@civic/auth 0.10.0-beta.1 → 0.10.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +5 -0
- package/README.md +1 -0
- package/dist/browser/storage.d.ts +1 -0
- package/dist/browser/storage.d.ts.map +1 -1
- package/dist/browser/storage.js +3 -0
- package/dist/browser/storage.js.map +1 -1
- package/dist/lib/logger.d.ts +2 -0
- package/dist/lib/logger.d.ts.map +1 -1
- package/dist/lib/logger.js +2 -0
- package/dist/lib/logger.js.map +1 -1
- package/dist/nextjs/config.d.ts +35 -3
- package/dist/nextjs/config.d.ts.map +1 -1
- package/dist/nextjs/config.js +76 -25
- package/dist/nextjs/config.js.map +1 -1
- package/dist/nextjs/cookies.d.ts +2 -1
- package/dist/nextjs/cookies.d.ts.map +1 -1
- package/dist/nextjs/cookies.js +35 -5
- package/dist/nextjs/cookies.js.map +1 -1
- package/dist/nextjs/hooks/useInitialAuthConfig.d.ts.map +1 -1
- package/dist/nextjs/hooks/useInitialAuthConfig.js +36 -13
- package/dist/nextjs/hooks/useInitialAuthConfig.js.map +1 -1
- package/dist/nextjs/middleware.d.ts +2 -1
- package/dist/nextjs/middleware.d.ts.map +1 -1
- package/dist/nextjs/middleware.js +49 -56
- package/dist/nextjs/middleware.js.map +1 -1
- package/dist/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
- package/dist/nextjs/providers/NextAuthProvider.js +8 -5
- package/dist/nextjs/providers/NextAuthProvider.js.map +1 -1
- package/dist/nextjs/providers/NextAuthProviderClient.d.ts +3 -2
- package/dist/nextjs/providers/NextAuthProviderClient.d.ts.map +1 -1
- package/dist/nextjs/providers/NextAuthProviderClient.js +3 -3
- package/dist/nextjs/providers/NextAuthProviderClient.js.map +1 -1
- package/dist/nextjs/providers/ServerUserContext.d.ts +6 -1
- package/dist/nextjs/providers/ServerUserContext.d.ts.map +1 -1
- package/dist/nextjs/providers/ServerUserContext.js.map +1 -1
- package/dist/nextjs/routeHandler.d.ts +3 -0
- package/dist/nextjs/routeHandler.d.ts.map +1 -1
- package/dist/nextjs/routeHandler.js +16 -20
- package/dist/nextjs/routeHandler.js.map +1 -1
- package/dist/nextjs/utils.d.ts +30 -6
- package/dist/nextjs/utils.d.ts.map +1 -1
- package/dist/nextjs/utils.js +159 -35
- package/dist/nextjs/utils.js.map +1 -1
- package/dist/reactjs/core/GlobalAuthManager.d.ts +6 -2
- package/dist/reactjs/core/GlobalAuthManager.d.ts.map +1 -1
- package/dist/reactjs/core/GlobalAuthManager.js +26 -7
- package/dist/reactjs/core/GlobalAuthManager.js.map +1 -1
- package/dist/reactjs/hooks/useUser.d.ts.map +1 -1
- package/dist/reactjs/hooks/useUser.js +83 -130
- package/dist/reactjs/hooks/useUser.js.map +1 -1
- package/dist/server/ServerAuthenticationResolver.d.ts +3 -2
- package/dist/server/ServerAuthenticationResolver.d.ts.map +1 -1
- package/dist/server/ServerAuthenticationResolver.js +23 -6
- package/dist/server/ServerAuthenticationResolver.js.map +1 -1
- package/dist/server/index.d.ts +1 -0
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js.map +1 -1
- package/dist/server/login.d.ts +2 -1
- package/dist/server/login.d.ts.map +1 -1
- package/dist/server/login.js.map +1 -1
- package/dist/server/session.d.ts +4 -3
- package/dist/server/session.d.ts.map +1 -1
- package/dist/server/session.js.map +1 -1
- package/dist/server/users.d.ts +4 -3
- package/dist/server/users.d.ts.map +1 -1
- package/dist/server/users.js.map +1 -1
- package/dist/services/types.d.ts +1 -1
- package/dist/services/types.d.ts.map +1 -1
- package/dist/services/types.js.map +1 -1
- package/dist/shared/hooks/index.d.ts +0 -1
- package/dist/shared/hooks/index.d.ts.map +1 -1
- package/dist/shared/hooks/index.js +0 -1
- package/dist/shared/hooks/index.js.map +1 -1
- package/dist/shared/lib/BrowserAuthenticationRefresher.d.ts.map +1 -1
- package/dist/shared/lib/BrowserAuthenticationRefresher.js +14 -6
- package/dist/shared/lib/BrowserAuthenticationRefresher.js.map +1 -1
- package/dist/shared/lib/BrowserCookieStorage.d.ts.map +1 -1
- package/dist/shared/lib/BrowserCookieStorage.js +5 -1
- package/dist/shared/lib/BrowserCookieStorage.js.map +1 -1
- package/dist/shared/lib/GenericAuthenticationRefresher.d.ts +1 -0
- package/dist/shared/lib/GenericAuthenticationRefresher.d.ts.map +1 -1
- package/dist/shared/lib/GenericAuthenticationRefresher.js +2 -0
- package/dist/shared/lib/GenericAuthenticationRefresher.js.map +1 -1
- package/dist/shared/lib/UserSession.d.ts +4 -3
- package/dist/shared/lib/UserSession.d.ts.map +1 -1
- package/dist/shared/lib/UserSession.js +4 -0
- package/dist/shared/lib/UserSession.js.map +1 -1
- package/dist/shared/lib/cookieConfig.d.ts +1 -1
- package/dist/shared/lib/cookieConfig.d.ts.map +1 -1
- package/dist/shared/lib/cookieConfig.js +2 -1
- package/dist/shared/lib/cookieConfig.js.map +1 -1
- package/dist/shared/lib/cookieUtils.d.ts +6 -0
- package/dist/shared/lib/cookieUtils.d.ts.map +1 -0
- package/dist/shared/lib/cookieUtils.js +21 -0
- package/dist/shared/lib/cookieUtils.js.map +1 -0
- package/dist/shared/lib/session.d.ts +2 -1
- package/dist/shared/lib/session.d.ts.map +1 -1
- package/dist/shared/lib/session.js +11 -2
- package/dist/shared/lib/session.js.map +1 -1
- package/dist/shared/lib/util.d.ts +2 -2
- package/dist/shared/lib/util.d.ts.map +1 -1
- package/dist/shared/lib/util.js +4 -4
- package/dist/shared/lib/util.js.map +1 -1
- package/dist/shared/version.d.ts +1 -1
- package/dist/shared/version.d.ts.map +1 -1
- package/dist/shared/version.js +1 -1
- package/dist/shared/version.js.map +1 -1
- package/dist/types.d.ts +4 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts +4 -3
- package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts.map +1 -1
- package/dist/vanillajs/auth/BackendAuthenticationRefresher.js +42 -21
- package/dist/vanillajs/auth/BackendAuthenticationRefresher.js.map +1 -1
- package/dist/vanillajs/auth/SessionManager.d.ts.map +1 -1
- package/dist/vanillajs/auth/SessionManager.js +23 -16
- package/dist/vanillajs/auth/SessionManager.js.map +1 -1
- package/dist/vanillajs/auth/TokenRefresher.d.ts +3 -0
- package/dist/vanillajs/auth/TokenRefresher.d.ts.map +1 -1
- package/dist/vanillajs/auth/TokenRefresher.js +27 -4
- package/dist/vanillajs/auth/TokenRefresher.js.map +1 -1
- package/dist/vanillajs/auth/config/ConfigProcessor.d.ts.map +1 -1
- package/dist/vanillajs/auth/config/ConfigProcessor.js +3 -1
- package/dist/vanillajs/auth/config/ConfigProcessor.js.map +1 -1
- package/dist/vanillajs/auth/handlers/IframeAuthHandler.d.ts.map +1 -1
- package/dist/vanillajs/auth/handlers/IframeAuthHandler.js +18 -0
- package/dist/vanillajs/auth/handlers/IframeAuthHandler.js.map +1 -1
- package/dist/vanillajs/auth/types/AuthTypes.d.ts +3 -0
- package/dist/vanillajs/auth/types/AuthTypes.d.ts.map +1 -1
- package/dist/vanillajs/auth/types/AuthTypes.js.map +1 -1
- package/package.json +1 -1
- package/dist/nextjs/hooks/useRefresh.d.ts +0 -5
- package/dist/nextjs/hooks/useRefresh.d.ts.map +0 -1
- package/dist/nextjs/hooks/useRefresh.js +0 -57
- package/dist/nextjs/hooks/useRefresh.js.map +0 -1
- package/dist/shared/hooks/useRefresh.d.ts +0 -6
- package/dist/shared/hooks/useRefresh.d.ts.map +0 -1
- package/dist/shared/hooks/useRefresh.js +0 -47
- package/dist/shared/hooks/useRefresh.js.map +0 -1
|
@@ -3,10 +3,12 @@
|
|
|
3
3
|
* Reusable across NextJS components that need to initialize GlobalAuthManager
|
|
4
4
|
*/
|
|
5
5
|
"use client";
|
|
6
|
-
import { useMemo } from "react";
|
|
6
|
+
import { useMemo, useState } from "react";
|
|
7
7
|
import { useRouter, usePathname } from "next/navigation.js";
|
|
8
8
|
import { resolveAuthConfig } from "../../nextjs/config.js";
|
|
9
9
|
import { revalidateUserData } from "../../nextjs/actions.js";
|
|
10
|
+
import { BrowserCookieStorage } from "../../shared/index.js";
|
|
11
|
+
import { loggers } from "../../lib/logger.js";
|
|
10
12
|
/**
|
|
11
13
|
* Hook that creates the initial auth configuration
|
|
12
14
|
* Can be used standalone or merged with overrides
|
|
@@ -15,12 +17,17 @@ export const useInitialAuthConfig = (options = {}) => {
|
|
|
15
17
|
const router = useRouter();
|
|
16
18
|
const pathname = usePathname();
|
|
17
19
|
const resolvedConfig = resolveAuthConfig(options);
|
|
18
|
-
|
|
20
|
+
// Force a re-render when the page gets re-rendered after sign-in/sign-out
|
|
21
|
+
// so that client-side hooks and event listeners are properly initialized
|
|
22
|
+
const [hasSignedOut, setHasSignedOut] = useState(false);
|
|
23
|
+
const { clientId, oauthServer, loginSuccessUrl, loginInitUrl, logoutUrl, refreshUrl, userUrl, logoutCallbackUrl, callbackUrl, targetContainerElement, } = resolvedConfig;
|
|
19
24
|
const baseConfig = useMemo(() => {
|
|
20
25
|
return {
|
|
26
|
+
// we need this to retrieve client-available cookies for auto-refresh etc.
