@civic/auth 0.0.1-beta.24 → 0.0.1-beta.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/AuthProvider-BBetpl_s.d.mts +21 -0
- package/dist/AuthProvider-BYZ8w92b.d.mts +15 -0
- package/dist/AuthProvider-BgOwv9h8.d.ts +15 -0
- package/dist/AuthProvider-D_kReUi0.d.ts +21 -0
- package/dist/{index-DTimUlkB.d.ts → UserProvider-BA2uflVB.d.ts} +1 -2
- package/dist/{index-DvjkKpkk.d.mts → UserProvider-Bl3j1PUO.d.mts} +1 -2
- package/dist/chunk-2OZJONNO.js.map +1 -1
- package/dist/chunk-2TDB4XWE.js +277 -0
- package/dist/chunk-2TDB4XWE.js.map +1 -0
- package/dist/chunk-2ZUCE3XM.mjs +705 -0
- package/dist/chunk-2ZUCE3XM.mjs.map +1 -0
- package/dist/{chunk-A43GY6C3.mjs → chunk-4KSQPSLG.mjs} +7 -12
- package/dist/chunk-4KSQPSLG.mjs.map +1 -0
- package/dist/chunk-55ELY65Q.mjs +706 -0
- package/dist/chunk-55ELY65Q.mjs.map +1 -0
- package/dist/chunk-5UQQYXCX.js.map +1 -1
- package/dist/chunk-63YGK3A7.mjs +223 -0
- package/dist/chunk-63YGK3A7.mjs.map +1 -0
- package/dist/chunk-6RFRDWIP.js.map +1 -1
- package/dist/{chunk-74J7HX36.mjs → chunk-6UFAMFB3.mjs} +5 -5
- package/dist/chunk-6UFAMFB3.mjs.map +1 -0
- package/dist/chunk-75242WAX.js +711 -0
- package/dist/chunk-75242WAX.js.map +1 -0
- package/dist/chunk-7K3QN2AT.js.map +1 -1
- package/dist/chunk-ADCTONP6.js +709 -0
- package/dist/chunk-ADCTONP6.js.map +1 -0
- package/dist/{chunk-RF23Q4V6.js → chunk-AM2Y662I.js} +117 -224
- package/dist/chunk-AM2Y662I.js.map +1 -0
- package/dist/chunk-B3L76DWC.mjs +705 -0
- package/dist/chunk-B3L76DWC.mjs.map +1 -0
- package/dist/{chunk-WXSUVTI4.mjs → chunk-BCXJ4LWQ.mjs} +3 -2
- package/dist/chunk-BCXJ4LWQ.mjs.map +1 -0
- package/dist/chunk-BFJSBJHA.js +709 -0
- package/dist/chunk-BFJSBJHA.js.map +1 -0
- package/dist/chunk-BLLLGPVG.mjs +277 -0
- package/dist/chunk-BLLLGPVG.mjs.map +1 -0
- package/dist/{chunk-COWYPS3A.js → chunk-CJCLQQS5.js} +3 -2
- package/dist/chunk-CJCLQQS5.js.map +1 -0
- package/dist/chunk-CMMHRIMG.js +705 -0
- package/dist/chunk-CMMHRIMG.js.map +1 -0
- package/dist/chunk-CRTRMMJ7.js.map +1 -1
- package/dist/chunk-CTVJJBBA.js.map +1 -1
- package/dist/chunk-D53PLWCK.js +703 -0
- package/dist/chunk-D53PLWCK.js.map +1 -0
- package/dist/chunk-EKLYHP2D.mjs +711 -0
- package/dist/chunk-EKLYHP2D.mjs.map +1 -0
- package/dist/{chunk-XNSHSKGI.js → chunk-FHRZSX3C.js} +2 -2
- package/dist/chunk-FHRZSX3C.js.map +1 -0
- package/dist/{chunk-5XL2ST72.mjs → chunk-G7PH56KW.mjs} +77 -29
- package/dist/chunk-G7PH56KW.mjs.map +1 -0
- package/dist/chunk-GB3H3I47.js +711 -0
- package/dist/chunk-GB3H3I47.js.map +1 -0
- package/dist/chunk-GFP6OLRQ.js +709 -0
- package/dist/chunk-GFP6OLRQ.js.map +1 -0
- package/dist/chunk-HMPKCLIJ.mjs +709 -0
- package/dist/chunk-HMPKCLIJ.mjs.map +1 -0
- package/dist/chunk-IENACY5A.js +116 -0
- package/dist/chunk-IENACY5A.js.map +1 -0
- package/dist/chunk-J5KMPZIV.mjs +708 -0
- package/dist/chunk-J5KMPZIV.mjs.map +1 -0
- package/dist/chunk-J7FWSTAL.js +711 -0
- package/dist/chunk-J7FWSTAL.js.map +1 -0
- package/dist/chunk-JDZPCA3P.js.map +1 -1
- package/dist/chunk-JEOPLLWO.js +223 -0
- package/dist/chunk-JEOPLLWO.js.map +1 -0
- package/dist/chunk-JTQHIECR.mjs +709 -0
- package/dist/chunk-JTQHIECR.mjs.map +1 -0
- package/dist/chunk-KBHDXIAM.js +711 -0
- package/dist/chunk-KBHDXIAM.js.map +1 -0
- package/dist/chunk-KSOWEBHG.js +720 -0
- package/dist/chunk-KSOWEBHG.js.map +1 -0
- package/dist/chunk-LPW3B7PM.js +712 -0
- package/dist/chunk-LPW3B7PM.js.map +1 -0
- package/dist/chunk-M7QA57W3.mjs +711 -0
- package/dist/chunk-M7QA57W3.mjs.map +1 -0
- package/dist/{chunk-3YV5NEM4.js → chunk-MXAJ6OFR.js} +7 -12
- package/dist/chunk-MXAJ6OFR.js.map +1 -0
- package/dist/{chunk-AMCR45Y5.mjs → chunk-NLRREFOX.mjs} +2 -2
- package/dist/chunk-NLRREFOX.mjs.map +1 -0
- package/dist/chunk-NRDG7CC4.js +706 -0
- package/dist/chunk-NRDG7CC4.js.map +1 -0
- package/dist/{chunk-JCLIMTK5.js → chunk-NSAO2ERW.js} +5 -9
- package/dist/chunk-NSAO2ERW.js.map +1 -0
- package/dist/chunk-NXGNAFNY.js +708 -0
- package/dist/chunk-NXGNAFNY.js.map +1 -0
- package/dist/chunk-OXXUQ36U.mjs +283 -0
- package/dist/chunk-OXXUQ36U.mjs.map +1 -0
- package/dist/chunk-PKBT2ALA.mjs +703 -0
- package/dist/chunk-PKBT2ALA.mjs.map +1 -0
- package/dist/chunk-PS5WST7W.mjs +711 -0
- package/dist/chunk-PS5WST7W.mjs.map +1 -0
- package/dist/{chunk-G3P5TIO2.mjs → chunk-Q7DSPTUG.mjs} +126 -233
- package/dist/chunk-Q7DSPTUG.mjs.map +1 -0
- package/dist/chunk-RCFPLIWS.js.map +1 -1
- package/dist/chunk-RIHMMI3P.mjs +116 -0
- package/dist/chunk-RIHMMI3P.mjs.map +1 -0
- package/dist/chunk-RMN6R4VP.mjs +708 -0
- package/dist/chunk-RMN6R4VP.mjs.map +1 -0
- package/dist/{chunk-QHE3SPKQ.js → chunk-SJ6NSD2E.js} +3 -6
- package/dist/chunk-SJ6NSD2E.js.map +1 -0
- package/dist/chunk-SN7YDQQH.js.map +1 -1
- package/dist/chunk-SYJZGEFV.mjs +709 -0
- package/dist/chunk-SYJZGEFV.mjs.map +1 -0
- package/dist/chunk-TH6FI2XI.js +283 -0
- package/dist/chunk-TH6FI2XI.js.map +1 -0
- package/dist/{chunk-6RJHOVY6.mjs → chunk-UBO6RIOZ.mjs} +3 -6
- package/dist/chunk-UBO6RIOZ.mjs.map +1 -0
- package/dist/chunk-UGDZ4VB3.js +705 -0
- package/dist/chunk-UGDZ4VB3.js.map +1 -0
- package/dist/{chunk-NTJWPNOZ.mjs → chunk-UVRXIVK3.mjs} +2 -4
- package/dist/chunk-UVRXIVK3.mjs.map +1 -0
- package/dist/chunk-WC2OMEHO.mjs +711 -0
- package/dist/chunk-WC2OMEHO.mjs.map +1 -0
- package/dist/chunk-WQNOMTSD.mjs +720 -0
- package/dist/chunk-WQNOMTSD.mjs.map +1 -0
- package/dist/chunk-WVG3PNQ6.js +708 -0
- package/dist/chunk-WVG3PNQ6.js.map +1 -0
- package/dist/chunk-WYA7Q4IM.mjs +708 -0
- package/dist/chunk-WYA7Q4IM.mjs.map +1 -0
- package/dist/{chunk-SEKF2WZX.js → chunk-X7YY6SHZ.js} +80 -32
- package/dist/chunk-X7YY6SHZ.js.map +1 -0
- package/dist/{chunk-ELO3M4DA.js → chunk-ZXNMEKUE.js} +2 -4
- package/dist/chunk-ZXNMEKUE.js.map +1 -0
- package/dist/index.d.mts +3 -3
- package/dist/index.d.ts +3 -3
- package/dist/index.js.map +1 -1
- package/dist/nextjs/client.d.mts +3 -5
- package/dist/nextjs/client.d.ts +3 -5
- package/dist/nextjs/client.js +14 -16
- package/dist/nextjs/client.js.map +1 -1
- package/dist/nextjs/client.mjs +10 -12
- package/dist/nextjs/client.mjs.map +1 -1
- package/dist/nextjs.d.mts +3 -5
- package/dist/nextjs.d.ts +3 -5
- package/dist/nextjs.js +63 -55
- package/dist/nextjs.js.map +1 -1
- package/dist/nextjs.mjs +40 -32
- package/dist/nextjs.mjs.map +1 -1
- package/dist/react.d.mts +5 -9
- package/dist/react.d.ts +5 -9
- package/dist/react.js +11 -23
- package/dist/react.js.map +1 -1
- package/dist/react.mjs +2 -14
- package/dist/react.mjs.map +1 -1
- package/dist/server.d.mts +2 -2
- package/dist/server.d.ts +2 -2
- package/dist/server.js +3 -3
- package/dist/server.js.map +1 -1
- package/dist/server.mjs +2 -2
- package/dist/storage-ANmRwpZ3.d.ts +25 -0
- package/dist/storage-BJyqsZwC.d.mts +25 -0
- package/dist/types-BxAubCqO.d.mts +58 -0
- package/dist/types-BxAubCqO.d.ts +58 -0
- package/dist/{types-b4c1koXj.d.mts → types-DOfl9w7j.d.mts} +6 -2
- package/dist/{types-b4c1koXj.d.ts → types-DOfl9w7j.d.ts} +6 -2
- package/package.json +14 -14
- package/dist/chunk-3YV5NEM4.js.map +0 -1
- package/dist/chunk-5XL2ST72.mjs.map +0 -1
- package/dist/chunk-6RJHOVY6.mjs.map +0 -1
- package/dist/chunk-74J7HX36.mjs.map +0 -1
- package/dist/chunk-A43GY6C3.mjs.map +0 -1
- package/dist/chunk-AMCR45Y5.mjs.map +0 -1
- package/dist/chunk-COWYPS3A.js.map +0 -1
- package/dist/chunk-ELO3M4DA.js.map +0 -1
- package/dist/chunk-G3P5TIO2.mjs.map +0 -1
- package/dist/chunk-JCLIMTK5.js.map +0 -1
- package/dist/chunk-NTJWPNOZ.mjs.map +0 -1
- package/dist/chunk-QHE3SPKQ.js.map +0 -1
- package/dist/chunk-RF23Q4V6.js.map +0 -1
- package/dist/chunk-SEKF2WZX.js.map +0 -1
- package/dist/chunk-WXSUVTI4.mjs.map +0 -1
- package/dist/chunk-XNSHSKGI.js.map +0 -1
package/dist/nextjs/client.mjs
CHANGED
|
@@ -2,18 +2,16 @@ import "../chunk-PMJAV4JJ.mjs";
|
|
|
2
2
|
import {
|
|
3
3
|
AuthProvider,
|
|
4
4
|
UserProvider
|
|
5
|
-
} from "../chunk-
|
|
5
|
+
} from "../chunk-EKLYHP2D.mjs";
|
|
6
6
|
import {
|
|
7
7
|
NextjsClientStorage,
|
|
8
|
+
resolveAuthConfig,
|
|
8
9
|
resolveCallbackUrl
