@artatol-acp/auth-nextjs 0.5.8 → 0.5.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/middleware.d.ts.map +1 -1
- package/dist/middleware.js +53 -9
- package/dist/middleware.js.map +1 -1
- package/dist/proxy.d.ts.map +1 -1
- package/dist/proxy.js +53 -9
- package/dist/proxy.js.map +1 -1
- package/package.json +1 -1
package/dist/middleware.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;KACtC,CAAC;CACH,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;KACtC,CAAC;CACH,CAAC;AASF,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,wBAAwB,IAiB/B,SAAS,WAAW,oCAsH7D"}
|
package/dist/middleware.js
CHANGED
|
@@ -27,17 +27,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
27
27
|
return NextResponse.redirect(url);
|
|
28
28
|
}
|
|
29
29
|
// Try to refresh
|
|
30
|
-
const
|
|
31
|
-
if (!
|
|
30
|
+
const result = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
31
|
+
if (!result) {
|
|
32
32
|
// Refresh failed, redirect to login
|
|
33
33
|
const url = request.nextUrl.clone();
|
|
34
34
|
url.pathname = loginPath;
|
|
35
35
|
url.searchParams.set('from', pathname);
|
|
36
36
|
return NextResponse.redirect(url);
|
|
37
37
|
}
|
|
38
|
-
// Set new
|
|
38
|
+
// Set new tokens and continue
|
|
39
39
|
const response = NextResponse.next();
|
|
40
|
-
response.cookies.set('access_token',
|
|
40
|
+
response.cookies.set('access_token', result.accessToken, {
|
|
41
41
|
httpOnly: true,
|
|
42
42
|
secure,
|
|
43
43
|
sameSite,
|
|
@@ -45,6 +45,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
45
45
|
path: cookiePath,
|
|
46
46
|
...(cookieDomain && { domain: cookieDomain }),
|
|
47
47
|
});
|
|
48
|
+
// Update refresh token if rotated
|
|
49
|
+
if (result.refreshToken) {
|
|
50
|
+
response.cookies.set('refresh_token', result.refreshToken, {
|
|
51
|
+
httpOnly: true,
|
|
52
|
+
secure,
|
|
53
|
+
sameSite,
|
|
54
|
+
maxAge: 60 * 60 * 24 * 7, // 7 days (matches server)
|
|
55
|
+
path: cookiePath,
|
|
56
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
57
|
+
});
|
|
58
|
+
}
|
|
48
59
|
return response;
|
|
49
60
|
}
|
|
50
61
|
// Verify access token
|
|
@@ -65,17 +76,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
65
76
|
url.searchParams.set('from', pathname);
|
|
66
77
|
return NextResponse.redirect(url);
|
|
67
78
|
}
|
|
68
|
-
const
|
|
69
|
-
if (!
|
|
79
|
+
const result = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
80
|
+
if (!result) {
|
|
70
81
|
// Refresh failed, redirect to login
|
|
71
82
|
const url = request.nextUrl.clone();
|
|
72
83
|
url.pathname = loginPath;
|
|
73
84
|
url.searchParams.set('from', pathname);
|
|
74
85
|
return NextResponse.redirect(url);
|
|
75
86
|
}
|
|
76
|
-
// Set new
|
|
87
|
+
// Set new tokens and continue
|
|
77
88
|
const response = NextResponse.next();
|
|
78
|
-
response.cookies.set('access_token',
|
|
89
|
+
response.cookies.set('access_token', result.accessToken, {
|
|
79
90
|
httpOnly: true,
|
|
80
91
|
secure,
|
|
81
92
|
sameSite,
|
|
@@ -83,10 +94,38 @@ export function createACPAuthMiddleware(options) {
|
|
|
83
94
|
path: cookiePath,
|
|
84
95
|
...(cookieDomain && { domain: cookieDomain }),
|
|
85
96
|
});
|
|
97
|
+
// Update refresh token if rotated
|
|
98
|
+
if (result.refreshToken) {
|
|
99
|
+
response.cookies.set('refresh_token', result.refreshToken, {
|
|
100
|
+
httpOnly: true,
|
|
101
|
+
secure,
|
|
102
|
+
sameSite,
|
|
103
|
+
maxAge: 60 * 60 * 24 * 7, // 7 days (matches server)
|
|
104
|
+
path: cookiePath,
|
|
105
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
106
|
+
});
|
|
107
|
+
}
|
|
86
108
|
return response;
|
|
87
109
|
}
|
|
88
110
|
};
|
|
89
111
|
}
|
|
112
|
+
function extractRefreshTokenFromCookies(response) {
|
|
113
|
+
// Try getSetCookie() first (returns array of individual Set-Cookie headers)
|
|
114
|
+
const setCookies = response.headers.getSetCookie?.();
|
|
115
|
+
if (setCookies && setCookies.length > 0) {
|
|
116
|
+
for (const cookie of setCookies) {
|
|
117
|
+
const match = cookie.match(/refresh_token=([^;]+)/);
|
|
118
|
+
if (match)
|
|
119
|
+
return match[1];
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
// Fallback to get('set-cookie')
|
|
123
|
+
const setCookieHeader = response.headers.get('set-cookie');
|
|
124
|
+
if (!setCookieHeader)
|
|
125
|
+
return null;
|
