@clerk/nextjs 6.37.1 → 6.37.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/server/constants.js +1 -1
- package/dist/cjs/server/createClerkClient.js +1 -1
- package/dist/cjs/server/data/getAuthDataFromRequest.js +1 -1
- package/dist/cjs/server/data/getAuthDataFromRequest.js.map +1 -1
- package/dist/cjs/utils/debugLogger.js +1 -1
- package/dist/esm/server/constants.js +1 -1
- package/dist/esm/server/createClerkClient.js +1 -1
- package/dist/esm/server/data/getAuthDataFromRequest.js +2 -2
- package/dist/esm/server/data/getAuthDataFromRequest.js.map +1 -1
- package/dist/esm/utils/debugLogger.js +1 -1
- package/dist/types/server/errorThrower.d.ts +1 -1
- package/package.json +2 -2
|
@@ -54,7 +54,7 @@ const SIGN_IN_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || "";
|
|
|
54
54
|
const SIGN_UP_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || "";
|
|
55
55
|
const SDK_METADATA = {
|
|
56
56
|
name: "@clerk/nextjs",
|
|
57
|
-
version: "6.37.
|
|
57
|
+
version: "6.37.2",
|
|
58
58
|
environment: process.env.NODE_ENV
|
|
59
59
|
};
|
|
60
60
|
const TELEMETRY_DISABLED = (0, import_underscore.isTruthy)(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DISABLED);
|
|
@@ -28,7 +28,7 @@ const clerkClientDefaultOptions = {
|
|
|
28
28
|
publishableKey: import_constants.PUBLISHABLE_KEY,
|
|
29
29
|
apiUrl: import_constants.API_URL,
|
|
30
30
|
apiVersion: import_constants.API_VERSION,
|
|
31
|
-
userAgent: `${"@clerk/nextjs"}@${"6.37.
|
|
31
|
+
userAgent: `${"@clerk/nextjs"}@${"6.37.2"}`,
|
|
32
32
|
proxyUrl: import_constants.PROXY_URL,
|
|
33
33
|
domain: import_constants.DOMAIN,
|
|
34
34
|
isSatellite: import_constants.IS_SATELLITE,
|
|
@@ -93,7 +93,7 @@ const getAuthDataFromRequest = (req, opts = {}) => {
|
|
|
93
93
|
return getSessionAuthDataFromRequest(req, opts);
|
|
94
94
|
};
|
|
95
95
|
const handleMachineToken = (bearerToken, rawAuthObject, acceptsToken, options) => {
|
|
96
|
-
const hasMachineToken = bearerToken && (0, import_internal.
|
|
96
|
+
const hasMachineToken = bearerToken && (0, import_internal.isMachineToken)(bearerToken);
|
|
97
97
|
const acceptsOnlySessionToken = acceptsToken === import_internal.TokenType.SessionToken || Array.isArray(acceptsToken) && acceptsToken.length === 1 && acceptsToken[0] === import_internal.TokenType.SessionToken;
|
|
98
98
|
if (hasMachineToken && rawAuthObject && !acceptsOnlySessionToken) {
|
|
99
99
|
const authObject = (0, import_internal.getAuthObjectForAcceptedToken)({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject, MachineAuthObject } from '@clerk/backend';\nimport type {\n AuthenticateRequestOptions,\n MachineTokenType,\n SignedInAuthObject,\n SignedOutAuthObject,\n} from '@clerk/backend/internal';\nimport {\n AuthStatus,\n constants,\n getAuthObjectForAcceptedToken,\n getAuthObjectFromJwt,\n invalidTokenAuthObject,\n
|
|
1
|
+