|
|
27
|
+
storage: new BrowserCookieStorage(),
|
|
21
28
|
clientId: clientId,
|
|
22
29
|
loginUrl: typeof window !== "undefined"
|
|
23
|
-
? window.location.origin +
|
|
30
|
+
? window.location.origin + loginInitUrl
|
|
24
31
|
: undefined,
|
|
25
32
|
redirectUrl: typeof window !== "undefined"
|
|
26
33
|
? window.location.origin + callbackUrl
|
|
@@ -41,15 +48,27 @@ export const useInitialAuthConfig = (options = {}) => {
|
|
|
41
48
|
enabled: false,
|
|
42
49
|
},
|
|
43
50
|
backendEndpoints: {
|
|
44
|
-
user:
|
|
51
|
+
user: userUrl,
|
|
45
52
|
refresh: refreshUrl,
|
|
46
53
|
logout: logoutUrl,
|
|
47
54
|
},
|
|
55
|
+
onSignOut: async () => {
|
|
56
|
+
setHasSignedOut(true);
|
|
57
|
+
router.refresh();
|
|
58
|
+
},
|
|
59
|
+
onRefresh: async (error) => {
|
|
60
|
+
if (error) {
|
|
61
|
+
loggers.nextjs.hooks.error("onRefresh: Error refreshing", error);
|
|
62
|
+
}
|
|
63
|
+
setHasSignedOut(false);
|
|
64
|
+
router.refresh();
|
|
65
|
+
},
|
|
48
66
|
onSignIn: async (error) => {
|
|
49
67
|
if (error) {
|
|
50
|
-
|
|
68
|
+
loggers.nextjs.hooks.error("onSignIn: Error signing in", error);
|
|
51
69
|
return;
|
|
52
70
|
}
|
|
71
|
+
setHasSignedOut(false);
|
|
53
72
|
try {
|
|
54
73
|
// Trigger server-side revalidation to force NextAuthProvider to re-run
|
|
55
74
|
await revalidateUserData(pathname);
|
|
@@ -65,24 +84,28 @@ export const useInitialAuthConfig = (options = {}) => {
|
|
|
65
84
|
}
|
|
66
85
|
},
|
|
67
86
|
onUrlChange: options.onUrlChange,
|
|
68
|
-
initialUser: options.serverUser || null,
|
|
87
|
+
initialUser: (!hasSignedOut && options.serverUser) || null,
|
|
88
|
+
// initialUser: options.serverUser || null,
|
|
69
89
|
initialIdToken: null, // ID token is httpOnly and not accessible
|
|
70
90
|
};
|
|
71
91
|
}, [
|
|
72
92
|
clientId,
|
|
93
|
+
loginInitUrl,
|
|
94
|
+
callbackUrl,
|
|
73
95
|
oauthServer,
|
|
74
|
-
loginSuccessUrl,
|
|
75
96
|
logoutCallbackUrl,
|
|
76
|
-
|
|
77
|
-
logoutUrl,
|
|
78
|
-
router,
|
|
79
|
-
pathname,
|
|
97
|
+
loginSuccessUrl,
|
|
80
98
|
targetContainerElement,
|
|
81
|
-
callbackUrl,
|
|
82
99
|
options.displayMode,
|
|
83
100
|
options.iframeMode,
|
|
84
|
-
options.serverUser,
|
|
85
101
|
options.onUrlChange,
|
|
102
|
+
options.serverUser,
|
|
103
|
+
userUrl,
|
|
104
|
+
refreshUrl,
|
|
105
|
+
logoutUrl,
|
|
106
|
+
hasSignedOut,
|
|
107
|
+
router,
|
|
108
|
+
pathname,
|
|
86
109
|
]);
|
|
87
110
|
const createConfigWithOverrides = useMemo(() => {
|
|
88
111
|
return (overrides = {}) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useInitialAuthConfig.js","sourceRoot":"","sources":["../../../src/nextjs/hooks/useInitialAuthConfig.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,YAAY,CAAC;AAEb,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"useInitialAuthConfig.js","sourceRoot":"","sources":["../../../src/nextjs/hooks/useInitialAuthConfig.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,YAAY,CAAC;AAEb,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAIvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAsB1C;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,UAAuC,EAAE,EAOzC,EAAE;IACF,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,cAAc,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAClD,0EAA0E;IAC1E,yEAAyE;IACzE,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAU,KAAK,CAAC,CAAC;IACjE,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,eAAe,EACf,YAAY,EACZ,SAAS,EACT,UAAU,EACV,OAAO,EACP,iBAAiB,EACjB,WAAW,EACX,sBAAsB,GACvB,GAAG,cAAc,CAAC;IAEnB,MAAM,UAAU,GAAqB,OAAO,CAAC,GAAG,EAAE;QAChD,OAAO;YACL,0EAA0E;YAC1E,OAAO,EAAE,IAAI,oBAAoB,EAAE;YACnC,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EACN,OAAO,MAAM,KAAK,WAAW;gBAC3B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,YAAY;gBACvC,CAAC,CAAC,SAAS;YACf,WAAW,EACT,OAAO,MAAM,KAAK,WAAW;gBAC3B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,WAAW;gBACtC,CAAC,CAAC,SAAS;YACf,MAAM,EAAE;gBACN,WAAW,EAAE,WAAW;gBACxB,kBAAkB,EAAE,WAAW;aAChC;YACD,iBAAiB,EAAE,iBAAiB;YACpC,eAAe,EAAE,eAAe;YAChC,sBAAsB,EAAE,sBAAsB;YAC9C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,iBAAiB,EAAE,iBAAiB;YACpC,SAAS,EAAE,QAAQ;YACnB,OAAO,EAAE;gBACP,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,KAAK;aACf;YACD,gBAAgB,EAAE;gBAChB,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,UAAU;gBACnB,MAAM,EAAE,SAAS;aAClB;YACD,SAAS,EAAE,KAAK,IAAI,EAAE;gBACpB,eAAe,CAAC,IAAI,CAAC,CAAC;gBACtB,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,CAAC;YACD,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBACzB,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;gBACnE,CAAC;gBACD,eAAe,CAAC,KAAK,CAAC,CAAC;gBACvB,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,CAAC;YACD,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBACxB,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;oBAChE,OAAO;gBACT,CAAC;gBACD,eAAe,CAAC,KAAK,CAAC,CAAC;gBACvB,IAAI,CAAC;oBACH,uEAAuE;oBACvE,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACnC,qBAAqB;oBACrB,IAAI,eAAe,IAAI,eAAe,KAAK,QAAQ,EAAE,CAAC;wBACpD,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;oBAC/B,CAAC;gBACH,CAAC;gBAAC,OAAO,eAAe,EAAE,CAAC;oBACzB,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,eAAe,CAAC,CAAC;oBACjE,sDAAsD;oBACtD,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,CAAC;YACH,CAAC;YACD,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,CAAC,CAAC,YAAY,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,IAAI;YAC1D,2CAA2C;YAC3C,cAAc,EAAE,IAAI,EAAE,0CAA0C;SACjE,CAAC;IACJ,CAAC,EAAE;QACD,QAAQ;QACR,YAAY;QACZ,WAAW;QACX,WAAW;QACX,iBAAiB;QACjB,eAAe;QACf,sBAAsB;QACtB,OAAO,CAAC,WAAW;QACnB,OAAO,CAAC,UAAU;QAClB,OAAO,CAAC,WAAW;QACnB,OAAO,CAAC,UAAU;QAClB,OAAO;QACP,UAAU;QACV,SAAS;QACT,YAAY;QACZ,MAAM;QACN,QAAQ;KACT,CAAC,CAAC;IAEH,MAAM,yBAAyB,GAAG,OAAO,CAAC,GAAG,EAAE;QAC7C,OAAO,CACL,YAA2C,EAAE,EAC3B,EAAE;YACpB,OAAO;gBACL,GAAG,UAAU;gBACb,6DAA6D;gBAC7D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;gBACpE,GAAG,CAAC,SAAS,CAAC,UAAU,KAAK,SAAS,IAAI;oBACxC,UAAU,EAAE,SAAS,CAAC,UAAU;iBACjC,CAAC;gBACF,GAAG,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC;gBAC3D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;gBACpE,GAAG,CAAC,SAAS,CAAC,iBAAiB,IAAI;oBACjC,iBAAiB,EAAE,SAAS,CAAC,iBAAiB;iBAC/C,CAAC;gBACF,GAAG,CAAC,SAAS,CAAC,sBAAsB,IAAI;oBACtC,sBAAsB,EAAE,SAAS,CAAC,sBAAsB;iBACzD,CAAC;aACH,CAAC;QACJ,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;IAEjB,OAAO;QACL,aAAa,EAAE,UAAU;QACzB,yBAAyB;QACzB,SAAS;KACV,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/**\n * Hook for creating the initial auth configuration\n * Reusable across NextJS components that need to initialize GlobalAuthManager\n */\n\"use client\";\n\nimport { useMemo, useState } from \"react\";\nimport { useRouter, usePathname } from \"next/navigation.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport type { GlobalAuthConfig } from \"@/reactjs/core/GlobalAuthManager.js\";\nimport type { VanillaJSDisplayMode } from \"@/vanillajs/auth/types/AuthTypes.js\";\nimport type { User, IframeMode } from \"@/types.js\";\nimport { revalidateUserData } from \"@/nextjs/actions.js\";\nimport { BrowserCookieStorage } from \"@/shared/index.js\";\nimport { loggers } from \"@/lib/logger.js\";\n\nexport interface UseInitialAuthConfigOptions {\n displayMode?: VanillaJSDisplayMode;\n iframeMode?: IframeMode;\n serverUser?: User | null;\n nonce?: string;\n targetContainerElement?: HTMLElement | string;\n oauthServer?: string;\n loginSuccessUrl?: string;\n onUrlChange?: (url: string, source?: string) => void;\n}\n\nexport interface UseInitialAuthConfigOverrides {\n displayMode?: VanillaJSDisplayMode;\n iframeMode?: IframeMode;\n clientId?: string;\n redirectUrl?: string;\n logoutRedirectUrl?: string;\n targetContainerElement?: string;\n}\n\n/**\n * Hook that creates the initial auth configuration\n * Can be used standalone or merged with overrides\n */\nexport const useInitialAuthConfig = (\n options: UseInitialAuthConfigOptions = {},\n): {\n initialConfig: GlobalAuthConfig;\n createConfigWithOverrides: (\n overrides?: UseInitialAuthConfigOverrides,\n ) => GlobalAuthConfig;\n logoutUrl: string;\n} => {\n const router = useRouter();\n const pathname = usePathname();\n const resolvedConfig = resolveAuthConfig(options);\n // Force a re-render when the page gets re-rendered after sign-in/sign-out\n // so that client-side hooks and event listeners are properly initialized\n const [hasSignedOut, setHasSignedOut] = useState<boolean>(false);\n const {\n clientId,\n oauthServer,\n loginSuccessUrl,\n loginInitUrl,\n logoutUrl,\n refreshUrl,\n userUrl,\n logoutCallbackUrl,\n callbackUrl,\n targetContainerElement,\n } = resolvedConfig;\n\n const baseConfig: GlobalAuthConfig = useMemo(() => {\n return {\n // we need this to retrieve client-available cookies for auto-refresh etc.