transactional-auth-next 0.1.0

package/dist/server/index.js

@@ -0,0 +1,369 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/server/index.ts
+var server_exports = {};
+__export(server_exports, {
+  getAccessToken: () => getAccessToken,
+  getSession: () => getSession,
+  getUser: () => getUser,
+  handleCallback: () => handleCallback,
+  handleLogin: () => handleLogin,
+  handleLogout: () => handleLogout,
+  handleSession: () => handleSession,
+  isAuthenticated: () => isAuthenticated
+});
+module.exports = __toCommonJS(server_exports);
+
+// src/server/session.ts
+var import_headers = require("next/headers");
+var jose = __toESM(require("jose"));
+
+// src/config.ts
+var globalConfig = null;
+function getConfig() {
+  if (!globalConfig) {
+    const domain = process.env.TRANSACTIONAL_AUTH_DOMAIN || process.env.NEXT_PUBLIC_TRANSACTIONAL_AUTH_DOMAIN;
+    const clientId = process.env.TRANSACTIONAL_AUTH_CLIENT_ID || process.env.NEXT_PUBLIC_TRANSACTIONAL_AUTH_CLIENT_ID;
+    const clientSecret = process.env.TRANSACTIONAL_AUTH_CLIENT_SECRET;
+    const baseUrl = process.env.TRANSACTIONAL_AUTH_BASE_URL || process.env.NEXT_PUBLIC_APP_URL;
+    if (domain && clientId) {
+      globalConfig = {
+        domain,
+        clientId,
+        clientSecret,
+        baseUrl,
+        scope: "openid profile email",
+        cookieName: "transactional_session",
+        cookieOptions: {
+          secure: process.env.NODE_ENV === "production",
+          sameSite: "lax",
+          maxAge: 7 * 24 * 60 * 60
+        }
+      };
+      return globalConfig;
+    }
+    throw new Error(
+      "Transactional Auth not initialized. Call initTransactionalAuth() or set environment variables."
+    );
+  }
+  return globalConfig;
+}
+
+// src/server/session.ts
+async function getSession() {
+  const config = getConfig();
+  const cookieStore = await (0, import_headers.cookies)();
+  const sessionCookie = cookieStore.get(config.cookieName || "transactional_session");
+  if (!sessionCookie?.value) {
+    return null;
+  }
+  try {
+    const sessionData = JSON.parse(
+      Buffer.from(sessionCookie.value, "base64").toString("utf-8")
+    );
+    if (sessionData.expiresAt < Date.now() / 1e3) {
+      if (sessionData.refreshToken) {
+        const newSession = await refreshSession(sessionData.refreshToken);
+        if (newSession) {
+          return newSession;
+        }
+      }
+      return null;
+    }
+    return sessionData;
+  } catch {
+    return null;
+  }
+}
+async function getUser() {
+  const session = await getSession();
+  return session?.user || null;
+}
+async function getAccessToken() {
+  const session = await getSession();
+  return session?.accessToken || null;
+}
+async function isAuthenticated() {
+  const session = await getSession();
+  return session !== null;
+}
+async function refreshSession(refreshToken) {
+  const config = getConfig();
+  try {
+    const response = await fetch(`https://${config.domain}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "refresh_token",
+        client_id: config.clientId,
+        ...config.clientSecret ? { client_secret: config.clientSecret } : {},
+        refresh_token: refreshToken
+      })
+    });
+    if (!response.ok) {
+      return null;
+    }
+    const tokens = await response.json();
+    const idToken = jose.decodeJwt(tokens.id_token);
+    const session = {
+      user: {
+        sub: idToken.sub,
+        email: idToken.email,
+        emailVerified: idToken.email_verified,
+        name: idToken.name,
+        givenName: idToken.given_name,
+        familyName: idToken.family_name,
+        picture: idToken.picture
+      },
+      accessToken: tokens.access_token,
+      refreshToken: tokens.refresh_token || refreshToken,
+      idToken: tokens.id_token,
+      expiresAt: Math.floor(Date.now() / 1e3) + tokens.expires_in
+    };
+    const cookieStore = await (0, import_headers.cookies)();
+    cookieStore.set(
+      config.cookieName || "transactional_session",
+      Buffer.from(JSON.stringify(session)).toString("base64"),
+      {
+        httpOnly: true,
+        secure: config.cookieOptions?.secure ?? process.env.NODE_ENV === "production",
+        sameSite: config.cookieOptions?.sameSite ?? "lax",
+        maxAge: config.cookieOptions?.maxAge ?? 7 * 24 * 60 * 60,
+        path: "/"
+      }
+    );
+    return session;
+  } catch {
+    return null;
+  }
+}
+
+// src/server/handlers.ts
