && (\n\t\t\t\t\t\t\t\t<Card padding={3} radius={2} tone='positive'>\n\t\t\t\t\t\t\t\t\t<Stack space={3}>\n\t\t\t\t\t\t\t\t\t\t<Text size={0} muted weight='medium'>\n\t\t\t\t\t\t\t\t\t\t\tRedirecting to:\n\t\t\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t\t\t\t<Text size={1} style={{ wordBreak: 'break-all' }}>\n\t\t\t\t\t\t\t\t\t\t\t{fullRedirectUrl}\n\t\t\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t\t\t</Stack>\n\t\t\t\t\t\t\t\t</Card>\n\t\t\t\t\t\t\t)}\n\n\t\t\t\t\t\t\t{error && (\n\t\t\t\t\t\t\t\t<Card padding={3} radius={2} tone='critical'>\n\t\t\t\t\t\t\t\t\t<Text size={1}>{error}</Text>\n\t\t\t\t\t\t\t\t</Card>\n\t\t\t\t\t\t\t)}\n\n\t\t\t\t\t\t\t<Button\n\t\t\t\t\t\t\t\tfontSize={2}\n\t\t\t\t\t\t\t\tpadding={4}\n\t\t\t\t\t\t\t\ttone='primary'\n\t\t\t\t\t\t\t\tloading={isAuthenticating}\n\t\t\t\t\t\t\t\ttext={isAuthenticating ? 'Authenticating…' : 'Authenticate Preview Mode'}\n\t\t\t\t\t\t\t\ticon={EyeOpenIcon}\n\t\t\t\t\t\t\t\tonClick={handleAuthenticate}\n\t\t\t\t\t\t\t\tdisabled={isAuthenticating || !previewOrigin}\n\t\t\t\t\t\t\t/>\n\t\t\t\t\t\t</Stack>\n\t\t\t\t\t</Card>\n\t\t\t\t</Flex>\n\t\t\t</Container>\n\t\t</Card>\n\t)\n}\n","import { defineField, defineType } from 'sanity';\nimport { PREVIEW_AUTH_SECRET_TYPE } from 'sanity-plugin-preview-auth-validate';\n\n/**\n * System document type for long-lived preview auth secrets.\n * Add this to your Sanity schema types array, or use `previewAuthPlugin`\n * which registers it automatically.\n * @public\n */\nexport const previewAuthSecret = defineType({\n  name: PREVIEW_AUTH_SECRET_TYPE,\n  type: 'document',\n  title: 'Preview Auth Secret',\n  fields: [\n    defineField({ name: 'secret', type: 'string', title: 'Secret' }),\n    defineField({ name: 'source', type: 'string', title: 'Source' }),\n    defineField({ name: 'studioUrl', type: 'string', title: 'Studio URL' }),\n    defineField({ name: 'userId', type: 'string', title: 'User ID' }),\n    defineField({ name: 'expiresAt', type: 'datetime', title: 'Expires At' })\n  ]\n});\n","import { definePlugin } from 'sanity';\nimport { EyeOpenIcon } from '@sanity/icons';\nimport { PreviewAuthPage } from './components/PreviewAuthPage';\nimport { previewAuthSecret } from './schema/previewAuthSecret';\n\n/** @public */\nexport type PreviewAuthPluginOptions = {\n  /** The origin of your preview site, e.g. https://preview.mysite.com */\n  previewOrigin: string;\n  /** The path to your draft-mode enable API, e.g. /api/draft-mode/enable */\n  previewAuthApi: string;\n};\n\nconst TOOL_NAME = 'preview-auth';\n\n/**\n * Sanity Studio plugin for long-lived cross-origin preview authentication.\n *\n * Registers:\n * - A hidden `preview-auth` tool reachable via `/preview-auth?redirect=…`\n * - The `sanity.previewAuthSecret` schema type for long-lived secrets\n * @public\n */\nexport const previewAuthPlugin = definePlugin<PreviewAuthPluginOptions>((options) => ({\n  name: TOOL_NAME,\n  schema: {\n    types: [previewAuthSecret]\n  },\n  tools: [\n    {\n      name: TOOL_NAME,\n      title: 'Preview Auth',\n      icon: EyeOpenIcon,\n      component: () => PreviewAuthPage(options)\n    }\n  ],\n  studio: {\n    components: {\n      toolMenu: (props) => {\n        const filteredTools = props.tools.filter((tool) => tool.name !== TOOL_NAME);\n\n        return props.renderDefault({ ...props, tools: filteredTools });\n      }\n    }\n  }\n}));\n","import React, { useState } from 'react'\nimport { useClient, useCurrentUser, DEFAULT_STUDIO_CLIENT_OPTIONS } from 'sanity'\nimport type { DocumentActionComponent, DocumentActionProps } from 'sanity'\nimport { EyeOpenIcon } from '@sanity/icons'\nimport { createPreviewSecret } from 'sanity-plugin-preview-auth-validate'\n\n/** @public */\nexport type OpenPreviewActionOptions = {\n\tpreviewOrigin: string\n\t/** Slug field name on route documents (default: 'slug') */\n\tslugField?: string\n}\n\nfunction createAction(options: OpenPreviewActionOptions): DocumentActionComponent {\n\tconst { previewOrigin, slugField = 'slug' } = options\n\n\tconst OpenPreviewAction = (props: DocumentActionProps) => {\n\t\tconst client = useClient(DEFAULT_STUDIO_CLIENT_OPTIONS)\n\t\tconst currentUser = useCurrentUser()\n\t\tconst [isGenerating, setIsGenerating] = useState(false)\n\n\t\tconst slug = (props.draft ?? props.published)?.[slugField] as\n\t\t\t| { current?: string }\n\t\t\t| string\n\t\t\t| undefined\n\n\t\tconst slugValue = typeof slug === 'string' ? slug : slug?.current\n\n\t\tif (!slugValue) {\n\t\t\treturn null\n\t\t}\n\n\t\treturn {\n\t\t\tlabel: isGenerating ? 'Opening…' : 'Open Preview',\n\t\t\ticon: EyeOpenIcon,\n\t\t\tdisabled: isGenerating,\n\t\t\tonHandle: async () => {\n\t\t\t\tsetIsGenerating(true)\n\n\t\t\t\ttry {\n\t\t\t\t\tconst { secret } = await createPreviewSecret({\n\t\t\t\t\t\tclient,\n\t\t\t\t\t\tsource: 'sanity/open-preview-action',\n\t\t\t\t\t\tstudioUrl: window.location.href,\n\t\t\t\t\t\tuserId: currentUser?.id,\n\t\t\t\t\t})\n\n\t\t\t\t\tconst previewPath = slugValue.startsWith('/') ? slugValue : `/${slugValue}`\n\t\t\t\t\tconst url = new URL(`/preview${previewPath}`, previewOrigin)\n\n\t\t\t\t\turl.searchParams.set('sanity-preview-secret', secret)\n\n\t\t\t\t\twindow.open(url.toString(), '_blank', 'noopener,noreferrer')\n\t\t\t\t} finally {\n\t\t\t\t\tsetIsGenerating(false)\n\t\t\t\t\tprops.onComplete()\n\t\t\t\t}\n\t\t\t},\n\t\t}\n\t}\n\n\tOpenPreviewAction.action = 'openPreview'\n\n\treturn OpenPreviewAction as DocumentActionComponent\n}\n\n/** @public */\nexport function openPreviewAction(options: OpenPreviewActionOptions): DocumentActionComponent {\n\treturn