\n storage: new BrowserCookieStorage(),\n clientId: clientId,\n loginUrl:\n typeof window !== \"undefined\"\n ? window.location.origin + loginInitUrl\n : undefined,\n redirectUrl:\n typeof window !== \"undefined\"\n ? window.location.origin + callbackUrl\n : undefined,\n config: {\n oauthServer: oauthServer,\n oauthServerBaseUrl: oauthServer,\n },\n logoutRedirectUrl: logoutCallbackUrl,\n loginSuccessUrl: loginSuccessUrl,\n targetContainerElement: targetContainerElement,\n displayMode: options.displayMode,\n iframeMode: options.iframeMode,\n logoutCallbackUrl: logoutCallbackUrl,\n framework: \"nextjs\",\n logging: {\n level: \"debug\",\n enabled: false,\n },\n backendEndpoints: {\n user: userUrl,\n refresh: refreshUrl,\n logout: logoutUrl,\n },\n onSignOut: async () => {\n setHasSignedOut(true);\n router.refresh();\n },\n onRefresh: async (error) => {\n if (error) {\n loggers.nextjs.hooks.error(\"onRefresh: Error refreshing\", error);\n }\n setHasSignedOut(false);\n router.refresh();\n },\n onSignIn: async (error) => {\n if (error) {\n loggers.nextjs.hooks.error(\"onSignIn: Error signing in\", error);\n return;\n }\n setHasSignedOut(false);\n try {\n // Trigger server-side revalidation to force NextAuthProvider to re-run\n await revalidateUserData(pathname);\n // Navigate if needed\n if (loginSuccessUrl && loginSuccessUrl !== pathname) {\n router.push(loginSuccessUrl);\n }\n } catch (revalidateError) {\n console.error(\"onSignIn: Revalidation failed:\", revalidateError);\n // Fallback to router.refresh() if server action fails\n router.refresh();\n }\n },\n onUrlChange: options.onUrlChange,\n initialUser: (!hasSignedOut && options.serverUser) || null,\n // initialUser: options.serverUser || null,\n initialIdToken: null, // ID token is httpOnly and not accessible\n };\n }, [\n clientId,\n loginInitUrl,\n callbackUrl,\n oauthServer,\n logoutCallbackUrl,\n loginSuccessUrl,\n targetContainerElement,\n options.displayMode,\n options.iframeMode,\n options.onUrlChange,\n options.serverUser,\n userUrl,\n refreshUrl,\n logoutUrl,\n hasSignedOut,\n router,\n pathname,\n ]);\n\n const createConfigWithOverrides = useMemo(() => {\n return (\n overrides: UseInitialAuthConfigOverrides = {},\n ): GlobalAuthConfig => {\n return {\n ...baseConfig,\n // Override specific properties while keeping the base config\n ...(overrides.displayMode && { displayMode: overrides.displayMode }),\n ...(overrides.iframeMode !== undefined && {\n iframeMode: overrides.iframeMode,\n }),\n ...(overrides.clientId && { clientId: overrides.clientId }),\n ...(overrides.redirectUrl && { redirectUrl: overrides.redirectUrl }),\n ...(overrides.logoutRedirectUrl && {\n logoutRedirectUrl: overrides.logoutRedirectUrl,\n }),\n ...(overrides.targetContainerElement && {\n targetContainerElement: overrides.targetContainerElement,\n }),\n };\n };\n }, [baseConfig]);\n\n return {\n initialConfig: baseConfig,\n createConfigWithOverrides,\n logoutUrl,\n };\n};\n"]}
|
|
@@ -23,6 +23,7 @@ import type { NextRequest } from "next/server.js";
|
|
|
23
23
|
import { NextResponse } from "next/server.js";
|
|
24
24
|
import type { AuthConfigWithDefaults, OptionalAuthConfig } from "../nextjs/config.js";
|
|
25
25
|
import type { SessionData } from "../types.js";
|
|
26
|
+
import { NextjsMiddlewareCookieStorage } from "./utils.js";
|
|
26
27
|
type Middleware = (request: NextRequest) => Promise<NextResponse> | NextResponse;
|
|
27
28
|
/**
|
|
28
29
|
* use a ServerAuthenticationResolver to validate the existing session
|
|
@@ -31,7 +32,7 @@ type Middleware = (request: NextRequest) => Promise<NextResponse> | NextResponse
|
|
|
31
32
|
* @param request NextRequest object from middleware
|
|
32
33
|
* @returns {Promise<SessionData>}
|
|
33
34
|
*/
|
|
34
|
-
export declare const validateAuthTokensIfPresent: (authConfigWithDefaults: AuthConfigWithDefaults,
|
|
35
|
+
export declare const validateAuthTokensIfPresent: (authConfigWithDefaults: AuthConfigWithDefaults, storage: NextjsMiddlewareCookieStorage) => Promise<SessionData>;
|
|
35
36
|
/**
|
|
36
37
|
*
|
|
37
38
|
* Use this when auth is the only middleware you need.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,KAAK,EACV,sBAAsB,EACtB,kBAAkB,EACnB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,KAAK,EACV,sBAAsB,EACtB,kBAAkB,EACnB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAS9C,OAAO,EAAE,6BAA6B,EAAE,MAAM,YAAY,CAAC;AAK3D,KAAK,UAAU,GAAG,CAChB,OAAO,EAAE,WAAW,KACjB,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAE1C;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,2BACd,sBAAsB,WACrC,6BAA6B,KACrC,OAAO,CAAC,WAAW,CAgBrB,CAAC;AA2FF;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,gBACZ,kBAAkB,eACf,WAAW,KAAG,OAAO,CAAC,YAAY,CAOjD,CAAC;AAEJ;;;;;;;GAOG;AAEH,wBAAgB,QAAQ,CACtB,UAAU,EAAE,UAAU,GACrB,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAEjD;AAKD;;;;;;;;;;GAUG;AACH,wBAAgB,IAAI,CAAC,UAAU,GAAE,kBAAuB,gBAExC,UAAU,KACrB,CAAC,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC,CA2BrD"}
|
|
@@ -2,34 +2,10 @@ import { NextResponse } from "next/server.js";
|
|
|
2
2
|
import { resolveAuthConfig } from "../nextjs/config.js";
|
|
3
3
|
import { loggers } from "../lib/logger.js";
|
|
4
4
|
import { ServerAuthenticationResolver } from "../server/ServerAuthenticationResolver.js";
|
|
5
|
-
import { shouldAttemptRefresh,
|
|
5
|
+
import { shouldAttemptRefresh, shouldSkipAuthForSystemUrls, handleLoginUrl, shouldSkipAuthForRoutePatterns, handleUnauthenticatedUser, copyCivicCookies, } from "./utils.js";
|
|
6
|
+
import { NextjsMiddlewareCookieStorage } from "./utils.js";
|
|
7
|
+
import { UserStorage } from "../shared/lib/types.js";
|
|
6
8
|
const logger = loggers.nextjs.middleware;
|
|
7
|
-
/**
|
|
8
|
-
* CookieStorage implementation for NextJS middleware context that works with NextRequest
|
|
9
|
-
*/
|
|
10
|
-
class NextjsReadOnlyRequestCookieStorage {
|
|
11
|
-
request;
|
|
12
|
-
constructor(request) {
|
|
13
|
-
this.request = request;
|
|
14
|
-
}
|
|
15
|
-
async get(key) {
|
|
16
|
-
return this.request.cookies.get(key)?.value || null;
|
|
17
|
-
}
|
|
18
|
-
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
19
|
-
async set(key, value) {
|
|
20
|
-
// In middleware, we can only set cookies via response objects
|
|
21
|
-
// This method can't be used directly in middleware
|
|
22
|
-
logger.error("Cannot set cookies directly in middleware");
|
|
23
|
-
throw new Error("Cannot set cookies directly in middleware");
|
|
24
|
-
}
|
|
25
|
-
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
26
|
-
async delete(key) {
|
|
27
|
-
// In middleware, we can only delete cookies via response objects
|
|
28
|
-
// This method can't be used directly in middleware
|
|
29
|
-
logger.error("Cannot delete cookies directly in middleware");
|
|
30
|
-
throw new Error("Cannot delete cookies directly in middleware");
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
9
|
/**
|
|
34
10
|
* use a ServerAuthenticationResolver to validate the existing session
|
|
35
11
|
* using NextJS cookie storage
|
|
@@ -37,17 +13,14 @@ class NextjsReadOnlyRequestCookieStorage {
|
|
|
37
13
|
* @param request NextRequest object from middleware
|
|
38
14
|
* @returns {Promise<SessionData>}
|
|
39
15
|
*/
|
|
40
|
-
export const validateAuthTokensIfPresent = async (authConfigWithDefaults,
|
|
16
|
+
export const validateAuthTokensIfPresent = async (authConfigWithDefaults, storage) => {
|
|
41
17
|
try {
|
|
42
|
-
// TODO: evaluate a more performant way to validate tokens
|
|
43
|
-
// than having to call and verify the JWT tokens on every request
|
|
44
|
-
const storage = new NextjsReadOnlyRequestCookieStorage(request);
|
|
45
18
|
const authSessionService = await ServerAuthenticationResolver.build({
|
|
46
19
|
...authConfigWithDefaults,
|
|
47
20
|
redirectUrl: authConfigWithDefaults.callbackUrl,
|
|
48
21
|
}, storage);
|
|
49
|
-
// validate the existing session
|
|
50
|
-
const existingSession = await authSessionService.validateExistingSession(
|
|
22
|
+
// validate the existing session and rehydrate and update cookies to the response if necessary