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject, MachineAuthObject } from '@clerk/backend';\nimport type {\n AuthenticateRequestOptions,\n MachineTokenType,\n SignedInAuthObject,\n SignedOutAuthObject,\n} from '@clerk/backend/internal';\nimport {\n AuthStatus,\n constants,\n getAuthObjectForAcceptedToken,\n getAuthObjectFromJwt,\n invalidTokenAuthObject,\n isMachineToken,\n isTokenTypeAccepted,\n signedOutAuthObject,\n TokenType,\n} from '@clerk/backend/internal';\nimport { decodeJwt } from '@clerk/backend/jwt';\nimport type { PendingSessionOptions } from '@clerk/types';\n\nimport type { LoggerNoCommit } from '../../utils/debugLogger';\nimport { API_URL, API_VERSION, PUBLISHABLE_KEY, SECRET_KEY } from '../constants';\nimport { getAuthKeyFromRequest, getHeader } from '../headers-utils';\nimport type { RequestLike } from '../types';\nimport { assertTokenSignature, decryptClerkRequestData } from '../utils';\n\nexport type GetAuthDataFromRequestOptions = {\n secretKey?: string;\n logger?: LoggerNoCommit;\n acceptsToken?: AuthenticateRequestOptions['acceptsToken'];\n} & PendingSessionOptions;\n\n/**\n * Extracts auth headers from the request\n */\nconst getAuthHeaders = (req: RequestLike) => {\n return {\n authStatus: getAuthKeyFromRequest(req, 'AuthStatus'),\n authToken: getAuthKeyFromRequest(req, 'AuthToken'),\n authMessage: getAuthKeyFromRequest(req, 'AuthMessage'),\n authReason: getAuthKeyFromRequest(req, 'AuthReason'),\n authSignature: getAuthKeyFromRequest(req, 'AuthSignature'),\n };\n};\n\n/**\n * Creates auth options object with fallbacks from encrypted request data\n */\nconst createAuthOptions = (req: RequestLike, opts: GetAuthDataFromRequestOptions, treatPendingAsSignedOut = true) => {\n const encryptedRequestData = getHeader(req, constants.Headers.ClerkRequestData);\n const decryptedRequestData = decryptClerkRequestData(encryptedRequestData);\n\n return {\n secretKey: opts?.secretKey || decryptedRequestData.secretKey || SECRET_KEY,\n publishableKey: decryptedRequestData.publishableKey || PUBLISHABLE_KEY,\n apiUrl: API_URL,\n apiVersion: API_VERSION,\n authStatus: getAuthKeyFromRequest(req, 'AuthStatus'),\n authMessage: getAuthKeyFromRequest(req, 'AuthMessage'),\n authReason: getAuthKeyFromRequest(req, 'AuthReason'),\n treatPendingAsSignedOut,\n };\n};\n\n/**\n * Given a request object, builds an auth object from the request data. Used in server-side environments to get access\n * to auth data for a given request.\n */\nexport const getSessionAuthDataFromRequest = (\n req: RequestLike,\n { treatPendingAsSignedOut = true, ...opts }: GetAuthDataFromRequestOptions = {},\n): SignedInAuthObject | SignedOutAuthObject => {\n const { authStatus, authMessage, authReason, authToken, authSignature } = getAuthHeaders(req);\n\n opts.logger?.debug('headers', { authStatus, authMessage, authReason });\n\n const options = createAuthOptions(req, opts, treatPendingAsSignedOut);\n\n // Only accept session tokens in this function.\n // Machine tokens are not supported and will result in a signed-out state.