@botparty/nextjs 0.0.55 → 0.0.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/auth.d.ts +2 -0
- package/dist/server.cjs +4 -4
- package/dist/server.js +2 -2
- package/package.json +2 -2
package/dist/server/auth.d.ts
CHANGED
|
@@ -5,6 +5,8 @@ export interface ServerAuthObject {
|
|
|
5
5
|
type: AuthType;
|
|
6
6
|
userId: string | null;
|
|
7
7
|
namespaceId: string | null;
|
|
8
|
+
/** The actual namespace that signed the JWT (only set for org-scoped calls) */
|
|
9
|
+
signerNamespace: string | null;
|
|
8
10
|
keyId: string | null;
|
|
9
11
|
email: string | null;
|
|
10
12
|
name: string | null;
|
package/dist/server.cjs
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
"use strict";var ve=Object.create;var N=Object.defineProperty;var Ae=Object.getOwnPropertyDescriptor;var _e=Object.getOwnPropertyNames;var be=Object.getPrototypeOf,je=Object.prototype.hasOwnProperty;var Ee=(e,t)=>{for(var r in t)N(e,r,{get:t[r],enumerable:!0})},re=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of _e(t))!je.call(e,s)&&s!==r&&N(e,s,{get:()=>t[s],enumerable:!(n=Ae(t,s))||n.enumerable});return e};var L=(e,t,r)=>(r=e!=null?ve(be(e)):{},re(t||!e||!e.__esModule?N(r,"default",{value:e,enumerable:!0}):r,e)),Ce=e=>re(N({},"__esModule",{value:!0}),e);var He={};Ee(He,{REFRESH_COOKIE:()=>x,SESSION_COOKIE:()=>C,auth:()=>U,botpartyMiddleware:()=>Pe,configureJwksCache:()=>de,createJwksResponse:()=>Te,createPaymentGateway:()=>we,createRouteMatcher:()=>Ie,createSession:()=>K,currentUser:()=>he,decodeToken:()=>H,destroySession:()=>ie,drainJwksRevalidations:()=>pe,isDomain:()=>
|
|
2
|
-
`),"ES256"),c=await new m.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(r).setSubject(r).setAudience(s).setIssuedAt().setExpirationTime("60s").setJti(crypto.randomUUID()).sign(p),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:r,client_assertion_type:Be,client_assertion:c})});if(!o.ok)return console.error("[BotParty] Token refresh failed:",o.status,await o.text().catch(()=>"")),null;let i=await o.json();return{accessToken:i.access_token,refreshToken:i.refresh_token}}catch(t){return console.error("[BotParty] Token refresh error:",t instanceof Error?t.message:t),null}}var f=L(require("jose"),1),q=600*1e3,v=new Map,g=null;function de(e){g=e}var $=[];async function pe(){let e=$;$=[],await Promise.allSettled(e.map(t=>t()))}async function le(e){try{let t=await fetch(e,{cache:"no-store"});if(!t.ok)return;let r=await t.json();v.set(e,{jwks:r,expiresAt:Date.now()+q}),g&&await g.set(e,r)}catch{}}function Y(){return process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club"}async function Q(e){let t=v.get(e);if(t&&Date.now()<t.expiresAt)return $.push(()=>le(e)),t.jwks;if(g){let s=await g.get(e);if(s)return v.set(e,{jwks:s,expiresAt:Date.now()+q}),$.push(()=>le(e)),s}let r=await fetch(e);if(!r.ok)throw new Error(`Failed to fetch JWKS from ${e}: ${r.status}`);let n=await r.json();return v.set(e,{jwks:n,expiresAt:Date.now()+q}),g&&await g.set(e,n),n}async function D(e){try{let t=`${Y()}/.well-known/jwks.json`,r=await Q(t),n=f.createLocalJWKSet(r),{payload:s}=await f.jwtVerify(e,n,{algorithms:["ES256"],issuer:Y()});return s}catch{return null}}async function
|
|
1
|
+
"use strict";var ve=Object.create;var N=Object.defineProperty;var Ae=Object.getOwnPropertyDescriptor;var _e=Object.getOwnPropertyNames;var be=Object.getPrototypeOf,je=Object.prototype.hasOwnProperty;var Ee=(e,t)=>{for(var r in t)N(e,r,{get:t[r],enumerable:!0})},re=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of _e(t))!je.call(e,s)&&s!==r&&N(e,s,{get:()=>t[s],enumerable:!(n=Ae(t,s))||n.enumerable});return e};var L=(e,t,r)=>(r=e!=null?ve(be(e)):{},re(t||!e||!e.__esModule?N(r,"default",{value:e,enumerable:!0}):r,e)),Ce=e=>re(N({},"__esModule",{value:!0}),e);var He={};Ee(He,{REFRESH_COOKIE:()=>x,SESSION_COOKIE:()=>C,auth:()=>U,botpartyMiddleware:()=>Pe,configureJwksCache:()=>de,createJwksResponse:()=>Te,createPaymentGateway:()=>we,createRouteMatcher:()=>Ie,createSession:()=>K,currentUser:()=>he,decodeToken:()=>H,destroySession:()=>ie,drainJwksRevalidations:()=>pe,isDomain:()=>z,readSession:()=>O,verifyAccessToken:()=>D,verifyDomainToken:()=>M,verifyNamespaceToken:()=>W});module.exports=Ce(He);var fe=require("next/headers"),P=require("next/navigation");var m=L(require("jose"),1),E=require("next/headers"),C="__botparty_session",x="__botparty_refresh",xe="15m",Oe="30d",Ue=900,Ne=720*60*60,ne="https://id.botparty.club",J=null;async function B(){if(J)return J;let e=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!e)throw new Error("[BotParty] BOTPARTY_CLIENT_ASSERTION_KEY env var is not set");let t=`bp-session-key:${e}`,r=await crypto.subtle.digest("SHA-256",new TextEncoder().encode(t));return J=new Uint8Array(r),J}function se(e){return e.sub?{userId:e.sub,email:e.email,name:e.name,picture:e.picture,namespaceId:e.namespaceId,keyId:e.keyId,hasLinkedUser:e.hasLinkedUser??!1,accessToken:e.at,refreshToken:e.rt}:null}async function O(){let t=(await(0,E.cookies)()).get(C)?.value;if(!t)return null;try{let r=await B(),{payload:n}=await m.jwtDecrypt(t,r);return se(n)}catch{return null}}async function oe(){let t=(await(0,E.cookies)()).get(x)?.value;if(!t)return null;try{let r=await B(),{payload:n}=await m.jwtDecrypt(t,r);return se(n)}catch{return null}}function ae(e){return{email:e.email,name:e.name,picture:e.picture,namespaceId:e.namespaceId,keyId:e.keyId,hasLinkedUser:e.hasLinkedUser??!1,at:e.accessToken,rt:e.refreshToken}}async function Le(e){let t=await B();return new m.EncryptJWT(ae(e)).setProtectedHeader({alg:"dir",enc:"A256GCM"}).setSubject(e.userId).setIssuedAt().setExpirationTime(xe).setIssuer(ne).encrypt(t)}async function Je(e){let t=await B();return new m.EncryptJWT(ae(e)).setProtectedHeader({alg:"dir",enc:"A256GCM"}).setSubject(e.userId).setIssuedAt().setExpirationTime(Oe).setIssuer(ne).encrypt(t)}async function K(e){let t=await(0,E.cookies)(),n={httpOnly:!0,secure:process.env.NODE_ENV==="production",sameSite:"lax",path:"/"};t.set(C,await Le(e),{...n,maxAge:Ue}),t.set(x,await Je(e),{...n,maxAge:Ne})}async function ie(){let e=await(0,E.cookies)();e.delete(C),e.delete(x)}var Be="urn:ietf:params:oauth:client-assertion-type:jwt-bearer";function ce(e){try{let t=m.decodeJwt(e);return t.exp?t.exp<Math.floor(Date.now()/1e3)+60:!0}catch{return!0}}async function ue(e){try{let t=process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club",r=process.env.BOTPARTY_CLIENT_ID,n=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!r||!n)return null;let s=`${t}/oauth/token`,p=await m.importPKCS8(n.replace(/\\n/g,`
