export { g as getRolePermissions, b as hasAllPermissions, a as hasAnyPermission, d as hasAnyRole, h as hasPermission, c as hasRole, i as requireAllPermissions, f as requireAnyPermission, r as requirePermission, e as requireRole } from '../permissions-fSjjbug1.mjs'; import { NextRequest, NextResponse } from 'next/server'; import { c as RBACAdapter, P as Permission, R as Role } from '../index-CEh-y2dx.mjs'; /** * Configuration for RBAC middleware */ interface RBACMiddlewareConfig { /** * RBAC adapter instance */ adapter: RBACAdapter; /** * Function to get user ID from request * This should extract the user ID from session/token/cookies * * @example * ```typescript * getUserId: async (req) => { * const session = await getSession(req); * return session?.user?.id || null; * } * ``` */ getUserId: (req: NextRequest) => Promise; /** * Optional: URL to redirect to when user is not authenticated * @default '/login' */ unauthorizedUrl?: string; /** * Optional: URL to redirect to when user lacks permission * @default '/forbidden' */ forbiddenUrl?: string; /** * Optional: Function to check if route should be public */ isPublicRoute?: (pathname: string) => boolean; } /** * Route protection configuration */ interface RouteProtection { /** * Required permissions (user must have ALL of these) */ permissions?: Permission[]; /** * Required permissions (user must have ANY of these) */ anyPermissions?: Permission[]; /** * Required roles (user must have ANY of these) */ roles?: Role[]; /** * Custom check function */ custom?: (req: NextRequest, userId: string, adapter: RBACAdapter) => Promise; } /** * Creates an RBAC middleware for Next.js * * @example * ```typescript * // middleware.ts * import { createRBACMiddleware } from '@khannara/next-rbac/server'; * import { getAdapter } from './lib/rbac'; * import { getSession } from './lib/auth'; * * const rbacMiddleware = createRBACMiddleware({ * adapter: getAdapter(), * getUserId: async (req) => { * const session = await getSession(req); * return session?.user?.id || null; * }, * }); * * export async function middleware(req: NextRequest) { * return rbacMiddleware(req, { * '/admin': { roles: ['admin'] }, * '/api/users': { permissions: ['users.read'] }, * '/settings': { anyPermissions: ['settings.update', 'admin.access'] }, * }); * } * * export const config = { * matcher: ['/admin/:path*', '/api/:path*', '/settings/:path*'], * }; * ``` */ declare function createRBACMiddleware(config: RBACMiddlewareConfig): (req: NextRequest, protectedRoutes: Record) => Promise; /** * Helper to create a simple role-based middleware * * @example * ```typescript * export const middleware = createRoleMiddleware({ * adapter: getAdapter(), * getUserId: getUserIdFromSession, * allowedRoles: ['admin', 'manager'], * }); * ``` */ declare function createRoleMiddleware(config: RBACMiddlewareConfig & { allowedRoles: Role[]; }): (req: NextRequest) => Promise; /** * Helper to create a permission-based middleware * * @example * ```typescript * export const middleware = createPermissionMiddleware({ * adapter: getAdapter(), * getUserId: getUserIdFromSession, * requiredPermissions: ['users.read', 'users.update'], * }); * ``` */ declare function createPermissionMiddleware(config: RBACMiddlewareConfig & { requiredPermissions: Permission[]; }): (req: NextRequest) => Promise; /** * Options for resolving role inheritance */ interface InheritanceOptions { /** * Maximum depth to traverse role hierarchy (prevents infinite loops) * @default 10 */ maxDepth?: number; } /** * Resolves all permissions for a role including inherited permissions * * @param adapter - RBAC adapter instance * @param roleName - Name of the role * @param options - Inheritance options * @returns Array of all permissions (deduplicated) * * @example * ```typescript * // Role hierarchy: * // super-admin (no permissions, inherits from admin) * // admin (users.delete, inherits from manager) * // manager (users.update, inherits from user) * // user (users.read) * * const permissions = await resolveRolePermissions(adapter, 'super-admin'); * // Returns: ['users.read', 'users.update', 'users.delete'] * ``` */ declare function resolveRolePermissions(adapter: RBACAdapter, roleName: Role, options?: InheritanceOptions): Promise; /** * Checks if a role inherits from another role (directly or indirectly) * * @param adapter - RBAC adapter instance * @param roleName - Name of the role to check * @param parentRole - Name of the potential parent role * @param options - Inheritance options * @returns True if roleName inherits from parentRole * * @example * ```typescript * // super-admin → admin → manager → user * await inheritsFrom(adapter, 'super-admin', 'user'); // true * await inheritsFrom(adapter, 'super-admin', 'admin'); // true * await inheritsFrom(adapter, 'admin', 'super-admin'); // false * ``` */ declare function inheritsFrom(adapter: RBACAdapter, roleName: Role, parentRole: Role, options?: InheritanceOptions): Promise; /** * Gets the complete role hierarchy for a role * * @param adapter - RBAC adapter instance * @param roleName - Name of the role * @param options - Inheritance options * @returns Array of role names from current to root (e.g., ['super-admin', 'admin', 'manager', 'user']) * * @example * ```typescript * const hierarchy = await getRoleHierarchy(adapter, 'super-admin'); * // Returns: ['super-admin', 'admin', 'manager', 'user'] * ``` */ declare function getRoleHierarchy(adapter: RBACAdapter, roleName: Role, options?: InheritanceOptions): Promise; export { type InheritanceOptions, type RBACMiddlewareConfig, type RouteProtection, createPermissionMiddleware, createRBACMiddleware, createRoleMiddleware, getRoleHierarchy, inheritsFrom, resolveRolePermissions };