createAction(options)\n}\n"],"names":["useClient","DEFAULT_STUDIO_CLIENT_OPTIONS","useCurrentUser","useState","useMemo","useCallback","createPreviewSecret","jsx","Card","Container","Flex","jsxs","Stack","Text","EyeOpenIcon","Heading","Button","defineType","PREVIEW_AUTH_SECRET_TYPE","defineField","definePlugin"],"mappings":";;;AAoBO,SAAS,eAAe;AAAA,EAC9B;AAAA,EACA;AACD,GAAgD;AAC/C,QAAM,SAASA,OAAAA,UAAUC,OAAAA,6BAA6B,GAC/C,cAAcC,OAAAA,eAAA,GAEf,CAAC,kBAAkB,mBAAmB,IAAIC,MAAAA,SAAS,EAAK,GACxD,CAAC,OAAO,QAAQ,IAAIA,MAAAA,SAAwB,IAAI,GAEhD,cAAcC,MAAAA,QAAQ,MACvB,OAAO,SAAW,MACd,OAGD,IAAI,gBAAgB,OAAO,SAAS,MAAM,EAAE,IAAI,UAAU,GAC/D,CAAA,CAAE,GAEC,kBAAkBA,MAAAA,QAAQ,MAAM;AACrC,QAAI,CAAC,eAAe,CAAC;AACpB,aAAO;AAGR,QAAI;AACH,aAAO,IAAI,IAAI,aAAa,aAAa,EAAE,SAAA;AAAA,IAC5C,QAAQ;AACP,aAAO,GAAG,aAAa,GAAG,WAAW;AAAA,IACtC;AAAA,EACD,GAAG,CAAC,aAAa,aAAa,CAAC,GAEzB,qBAAqBC,MAAAA,YAAY,YAAY;AAClD,QAAI,CAAC,eAAe;AACnB,eAAS,+CAA+C;AAExD;AAAA,IACD;AAEA,wBAAoB,EAAI,GACxB,SAAS,IAAI;AAEb,QAAI;AACH,YAAM,EAAE,WAAW,MAAMC,oDAAoB;AAAA,QAC5C;AAAA,QACA,QAAQ;AAAA,QACR,WAAW,OAAO,SAAS;AAAA,QAC3B,QAAQ,aAAa;AAAA,MAAA,CACrB,GAEK,SAAS,IAAI,IAAI,gBAAgB,aAAa,GAC9C,eAAe,aAAa,WAAW,UAAU,IACpD,YAAY,QAAQ,cAAc,EAAE,KAAK,MACzC,eAAe;AAElB,aAAO,aAAa,IAAI,yBAAyB,MAAM,GACvD,OAAO,aAAa,IAAI,2BAA2B,YAAY,GAC/D,OAAO,aAAa,IAAI,YAAY,MAAM;AAE1C,YAAM,WAAW,MAAM,MAAM,QAAQ;AAAA,QACpC,QAAQ;AAAA,QACR,aAAa;AAAA,QACb,SAAS,EAAE,QAAQ,mBAAA;AAAA,MAAmB,CACtC,GAEK,UAAU,MAAM,SAAS,KAAA,EAAO,MAAM,MAAM,IAAI;AAEtD,UAAI,CAAC,SAAS,MAAM,SAAS,OAAO;AACnC,cAAM,IAAI,MAAM,SAAS,SAAS,0BAA0B,SAAS,MAAM,GAAG;AAG/E,UAAI,CAAC,SAAS;AACb,cAAM,IAAI,MAAM,uDAAuD;AAGxE,aAAO,SAAS,OAAO,IAAI,IAAI,QAAQ,YAAY,aAAa,EAAE,SAAA;AAAA,IACnE,SAAS,KAAK;AACb,eAAS,eAAe,QAAQ,IAAI,UAAU,sCAAsC,GACpF,oBAAoB,EAAK;AAAA,IAC1B;AAAA,EACD,GAAG,CAAC,QAAQ,aAAa,IAAI,gBAAgB,eAAe,WAAW,CAAC;AAExE,SAAO,EAAE,aAAa,iBAAiB,kBAAkB,OAAO,mBAAA;AACjE;AC3FO,SAAS,gBAAgB,EAAE,eAAe,kBAAwC;AACxF,QAAM,EAAE,aAAa,iBAAiB,kBAAkB,OAAO,mBAAA,IAC9D,eAAe,EAAE,eAAe,gBAAgB;AAEjD,SAAK,cAoBJC,2BAAAA,IAACC,GAAAA,MAAA,EAAK,QAAO,QAAO,UAAS,QAC5B,UAAAD,2BAAAA,IAACE,GAAAA,WAAA,EAAU,OAAO,GAAG,SAAS,GAC7B,UAAAF,2BAAAA,IAACG,SAAA,EAAK,SAAQ,UAAS,OAAM,UAAS,OAAO,EAAE,WAAW,OAAA,GACzD,UAAAH,2BAAAA,IAACC,GAAAA,MAAA,EAAK,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,EAAE,UAAU,KAAK,OAAO,OAAA,GACtE,UAAAG,2BAAAA,KAACC,UAAA,EAAM,OAAO,GACb,UAAA;AAAA,IAAAL,2BAAAA,IAACG,GAAAA,QAAK,SAAQ,UACb,yCAACF,GAAAA,MAAA,EAAK,SAAS,GAAG,QAAO,QAAO,MAAK,WACpC,UAAAD,2BAAAA,IAACM,GAAAA,QAAK,MAAM,GACX,yCAACC,MAAAA,aAAA,CAAA,CAAY,GACd,GACD,EAAA,CACD;AAAA,IAEAH,gCAACC,GAAAA,SAAM,OAAO,GAAG,OAAO,EAAE,WAAW,YACpC,UAAA;AAAA,MAAAL,2BAAAA,IAACQ,GAAAA,SAAA,EAAQ,MAAM,GAAG,UAAA,+BAA2B;AAAA,qCAC5CF,GAAAA,MAAA,EAAK,OAAK,IAAC,MAAM,GAAG,UAAA,oGAAA,CAGrB;AAAA,IAAA,GACD;AAAA,IAEC,mBACAN,2BAAAA,IAACC,GAAAA,MAAA,EAAK,SAAS,GAAG,QAAQ,GAAG,MAAK,YACjC,UAAAG,gCAACC,GAAAA,OAAA,EAAM,OAAO,GACb,UAAA;AAAA,MAAAL,2BAAAA,IAACM,GAAAA,QAAK,MAAM,GAAG,OAAK,IAAC,QAAO,UAAS,UAAA,kBAAA,CAErC;AAAA,MACAN,2BAAAA,IAACM,GAAAA,QAAK,MAAM,GAAG,OAAO,EAAE,WAAW,YAAA,GACjC,UAAA,gBAAA,CACF;AAAA,IAAA,EAAA,CACD,EAAA,CACD;AAAA,IAGA,SACAN,2BAAAA,IAACC,GAAAA,MAAA,EAAK,SAAS,GAAG,QAAQ,GAAG,MAAK,YACjC,UAAAD,2BAAAA,IAACM,GAAAA,MAAA,EAAK,MAAM,GAAI,iBAAM,GACvB;AAAA,IAGDN,2BAAAA;AAAAA,MAACS,GAAAA;AAAAA,MAAA;AAAA,QACA,UAAU;AAAA,QACV,SAAS;AAAA,QACT,MAAK;AAAA,QACL,SAAS;AAAA,QACT,MAAM,mBAAmB,yBAAoB;AAAA,QAC7C,MAAMF,MAAAA;AAAAA,QACN,SAAS;AAAA,QACT,UAAU,oBAAoB,CAAC;AAAA,MAAA;AAAA,IAAA;AAAA,EAChC,EAAA,CACD,EAAA,CACD,GACD,EAAA,CACD,EAAA,CACD,IAxECP,2BAAAA,IAACC,GAAAA,MAAA,EAAK,QAAO,QAAO,UAAS,QAC5B,yCAACC,GAAAA,WAAA,EAAU,OAAO,GAAG,SAAS,GAC7B,UAAAF,+BAACG,GAAAA,QAAK,SAAQ,UAAS,OAAM,UAAS,OAAO,EAAE,WAAW,OAAA,GACzD,UAAAH,2BAAAA,IAACC,GAAAA,MAAA,EAAK,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,EAAE,UAAU,KAAK,OAAO,OAAA,GACtE,UAAAG,2BAAAA,KAACC,GAAAA,OAAA,EAAM,OAAO,GAAG,OAAO,EAAE,WAAW,SAAA,GACpC,UAAA;AAAA,IAAAL,2BAAAA,IAACQ,GAAAA,SAAA,EAAQ,MAAM,GAAG,UAAA,OAAG;AAAA,mCACpBF,GAAAA,MAAA,EAAK,OAAK,IAAC,MAAM,GAAG,UAAA,kDAAA,CAErB;AAAA,EAAA,EAAA,CACD,EAAA,CACD,GACD,EAAA,CACD,EAAA,CACD;AA6DH;ACjFO,MAAM,oBAAoBI,OAAAA,WAAW;AAAA,EAC1C,MAAMC,gCAAAA;AAAAA,EACN,MAAM;AAAA,EACN,OAAO;AAAA,EACP,QAAQ;AAAA,IACNC,OAAAA,YAAY,EAAE,MAAM,UAAU,MAAM,UAAU,OAAO,UAAU;AAAA,IAC/DA,OAAAA,YAAY,EAAE,MAAM,UAAU,MAAM,UAAU,OAAO,UAAU;AAAA,IAC/DA,OAAAA,YAAY,EAAE,MAAM,aAAa,MAAM,UAAU,OAAO,cAAc;AAAA,IACtEA,OAAAA,YAAY,EAAE,MAAM,UAAU,MAAM,UAAU,OAAO,WAAW;AAAA,IAChEA,OAAAA,YAAY,EAAE,MAAM,aAAa,MAAM,YAAY,OAAO,cAAc;AAAA,EAAA;AAE5E,CAAC,GCPK,YAAY,gBAUL,oBAAoBC,OAAAA,aAAuC,CAAC,aAAa;AAAA,EACpF,MAAM;AAAA,EACN,QAAQ;AAAA,IACN,OAAO,CAAC,iBAAiB;AAAA,EAAA;AAAA,EAE3B,OAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,OAAO;AAAA,MACP,MAAMN,MAAAA;AAAAA,MACN,WAAW,MAAM,gBAAgB,OAAO;AAAA,IAAA;AAAA,EAC1C;AAAA,EAEF,QAAQ;AAAA,IACN,YAAY;AAAA,MACV,UAAU,CAAC,UAAU;AACnB,cAAM,gBAAgB,MAAM,MAAM,OAAO,CAAC,SAAS,KAAK,SAAS,SAAS;AAE1E,eAAO,MAAM,cAAc,EAAE,GAAG,OAAO,OAAO,eAAe;AAAA,MAC/D;AAAA,IAAA;AAAA,EACF;AAEJ,EAAE;AChCF,SAAS,aAAa,SAA4D;AACjF,QAAM,EAAE,eAAe,YAAY,OAAA,IAAW,SAExC,oBAAoB,CAAC,UAA+B;AACzD,UAAM,SAASd,OAAAA,UAAUC,OAAAA,6BAA6B,GAChD,cAAcC,OAAAA,kBACd,CAAC,cAAc,eAAe,IAAIC,MAAAA,SAAS,EAAK,GAEhD,QAAQ,MAAM,SAAS,MAAM,aAAa,SAAS,GAKnD,YAAY,OAAO,QAAS,WAAW,OAAO,MAAM;AAE1D,WAAK,YAIE;AAAA,MACN,OAAO,eAAe,kBAAa;AAAA,MACnC,MAAMW,MAAAA;AAAAA,MACN,UAAU;AAAA,MACV,UAAU,YAAY;AACrB,wBAAgB,EAAI;AAEpB,YAAI;AACH,gBAAM,EAAE,WAAW,MAAMR,oDAAoB;AAAA,YAC5C;AAAA,YACA,QAAQ;AAAA,YACR,WAAW,OAAO,SAAS;AAAA,YAC3B,QAAQ,aAAa;AAAA,UAAA,CACrB,GAEK,cAAc,UAAU,WAAW,GAAG,IAAI,YAAY,IAAI,SAAS,IACnE,MAAM,IAAI,IAAI,WAAW,WAAW,IAAI,aAAa;AAE3D,cAAI,aAAa,IAAI,yBAAyB,MAAM,GAEpD,OAAO,KAAK,IAAI,YAAY,UAAU,qBAAqB;AAAA,QAC5D,UAAA;AACC,0BAAgB,EAAK,GACrB,MAAM,WAAA;AAAA,QACP;AAAA,MACD;AAAA,IAAA,IA5BO;AAAA,EA8BT;AAEA,SAAA,kBAAkB,SAAS,eAEpB;AACR;AAGO,SAAS,kBAAkB,SAA4D;AAC7F,SAAO,aAAa,OAAO;AAC5B;;;;;"}