|
|
9
|
-
} from "../chunk-
|
|
10
|
-
import
|
|
11
|
-
resolveAuthConfig
|
|
12
|
-
} from "../chunk-ON4OH5OM.mjs";
|
|
13
|
-
import "../chunk-AP4627CS.mjs";
|
|
10
|
+
} from "../chunk-OXXUQ36U.mjs";
|
|
11
|
+
import "../chunk-63YGK3A7.mjs";
|
|
14
12
|
import {
|
|
15
13
|
ConfidentialClientPKCEConsumer
|
|
16
|
-
} from "../chunk-
|
|
14
|
+
} from "../chunk-Q7DSPTUG.mjs";
|
|
17
15
|
import {
|
|
18
16
|
__async,
|
|
19
17
|
__objRest,
|
|
@@ -135,8 +133,8 @@ var CivicNextAuthProviderInternal = (_a) => {
|
|
|
135
133
|
const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } = resolvedConfig;
|
|
136
134
|
useEffect3(() => {
|
|
137
135
|
if (typeof globalThis.window !== "undefined") {
|
|
138
|
-
const
|
|
139
|
-
setRedirectUrl(resolveCallbackUrl(resolvedConfig,
|
|
136
|
+
const appUrl = globalThis.window.location.origin;
|
|
137
|
+
setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));
|
|
140
138
|
}
|
|
141
139
|
}, [callbackUrl, resolvedConfig]);
|
|
142
140
|
const user = useUserCookie();
|
|
@@ -149,7 +147,8 @@ var CivicNextAuthProviderInternal = (_a) => {
|
|
|
149
147
|
if (props.onSignOut) {
|
|
150
148
|
yield props.onSignOut();
|
|
151
149
|
}
|
|
152
|
-
window.location.
|
|
150
|
+
const appUrl = globalThis.window.location.origin;
|
|
151
|
+
window.location.href = `${logoutUrl}?appUrl=${appUrl}`;
|
|
153
152
|
return;
|
|
154
153
|
});
|
|
155
154
|
return /* @__PURE__ */ jsx(
|
|
@@ -181,7 +180,6 @@ var CivicNextAuthProvider = (_a) => {
|
|
|
181
180
|
return /* @__PURE__ */ jsx(QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ jsx(CivicNextAuthProviderInternal, __spreadProps(__spreadValues({}, props), { children })) });
|
|
182
181
|
};
|
|
183
182
|
export {
|
|
184
|
-
CivicNextAuthProvider as CivicAuthProvider
|
|
185
|
-
useUserCookie
|
|
183
|
+
CivicNextAuthProvider as CivicAuthProvider
|
|
186
184
|
};
|
|
187
185
|
//# sourceMappingURL=client.mjs.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/nextjs/providers/NextAuthProvider.tsx","../../src/nextjs/hooks/useUserCookie.ts","../../src/lib/cookies.ts","../../src/nextjs/hooks/useTokenCookie.ts"],"sourcesContent":["\"use client\";\n/**\n * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport { useEffect, useState } from \"react\";\nimport { AuthProvider, AuthProviderProps } from \"@/shared/AuthProvider.js\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\n\n// adding the styles import here to be added to the bundle\nimport \"@/styles.css\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { UserProvider } from \"@/shared/UserProvider\";\nimport { useUserCookie } from \"../hooks/useUserCookie\";\nimport { OAuthTokens } from \"@/shared/types\";\nimport { useTokenCookie } from \"../hooks/useTokenCookie\";\nimport { User } from \"@/types\";\n\nconst queryClient = new QueryClient();\n\ntype NextCivicAuthProviderProps = Omit<AuthProviderProps, \"clientId\">;\n\nconst CivicNextAuthProviderInternal = ({\n children,\n ...props\n}: NextCivicAuthProviderProps) => {\n const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n const resolvedConfig = resolveAuthConfig();\n const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } =\n resolvedConfig;\n\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n const
|
|
1
|
+
{"version":3,"sources":["../../src/nextjs/providers/NextAuthProvider.tsx","../../src/nextjs/hooks/useUserCookie.ts","../../src/lib/cookies.ts","../../src/nextjs/hooks/useTokenCookie.ts"],"sourcesContent":["\"use client\";\n/**\n * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport { useEffect, useState } from \"react\";\nimport { AuthProvider, AuthProviderProps } from \"@/shared/AuthProvider.js\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\n\n// adding the styles import here to be added to the bundle\nimport \"@/styles.css\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { UserProvider } from \"@/shared/UserProvider\";\nimport { useUserCookie } from \"../hooks/useUserCookie\";\nimport { OAuthTokens } from \"@/shared/types\";\nimport { useTokenCookie } from \"../hooks/useTokenCookie\";\nimport { User } from \"@/types\";\n\nconst queryClient = new QueryClient();\n\ntype NextCivicAuthProviderProps = Omit<AuthProviderProps, \"clientId\">;\n\nconst CivicNextAuthProviderInternal = ({\n children,\n ...props\n}: NextCivicAuthProviderProps) => {\n const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n const resolvedConfig = resolveAuthConfig();\n const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } =\n resolvedConfig;\n\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n const appUrl = globalThis.window.location.origin;\n setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));\n }\n }, [callbackUrl, resolvedConfig]);\n\n const user = useUserCookie();\n const idToken = useTokenCookie(OAuthTokens.ID_TOKEN);\n const combinedUser = user ? ({ ...(user || {}), idToken } as User) : null;\n const sessionData = {\n authenticated: !!user,\n ...(idToken ? { idToken } : {}),\n };\n const signOut = async (): Promise<void> => {\n if (props.onSignOut) {\n await props.onSignOut();\n }\n const appUrl = globalThis.window.location.origin;\n window.location.href = `${logoutUrl}?appUrl=${appUrl}`;\n return;\n };\n return (\n <AuthProvider\n {...props}\n redirectUrl={redirectUrl}\n config={{ oauthServer }}\n clientId={clientId}\n pkceConsumer={new ConfidentialClientPKCEConsumer(challengeUrl)}\n sessionData={sessionData}\n >\n <UserProvider\n storage={new NextjsClientStorage()}\n user={combinedUser}\n signOut={signOut}\n >\n {children}\n </UserProvider>\n </AuthProvider>\n );\n};\n\nconst CivicNextAuthProvider = ({\n children,\n ...props\n}: NextCivicAuthProviderProps) => {\n return (\n <QueryClientProvider client={queryClient}>\n <CivicNextAuthProviderInternal {...props}>\n {children}\n </CivicNextAuthProviderInternal>\n </QueryClientProvider>\n );\n};\n\nexport { CivicNextAuthProvider, type NextCivicAuthProviderProps };\n","\"use client\";\nimport { useEffect, useRef } from \"react\";\nimport { useRouter } from \"next/navigation.js\";\nimport { useQuery } from \"@tanstack/react-query\";\nimport { getWindowCookieValue } from \"@/lib/cookies.js\";\nimport { EmptyObject, User } from \"@/types\";\nimport { UserStorage } from \"@/shared/types\";\n\nconst getUserFromCookie = () => {\n const userCookie = getWindowCookieValue({\n key: UserStorage.USER,\n window: globalThis.window,\n parseJson: true,\n });\n return userCookie;\n};\n\nexport const useUserCookie = <T extends EmptyObject>() => {\n const hasRunRef = useRef(false);\n const router = useRouter();\n\n const { data: user } = useQuery({\n queryKey: [\"user\"],\n queryFn: () => getUserFromCookie() as User<T> | null,\n refetchInterval: 2000,\n refetchIntervalInBackground: true,\n enabled: !hasRunRef.current,\n refetchOnWindowFocus: true,\n });\n\n useEffect(() => {\n if (user) {\n if (!hasRunRef.current) {\n hasRunRef.current = true;\n router.refresh();\n }\n } else {\n hasRunRef.current = false;\n }\n }, [user, router]);\n\n return user ?? null;\n};\n","const getWindowCookieValue = ({\n key,\n window,\n parseJson = false,\n}: {\n key: string;\n window: Window;\n parseJson?: boolean;\n}) => {\n const cookie = window.document.cookie;\n if (!cookie) return null;\n const cookies = cookie.split(\";\");\n for (const c of cookies) {\n const [name, value] = c.trim().split(\"=\");\n if (value && name === key) {\n try {\n const decodeURIComponentValue = decodeURIComponent(value);\n return parseJson === true\n ? JSON.parse(decodeURIComponentValue)\n : decodeURIComponentValue;\n } catch {\n return value;\n }\n }\n }\n return null;\n};\nexport { getWindowCookieValue };\n","\"use client\";\nimport { useEffect, useRef } from \"react\";\nimport { useRouter } from \"next/navigation.js\";\nimport { useQuery } from \"@tanstack/react-query\";\nimport { getWindowCookieValue } from \"@/lib/cookies.js\";\nimport { OAuthTokens } from \"@/shared/types\";\n\nconst getTokenFromCookie = (tokenName: OAuthTokens): string => {\n return getWindowCookieValue({\n key: tokenName,\n window: globalThis.window,\n parseJson: false,\n });\n};\n\nexport const useTokenCookie = (tokenName: OAuthTokens): string | null => {\n const hasRunRef = useRef(false);\n const router = useRouter();\n\n const { data: token } = useQuery({\n queryKey: [\"token\", tokenName],\n queryFn: () => getTokenFromCookie(tokenName) || null,\n refetchInterval: 2000,\n refetchIntervalInBackground: true,\n enabled: !hasRunRef.current,\n refetchOnWindowFocus: true,\n });\n\n useEffect(() => {\n if (token) {\n if (!hasRunRef.current) {\n hasRunRef.current = true;\n router.refresh();\n }\n } else {\n hasRunRef.current = false;\n }\n }, [token, router]);\n\n return token ?? null;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAIA,SAAS,aAAAA,YAAW,gBAAgB;AAEpC,SAAS,aAAa,2BAA2B;;;ACLjD,SAAS,WAAW,cAAc;AAClC,SAAS,iBAAiB;AAC1B,SAAS,gBAAgB;;;ACHzB,IAAM,uBAAuB,CAAC;AAAA,EAC5B;AAAA,EACA,QAAAC;AAAA,EACA,YAAY;AACd,MAIM;AACJ,QAAM,SAASA,QAAO,SAAS;AAC/B,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,UAAU,OAAO,MAAM,GAAG;AAChC,aAAW,KAAK,SAAS;AACvB,UAAM,CAAC,MAAM,KAAK,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG;AACxC,QAAI,SAAS,SAAS,KAAK;AACzB,UAAI;AACF,cAAM,0BAA0B,mBAAmB,KAAK;AACxD,eAAO,cAAc,OACjB,KAAK,MAAM,uBAAuB,IAClC;AAAA,MACN,SAAQ;AACN,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;ADlBA,IAAM,oBAAoB,MAAM;AAC9B,QAAM,aAAa,qBAAqB;AAAA,IACtC;AAAA,IACA,QAAQ,WAAW;AAAA,IACnB,WAAW;AAAA,EACb,CAAC;AACD,SAAO;AACT;AAEO,IAAM,gBAAgB,MAA6B;AACxD,QAAM,YAAY,OAAO,KAAK;AAC9B,QAAM,SAAS,UAAU;AAEzB,QAAM,EAAE,MAAM,KAAK,IAAI,SAAS;AAAA,IAC9B,UAAU,CAAC,MAAM;AAAA,IACjB,SAAS,MAAM,kBAAkB;AAAA,IACjC,iBAAiB;AAAA,IACjB,6BAA6B;AAAA,IAC7B,SAAS,CAAC,UAAU;AAAA,IACpB,sBAAsB;AAAA,EACxB,CAAC;AAED,YAAU,MAAM;AACd,QAAI,MAAM;AACR,UAAI,CAAC,UAAU,SAAS;AACtB,kBAAU,UAAU;AACpB,eAAO,QAAQ;AAAA,MACjB;AAAA,IACF,OAAO;AACL,gBAAU,UAAU;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,MAAM,MAAM,CAAC;AAEjB,SAAO,sBAAQ;AACjB;;;AEzCA,SAAS,aAAAC,YAAW,UAAAC,eAAc;AAClC,SAAS,aAAAC,kBAAiB;AAC1B,SAAS,YAAAC,iBAAgB;AAIzB,IAAM,qBAAqB,CAAC,cAAmC;AAC7D,SAAO,qBAAqB;AAAA,IAC1B,KAAK;AAAA,IACL,QAAQ,WAAW;AAAA,IACnB,WAAW;AAAA,EACb,CAAC;AACH;AAEO,IAAM,iBAAiB,CAAC,cAA0C;AACvE,QAAM,YAAYC,QAAO,KAAK;AAC9B,QAAM,SAASC,WAAU;AAEzB,QAAM,EAAE,MAAM,MAAM,IAAIC,UAAS;AAAA,IAC/B,UAAU,CAAC,SAAS,SAAS;AAAA,IAC7B,SAAS,MAAM,mBAAmB,SAAS,KAAK;AAAA,IAChD,iBAAiB;AAAA,IACjB,6BAA6B;AAAA,IAC7B,SAAS,CAAC,UAAU;AAAA,IACpB,sBAAsB;AAAA,EACxB,CAAC;AAED,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO;AACT,UAAI,CAAC,UAAU,SAAS;AACtB,kBAAU,UAAU;AACpB,eAAO,QAAQ;AAAA,MACjB;AAAA,IACF,OAAO;AACL,gBAAU,UAAU;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,OAAO,MAAM,CAAC;AAElB,SAAO,wBAAS;AAClB;;;AHwBM;AA5CN,IAAM,cAAc,IAAI,YAAY;AAIpC,IAAM,gCAAgC,CAAC,OAGL;AAHK,eACrC;AAAA;AAAA,EAzBF,IAwBuC,IAElC,kBAFkC,IAElC;AAAA,IADH;AAAA;AAGA,QAAM,CAAC,aAAa,cAAc,IAAI,SAAiB,EAAE;AACzD,QAAM,iBAAiB,kBAAkB;AACzC,QAAM,EAAE,UAAU,aAAa,aAAa,cAAc,UAAU,IAClE;AAEF,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO,WAAW,WAAW,aAAa;AAC5C,YAAM,SAAS,WAAW,OAAO,SAAS;AAC1C,qBAAe,mBAAmB,gBAAgB,MAAM,CAAC;AAAA,IAC3D;AAAA,EACF,GAAG,CAAC,aAAa,cAAc,CAAC;AAEhC,QAAM,OAAO,cAAc;AAC3B,QAAM,UAAU,wCAAmC;AACnD,QAAM,eAAe,OAAQ,iCAAM,QAAQ,CAAC,IAAf,EAAmB,QAAQ,KAAa;AACrE,QAAM,cAAc;AAAA,IAClB,eAAe,CAAC,CAAC;AAAA,KACb,UAAU,EAAE,QAAQ,IAAI,CAAC;AAE/B,QAAM,UAAU,MAA2B;AACzC,QAAI,MAAM,WAAW;AACnB,YAAM,MAAM,UAAU;AAAA,IACxB;AACA,UAAM,SAAS,WAAW,OAAO,SAAS;AAC1C,WAAO,SAAS,OAAO,GAAG,SAAS,WAAW,MAAM;AACpD;AAAA,EACF;AACA,SACE;AAAA,IAAC;AAAA,qCACK,QADL;AAAA,MAEC;AAAA,MACA,QAAQ,EAAE,YAAY;AAAA,MACtB;AAAA,MACA,cAAc,IAAI,+BAA+B,YAAY;AAAA,MAC7D;AAAA,MAEA;AAAA,QAAC;AAAA;AAAA,UACC,SAAS,IAAI,oBAAoB;AAAA,UACjC,MAAM;AAAA,UACN;AAAA,UAEC;AAAA;AAAA,MACH;AAAA;AAAA,EACF;AAEJ;AAEA,IAAM,wBAAwB,CAAC,OAGG;AAHH,eAC7B;AAAA;AAAA,EA5EF,IA2E+B,IAE1B,kBAF0B,IAE1B;AAAA,IADH;AAAA;AAGA,SACE,oBAAC,uBAAoB,QAAQ,aAC3B,8BAAC,gEAAkC,QAAlC,EACE,WACH,GACF;AAEJ;","names":["useEffect","window","useEffect","useRef","useRouter","useQuery","useRef","useRouter","useQuery","useEffect","useEffect"]}
|
package/dist/nextjs.d.mts
CHANGED
|
@@ -2,11 +2,11 @@ import * as next_dist_shared_lib_image_config from 'next/dist/shared/lib/image-c
|
|
|
2
2
|
import * as next_dist_lib_load_custom_routes from 'next/dist/lib/load-custom-routes';
|
|
3
3
|
import * as next_dist_server_config_shared from 'next/dist/server/config-shared';
|
|
4
4
|
import { NextConfig } from 'next';
|
|
5
|
-
import { T as TokensCookieConfig, a as CookieConfig, O as OAuthTokens, C as CodeVerifier } from './types-
|
|
6
|
-
import { U as User, S as SessionData, a as UnknownObject } from './types-
|
|
5
|
+
import { T as TokensCookieConfig, a as CookieConfig, O as OAuthTokens, C as CodeVerifier } from './types-DOfl9w7j.mjs';
|
|
6
|
+
import { U as User, S as SessionData, a as UnknownObject } from './types-BxAubCqO.mjs';
|
|
7
7
|
import { NextRequest, NextResponse } from 'next/server.js';
|
|
8
8
|
import { NextResponse as NextResponse$1 } from 'next/server';
|
|
9
|
-
import { C as CookieStorage, a as CookieStorageSettings } from './storage-
|
|
9
|
+
import { C as CookieStorage, a as CookieStorageSettings } from './storage-BJyqsZwC.mjs';
|
|
10
10
|
import 'oslo/oauth2';
|
|
11
11
|
|
|
12
12
|
type CookiesConfigObject = {
|
|
@@ -19,7 +19,6 @@ type AuthConfigWithDefaults = {
|
|
|
19
19
|
callbackUrl: string;
|
|
20
20
|
loginUrl: string;
|
|
21
21
|
logoutUrl: string;
|
|
22
|
-
appUrl?: string;
|
|
23
22
|
challengeUrl: string;
|
|
24
23
|
include: string[];
|
|
25
24
|
exclude: string[];
|
|
@@ -80,7 +79,6 @@ declare const createCivicAuthPlugin: (authConfig: AuthConfig & Pick<Required<Aut
|
|
|
80
79
|
_civic_auth_challenge_url: string;
|
|
81
80
|
_civic_auth_login_url: string;
|
|
82
81
|
_civic_auth_logout_url: string;
|
|
83
|
-
_civic_auth_app_url: string | undefined;
|
|
84
82
|
_civic_auth_includes: string;
|
|
85
83
|
_civic_auth_excludes: string;
|
|
86
84
|
_civic_auth_cookie_config: string;
|
package/dist/nextjs.d.ts
CHANGED
|
@@ -2,11 +2,11 @@ import * as next_dist_shared_lib_image_config from 'next/dist/shared/lib/image-c
|
|
|
2
2
|
import * as next_dist_lib_load_custom_routes from 'next/dist/lib/load-custom-routes';
|
|
3
3
|
import * as next_dist_server_config_shared from 'next/dist/server/config-shared';
|
|
4
4
|
import { NextConfig } from 'next';
|
|
5
|
-
import { T as TokensCookieConfig, a as CookieConfig, O as OAuthTokens, C as CodeVerifier } from './types-
|
|
6
|
-
import { U as User, S as SessionData, a as UnknownObject } from './types-
|
|
5
|
+
import { T as TokensCookieConfig, a as CookieConfig, O as OAuthTokens, C as CodeVerifier } from './types-DOfl9w7j.js';
|
|
6
|
+
import { U as User, S as SessionData, a as UnknownObject } from './types-BxAubCqO.js';
|
|
7
7
|
import { NextRequest, NextResponse } from 'next/server.js';
|
|
8
8
|
import { NextResponse as NextResponse$1 } from 'next/server';
|
|
9
|
-
import { C as CookieStorage, a as CookieStorageSettings } from './storage-
|
|
9
|
+
import { C as CookieStorage, a as CookieStorageSettings } from './storage-ANmRwpZ3.js';
|
|
10
10
|
import 'oslo/oauth2';
|
|
11
11
|
|
|
12
12
|
type CookiesConfigObject = {
|
|
@@ -19,7 +19,6 @@ type AuthConfigWithDefaults = {
|
|
|
19
19
|
callbackUrl: string;
|
|
20
20
|
loginUrl: string;
|
|
21
21
|
logoutUrl: string;
|
|
22
|
-
appUrl?: string;
|
|
23
22
|
challengeUrl: string;
|
|
24
23
|
include: string[];
|
|
25
24
|
exclude: string[];
|
|
@@ -80,7 +79,6 @@ declare const createCivicAuthPlugin: (authConfig: AuthConfig & Pick<Required<Aut
|
|
|
80
79
|
_civic_auth_challenge_url: string;
|
|
81
80
|
_civic_auth_login_url: string;
|
|
82
81
|
_civic_auth_logout_url: string;
|
|
83
|
-
_civic_auth_app_url: string | undefined;
|
|
84
82
|
_civic_auth_includes: string;
|
|
85
83
|
_civic_auth_excludes: string;
|
|
86
84
|
_civic_auth_cookie_config: string;
|
package/dist/nextjs.js
CHANGED
|
@@ -5,16 +5,15 @@
|
|
|
5
5
|
|
|
6
6
|
|
|
7
7
|
|
|
8
|
-
var _chunkCTVJJBBAjs = require('./chunk-CTVJJBBA.js');
|
|
9
8
|
|
|
10
9
|
|
|
11
10
|
|
|
12
11
|