+var import_headers2 = require("next/headers");
+var import_server = require("next/server");
+var jose2 = __toESM(require("jose"));
+function generateRandomString(length) {
+  const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+  let result = "";
+  const randomValues = new Uint8Array(length);
+  crypto.getRandomValues(randomValues);
+  for (let i = 0; i < length; i++) {
+    result += chars[randomValues[i] % chars.length];
+  }
+  return result;
+}
+async function generatePKCE() {
+  const verifier = generateRandomString(64);
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  const challenge = Buffer.from(hash).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  return { verifier, challenge };
+}
+function handleLogin(options) {
+  return async (request) => {
+    const config = getConfig();
+    const { verifier, challenge } = await generatePKCE();
+    const state = generateRandomString(32);
+    const returnTo = options?.returnTo || request.nextUrl.searchParams.get("returnTo") || "/";
+    const cookieStore = await (0, import_headers2.cookies)();
+    cookieStore.set("transactional_pkce_verifier", verifier, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "lax",
+      maxAge: 300,
+      // 5 minutes
+      path: "/"
+    });
+    cookieStore.set("transactional_auth_state", JSON.stringify({ state, returnTo }), {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "lax",
+      maxAge: 300,
+      path: "/"
+    });
+    const authUrl = new URL(`https://${config.domain}/authorize`);
+    authUrl.searchParams.set("client_id", config.clientId);
+    authUrl.searchParams.set("redirect_uri", `${config.baseUrl}/api/auth/callback`);
+    authUrl.searchParams.set("response_type", "code");
+    authUrl.searchParams.set("scope", config.scope || "openid profile email");
+    authUrl.searchParams.set("state", state);
+    authUrl.searchParams.set("code_challenge", challenge);
+    authUrl.searchParams.set("code_challenge_method", "S256");
+    if (options?.connection) {
+      authUrl.searchParams.set("connection", options.connection);
+    }
+    if (options?.loginHint) {
+      authUrl.searchParams.set("login_hint", options.loginHint);
+    }
+    if (config.audience) {
+      authUrl.searchParams.set("audience", config.audience);
+    }
+    return import_server.NextResponse.redirect(authUrl.toString());
+  };
+}
+function handleCallback() {
+  return async (request) => {
+    const config = getConfig();
+    const searchParams = request.nextUrl.searchParams;
+    const code = searchParams.get("code");
+    const state = searchParams.get("state");
+    const error = searchParams.get("error");
+    if (error) {
+      const errorDescription = searchParams.get("error_description") || error;
+      return import_server.NextResponse.redirect(
+        `${config.baseUrl}/auth/error?error=${encodeURIComponent(errorDescription)}`
+      );
+    }
+    if (!code || !state) {
+      return import_server.NextResponse.redirect(`${config.baseUrl}/auth/error?error=missing_code_or_state`);
+    }
+    const cookieStore = await (0, import_headers2.cookies)();
+    const stateCookie = cookieStore.get("transactional_auth_state");
+    const verifierCookie = cookieStore.get("transactional_pkce_verifier");
+    if (!stateCookie?.value || !verifierCookie?.value) {
+      return import_server.NextResponse.redirect(`${config.baseUrl}/auth/error?error=missing_state_cookie`);
+    }
+    const storedState = JSON.parse(stateCookie.value);
+    if (storedState.state !== state) {
+      return import_server.NextResponse.redirect(`${config.baseUrl}/auth/error?error=state_mismatch`);
+    }
+    const tokenResponse = await fetch(`https://${config.domain}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "authorization_code",
+        client_id: config.clientId,
+        ...config.clientSecret ? { client_secret: config.clientSecret } : {},
+        code,
+        redirect_uri: `${config.baseUrl}/api/auth/callback`,
+        code_verifier: verifierCookie.value
+      })
+    });
+    if (!tokenResponse.ok) {
+      const errorData = await tokenResponse.json().catch(() => ({}));
+      console.error("Token exchange failed:", errorData);
+      return import_server.NextResponse.redirect(`${config.baseUrl}/auth/error?error=token_exchange_failed`);
+    }
+    const tokens = await tokenResponse.json();
+    const idToken = jose2.decodeJwt(tokens.id_token);