|
126
|
+
const match = setCookieHeader.match(/refresh_token=([^;]+)/);
|
|
127
|
+
return match ? match[1] : null;
|
|
128
|
+
}
|
|
90
129
|
async function tryRefresh(baseUrl, apiKey, refreshToken) {
|
|
91
130
|
try {
|
|
92
131
|
const response = await fetch(`${baseUrl}/refresh`, {
|
|
@@ -104,7 +143,12 @@ async function tryRefresh(baseUrl, apiKey, refreshToken) {
|
|
|
104
143
|
if (!data.success || !data.data?.accessToken) {
|
|
105
144
|
return null;
|
|
106
145
|
}
|
|
107
|
-
|
|
146
|
+
// Extract new refresh token from Set-Cookie header (server rotates tokens)
|
|
147
|
+
const newRefreshToken = extractRefreshTokenFromCookies(response);
|
|
148
|
+
return {
|
|
149
|
+
accessToken: data.data.accessToken,
|
|
150
|
+
refreshToken: newRefreshToken,
|
|
151
|
+
};
|
|
108
152
|
}
|
|
109
153
|
catch {
|
|
110
154
|
return null;
|
package/dist/middleware.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAgB,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAgB,MAAM,MAAM,CAAC;AAqB3D,IAAI,SAAS,GAAmB,IAAI,CAAC;AAErC,MAAM,UAAU,uBAAuB,CAAC,OAAiC;IACvE,MAAM,EACJ,OAAO,EACP,MAAM,EACN,YAAY,EACZ,WAAW,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,eAAe,EAAE,aAAa,CAAC,EAC5G,SAAS,GAAG,QAAQ,EACpB,OAAO,EAAE,YAAY,GAAG,EAAE,GAC3B,GAAG,OAAO,CAAC;IAEZ,MAAM,EACJ,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,UAAU,GAAG,GAAG,EACtB,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAC9C,QAAQ,GAAG,KAAK,GACjB,GAAG,YAAY,CAAC;IAEjB,OAAO,KAAK,UAAU,iBAAiB,CAAC,OAAoB;QAC1D,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;QAErC,qBAAqB;QACrB,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1D,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,gDAAgD;QAChD,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,yBAAyB;QACzB,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC;QAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC;QAEjE,qCAAqC;QACrC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,sCAAsC;gBACtC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,iBAAiB;YACjB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE;gBACvD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,kCAAkC;YAClC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE;oBACzD,QAAQ,EAAE,IAAI;oBACd,MAAM;oBACN,QAAQ;oBACR,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,0BAA0B;oBACpD,IAAI,EAAE,UAAU;oBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC;YACH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,SAAS,CAAC,WAAW,EAAE,SAAS,EAAE;gBACtC,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAC,CAAC;YAEH,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;YAC3C,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE;gBACvD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,kCAAkC;YAClC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE;oBACzD,QAAQ,EAAE,IAAI;oBACd,MAAM;oBACN,QAAQ;oBACR,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,0BAA0B;oBACpD,IAAI,EAAE,UAAU;oBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,8BAA8B,CAAC,QAAkB;IACxD,4EAA4E;IAC5E,MAAM,UAAU,GAAI,QAAQ,CAAC,OAA6C,CAAC,YAAY,EAAE,EAAE,CAAC;IAC5F,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACpD,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC3D,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IAElC,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC7D,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAe,EACf,MAAc,EACd,YAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,UAAU,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,MAAM;gBACnB,MAAM,EAAE,iBAAiB,YAAY,EAAE;aACxC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2EAA2E;QAC3E,MAAM,eAAe,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;QAEjE,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;YAClC,YAAY,EAAE,eAAe;SAC9B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/dist/proxy.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;KACtC,CAAC;CACH,CAAC;
|
|
1
|
+
{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;KACtC,CAAC;CACH,CAAC;AASF,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,wBAAwB,IAiB/B,SAAS,WAAW,oCAsH7D"}
|
package/dist/proxy.js
CHANGED
|
@@ -27,17 +27,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
27
27
|
return NextResponse.redirect(url);
|
|
28
28
|
}
|
|
29
29
|
// Try to refresh
|
|
30
|
-
const
|
|
31
|
-
if (!