package/dist/index.d.cts

@@ -0,0 +1,72 @@
+import type { DocumentActionComponent } from "sanity";
+import { DocumentDefinition } from "sanity";
+import { Plugin as Plugin_2 } from "sanity";
+import { PreviewConfig } from "sanity";
+
+/** @public */
+export declare function openPreviewAction(
+  options: OpenPreviewActionOptions,
+): DocumentActionComponent;
+
+/** @public */
+export declare type OpenPreviewActionOptions = {
+  previewOrigin: string;
+  /** Slug field name on route documents (default: 'slug') */
+  slugField?: string;
+};
+
+/**
+ * Sanity Studio plugin for long-lived cross-origin preview authentication.
+ *
+ * Registers:
+ * - A hidden `preview-auth` tool reachable via `/preview-auth?redirect=…`
+ * - The `sanity.previewAuthSecret` schema type for long-lived secrets
+ * @public
+ */
+export declare const previewAuthPlugin: Plugin_2<PreviewAuthPluginOptions>;
+
+/** @public */
+export declare type PreviewAuthPluginOptions = {
+  /** The origin of your preview site, e.g. https://preview.mysite.com */
+  previewOrigin: string;
+  /** The path to your draft-mode enable API, e.g. /api/draft-mode/enable */
+  previewAuthApi: string;
+};
+
+/**
+ * System document type for long-lived preview auth secrets.
+ * Add this to your Sanity schema types array, or use `previewAuthPlugin`
+ * which registers it automatically.
+ * @public
+ */
+export declare const previewAuthSecret: {
+  type: "document";
+  name: "sanity.previewAuthSecret";
+} & Omit<DocumentDefinition, "preview"> & {
+    preview?:
+      | PreviewConfig<Record<string, string>, Record<never, any>>
+      | undefined;
+  };
+
+/** @public */
+export declare function usePreviewAuth({
+  previewOrigin,
+  previewAuthApi,
+}: UsePreviewAuthOptions): UsePreviewAuthResult;
+
+/** @public */
+export declare type UsePreviewAuthOptions = {
+  previewOrigin: string;
+  previewAuthApi: string;
+};
+
+/** @public */
+export declare type UsePreviewAuthResult = {
+  redirectUrl: string | null;
+  fullRedirectUrl: string | null;
+  isAuthenticating: boolean;
+  error: string | null;
+  handleAuthenticate: () => Promise<void>;
+};
+
+export {};

package/dist/index.d.ts

@@ -0,0 +1,72 @@
+import type { DocumentActionComponent } from "sanity";
+import { DocumentDefinition } from "sanity";
+import { Plugin as Plugin_2 } from "sanity";
+import { PreviewConfig } from "sanity";
+
+/** @public */
+export declare function openPreviewAction(
+  options: OpenPreviewActionOptions,
+): DocumentActionComponent;
+
+/** @public */
+export declare type OpenPreviewActionOptions = {
+  previewOrigin: string;
+  /** Slug field name on route documents (default: 'slug') */
+  slugField?: string;
+};
+
+/**
+ * Sanity Studio plugin for long-lived cross-origin preview authentication.
+ *
+ * Registers:
+ * - A hidden `preview-auth` tool reachable via `/preview-auth?redirect=…`
+ * - The `sanity.previewAuthSecret` schema type for long-lived secrets
+ * @public
+ */
+export declare const previewAuthPlugin: Plugin_2<PreviewAuthPluginOptions>;
+
+/** @public */
+export declare type PreviewAuthPluginOptions = {
+  /** The origin of your preview site, e.g. https://preview.mysite.com */
+  previewOrigin: string;
+  /** The path to your draft-mode enable API, e.g. /api/draft-mode/enable */
+  previewAuthApi: string;
+};
+
+/**
+ * System document type for long-lived preview auth secrets.
+ * Add this to your Sanity schema types array, or use `previewAuthPlugin`
+ * which registers it automatically.
+ * @public
+ */
+export declare const previewAuthSecret: {
+  type: "document";
+  name: "sanity.previewAuthSecret";
+} & Omit<DocumentDefinition, "preview"> & {
+    preview?:
+      | PreviewConfig<Record<string, string>, Record<never, any>>
+      | undefined;
+  };
+
+/** @public */
+export declare function usePreviewAuth({
+  previewOrigin,
+  previewAuthApi,
+}: UsePreviewAuthOptions): UsePreviewAuthResult;
+
+/** @public */
+export declare type UsePreviewAuthOptions = {
+  previewOrigin: string;
+  previewAuthApi: string;
+};
+
+/** @public */
+export declare type UsePreviewAuthResult = {
+  redirectUrl: string | null;
+  fullRedirectUrl: string | null;
+  isAuthenticating: boolean;
+  error: string | null;
+  handleAuthenticate: () => Promise<void>;
+};
+
+export {};