|
|
23
|
+
const existingSession = await authSessionService.validateExistingSession();
|
|
51
24
|
return existingSession;
|
|
52
25
|
}
|
|
53
26
|
catch (error) {
|
|
@@ -66,9 +39,26 @@ export const validateAuthTokensIfPresent = async (authConfigWithDefaults, reques
|
|
|
66
39
|
*/
|
|
67
40
|
const applyAuth = async (authConfig, request) => {
|
|
68
41
|
const authConfigWithDefaults = resolveAuthConfig(authConfig);
|
|
42
|
+
const response = NextResponse.next();
|
|
43
|
+
const cookieConfig = {
|
|
44
|
+
...authConfigWithDefaults?.cookies?.tokens,
|
|
45
|
+
[UserStorage.USER]: authConfigWithDefaults?.cookies?.user || {},
|
|
46
|
+
};
|
|
47
|
+
logger.debug("Incoming request:", {
|
|
48
|
+
pathName: request.nextUrl.pathname,
|
|
49
|
+
method: request.method,
|
|
50
|
+
});
|
|
51
|
+
const storage = new NextjsMiddlewareCookieStorage(cookieConfig, request, response);
|
|
52
|
+
// check if the incoming path is a system URL
|
|
53
|
+
const shouldSkipAuthForSystemUrlsCheck = shouldSkipAuthForSystemUrls(request.nextUrl.pathname, authConfigWithDefaults);
|
|
54
|
+
// Skip authentication for system URLs (callback, challenge, logout)
|
|
55
|
+
// we don't want to validate the session in this case as this would
|
|
56
|
+
// auto-hydrate and potential conflict with the logic of the api call
|
|
57
|
+
if (shouldSkipAuthForSystemUrlsCheck) {
|
|
58
|
+
return response;
|
|
59
|
+
}
|
|
69
60
|
// Step 1: Understand the current authentication state
|
|
70
|
-
const session = await validateAuthTokensIfPresent(authConfigWithDefaults,
|
|
71
|
-
const shouldSkipAuthForSystemUrlsCheck = shouldSkipAuthForSystemUrls(request.nextUrl.pathname, authConfigWithDefaults, request.method);
|
|
61
|
+
const session = await validateAuthTokensIfPresent(authConfigWithDefaults, storage);
|
|
72
62
|
const shouldSkipAuthForRoutePatternsCheck = shouldSkipAuthForRoutePatterns(request.nextUrl.pathname, authConfigWithDefaults);
|
|
73
63
|
const pathNameIsLoginUrl = request.nextUrl.pathname === authConfigWithDefaults.loginUrl;
|
|
74
64
|
logger.debug("Authentication state:", {
|
|
@@ -78,36 +68,23 @@ const applyAuth = async (authConfig, request) => {
|
|
|
78
68
|
shouldAttemptRefresh: shouldAttemptRefresh(session),
|
|
79
69
|
shouldSkipAuthForSystemUrls: shouldSkipAuthForSystemUrlsCheck,
|
|
80
70
|
shouldSkipAuthForRoutePatterns: shouldSkipAuthForRoutePatternsCheck,
|
|
81
|
-
...authConfigWithDefaults,
|
|
82
71
|
});
|
|
83
|
-
// Attempt token refresh if needed (OAuth pipeline)
|
|
84
|
-
if (shouldAttemptRefresh(session)) {
|
|
85
|
-
const refreshResponse = createRefreshResponse(request, authConfigWithDefaults);
|
|
86
|
-
if (refreshResponse) {
|
|
87
|
-
logger.debug("Handle refresh response", refreshResponse.url);
|
|
88
|
-
return refreshResponse;
|
|
89
|
-
}
|
|
90
|
-
}
|
|
91
|
-
// Skip authentication for system URLs (callback, challenge, logout)
|
|
92
|
-
if (shouldSkipAuthForSystemUrlsCheck) {
|
|
93
|
-
return undefined;
|
|
94
|
-
}
|
|
95
|
-
// Handle login URL with special logic
|
|
72
|
+
// Step 2: Attempt token refresh if needed (the OAuth pipeline approach) // Handle login URL with special logic
|
|
96
73
|
if (pathNameIsLoginUrl) {
|
|
97
74
|
handleLoginUrl(request.nextUrl.pathname, session, authConfigWithDefaults);
|
|
98
|
-
return
|
|
75
|
+
return response; // Always allow access to login URL
|
|
99
76
|
}
|
|
100
77
|
// Skip authentication for routes not matching include/exclude patterns
|
|
101
78
|
if (shouldSkipAuthForRoutePatternsCheck) {
|
|
102
|
-
return
|
|
79
|
+
return response;
|
|
103
80
|
}
|
|
104
81
|
// Handle unauthenticated users on protected routes
|
|
105
82
|
if (!session.authenticated) {
|
|
106
|
-
return handleUnauthenticatedUser(session, request, authConfigWithDefaults);
|
|
83
|
+
return handleUnauthenticatedUser(session, request, response, storage, authConfigWithDefaults);
|
|
107
84
|
}
|
|
108
85
|
// Happy ending - authentication passed
|
|
109
|
-
logger.debug("→ Authentication successful, allowing access");
|
|
110
|
-
return
|
|
86
|
+
logger.debug("→ Authentication successful, allowing access to", response.url);
|
|
87
|
+
return response;
|
|
111
88
|
};
|
|
112
89
|
/**
|
|
113
90
|
*
|
|
@@ -137,6 +114,7 @@ export const authMiddleware = (authConfig = {}) => async (request) => {
|
|
|
137
114
|
export function withAuth(middleware) {
|
|
138
115
|
return auth()(middleware);
|
|
139
116
|
}
|
|
117
|
+
const isRedirectResponse = (response) => response && response.status === 307;
|
|
140
118
|
/**
|
|
141
119
|
* Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)
|
|
142
120
|
*
|
|
@@ -152,9 +130,24 @@ export function auth(authConfig = {}) {
|
|
|
152
130
|
return (middleware) => {
|
|
153
131
|
return async (request) => {
|
|
154
132
|
const response = await applyAuth(authConfig, request);
|
|
155
|
-
if
|
|
133
|
+
// if the response is redirected it means that the user is not authenticated
|
|
134
|
+
// so we skip the rest of the custom middleware to redirect to the login page
|
|
135
|
+
if (response && isRedirectResponse(response)) {
|
|
136
|
+
logger.debug("User is unauthenticated, redirecting to ", response.headers.get("location"));
|
|
156
137
|
return response;
|
|
157
|
-
|
|
138
|
+
}
|
|
139
|
+
// ensure requests get the cookies in case of redirects
|
|
140
|
+
if (response) {
|
|
141
|
+
copyCivicCookies(response, request);
|
|
142
|
+
}
|
|
143
|
+
const middlewareResponse = await middleware(request);
|
|
144
|
+
// we need to ensure that the civic cookies that were potentially
|
|
145
|
+
// added by CivicAuth are set on the final response after all
|
|
146
|
+
// middleware has been run
|
|
147
|
+
if (response) {
|
|
148
|
+
copyCivicCookies(response, middlewareResponse);
|
|
149
|
+
}
|
|
150
|
+
return middlewareResponse;
|
|
158
151
|
};
|
|
159
152
|
};
|
|
160
153
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAK9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AAExF,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,2BAA2B,EAC3B,cAAc,EACd,8BAA8B,EAC9B,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAEpB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;AAEzC;;GAEG;AACH,MAAM,kCAAkC;IAClB;IAApB,YAAoB,OAAoB;QAApB,YAAO,GAAP,OAAO,CAAa;IAAG,CAAC;IAE5C,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IACtD,CAAC;IAED,6DAA6D;IAC7D,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAClC,8DAA8D;QAC9D,mDAAmD;QACnD,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IAED,6DAA6D;IAC7D,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,iEAAiE;QACjE,mDAAmD;QACnD,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;CACF;AAMD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,KAAK,EAC9C,sBAA8C,EAC9C,OAAoB,EACE,EAAE;IACxB,IAAI,CAAC;QACH,0DAA0D;QAC1D,iEAAiE;QACjE,MAAM,OAAO,GAAG,IAAI,kCAAkC,CAAC,OAAO,CAAC,CAAC;QAChE,MAAM,kBAAkB,GAAG,MAAM,4BAA4B,CAAC,KAAK,CACjE;YACE,GAAG,sBAAsB;YACzB,WAAW,EAAE,sBAAsB,CAAC,WAAW;SAChD,EACD,OAAO,CACR,CAAC;QACF,6FAA6F;QAC7F,MAAM,eAAe,GACnB,MAAM,kBAAkB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAC1D,OAAO,eAAe,CAAC;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAC/C,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;IAClC,CAAC;AACH,CAAC,CAAC;AAEF,4CAA4C;AAC5C;;;;;;;GAOG;AACH,MAAM,SAAS,GAAG,KAAK,EACrB,UAA8B,EAC9B,OAAoB,EACe,EAAE;IACrC,MAAM,sBAAsB,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAE7D,sDAAsD;IACtD,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAC/C,sBAAsB,EACtB,OAAO,CACR,CAAC;IACF,MAAM,gCAAgC,GAAG,2BAA2B,CAClE,OAAO,CAAC,OAAO,CAAC,QAAQ,EACxB,sBAAsB,EACtB,OAAO,CAAC,MAAM,CACf,CAAC;IAEF,MAAM,mCAAmC,GAAG,8BAA8B,CACxE,OAAO,CAAC,OAAO,CAAC,QAAQ,EACxB,sBAAsB,CACvB,CAAC;IACF,MAAM,kBAAkB,GACtB,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,sBAAsB,CAAC,QAAQ,CAAC;IAC/D,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;QACpC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ;QAClC,kBAAkB;QAClB,oBAAoB,EAAE,oBAAoB,CAAC,OAAO,CAAC;QACnD,2BAA2B,EAAE,gCAAgC;QAC7D,8BAA8B,EAAE,mCAAmC;QACnE,GAAG,sBAAsB;KAC1B,CAAC,CAAC;IAEH,mDAAmD;IACnD,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,MAAM,eAAe,GAAG,qBAAqB,CAC3C,OAAO,EACP,sBAAsB,CACvB,CAAC;QAEF,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC;YAC7D,OAAO,eAAe,CAAC;QACzB,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,IAAI,gCAAgC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,sCAAsC;IACtC,IAAI,kBAAkB,EAAE,CAAC;QACvB,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAC1E,OAAO,SAAS,CAAC,CAAC,mCAAmC;IACvD,CAAC;IAED,uEAAuE;IACvE,IAAI,mCAAmC,EAAE,CAAC;QACxC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,mDAAmD;IACnD,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC3B,OAAO,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,sBAAsB,CAAC,CAAC;IAC7E,CAAC;IAED,uCAAuC;IACvC,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAC7D,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GACzB,CAAC,aAAiC,EAAE,EAAE,EAAE,CACxC,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACtD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,mEAAmE;IACnE,wEAAwE;IACxE,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;AAC7B,CAAC,CAAC;AAEJ;;;;;;;GAOG;AACH,sDAAsD;AACtD,MAAM,UAAU,QAAQ,CACtB,UAAsB;IAEtB,OAAO,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,IAAI,CAAC,aAAiC,EAAE;IACtD,OAAO,CACL,UAAsB,EAC6B,EAAE;QACrD,OAAO,KAAK,EAAE,OAAoB,EAAyB,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACtD,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YAE9B,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * logger.debug('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * logger.debug('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\nimport