|
|
12
|
+
var _chunkTH6FI2XIjs = require('./chunk-TH6FI2XI.js');
|
|
13
13
|
|
|
14
|
-
var _chunk2OZJONNOjs = require('./chunk-2OZJONNO.js');
|
|
15
14
|
|
|
15
|
+
var _chunkJEOPLLWOjs = require('./chunk-JEOPLLWO.js');
|
|
16
16
|
|
|
17
|
-
var _chunk6RFRDWIPjs = require('./chunk-6RFRDWIP.js');
|
|
18
17
|
|
|
19
18
|
|
|
20
19
|
|
|
@@ -22,8 +21,7 @@ var _chunk6RFRDWIPjs = require('./chunk-6RFRDWIP.js');
|
|
|
22
21
|
|
|
23
22
|
|
|
24
23
|
|
|
25
|
-
|
|
26
|
-
var _chunk7K3QN2ATjs = require('./chunk-7K3QN2AT.js');
|
|
24
|
+
var _chunkAM2Y662Ijs = require('./chunk-AM2Y662I.js');
|
|
27
25
|
|
|
28
26
|
|
|
29
27
|
|
|
@@ -33,9 +31,9 @@ var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
|
|
|
33
31
|
// src/nextjs/GetUser.ts
|
|
34
32
|
var getUser2 = () => {
|
|
35
33
|
var _a;
|
|
36
|
-
const clientStorage = new (0,
|
|
37
|
-
const userSession = new (0,
|
|
38
|
-
const tokens =
|
|
34
|
+
const clientStorage = new (0, _chunkTH6FI2XIjs.NextjsClientStorage)();
|
|
35
|
+
const userSession = new (0, _chunkAM2Y662Ijs.GenericUserSession)(clientStorage);
|
|
36
|
+
const tokens = _chunkAM2Y662Ijs.retrieveTokens.call(void 0, clientStorage);
|
|
39
37
|
const user = userSession.get();
|
|
40
38
|
if (!user || !tokens) return null;
|
|
41
39
|
return _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, user), {
|
|
@@ -62,7 +60,7 @@ var matchesGlobs = (pathname, patterns) => patterns.some((pattern) => {
|
|
|
62
60
|
return matchGlob(pathname, pattern);
|
|
63
61
|
});
|
|
64
62
|
var applyAuth = (authConfig, request) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
65
|
-
const authConfigWithDefaults =
|
|
63
|
+
const authConfigWithDefaults = _chunkTH6FI2XIjs.resolveAuthConfig.call(void 0, authConfig);
|
|
66
64
|
const isAuthenticated = !!request.cookies.get("id_token");
|
|
67
65
|
if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl && request.method === "GET") {
|
|
68
66
|
console.log("\u2192 Skipping auth check - this is the login URL");
|
|
@@ -84,7 +82,7 @@ var applyAuth = (authConfig, request) => _chunkCRTRMMJ7js.__async.call(void 0, v
|
|
|
84
82
|
console.log("\u2192 Auth check passed");
|
|
85
83
|
return void 0;
|
|
86
84
|
});
|
|
87
|
-
var authMiddleware = (authConfig =
|
|
85
|
+
var authMiddleware = (authConfig = _chunkTH6FI2XIjs.defaultAuthConfig) => (request) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
88
86
|
const response = yield applyAuth(authConfig, request);
|
|
89
87
|
if (response) return response;
|
|
90
88
|
return _serverjs.NextResponse.next();
|
|
@@ -110,7 +108,7 @@ function auth(authConfig = {}) {
|
|
|
110
108
|
|
|
111
109
|
var _cachejs = require('next/cache.js');
|
|
112
110
|
var _headersjs = require('next/headers.js');
|
|
113
|
-
var logger =
|
|
111
|
+
var logger = _chunkTH6FI2XIjs.loggers.nextjs.handlers.auth;
|
|
114
112
|
var AuthError = class extends Error {
|
|
115
113
|
constructor(message, status = 401) {
|
|
116
114
|
super(message);
|
|
@@ -118,54 +116,66 @@ var AuthError = class extends Error {
|
|
|
118
116
|
this.name = "AuthError";
|
|
119
117
|
}
|
|
120
118
|
};
|
|
121
|
-
function handleChallenge(config) {
|
|
119
|
+
function handleChallenge(request, config) {
|
|
122
120
|
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
123
121
|
var _a, _b;
|
|
124
|
-
const cookieStorage = new (0,
|
|
125
|
-
const pkceProducer = new (0,
|
|
122
|
+
const cookieStorage = new (0, _chunkTH6FI2XIjs.NextjsCookieStorage)((_b = (_a = config.cookies) == null ? void 0 : _a.tokens) != null ? _b : {});
|
|
123
|
+
const pkceProducer = new (0, _chunkAM2Y662Ijs.GenericPublicClientPKCEProducer)(cookieStorage);
|
|
126
124
|
const challenge = yield pkceProducer.getCodeChallenge();
|
|
125
|
+
const appUrl = request.nextUrl.searchParams.get("appUrl");
|
|
126
|
+
if (appUrl) {
|
|
127
|
+
cookieStorage.set("app_url" /* APP_URL */, appUrl);
|
|
128
|
+
}
|
|
127
129
|
return _serverjs.NextResponse.json({ status: "success", challenge });
|
|
128
130
|
});
|
|
129
131
|
}
|
|
130
|
-
function performTokenExchangeAndSetCookies(request, config, code, state) {
|
|
132
|
+
function performTokenExchangeAndSetCookies(request, config, code, state, appUrl) {
|
|
131
133
|
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
132
|
-
const resolvedConfigs =
|
|
133
|
-
const cookieStorage = new (0,
|
|
134
|
-
const callbackUrl =
|
|
134
|
+
const resolvedConfigs = _chunkTH6FI2XIjs.resolveAuthConfig.call(void 0, config);
|
|
135
|
+
const cookieStorage = new (0, _chunkTH6FI2XIjs.NextjsCookieStorage)(resolvedConfigs.cookies.tokens);
|
|
136
|
+
const callbackUrl = _chunkTH6FI2XIjs.resolveCallbackUrl.call(void 0, resolvedConfigs, appUrl);
|
|
135
137
|
try {
|
|
136
|
-
yield
|
|
138
|
+
yield _chunkJEOPLLWOjs.resolveOAuthAccessCode.call(void 0, code, state, cookieStorage, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, resolvedConfigs), {
|
|
137
139
|
redirectUrl: callbackUrl
|
|
138
140
|
}));
|
|
139
141
|
} catch (error) {
|
|
140
142
|
logger.error("Token exchange failed:", error);
|
|
141
143
|
throw new AuthError("Failed to authenticate user", 401);
|
|
142
144
|
}
|
|
143
|
-
const user = yield
|
|
145
|
+
const user = yield _chunkAM2Y662Ijs.getUser.call(void 0, cookieStorage);
|
|
144
146
|
if (!user) {
|
|
145
147
|
throw new AuthError("Failed to get user info", 401);
|
|
146
148
|
}
|
|
147
|
-
const clientStorage = new (0,
|
|
148
|
-
const userSession = new (0,
|
|
149
|
+
const clientStorage = new (0, _chunkTH6FI2XIjs.NextjsClientStorage)();
|
|
150
|
+
const userSession = new (0, _chunkAM2Y662Ijs.GenericUserSession)(clientStorage);
|
|
149
151
|
userSession.set(user);
|
|
150
152
|
});
|
|
151
153
|
}
|
|
152
154
|
function handleCallback(request, config) {
|
|
153
155
|
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
154
|
-
|
|
156
|
+
var _a;
|
|
157
|
+
const resolvedConfigs = _chunkTH6FI2XIjs.resolveAuthConfig.call(void 0, config);
|
|
155
158
|
console.log("handleCallback", { request, resolvedConfigs });
|
|
156
159
|
const code = request.nextUrl.searchParams.get("code");
|
|
157
160
|
const state = request.nextUrl.searchParams.get("state") || "";
|
|
158
161
|
if (!code || !state) throw new AuthError("Bad parameters", 400);
|
|
159
|
-
|
|
160
|
-
|
|
162
|
+
const appUrl = ((_a = request.cookies.get("app_url" /* APP_URL */)) == null ? void 0 : _a.value) || request.nextUrl.searchParams.get("appUrl");
|
|
163
|
+
console.log("handleCallback", {
|
|
164
|
+
code,
|
|
165
|
+
state,
|
|
166
|
+
cookies: _headersjs.cookies.call(void 0, ),
|
|
167
|
+
appUrl
|
|
168
|
+
});
|
|
169
|
+
const codeVerifier = request.cookies.get("code_verifier" /* COOKIE_NAME */);
|
|
170
|
+
if (!codeVerifier || !appUrl) {
|
|
161
171
|
console.log("handleCallback no code_verifier found", {
|
|
162
172
|
state,
|
|
163
|
-
serverTokenExchange:
|
|
173
|
+
serverTokenExchange: _chunkAM2Y662Ijs.serverTokenExchangeFromState.call(void 0, `${state}`)
|
|
164
174
|
});
|
|
165
175
|
let response2 = new (0, _serverjs.NextResponse)(
|
|
166
|
-
`<html><body><span style="display:none">${
|
|
176
|
+
`<html><body><span style="display:none">${_chunkAM2Y662Ijs.TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`
|
|
167
177
|
);
|
|
168
|
-
if (state &&
|
|
178
|
+
if (state && _chunkAM2Y662Ijs.serverTokenExchangeFromState.call(void 0, state)) {
|
|
169
179
|
console.log(
|
|
170
180
|
"handleCallback serverTokenExchangeFromState, launching redirect page...",
|
|
171
181
|
{
|
|
@@ -181,7 +191,8 @@ function handleCallback(request, config) {
|
|
|
181
191
|
<span style="display:none">
|
|
182
192
|
<script>
|
|
183
193
|
window.onload = function () {
|
|
184
|
-
|
|
194
|
+
const appUrl = globalThis.window?.location?.origin;
|
|
195
|
+
fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {
|
|
185
196
|
response.json().then((jsonResponse) => {
|
|
186
197
|
console.log('fetch jsonResponse', jsonResponse);
|
|
187
198
|
if (jsonResponse.redirectUrl) {
|
|
@@ -200,7 +211,7 @@ function handleCallback(request, config) {