package/dist/index.js

@@ -0,0 +1,147 @@
+import { useClient, DEFAULT_STUDIO_CLIENT_OPTIONS, useCurrentUser, defineType, defineField, definePlugin } from "sanity";
+import { EyeOpenIcon } from "@sanity/icons";
+import { jsx, jsxs } from "react/jsx-runtime";
+import { Card, Container, Flex, Stack, Text, Heading, Button } from "@sanity/ui";
+import { useState, useMemo, useCallback } from "react";
+import { createPreviewSecret, PREVIEW_AUTH_SECRET_TYPE } from "sanity-plugin-preview-auth-validate";
+function usePreviewAuth({
+  previewOrigin,
+  previewAuthApi
+}) {
+  const client = useClient(DEFAULT_STUDIO_CLIENT_OPTIONS), currentUser = useCurrentUser(), [isAuthenticating, setIsAuthenticating] = useState(!1), [error, setError] = useState(null), redirectUrl = useMemo(() => typeof window > "u" ? null : new URLSearchParams(window.location.search).get("redirect"), []), fullRedirectUrl = useMemo(() => {
+    if (!redirectUrl || !previewOrigin)
+      return null;
+    try {
+      return new URL(redirectUrl, previewOrigin).toString();
+    } catch {
+      return `${previewOrigin}${redirectUrl}`;
+    }
+  }, [redirectUrl, previewOrigin]), handleAuthenticate = useCallback(async () => {
+    if (!previewOrigin) {
+      setError("No preview URL configured for this workspace.");
+      return;
+    }
+    setIsAuthenticating(!0), setError(null);
+    try {
+      const { secret } = await createPreviewSecret({
+        client,
+        source: "sanity/preview-auth",
+        studioUrl: window.location.href,
+        userId: currentUser?.id
+      }), apiUrl = new URL(previewAuthApi, previewOrigin), redirectPath = redirectUrl?.startsWith("/preview") ? redirectUrl.replace(/^\/preview/, "") || "/" : redirectUrl || "/";
+      apiUrl.searchParams.set("sanity-preview-secret", secret), apiUrl.searchParams.set("sanity-preview-pathname", redirectPath), apiUrl.searchParams.set("response", "json");
+      const response = await fetch(apiUrl, {
+        method: "GET",
+        credentials: "include",
+        headers: { Accept: "application/json" }
+      }), payload = await response.json().catch(() => null);
+      if (!response.ok || payload?.ok === !1)
+        throw new Error(payload?.error || `Authentication failed (${response.status})`);
+      if (!payload?.redirectTo)
+        throw new Error("Missing redirect target from authentication response.");
+      window.location.href = new URL(payload.redirectTo, previewOrigin).toString();
+    } catch (err) {
+      setError(err instanceof Error ? err.message : "Failed to authenticate preview mode."), setIsAuthenticating(!1);
+    }
+  }, [client, currentUser?.id, previewAuthApi, previewOrigin, redirectUrl]);
+  return { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate };
+}
+function PreviewAuthPage({ previewOrigin, previewAuthApi }) {
+  const { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate } = usePreviewAuth({ previewOrigin, previewAuthApi });
+  return redirectUrl ? /* @__PURE__ */ jsx(Card, { height: "fill", overflow: "auto", children: /* @__PURE__ */ jsx(Container, { width: 1, padding: 5, children: /* @__PURE__ */ jsx(Flex, { justify: "center", align: "center", style: { minHeight: "60vh" }, children: /* @__PURE__ */ jsx(Card, { padding: 5, radius: 3, shadow: 1, style: { maxWidth: 480, width: "100%" }, children: /* @__PURE__ */ jsxs(Stack, { space: 5, children: [
+    /* @__PURE__ */ jsx(Flex, { justify: "center", children: /* @__PURE__ */ jsx(Card, { padding: 3, radius: "full", tone: "primary", children: /* @__PURE__ */ jsx(Text, { size: 4, children: /* @__PURE__ */ jsx(EyeOpenIcon, {}) }) }) }),
+    /* @__PURE__ */ jsxs(Stack, { space: 3, style: { textAlign: "center" }, children: [
+      /* @__PURE__ */ jsx(Heading, { size: 2, children: "Preview Mode Authentication" }),
+      /* @__PURE__ */ jsx(Text, { muted: !0, size: 2, children: "Authenticate to access the preview environment. This generates a secure token valid for 3 months." })
+    ] }),
+    fullRedirectUrl && /* @__PURE__ */ jsx(Card, { padding: 3, radius: 2, tone: "positive", children: /* @__PURE__ */ jsxs(Stack, { space: 3, children: [
+      /* @__PURE__ */ jsx(Text, { size: 0, muted: !0, weight: "medium", children: "Redirecting to:" }),
+      /* @__PURE__ */ jsx(Text, { size: 1, style: { wordBreak: "break-all" }, children: fullRedirectUrl })
+    ] }) }),
+    error && /* @__PURE__ */ jsx(Card, { padding: 3, radius: 2, tone: "critical", children: /* @__PURE__ */ jsx(Text, { size: 1, children: error }) }),
+    /* @__PURE__ */ jsx(
+      Button,
+      {
+        fontSize: 2,
+        padding: 4,
+        tone: "primary",
+        loading: isAuthenticating,
+        text: isAuthenticating ? "Authenticating\u2026" : "Authenticate Preview Mode",
+        icon: EyeOpenIcon,
+        onClick: handleAuthenticate,
+        disabled: isAuthenticating || !previewOrigin
+      }
+    )
+  ] }) }) }) }) }) : /* @__PURE__ */ jsx(Card, { height: "fill", overflow: "auto", children: /* @__PURE__ */ jsx(Container, { width: 1, padding: 5, children: /* @__PURE__ */ jsx(Flex, { justify: "center", align: "center", style: { minHeight: "60vh" }, children: /* @__PURE__ */ jsx(Card, { padding: 5, radius: 3, shadow: 1, style: { maxWidth: 480, width: "100%" }, children: /* @__PURE__ */ jsxs(Stack, { space: 4, style: { textAlign: "center" }, children: [
+    /* @__PURE__ */ jsx(Heading, { size: 4, children: "404" }),
+    /* @__PURE__ */ jsx(Text, { muted: !0, size: 2, children: "Preview authentication requires a redirect URL." })
+  ] }) }) }) }) });
+}
+const previewAuthSecret = defineType({
+  name: PREVIEW_AUTH_SECRET_TYPE,
+  type: "document",
+  title: "Preview Auth Secret",
+  fields: [
+    defineField({ name: "secret", type: "string", title: "Secret" }),
+    defineField({ name: "source", type: "string", title: "Source" }),
+    defineField({ name: "studioUrl", type: "string", title: "Studio URL" }),
+    defineField({ name: "userId", type: "string", title: "User ID" }),
+    defineField({ name: "expiresAt", type: "datetime", title: "Expires At" })
+  ]
+}), TOOL_NAME = "preview-auth", previewAuthPlugin = definePlugin((options) => ({
+  name: TOOL_NAME,
+  schema: {
+    types: [previewAuthSecret]
+  },
+  tools: [
+    {
+      name: TOOL_NAME,
+      title: "Preview Auth",
+      icon: EyeOpenIcon,
+      component: () => PreviewAuthPage(options)
+    }
+  ],
+  studio: {
+    components: {
+      toolMenu: (props) => {
+        const filteredTools = props.tools.filter((tool) => tool.name !== TOOL_NAME);
+        return props.renderDefault({ ...props, tools: filteredTools });
+      }
+    }
+  }
+}));
+function createAction(options) {
+  const { previewOrigin, slugField = "slug" } = options, OpenPreviewAction = (props) => {
+    const client = useClient(DEFAULT_STUDIO_CLIENT_OPTIONS), currentUser = useCurrentUser(), [isGenerating, setIsGenerating] = useState(!1), slug = (props.draft ?? props.published)?.[slugField], slugValue = typeof slug == "string" ? slug : slug?.current;
+    return slugValue ? {
+      label: isGenerating ? "Opening\u2026" : "Open Preview",
+      icon: EyeOpenIcon,
+      disabled: isGenerating,
+      onHandle: async () => {
+        setIsGenerating(!0);
+        try {
+          const { secret } = await createPreviewSecret({
+            client,
+            source: "sanity/open-preview-action",
+            studioUrl: window.location.href,
+            userId: currentUser?.id
+          }), previewPath = slugValue.startsWith("/") ? slugValue : `/${slugValue}`, url = new URL(`/preview${previewPath}`, previewOrigin);
+          url.searchParams.set("sanity-preview-secret", secret), window.open(url.toString(), "_blank", "noopener,noreferrer");
+        } finally {
+          setIsGenerating(!1), props.onComplete();
+        }
+      }
+    } : null;
+  };
+  return OpenPreviewAction.action = "openPreview", OpenPreviewAction;
+}
+function openPreviewAction(options) {
+  return createAction(options);
+}
+export {
+  openPreviewAction,
+  previewAuthPlugin,
+  previewAuthSecret,
+  usePreviewAuth