|
|
2
|
+
`),"ES256"),c=await new m.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(r).setSubject(r).setAudience(s).setIssuedAt().setExpirationTime("60s").setJti(crypto.randomUUID()).sign(p),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:r,client_assertion_type:Be,client_assertion:c})});if(!o.ok)return console.error("[BotParty] Token refresh failed:",o.status,await o.text().catch(()=>"")),null;let i=await o.json();return{accessToken:i.access_token,refreshToken:i.refresh_token}}catch(t){return console.error("[BotParty] Token refresh error:",t instanceof Error?t.message:t),null}}var f=L(require("jose"),1),q=600*1e3,v=new Map,g=null;function de(e){g=e}var $=[];async function pe(){let e=$;$=[],await Promise.allSettled(e.map(t=>t()))}async function le(e){try{let t=await fetch(e,{cache:"no-store"});if(!t.ok)return;let r=await t.json();v.set(e,{jwks:r,expiresAt:Date.now()+q}),g&&await g.set(e,r)}catch{}}function Y(){return process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club"}async function Q(e){let t=v.get(e);if(t&&Date.now()<t.expiresAt)return $.push(()=>le(e)),t.jwks;if(g){let s=await g.get(e);if(s)return v.set(e,{jwks:s,expiresAt:Date.now()+q}),$.push(()=>le(e)),s}let r=await fetch(e);if(!r.ok)throw new Error(`Failed to fetch JWKS from ${e}: ${r.status}`);let n=await r.json();return v.set(e,{jwks:n,expiresAt:Date.now()+q}),g&&await g.set(e,n),n}async function D(e){try{let t=`${Y()}/.well-known/jwks.json`,r=await Q(t),n=f.createLocalJWKSet(r),{payload:s}=await f.jwtVerify(e,n,{algorithms:["ES256"],issuer:Y()});return s}catch{return null}}async function W(e,t){try{let r=`${Y()}/api/v1/namespaces/${encodeURIComponent(t)}/jwks.json`,n=await Q(r),s=f.createLocalJWKSet(n),{payload:p}=await f.jwtVerify(e,s);return p}catch{return null}}function z(e){return/^([a-z0-9-]+\.)+[a-z]{2,}$/i.test(e)}async function M(e,t){let r=`${Y()}/api/v1/namespaces/${encodeURIComponent(t)}/jwks.json`;try{let n=await Q(r);if(!n.keys?.length)return null;let s=f.createLocalJWKSet(n),{payload:p}=await f.jwtVerify(e,s);return p}catch{}try{v.delete(r),g&&await g.set(r,{keys:[]});let n=`${r}?bypass-cache=true`,s=await fetch(n,{cache:"no-store"});if(!s.ok)return null;let p=await s.json();if(!p.keys?.length)return null;v.set(r,{jwks:p,expiresAt:Date.now()+q}),g&&await g.set(r,p);let c=f.createLocalJWKSet(p),{payload:o}=await f.jwtVerify(e,c);return o}catch{return null}}function H(e){return f.decodeJwt(e)}var A="/api/botparty";function F(e){return{isAuthenticated:!1,type:null,userId:null,namespaceId:null,signerNamespace:null,keyId:null,email:null,name:null,picture:null,hasLinkedUser:!1,protect(){(0,P.redirect)(`${A}/auth/login`)},redirectToSignIn(t="/"){(0,P.redirect)(`${A}/auth/login?return_url=${encodeURIComponent(t)}`)},getToken(){return e}}}function ye(e,t){let r=e.namespaceId??(e.userId||null);return{isAuthenticated:!0,type:e.namespaceId?"bot":"human",userId:e.userId,namespaceId:r,signerNamespace:null,keyId:e.keyId??null,email:e.email??null,name:e.name??null,picture:e.picture??null,hasLinkedUser:e.hasLinkedUser??!1,protect(){return this},redirectToSignIn(n="/"){(0,P.redirect)(`${A}/auth/login?return_url=${encodeURIComponent(n)}`)},getToken(){return t}}}async function U(){let t=(await(0,fe.headers)()).get("authorization");if(t?.startsWith("Bearer ")){let s=t.slice(7),p=await D(s);if(p?.sub){let c={isAuthenticated:!0,type:"human",userId:p.sub,namespaceId:p.sub,signerNamespace:null,keyId:null,email:p.email??null,name:p.name??null,picture:p.picture??null,hasLinkedUser:!0,protect(){return c},redirectToSignIn(o="/"){(0,P.redirect)(`${A}/auth/login?return_url=${encodeURIComponent(o)}`)},getToken(){return s}};return c}try{let c=H(s),o=c.ns||c.iss;if(o){if(z(o)){let u=await M(s,o);if(u){let l={isAuthenticated:!0,type:"bot",userId:o,namespaceId:o,signerNamespace:null,keyId:u.kid??null,email:null,name:null,picture:null,hasLinkedUser:!1,protect(){return l},redirectToSignIn(a="/"){(0,P.redirect)(`${A}/auth/login?return_url=${encodeURIComponent(a)}`)},getToken(){return s}};return l}}let i=await W(s,o);if(i){let u=o.startsWith("org_"),l={isAuthenticated:!0,type:"bot",userId:i.sub??null,namespaceId:o,signerNamespace:u?i.sub??null:null,keyId:i.kid??null,email:null,name:null,picture:null,hasLinkedUser:i.linked??!1,protect(){return l},redirectToSignIn(a="/"){(0,P.redirect)(`${A}/auth/login?return_url=${encodeURIComponent(a)}`)},getToken(){return s}};return l}}}catch{}return F(s)}let r=await O();if(r){let s=await me(r);return s?ye(r,s):F(null)}let n=await oe();if(n){let s=await me(n);return s?ye(n,s):F(null)}return F(null)}async function me(e){let t=e.accessToken??null;if(!t)return null;if(!ce(t))return t;if(!e.refreshToken)return null;let r=await ue(e.refreshToken);if(!r)return null;e.accessToken=r.accessToken,e.refreshToken=r.refreshToken;try{await K(e)}catch{}return r.accessToken}async function he(){return await O()}var I=L(require("jose"),1);function Ke(e){let t=e.domain||process.env.BOTPARTY_DOMAIN||process.env.VERCEL_PROJECT_PRODUCTION_URL||"localhost:3000",r=e.privateKey||process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!r)throw new Error("BotParty: missing private key. Pass privateKey in GatewayConfig or set BOTPARTY_CLIENT_ASSERTION_KEY.");return{domain:t,privateKey:r,serviceName:e.serviceName,serviceLogoUrl:e.serviceLogoUrl,facilitatorUrl:e.facilitatorUrl}}var G=null,ge=null;async function qe(e){return G&&ge===e||(G=await I.importPKCS8(e.replace(/\\n/g,`