|
|
|
200
211
|
}
|
|
201
212
|
response2.headers.set("Content-Type", "text/html; charset=utf-8");
|
|
202
213
|
console.log(
|
|
203
|
-
`handleCallback no code_verifier found, returning ${
|
|
214
|
+
`handleCallback no code_verifier found, returning ${_chunkAM2Y662Ijs.TOKEN_EXCHANGE_TRIGGER_TEXT}`
|
|
204
215
|
);
|
|
205
216
|
return response2;
|
|
206
217
|
}
|
|
@@ -208,54 +219,51 @@ function handleCallback(request, config) {
|
|
|
208
219
|
request,
|
|
209
220
|
resolvedConfigs,
|
|
210
221
|
code,
|
|
211
|
-
state
|
|
222
|
+
state,
|
|
223
|
+
appUrl
|
|
212
224
|
);
|
|
213
225
|
if (request.url.includes("sameDomainServerTokenExchange=true")) {
|
|
214
226
|
console.log(
|
|
215
227
|
"handleCallback sameDomainServerTokenExchange = true, returnining redirectUrl",
|
|
216
|
-
|
|
228
|
+
appUrl
|
|
217
229
|
);
|
|
218
230
|
return _serverjs.NextResponse.json({
|
|
219
231
|
status: "success",
|
|
220
|
-
redirectUrl:
|
|
232
|
+
redirectUrl: appUrl
|
|
221
233
|
});
|
|
222
234
|
}
|
|
223
|
-
if (
|
|
235
|
+
if (_chunkAM2Y662Ijs.serverTokenExchangeFromState.call(void 0, state)) {
|
|
224
236
|
console.log(
|
|
225
|
-
"handleCallback serverTokenExchangeFromState, redirect to
|
|
226
|
-
|
|
237
|
+
"handleCallback serverTokenExchangeFromState, redirect to appUrl",
|
|
238
|
+
appUrl
|
|
227
239
|
);
|
|
228
|
-
if (!
|
|
229
|
-
throw new Error("appUrl
|
|
240
|
+
if (!appUrl) {
|
|
241
|
+
throw new Error("appUrl undefined. Cannot redirect.");
|
|
230
242
|
}
|
|
231
|
-
return _serverjs.NextResponse.redirect(`${
|
|
243
|
+
return _serverjs.NextResponse.redirect(`${appUrl}`);
|
|
232
244
|
}
|
|
233
245
|
const response = new (0, _serverjs.NextResponse)(
|
|
234
|
-
`<html><span style="display:none">${
|
|
246
|
+
`<html><span style="display:none">${_chunkAM2Y662Ijs.TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`
|
|
235
247
|
);
|
|
236
248
|
response.headers.set("Content-Type", "text/html; charset=utf-8");
|
|
237
249
|
return response;
|
|
238
250
|
});
|
|
239
251
|
}
|
|
240
|
-
var getAbsoluteRedirectPath = (redirectPath, currentBasePath) =>
|
|
241
|
-
if (/^(https?:\/\/|www\.).+/i.test(redirectPath)) {
|
|
242
|
-
return redirectPath;
|
|
243
|
-
}
|
|
244
|
-
return new URL(redirectPath, currentBasePath).href;
|
|
245
|
-
};
|
|
252
|
+
var getAbsoluteRedirectPath = (redirectPath, currentBasePath) => new URL(redirectPath, currentBasePath).href;
|
|
246
253
|
function handleLogout(request, config) {
|
|
247
254
|
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
248
|
-
var _a
|
|
249
|
-
const resolvedConfigs =
|
|
255
|
+
var _a;
|
|
256
|
+
const resolvedConfigs = _chunkTH6FI2XIjs.resolveAuthConfig.call(void 0, config);
|
|
250
257
|
const defaultRedirectPath = (_a = resolvedConfigs.loginUrl) != null ? _a : "/";
|
|
251
258
|
const redirectTarget = new URL(request.url).searchParams.get("redirect") || defaultRedirectPath;
|
|
252
259
|
const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
|
|
253
|
-
const
|
|
260
|
+
const appUrl = request.nextUrl.searchParams.get("appUrl");
|
|
261
|
+
const finalRedirectUrl = isAbsoluteRedirect ? redirectTarget : getAbsoluteRedirectPath(
|
|
254
262
|
redirectTarget,
|
|
255
|
-
new URL(
|
|
263
|
+
new URL(appUrl != null ? appUrl : request.url).origin
|
|
256
264
|
);
|
|
257
265
|
const response = _serverjs.NextResponse.redirect(finalRedirectUrl);
|
|
258
|
-
|
|
266
|
+
_chunkTH6FI2XIjs.clearAuthCookies.call(void 0, config);
|
|
259
267
|
try {
|
|
260
268
|
_cachejs.revalidatePath.call(void 0, isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);
|
|
261
269
|
} catch (error) {
|
|
@@ -265,14 +273,14 @@ function handleLogout(request, config) {
|
|
|
265
273
|
});
|
|
266
274
|
}
|
|
267
275
|
var handler = (authConfig = {}) => (request) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
268
|
-
const config =
|
|
276
|
+
const config = _chunkTH6FI2XIjs.resolveAuthConfig.call(void 0, authConfig);
|
|
269
277
|
try {
|
|
270
278
|
const pathname = request.nextUrl.pathname;
|
|
271
279
|
const pathSegments = pathname.split("/");
|
|
272
280
|
const lastSegment = pathSegments[pathSegments.length - 1];
|
|
273
281
|
switch (lastSegment) {
|
|
274
282
|
case "challenge":
|
|
275
|
-
return yield handleChallenge(config);
|
|
283
|
+
return yield handleChallenge(request, config);
|
|
276
284
|
case "callback":
|
|
277
285
|
return yield handleCallback(request, config);
|
|
278
286
|
case "logout":
|
|
@@ -285,7 +293,7 @@ var handler = (authConfig = {}) => (request) => _chunkCRTRMMJ7js.__async.call(vo
|
|
|
285
293
|
const status = error instanceof AuthError ? error.status : 500;
|
|
286
294
|
const message = error instanceof Error ? error.message : "Authentication failed";
|
|
287
295
|
const response = _serverjs.NextResponse.json({ error: message }, { status });
|
|
288
|
-
|
|
296
|
+
_chunkTH6FI2XIjs.clearAuthCookies.call(void 0, config);
|
|
289
297
|
return response;
|
|
290
298
|
}
|
|
291
299
|
});
|
|
@@ -303,5 +311,5 @@ var handler = (authConfig = {}) => (request) => _chunkCRTRMMJ7js.__async.call(vo
|
|
|
303
311
|
|
|
304
312
|
|
|
305
313
|
|
|
306
|
-
exports.NextjsClientStorage =
|
|
314
|
+
exports.NextjsClientStorage = _chunkTH6FI2XIjs.NextjsClientStorage; exports.NextjsCookieStorage = _chunkTH6FI2XIjs.NextjsCookieStorage; exports.auth = auth; exports.authMiddleware = authMiddleware; exports.clearAuthCookies = _chunkTH6FI2XIjs.clearAuthCookies; exports.createCivicAuthPlugin = _chunkTH6FI2XIjs.createCivicAuthPlugin; exports.createTokenCookies = _chunkTH6FI2XIjs.createTokenCookies; exports.createUserInfoCookie = _chunkTH6FI2XIjs.createUserInfoCookie; exports.defaultAuthConfig = _chunkTH6FI2XIjs.defaultAuthConfig; exports.getUser = getUser2; exports.handler = handler; exports.resolveAuthConfig = _chunkTH6FI2XIjs.resolveAuthConfig; exports.withAuth = withAuth;
|
|
307
315
|
//# sourceMappingURL=nextjs.js.map
|
package/dist/nextjs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/nextjs.js","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"names":["getUser","NextResponse","response"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACxBO,IAAMA,SAAAA,EAAU,CAAA,EAAA,GAAmB;AAR1C,EAAA,IAAA,EAAA;AASE,EAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,MAAM,OAAA,EAAS,6CAAA,aAA4B,CAAA;AAC3C,EAAA,MAAM,KAAA,EAAO,WAAA,CAAY,GAAA,CAAI,CAAA;AAC7B,EAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,MAAA,EAAQ,OAAO,IAAA;AAE7B,EAAA,OAAO,4CAAA,6CAAA,CAAA,CAAA,EACF,IAAA,CAAA,EADE;AAAA,IAEL,OAAA,EAAS,MAAA,CAAO,QAAA;AAAA,IAChB,WAAA,EAAa,MAAA,CAAO,YAAA;AAAA,IACpB,YAAA,EAAA,CAAc,GAAA,EAAA,MAAA,CAAO,aAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAwB;AAAA,EACxC,CAAA,CAAA;AACF,CAAA;ADyBA;AACA;AE1BA,0CAA0C;AAC1C,4FAAsB;AAgBtB,IAAM,UAAA,EAAY,CAAC,QAAA,EAAkB,WAAA,EAAA,GAAwB;AAC3D,EAAA,MAAM,QAAA,EAAU,iCAAA,WAAqB,CAAA;AACrC,EAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA;AACzB,CAAA;AAOA,IAAM,aAAA,EAAe,CAAC,QAAA,EAAkB,QAAA,EAAA,GACtC,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,EAAA,GAAY;AACzB,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS,OAAO,KAAA;AACrB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY;AAAA,IACtB,OAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA,EAAO,SAAA,CAAU,QAAA,EAAU,OAAO;AAAA,EACpC,CAAC,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,QAAA,EAAU,OAAO,CAAA;AACpC,CAAC,CAAA;AAGH,IAAM,UAAA,EAAY,CAChB,UAAA,EACA,OAAA,EAAA,GACsC,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtC,EAAA,MAAM,uBAAA,EAAyB,gDAAA,UAA4B,CAAA;AAE3D,EAAA,MAAM,gBAAA,EAAkB,CAAC,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGxD,EAAA,GAAA,CACE,OAAA,CAAQ,OAAA,CAAQ,SAAA,IAAa,sBAAA,CAAuB,SAAA,GACpD,OAAA,CAAQ,OAAA,IAAW,KAAA,EACnB;AACA,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC3E,IAAA,OAAA,CAAQ,GAAA,CAAI,2DAAsD,CAAA;AAClE,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC1E,IAAA,OAAA,CAAQ,GAAA,CAAI,uDAAkD,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAGA,EAAA,GAAA,CAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,MAAM