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":["../src/hooks/usePreviewAuth.ts","../src/components/PreviewAuthPage.tsx","../src/schema/previewAuthSecret.ts","../src/plugin.ts","../src/actions/openPreviewAction.ts"],"sourcesContent":["import { useState, useCallback, useMemo } from 'react'\nimport { useClient, useCurrentUser, DEFAULT_STUDIO_CLIENT_OPTIONS } from 'sanity'\nimport { createPreviewSecret } from 'sanity-plugin-preview-auth-validate'\n\n/** @public */\nexport type UsePreviewAuthOptions = {\n\tpreviewOrigin: string\n\tpreviewAuthApi: string\n}\n\n/** @public */\nexport type UsePreviewAuthResult = {\n\tredirectUrl: string | null\n\tfullRedirectUrl: string | null\n\tisAuthenticating: boolean\n\terror: string | null\n\thandleAuthenticate: () => Promise<void>\n}\n\n/** @public */\nexport function usePreviewAuth({\n\tpreviewOrigin,\n\tpreviewAuthApi,\n}: UsePreviewAuthOptions): UsePreviewAuthResult {\n\tconst client = useClient(DEFAULT_STUDIO_CLIENT_OPTIONS)\n  const currentUser = useCurrentUser()\n  \n\tconst [isAuthenticating, setIsAuthenticating] = useState(false)\n\tconst [error, setError] = useState<string | null>(null)\n\n\tconst redirectUrl = useMemo(() => {\n\t\tif (typeof window === 'undefined') {\n\t\t\treturn null\n\t\t}\n\n\t\treturn new URLSearchParams(window.location.search).get('redirect')\n\t}, [])\n\n\tconst fullRedirectUrl = useMemo(() => {\n\t\tif (!redirectUrl || !previewOrigin) {\n\t\t\treturn null\n\t\t}\n\n\t\ttry {\n\t\t\treturn new URL(redirectUrl, previewOrigin).toString()\n\t\t} catch {\n\t\t\treturn `${previewOrigin}${redirectUrl}`\n\t\t}\n\t}, [redirectUrl, previewOrigin])\n\n\tconst handleAuthenticate = useCallback(async () => {\n\t\tif (!previewOrigin) {\n\t\t\tsetError('No preview URL configured for this workspace.')\n\n\t\t\treturn\n\t\t}\n\n\t\tsetIsAuthenticating(true)\n\t\tsetError(null)\n\n\t\ttry {\n\t\t\tconst { secret } = await createPreviewSecret({\n\t\t\t\tclient,\n\t\t\t\tsource: 'sanity/preview-auth',\n\t\t\t\tstudioUrl: window.location.href,\n\t\t\t\tuserId: currentUser?.id,\n\t\t\t})\n\n\t\t\tconst apiUrl = new URL(previewAuthApi, previewOrigin)\n\t\t\tconst redirectPath = redirectUrl?.startsWith('/preview')\n\t\t\t\t? redirectUrl.replace(/^\\/preview/, '') || '/'\n\t\t\t\t: redirectUrl || '/'\n\n\t\t\tapiUrl.searchParams.set('sanity-preview-secret', secret)\n\t\t\tapiUrl.searchParams.set('sanity-preview-pathname', redirectPath)\n\t\t\tapiUrl.searchParams.set('response', 'json')\n\n\t\t\tconst response = await fetch(apiUrl, {\n\t\t\t\tmethod: 'GET',\n\t\t\t\tcredentials: 'include',\n\t\t\t\theaders: { Accept: 'application/json' },\n\t\t\t})\n\n\t\t\tconst payload = await response.json().catch(() => null)\n\n\t\t\tif (!response.ok || payload?.ok === false) {\n\t\t\t\tthrow new Error(payload?.error || `Authentication failed (${response.status})`)\n\t\t\t}\n\n\t\t\tif (!payload?.redirectTo) {\n\t\t\t\tthrow new Error('Missing redirect target from authentication response.')\n\t\t\t}\n\n\t\t\twindow.location.href = new URL(payload.redirectTo, previewOrigin).toString()\n\t\t} catch (err) {\n\t\t\tsetError(err instanceof Error ? err.message : 'Failed to authenticate preview mode.')\n\t\t\tsetIsAuthenticating(false)\n\t\t}\n\t}, [client, currentUser?.id, previewAuthApi, previewOrigin, redirectUrl])\n\n\treturn { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate }\n}\n","import React from 'react'\nimport { Button, Card, Container, Flex, Heading, Stack, Text } from '@sanity/ui'\nimport { EyeOpenIcon } from '@sanity/icons'\nimport { usePreviewAuth } from '../hooks/usePreviewAuth'\n\nexport type PreviewAuthPageProps = {\n\tpreviewOrigin: string\n\tpreviewAuthApi: string\n}\n\nexport function PreviewAuthPage({ previewOrigin, previewAuthApi }: PreviewAuthPageProps) {\n\tconst { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate } =\n\t\tusePreviewAuth({ previewOrigin, previewAuthApi })\n\n\tif (!redirectUrl) {\n\t\treturn (\n\t\t\t<Card height='fill' overflow='auto'>\n\t\t\t\t<Container width={1} padding={5}>\n\t\t\t\t\t<Flex justify='center' align='center' style={{ minHeight: '60vh' }}>\n\t\t\t\t\t\t<Card padding={5} radius={3} shadow={1} style={{ maxWidth: 480, width: '100%' }}>\n\t\t\t\t\t\t\t<Stack space={4} style={{ textAlign: 'center' }}>\n\t\t\t\t\t\t\t\t<Heading size={4}>404</Heading>\n\t\t\t\t\t\t\t\t<Text muted size={2}>\n\t\t\t\t\t\t\t\t\tPreview authentication requires a redirect URL.\n\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t</Stack>\n\t\t\t\t\t\t</Card>\n\t\t\t\t\t</Flex>\n\t\t\t\t</Container>\n\t\t\t</Card>\n\t\t)\n\t}\n\n\treturn (\n\t\t<Card height='fill' overflow='auto'>\n\t\t\t<Container width={1} padding={5}>\n\t\t\t\t<Flex justify='center' align='center' style={{ minHeight: '60vh' }}>\n\t\t\t\t\t<Card padding={5} radius={3} shadow={1} style={{ maxWidth: 480, width: '100%' }}>\n\t\t\t\t\t\t<Stack space={5}>\n\t\t\t\t\t\t\t<Flex justify='center'>\n\t\t\t\t\t\t\t\t<Card padding={3} radius='full' tone='primary'>\n\t\t\t\t\t\t\t\t\t<Text size={4}>\n\t\t\t\t\t\t\t\t\t\t<EyeOpenIcon />\n\t\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t\t</Card>\n\t\t\t\t\t\t\t</Flex>\n\n\t\t\t\t\t\t\t<Stack space={3} style={{ textAlign: 'center' }}>\n\t\t\t\t\t\t\t\t<Heading size={2}>Preview Mode Authentication</Heading>\n\t\t\t\t\t\t\t\t<Text muted size={2}>\n\t\t\t\t\t\t\t\t\tAuthenticate to access the preview environment. This generates a secure token\n\t\t\t\t\t\t\t\t\tvalid for 3 months.\n\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t</Stack>\n\n\t\t\t\t\t\t\t{fullRedirectUrl && (\n\t\t\t\t\t\t\t\t<Card padding={3} radius={2} tone='positive'>\n\t\t\t\t\t\t\t\t\t<Stack space={3}>\n\t\t\t\t\t\t\t\t\t\t<Text size={0} muted weight='medium'>\n\t\t\t\t\t\t\t\t\t\t\tRedirecting to:\n\t\t\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t\t\t\t<Text size={1} style={{ wordBreak: 'break-all' }}>\n\t\t\t\t\t\t\t\t\t\t\t{fullRedirectUrl}\n\t\t\t\t\t\t\t\t\t\t</Text>\n\t\t\t\t\t\t\t\t\t</Stack>\n\t\t\t\t\t\t\t\t</Card>\n\t\t\t\t\t\t\t)}\n\n\t\t\t\t\t\t\t{error && (\n\t\t\t\t\t\t\t\t<Card padding={3} radius={2} tone='critical'>\n\t\t\t\t\t\t\t\t\t<Text size={1}>{error}</Text>\n\t\t\t\t\t\t\t\t</Card>\n\t\t\t\t\t\t\t)}\n\n\t\t\t\t\t\t\t<Button\n\t\t\t\t\t\t\t\tfontSize={2}\n\t\t\t\t\t\t\t\tpadding={4}\n\t\t\t\t\t\t\t\ttone='primary'\n\t\t\t\t\t\t\t\tloading={isAuthenticating}\n\t\t\t\t\t\t\t\ttext={isAuthenticating ? 'Authenticating…' : 'Authenticate Preview Mode'}\n\t\t\t\t\t\t\t\ticon={EyeOpenIcon}\n\t\t\t\t\t\t\t\tonClick={handleAuthenticate}\n\t\t\t\t\t\t\t\tdisabled={isAuthenticating || !previewOrigin}\n\t\t\t\t\t\t\t/>\n\t\t\t\t\t\t</Stack>\n\t\t\t\t\t</Card>\n\t\t\t\t</Flex>\n\t\t\t</Container>\n\t\t</Card>\n\t)\n}\n","import { defineField, defineType } from 'sanity';\nimport { PREVIEW_AUTH_SECRET_TYPE } from 'sanity-plugin-preview-auth-validate';\n\n/**\n * System document type for long-lived preview auth secrets.\n * Add this to your Sanity schema types array, or use `previewAuthPlugin`\n * which registers it automatically.\n * @public\n */\nexport const previewAuthSecret = defineType({\n  name: PREVIEW_AUTH_SECRET_TYPE,\n  type: 'document',\n  title: 'Preview Auth Secret',\n  fields: [\n    defineField({ name: 'secret', type: 'string', title: 'Secret' }),\n    defineField({ name: 'source', type: 'string', title: 'Source' }),\n    defineField({ name: 'studioUrl', type: 'string', title: 'Studio URL' }),\n    defineField({ name: 'userId', type: 'string', title: 'User ID' }),\n    defineField({ name: 'expiresAt', type: 'datetime', title: 'Expires At' })\n  ]\n});\n","import { definePlugin } from 'sanity';\nimport { EyeOpenIcon } from '@sanity/icons';\nimport { PreviewAuthPage } from './components/PreviewAuthPage';\nimport { previewAuthSecret } from './schema/previewAuthSecret';\n\n/** @public */\nexport type PreviewAuthPluginOptions = {\n  /** The origin of your preview site, e.g. https://preview.mysite.com */\n  previewOrigin: string;\n  /** The path to your draft-mode enable API, e.g. /api/draft-mode/enable */\n  previewAuthApi: string;\n};\n\nconst TOOL_NAME = 'preview-auth';\n\n/**\n * Sanity Studio plugin for long-lived cross-origin preview authentication.