|
|
3
3
|
`),"ES256"),ge=e),G}async function $e(e){let t=await qe(e.privateKey);return new I.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(e.domain).setIssuedAt().setExpirationTime("60s").sign(t)}function Ye(e){return e.facilitatorUrl||process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club"}function ke(){return process.env.NEXT_PUBLIC_URL?process.env.NEXT_PUBLIC_URL.replace(/\/$/,""):process.env.VERCEL_URL?`https://${process.env.VERCEL_URL}`:"http://localhost:3000"}function De(e,t,r,n,s){let p={x402Version:2,resource:{url:s,description:n},accepts:[{scheme:"redirect",network:"botparty:mainnet",asset:"botparty_credits",amount:String(r),payTo:t,maxTimeoutSeconds:300,extra:{description:n,serviceName:e.serviceName??e.domain,serviceLogoUrl:e.serviceLogoUrl}}]},c=Buffer.from(JSON.stringify(p)).toString("base64"),o={error:"payment_required",message:`Your human needs to validate this action by clicking this link:
|
|
4
4
|
${t}`,amount:String(r),asset:"botparty_credits",description:n??"",payTo:t,accepts:["redirect"]};return new Response(JSON.stringify(o),{status:402,headers:{"Content-Type":"application/json","PAYMENT-REQUIRED":c}})}function we(e={}){let t=Ke(e),r=Ye(e);async function n(c,o,i){try{let l={"Content-Type":"application/json","X-BotParty-Service":await $e(t)};return o&&(l.Authorization=`Bearer ${o}`),await fetch(`${r}${c}`,{method:"POST",headers:l,body:JSON.stringify(i)})}catch(u){let l=u instanceof Error?u.message:String(u);throw console.error(`[BotParty] callFacilitator ${c} failed:`,l),new Error(`BotParty facilitator call failed: ${l}`)}}async function s(c,o,i,u){try{let l=await U(),a=l.getToken(),d=l.isAuthenticated&&!!a,h=u||c.url;if(d){let y=await n("/api/v1/payments/verify",a,{resource:h,amount:String(o)});if(y.ok){let j=await y.json();if(j.isValid)return{authorized:!0,response:new Response(null),payerNamespace:l.namespaceId??"",token:a,paymentRequestId:j.paymentRequestId??null,authorizationId:null}}}let T={resource:{url:h,description:i},amount:String(o),maxTimeoutSeconds:1800,serviceName:t.serviceName,serviceLogoUrl:t.serviceLogoUrl};if(!d){let y=ke(),j=process.env.BOTPARTY_BASE_PATH||"/api/botparty";T.connectAppLoginUrl=`${y}${j}/auth/login?return_url=${encodeURIComponent(`${j}/auth/popup-done`)}`,T.connectAppDomain=t.domain}let S=await n("/api/v1/payments/create",d?a:null,T);if(!S.ok){let y=await S.text().catch(()=>"Facilitator error");return{authorized:!1,response:new Response(JSON.stringify({error:"facilitator_error",message:y}),{status:502,headers:{"Content-Type":"application/json"}}),payerNamespace:d?l.namespaceId??"":"",token:a??"",paymentRequestId:null,authorizationId:null}}let R=await S.json(),w=R.payTo;return{authorized:!1,response:De(t,w,o,i,h),payerNamespace:d?l.namespaceId??"":"",token:a??"",paymentRequestId:R.extra?.paymentRequestId??null,authorizationId:null}}catch(l){let a=l instanceof Error?l.message:String(l);return console.error("[BotParty] doRequire() failed:",a),{authorized:!1,response:new Response(JSON.stringify({error:"gateway_error",message:a}),{status:500,headers:{"Content-Type":"application/json"}}),payerNamespace:"",token:"",paymentRequestId:null,authorizationId:null}}}async function p(c,o){try{let i=await U(),u=i.getToken(),l=i.isAuthenticated&&!!u;if(l){let w=await n("/api/v1/payments/verify",u,{providerId:o.provider.id});if(w.ok){let y=await w.json();if(y.isValid)return{authorized:!0,response:new Response(null),payerNamespace:i.namespaceId??"",token:u,paymentRequestId:null,authorizationId:y.authorizationId??null}}}let a={provider:o.provider,services:o.services,serviceName:t.serviceName,serviceLogoUrl:t.serviceLogoUrl};if(!l){let w=ke(),y=process.env.BOTPARTY_BASE_PATH||"/api/botparty";a.connectAppLoginUrl=`${w}${y}/auth/login?return_url=${encodeURIComponent(`${y}/auth/popup-done`)}`,a.connectAppDomain=t.domain}let d=await n("/api/v1/payments/create",l?u:null,a);if(!d.ok){let w=await d.text().catch(()=>"Facilitator error");return{authorized:!1,response:new Response(JSON.stringify({error:"facilitator_error",message:w}),{status:502,headers:{"Content-Type":"application/json"}}),payerNamespace:l?i.namespaceId??"":"",token:u??"",paymentRequestId:null,authorizationId:null}}let h=await d.json(),T=h.payTo,S=h.authorizationId??null;if(d.status===200&&h.status==="active")return{authorized:!0,response:new Response(null),payerNamespace:l?i.namespaceId??"":"",token:u??"",paymentRequestId:null,authorizationId:S};let R={error:"payment_required",asset:"botparty_credits",description:`Provider: ${o.provider.title}`,authorizationId:S,provider:o.provider};return T?(R.message=`Your human needs to authorize this provider by clicking this link:
|
|
5
5
|
${T}`,R.payTo=T):R.message=`Payment authorization is required for ${o.provider.title}.`,{authorized:!1,response:new Response(JSON.stringify(R),{status:402,headers:{"Content-Type":"application/json"}}),payerNamespace:l?i.namespaceId??"":"",token:u??"",paymentRequestId:null,authorizationId:S}}catch(i){let u=i instanceof Error?i.message:String(i);return console.error("[BotParty] doRequireProviderAccess() failed:",u),{authorized:!1,response:new Response(JSON.stringify({error:"gateway_error",message:u}),{status:500,headers:{"Content-Type":"application/json"}}),payerNamespace:"",token:"",paymentRequestId:null,authorizationId:null}}}return{async requirePayment(c,o){return s(c,o.amount,o.description,o.resource)},async requireBudget(c,o){return s(c,o.estimated,o.description,o.resource)},async requireProviderAccess(c,o){return p(c,o)},async claim(c,o){try{let i={amount:String(o.amount),description:o.description};c.authorizationId?i.authorizationId=c.authorizationId:c.paymentRequestId&&(i.paymentRequestId=c.paymentRequestId);let u=await n("/api/v1/payments/settle",c.token,i);return u.ok?await u.json():{success:!1,error:(await u.json().catch(()=>({error:"settle_failed"}))).error??"settle_failed",canContinue:!1}}catch(i){let u=i instanceof Error?i.message:String(i);return console.error("[BotParty] claim() failed:",u),{success:!1,error:u,canContinue:!1}}}}}async function Te(){let e=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!e)return Response.json({error:"BOTPARTY_CLIENT_ASSERTION_KEY must be set"},{status:500});let t=await I.importPKCS8(e.replace(/\\n/g,`