\n if (!isTokenTypeAccepted(TokenType.SessionToken, opts.acceptsToken || TokenType.SessionToken)) {\n return signedOutAuthObject(options);\n }\n\n let authObject;\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n authObject = signedOutAuthObject(options);\n } else {\n assertTokenSignature(authToken as string, options.secretKey, authSignature);\n\n const jwt = decodeJwt(authToken as string);\n\n opts.logger?.debug('jwt', jwt.raw);\n\n return getAuthObjectFromJwt(jwt, options);\n }\n\n return authObject;\n};\n\n/**\n * Given a request object, builds an auth object from the request data. Used in server-side environments to get access\n * to auth data for a given request.\n *\n * This function handles both session tokens and machine tokens:\n * - Session tokens: Decoded from JWT and validated\n * - Machine tokens: Retrieved from encrypted request data (x-clerk-request-data header)\n */\nexport const getAuthDataFromRequest = (req: RequestLike, opts: GetAuthDataFromRequestOptions = {}): AuthObject => {\n const { authStatus, authMessage, authReason } = getAuthHeaders(req);\n opts.logger?.debug('headers', { authStatus, authMessage, authReason });\n\n const encryptedRequestData = getHeader(req, constants.Headers.ClerkRequestData);\n const decryptedRequestData = decryptClerkRequestData(encryptedRequestData);\n\n const bearerToken = getHeader(req, constants.Headers.Authorization)?.replace('Bearer ', '');\n const acceptsToken = opts.acceptsToken || TokenType.SessionToken;\n\n const options = createAuthOptions(req, opts);\n\n // Handle machine tokens first (from encrypted request data)\n // Machine tokens are passed via x-clerk-request-data header from middleware\n const machineAuthObject = handleMachineToken(\n bearerToken,\n decryptedRequestData.machineAuthObject,\n acceptsToken,\n options,\n );\n if (machineAuthObject) {\n return machineAuthObject;\n }\n\n // If a random token is present and acceptsToken is an array that does NOT include session_token,\n // return invalid token auth object.\n if (bearerToken && Array.isArray(acceptsToken) && !acceptsToken.includes(TokenType.SessionToken)) {\n return invalidTokenAuthObject();\n }\n\n // Fallback to session logic for all other cases\n return getSessionAuthDataFromRequest(req, opts);\n};\n\nconst handleMachineToken = (\n bearerToken: string | undefined,\n rawAuthObject: AuthObject | undefined,\n acceptsToken: NonNullable<AuthenticateRequestOptions['acceptsToken']>,\n options: Record<string, any>,\n): MachineAuthObject<MachineTokenType> | null => {\n const hasMachineToken = bearerToken && isMachineToken(bearerToken);\n\n const acceptsOnlySessionToken =\n acceptsToken === TokenType.SessionToken ||\n (Array.isArray(acceptsToken) && acceptsToken.length === 1 && acceptsToken[0] === TokenType.SessionToken);\n\n if (hasMachineToken && rawAuthObject && !acceptsOnlySessionToken) {\n const authObject = getAuthObjectForAcceptedToken({\n authObject: {\n ...rawAuthObject,\n debug: () => options,\n },\n acceptsToken,\n });\n return {\n ...authObject,\n getToken: () => (authObject.isAuthenticated ? Promise.resolve(bearerToken) : Promise.resolve(null)),\n has: () => false,\n } as MachineAuthObject<MachineTokenType>;\n }\n\n return