,SAAA,EAAW,IAAI,GAAA,CAAI,sBAAA,CAAuB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA;AACrE,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAAA,EAAiD,QAAQ,CAAA;AACrE,IAAA,OAAO,sBAAA,CAAa,QAAA,CAAS,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ,GAAA,CAAI,0BAAqB,CAAA;AACjC,EAAA,OAAO,KAAA,CAAA;AACT,CAAA,CAAA;AAUO,IAAM,eAAA,EACX,CAAC,WAAA,EAAa,kCAAA,EAAA,GACd,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,EAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAIrB,EAAA,OAAO,sBAAA,CAAa,IAAA,CAAK,CAAA;AAC3B,CAAA,CAAA;AAWK,SAAS,QAAA,CACd,UAAA,EACiD;AACjD,EAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,IAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,CAAC,CAAA,EAAG,OAAO,CAAA;AAC5C,IAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAErB,IAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,EAC3B,CAAA,CAAA;AACF;AAeO,SAAS,IAAA,CAAK,WAAA,EAAyB,CAAC,CAAA,EAAG;AAChD,EAAA,OAAO,CACL,UAAA,EAAA,GACsD;AACtD,IAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,MAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,MAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAErB,MAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,IAC3B,CAAA,CAAA;AAAA,EACF,CAAA;AACF;AFtDA;AACA;AG5GA;AACA,wCAA+B;AAkB/B,4CAAwB;AAGxB,IAAM,OAAA,EAAS,wBAAA,CAAQ,MAAA,CAAO,QAAA,CAAS,IAAA;AAEvC,IAAM,UAAA,EAAN,MAAA,QAAwB,MAAM;AAAA,EAC5B,WAAA,CACE,OAAA,EACgB,OAAA,EAAiB,GAAA,EACjC;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,WAAA;AAAA,EACd;AACF,CAAA;AAOA,SAAe,eAAA,CAAgB,MAAA,EAA2C;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAvC1E,IAAA,IAAA,EAAA,EAAA,EAAA;AAwCE,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAA,CAAoB,GAAA,EAAA,CAAA,GAAA,EAAA,MAAA,CAAO,OAAA,EAAA,GAAP,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAgB,MAAA,EAAA,GAAhB,KAAA,EAAA,GAAA,EAA0B,CAAC,CAAC,CAAA;AAC1E,IAAA,MAAM,aAAA,EAAe,IAAI,qDAAA,CAAgC,aAAa,CAAA;AAEtE,IAAA,MAAM,UAAA,EAAY,MAAM,YAAA,CAAa,gBAAA,CAAiB,CAAA;AAEtD,IAAA,OAAOC,sBAAAA,CAAa,IAAA,CAAK,EAAE,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAC,CAAA;AAAA,EAC3D,CAAA,CAAA;AAAA;AAEA,SAAe,iCAAA,CACb,OAAA,EACA,MAAA,EACA,IAAA,EACA,KAAA,EACA;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACA,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,eAAA,CAAgB,OAAA,CAAQ,MAAM,CAAA;AAE5E,IAAA,MAAM,YAAA,EAAc,iDAAA,eAAmB,EAAiB,OAAA,CAAQ,GAAG,CAAA;AACnE,IAAA,IAAI;AACF,MAAA,MAAM,qDAAA,IAAuB,EAAM,KAAA,EAAO,aAAA,EAAe,4CAAA,6CAAA,CAAA,CAAA,EACpD,eAAA,CAAA,EADoD;AAAA,QAEvD,WAAA,EAAa;AAAA,MACf,CAAA,CAAC,CAAA;AAAA,IACH,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,KAAA,CAAM,wBAAA,EAA0B,KAAK,CAAA;AAC5C,MAAA,MAAM,IAAI,SAAA,CAAU,6BAAA,EAA+B,GAAG,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,KAAA,EAAO,MAAM,sCAAA,aAAqB,CAAA;AACxC,IAAA,GAAA,CAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA,CAAU,yBAAA,EAA2B,GAAG,CAAA;AAAA,IACpD;AAEA,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,IAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AAAA,EACtB,CAAA,CAAA;AAAA;AACA,SAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACvB,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,OAAA,CAAQ,GAAA,CAAI,gBAAA,EAAkB,EAAE,OAAA,EAAS,gBAAgB,CAAC,CAAA;AAC1D,IAAA,MAAM,KAAA,EAAO,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACpD,IAAA,MAAM,MAAA,EAAQ,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,OAAO,EAAA,GAAK,EAAA;AAC3D,IAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,KAAA,EAAO,MAAM,IAAI,SAAA,CAAU,gBAAA,EAAkB,GAAG,CAAA;AAM9D,IAAA,OAAA,CAAQ,GAAA,CAAI,gBAAA,EAAkB,EAAE,IAAA,EAAM,KAAA,EAAO,OAAA,EAAS,gCAAA,EAAU,CAAC,CAAA;AACjE,IAAA,GAAA,CAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAA,iCAA4B,CAAA,EAAG;AAClD,MAAA,OAAA,CAAQ,GAAA,CAAI,uCAAA,EAAyC;AAAA,QACnD,KAAA;AAAA,QACA,mBAAA,EAAqB,2DAAA,CAA6B,EAAA;AACnD,MAAA;AACkBA,MAAAA;AACyB,QAAA;AAC5C,MAAA;AAKkD,MAAA;AACxC,QAAA;AACN,UAAA;AACA,UAAA;AACsB,YAAA;AACe,YAAA;AACrC,UAAA;AACF,QAAA;AAGsC,QAAA;AACa,QAAA;AACpCA,QAAAA;AACb,UAAA;AAAA;AAAA;AAAA;AAAA;AAKqC,mCAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QAAA;AAevC,QAAA;AACF,MAAA;AACqC,MAAA;AAC7B,MAAA;AACN,QAAA;AACF,MAAA;AACOC,MAAAA;AACT,IAAA;AAEM,IAAA;AACJ,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AAEyB,IAAA;AACf,MAAA;AACN,QAAA;AACgB,QAAA;AAClB,MAAA;AACyB,MAAA;AACf,QAAA;AACqB,QAAA;AAC9B,MAAA;AACH,IAAA;AAGyC,IAAA;AAC/B,MAAA;AACN,QAAA;AACgB,QAAA;AAClB,MAAA;AAC6B,MAAA;AACX,QAAA;AAClB,MAAA;AACgD,MAAA;AAClD,IAAA;AAIqBD,IAAAA;AACiB,MAAA;AACtC,IAAA;AACqC,IAAA;AAC9B,IAAA;AACT,EAAA;AAAA;AAUE;AAGkD,EAAA;AACzC,IAAA;AACT,EAAA;AAC8C,EAAA;AAChD;AAKyB;AAAA,EAAA;AA7MzB,IAAA;AA8MkD,IAAA;AACJ,IAAA;AAErB,IAAA;AAC8B,IAAA;AAC5B,IAAA;AACvB,MAAA;AACkC,MAAA;AACpC,IAAA;AAEuC,IAAA;AAEhB,IAAA;AAEnB,IAAA;AACkC,MAAA;AACtB,IAAA;AACF,MAAA;AACd,IAAA;AAEO,IAAA;AACT,EAAA;AAAA;AAgByD;AACV,EAAA;AAEvC,EAAA;AAC+B,IAAA;AACM,IAAA;AACgB,IAAA;AAElC,IAAA;AACd,MAAA;AACgC,QAAA;AAChC,MAAA;AACwC,QAAA;AACxC,MAAA;AACsC,QAAA;AAC3C,MAAA;AACqD,QAAA;AACvD,IAAA;AACc,EAAA;AAC2B,IAAA;AAES,IAAA;AAEjB,IAAA;AAEmB,IAAA;AAE7B,IAAA;AAChB,IAAA;AACT,EAAA;AACF;AHkByD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/pedroapfilho/dev/civic-auth/packages/civic-auth-client/dist/nextjs.js","sourcesContent":[null,"/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { retrieveTokens } from \"@/shared/util\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n const tokens = retrieveTokens(clientStorage);\n const user = userSession.get();\n if (!user || !tokens) return null;\n\n return {\n ...user!,\n idToken: tokens.id_token,\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? \"\",\n } as User;\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for redirect to login url\n if (\n request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&\n request.method === \"GET\"\n ) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n console.log(\"→ No valid token found - redirecting to login\", loginUrl);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\nimport {\n TOKEN_EXCHANGE_SUCCESS_TEXT,\n TOKEN_EXCHANGE_TRIGGER_TEXT,\n} from \"@/constants.js\";\nimport { serverTokenExchangeFromState } from \"@/lib/oauth.js\";\nimport { cookies } from \"next/headers.js\";\nimport { CodeVerifier } from \"@/shared/types\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(config: AuthConfig): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function performTokenExchangeAndSetCookies(\n request: NextRequest,\n config: AuthConfig,\n code: string,\n state: string,\n) {\n const resolvedConfigs = resolveAuthConfig(config);\n const cookieStorage = new NextjsCookieStorage(resolvedConfigs.cookies.tokens);\n\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n}\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n console.log(\"handleCallback\", { request, resolvedConfigs });\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\") || \"\";\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n // If we have a code_verifier cookie, we can do a token exchange.\n // Otherwise, just render an empty page.\n // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.\n // The client will make an additional call to this route with cookies included, at which point we do the token exchange.\n console.log(\"handleCallback\", { code, state, cookies: cookies() });\n if (!request.cookies.get(CodeVerifier.COOKIE_NAME)) {\n console.log(\"handleCallback no code_verifier found\", {\n state,\n serverTokenExchange: serverTokenExchangeFromState(`${state}`),\n });\n let response = new NextResponse(\n `<html><body><span style=\"display:none\">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`,\n );\n // in server-side token exchange mode we need to launch a page that will trigger the token exchange\n // from the same domain, allowing it access to the code_verifier cookie\n // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange\n // if no code-verifier cookie is found\n if (state && serverTokenExchangeFromState(state)) {\n console.log(\n \"handleCallback serverTokenExchangeFromState, launching redirect page...