|
|
6
|
-
`),"ES256"),r=await I.exportJWK(t),{d:n,...s}=r;return s.use="sig",s.alg="ES256",Response.json({keys:[s]},{headers:{"Cache-Control":"public, max-age=3600"}})}var X=require("next/server"),k=L(require("jose"),1),ee="__botparty_session",te="__botparty_refresh",
|
|
7
|
-
`),"ES256"),c=await new k.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(r).setSubject(r).setAudience(s).setIssuedAt().setExpirationTime("60s").setJti(crypto.randomUUID()).sign(p),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:r,client_assertion_type:
|
|
6
|
+
`),"ES256"),r=await I.exportJWK(t),{d:n,...s}=r;return s.use="sig",s.alg="ES256",Response.json({keys:[s]},{headers:{"Cache-Control":"public, max-age=3600"}})}var X=require("next/server"),k=L(require("jose"),1),ee="__botparty_session",te="__botparty_refresh",We="https://id.botparty.club",ze="urn:ietf:params:oauth:client-assertion-type:jwt-bearer";function Z(e){try{let t=k.decodeJwt(e);return t.exp?t.exp<Math.floor(Date.now()/1e3)+60:!0}catch{return!0}}async function Se(e){try{let t=process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club",r=process.env.BOTPARTY_CLIENT_ID,n=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!r||!n)return null;let s=`${t}/oauth/token`,p=await k.importPKCS8(n.replace(/\\n/g,`
|
|
7
|
+
`),"ES256"),c=await new k.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(r).setSubject(r).setAudience(s).setIssuedAt().setExpirationTime("60s").setJti(crypto.randomUUID()).sign(p),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:r,client_assertion_type:ze,client_assertion:c})});if(!o.ok)return null;let i=await o.json();return{accessToken:i.access_token,refreshToken:i.refresh_token}}catch{return null}}var V=null;async function Me(){if(V)return V;let e=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!e)throw new Error("[BotParty] BOTPARTY_CLIENT_ASSERTION_KEY env var is not set");let t=`bp-session-key:${e}`,r=await crypto.subtle.digest("SHA-256",new TextEncoder().encode(t));return V=new Uint8Array(r),V}function Pe(e){return async function(r){let n={refreshedToken:null,refreshedRefreshCookie:null,sessionPayload:null,clearCookies:!1},s=await Me(),p=r.cookies.get(ee)?.value;if(p)try{let{payload:a}=await k.jwtDecrypt(p,s);if(a.at&&Z(a.at))if(a.rt){let d=await Se(a.rt);d?(a.at=d.accessToken,a.rt=d.refreshToken,n.sessionPayload=a,n.refreshedToken=await _(s,a,"15m"),n.refreshedRefreshCookie=await _(s,a,"30d")):n.clearCookies=!0}else n.clearCookies=!0;else n.sessionPayload=a}catch{}if(!n.sessionPayload&&!n.clearCookies){let a=r.cookies.get(te)?.value;if(a)try{let{payload:d}=await k.jwtDecrypt(a,s);if(d.sub)if(d.at&&Z(d.at)&&d.rt){let h=await Se(d.rt);h?(d.at=h.accessToken,d.rt=h.refreshToken,n.sessionPayload=d,n.refreshedToken=await _(s,d,"15m"),n.refreshedRefreshCookie=await _(s,d,"30d")):n.clearCookies=!0}else d.at&&!Z(d.at)?(n.sessionPayload=d,n.refreshedToken=await _(s,d,"15m"),n.refreshedRefreshCookie=await _(s,d,"30d")):n.clearCookies=!0}catch{n.clearCookies=!0}}let c=`${r.nextUrl.origin}/api/botparty/auth/login?return_url=${encodeURIComponent(r.nextUrl.pathname)}`,o=n.sessionPayload?.namespaceId??null,i=o??(n.sessionPayload?.sub||null),u=n.sessionPayload?{isAuthenticated:!0,type:o?"bot":"human",userId:n.sessionPayload.sub??null,namespaceId:i,email:n.sessionPayload.email??null,protect(){return this},redirectToSignIn(){throw new b(c)}}:{isAuthenticated:!1,type:null,userId:null,namespaceId:null,email:null,protect(){throw new b(c)},redirectToSignIn(){throw new b(c)}};try{if(e){let a=await e(u,r);if(a instanceof Response)return Re(X.NextResponse.next({headers:a.headers}),n,r)}}catch(a){if(a instanceof b)return X.NextResponse.redirect(a.url);throw a}let l=X.NextResponse.next();return Re(l,n,r)}}async function _(e,t,r){return new k.EncryptJWT({email:t.email,name:t.name,picture:t.picture,namespaceId:t.namespaceId,keyId:t.keyId,hasLinkedUser:t.hasLinkedUser,at:t.at,rt:t.rt}).setProtectedHeader({alg:"dir",enc:"A256GCM"}).setSubject(t.sub).setIssuedAt().setExpirationTime(r).setIssuer(We).encrypt(e)}function Re(e,t,r){let n={httpOnly:!0,secure:r.nextUrl.protocol==="https:",sameSite:"lax",path:"/"};return t.clearCookies?(e.cookies.delete(ee),e.cookies.delete(te),e):(t.refreshedToken&&e.cookies.set(ee,t.refreshedToken,{...n,maxAge:900}),t.refreshedRefreshCookie&&e.cookies.set(te,t.refreshedRefreshCookie,{...n,maxAge:720*60*60}),e)}var b=class{url;constructor(t){this.url=t}};function Ie(e){let t=e.map(r=>{if(r instanceof RegExp)return r;let s=r.replace(/[.*+?^${}()|[\]\\]/g,"\\$&").replace(/\\\.\\\*/,".*").replace(/\\\(/,"(").replace(/\\\)/,")");return new RegExp(`^${s}$`)});return r=>{let n=r.nextUrl.pathname;return t.some(s=>s.test(n))}}0&&(module.exports={REFRESH_COOKIE,SESSION_COOKIE,auth,botpartyMiddleware,configureJwksCache,createJwksResponse,createPaymentGateway,createRouteMatcher,createSession,currentUser,decodeToken,destroySession,drainJwksRevalidations,isDomain,readSession,verifyAccessToken,verifyDomainToken,verifyNamespaceToken});
|