|
|
30
|
+
const result = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
31
|
+
if (!result) {
|
|
32
32
|
// Refresh failed, redirect to login
|
|
33
33
|
const url = request.nextUrl.clone();
|
|
34
34
|
url.pathname = loginPath;
|
|
35
35
|
url.searchParams.set('from', pathname);
|
|
36
36
|
return NextResponse.redirect(url);
|
|
37
37
|
}
|
|
38
|
-
// Set new
|
|
38
|
+
// Set new tokens and continue
|
|
39
39
|
const response = NextResponse.next();
|
|
40
|
-
response.cookies.set('access_token',
|
|
40
|
+
response.cookies.set('access_token', result.accessToken, {
|
|
41
41
|
httpOnly: true,
|
|
42
42
|
secure,
|
|
43
43
|
sameSite,
|
|
@@ -45,6 +45,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
45
45
|
path: cookiePath,
|
|
46
46
|
...(cookieDomain && { domain: cookieDomain }),
|
|
47
47
|
});
|
|
48
|
+
// Update refresh token if rotated
|
|
49
|
+
if (result.refreshToken) {
|
|
50
|
+
response.cookies.set('refresh_token', result.refreshToken, {
|
|
51
|
+
httpOnly: true,
|
|
52
|
+
secure,
|
|
53
|
+
sameSite,
|
|
54
|
+
maxAge: 60 * 60 * 24 * 7, // 7 days (matches server)
|
|
55
|
+
path: cookiePath,
|
|
56
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
57
|
+
});
|
|
58
|
+
}
|
|
48
59
|
return response;
|
|
49
60
|
}
|
|
50
61
|
// Verify access token
|
|
@@ -65,17 +76,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
65
76
|
url.searchParams.set('from', pathname);
|
|
66
77
|
return NextResponse.redirect(url);
|
|
67
78
|
}
|
|
68
|
-
const
|
|
69
|
-
if (!
|
|
79
|
+
const result = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
80
|
+
if (!result) {
|
|
70
81
|
// Refresh failed, redirect to login
|
|
71
82
|
const url = request.nextUrl.clone();
|
|
72
83
|
url.pathname = loginPath;
|
|
73
84
|
url.searchParams.set('from', pathname);
|
|
74
85
|
return NextResponse.redirect(url);
|
|
75
86
|
}
|
|
76
|
-
// Set new
|
|
87
|
+
// Set new tokens and continue
|
|
77
88
|
const response = NextResponse.next();
|
|
78
|
-
response.cookies.set('access_token',
|
|
89
|
+
response.cookies.set('access_token', result.accessToken, {
|
|
79
90
|
httpOnly: true,
|
|
80
91
|
secure,
|
|
81
92
|
sameSite,
|
|
@@ -83,10 +94,38 @@ export function createACPAuthMiddleware(options) {
|
|
|
83
94
|
path: cookiePath,
|
|
84
95
|
...(cookieDomain && { domain: cookieDomain }),
|
|
85
96
|
});
|
|
97
|
+
// Update refresh token if rotated
|
|
98
|
+
if (result.refreshToken) {
|
|
99
|
+
response.cookies.set('refresh_token', result.refreshToken, {
|
|
100
|
+
httpOnly: true,
|
|
101
|
+
secure,
|
|
102
|
+
sameSite,
|
|
103
|
+
maxAge: 60 * 60 * 24 * 7, // 7 days (matches server)
|
|
104
|
+
path: cookiePath,
|
|
105
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
106
|
+
});
|
|
107
|
+
}
|
|
86
108
|
return response;
|
|
87
109
|
}
|
|
88
110
|
};
|
|
89
111
|
}
|
|
112
|
+
function extractRefreshTokenFromCookies(response) {
|
|
113
|
+
// Try getSetCookie() first (returns array of individual Set-Cookie headers)
|
|
114
|
+
const setCookies = response.headers.getSetCookie?.();
|
|
115
|
+
if (setCookies && setCookies.length > 0) {
|
|
116
|
+
for (const cookie of setCookies) {
|
|
117
|
+
const match = cookie.match(/refresh_token=([^;]+)/);
|
|
118
|
+
if (match)
|
|
119
|
+
return match[1];
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
// Fallback to get('set-cookie')
|
|
123
|
+
const setCookieHeader = response.headers.get('set-cookie');
|
|
124
|
+
if (!setCookieHeader)
|
|
125
|
+
return null;
|
|
126
|
+
const match = setCookieHeader.match(/refresh_token=([^;]+)/);
|
|
127
|
+
return match ? match[1] : null;
|
|
128
|
+
}
|
|
90
129
|