\n *\n * Registers:\n * - A hidden `preview-auth` tool reachable via `/preview-auth?redirect=…`\n * - The `sanity.previewAuthSecret` schema type for long-lived secrets\n * @public\n */\nexport const previewAuthPlugin = definePlugin<PreviewAuthPluginOptions>((options) => ({\n  name: TOOL_NAME,\n  schema: {\n    types: [previewAuthSecret]\n  },\n  tools: [\n    {\n      name: TOOL_NAME,\n      title: 'Preview Auth',\n      icon: EyeOpenIcon,\n      component: () => PreviewAuthPage(options)\n    }\n  ],\n  studio: {\n    components: {\n      toolMenu: (props) => {\n        const filteredTools = props.tools.filter((tool) => tool.name !== TOOL_NAME);\n\n        return props.renderDefault({ ...props, tools: filteredTools });\n      }\n    }\n  }\n}));\n","import React, { useState } from 'react'\nimport { useClient, useCurrentUser, DEFAULT_STUDIO_CLIENT_OPTIONS } from 'sanity'\nimport type { DocumentActionComponent, DocumentActionProps } from 'sanity'\nimport { EyeOpenIcon } from '@sanity/icons'\nimport { createPreviewSecret } from 'sanity-plugin-preview-auth-validate'\n\n/** @public */\nexport type OpenPreviewActionOptions = {\n\tpreviewOrigin: string\n\t/** Slug field name on route documents (default: 'slug') */\n\tslugField?: string\n}\n\nfunction createAction(options: OpenPreviewActionOptions): DocumentActionComponent {\n\tconst { previewOrigin, slugField = 'slug' } = options\n\n\tconst OpenPreviewAction = (props: DocumentActionProps) => {\n\t\tconst client = useClient(DEFAULT_STUDIO_CLIENT_OPTIONS)\n\t\tconst currentUser = useCurrentUser()\n\t\tconst [isGenerating, setIsGenerating] = useState(false)\n\n\t\tconst slug = (props.draft ?? props.published)?.[slugField] as\n\t\t\t| { current?: string }\n\t\t\t| string\n\t\t\t| undefined\n\n\t\tconst slugValue = typeof slug === 'string' ? slug : slug?.current\n\n\t\tif (!slugValue) {\n\t\t\treturn null\n\t\t}\n\n\t\treturn {\n\t\t\tlabel: isGenerating ? 'Opening…' : 'Open Preview',\n\t\t\ticon: EyeOpenIcon,\n\t\t\tdisabled: isGenerating,\n\t\t\tonHandle: async () => {\n\t\t\t\tsetIsGenerating(true)\n\n\t\t\t\ttry {\n\t\t\t\t\tconst { secret } = await createPreviewSecret({\n\t\t\t\t\t\tclient,\n\t\t\t\t\t\tsource: 'sanity/open-preview-action',\n\t\t\t\t\t\tstudioUrl: window.location.href,\n\t\t\t\t\t\tuserId: currentUser?.id,\n\t\t\t\t\t})\n\n\t\t\t\t\tconst previewPath = slugValue.startsWith('/') ? slugValue : `/${slugValue}`\n\t\t\t\t\tconst url = new URL(`/preview${previewPath}`, previewOrigin)\n\n\t\t\t\t\turl.searchParams.set('sanity-preview-secret', secret)\n\n\t\t\t\t\twindow.open(url.toString(), '_blank', 'noopener,noreferrer')\n\t\t\t\t} finally {\n\t\t\t\t\tsetIsGenerating(false)\n\t\t\t\t\tprops.onComplete()\n\t\t\t\t}\n\t\t\t},\n\t\t}\n\t}\n\n\tOpenPreviewAction.action = 'openPreview'\n\n\treturn OpenPreviewAction as DocumentActionComponent\n}\n\n/** @public */\nexport function openPreviewAction(options: OpenPreviewActionOptions): DocumentActionComponent {\n\treturn createAction(options)\n}\n"],"names":[],"mappings":";;;;;;AAoBO,SAAS,eAAe;AAAA,EAC9B;AAAA,EACA;AACD,GAAgD;AAC/C,QAAM,SAAS,UAAU,6BAA6B,GAC/C,cAAc,eAAA,GAEf,CAAC,kBAAkB,mBAAmB,IAAI,SAAS,EAAK,GACxD,CAAC,OAAO,QAAQ,IAAI,SAAwB,IAAI,GAEhD,cAAc,QAAQ,MACvB,OAAO,SAAW,MACd,OAGD,IAAI,gBAAgB,OAAO,SAAS,MAAM,EAAE,IAAI,UAAU,GAC/D,CAAA,CAAE,GAEC,kBAAkB,QAAQ,MAAM;AACrC,QAAI,CAAC,eAAe,CAAC;AACpB,aAAO;AAGR,QAAI;AACH,aAAO,IAAI,IAAI,aAAa,aAAa,EAAE,SAAA;AAAA,IAC5C,QAAQ;AACP,aAAO,GAAG,aAAa,GAAG,WAAW;AAAA,IACtC;AAAA,EACD,GAAG,CAAC,aAAa,aAAa,CAAC,GAEzB,qBAAqB,YAAY,YAAY;AAClD,QAAI,CAAC,eAAe;AACnB,eAAS,+CAA+C;AAExD;AAAA,IACD;AAEA,wBAAoB,EAAI,GACxB,SAAS,IAAI;AAEb,QAAI;AACH,YAAM,EAAE,WAAW,MAAM,oBAAoB;AAAA,QAC5C;AAAA,QACA,QAAQ;AAAA,QACR,WAAW,OAAO,SAAS;AAAA,QAC3B,QAAQ,aAAa;AAAA,MAAA,CACrB,GAEK,SAAS,IAAI,IAAI,gBAAgB,aAAa,GAC9C,eAAe,aAAa,WAAW,UAAU,IACpD,YAAY,QAAQ,cAAc,EAAE,KAAK,MACzC,eAAe;AAElB,aAAO,aAAa,IAAI,yBAAyB,MAAM,GACvD,OAAO,aAAa,IAAI,2BAA2B,YAAY,GAC/D,OAAO,aAAa,IAAI,YAAY,MAAM;AAE1C,YAAM,WAAW,MAAM,MAAM,QAAQ;AAAA,QACpC,QAAQ;AAAA,QACR,aAAa;AAAA,QACb,SAAS,EAAE,QAAQ,mBAAA;AAAA,MAAmB,CACtC,GAEK,UAAU,MAAM,SAAS,KAAA,EAAO,MAAM,MAAM,IAAI;AAEtD,UAAI,CAAC,SAAS,MAAM,SAAS,OAAO;AACnC,cAAM,IAAI,MAAM,SAAS,SAAS,0BAA0B,SAAS,MAAM,GAAG;AAG/E,UAAI,CAAC,SAAS;AACb,cAAM,IAAI,MAAM,uDAAuD;AAGxE,aAAO,SAAS,OAAO,IAAI,IAAI,QAAQ,YAAY,aAAa,EAAE,SAAA;AAAA,IACnE,SAAS,KAAK;AACb,eAAS,eAAe,QAAQ,IAAI,UAAU,sCAAsC,GACpF,oBAAoB,EAAK;AAAA,IAC1B;AAAA,EACD,GAAG,CAAC,QAAQ,aAAa,IAAI,gBAAgB,eAAe,WAAW,CAAC;AAExE,SAAO,EAAE,aAAa,iBAAiB,kBAAkB,OAAO,mBAAA;AACjE;AC3FO,SAAS,gBAAgB,EAAE,eAAe,kBAAwC;AACxF,QAAM,EAAE,aAAa,iBAAiB,kBAAkB,OAAO,mBAAA,IAC9D,eAAe,EAAE,eAAe,gBAAgB;AAEjD,SAAK,cAoBJ,oBAAC,MAAA,EAAK,QAAO,QAAO,UAAS,QAC5B,UAAA,oBAAC,WAAA,EAAU,OAAO,GAAG,SAAS,GAC7B,UAAA,oBAAC,MAAA,EAAK,SAAQ,UAAS,OAAM,UAAS,OAAO,EAAE,WAAW,OAAA,GACzD,UAAA,oBAAC,MAAA,EAAK,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,EAAE,UAAU,KAAK,OAAO,OAAA,GACtE,UAAA,qBAAC,OAAA,EAAM,OAAO,GACb,UAAA;AAAA,IAAA,oBAAC,QAAK,SAAQ,UACb,8BAAC,MAAA,EAAK,SAAS,GAAG,QAAO,QAAO,MAAK,WACpC,UAAA,oBAAC,QAAK,MAAM,GACX,8BAAC,aAAA,CAAA,CAAY,GACd,GACD,EAAA,CACD;AAAA,IAEA,qBAAC,SAAM,OAAO,GAAG,OAAO,EAAE,WAAW,YACpC,UAAA;AAAA,MAAA,oBAAC,SAAA,EAAQ,MAAM,GAAG,UAAA,+BAA2B;AAAA,0BAC5C,MAAA,EAAK,OAAK,IAAC,MAAM,GAAG,UAAA,oGAAA,CAGrB;AAAA,IAAA,GACD;AAAA,IAEC,mBACA,oBAAC,MAAA,EAAK,SAAS,GAAG,QAAQ,GAAG,MAAK,YACjC,UAAA,qBAAC,OAAA,EAAM,OAAO,GACb,UAAA;AAAA,MAAA,oBAAC,QAAK,MAAM,GAAG,OAAK,IAAC,QAAO,UAAS,UAAA,kBAAA,CAErC;AAAA,MACA,oBAAC,QAAK,MAAM,GAAG,OAAO,EAAE,WAAW,YAAA,GACjC,UAAA,gBAAA,CACF;AAAA,IAAA,EAAA,CACD,EAAA,CACD;AAAA,IAGA,SACA,oBAAC,MAAA,EAAK,SAAS,GAAG,QAAQ,GAAG,MAAK,YACjC,UAAA,oBAAC,MAAA,EAAK,MAAM,GAAI,iBAAM,GACvB;AAAA,IAGD;AAAA,MAAC;AAAA,MAAA;AAAA,QACA,UAAU;AAAA,QACV,SAAS;AAAA,QACT,MAAK;AAAA,QACL,SAAS;AAAA,QACT,MAAM,mBAAmB,yBAAoB;AAAA,QAC7C,MAAM;AAAA,QACN,SAAS;AAAA,QACT,UAAU,oBAAoB,CAAC;AAAA,MAAA;AAAA,IAAA;AAAA,EAChC,EAAA,CACD,EAAA,CACD,GACD,EAAA,CACD,EAAA,CACD,IAxEC,oBAAC,MAAA,EAAK,QAAO,QAAO,UAAS,QAC5B,8BAAC,WAAA,EAAU,OAAO,GAAG,SAAS,GAC7B,UAAA,oBAAC,QAAK,SAAQ,UAAS,OAAM,UAAS,OAAO,EAAE,WAAW,OAAA,GACzD,UAAA,oBAAC,MAAA,EAAK,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,EAAE,UAAU,KAAK,OAAO,OAAA,GACtE,UAAA,qBAAC,OAAA,EAAM,OAAO,GAAG,OAAO,EAAE,WAAW,SAAA,GACpC,UAAA;AAAA,IAAA,oBAAC,SAAA,EAAQ,MAAM,GAAG,UAAA,OAAG;AAAA,wBACpB,MAAA,EAAK,OAAK,IAAC,MAAM,GAAG,UAAA,kDAAA,CAErB;AAAA,EAAA,EAAA,CACD,EAAA,CACD,GACD,EAAA,CACD,EAAA,CACD;AA6DH;ACjFO,MAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,MAAM;AAAA,EACN,OAAO;AAAA,EACP,QAAQ;AAAA,IACN,YAAY,EAAE,MAAM,UAAU,MAAM,UAAU,OAAO,UAAU;AAAA,IAC/D,YAAY,EAAE,MAAM,UAAU,MAAM,UAAU,OAAO,UAAU;AAAA,IAC/D,YAAY,EAAE,MAAM,aAAa,MAAM,UAAU,OAAO,cAAc;AAAA,IACtE,YAAY,EAAE,MAAM,UAAU,MAAM,UAAU,OAAO,WAAW;AAAA,IAChE,YAAY,EAAE,MAAM,aAAa,MAAM,YAAY,OAAO,cAAc;AAAA,EAAA;AAE5E,CAAC,GCPK,YAAY,gBAUL,oBAAoB,aAAuC,CAAC,aAAa;AAAA,EACpF,MAAM;AAAA,EACN,QAAQ;AAAA,IACN,OAAO,CAAC,iBAAiB;AAAA,EAAA;AAAA,EAE3B,OAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,OAAO;AAAA,MACP,MAAM;AAAA,MACN,WAAW,MAAM,gBAAgB,OAAO;AAAA,IAAA;AAAA,EAC1C;AAAA,EAEF,QAAQ;AAAA,IACN,YAAY;AAAA,MACV,UAAU,CAAC,UAAU;AACnB,cAAM,gBAAgB,MAAM,MAAM,OAAO,CAAC,SAAS,KAAK,SAAS,SAAS;AAE1E,eAAO,MAAM,cAAc,EAAE,GAAG,OAAO,OAAO,eAAe;AAAA,MAC/D;AAAA,IAAA;AAAA,EACF;AAEJ,EAAE;AChCF,SAAS,aAAa,SAA4D;AACjF,QAAM,EAAE,eAAe,YAAY,OAAA,IAAW,SAExC,oBAAoB,CAAC,UAA+B;AACzD,UAAM,SAAS,UAAU,6BAA6B,GAChD,cAAc,kBACd,CAAC,cAAc,eAAe,IAAI,SAAS,EAAK,GAEhD,QAAQ,MAAM,SAAS,MAAM,aAAa,SAAS,GAKnD,YAAY,OAAO,QAAS,WAAW,OAAO,MAAM;AAE1D,WAAK,YAIE;AAAA,MACN,OAAO,eAAe,kBAAa;AAAA,MACnC,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU,YAAY;AACrB,wBAAgB,EAAI;AAEpB,YAAI;AACH,gBAAM,EAAE,WAAW,MAAM,oBAAoB;AAAA,YAC5C;AAAA,YACA,QAAQ;AAAA,YACR,WAAW,OAAO,SAAS;AAAA,YAC3B,QAAQ,aAAa;AAAA,UAAA,CACrB,GAEK,cAAc,UAAU,WAAW,GAAG,IAAI,YAAY,IAAI,SAAS,IACnE,MAAM,IAAI,IAAI,WAAW,WAAW,IAAI,aAAa;AAE3D,cAAI,aAAa,IAAI,yBAAyB,MAAM,GAEpD,OAAO,KAAK,IAAI,YAAY,UAAU,qBAAqB;AAAA,QAC5D,UAAA;AACC,0BAAgB,EAAK,GACrB,MAAM,WAAA;AAAA,QACP;AAAA,MACD;AAAA,IAAA,IA5BO;AAAA,EA8BT;AAEA,SAAA,kBAAkB,SAAS,eAEpB;AACR;AAGO,SAAS,kBAAkB,SAA4D;AAC7F,SAAO,aAAa,OAAO;AAC5B;"}

