@clerk/nextjs 7.0.0-snapshot.v20251203203405 → 7.0.0-snapshot.v20251204175016
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/client/ClerkProvider.js +4 -4
- package/dist/cjs/app-router/client/ClerkProvider.js.map +1 -1
- package/dist/cjs/app-router/server/ClerkProvider.js.map +1 -1
- package/dist/cjs/app-router/server/keyless-provider.js.map +1 -1
- package/dist/cjs/pages/ClerkProvider.js +4 -4
- package/dist/cjs/pages/ClerkProvider.js.map +1 -1
- package/dist/cjs/server/constants.js +1 -1
- package/dist/cjs/server/createClerkClient.js +1 -1
- package/dist/cjs/server/errors.js +3 -0
- package/dist/cjs/server/errors.js.map +1 -1
- package/dist/cjs/server/utils.js +1 -5
- package/dist/cjs/server/utils.js.map +1 -1
- package/dist/cjs/types.js.map +1 -1
- package/dist/cjs/utils/debugLogger.js +1 -1
- package/dist/esm/app-router/client/ClerkProvider.js +4 -4
- package/dist/esm/app-router/client/ClerkProvider.js.map +1 -1
- package/dist/esm/app-router/server/ClerkProvider.js.map +1 -1
- package/dist/esm/app-router/server/keyless-provider.js.map +1 -1
- package/dist/esm/pages/ClerkProvider.js +4 -4
- package/dist/esm/pages/ClerkProvider.js.map +1 -1
- package/dist/esm/server/constants.js +1 -1
- package/dist/esm/server/createClerkClient.js +1 -1
- package/dist/esm/server/errors.js +2 -0
- package/dist/esm/server/errors.js.map +1 -1
- package/dist/esm/server/utils.js +2 -5
- package/dist/esm/server/utils.js.map +1 -1
- package/dist/esm/utils/debugLogger.js +1 -1
- package/dist/types/app-router/server/ClerkProvider.d.ts +1 -1
- package/dist/types/app-router/server/keyless-provider.d.ts +2 -2
- package/dist/types/server/errorThrower.d.ts +1 -1
- package/dist/types/server/errors.d.ts +1 -0
- package/dist/types/server/errors.d.ts.map +1 -1
- package/dist/types/server/keyless-log-cache.d.ts.map +1 -1
- package/dist/types/server/utils.d.ts.map +1 -1
- package/dist/types/types.d.ts +1 -1
- package/package.json +4 -4
|
@@ -50,7 +50,7 @@ const LazyCreateKeylessApplication = (0, import_dynamic.default)(
|
|
|
50
50
|
() => import("./keyless-creator-reader.js").then((m) => m.KeylessCreatorOrReader)
|
|
51
51
|
);
|
|
52
52
|
const NextClientClerkProvider = (props) => {
|
|
53
|
-
const {
|
|
53
|
+
const { __internal_invokeMiddlewareOnAuthStateChange = true, children } = props;
|
|
54
54
|
const router = (0, import_navigation.useRouter)();
|
|
55
55
|
const push = (0, import_useAwaitablePush.useAwaitablePush)();
|
|
56
56
|
const replace = (0, import_useAwaitableReplace.useAwaitableReplace)();
|
|
@@ -64,7 +64,7 @@ const NextClientClerkProvider = (props) => {
|
|
|
64
64
|
return props.children;
|
|
65
65
|
}
|
|
66
66
|
(0, import_useSafeLayoutEffect.useSafeLayoutEffect)(() => {
|
|
67
|
-
window.
|
|
67
|
+
window.__internal_onBeforeSetActive = (intent) => {
|
|
68
68
|
return new Promise((resolve) => {
|
|
69
69
|
var _a;
|
|
70
70
|
const nextVersion = ((_a = window == null ? void 0 : window.next) == null ? void 0 : _a.version) || "";
|
|
@@ -75,8 +75,8 @@ const NextClientClerkProvider = (props) => {
|
|
|
75
75
|
}
|
|
76
76
|
});
|
|
77
77
|
};
|
|
78
|
-
window.