null;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,sBAUO;AACP,iBAA0B;AAI1B,uBAAkE;AAClE,2BAAiD;AAEjD,mBAA8D;AAW9D,MAAM,iBAAiB,CAAC,QAAqB;AAC3C,SAAO;AAAA,IACL,gBAAY,4CAAsB,KAAK,YAAY;AAAA,IACnD,eAAW,4CAAsB,KAAK,WAAW;AAAA,IACjD,iBAAa,4CAAsB,KAAK,aAAa;AAAA,IACrD,gBAAY,4CAAsB,KAAK,YAAY;AAAA,IACnD,mBAAe,4CAAsB,KAAK,eAAe;AAAA,EAC3D;AACF;AAKA,MAAM,oBAAoB,CAAC,KAAkB,MAAqC,0BAA0B,SAAS;AACnH,QAAM,2BAAuB,gCAAU,KAAK,0BAAU,QAAQ,gBAAgB;AAC9E,QAAM,2BAAuB,sCAAwB,oBAAoB;AAEzE,SAAO;AAAA,IACL,YAAW,6BAAM,cAAa,qBAAqB,aAAa;AAAA,IAChE,gBAAgB,qBAAqB,kBAAkB;AAAA,IACvD,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,gBAAY,4CAAsB,KAAK,YAAY;AAAA,IACnD,iBAAa,4CAAsB,KAAK,aAAa;AAAA,IACrD,gBAAY,4CAAsB,KAAK,YAAY;AAAA,IACnD;AAAA,EACF;AACF;AAMO,MAAM,gCAAgC,CAC3C,KACA,EAAE,0BAA0B,MAAM,GAAG,KAAK,IAAmC,CAAC,MACjC;AAxE/C;AAyEE,QAAM,EAAE,YAAY,aAAa,YAAY,WAAW,cAAc,IAAI,eAAe,GAAG;AAE5F,aAAK,WAAL,mBAAa,MAAM,WAAW,EAAE,YAAY,aAAa,WAAW;AAEpE,QAAM,UAAU,kBAAkB,KAAK,MAAM,uBAAuB;AAIpE,MAAI,KAAC,qCAAoB,0BAAU,cAAc,KAAK,gBAAgB,0BAAU,YAAY,GAAG;AAC7F,eAAO,qCAAoB,OAAO;AAAA,EACpC;AAEA,MAAI;AACJ,MAAI,CAAC,cAAc,eAAe,2BAAW,UAAU;AACrD,qBAAa,qCAAoB,OAAO;AAAA,EAC1C,OAAO;AACL,2CAAqB,WAAqB,QAAQ,WAAW,aAAa;AAE1E,UAAM,UAAM,sBAAU,SAAmB;AAEzC,eAAK,WAAL,mBAAa,MAAM,OAAO,IAAI;AAE9B,eAAO,sCAAqB,KAAK,OAAO;AAAA,EAC1C;AAEA,SAAO;AACT;AAUO,MAAM,yBAAyB,CAAC,KAAkB,OAAsC,CAAC,MAAkB;AA7GlH;AA8GE,QAAM,EAAE,YAAY,aAAa,WAAW,IAAI,eAAe,GAAG;AAClE,aAAK,WAAL,mBAAa,MAAM,WAAW,EAAE,YAAY,aAAa,WAAW;AAEpE,QAAM,2BAAuB,gCAAU,KAAK,0BAAU,QAAQ,gBAAgB;AAC9E,QAAM,2BAAuB,sCAAwB,oBAAoB;AAEzE,QAAM,eAAc,yCAAU,KAAK,0BAAU,QAAQ,aAAa,MAA9C,mBAAiD,QAAQ,WAAW;AACxF,QAAM,eAAe,KAAK,gBAAgB,0BAAU;AAEpD,QAAM,UAAU,kBAAkB,KAAK,IAAI;AAI3C,QAAM,oBAAoB;AAAA,IACxB;AAAA,IACA,qBAAqB;AAAA,IACrB;AAAA,IACA;AAAA,EACF;AACA,MAAI,mBAAmB;AACrB,WAAO;AAAA,EACT;AAIA,MAAI,eAAe,MAAM,QAAQ,YAAY,KAAK,CAAC,aAAa,SAAS,0BAAU,YAAY,GAAG;AAChG,eAAO,wCAAuB;AAAA,EAChC;AAGA,SAAO,8BAA8B,KAAK,IAAI;AAChD;AAEA,MAAM,qBAAqB,CACzB,aACA,eACA,cACA,YAC+C;AAC/C,QAAM,kBAAkB,mBAAe,gCAAe,WAAW;AAEjE,QAAM,0BACJ,iBAAiB,0BAAU,gBAC1B,MAAM,QAAQ,YAAY,KAAK,aAAa,WAAW,KAAK,aAAa,CAAC,MAAM,0BAAU;AAE7F,MAAI,mBAAmB,iBAAiB,CAAC,yBAAyB;AAChE,UAAM,iBAAa,+CAA8B;AAAA,MAC/C,YAAY;AAAA,QACV,GAAG;AAAA,QACH,OAAO,MAAM;AAAA,MACf;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,UAAU,MAAO,WAAW,kBAAkB,QAAQ,QAAQ,WAAW,IAAI,QAAQ,QAAQ,IAAI;AAAA,MACjG,KAAK,MAAM;AAAA,IACb;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}
|
|
@@ -90,7 +90,7 @@ function debugLogHeader(name) {
|
|
|
90
90
|
return `[clerk debug start: ${name}]`;
|
|
91
91
|
}
|
|
92
92
|
function debugLogFooter(name) {
|
|
93
|
-
return `[clerk debug end: ${name}] (@clerk/nextjs=${"6.37.
|
|
93
|
+
return `[clerk debug end: ${name}] (@clerk/nextjs=${"6.37.2"},next=${import_package.default.version},timestamp=${Math.round((/* @__PURE__ */ new Date()).getTime() / 1e3)})`;
|
|
94
94
|
}
|
|
95
95
|
function truncate(str, maxLength) {
|
|
96
96
|
const encoder = new TextEncoder();
|
|
@@ -16,7 +16,7 @@ const SIGN_IN_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || "";
|
|
|
16
16
|
const SIGN_UP_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || "";
|
|
17
17
|
const SDK_METADATA = {
|
|
18
18
|
name: "@clerk/nextjs",
|
|
19
|
-
version: "6.37.