package/package.json

@@ -0,0 +1,74 @@
+{
+  "name": "sanity-plugin-preview-auth",
+  "version": "0.1.0",
+  "description": "Sanity Studio plugin for long-lived cross-origin preview authentication",
+  "keywords": [
+    "sanity",
+    "sanity-plugin",
+    "preview",
+    "authentication",
+    "draft-mode"
+  ],
+  "homepage": "https://github.com/ameenaburayya/sanity-plugin-preview-auth",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/ameenaburayya/sanity-plugin-preview-auth.git",
+    "directory": "packages/plugin"
+  },
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "source": "./src/index.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs",
+      "default": "./dist/index.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "sideEffects": false,
+  "browserslist": "extends @sanity/browserslist-config",
+  "files": [
+    "dist",
+    "src"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "build": "plugin-kit verify-package --silent && pkg-utils build --strict --check --clean",
+    "watch": "pkg-utils watch --strict",
+    "link-watch": "plugin-kit link-watch",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "pnpm run build"
+  },
+  "sanityPlugin": {
+    "verifyPackage": {
+      "sanityV2Json": false,
+      "eslintImports": false
+    }
+  },
+  "dependencies": {
+    "sanity-plugin-preview-auth-validate": "workspace:*"
+  },
+  "peerDependencies": {
+    "@sanity/icons": ">=3.0.0",
+    "@sanity/ui": ">=2.0.0",
+    "react": ">=18.0.0",
+    "sanity": ">=3.0.0"
+  },
+  "devDependencies": {
+    "@sanity/browserslist-config": "^1.0.5",
+    "@sanity/icons": "^3.0.0",
+    "@sanity/pkg-utils": "^6.0.0",
+    "@sanity/plugin-kit": "^4.0.0",
+    "@sanity/ui": "^2.0.0",
+    "@types/react": "^18.0.0",
+    "react": "^18.0.0",
+    "sanity": "^5.0.0",
+    "typescript": "^5.0.0"
+  }
+}

package/src/actions/openPreviewAction.ts

@@ -0,0 +1,70 @@
+import React, { useState } from 'react'
+import { useClient, useCurrentUser, DEFAULT_STUDIO_CLIENT_OPTIONS } from 'sanity'
+import type { DocumentActionComponent, DocumentActionProps } from 'sanity'
+import { EyeOpenIcon } from '@sanity/icons'
+import { createPreviewSecret } from 'sanity-plugin-preview-auth-validate'
+
+/** @public */
+export type OpenPreviewActionOptions = {
+	previewOrigin: string
+	/** Slug field name on route documents (default: 'slug') */
+	slugField?: string
+}
+
+function createAction(options: OpenPreviewActionOptions): DocumentActionComponent {
+	const { previewOrigin, slugField = 'slug' } = options
+
+	const OpenPreviewAction = (props: DocumentActionProps) => {
+		const client = useClient(DEFAULT_STUDIO_CLIENT_OPTIONS)
+		const currentUser = useCurrentUser()
+		const [isGenerating, setIsGenerating] = useState(false)
+
+		const slug = (props.draft ?? props.published)?.[slugField] as
+			| { current?: string }
+			| string
+			| undefined
+
+		const slugValue = typeof slug === 'string' ? slug : slug?.current
+
+		if (!slugValue) {
+			return null
+		}
+
+		return {
+			label: isGenerating ? 'Opening…' : 'Open Preview',
+			icon: EyeOpenIcon,
+			disabled: isGenerating,
+			onHandle: async () => {
+				setIsGenerating(true)
+
+				try {
+					const { secret } = await createPreviewSecret({
+						client,
+						source: 'sanity/open-preview-action',
+						studioUrl: window.location.href,
+						userId: currentUser?.id,
+					})
+
+					const previewPath = slugValue.startsWith('/') ? slugValue : `/${slugValue}`
+					const url = new URL(`/preview${previewPath}`, previewOrigin)
+
+					url.searchParams.set('sanity-preview-secret', secret)
+
+					window.open(url.toString(), '_blank', 'noopener,noreferrer')
+				} finally {
+					setIsGenerating(false)
+					props.onComplete()
+				}
+			},
+		}
+	}
+
+	OpenPreviewAction.action = 'openPreview'
+
+	return OpenPreviewAction as DocumentActionComponent
+}
+
+/** @public */
+export function openPreviewAction(options: OpenPreviewActionOptions): DocumentActionComponent {
+	return createAction(options)
+}