|
|
79
|
-
if (
|
|
78
|
+
window.__internal_onAfterSetActive = () => {
|
|
79
|
+
if (__internal_invokeMiddlewareOnAuthStateChange) {
|
|
80
80
|
return router.refresh();
|
|
81
81
|
}
|
|
82
82
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/client/ClerkProvider.tsx"],"sourcesContent":["'use client';\nimport { ClerkProvider as ReactClerkProvider } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\nimport dynamic from 'next/dynamic';\nimport { useRouter } from 'next/navigation';\nimport React from 'react';\n\nimport { useSafeLayoutEffect } from '../../client-boundary/hooks/useSafeLayoutEffect';\nimport { ClerkNextOptionsProvider, useClerkNextOptions } from '../../client-boundary/NextOptionsContext';\nimport type { NextClerkProviderProps } from '../../types';\nimport { ClerkScripts } from '../../utils/clerk-script';\nimport { canUseKeyless } from '../../utils/feature-flags';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { RouterTelemetry } from '../../utils/router-telemetry';\nimport { detectKeylessEnvDriftAction } from '../keyless-actions';\nimport { invalidateCacheAction } from '../server-actions';\nimport { useAwaitablePush } from './useAwaitablePush';\nimport { useAwaitableReplace } from './useAwaitableReplace';\n\n/**\n * LazyCreateKeylessApplication should only be loaded if the conditions below are met.\n * Note: Using lazy() with Suspense instead of dynamic is not possible as React will throw a hydration error when `ClerkProvider` wraps `<html><body>...`\n */\nconst LazyCreateKeylessApplication = dynamic(() =>\n import('./keyless-creator-reader.js').then(m => m.KeylessCreatorOrReader),\n);\n\nconst NextClientClerkProvider = <TUi extends Ui = Ui>(props: NextClerkProviderProps<TUi>) => {\n const {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/client/ClerkProvider.tsx"],"sourcesContent":["'use client';\nimport { ClerkProvider as ReactClerkProvider } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\nimport dynamic from 'next/dynamic';\nimport { useRouter } from 'next/navigation';\nimport React from 'react';\n\nimport { useSafeLayoutEffect } from '../../client-boundary/hooks/useSafeLayoutEffect';\nimport { ClerkNextOptionsProvider, useClerkNextOptions } from '../../client-boundary/NextOptionsContext';\nimport type { NextClerkProviderProps } from '../../types';\nimport { ClerkScripts } from '../../utils/clerk-script';\nimport { canUseKeyless } from '../../utils/feature-flags';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { RouterTelemetry } from '../../utils/router-telemetry';\nimport { detectKeylessEnvDriftAction } from '../keyless-actions';\nimport { invalidateCacheAction } from '../server-actions';\nimport { useAwaitablePush } from './useAwaitablePush';\nimport { useAwaitableReplace } from './useAwaitableReplace';\n\n/**\n * LazyCreateKeylessApplication should only be loaded if the conditions below are met.\n * Note: Using lazy() with Suspense instead of dynamic is not possible as React will throw a hydration error when `ClerkProvider` wraps `<html><body>...