package/dist/server.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import{headers as Pe}from"next/headers";import{redirect as v}from"next/navigation";import*as m from"jose";import{cookies as C}from"next/headers";var x="__botparty_session",O="__botparty_refresh",ye="15m",me="30d",fe=900,he=720*60*60,ee="https://id.botparty.club",E=null;async function U(){if(E)return E;let e=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!e)throw new Error("[BotParty] BOTPARTY_CLIENT_ASSERTION_KEY env var is not set");let t=`bp-session-key:${e}`,r=await crypto.subtle.digest("SHA-256",new TextEncoder().encode(t));return E=new Uint8Array(r),E}function te(e){return e.sub?{userId:e.sub,email:e.email,name:e.name,picture:e.picture,namespaceId:e.namespaceId,keyId:e.keyId,hasLinkedUser:e.hasLinkedUser??!1,accessToken:e.at,refreshToken:e.rt}:null}async function N(){let t=(await C()).get(x)?.value;if(!t)return null;try{let r=await U(),{payload:n}=await m.jwtDecrypt(t,r);return te(n)}catch{return null}}async function re(){let t=(await C()).get(O)?.value;if(!t)return null;try{let r=await U(),{payload:n}=await m.jwtDecrypt(t,r);return te(n)}catch{return null}}function ne(e){return{email:e.email,name:e.name,picture:e.picture,namespaceId:e.namespaceId,keyId:e.keyId,hasLinkedUser:e.hasLinkedUser??!1,at:e.accessToken,rt:e.refreshToken}}async function ge(e){let t=await U();return new m.EncryptJWT(ne(e)).setProtectedHeader({alg:"dir",enc:"A256GCM"}).setSubject(e.userId).setIssuedAt().setExpirationTime(ye).setIssuer(ee).encrypt(t)}async function ke(e){let t=await U();return new m.EncryptJWT(ne(e)).setProtectedHeader({alg:"dir",enc:"A256GCM"}).setSubject(e.userId).setIssuedAt().setExpirationTime(me).setIssuer(ee).encrypt(t)}async function D(e){let t=await C(),n={httpOnly:!0,secure:process.env.NODE_ENV==="production",sameSite:"lax",path:"/"};t.set(x,await ge(e),{...n,maxAge:fe}),t.set(O,await ke(e),{...n,maxAge:he})}async function we(){let e=await C();e.delete(x),e.delete(O)}var Te="urn:ietf:params:oauth:client-assertion-type:jwt-bearer";function se(e){try{let t=m.decodeJwt(e);return t.exp?t.exp<Math.floor(Date.now()/1e3)+60:!0}catch{return!0}}async function oe(e){try{let t=process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club",r=process.env.BOTPARTY_CLIENT_ID,n=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!r||!n)return null;let s=`${t}/oauth/token`,p=await m.importPKCS8(n.replace(/\\n/g,`
|
|
2
|
-
`),"ES256"),c=await new m.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(r).setSubject(r).setAudience(s).setIssuedAt().setExpirationTime("60s").setJti(crypto.randomUUID()).sign(p),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:r,client_assertion_type:Te,client_assertion:c})});if(!o.ok)return console.error("[BotParty] Token refresh failed:",o.status,await o.text().catch(()=>"")),null;let i=await o.json();return{accessToken:i.access_token,refreshToken:i.refresh_token}}catch(t){return console.error("[BotParty] Token refresh error:",t instanceof Error?t.message:t),null}}import*as f from"jose";var L=600*1e3,I=new Map,g=null;function Se(e){g=e}var J=[];async function Re(){let e=J;J=[],await Promise.allSettled(e.map(t=>t()))}async function ae(e){try{let t=await fetch(e,{cache:"no-store"});if(!t.ok)return;let r=await t.json();I.set(e,{jwks:r,expiresAt:Date.now()+L}),g&&await g.set(e,r)}catch{}}function B(){return process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club"}async function
|
|
2
|
+
`),"ES256"),c=await new m.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(r).setSubject(r).setAudience(s).setIssuedAt().setExpirationTime("60s").setJti(crypto.randomUUID()).sign(p),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:r,client_assertion_type:Te,client_assertion:c})});if(!o.ok)return console.error("[BotParty] Token refresh failed:",o.status,await o.text().catch(()=>"")),null;let i=await o.json();return{accessToken:i.access_token,refreshToken:i.refresh_token}}catch(t){return console.error("[BotParty] Token refresh error:",t instanceof Error?t.message:t),null}}import*as f from"jose";var L=600*1e3,I=new Map,g=null;function Se(e){g=e}var J=[];async function Re(){let e=J;J=[],await Promise.allSettled(e.map(t=>t()))}async function ae(e){try{let t=await fetch(e,{cache:"no-store"});if(!t.ok)return;let r=await t.json();I.set(e,{jwks:r,expiresAt:Date.now()+L}),g&&await g.set(e,r)}catch{}}function B(){return process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club"}async function W(e){let t=I.get(e);if(t&&Date.now()<t.expiresAt)return J.push(()=>ae(e)),t.jwks;if(g){let s=await g.get(e);if(s)return I.set(e,{jwks:s,expiresAt:Date.now()+L}),J.push(()=>ae(e)),s}let r=await fetch(e);if(!r.ok)throw new Error(`Failed to fetch JWKS from ${e}: ${r.status}`);let n=await r.json();return I.set(e,{jwks:n,expiresAt:Date.now()+L}),g&&await g.set(e,n),n}async function z(e){try{let t=`${B()}/.well-known/jwks.json`,r=await W(t),n=f.createLocalJWKSet(r),{payload:s}=await f.jwtVerify(e,n,{algorithms:["ES256"],issuer:B()});return s}catch{return null}}async function M(e,t){try{let r=`${B()}/api/v1/namespaces/${encodeURIComponent(t)}/jwks.json`,n=await W(r),s=f.createLocalJWKSet(n),{payload:p}=await f.jwtVerify(e,s);return p}catch{return null}}function H(e){return/^([a-z0-9-]+\.)+[a-z]{2,}$/i.test(e)}async function F(e,t){let r=`${B()}/api/v1/namespaces/${encodeURIComponent(t)}/jwks.json`;try{let n=await W(r);if(!n.keys?.length)return null;let s=f.createLocalJWKSet(n),{payload:p}=await f.jwtVerify(e,s);return p}catch{}try{I.delete(r),g&&await g.set(r,{keys:[]});let n=`${r}?bypass-cache=true`,s=await fetch(n,{cache:"no-store"});if(!s.ok)return null;let p=await s.json();if(!p.keys?.length)return null;I.set(r,{jwks:p,expiresAt:Date.now()+L}),g&&await g.set(r,p);let c=f.createLocalJWKSet(p),{payload:o}=await f.jwtVerify(e,c);return o}catch{return null}}function G(e){return f.decodeJwt(e)}var A="/api/botparty";function K(e){return{isAuthenticated:!1,type:null,userId:null,namespaceId:null,signerNamespace:null,keyId:null,email:null,name:null,picture:null,hasLinkedUser:!1,protect(){v(`${A}/auth/login`)},redirectToSignIn(t="/"){v(`${A}/auth/login?return_url=${encodeURIComponent(t)}`)},getToken(){return e}}}function ie(e,t){let r=e.namespaceId??