+    const session = {
+      user: {
+        sub: idToken.sub,
+        email: idToken.email,
+        emailVerified: idToken.email_verified,
+        name: idToken.name,
+        givenName: idToken.given_name,
+        familyName: idToken.family_name,
+        picture: idToken.picture
+      },
+      accessToken: tokens.access_token,
+      refreshToken: tokens.refresh_token,
+      idToken: tokens.id_token,
+      expiresAt: Math.floor(Date.now() / 1e3) + tokens.expires_in
+    };
+    cookieStore.set(
+      config.cookieName || "transactional_session",
+      Buffer.from(JSON.stringify(session)).toString("base64"),
+      {
+        httpOnly: true,
+        secure: config.cookieOptions?.secure ?? process.env.NODE_ENV === "production",
+        sameSite: config.cookieOptions?.sameSite ?? "lax",
+        maxAge: config.cookieOptions?.maxAge ?? 7 * 24 * 60 * 60,
+        path: "/"
+      }
+    );
+    cookieStore.delete("transactional_pkce_verifier");
+    cookieStore.delete("transactional_auth_state");
+    return import_server.NextResponse.redirect(`${config.baseUrl}${storedState.returnTo || "/"}`);
+  };
+}
+function handleLogout(options) {
+  return async (request) => {
+    const config = getConfig();
+    const cookieStore = await (0, import_headers2.cookies)();
+    const sessionCookie = cookieStore.get(config.cookieName || "transactional_session");
+    let idToken;
+    if (sessionCookie?.value) {
+      try {
+        const session = JSON.parse(
+          Buffer.from(sessionCookie.value, "base64").toString("utf-8")
+        );
+        idToken = session.idToken;
+      } catch {
+      }
+    }
+    cookieStore.delete(config.cookieName || "transactional_session");
+    const returnTo = options?.returnTo || request.nextUrl.searchParams.get("returnTo") || config.baseUrl || "/";
+    const logoutUrl = new URL(`https://${config.domain}/session/end`);
+    logoutUrl.searchParams.set("post_logout_redirect_uri", returnTo);
+    if (idToken) {
+      logoutUrl.searchParams.set("id_token_hint", idToken);
+    }
+    return import_server.NextResponse.redirect(logoutUrl.toString());
+  };
+}
+function handleSession() {
+  return async () => {
+    const config = getConfig();
+    const cookieStore = await (0, import_headers2.cookies)();
+    const sessionCookie = cookieStore.get(config.cookieName || "transactional_session");
+    if (!sessionCookie?.value) {
+      return import_server.NextResponse.json({ session: null });
+    }
+    try {
+      const session = JSON.parse(
+        Buffer.from(sessionCookie.value, "base64").toString("utf-8")
+      );
+      if (session.expiresAt < Date.now() / 1e3) {
+        return import_server.NextResponse.json({ session: null });
+      }
+      return import_server.NextResponse.json({
+        session: {
+          user: session.user,
+          expiresAt: session.expiresAt
+        }
+      });
+    } catch {
+      return import_server.NextResponse.json({ session: null });
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getAccessToken,
+  getSession,
+  getUser,
+  handleCallback,
+  handleLogin,
+  handleLogout,
+  handleSession,
+  isAuthenticated
+});

package/dist/server/index.mjs

@@ -0,0 +1,296 @@
+import {
+  getConfig
+} from "../chunk-4S34DQOR.mjs";
+
+// src/server/session.ts
+import { cookies } from "next/headers";
+import * as jose from "jose";
+async function getSession() {
+  const config = getConfig();
+  const cookieStore = await cookies();
+  const sessionCookie = cookieStore.get(config.cookieName || "transactional_session");
+  if (!sessionCookie?.value) {
+    return null;
+  }
+  try {
+    const sessionData = JSON.parse(
+      Buffer.from(sessionCookie.value, "base64").toString("utf-8")
+    );
+    if (sessionData.expiresAt < Date.now() / 1e3) {
+      if (sessionData.refreshToken) {
+        const newSession = await refreshSession(sessionData.refreshToken);
+        if (newSession) {
+          return newSession;
+        }
+      }
+      return null;
+    }
+    return sessionData;
+  } catch {
+    return null;
+  }
+}
+async function getUser() {
+  const session = await getSession();
+  return session?.user || null;
+}
+async function getAccessToken() {
+  const session = await getSession();
+  return session?.accessToken || null;
+}
+async function isAuthenticated() {
+  const session = await getSession();
+  return session !== null;
+}
+async function refreshSession(refreshToken) {