`\n */\nconst LazyCreateKeylessApplication = dynamic(() =>\n import('./keyless-creator-reader.js').then(m => m.KeylessCreatorOrReader),\n);\n\nconst NextClientClerkProvider = <TUi extends Ui = Ui>(props: NextClerkProviderProps<TUi>) => {\n const { __internal_invokeMiddlewareOnAuthStateChange = true, children } = props;\n const router = useRouter();\n const push = useAwaitablePush();\n const replace = useAwaitableReplace();\n\n // Call drift detection on mount (client-side)\n useSafeLayoutEffect(() => {\n if (canUseKeyless) {\n void detectKeylessEnvDriftAction();\n }\n }, []);\n\n // Avoid rendering nested ClerkProviders by checking for the existence of the ClerkNextOptions context provider\n const isNested = Boolean(useClerkNextOptions());\n if (isNested) {\n return props.children;\n }\n\n useSafeLayoutEffect(() => {\n window.__internal_onBeforeSetActive = intent => {\n /**\n * We need to invalidate the cache in case the user is navigating to a page that\n * was previously cached using the auth state that was active at the time.\n *\n * We also need to await for the invalidation to happen before we navigate,\n * otherwise the navigation will use the cached page.\n *\n * For example, if we did not invalidate the flow, the following scenario would be broken:\n * - The middleware is configured in such a way that it redirects you back to the same page if a certain condition is true (eg, you need to pick an org)\n * - The user has a <Link href=/> component in the page\n * - The UB is mounted with afterSignOutUrl=/\n * - The user clicks the Link. A nav to / happens, a 307 to the current page is returned so a navigation does not take place. The / navigation is now cached as a 307 to the current page\n * - The user clicks sign out\n * - We call router.refresh()\n * - We navigate to / but its cached and instead, we 'redirect' to the current page\n *\n * For more information on cache invalidation, see:\n * https://nextjs.org/docs/app/building-your-application/caching#invalidation-1\n */\n return new Promise(resolve => {\n const nextVersion = window?.next?.version || '';\n\n // On Next.js 15+ calling a server action that returns a 404 error when deployed on Vercel is prohibited, failing with 405 status code.\n // When a user transitions from \"signed in\" to \"signed out\", we clear the `__session` cookie, then we call `__internal_onBeforeSetActive`.\n // If we were to call `invalidateCacheAction` while the user is already signed out (deleted cookie), any page protected by `auth.protect()`\n // will result to the server action returning a 404 error (this happens because server actions inherit the protection rules of the page they are called from).\n // SOLUTION:\n // To mitigate this, since the router cache on version 15+ is much less aggressive, we can treat this as a noop and simply resolve the promise.\n // Once `setActive` performs the navigation, `__internal_onAfterSetActive` will kick in and perform a router.refresh ensuring shared layouts will also update with the correct authentication context.\n if ((nextVersion.startsWith('15') || nextVersion.startsWith('16')) && intent === 'sign-out') {\n resolve(); // noop\n } else {\n void invalidateCacheAction().then(() => resolve());\n }\n });\n };\n\n window.