|
|
19
|
+
version: "6.37.2",
|
|
20
20
|
environment: process.env.NODE_ENV
|
|
21
21
|
};
|
|
22
22
|
const TELEMETRY_DISABLED = isTruthy(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DISABLED);
|
|
@@ -18,7 +18,7 @@ const clerkClientDefaultOptions = {
|
|
|
18
18
|
publishableKey: PUBLISHABLE_KEY,
|
|
19
19
|
apiUrl: API_URL,
|
|
20
20
|
apiVersion: API_VERSION,
|
|
21
|
-
userAgent: `${"@clerk/nextjs"}@${"6.37.
|
|
21
|
+
userAgent: `${"@clerk/nextjs"}@${"6.37.2"}`,
|
|
22
22
|
proxyUrl: PROXY_URL,
|
|
23
23
|
domain: DOMAIN,
|
|
24
24
|
isSatellite: IS_SATELLITE,
|
|
@@ -5,7 +5,7 @@ import {
|
|
|
5
5
|
getAuthObjectForAcceptedToken,
|
|
6
6
|
getAuthObjectFromJwt,
|
|
7
7
|
invalidTokenAuthObject,
|
|
8
|
-
|
|
8
|
+
isMachineToken,
|
|
9
9
|
isTokenTypeAccepted,
|
|
10
10
|
signedOutAuthObject,
|
|
11
11
|
TokenType
|
|
@@ -80,7 +80,7 @@ const getAuthDataFromRequest = (req, opts = {}) => {
|
|
|
80
80
|
return getSessionAuthDataFromRequest(req, opts);
|
|
81
81
|
};
|
|
82
82
|
const handleMachineToken = (bearerToken, rawAuthObject, acceptsToken, options) => {
|
|
83
|
-
const hasMachineToken = bearerToken &&
|
|
83
|
+
const hasMachineToken = bearerToken && isMachineToken(bearerToken);
|
|
84
84
|
const acceptsOnlySessionToken = acceptsToken === TokenType.SessionToken || Array.isArray(acceptsToken) && acceptsToken.length === 1 && acceptsToken[0] === TokenType.SessionToken;
|
|
85
85
|
if (hasMachineToken && rawAuthObject && !acceptsOnlySessionToken) {
|
|
86
86
|
const authObject = getAuthObjectForAcceptedToken({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject, MachineAuthObject } from '@clerk/backend';\nimport type {\n AuthenticateRequestOptions,\n MachineTokenType,\n SignedInAuthObject,\n SignedOutAuthObject,\n} from '@clerk/backend/internal';\nimport {\n AuthStatus,\n constants,\n getAuthObjectForAcceptedToken,\n getAuthObjectFromJwt,\n invalidTokenAuthObject,\n
|
|
1
|
+
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject, MachineAuthObject } from '@clerk/backend';\nimport type {\n AuthenticateRequestOptions,\n MachineTokenType,\n SignedInAuthObject,\n SignedOutAuthObject,\n} from '@clerk/backend/internal';\nimport {\n AuthStatus,\n constants,\n getAuthObjectForAcceptedToken,\n getAuthObjectFromJwt,\n invalidTokenAuthObject,\n isMachineToken,\n isTokenTypeAccepted,\n signedOutAuthObject,\n TokenType,\n} from '@clerk/backend/internal';\nimport { decodeJwt } from '@clerk/backend/jwt';\nimport type { PendingSessionOptions } from '@clerk/types';\n\nimport type { LoggerNoCommit } from '../../utils/debugLogger';\nimport { API_URL, API_VERSION, PUBLISHABLE_KEY, SECRET_KEY } from '../constants';\nimport { getAuthKeyFromRequest, getHeader } from '../headers-utils';\nimport type { RequestLike } from '../types';\nimport { assertTokenSignature, decryptClerkRequestData } from '../utils';\n\nexport type GetAuthDataFromRequestOptions = {\n secretKey?: string;\n logger?: LoggerNoCommit;\n acceptsToken?: AuthenticateRequestOptions['acceptsToken'];\n} & PendingSessionOptions;\n\n/**\n * Extracts auth headers from the request\n */\nconst getAuthHeaders = (req: RequestLike) => {\n return {\n authStatus: getAuthKeyFromRequest(req, 'AuthStatus'),\n authToken: getAuthKeyFromRequest(req, 'AuthToken'),\n authMessage: getAuthKeyFromRequest(req, 'AuthMessage'),\n authReason: getAuthKeyFromRequest(req, 'AuthReason'),\n authSignature: getAuthKeyFromRequest(req, 'AuthSignature'),\n };\n};\n\n/**\n * Creates auth options object with fallbacks from encrypted request data\n */\nconst createAuthOptions = (req: RequestLike, opts: GetAuthDataFromRequestOptions, treatPendingAsSignedOut = true) => {\n const encryptedRequestData = getHeader(req, constants.Headers.ClerkRequestData);\n const decryptedRequestData = decryptClerkRequestData(encryptedRequestData);\n\n return {\n secretKey: opts?.secretKey || decryptedRequestData.secretKey || SECRET_KEY,\n publishableKey: decryptedRequestData.publishableKey || PUBLISHABLE_KEY,\n apiUrl: API_URL,\n apiVersion: API_VERSION,\n authStatus: getAuthKeyFromRequest(req, 'AuthStatus'),\n authMessage: getAuthKeyFromRequest(req, 'AuthMessage'),\n authReason: getAuthKeyFromRequest(req, 'AuthReason'),\n treatPendingAsSignedOut,\n };\n};\n\n/**\n * Given a request object, builds an auth object from the request data. Used in server-side environments to get access\n * to auth data for a given request.\n */\nexport const getSessionAuthDataFromRequest = (\n req: RequestLike,\n { treatPendingAsSignedOut = true, ...opts }: GetAuthDataFromRequestOptions = {},\n): SignedInAuthObject | SignedOutAuthObject => {\n const { authStatus, authMessage, authReason, authToken, authSignature } = getAuthHeaders(req);\n\n opts.logger?.debug('headers', { authStatus, authMessage, authReason });\n\n const options = createAuthOptions(req, opts, treatPendingAsSignedOut);\n\n // Only accept session tokens in this function.\n // Machine tokens are not supported and will result in a signed-out state.\n if (!isTokenTypeAccepted(TokenType.SessionToken, opts.acceptsToken || TokenType.SessionToken)) {\n return signedOutAuthObject(options);\n }\n\n let authObject;\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n authObject = signedOutAuthObject(options);\n } else {\n assertTokenSignature(authToken as string, options.secretKey, authSignature);\n\n const jwt = decodeJwt(authToken as string);\n\n opts.logger?.debug('jwt', jwt.raw);\n\n return getAuthObjectFromJwt(jwt, options);\n }\n\n return authObject;\n};\n\n/**\n * Given a request object, builds an auth object from the request data. Used in server-side environments to get access\n * to auth data for a given request.