\",\n {\n requestUrl: request.url,\n configCallbackUrl: resolvedConfigs.callbackUrl,\n },\n );\n // we need to replace the URL with resolved config in case the server is hosted\n // behind a reverse proxy or load balancer\n const requestUrl = new URL(request.url);\n const fetchUrl = `${resolvedConfigs.callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainServerTokenExchange=true`;\n response = new NextResponse(\n `<html>\n <body>\n <span style=\"display:none\">\n <script>\n window.onload = function () {\n fetch('${fetchUrl}').then((response) => {\n response.json().then((jsonResponse) => {\n console.log('fetch jsonResponse', jsonResponse);\n if (jsonResponse.redirectUrl) {\n console.log('handleCallback serverTokenExchangeFromState, redirecting');\n window.location.href = jsonResponse.redirectUrl;\n }\n });\n });\n };\n </script>\n </span>\n </body>\n </html>\n `,\n );\n }\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n console.log(\n `handleCallback no code_verifier found, returning ${TOKEN_EXCHANGE_TRIGGER_TEXT}`,\n );\n return response;\n }\n\n await performTokenExchangeAndSetCookies(\n request,\n resolvedConfigs,\n code,\n state,\n );\n\n if (request.url.includes(\"sameDomainServerTokenExchange=true\")) {\n console.log(\n \"handleCallback sameDomainServerTokenExchange = true, returnining redirectUrl\",\n resolvedConfigs.appUrl,\n );\n return NextResponse.json({\n status: \"success\",\n redirectUrl: resolvedConfigs.appUrl,\n });\n }\n\n // this is the case where a 'normal' redirect is happening\n if (serverTokenExchangeFromState(state)) {\n console.log(\n \"handleCallback serverTokenExchangeFromState, redirect to config.appUrl\",\n resolvedConfigs.appUrl,\n );\n if (!resolvedConfigs.appUrl) {\n throw new Error(\"appUrl not defined in config. Cannot redirect.\");\n }\n return NextResponse.redirect(`${resolvedConfigs.appUrl}`);\n }\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(\n `<html><span style=\"display:none\">${TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`,\n );\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nexport async function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(resolvedConfigs.appUrl ?? request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies(config);\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge(config);\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies(config);\n return response;\n }\n };\n"]}
|
|
1
|
+
{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"names":["getUser","NextResponse","response"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACtBO,IAAMA,SAAAA,EAAU,CAAA,EAAA,GAAmB;AAR1C,EAAA,IAAA,EAAA;AASE,EAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,MAAM,OAAA,EAAS,6CAAA,aAA4B,CAAA;AAC3C,EAAA,MAAM,KAAA,EAAO,WAAA,CAAY,GAAA,CAAI,CAAA;AAC7B,EAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,MAAA,EAAQ,OAAO,IAAA;AAE7B,EAAA,OAAO,4CAAA,6CAAA,CAAA,CAAA,EACF,IAAA,CAAA,EADE;AAAA,IAEL,OAAA,EAAS,MAAA,CAAO,QAAA;AAAA,IAChB,WAAA,EAAa,MAAA,CAAO,YAAA;AAAA,IACpB,YAAA,EAAA,CAAc,GAAA,EAAA,MAAA,CAAO,aAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAwB;AAAA,EACxC,CAAA,CAAA;AACF,CAAA;ADuBA;AACA;AExBA,0CAA0C;AAC1C,4FAAsB;AAgBtB,IAAM,UAAA,EAAY,CAAC,QAAA,EAAkB,WAAA,EAAA,GAAwB;AAC3D,EAAA,MAAM,QAAA,EAAU,iCAAA,WAAqB,CAAA;AACrC,EAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA;AACzB,CAAA;AAOA,IAAM,aAAA,EAAe,CAAC,QAAA,EAAkB,QAAA,EAAA,GACtC,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,EAAA,GAAY;AACzB,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS,OAAO,KAAA;AACrB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY;AAAA,IACtB,OAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA,EAAO,SAAA,CAAU,QAAA,EAAU,OAAO;AAAA,EACpC,CAAC,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,QAAA,EAAU,OAAO,CAAA;AACpC,CAAC,CAAA;AAGH,IAAM,UAAA,EAAY,CAChB,UAAA,EACA,OAAA,EAAA,GACsC,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtC,EAAA,MAAM,uBAAA,EAAyB,gDAAA,UAA4B,CAAA;AAE3D,EAAA,MAAM,gBAAA,EAAkB,CAAC,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGxD,EAAA,GAAA,CACE,OAAA,CAAQ,OAAA,CAAQ,SAAA,IAAa,sBAAA,CAAuB,SAAA,GACpD,OAAA,CAAQ,OAAA,IAAW,KAAA,EACnB;AACA,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC3E,IAAA,OAAA,CAAQ,GAAA,CAAI,2DAAsD,CAAA;AAClE,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC1E,IAAA,OAAA,CAAQ,GAAA,CAAI,uDAAkD,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAGA,EAAA,GAAA,CAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,MAAM,SAAA,EAAW,IAAI,GAAA,CAAI,sBAAA,CAAuB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA;AACrE,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAAA,EAAiD,QAAQ,CAAA;AACrE,IAAA,OAAO,sBAAA,CAAa,QAAA,CAAS,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ,GAAA,CAAI,0BAAqB,CAAA;AACjC,EAAA,OAAO,KAAA,CAAA;AACT,CAAA,CAAA;AAUO,IAAM,eAAA,EACX,CAAC,WAAA,EAAa,kCAAA,EAAA,GACd,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,EAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAIrB,EAAA,OAAO,sBAAA,CAAa,IAAA,CAAK,CAAA;AAC3B,CAAA,CAAA;AAWK,SAAS,QAAA,CACd,UAAA,EACiD;AACjD,EAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,IAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,CAAC,CAAA,EAAG,OAAO,CAAA;AAC5C,IAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAErB,IAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,EAC3B,CAAA,CAAA;AACF;AAeO,SAAS,IAAA,CAAK,WAAA,EAAyB,CAAC,CAAA,EAAG;AAChD,EAAA,OAAO,CACL,UAAA,EAAA,GACsD;AACtD,IAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,MAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,MAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAErB,MAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,IAC3B,CAAA,CAAA;AAAA,EACF,CAAA;AACF;AFxDA;AACA;AG1GA;AACA,wCAA+B;AAkB/B,4CAAwB;AAGxB,IAAM,OAAA,EAAS,wBAAA,CAAQ,MAAA,CAAO,QAAA,CAAS,IAAA;AAEvC,IAAM,UAAA,EAAN,MAAA,QAAwB,MAAM;AAAA,EAC5B,WAAA,CACE,OAAA,EACgB,OAAA,EAAiB,GAAA,EACjC;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,WAAA;AAAA,EACd;AACF,CAAA;AAOA,SAAe,eAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AA1CzB,IAAA,IAAA,EAAA,EAAA,EAAA;AA2CE,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAA,CAAoB,GAAA,EAAA,CAAA,GAAA,EAAA,MAAA,CAAO,OAAA,EAAA,GAAP,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAgB,MAAA,EAAA,GAAhB,KAAA,EAAA,GAAA,EAA0B,CAAC,CAAC,CAAA;AAC1E,IAAA,MAAM,aAAA,EAAe,IAAI,qDAAA,CAAgC,aAAa,CAAA;AAEtE,IAAA,MAAM,UAAA,EAAY,MAAM,YAAA,CAAa,gBAAA,CAAiB,CAAA;AACtD,IAAA,MAAM,OAAA,EAAS,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,QAAQ,CAAA;AACxD,IAAA,GAAA,CAAI,MAAA,EAAQ;AACV,MAAA,aAAA,CAAc,GAAA,CAAA,uBAAA,EAA0B,MAAM,CAAA;AAAA,IAChD;AACA,IAAA,OAAOC,sBAAAA,CAAa,IAAA,CAAK,EAAE,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAC,CAAA;AAAA,EAC3D,CAAA,CAAA;AAAA;AAEA,SAAe,iCAAA,CACb,OAAA,EACA,MAAA,EACA,IAAA,EACA,KAAA,EACA,MAAA,EACA;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACA,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,eAAA,CAAgB,OAAA,CAAQ,MAAM,CAAA;AAE5E,IAAA,MAAM,YAAA,EAAc,iDAAA,eAAmB,EAAiB,MAAM,CAAA;AAC9D,IAAA,IAAI;AACF,MAAA,MAAM,qDAAA,IAAuB,EAAM,KAAA,EAAO,aAAA,EAAe,4CAAA,6CAAA,CAAA,CAAA,EACpD,eAAA,CAAA,EADoD;AAAA,QAEvD,WAAA,EAAa;AAAA,MACf,CAAA,CAAC,CAAA;AAAA,IACH,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,KAAA,CAAM,wBAAA,EAA0B,KAAK,CAAA;AAC5C,MAAA,MAAM,IAAI,SAAA,CAAU,6BAAA,EAA+B,GAAG,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,KAAA,EAAO,MAAM,sCAAA,aAAqB,CAAA;AACxC,IAAA,GAAA,CAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA,CAAU,yBAAA,EAA2B,GAAG,CAAA;AAAA,IACpD;AAEA,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,IAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AAAA,EACtB,CAAA,CAAA;AAAA;AACA,SAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAvFzB,IAAA,IAAA,EAAA;AAwFE,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,OAAA,CAAQ,GAAA,CAAI,gBAAA,EAAkB,EAAE,OAAA,EAAS,gBAAgB,CAAC,CAAA;AAC1D,IAAA,MAAM,KAAA,EAAO,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACpD,IAAA,MAAM,MAAA,EAAQ,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,OAAO,EAAA,GAAK,EAAA;AAC3D,IAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,KAAA,EAAO,MAAM,IAAI,SAAA,CAAU,gBAAA,EAAkB,GAAG,CAAA;AAK9D,IAAA,