type {\n AuthConfigWithDefaults,\n OptionalAuthConfig,\n} from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthStorage, SessionData } from \"@/types.js\";\nimport {\n shouldAttemptRefresh,\n createRefreshResponse,\n shouldSkipAuthForSystemUrls,\n handleLoginUrl,\n shouldSkipAuthForRoutePatterns,\n handleUnauthenticatedUser,\n} from \"./utils.js\";\n\nconst logger = loggers.nextjs.middleware;\n\n/**\n * CookieStorage implementation for NextJS middleware context that works with NextRequest\n */\nclass NextjsReadOnlyRequestCookieStorage implements AuthStorage {\n constructor(private request: NextRequest) {}\n\n async get(key: string): Promise<string | null> {\n return this.request.cookies.get(key)?.value || null;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n async set(key: string, value: string): Promise<void> {\n // In middleware, we can only set cookies via response objects\n // This method can't be used directly in middleware\n logger.error(\"Cannot set cookies directly in middleware\");\n throw new Error(\"Cannot set cookies directly in middleware\");\n }\n\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n async delete(key: string): Promise<void> {\n // In middleware, we can only delete cookies via response objects\n // This method can't be used directly in middleware\n logger.error(\"Cannot delete cookies directly in middleware\");\n throw new Error(\"Cannot delete cookies directly in middleware\");\n }\n}\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n/**\n * use a ServerAuthenticationResolver to validate the existing session\n * using NextJS cookie storage\n * @param authConfigWithDefaults\n * @param request NextRequest object from middleware\n * @returns {Promise<SessionData>}\n */\nexport const validateAuthTokensIfPresent = async (\n authConfigWithDefaults: AuthConfigWithDefaults,\n request: NextRequest,\n): Promise<SessionData> => {\n try {\n // TODO: evaluate a more performant way to validate tokens\n // than having to call and verify the JWT tokens on every request\n const storage = new NextjsReadOnlyRequestCookieStorage(request);\n const authSessionService = await ServerAuthenticationResolver.build(\n {\n ...authConfigWithDefaults,\n redirectUrl: authConfigWithDefaults.callbackUrl,\n },\n storage,\n );\n // validate the existing session but don't auto-refresh as we can't set cookies in middleware\n const existingSession =\n await authSessionService.validateExistingSession(false);\n return existingSession;\n } catch (error) {\n logger.error(\"Error validating tokens\", error);\n return { authenticated: false };\n }\n};\n\n// internal - used by all exported functions\n/**\n * Core authentication middleware logic.\n *\n * The Authentication Story:\n * 1. Validate tokens to understand current authentication state\n * 2. Attempt token refresh if needed (the OAuth pipeline approach)\n * 3. Apply route-specific authentication rules based on final state\n */\nconst applyAuth = async (\n authConfig: OptionalAuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Step 1: Understand the current authentication state\n const session = await validateAuthTokensIfPresent(\n authConfigWithDefaults,\n request,\n );\n const shouldSkipAuthForSystemUrlsCheck = shouldSkipAuthForSystemUrls(\n request.nextUrl.pathname,\n authConfigWithDefaults,\n request.method,\n );\n\n const shouldSkipAuthForRoutePatternsCheck = shouldSkipAuthForRoutePatterns(\n request.nextUrl.pathname,\n authConfigWithDefaults,\n );\n const pathNameIsLoginUrl =\n request.nextUrl.pathname === authConfigWithDefaults.loginUrl;\n logger.debug(\"Authentication state:\", {\n authenticated: session.authenticated,\n pathName: request.nextUrl.pathname,\n pathNameIsLoginUrl,\n shouldAttemptRefresh: shouldAttemptRefresh(session),\n shouldSkipAuthForSystemUrls: shouldSkipAuthForSystemUrlsCheck,\n shouldSkipAuthForRoutePatterns: shouldSkipAuthForRoutePatternsCheck,\n ...authConfigWithDefaults,\n });\n\n // Attempt token refresh if needed (OAuth pipeline)\n if (shouldAttemptRefresh(session)) {\n const refreshResponse = createRefreshResponse(\n request,\n authConfigWithDefaults,\n );\n\n if (refreshResponse) {\n logger.debug(\"Handle refresh response\", refreshResponse.url);\n return refreshResponse;\n }\n }\n\n // Skip authentication for system URLs (callback, challenge, logout)\n if (shouldSkipAuthForSystemUrlsCheck) {\n return undefined;\n }\n\n // Handle login URL with special logic\n if (pathNameIsLoginUrl) {\n handleLoginUrl(request.nextUrl.pathname, session, authConfigWithDefaults);\n return undefined; // Always allow access to login URL\n }\n\n // Skip authentication for routes not matching include/exclude patterns\n if (shouldSkipAuthForRoutePatternsCheck) {\n return undefined;\n }\n\n // Handle unauthenticated users on protected routes\n if (!session.authenticated) {\n return handleUnauthenticatedUser(session, request, authConfigWithDefaults);\n }\n\n // Happy ending - authentication passed\n logger.debug(\"→ Authentication successful, allowing access\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig: OptionalAuthConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * logger.debug('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return auth()(middleware);\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * export default auth(authConfig: AuthConfig ) => {\n * logger.debug('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: OptionalAuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n return middleware(request);\n };\n };\n}\n"]}
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAK9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AAExF,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,cAAc,EACd,8BAA8B,EAC9B,yBAAyB,EACzB,gBAAgB,GACjB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,6BAA6B,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;AAMzC;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,KAAK,EAC9C,sBAA8C,EAC9C,OAAsC,EAChB,EAAE;IACxB,IAAI,CAAC;QACH,MAAM,kBAAkB,GAAG,MAAM,4BAA4B,CAAC,KAAK,CACjE;YACE,GAAG,sBAAsB;YACzB,WAAW,EAAE,sBAAsB,CAAC,WAAW;SAChD,EACD,OAAO,CACR,CAAC;QACF,8FAA8F;QAC9F,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,uBAAuB,EAAE,CAAC;QAC3E,OAAO,eAAe,CAAC;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAC/C,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;IAClC,CAAC;AACH,CAAC,CAAC;AAEF,4CAA4C;AAC5C;;;;;;;GAOG;AACH,MAAM,SAAS,GAAG,KAAK,EACrB,UAA8B,EAC9B,OAAoB,EACe,EAAE;IACrC,MAAM,sBAAsB,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC7D,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG;QACnB,GAAG,sBAAsB,EAAE,OAAO,EAAE,MAAM;QAC1C,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,sBAAsB,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE;KAChE,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE;QAChC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ;QAClC,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,IAAI,6BAA6B,CAC/C,YAAY,EACZ,OAAO,EACP,QAAQ,CACT,CAAC;IACF,6CAA6C;IAC7C,MAAM,gCAAgC,GAAG,2BAA2B,CAClE,OAAO,CAAC,OAAO,CAAC,QAAQ,EACxB,sBAAsB,CACvB,CAAC;IAEF,oEAAoE;IACpE,mEAAmE;IACnE,qEAAqE;IACrE,IAAI,gCAAgC,EAAE,CAAC;QACrC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,sDAAsD;IACtD,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAC/C,