(e.userId||null);return{isAuthenticated:!0,type:e.namespaceId?"bot":"human",userId:e.userId,namespaceId:r,signerNamespace:null,keyId:e.keyId??null,email:e.email??null,name:e.name??null,picture:e.picture??null,hasLinkedUser:e.hasLinkedUser??!1,protect(){return this},redirectToSignIn(n="/"){v(`${A}/auth/login?return_url=${encodeURIComponent(n)}`)},getToken(){return t}}}async function q(){let t=(await Pe()).get("authorization");if(t?.startsWith("Bearer ")){let s=t.slice(7),p=await z(s);if(p?.sub){let c={isAuthenticated:!0,type:"human",userId:p.sub,namespaceId:p.sub,signerNamespace:null,keyId:null,email:p.email??null,name:p.name??null,picture:p.picture??null,hasLinkedUser:!0,protect(){return c},redirectToSignIn(o="/"){v(`${A}/auth/login?return_url=${encodeURIComponent(o)}`)},getToken(){return s}};return c}try{let c=G(s),o=c.ns||c.iss;if(o){if(H(o)){let u=await F(s,o);if(u){let l={isAuthenticated:!0,type:"bot",userId:o,namespaceId:o,signerNamespace:null,keyId:u.kid??null,email:null,name:null,picture:null,hasLinkedUser:!1,protect(){return l},redirectToSignIn(a="/"){v(`${A}/auth/login?return_url=${encodeURIComponent(a)}`)},getToken(){return s}};return l}}let i=await M(s,o);if(i){let u=o.startsWith("org_"),l={isAuthenticated:!0,type:"bot",userId:i.sub??null,namespaceId:o,signerNamespace:u?i.sub??null:null,keyId:i.kid??null,email:null,name:null,picture:null,hasLinkedUser:i.linked??!1,protect(){return l},redirectToSignIn(a="/"){v(`${A}/auth/login?return_url=${encodeURIComponent(a)}`)},getToken(){return s}};return l}}}catch{}return K(s)}let r=await N();if(r){let s=await ce(r);return s?ie(r,s):K(null)}let n=await re();if(n){let s=await ce(n);return s?ie(n,s):K(null)}return K(null)}async function ce(e){let t=e.accessToken??null;if(!t)return null;if(!se(t))return t;if(!e.refreshToken)return null;let r=await oe(e.refreshToken);if(!r)return null;e.accessToken=r.accessToken,e.refreshToken=r.refreshToken;try{await D(e)}catch{}return r.accessToken}async function Ie(){return await N()}import*as P from"jose";function ve(e){let t=e.domain||process.env.BOTPARTY_DOMAIN||process.env.VERCEL_PROJECT_PRODUCTION_URL||"localhost:3000",r=e.privateKey||process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!r)throw new Error("BotParty: missing private key. Pass privateKey in GatewayConfig or set BOTPARTY_CLIENT_ASSERTION_KEY.");return{domain:t,privateKey:r,serviceName:e.serviceName,serviceLogoUrl:e.serviceLogoUrl,facilitatorUrl:e.facilitatorUrl}}var $=null,ue=null;async function Ae(e){return $&&ue===e||($=await P.importPKCS8(e.replace(/\\n/g,`
|
|
3
3
|
`),"ES256"),ue=e),$}async function _e(e){let t=await Ae(e.privateKey);return new P.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(e.domain).setIssuedAt().setExpirationTime("60s").sign(t)}function be(e){return e.facilitatorUrl||process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club"}function le(){return process.env.NEXT_PUBLIC_URL?process.env.NEXT_PUBLIC_URL.replace(/\/$/,""):process.env.VERCEL_URL?`https://${process.env.VERCEL_URL}`:"http://localhost:3000"}function je(e,t,r,n,s){let p={x402Version:2,resource:{url:s,description:n},accepts:[{scheme:"redirect",network:"botparty:mainnet",asset:"botparty_credits",amount:String(r),payTo:t,maxTimeoutSeconds:300,extra:{description:n,serviceName:e.serviceName??e.domain,serviceLogoUrl:e.serviceLogoUrl}}]},c=Buffer.from(JSON.stringify(p)).toString("base64"),o={error:"payment_required",message:`Your human needs to validate this action by clicking this link:
|
|
4
4
|
${t}`,amount:String(r),asset:"botparty_credits",description:n??"",payTo:t,accepts:["redirect"]};return new Response(JSON.stringify(o),{status:402,headers:{"Content-Type":"application/json","PAYMENT-REQUIRED":c}})}function Ee(e={}){let t=ve(e),r=be(e);async function n(c,o,i){try{let l={"Content-Type":"application/json","X-BotParty-Service":await _e(t)};return o&&(l.Authorization=`Bearer ${o}`),await fetch(`${r}${c}`,{method:"POST",headers:l,body:JSON.stringify(i)})}catch(u){let l=u instanceof Error?u.message:String(u);throw console.error(`[BotParty] callFacilitator ${c} failed:`,l),new Error(`BotParty facilitator call failed: ${l}`)}}async function s(c,o,i,u){try{let l=await q(),a=l.getToken(),d=l.isAuthenticated&&!!a,h=u||c.url;if(d){let y=await n("/api/v1/payments/verify",a,{resource:h,amount:String(o)});if(y.ok){let j=await y.json();if(j.isValid)return{authorized:!0,response:new Response(null),payerNamespace:l.namespaceId??"",token:a,paymentRequestId:j.paymentRequestId??null,authorizationId:null}}}let T={resource:{url:h,description:i},amount:String(o),maxTimeoutSeconds:1800,serviceName:t.serviceName,serviceLogoUrl:t.serviceLogoUrl};if(!d){let y=le(),j=process.env.BOTPARTY_BASE_PATH||"/api/botparty";T.connectAppLoginUrl=`${y}${j}/auth/login?return_url=${encodeURIComponent(`${j}/auth/popup-done`)}`,T.connectAppDomain=t.domain}let S=await n("/api/v1/payments/create",d?a:null,T);if(!S.ok){let y=await S.text().catch(()=>"Facilitator error");return{authorized:!1,response:new Response(JSON.stringify({error:"facilitator_error",message:y}),{status:502,headers:{"Content-Type":"application/json"}}),payerNamespace:d?l.namespaceId??"":"",token:a??"",paymentRequestId:null,authorizationId:null}}let R=await S.json(),w=R.payTo;return{authorized:!1,response:je(t,w,o,i,h),payerNamespace:d?l.namespaceId??"":"",token:a??"",paymentRequestId:R.extra?.paymentRequestId??null,authorizationId:null}}catch(l){let a=l instanceof Error?l.message:String(l);return console.error("[BotParty] doRequire() failed:",a),{authorized:!1,response:new Response(JSON.stringify({error:"gateway_error",message:a}),{status:500,headers:{"Content-Type":"application/json"}}),payerNamespace:"",token:"",paymentRequestId:null,authorizationId:null}}}async function p(c,o){try{let i=await