+  const config = getConfig();
+  try {
+    const response = await fetch(`https://${config.domain}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "refresh_token",
+        client_id: config.clientId,
+        ...config.clientSecret ? { client_secret: config.clientSecret } : {},
+        refresh_token: refreshToken
+      })
+    });
+    if (!response.ok) {
+      return null;
+    }
+    const tokens = await response.json();
+    const idToken = jose.decodeJwt(tokens.id_token);
+    const session = {
+      user: {
+        sub: idToken.sub,
+        email: idToken.email,
+        emailVerified: idToken.email_verified,
+        name: idToken.name,
+        givenName: idToken.given_name,
+        familyName: idToken.family_name,
+        picture: idToken.picture
+      },
+      accessToken: tokens.access_token,
+      refreshToken: tokens.refresh_token || refreshToken,
+      idToken: tokens.id_token,
+      expiresAt: Math.floor(Date.now() / 1e3) + tokens.expires_in
+    };
+    const cookieStore = await cookies();
+    cookieStore.set(
+      config.cookieName || "transactional_session",
+      Buffer.from(JSON.stringify(session)).toString("base64"),
+      {
+        httpOnly: true,
+        secure: config.cookieOptions?.secure ?? process.env.NODE_ENV === "production",
+        sameSite: config.cookieOptions?.sameSite ?? "lax",
+        maxAge: config.cookieOptions?.maxAge ?? 7 * 24 * 60 * 60,
+        path: "/"
+      }
+    );
+    return session;
+  } catch {
+    return null;
+  }
+}
+
+// src/server/handlers.ts
+import { cookies as cookies2 } from "next/headers";
+import { NextResponse } from "next/server";
+import * as jose2 from "jose";
+function generateRandomString(length) {
+  const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+  let result = "";
+  const randomValues = new Uint8Array(length);
+  crypto.getRandomValues(randomValues);
+  for (let i = 0; i < length; i++) {
+    result += chars[randomValues[i] % chars.length];
+  }
+  return result;
+}
+async function generatePKCE() {
+  const verifier = generateRandomString(64);
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  const challenge = Buffer.from(hash).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  return { verifier, challenge };
+}
+function handleLogin(options) {
+  return async (request) => {
+    const config = getConfig();
+    const { verifier, challenge } = await generatePKCE();
+    const state = generateRandomString(32);
+    const returnTo = options?.returnTo || request.nextUrl.searchParams.get("returnTo") || "/";
+    const cookieStore = await cookies2();
+    cookieStore.set("transactional_pkce_verifier", verifier, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "lax",
+      maxAge: 300,
+      // 5 minutes
+      path: "/"
+    });
+    cookieStore.set("transactional_auth_state", JSON.stringify({ state, returnTo }), {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "lax",
+      maxAge: 300,
+      path: "/"
+    });
+    const authUrl = new URL(`https://${config.domain}/authorize`);
+    authUrl.searchParams.set("client_id", config.clientId);
+    authUrl.searchParams.set("redirect_uri", `${config.baseUrl}/api/auth/callback`);
+    authUrl.searchParams.set("response_type", "code");
+    authUrl.searchParams.set("scope", config.scope || "openid profile email");
+    authUrl.searchParams.set("state", state);
+    authUrl.searchParams.set("code_challenge", challenge);
+    authUrl.searchParams.set("code_challenge_method", "S256");
+    if (options?.connection) {
+      authUrl.searchParams.set("connection", options.connection);
+    }
+    if (options?.loginHint) {
+      authUrl.searchParams.set("login_hint", options.loginHint);
+    }
+    if (config.audience) {
+      authUrl.searchParams.set("audience", config.audience);
+    }
+    return NextResponse.redirect(authUrl.toString());
+  };
+}
+function handleCallback() {
+  return async (request) => {
+    const config = getConfig();
+    const searchParams = request.nextUrl.searchParams;
+    const code = searchParams.get("code");
+    const state = searchParams.get("state");
+    const error = searchParams.get("error");
+    if (error) {
+      const errorDescription = searchParams.get("error_description") || error;
+      return NextResponse.redirect(
+        `${config.baseUrl}/auth/error?error=${encodeURIComponent(errorDescription)}`
+      );
+    }
+    if (!code || !state) {