sBAAsB,EACtB,OAAO,CACR,CAAC;IAEF,MAAM,mCAAmC,GAAG,8BAA8B,CACxE,OAAO,CAAC,OAAO,CAAC,QAAQ,EACxB,sBAAsB,CACvB,CAAC;IACF,MAAM,kBAAkB,GACtB,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,sBAAsB,CAAC,QAAQ,CAAC;IAC/D,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;QACpC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ;QAClC,kBAAkB;QAClB,oBAAoB,EAAE,oBAAoB,CAAC,OAAO,CAAC;QACnD,2BAA2B,EAAE,gCAAgC;QAC7D,8BAA8B,EAAE,mCAAmC;KACpE,CAAC,CAAC;IAEH,gHAAgH;IAChH,IAAI,kBAAkB,EAAE,CAAC;QACvB,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAC1E,OAAO,QAAQ,CAAC,CAAC,mCAAmC;IACtD,CAAC;IAED,uEAAuE;IACvE,IAAI,mCAAmC,EAAE,CAAC;QACxC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,mDAAmD;IACnD,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC3B,OAAO,yBAAyB,CAC9B,OAAO,EACP,OAAO,EACP,QAAQ,EACR,OAAO,EACP,sBAAsB,CACvB,CAAC;IACJ,CAAC;IAED,uCAAuC;IACvC,MAAM,CAAC,KAAK,CAAC,iDAAiD,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC9E,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GACzB,CAAC,aAAiC,EAAE,EAAE,EAAE,CACxC,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACtD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,mEAAmE;IACnE,wEAAwE;IACxE,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;AAC7B,CAAC,CAAC;AAEJ;;;;;;;GAOG;AACH,sDAAsD;AACtD,MAAM,UAAU,QAAQ,CACtB,UAAsB;IAEtB,OAAO,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,QAAuB,EAAE,EAAE,CACrD,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC;AAEtC;;;;;;;;;;GAUG;AACH,MAAM,UAAU,IAAI,CAAC,aAAiC,EAAE;IACtD,OAAO,CACL,UAAsB,EAC6B,EAAE;QACrD,OAAO,KAAK,EAAE,OAAoB,EAAyB,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACtD,4EAA4E;YAC5E,6EAA6E;YAC7E,IAAI,QAAQ,IAAI,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,CACV,0CAA0C,EAC1C,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CACjC,CAAC;gBACF,OAAO,QAAQ,CAAC;YAClB,CAAC;YACD,uDAAuD;YACvD,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACtC,CAAC;YACD,MAAM,kBAAkB,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YAErD,iEAAiE;YACjE,6DAA6D;YAC7D,0BAA0B;YAC1B,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;YACjD,CAAC;YACD,OAAO,kBAAkB,CAAC;QAC5B,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * logger.debug('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * logger.debug('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\nimport type {\n AuthConfigWithDefaults,\n OptionalAuthConfig,\n} from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { SessionData } from \"@/types.js\";\nimport {\n shouldAttemptRefresh,\n shouldSkipAuthForSystemUrls,\n handleLoginUrl,\n shouldSkipAuthForRoutePatterns,\n handleUnauthenticatedUser,\n copyCivicCookies,\n} from \"./utils.js\";\nimport { NextjsMiddlewareCookieStorage } from \"./utils.js\";\nimport { UserStorage } from \"@/shared/lib/types.js\";\n\nconst logger = loggers.nextjs.middleware;\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n/**\n * use a ServerAuthenticationResolver to validate the existing session\n * using NextJS cookie storage\n * @param authConfigWithDefaults\n * @param request NextRequest object from middleware\n * @returns {Promise<SessionData>}\n */\nexport const validateAuthTokensIfPresent = async (\n authConfigWithDefaults: AuthConfigWithDefaults,\n storage: NextjsMiddlewareCookieStorage,\n): Promise<SessionData> => {\n try {\n const authSessionService = await ServerAuthenticationResolver.build(\n {\n ...authConfigWithDefaults,\n redirectUrl: authConfigWithDefaults.callbackUrl,\n },\n storage,\n );\n // validate the existing session and rehydrate and update cookies to the response if necessary\n const existingSession = await authSessionService.validateExistingSession();\n return existingSession;\n } catch (error) {\n logger.error(\"Error validating tokens\", error);\n return { authenticated: false };\n }\n};\n\n// internal - used by all exported functions\n/**\n * Core authentication middleware logic.\n *\n * The Authentication Story:\n * 1. Validate tokens to understand current authentication state\n * 2. Attempt token refresh if needed (the OAuth pipeline approach)\n * 3. Apply route-specific authentication rules based on final state\n */\nconst applyAuth = async (\n authConfig: OptionalAuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n const response = NextResponse.next();\n const cookieConfig = {\n ...authConfigWithDefaults?.cookies?.tokens,\n [UserStorage.USER]: authConfigWithDefaults?.cookies?.user || {},\n };\n logger.debug(\"Incoming request:\", {\n pathName: request.nextUrl.pathname,\n method: request.method,\n });\n const storage = new NextjsMiddlewareCookieStorage(\n cookieConfig,\n request,\n response,\n );\n // check if the incoming path is a system URL\n const shouldSkipAuthForSystemUrlsCheck = shouldSkipAuthForSystemUrls(\n request.nextUrl.pathname,\n authConfigWithDefaults,\n );\n\n // Skip authentication for system URLs (callback, challenge, logout)\n // we don't want to validate the session in this case as this would\n // auto-hydrate and potential conflict with the logic of the api call\n if (shouldSkipAuthForSystemUrlsCheck) {\n return response;\n }\n\n // Step 1: Understand the current authentication state\n const session = await validateAuthTokensIfPresent(\n authConfigWithDefaults,\n storage,\n );\n\n const shouldSkipAuthForRoutePatternsCheck = shouldSkipAuthForRoutePatterns(\n request.nextUrl.pathname,\n authConfigWithDefaults,\n );\n const pathNameIsLoginUrl =\n request.nextUrl.pathname === authConfigWithDefaults.loginUrl;\n logger.debug(\"Authentication state:\", {\n authenticated: session.authenticated,\n pathName: request.nextUrl.pathname,\n pathNameIsLoginUrl,\n shouldAttemptRefresh: shouldAttemptRefresh(session),\n shouldSkipAuthForSystemUrls: shouldSkipAuthForSystemUrlsCheck,\n shouldSkipAuthForRoutePatterns: shouldSkipAuthForRoutePatternsCheck,\n });\n\n // Step 2: Attempt token refresh if needed (the OAuth pipeline approach) // Handle login URL with special logic\n if (pathNameIsLoginUrl) {\n handleLoginUrl(request.nextUrl.pathname, session, authConfigWithDefaults);\n return response; // Always allow access to login URL\n }\n\n // Skip authentication for routes not matching include/exclude patterns\n if (shouldSkipAuthForRoutePatternsCheck) {\n return response;\n }\n\n // Handle unauthenticated users on protected routes\n if (!session.authenticated) {\n return handleUnauthenticatedUser(\n session,\n request,\n response,\n storage,\n authConfigWithDefaults,\n );\n }\n\n // Happy ending - authentication passed\n logger.debug(\"→ Authentication successful, allowing access to\", response.url);\n return response;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig: OptionalAuthConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * logger.debug('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return auth()(middleware);\n}\n\nconst isRedirectResponse = (response?: NextResponse) =>\n response && response.status === 307;\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * export default auth(authConfig: AuthConfig ) => {\n * logger.debug('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: OptionalAuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n // if the response is redirected it means that the user is not authenticated\n // so we skip the rest of the custom middleware to redirect to the login page\n if (response && isRedirectResponse(response)) {\n logger.debug(\n \"User is unauthenticated, redirecting to \",\n response.headers.get(\"location\"),\n );\n return response;\n }\n // ensure requests get the cookies in case of redirects\n if (response) {\n copyCivicCookies(response, request);\n }\n const middlewareResponse = await middleware(request);\n\n // we need to ensure that the civic cookies that were potentially\n // added by CivicAuth are set on the final response after all\n // middleware has been run\n if (response) {\n copyCivicCookies(response, middlewareResponse);\n }\n return middlewareResponse;\n };\n };\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAGrE,KAAK,0BAA0B,GAAG,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AAGtE,wBAAsB,qBAAqB,CAAC,EAC1C,QAAQ,EACR,GAAG,KAAK,EACT,EAAE,0BAA0B,GAAG;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,
|
|
1
|
+
{"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAGrE,KAAK,0BAA0B,GAAG,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AAGtE,wBAAsB,qBAAqB,CAAC,EAC1C,QAAQ,EACR,GAAG,KAAK,EACT,EAAE,0BAA0B,GAAG;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,oDAwBA;AAGD,YAAY,EAAE,0BAA0B,EAAE,CAAC"}