\n *\n * This function handles both session tokens and machine tokens:\n * - Session tokens: Decoded from JWT and validated\n * - Machine tokens: Retrieved from encrypted request data (x-clerk-request-data header)\n */\nexport const getAuthDataFromRequest = (req: RequestLike, opts: GetAuthDataFromRequestOptions = {}): AuthObject => {\n const { authStatus, authMessage, authReason } = getAuthHeaders(req);\n opts.logger?.debug('headers', { authStatus, authMessage, authReason });\n\n const encryptedRequestData = getHeader(req, constants.Headers.ClerkRequestData);\n const decryptedRequestData = decryptClerkRequestData(encryptedRequestData);\n\n const bearerToken = getHeader(req, constants.Headers.Authorization)?.replace('Bearer ', '');\n const acceptsToken = opts.acceptsToken || TokenType.SessionToken;\n\n const options = createAuthOptions(req, opts);\n\n // Handle machine tokens first (from encrypted request data)\n // Machine tokens are passed via x-clerk-request-data header from middleware\n const machineAuthObject = handleMachineToken(\n bearerToken,\n decryptedRequestData.machineAuthObject,\n acceptsToken,\n options,\n );\n if (machineAuthObject) {\n return machineAuthObject;\n }\n\n // If a random token is present and acceptsToken is an array that does NOT include session_token,\n // return invalid token auth object.\n if (bearerToken && Array.isArray(acceptsToken) && !acceptsToken.includes(TokenType.SessionToken)) {\n return invalidTokenAuthObject();\n }\n\n // Fallback to session logic for all other cases\n return getSessionAuthDataFromRequest(req, opts);\n};\n\nconst handleMachineToken = (\n bearerToken: string | undefined,\n rawAuthObject: AuthObject | undefined,\n acceptsToken: NonNullable<AuthenticateRequestOptions['acceptsToken']>,\n options: Record<string, any>,\n): MachineAuthObject<MachineTokenType> | null => {\n const hasMachineToken = bearerToken && isMachineToken(bearerToken);\n\n const acceptsOnlySessionToken =\n acceptsToken === TokenType.SessionToken ||\n (Array.isArray(acceptsToken) && acceptsToken.length === 1 && acceptsToken[0] === TokenType.SessionToken);\n\n if (hasMachineToken && rawAuthObject && !acceptsOnlySessionToken) {\n const authObject = getAuthObjectForAcceptedToken({\n authObject: {\n ...rawAuthObject,\n debug: () => options,\n },\n acceptsToken,\n });\n return {\n ...authObject,\n getToken: () => (authObject.isAuthenticated ? Promise.resolve(bearerToken) : Promise.resolve(null)),\n has: () => false,\n } as MachineAuthObject<MachineTokenType>;\n }\n\n return null;\n};\n"],"mappings":";AAOA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,iBAAiB;AAI1B,SAAS,SAAS,aAAa,iBAAiB,kBAAkB;AAClE,SAAS,uBAAuB,iBAAiB;AAEjD,SAAS,sBAAsB,+BAA+B;AAW9D,MAAM,iBAAiB,CAAC,QAAqB;AAC3C,SAAO;AAAA,IACL,YAAY,sBAAsB,KAAK,YAAY;AAAA,IACnD,WAAW,sBAAsB,KAAK,WAAW;AAAA,IACjD,aAAa,sBAAsB,KAAK,aAAa;AAAA,IACrD,YAAY,sBAAsB,KAAK,YAAY;AAAA,IACnD,eAAe,sBAAsB,KAAK,eAAe;AAAA,EAC3D;AACF;AAKA,MAAM,oBAAoB,CAAC,KAAkB,MAAqC,0BAA0B,SAAS;AACnH,QAAM,uBAAuB,UAAU,KAAK,UAAU,QAAQ,gBAAgB;AAC9E,QAAM,uBAAuB,wBAAwB,oBAAoB;AAEzE,SAAO;AAAA,IACL,YAAW,6BAAM,cAAa,qBAAqB,aAAa;AAAA,IAChE,gBAAgB,qBAAqB,kBAAkB;AAAA,IACvD,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY,sBAAsB,KAAK,YAAY;AAAA,IACnD,aAAa,sBAAsB,KAAK,aAAa;AAAA,IACrD,YAAY,sBAAsB,KAAK,YAAY;AAAA,IACnD;AAAA,EACF;AACF;AAMO,MAAM,gCAAgC,CAC3C,KACA,EAAE,0BAA0B,MAAM,GAAG,KAAK,IAAmC,CAAC,MACjC;AAxE/C;AAyEE,QAAM,EAAE,YAAY,aAAa,YAAY,WAAW,cAAc,IAAI,eAAe,GAAG;AAE5F,aAAK,WAAL,mBAAa,MAAM,WAAW,EAAE,YAAY,aAAa,WAAW;AAEpE,QAAM,UAAU,kBAAkB,KAAK,MAAM,uBAAuB;AAIpE,MAAI,CAAC,oBAAoB,UAAU,cAAc,KAAK,gBAAgB,UAAU,YAAY,GAAG;AAC7F,WAAO,oBAAoB,OAAO;AAAA,EACpC;AAEA,MAAI;AACJ,MAAI,CAAC,cAAc,eAAe,WAAW,UAAU;AACrD,iBAAa,oBAAoB,OAAO;AAAA,EAC1C,OAAO;AACL,yBAAqB,WAAqB,QAAQ,WAAW,aAAa;AAE1E,UAAM,MAAM,UAAU,SAAmB;AAEzC,eAAK,WAAL,mBAAa,MAAM,OAAO,IAAI;AAE9B,WAAO,qBAAqB,KAAK,OAAO;AAAA,EAC1C;AAEA,SAAO;AACT;AAUO,MAAM,yBAAyB,CAAC,KAAkB,OAAsC,CAAC,MAAkB;AA7GlH;AA8GE,QAAM,EAAE,YAAY,aAAa,WAAW,IAAI,eAAe,GAAG;AAClE,aAAK,WAAL,mBAAa,MAAM,WAAW,EAAE,YAAY,aAAa,WAAW;AAEpE,QAAM,uBAAuB,UAAU,KAAK,UAAU,QAAQ,gBAAgB;AAC9E,QAAM,uBAAuB,wBAAwB,oBAAoB;AAEzE,QAAM,eAAc,eAAU,KAAK,UAAU,QAAQ,aAAa,MAA9C,mBAAiD,QAAQ,WAAW;AACxF,QAAM,eAAe,KAAK,gBAAgB,UAAU;AAEpD,QAAM,UAAU,kBAAkB,KAAK,IAAI;AAI3C,QAAM,oBAAoB;AAAA,IACxB;AAAA,IACA,qBAAqB;AAAA,IACrB;AAAA,IACA;AAAA,EACF;AACA,MAAI,mBAAmB;AACrB,WAAO;AAAA,EACT;AAIA,MAAI,eAAe,MAAM,QAAQ,YAAY,KAAK,CAAC,aAAa,SAAS,UAAU,YAAY,GAAG;AAChG,WAAO,uBAAuB;AAAA,EAChC;AAGA,SAAO,8BAA8B,KAAK,IAAI;AAChD;AAEA,MAAM,qBAAqB,CACzB,aACA,eACA,cACA,YAC+C;AAC/C,QAAM,kBAAkB,eAAe,eAAe,WAAW;AAEjE,QAAM,0BACJ,iBAAiB,UAAU,gBAC1B,MAAM,QAAQ,YAAY,KAAK,aAAa,WAAW,KAAK,aAAa,CAAC,MAAM,UAAU;AAE7F,MAAI,mBAAmB,iBAAiB,CAAC,yBAAyB;AAChE,UAAM,aAAa,8BAA8B;AAAA,MAC/C,YAAY;AAAA,QACV,GAAG;AAAA,QACH,OAAO,MAAM;AAAA,MACf;AAAA,MACA;AAAA,IACF,CAAC;AACD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,UAAU,MAAO,WAAW,kBAAkB,QAAQ,QAAQ,WAAW,IAAI,QAAQ,QAAQ,IAAI;AAAA,MACjG,KAAK,MAAM;AAAA,IACb;AAAA,EACF;AAEA,SAAO;AACT;","names":[]}
|
|
@@ -57,7 +57,7 @@ function debugLogHeader(name) {
|
|
|
57
57
|
return `[clerk debug start: ${name}]`;
|
|
58
58
|
}
|
|
59
59
|
function debugLogFooter(name) {
|
|
60
|
-
return `[clerk debug end: ${name}] (@clerk/nextjs=${"6.37.
|
|
60
|
+
return `[clerk debug end: ${name}] (@clerk/nextjs=${"6.37.2"},next=${nextPkg.version},timestamp=${Math.round((/* @__PURE__ */ new Date()).getTime() / 1e3)})`;
|
|
61
61
|
}
|
|
62
62
|
function truncate(str, maxLength) {
|
|
63
63
|
const encoder = new TextEncoder();
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const errorThrower: import("@clerk/shared/error-
|
|
1
|
+
export declare const errorThrower: import("@clerk/shared/error-mx2cKH_Z").ErrorThrower;
|
|
2
2
|
//# sourceMappingURL=errorThrower.d.ts.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@clerk/nextjs",
|
|
3
|
-
"version": "6.37.
|
|
3
|
+
"version": "6.37.2",
|
|
4
4
|
"description": "Clerk SDK for NextJS",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"clerk",
|
|
@@ -66,7 +66,7 @@
|
|
|
66
66
|
"dependencies": {
|
|
67
67
|
"server-only": "0.0.1",
|
|
68
68
|
"tslib": "2.8.1",
|
|
69
|
-
"@clerk/backend": "^2.
|
|
69
|
+
"@clerk/backend": "^2.30.0",
|
|
70
70
|
"@clerk/clerk-react": "^5.60.0",
|
|
71
71
|
"@clerk/shared": "^3.44.0",
|
|
72
72
|
"@clerk/types": "^4.101.14"
|