+      return NextResponse.redirect(`${config.baseUrl}/auth/error?error=missing_code_or_state`);
+    }
+    const cookieStore = await cookies2();
+    const stateCookie = cookieStore.get("transactional_auth_state");
+    const verifierCookie = cookieStore.get("transactional_pkce_verifier");
+    if (!stateCookie?.value || !verifierCookie?.value) {
+      return NextResponse.redirect(`${config.baseUrl}/auth/error?error=missing_state_cookie`);
+    }
+    const storedState = JSON.parse(stateCookie.value);
+    if (storedState.state !== state) {
+      return NextResponse.redirect(`${config.baseUrl}/auth/error?error=state_mismatch`);
+    }
+    const tokenResponse = await fetch(`https://${config.domain}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "authorization_code",
+        client_id: config.clientId,
+        ...config.clientSecret ? { client_secret: config.clientSecret } : {},
+        code,
+        redirect_uri: `${config.baseUrl}/api/auth/callback`,
+        code_verifier: verifierCookie.value
+      })
+    });
+    if (!tokenResponse.ok) {
+      const errorData = await tokenResponse.json().catch(() => ({}));
+      console.error("Token exchange failed:", errorData);
+      return NextResponse.redirect(`${config.baseUrl}/auth/error?error=token_exchange_failed`);
+    }
+    const tokens = await tokenResponse.json();
+    const idToken = jose2.decodeJwt(tokens.id_token);
+    const session = {
+      user: {
+        sub: idToken.sub,
+        email: idToken.email,
+        emailVerified: idToken.email_verified,
+        name: idToken.name,
+        givenName: idToken.given_name,
+        familyName: idToken.family_name,
+        picture: idToken.picture
+      },
+      accessToken: tokens.access_token,
+      refreshToken: tokens.refresh_token,
+      idToken: tokens.id_token,
+      expiresAt: Math.floor(Date.now() / 1e3) + tokens.expires_in
+    };
+    cookieStore.set(
+      config.cookieName || "transactional_session",
+      Buffer.from(JSON.stringify(session)).toString("base64"),
+      {
+        httpOnly: true,
+        secure: config.cookieOptions?.secure ?? process.env.NODE_ENV === "production",
+        sameSite: config.cookieOptions?.sameSite ?? "lax",
+        maxAge: config.cookieOptions?.maxAge ?? 7 * 24 * 60 * 60,
+        path: "/"
+      }
+    );
+    cookieStore.delete("transactional_pkce_verifier");
+    cookieStore.delete("transactional_auth_state");
+    return NextResponse.redirect(`${config.baseUrl}${storedState.returnTo || "/"}`);
+  };
+}
+function handleLogout(options) {
+  return async (request) => {
+    const config = getConfig();
+    const cookieStore = await cookies2();
+    const sessionCookie = cookieStore.get(config.cookieName || "transactional_session");
+    let idToken;
+    if (sessionCookie?.value) {
+      try {
+        const session = JSON.parse(
+          Buffer.from(sessionCookie.value, "base64").toString("utf-8")
+        );
+        idToken = session.idToken;
+      } catch {
+      }
+    }
+    cookieStore.delete(config.cookieName || "transactional_session");
+    const returnTo = options?.returnTo || request.nextUrl.searchParams.get("returnTo") || config.baseUrl || "/";
+    const logoutUrl = new URL(`https://${config.domain}/session/end`);
+    logoutUrl.searchParams.set("post_logout_redirect_uri", returnTo);
+    if (idToken) {
+      logoutUrl.searchParams.set("id_token_hint", idToken);
+    }
+    return NextResponse.redirect(logoutUrl.toString());
+  };
+}
+function handleSession() {
+  return async () => {
+    const config = getConfig();
+    const cookieStore = await cookies2();
+    const sessionCookie = cookieStore.get(config.cookieName || "transactional_session");
+    if (!sessionCookie?.value) {
+      return NextResponse.json({ session: null });
+    }
+    try {
+      const session = JSON.parse(
+        Buffer.from(sessionCookie.value, "base64").toString("utf-8")
+      );
+      if (session.expiresAt < Date.now() / 1e3) {
+        return NextResponse.json({ session: null });
+      }
+      return NextResponse.json({
+        session: {
+          user: session.user,
+          expiresAt: session.expiresAt
+        }
+      });
+    } catch {
+      return NextResponse.json({ session: null });
+    }
+  };
+}
+export {
+  getAccessToken,
+  getSession,
+  getUser,
+  handleCallback,
+  handleLogin,
+  handleLogout,
+  handleSession,
+  isAuthenticated
+};