q(),u=i.getToken(),l=i.isAuthenticated&&!!u;if(l){let w=await n("/api/v1/payments/verify",u,{providerId:o.provider.id});if(w.ok){let y=await w.json();if(y.isValid)return{authorized:!0,response:new Response(null),payerNamespace:i.namespaceId??"",token:u,paymentRequestId:null,authorizationId:y.authorizationId??null}}}let a={provider:o.provider,services:o.services,serviceName:t.serviceName,serviceLogoUrl:t.serviceLogoUrl};if(!l){let w=le(),y=process.env.BOTPARTY_BASE_PATH||"/api/botparty";a.connectAppLoginUrl=`${w}${y}/auth/login?return_url=${encodeURIComponent(`${y}/auth/popup-done`)}`,a.connectAppDomain=t.domain}let d=await n("/api/v1/payments/create",l?u:null,a);if(!d.ok){let w=await d.text().catch(()=>"Facilitator error");return{authorized:!1,response:new Response(JSON.stringify({error:"facilitator_error",message:w}),{status:502,headers:{"Content-Type":"application/json"}}),payerNamespace:l?i.namespaceId??"":"",token:u??"",paymentRequestId:null,authorizationId:null}}let h=await d.json(),T=h.payTo,S=h.authorizationId??null;if(d.status===200&&h.status==="active")return{authorized:!0,response:new Response(null),payerNamespace:l?i.namespaceId??"":"",token:u??"",paymentRequestId:null,authorizationId:S};let R={error:"payment_required",asset:"botparty_credits",description:`Provider: ${o.provider.title}`,authorizationId:S,provider:o.provider};return T?(R.message=`Your human needs to authorize this provider by clicking this link:
|
|
5
5
|
${T}`,R.payTo=T):R.message=`Payment authorization is required for ${o.provider.title}.`,{authorized:!1,response:new Response(JSON.stringify(R),{status:402,headers:{"Content-Type":"application/json"}}),payerNamespace:l?i.namespaceId??"":"",token:u??"",paymentRequestId:null,authorizationId:S}}catch(i){let u=i instanceof Error?i.message:String(i);return console.error("[BotParty] doRequireProviderAccess() failed:",u),{authorized:!1,response:new Response(JSON.stringify({error:"gateway_error",message:u}),{status:500,headers:{"Content-Type":"application/json"}}),payerNamespace:"",token:"",paymentRequestId:null,authorizationId:null}}}return{async requirePayment(c,o){return s(c,o.amount,o.description,o.resource)},async requireBudget(c,o){return s(c,o.estimated,o.description,o.resource)},async requireProviderAccess(c,o){return p(c,o)},async claim(c,o){try{let i={amount:String(o.amount),description:o.description};c.authorizationId?i.authorizationId=c.authorizationId:c.paymentRequestId&&(i.paymentRequestId=c.paymentRequestId);let u=await n("/api/v1/payments/settle",c.token,i);return u.ok?await u.json():{success:!1,error:(await u.json().catch(()=>({error:"settle_failed"}))).error??"settle_failed",canContinue:!1}}catch(i){let u=i instanceof Error?i.message:String(i);return console.error("[BotParty] claim() failed:",u),{success:!1,error:u,canContinue:!1}}}}}async function Ce(){let e=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!e)return Response.json({error:"BOTPARTY_CLIENT_ASSERTION_KEY must be set"},{status:500});let t=await P.importPKCS8(e.replace(/\\n/g,`
|
|
6
6
|
`),"ES256"),r=await P.exportJWK(t),{d:n,...s}=r;return s.use="sig",s.alg="ES256",Response.json({keys:[s]},{headers:{"Cache-Control":"public, max-age=3600"}})}import{NextResponse as V}from"next/server";import*as k from"jose";var Q="__botparty_session",Z="__botparty_refresh",xe="https://id.botparty.club",Oe="urn:ietf:params:oauth:client-assertion-type:jwt-bearer";function X(e){try{let t=k.decodeJwt(e);return t.exp?t.exp<Math.floor(Date.now()/1e3)+60:!0}catch{return!0}}async function de(e){try{let t=process.env.BOTPARTY_AUTH_URL||"https://id.botparty.club",r=process.env.BOTPARTY_CLIENT_ID,n=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!r||!n)return null;let s=`${t}/oauth/token`,p=await k.importPKCS8(n.replace(/\\n/g,`
|
|
7
|
-
`),"ES256"),c=await new k.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(r).setSubject(r).setAudience(s).setIssuedAt().setExpirationTime("60s").setJti(crypto.randomUUID()).sign(p),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:r,client_assertion_type:Oe,client_assertion:c})});if(!o.ok)return null;let i=await o.json();return{accessToken:i.access_token,refreshToken:i.refresh_token}}catch{return null}}var Y=null;async function Ue(){if(Y)return Y;let e=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!e)throw new Error("[BotParty] BOTPARTY_CLIENT_ASSERTION_KEY env var is not set");let t=`bp-session-key:${e}`,r=await crypto.subtle.digest("SHA-256",new TextEncoder().encode(t));return Y=new Uint8Array(r),Y}function Ne(e){return async function(r){let n={refreshedToken:null,refreshedRefreshCookie:null,sessionPayload:null,clearCookies:!1},s=await Ue(),p=r.cookies.get(Q)?.value;if(p)try{let{payload:a}=await k.jwtDecrypt(p,s);if(a.at&&X(a.at))if(a.rt){let d=await de(a.rt);d?(a.at=d.accessToken,a.rt=d.refreshToken,n.sessionPayload=a,n.refreshedToken=await _(s,a,"15m"),n.refreshedRefreshCookie=await _(s,a,"30d")):n.clearCookies=!0}else n.clearCookies=!0;else n.sessionPayload=a}catch{}if(!n.sessionPayload&&!n.clearCookies){let a=r.cookies.get(Z)?.value;if(a)try{let{payload:d}=await k.jwtDecrypt(a,s);if(d.sub)if(d.at&&X(d.at)&&d.rt){let h=await de(d.rt);h?(d.at=h.accessToken,d.rt=h.refreshToken,n.sessionPayload=d,n.refreshedToken=await _(s,d,"15m"),n.refreshedRefreshCookie=await _(s,d,"30d")):n.clearCookies=!0}else d.at&&!X(d.at)?(n.sessionPayload=d,n.refreshedToken=await _(s,d,"15m"),n.refreshedRefreshCookie=await _(s,d,"30d")):n.clearCookies=!0}catch{n.clearCookies=!0}}let c=`${r.nextUrl.origin}/api/botparty/auth/login?return_url=${encodeURIComponent(r.nextUrl.pathname)}`,o=n.sessionPayload?.namespaceId??null,i=o??(n.sessionPayload?.sub||null),u=n.sessionPayload?