async function tryRefresh(baseUrl, apiKey, refreshToken) {
|
|
91
130
|
try {
|
|
92
131
|
const response = await fetch(`${baseUrl}/refresh`, {
|
|
@@ -104,7 +143,12 @@ async function tryRefresh(baseUrl, apiKey, refreshToken) {
|
|
|
104
143
|
if (!data.success || !data.data?.accessToken) {
|
|
105
144
|
return null;
|
|
106
145
|
}
|
|
107
|
-
|
|
146
|
+
// Extract new refresh token from Set-Cookie header (server rotates tokens)
|
|
147
|
+
const newRefreshToken = extractRefreshTokenFromCookies(response);
|
|
148
|
+
return {
|
|
149
|
+
accessToken: data.data.accessToken,
|
|
150
|
+
refreshToken: newRefreshToken,
|
|
151
|
+
};
|
|
108
152
|
}
|
|
109
153
|
catch {
|
|
110
154
|
return null;
|
package/dist/proxy.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAgB,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAgB,MAAM,MAAM,CAAC;AAqB3D,IAAI,SAAS,GAAmB,IAAI,CAAC;AAErC,MAAM,UAAU,uBAAuB,CAAC,OAAiC;IACvE,MAAM,EACJ,OAAO,EACP,MAAM,EACN,YAAY,EACZ,WAAW,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,eAAe,EAAE,aAAa,CAAC,EAC5G,SAAS,GAAG,QAAQ,EACpB,OAAO,EAAE,YAAY,GAAG,EAAE,GAC3B,GAAG,OAAO,CAAC;IAEZ,MAAM,EACJ,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,UAAU,GAAG,GAAG,EACtB,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAC9C,QAAQ,GAAG,KAAK,GACjB,GAAG,YAAY,CAAC;IAEjB,OAAO,KAAK,UAAU,iBAAiB,CAAC,OAAoB;QAC1D,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;QAErC,qBAAqB;QACrB,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1D,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,gDAAgD;QAChD,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,yBAAyB;QACzB,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC;QAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC;QAEjE,qCAAqC;QACrC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,sCAAsC;gBACtC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,iBAAiB;YACjB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE;gBACvD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,kCAAkC;YAClC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE;oBACzD,QAAQ,EAAE,IAAI;oBACd,MAAM;oBACN,QAAQ;oBACR,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,0BAA0B;oBACpD,IAAI,EAAE,UAAU;oBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC;YACH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,SAAS,CAAC,WAAW,EAAE,SAAS,EAAE;gBACtC,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAC,CAAC;YAEH,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;YAC3C,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE;gBACvD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,kCAAkC;YAClC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE;oBACzD,QAAQ,EAAE,IAAI;oBACd,MAAM;oBACN,QAAQ;oBACR,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,0BAA0B;oBACpD,IAAI,EAAE,UAAU;oBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,8BAA8B,CAAC,QAAkB;IACxD,4EAA4E;IAC5E,MAAM,UAAU,GAAI,QAAQ,CAAC,OAA6C,CAAC,YAAY,EAAE,EAAE,CAAC;IAC5F,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACpD,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC3D,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IAElC,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC7D,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAe,EACf,MAAc,EACd,YAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,UAAU,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,MAAM;gBACnB,MAAM,EAAE,iBAAiB,YAAY,EAAE;aACxC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2EAA2E;QAC3E,MAAM,eAAe,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;QAEjE,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;YAClC,YAAY,EAAE,eAAe;SAC9B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/package.json
CHANGED