MAAM,OAAA,EAAA,CAAA,CACJ,GAAA,EAAA,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAA,uBAAwB,CAAA,EAAA,GAAxC,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAA2C,KAAA,EAAA,GAC3C,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,QAAQ,CAAA;AAM3C,IAAA,OAAA,CAAQ,GAAA,CAAI,gBAAA,EAAkB;AAAA,MAC5B,IAAA;AAAA,MACA,KAAA;AAAA,MACA,OAAA,EAAS,gCAAA,CAAQ;AAAA,MACjB;AAAA,IACF,CAAC,CAAA;AAED,IAAA,MAAM,aAAA,EAAe,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAA,iCAA4B,CAAA;AAEjE,IAAA,GAAA,CAAI,CAAC,aAAA,GAAgB,CAAC,MAAA,EAAQ;AAC5B,MAAA,OAAA,CAAQ,GAAA,CAAI,uCAAA,EAAyC;AAAA,QACnD,KAAA;AAAA,QACA,mBAAA,EAAqB,2DAAA,CAA6B,EAAA;AACnD,MAAA;AACkBA,MAAAA;AACyB,QAAA;AAC5C,MAAA;AAMkD,MAAA;AACxC,QAAA;AACN,UAAA;AACA,UAAA;AACsB,YAAA;AACe,YAAA;AACrC,UAAA;AACF,QAAA;AAGsC,QAAA;AACa,QAAA;AACpCA,QAAAA;AACb,UAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMqC,mCAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QAAA;AAevC,QAAA;AACF,MAAA;AACqC,MAAA;AAC7B,MAAA;AACN,QAAA;AACF,MAAA;AACOC,MAAAA;AACT,IAAA;AAEM,IAAA;AACJ,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AAEyB,IAAA;AACf,MAAA;AACN,QAAA;AACA,QAAA;AACF,MAAA;AACyB,MAAA;AACf,QAAA;AACK,QAAA;AACd,MAAA;AACH,IAAA;AAGyC,IAAA;AAC/B,MAAA;AACN,QAAA;AACA,QAAA;AACF,MAAA;AACa,MAAA;AACK,QAAA;AAClB,MAAA;AACwC,MAAA;AAC1C,IAAA;AAIqBD,IAAAA;AACiB,MAAA;AACtC,IAAA;AACqC,IAAA;AAC9B,IAAA;AACT,EAAA;AAAA;AAUE;AAMuB;AAAA,EAAA;AAhOzB,IAAA;AAiOkD,IAAA;AACJ,IAAA;AAErB,IAAA;AAE8B,IAAA;AAEL,IAAA;AAG5C,IAAA;AAEE,MAAA;AAC+B,MAAA;AACjC,IAAA;AAEmC,IAAA;AAEhB,IAAA;AAEnB,IAAA;AACkC,MAAA;AACtB,IAAA;AACF,MAAA;AACd,IAAA;AAEO,IAAA;AACT,EAAA;AAAA;AAgByD;AACV,EAAA;AAEvC,EAAA;AAC+B,IAAA;AACM,IAAA;AACgB,IAAA;AAElC,IAAA;AACd,MAAA;AACyC,QAAA;AACzC,MAAA;AACwC,QAAA;AACxC,MAAA;AACsC,QAAA;AAC3C,MAAA;AACqD,QAAA;AACvD,IAAA;AACc,EAAA;AAC2B,IAAA;AAES,IAAA;AAEjB,IAAA;AAEmB,IAAA;AAE7B,IAAA;AAChB,IAAA;AACT,EAAA;AACF;AHCyD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","sourcesContent":[null,"/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { retrieveTokens } from \"@/shared/util\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n const tokens = retrieveTokens(clientStorage);\n const user = userSession.get();\n if (!user || !tokens) return null;\n\n return {\n ...user!,\n idToken: tokens.id_token,\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? \"\",\n } as User;\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for redirect to login url\n if (\n request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&\n request.method === \"GET\"\n ) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n console.log(\"→ No valid token found - redirecting to login\", loginUrl);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\nimport {\n TOKEN_EXCHANGE_SUCCESS_TEXT,\n TOKEN_EXCHANGE_TRIGGER_TEXT,\n} from \"@/constants.js\";\nimport { serverTokenExchangeFromState } from \"@/lib/oauth.js\";\nimport { cookies } from \"next/headers.js\";\nimport { CodeVerifier } from \"@/shared/types\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n const appUrl = request.nextUrl.searchParams.get(\"appUrl\");\n if (appUrl) {\n cookieStorage.set(CodeVerifier.APP_URL, appUrl);\n }\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function performTokenExchangeAndSetCookies(\n request: NextRequest,\n config: AuthConfig,\n code: string,\n state: string,\n appUrl: string,\n) {\n const resolvedConfigs = resolveAuthConfig(config);\n const cookieStorage = new NextjsCookieStorage(resolvedConfigs.cookies.tokens);\n\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, appUrl);\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n}\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n console.log(\"handleCallback\", { request, resolvedConfigs });\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\") || \"\";\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n // appUrl is passed from the client to the server in the query string\n // this is necessary because the server does not have access to the client's window.location.origin\n // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)\n const appUrl =\n request.cookies.get(CodeVerifier.APP_URL)?.value ||\n request.nextUrl.searchParams.get(\"appUrl\");\n\n // If we have a code_verifier cookie and the appUrl, we can do a token exchange.\n // Otherwise, just render an empty page.\n // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.\n // The client will make an additional call to this route with cookies included, at which point we do the token exchange.\n console.log(\"handleCallback\", {\n code,\n state,\n cookies: cookies(),\n appUrl,\n });\n\n const codeVerifier = request.cookies.get(CodeVerifier.COOKIE_NAME);\n\n if (!codeVerifier || !appUrl) {\n console.log(\"handleCallback no code_verifier found\", {\n state,\n serverTokenExchange: serverTokenExchangeFromState(`${state}`),\n });\n let response = new NextResponse(\n `<html><body><span style=\"display:none\">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`,\n );\n\n // in server-side token exchange mode we need to launch a page that will trigger the token exchange\n // from the same domain, allowing it access to the code_verifier cookie\n // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange\n // if no code-verifier cookie is found\n if (state && serverTokenExchangeFromState(state)) {\n console.log(\n \"handleCallback serverTokenExchangeFromState, launching redirect page...\",\n {\n requestUrl: request.url,\n configCallbackUrl: resolvedConfigs.callbackUrl,\n },\n );\n // we need to replace the URL with resolved config in case the server is hosted\n // behind a reverse proxy or load balancer\n const requestUrl = new URL(request.url);\n const fetchUrl = `${resolvedConfigs.callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainServerTokenExchange=true`;\n response = new NextResponse(\n `<html>\n <body>\n <span style=\"display:none\">\n <script>\n window.onload = function () {\n const appUrl = globalThis.window?.location?.origin;\n fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {\n response.json().then((jsonResponse) => {\n console.log('fetch jsonResponse', jsonResponse);\n if (jsonResponse.redirectUrl) {\n console.log('handleCallback serverTokenExchangeFromState, redirecting');\n window.location.href = jsonResponse.redirectUrl;\n }\n });\n });\n };\n </script>\n </span>\n </body>\n </html>\n `,\n );\n }\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n console.log(\n `handleCallback no code_verifier found, returning ${TOKEN_EXCHANGE_TRIGGER_TEXT}`,\n );\n return response;\n }\n\n await performTokenExchangeAndSetCookies(\n request,\n resolvedConfigs,\n code,\n state,\n appUrl,\n );\n\n if (request.url.includes(\"sameDomainServerTokenExchange=true\")) {\n console.log(\n \"handleCallback sameDomainServerTokenExchange = true, returnining redirectUrl\",\n appUrl,\n );\n return NextResponse.json({\n status: \"success\",\n redirectUrl: appUrl,\n });\n }\n\n // this is the case where a 'normal' redirect is happening\n if (serverTokenExchangeFromState(state)) {\n console.log(\n \"handleCallback serverTokenExchangeFromState, redirect to appUrl\",\n appUrl,\n );\n if (!appUrl) {\n throw new Error(\"appUrl undefined. Cannot redirect.\");\n }\n return NextResponse.redirect(`${appUrl}`);\n }\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(\n `<html><span style=\"display:none\">${TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`,\n );\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => new URL(redirectPath, currentBasePath).href;\n\nexport async function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n\n const appUrl = request.nextUrl.searchParams.get(\"appUrl\");\n\n const finalRedirectUrl = isAbsoluteRedirect\n ? redirectTarget\n : getAbsoluteRedirectPath(\n redirectTarget,\n new URL(appUrl ?? request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies(config);\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge(request, config);\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies(config);\n return response;\n }\n };\n"]}
|