|
|
@@ -1,20 +1,23 @@
|
|
|
1
1
|
import { jsx as _jsx } from "react/jsx-runtime";
|
|
2
2
|
/** @jsxImportSource react */
|
|
3
3
|
import React from "react";
|
|
4
|
-
import { getUser } from "../../nextjs/index.js";
|
|
4
|
+
import { getUser, getTokens } from "../../nextjs/index.js";
|
|
5
5
|
import { CivicNextAuthProviderClient } from "./NextAuthProviderClient.js";
|
|
6
6
|
// Server component that reads user data and passes it to client component
|
|
7
7
|
export async function CivicNextAuthProvider({ children, ...props }) {
|
|
8
|
-
// Read user data server-side to prevent hydration mismatch
|
|
8
|
+
// Read user data and tokens server-side to prevent hydration mismatch
|
|
9
9
|
let serverUser = null;
|
|
10
|
+
let serverTokens = null;
|
|
10
11
|
try {
|
|
11
12
|
serverUser = await getUser();
|
|
13
|
+
serverTokens = await getTokens();
|
|
12
14
|
}
|
|
13
15
|
catch (error) {
|
|
14
|
-
// If server-side
|
|
15
|
-
console.warn("Failed to read user server-side:", error);
|
|
16
|
+
// If server-side reading fails, just use null
|
|
17
|
+
console.warn("Failed to read user/tokens server-side:", error);
|
|
16
18
|
serverUser = null;
|
|
19
|
+
serverTokens = null;
|
|
17
20
|
}
|
|
18
|
-
return (_jsx(CivicNextAuthProviderClient, { serverUser: serverUser, ...props, children: children }));
|
|
21
|
+
return (_jsx(CivicNextAuthProviderClient, { serverUser: serverUser, serverTokens: serverTokens, ...props, children: children }));
|
|
19
22
|
}
|
|
20
23
|
//# sourceMappingURL=NextAuthProvider.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NextAuthProvider.js","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":";AAAA,6BAA6B;AAC7B,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"NextAuthProvider.js","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":";AAAA,6BAA6B;AAC7B,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAGvD,OAAO,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC;AAI1E,0EAA0E;AAC1E,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,EAC1C,QAAQ,EACR,GAAG,KAAK,EAIT;IACC,sEAAsE;IACtE,IAAI,UAAU,GAAgB,IAAI,CAAC;IACnC,IAAI,YAAY,GAAuB,IAAI,CAAC;IAE5C,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,OAAO,EAAE,CAAC;QAC7B,YAAY,GAAG,MAAM,SAAS,EAAE,CAAC;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,8CAA8C;QAC9C,OAAO,CAAC,IAAI,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;QAC/D,UAAU,GAAG,IAAI,CAAC;QAClB,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;IAED,OAAO,CACL,KAAC,2BAA2B,IAC1B,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,YAAY,KACtB,KAAK,YAER,QAAQ,GACmB,CAC/B,CAAC;AACJ,CAAC","sourcesContent":["/** @jsxImportSource react */\nimport React from \"react\";\nimport { getUser, getTokens } from \"@/nextjs/index.js\";\nimport type { User, OAuthTokens } from \"@/types.js\";\nimport type { AuthProviderProps } from \"@/shared/providers/types.js\";\nimport { CivicNextAuthProviderClient } from \"./NextAuthProviderClient.js\";\n\ntype NextCivicAuthProviderProps = Omit<AuthProviderProps, \"clientId\">;\n\n// Server component that reads user data and passes it to client component\nexport async function CivicNextAuthProvider({\n children,\n ...props\n}: NextCivicAuthProviderProps & {\n redirectOnLogin?: string;\n redirectOnLogout?: string;\n}) {\n // Read user data and tokens server-side to prevent hydration mismatch\n let serverUser: User | null = null;\n let serverTokens: OAuthTokens | null = null;\n\n try {\n serverUser = await getUser();\n serverTokens = await getTokens();\n } catch (error) {\n // If server-side reading fails, just use null\n console.warn(\"Failed to read user/tokens server-side:\", error);\n serverUser = null;\n serverTokens = null;\n }\n\n return (\n <CivicNextAuthProviderClient\n serverUser={serverUser}\n serverTokens={serverTokens}\n {...props}\n >\n {children}\n </CivicNextAuthProviderClient>\n );\n}\n\n// Export the type for external use\nexport type { NextCivicAuthProviderProps };\n"]}
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import type { AuthProviderProps } from "../../shared/providers/types.js";
|
|
2
|
-
import type { User } from "../../types.js";
|
|
2
|
+
import type { User, OAuthTokens } from "../../types.js";
|
|
3
3
|
type NextCivicAuthProviderProps = Omit<AuthProviderProps, "clientId">;
|
|
4
4
|
export interface CivicNextAuthProviderClientProps extends NextCivicAuthProviderProps {
|
|
5
5
|
serverUser: User | null;
|
|
6
|
+
serverTokens: OAuthTokens | null;
|
|
6
7
|
redirectOnLogin?: string;
|
|
7
8
|
redirectOnLogout?: string;
|
|
8
9
|
}
|
|
9
|
-
export declare const CivicNextAuthProviderClient: ({ children, serverUser, ...props }: CivicNextAuthProviderClientProps) => import("react/jsx-runtime").JSX.Element;
|
|
10
|
+
export declare const CivicNextAuthProviderClient: ({ children, serverUser, serverTokens, ...props }: CivicNextAuthProviderClientProps) => import("react/jsx-runtime").JSX.Element;
|
|
10
11
|
export {};
|
|
11
12
|
//# sourceMappingURL=NextAuthProviderClient.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NextAuthProviderClient.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProviderClient.tsx"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"NextAuthProviderClient.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProviderClient.tsx"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGpD,KAAK,0BAA0B,GAAG,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AAEtE,MAAM,WAAW,gCACf,SAAQ,0BAA0B;IAClC,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,YAAY,EAAE,WAAW,GAAG,IAAI,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAID,eAAO,MAAM,2BAA2B,qDAKrC,gCAAgC,4CAgFlC,CAAC"}
|
|
@@ -13,14 +13,14 @@ import { useInitialAuthConfig } from "../../nextjs/hooks/useInitialAuthConfig.js
|
|
|
13
13
|
import { useEffect } from "react";
|
|
14
14
|
import { useRouter } from "next/navigation.js";
|
|
15
15
|
// Context to provide server user data immediately to useUser hook
|
|
16
|
-
export const CivicNextAuthProviderClient = ({ children, serverUser, ...props }) => {
|
|
16
|
+
export const CivicNextAuthProviderClient = ({ children, serverUser, serverTokens, ...props }) => {
|
|
17
17
|
const router = useRouter();
|
|
18
18
|
const resolvedConfig = resolveAuthConfig();
|
|
19
19
|
const { clientId, oauthServer, loginSuccessUrl, challengeUrl, refreshUrl, logoutCallbackUrl, } = resolvedConfig;
|
|
20
20
|
// Initialize GlobalAuthManager synchronously with server user data
|
|
21
21
|
// This ensures the server user is available immediately when useUser() is called
|
|
22
22
|
const { initialConfig } = useInitialAuthConfig({
|
|
23
|
-
displayMode: props.displayMode,
|
|
23
|
+
displayMode: props.displayMode || "iframe",
|
|
24
24
|
iframeMode: props.iframeMode,
|
|
25
25
|
serverUser: serverUser,
|
|
26
26
|
nonce: props.nonce,
|
|
@@ -57,6 +57,6 @@ export const CivicNextAuthProviderClient = ({ children, serverUser, ...props })
|
|
|
57
57
|
};
|
|
58
58
|
initialize();
|
|
59
59
|
}, [initialConfig, router]);
|
|
60
|
-
return (_jsx(ServerUserContext.Provider, { value: serverUser, children: _jsx(CivicAuthConfigProvider, { oauthServer: oauthServer, clientId: clientId, loginSuccessUrl: loginSuccessUrl, logoutRedirectUrl: logoutCallbackUrl, nonce: props?.nonce, challengeUrl: challengeUrl, refreshUrl: refreshUrl, displayMode: props.displayMode, autoRedirect: resolvedConfig.autoRedirect, framework: "nextjs", children: _jsx(AuthStatusProvider, { children: children }) }) }));
|
|
60
|
+
return (_jsx(ServerUserContext.Provider, { value: { user: serverUser, tokens: serverTokens }, children: _jsx(CivicAuthConfigProvider, { oauthServer: oauthServer, clientId: clientId, loginSuccessUrl: loginSuccessUrl, logoutRedirectUrl: logoutCallbackUrl, nonce: props?.nonce, challengeUrl: challengeUrl, refreshUrl: refreshUrl, displayMode: props.displayMode, autoRedirect: resolvedConfig.autoRedirect, framework: "nextjs", children: _jsx(AuthStatusProvider, { children: children }) }) }));
|
|
61
61
|
};
|
|
62
62
|