{isAuthenticated:!0,type:o?"bot":"human",userId:n.sessionPayload.sub??null,namespaceId:i,email:n.sessionPayload.email??null,protect(){return this},redirectToSignIn(){throw new b(c)}}:{isAuthenticated:!1,type:null,userId:null,namespaceId:null,email:null,protect(){throw new b(c)},redirectToSignIn(){throw new b(c)}};try{if(e){let a=await e(u,r);if(a instanceof Response)return pe(V.next({headers:a.headers}),n,r)}}catch(a){if(a instanceof b)return V.redirect(a.url);throw a}let l=V.next();return pe(l,n,r)}}async function _(e,t,r){return new k.EncryptJWT({email:t.email,name:t.name,picture:t.picture,namespaceId:t.namespaceId,keyId:t.keyId,hasLinkedUser:t.hasLinkedUser,at:t.at,rt:t.rt}).setProtectedHeader({alg:"dir",enc:"A256GCM"}).setSubject(t.sub).setIssuedAt().setExpirationTime(r).setIssuer(xe).encrypt(e)}function pe(e,t,r){let n={httpOnly:!0,secure:r.nextUrl.protocol==="https:",sameSite:"lax",path:"/"};return t.clearCookies?(e.cookies.delete(Q),e.cookies.delete(Z),e):(t.refreshedToken&&e.cookies.set(Q,t.refreshedToken,{...n,maxAge:900}),t.refreshedRefreshCookie&&e.cookies.set(Z,t.refreshedRefreshCookie,{...n,maxAge:720*60*60}),e)}var b=class{url;constructor(t){this.url=t}};function Le(e){let t=e.map(r=>{if(r instanceof RegExp)return r;let s=r.replace(/[.*+?^${}()|[\]\\]/g,"\\$&").replace(/\\\.\\\*/,".*").replace(/\\\(/,"(").replace(/\\\)/,")");return new RegExp(`^${s}$`)});return r=>{let n=r.nextUrl.pathname;return t.some(s=>s.test(n))}}export{O as REFRESH_COOKIE,x as SESSION_COOKIE,q as auth,Ne as botpartyMiddleware,Se as configureJwksCache,Ce as createJwksResponse,Ee as createPaymentGateway,Le as createRouteMatcher,D as createSession,Ie as currentUser,G as decodeToken,we as destroySession,Re as drainJwksRevalidations,H as isDomain,N as readSession,
|
|
7
|
+
`),"ES256"),c=await new k.SignJWT({}).setProtectedHeader({alg:"ES256"}).setIssuer(r).setSubject(r).setAudience(s).setIssuedAt().setExpirationTime("60s").setJti(crypto.randomUUID()).sign(p),o=await fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:r,client_assertion_type:Oe,client_assertion:c})});if(!o.ok)return null;let i=await o.json();return{accessToken:i.access_token,refreshToken:i.refresh_token}}catch{return null}}var Y=null;async function Ue(){if(Y)return Y;let e=process.env.BOTPARTY_CLIENT_ASSERTION_KEY;if(!e)throw new Error("[BotParty] BOTPARTY_CLIENT_ASSERTION_KEY env var is not set");let t=`bp-session-key:${e}`,r=await crypto.subtle.digest("SHA-256",new TextEncoder().encode(t));return Y=new Uint8Array(r),Y}function Ne(e){return async function(r){let n={refreshedToken:null,refreshedRefreshCookie:null,sessionPayload:null,clearCookies:!1},s=await Ue(),p=r.cookies.get(Q)?.value;if(p)try{let{payload:a}=await k.jwtDecrypt(p,s);if(a.at&&X(a.at))if(a.rt){let d=await de(a.rt);d?(a.at=d.accessToken,a.rt=d.refreshToken,n.sessionPayload=a,n.refreshedToken=await _(s,a,"15m"),n.refreshedRefreshCookie=await _(s,a,"30d")):n.clearCookies=!0}else n.clearCookies=!0;else n.sessionPayload=a}catch{}if(!n.sessionPayload&&!n.clearCookies){let a=r.cookies.get(Z)?.value;if(a)try{let{payload:d}=await k.jwtDecrypt(a,s);if(d.sub)if(d.at&&X(d.at)&&d.rt){let h=await de(d.rt);h?(d.at=h.accessToken,d.rt=h.refreshToken,n.sessionPayload=d,n.refreshedToken=await _(s,d,"15m"),n.refreshedRefreshCookie=await _(s,d,"30d")):n.clearCookies=!0}else d.at&&!X(d.at)?(n.sessionPayload=d,n.refreshedToken=await _(s,d,"15m"),n.refreshedRefreshCookie=await _(s,d,"30d")):n.clearCookies=!0}catch{n.clearCookies=!0}}let c=`${r.nextUrl.origin}/api/botparty/auth/login?return_url=${encodeURIComponent(r.nextUrl.pathname)}`,o=n.sessionPayload?.namespaceId??null,i=o??(n.sessionPayload?.sub||null),u=n.sessionPayload?{isAuthenticated:!0,type:o?"bot":"human",userId:n.sessionPayload.sub??null,namespaceId:i,email:n.sessionPayload.email??null,protect(){return this},redirectToSignIn(){throw new b(c)}}:{isAuthenticated:!1,type:null,userId:null,namespaceId:null,email:null,protect(){throw new b(c)},redirectToSignIn(){throw new b(c)}};try{if(e){let a=await e(u,r);if(a instanceof Response)return pe(V.next({headers:a.headers}),n,r)}}catch(a){if(a instanceof b)return V.redirect(a.url);throw a}let l=V.next();return pe(l,n,r)}}async function _(e,t,r){return new k.EncryptJWT({email:t.email,name:t.name,picture:t.picture,namespaceId:t.namespaceId,keyId:t.keyId,hasLinkedUser:t.hasLinkedUser,at:t.at,rt:t.rt}).setProtectedHeader({alg:"dir",enc:"A256GCM"}).setSubject(t.sub).setIssuedAt().setExpirationTime(r).setIssuer(xe).encrypt(e)}function pe(e,t,r){let n={httpOnly:!0,secure:r.nextUrl.protocol==="https:",sameSite:"lax",path:"/"};return t.clearCookies?(e.cookies.delete(Q),e.cookies.delete(Z),e):(t.refreshedToken&&e.cookies.set(Q,t.refreshedToken,{...n,maxAge:900}),t.refreshedRefreshCookie&&e.cookies.set(Z,t.refreshedRefreshCookie,{...n,maxAge:720*60*60}),e)}var b=class{url;constructor(t){this.url=t}};function Le(e){let t=e.map(r=>{if(r instanceof RegExp)return r;let s=r.replace(/[.*+?^${}()|[\]\\]/g,"\\$&").replace(/\\\.\\\*/,".*").replace(/\\\(/,"(").replace(/\\\)/,")");return new RegExp(`^${s}$`)});return r=>{let n=r.nextUrl.pathname;return t.some(s=>s.test(n))}}export{O as REFRESH_COOKIE,x as SESSION_COOKIE,q as auth,Ne as botpartyMiddleware,Se as configureJwksCache,Ce as createJwksResponse,Ee as createPaymentGateway,Le as createRouteMatcher,D as createSession,Ie as currentUser,G as decodeToken,we as destroySession,Re as drainJwksRevalidations,H as isDomain,N as readSession,z as verifyAccessToken,F as verifyDomainToken,M as verifyNamespaceToken};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@botparty/nextjs",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.57",
|
|
4
4
|
"description": "Next.js SDK for BotParty auth — middleware, server auth(), route handlers, SSR provider",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.cjs",
|
|
@@ -63,7 +63,7 @@
|
|
|
63
63
|
"dev": "tsc --watch"
|
|
64
64
|
},
|
|
65
65
|
"dependencies": {
|
|
66
|
-
"@botparty/react": "0.0.
|
|
66
|
+
"@botparty/react": "0.0.57",
|
|
67
67
|
"@botparty/sdk": "0.0.47",
|
|
68
68
|
"jose": "^6.1.2"
|
|
69
69
|
},
|