package/src/components/PreviewAuthPage.tsx

@@ -0,0 +1,91 @@
+import React from 'react'
+import { Button, Card, Container, Flex, Heading, Stack, Text } from '@sanity/ui'
+import { EyeOpenIcon } from '@sanity/icons'
+import { usePreviewAuth } from '../hooks/usePreviewAuth'
+
+export type PreviewAuthPageProps = {
+	previewOrigin: string
+	previewAuthApi: string
+}
+
+export function PreviewAuthPage({ previewOrigin, previewAuthApi }: PreviewAuthPageProps) {
+	const { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate } =
+		usePreviewAuth({ previewOrigin, previewAuthApi })
+
+	if (!redirectUrl) {
+		return (
+			<Card height='fill' overflow='auto'>
+				<Container width={1} padding={5}>
+					<Flex justify='center' align='center' style={{ minHeight: '60vh' }}>
+						<Card padding={5} radius={3} shadow={1} style={{ maxWidth: 480, width: '100%' }}>
+							<Stack space={4} style={{ textAlign: 'center' }}>
+								<Heading size={4}>404</Heading>
+								<Text muted size={2}>
+									Preview authentication requires a redirect URL.
+								</Text>
+							</Stack>
+						</Card>
+					</Flex>
+				</Container>
+			</Card>
+		)
+	}
+
+	return (
+		<Card height='fill' overflow='auto'>
+			<Container width={1} padding={5}>
+				<Flex justify='center' align='center' style={{ minHeight: '60vh' }}>
+					<Card padding={5} radius={3} shadow={1} style={{ maxWidth: 480, width: '100%' }}>
+						<Stack space={5}>
+							<Flex justify='center'>
+								<Card padding={3} radius='full' tone='primary'>
+									<Text size={4}>
+										<EyeOpenIcon />
+									</Text>
+								</Card>
+							</Flex>
+
+							<Stack space={3} style={{ textAlign: 'center' }}>
+								<Heading size={2}>Preview Mode Authentication</Heading>
+								<Text muted size={2}>
+									Authenticate to access the preview environment. This generates a secure token
+									valid for 3 months.
+								</Text>
+							</Stack>
+
+							{fullRedirectUrl && (
+								<Card padding={3} radius={2} tone='positive'>
+									<Stack space={3}>
+										<Text size={0} muted weight='medium'>
+											Redirecting to:
+										</Text>
+										<Text size={1} style={{ wordBreak: 'break-all' }}>
+											{fullRedirectUrl}
+										</Text>
+									</Stack>
+								</Card>
+							)}
+
+							{error && (
+								<Card padding={3} radius={2} tone='critical'>
+									<Text size={1}>{error}</Text>
+								</Card>
+							)}
+
+							<Button
+								fontSize={2}
+								padding={4}
+								tone='primary'
+								loading={isAuthenticating}
+								text={isAuthenticating ? 'Authenticating…' : 'Authenticate Preview Mode'}
+								icon={EyeOpenIcon}
+								onClick={handleAuthenticate}
+								disabled={isAuthenticating || !previewOrigin}
+							/>
+						</Stack>
+					</Card>
+				</Flex>
+			</Container>
+		</Card>
+	)
+}

package/src/hooks/usePreviewAuth.ts

@@ -0,0 +1,102 @@
+import { useState, useCallback, useMemo } from 'react'
+import { useClient, useCurrentUser, DEFAULT_STUDIO_CLIENT_OPTIONS } from 'sanity'
+import { createPreviewSecret } from 'sanity-plugin-preview-auth-validate'
+
+/** @public */
+export type UsePreviewAuthOptions = {
+	previewOrigin: string
+	previewAuthApi: string
+}
+
+/** @public */
+export type UsePreviewAuthResult = {
+	redirectUrl: string | null
+	fullRedirectUrl: string | null
+	isAuthenticating: boolean
+	error: string | null
+	handleAuthenticate: () => Promise<void>
+}
+
+/** @public */
+export function usePreviewAuth({
+	previewOrigin,
+	previewAuthApi,
+}: UsePreviewAuthOptions): UsePreviewAuthResult {
+	const client = useClient(DEFAULT_STUDIO_CLIENT_OPTIONS)
+  const currentUser = useCurrentUser()
+  
+	const [isAuthenticating, setIsAuthenticating] = useState(false)
+	const [error, setError] = useState<string | null>(null)
+
+	const redirectUrl = useMemo(() => {
+		if (typeof window === 'undefined') {
+			return null
+		}
+
+		return new URLSearchParams(window.location.search).get('redirect')
+	}, [])
+
+	const fullRedirectUrl = useMemo(() => {
+		if (!redirectUrl || !previewOrigin) {
+			return null
+		}
+
+		try {
+			return new URL(redirectUrl, previewOrigin).toString()
+		} catch {
+			return `${previewOrigin}${redirectUrl}`
+		}
+	}, [redirectUrl, previewOrigin])
+
+	const handleAuthenticate = useCallback(async () => {
+		if (!previewOrigin) {
+			setError('No preview URL configured for this workspace.')
+
+			return
+		}
+
+		setIsAuthenticating(true)
+		setError(null)
+
+		try {
+			const { secret } = await createPreviewSecret({
+				client,
+				source: 'sanity/preview-auth',
+				studioUrl: window.location.href,
+				userId: currentUser?.id,
+			})
+
+			const apiUrl = new URL(previewAuthApi, previewOrigin)
+			const redirectPath = redirectUrl?.startsWith('/preview')
+				? redirectUrl.replace(/^\/preview/, '') || '/'
+				: redirectUrl || '/'
+
+			apiUrl.searchParams.set('sanity-preview-secret', secret)
+			apiUrl.searchParams.set('sanity-preview-pathname', redirectPath)
+			apiUrl.searchParams.set('response', 'json')
+
+			const response = await fetch(apiUrl, {
+				method: 'GET',
+				credentials: 'include',
+				headers: { Accept: 'application/json' },
+			})
+
+			const payload = await response.json().catch(() => null)
+
+			if (!response.ok || payload?.ok === false) {
+				throw new Error(payload?.error || `Authentication failed (${response.status})`)
+			}
+
+			if (!payload?.redirectTo) {
+				throw new Error('Missing redirect target from authentication response.')
+			}
+
+			window.location.href = new URL(payload.redirectTo, previewOrigin).toString()
+		} catch (err) {
+			setError(err instanceof Error ? err.message : 'Failed to authenticate preview mode.')
+			setIsAuthenticating(false)
+		}
+	}, [client, currentUser?.id, previewAuthApi, previewOrigin, redirectUrl])
+
+	return { redirectUrl, fullRedirectUrl, isAuthenticating, error, handleAuthenticate }
+}

package/src/index.ts

@@ -0,0 +1,7 @@
+export { previewAuthPlugin } from './plugin';
+export type { PreviewAuthPluginOptions } from './plugin';
+export { previewAuthSecret } from './schema/previewAuthSecret';
+export { usePreviewAuth } from './hooks/usePreviewAuth';
+export type { UsePreviewAuthOptions, UsePreviewAuthResult } from './hooks/usePreviewAuth';
+export { openPreviewAction } from './actions/openPreviewAction';
+export type { OpenPreviewActionOptions } from './actions/openPreviewAction';

package/src/plugin.ts

@@ -0,0 +1,46 @@
+import { definePlugin } from 'sanity';
+import { EyeOpenIcon } from '@sanity/icons';
+import { PreviewAuthPage } from './components/PreviewAuthPage';
+import { previewAuthSecret } from './schema/previewAuthSecret';
+
+/** @public */
+export type PreviewAuthPluginOptions = {
+  /** The origin of your preview site, e.g. https://preview.mysite.com */
+  previewOrigin: string;
+  /** The path to your draft-mode enable API, e.g. /api/draft-mode/enable */
+  previewAuthApi: string;
+};
+
+const TOOL_NAME = 'preview-auth';
+
+/**
+ * Sanity Studio plugin for long-lived cross-origin preview authentication.
+ *
+ * Registers:
+ * - A hidden `preview-auth` tool reachable via `/preview-auth?redirect=…`
+ * - The `sanity.previewAuthSecret` schema type for long-lived secrets
+ * @public
+ */
+export const previewAuthPlugin = definePlugin<PreviewAuthPluginOptions>((options) => ({
+  name: TOOL_NAME,
+  schema: {
+    types: [previewAuthSecret]
+  },
+  tools: [
+    {
+      name: TOOL_NAME,
+      title: 'Preview Auth',
+      icon: EyeOpenIcon,
+      component: () => PreviewAuthPage(options)
+    }
+  ],
+  studio: {
+    components: {
+      toolMenu: (props) => {
+        const filteredTools = props.tools.filter((tool) => tool.name !== TOOL_NAME);
+
+        return props.renderDefault({ ...props, tools: filteredTools });
+      }
+    }
+  }
+}));

package/src/schema/previewAuthSecret.ts

@@ -0,0 +1,21 @@
+import { defineField, defineType } from 'sanity';
+import { PREVIEW_AUTH_SECRET_TYPE } from 'sanity-plugin-preview-auth-validate';
+
+/**
+ * System document type for long-lived preview auth secrets.
+ * Add this to your Sanity schema types array, or use `previewAuthPlugin`
+ * which registers it automatically.
+ * @public
+ */
+export const previewAuthSecret = defineType({
+  name: PREVIEW_AUTH_SECRET_TYPE,
+  type: 'document',
+  title: 'Preview Auth Secret',
+  fields: [
+    defineField({ name: 'secret', type: 'string', title: 'Secret' }),
+    defineField({ name: 'source', type: 'string', title: 'Source' }),
+    defineField({ name: 'studioUrl', type: 'string', title: 'Studio URL' }),
+    defineField({ name: 'userId', type: 'string', title: 'User ID' }),
+    defineField({ name: 'expiresAt', type: 'datetime', title: 'Expires At' })
+  ]
+});