//# sourceMappingURL=NextAuthProviderClient.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NextAuthProviderClient.js","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProviderClient.tsx"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,YAAY,CAAC;;AAEb;;GAEG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,8CAA8C,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAE9E,OAAO,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"NextAuthProviderClient.js","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProviderClient.tsx"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,YAAY,CAAC;;AAEb;;GAEG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,8CAA8C,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAE9E,OAAO,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAY/C,kEAAkE;AAElE,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,EAC1C,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,GAAG,KAAK,EACyB,EAAE,EAAE;IACrC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;IAC3C,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,eAAe,EACf,YAAY,EACZ,UAAU,EACV,iBAAiB,GAClB,GAAG,cAAc,CAAC;IAEnB,mEAAmE;IACnE,iFAAiF;IACjF,MAAM,EAAE,aAAa,EAAE,GAAG,oBAAoB,CAAC;QAC7C,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,QAAQ;QAC1C,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU,EAAE,UAAU;QACtB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;QACpD,WAAW,EAAE,WAAW;QACxB,eAAe,EAAE,eAAe;QAChC,WAAW,EAAE,CAAC,GAAW,EAAE,MAAe,EAAE,EAAE;YAC5C,sCAAsC;YACtC,QAAQ,MAAM,EAAE,CAAC;gBACf,KAAK,OAAO;oBACV,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,EAAE,CAAC,CAAC;oBAClE,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC;oBAC3B,MAAM;gBACR,KAAK,WAAW;oBACd,OAAO,CAAC,GAAG,CAAC,0CAA0C,GAAG,EAAE,CAAC,CAAC;oBAC7D,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC;oBAC3B,MAAM;gBACR;oBACE,OAAO,CAAC,GAAG,CACT,qCAAqC,GAAG,aAAa,MAAM,IAAI,SAAS,GAAG,CAC5E,CAAC;oBACF,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,oDAAoD;IACpD,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE;YAC5B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;gBAEhD,MAAM,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CACX,uDAAuD,EACvD,KAAK,CACN,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;QAEF,UAAU,EAAE,CAAC;IACf,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;IAE5B,OAAO,CACL,KAAC,iBAAiB,CAAC,QAAQ,IACzB,KAAK,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,YAEjD,KAAC,uBAAuB,IACtB,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,QAAQ,EAClB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,iBAAiB,EACpC,KAAK,EAAE,KAAK,EAAE,KAAK,EACnB,YAAY,EAAE,YAAY,EAC1B,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,KAAK,CAAC,WAAW,EAC9B,YAAY,EAAE,cAAc,CAAC,YAAY,EACzC,SAAS,EAAC,QAAQ,YAElB,KAAC,kBAAkB,cAAE,QAAQ,GAAsB,GAC3B,GACC,CAC9B,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/** @jsxImportSource react */\n\"use client\";\n\n/**\n * Client component for NextAuth provider that receives server-provided user data\n */\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { GlobalAuthManager } from \"@/reactjs/core/GlobalAuthManager.js\";\nimport { AuthStatusProvider } from \"@/shared/providers/AuthStatusContext.js\";\nimport { CivicAuthConfigProvider } from \"@/shared/providers/CivicAuthConfigContext.js\";\nimport { ServerUserContext } from \"./ServerUserContext.js\";\nimport { useInitialAuthConfig } from \"@/nextjs/hooks/useInitialAuthConfig.js\";\nimport type { AuthProviderProps } from \"@/shared/providers/types.js\";\nimport { useEffect } from \"react\";\nimport type { User, OAuthTokens } from \"@/types.js\";\nimport { useRouter } from \"next/navigation.js\";\n\ntype NextCivicAuthProviderProps = Omit<AuthProviderProps, \"clientId\">;\n\nexport interface CivicNextAuthProviderClientProps\n extends NextCivicAuthProviderProps {\n serverUser: User | null;\n serverTokens: OAuthTokens | null;\n redirectOnLogin?: string;\n redirectOnLogout?: string;\n}\n\n// Context to provide server user data immediately to useUser hook\n\nexport const CivicNextAuthProviderClient = ({\n children,\n serverUser,\n serverTokens,\n ...props\n}: CivicNextAuthProviderClientProps) => {\n const router = useRouter();\n const resolvedConfig = resolveAuthConfig();\n const {\n clientId,\n oauthServer,\n loginSuccessUrl,\n challengeUrl,\n refreshUrl,\n logoutCallbackUrl,\n } = resolvedConfig;\n\n // Initialize GlobalAuthManager synchronously with server user data\n // This ensures the server user is available immediately when useUser() is called\n const { initialConfig } = useInitialAuthConfig({\n displayMode: props.displayMode || \"iframe\",\n iframeMode: props.iframeMode,\n serverUser: serverUser,\n nonce: props.nonce,\n targetContainerElement: props.targetContainerElement,\n oauthServer: oauthServer,\n loginSuccessUrl: loginSuccessUrl,\n onUrlChange: (url: string, source?: string) => {\n // Handle different URL change sources\n switch (source) {\n case \"login\":\n console.log(`[NextAuthProvider] Authentication redirect: ${url}`);\n window.location.href = url;\n break;\n case \"login_app\":\n console.log(`[NextAuthProvider] Login app redirect: ${url}`);\n window.location.href = url;\n break;\n default:\n console.log(\n `[NextAuthProvider] Navigating to: ${url} (source: ${source || \"unknown\"})`,\n );\n router.push(url);\n }\n },\n });\n\n // Initialize auth manager with server-provided data\n useEffect(() => {\n const initialize = async () => {\n try {\n const manager = GlobalAuthManager.getInstance();\n\n await manager.initialize(initialConfig);\n } catch (error) {\n console.error(\n \"[NextAuthProvider] Failed to initialize auth manager:\",\n error,\n );\n }\n };\n\n initialize();\n }, [initialConfig, router]);\n\n return (\n <ServerUserContext.Provider\n value={{ user: serverUser, tokens: serverTokens }}\n >\n <CivicAuthConfigProvider\n oauthServer={oauthServer}\n clientId={clientId}\n loginSuccessUrl={loginSuccessUrl}\n logoutRedirectUrl={logoutCallbackUrl}\n nonce={props?.nonce}\n challengeUrl={challengeUrl}\n refreshUrl={refreshUrl}\n displayMode={props.displayMode}\n autoRedirect={resolvedConfig.autoRedirect}\n framework=\"nextjs\"\n >\n <AuthStatusProvider>{children}</AuthStatusProvider>\n </CivicAuthConfigProvider>\n </ServerUserContext.Provider>\n );\n};\n"]}
|
|
@@ -1,2 +1,7 @@
|
|
|
1
|
-
|
|
1
|
+
import type { User, OAuthTokens } from "../../types.js";
|
|
2
|
+
export interface ServerAuthData {
|
|
3
|
+
user: User | null;
|
|
4
|
+
tokens: OAuthTokens | null;
|
|
5
|
+
}
|
|
6
|
+
export declare const ServerUserContext: import("react").Context<ServerAuthData | null>;
|
|
2
7
|
//# sourceMappingURL=ServerUserContext.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ServerUserContext.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/ServerUserContext.tsx"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"ServerUserContext.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/ServerUserContext.tsx"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEpD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,MAAM,EAAE,WAAW,GAAG,IAAI,CAAC;CAC5B;AAED,eAAO,MAAM,iBAAiB,gDAA6C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ServerUserContext.js","sourceRoot":"","sources":["../../../src/nextjs/providers/ServerUserContext.tsx"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,YAAY,CAAC;AAEb,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"ServerUserContext.js","sourceRoot":"","sources":["../../../src/nextjs/providers/ServerUserContext.tsx"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,YAAY,CAAC;AAEb,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAQtC,MAAM,CAAC,MAAM,iBAAiB,GAAG,aAAa,CAAwB,IAAI,CAAC,CAAC","sourcesContent":["/** @jsxImportSource react */\n\"use client\";\n\nimport { createContext } from \"react\";\nimport type { User, OAuthTokens } from \"@/types.js\";\n\nexport interface ServerAuthData {\n user: User | null;\n tokens: OAuthTokens | null;\n}\n\nexport const ServerUserContext = createContext<ServerAuthData | null>(null);\n"]}
|
|
@@ -13,6 +13,9 @@ export declare function handleLogoutCallback(request: NextRequest, config: AuthC
|
|
|
13
13
|
* export const GET = handler({
|
|
14
14
|
* // optional config overrides
|
|
15
15
|
* })
|
|
16
|
+
* export const POST = handler({
|
|
17
|
+
* // optional config overrides
|
|
18
|
+
* })
|
|
16
19
|
* ```
|
|
17
20
|
*/
|
|
18
21
|
export declare const handler: (authConfig?: {}) => (request: NextRequest) => Promise<NextResponse>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAKrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAKrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA0Q9C,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CA2EvB;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CA4DvB;AAED;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,OAAO,iCAEF,WAAW,KAAG,OAAO,CAAC,YAAY,CAqCjD,CAAC"}
|