__internal_onAfterSetActive = () => {\n if (__internal_invokeMiddlewareOnAuthStateChange) {\n return router.refresh();\n }\n };\n }, []);\n\n const mergedProps = mergeNextClerkPropsWithEnv({\n ...props,\n // @ts-expect-error Error because of the stricter types of internal `push`\n routerPush: push,\n // @ts-expect-error Error because of the stricter types of internal `replace`\n routerReplace: replace,\n });\n\n return (\n <ClerkNextOptionsProvider options={mergedProps}>\n <ReactClerkProvider {...mergedProps}>\n <RouterTelemetry />\n <ClerkScripts router='app' />\n {children}\n </ReactClerkProvider>\n </ClerkNextOptionsProvider>\n );\n};\n\nexport const ClientClerkProvider = <TUi extends Ui = Ui>(\n props: NextClerkProviderProps<TUi> & { disableKeyless?: boolean },\n) => {\n const { children, disableKeyless = false, ...rest } = props;\n const safePublishableKey = mergeNextClerkPropsWithEnv(rest).publishableKey;\n\n if (safePublishableKey || !canUseKeyless || disableKeyless) {\n return <NextClientClerkProvider {...rest}>{children}</NextClientClerkProvider>;\n }\n\n return (\n <LazyCreateKeylessApplication>\n <NextClientClerkProvider {...rest}>{children}</NextClientClerkProvider>\n </LazyCreateKeylessApplication>\n );\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,mBAAoD;AAEpD,qBAAoB;AACpB,wBAA0B;AAC1B,IAAAA,gBAAkB;AAElB,iCAAoC;AACpC,gCAA8D;AAE9D,0BAA6B;AAC7B,2BAA8B;AAC9B,wCAA2C;AAC3C,8BAAgC;AAChC,6BAA4C;AAC5C,4BAAsC;AACtC,8BAAiC;AACjC,iCAAoC;AAMpC,MAAM,mCAA+B,eAAAC;AAAA,EAAQ,MAC3C,OAAO,6BAA6B,EAAE,KAAK,OAAK,EAAE,sBAAsB;AAC1E;AAEA,MAAM,0BAA0B,CAAsB,UAAuC;AAC3F,QAAM,EAAE,+CAA+C,MAAM,SAAS,IAAI;AAC1E,QAAM,aAAS,6BAAU;AACzB,QAAM,WAAO,0CAAiB;AAC9B,QAAM,cAAU,gDAAoB;AAGpC,sDAAoB,MAAM;AACxB,QAAI,oCAAe;AACjB,eAAK,oDAA4B;AAAA,IACnC;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,QAAM,WAAW,YAAQ,+CAAoB,CAAC;AAC9C,MAAI,UAAU;AACZ,WAAO,MAAM;AAAA,EACf;AAEA,sDAAoB,MAAM;AACxB,WAAO,+BAA+B,YAAU;AAoB9C,aAAO,IAAI,QAAQ,aAAW;AAnEpC;AAoEQ,cAAM,gBAAc,sCAAQ,SAAR,mBAAc,YAAW;AAS7C,aAAK,YAAY,WAAW,IAAI,KAAK,YAAY,WAAW,IAAI,MAAM,WAAW,YAAY;AAC3F,kBAAQ;AAAA,QACV,OAAO;AACL,mBAAK,6CAAsB,EAAE,KAAK,MAAM,QAAQ,CAAC;AAAA,QACnD;AAAA,MACF,CAAC;AAAA,IACH;AAEA,WAAO,8BAA8B,MAAM;AACzC,UAAI,8CAA8C;AAChD,eAAO,OAAO,QAAQ;AAAA,MACxB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,kBAAc,8DAA2B;AAAA,IAC7C,GAAG;AAAA;AAAA,IAEH,YAAY;AAAA;AAAA,IAEZ,eAAe;AAAA,EACjB,CAAC;AAED,SACE,8BAAAC,QAAA,cAAC,sDAAyB,SAAS,eACjC,8BAAAA,QAAA,cAAC,aAAAC,eAAA,EAAoB,GAAG,eACtB,8BAAAD,QAAA,cAAC,6CAAgB,GACjB,8BAAAA,QAAA,cAAC,oCAAa,QAAO,OAAM,GAC1B,QACH,CACF;AAEJ;AAEO,MAAM,sBAAsB,CACjC,UACG;AACH,QAAM,EAAE,UAAU,iBAAiB,OAAO,GAAG,KAAK,IAAI;AACtD,QAAM,yBAAqB,8DAA2B,IAAI,EAAE;AAE5D,MAAI,sBAAsB,CAAC,sCAAiB,gBAAgB;AAC1D,WAAO,8BAAAA,QAAA,cAAC,2BAAyB,GAAG,QAAO,QAAS;AAAA,EACtD;AAEA,SACE,8BAAAA,QAAA,cAAC,oCACC,8BAAAA,QAAA,cAAC,2BAAyB,GAAG,QAAO,QAAS,CAC/C;AAEJ;","names":["import_react","dynamic","React","ReactClerkProvider"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/ClerkProvider.tsx"],"sourcesContent":["import type { Ui } from '@clerk/react/internal';\nimport type { InitialState, Without } from '@clerk/shared/types';\nimport { headers } from 'next/headers';\nimport type { ReactNode } from 'react';\nimport React from 'react';\n\nimport { PromisifiedAuthProvider } from '../../client-boundary/PromisifiedAuthProvider';\nimport { getDynamicAuthData } from '../../server/buildClerkProps';\nimport type { NextClerkProviderProps } from '../../types';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { ClientClerkProvider } from '../client/ClerkProvider';\nimport { getKeylessStatus, KeylessProvider } from './keyless-provider';\nimport { buildRequestLike, getScriptNonceFromHeader } from './utils';\n\nconst getDynamicClerkState = React.cache(async function getDynamicClerkState() {\n const request = await buildRequestLike();\n const data = getDynamicAuthData(request);\n\n return data;\n});\n\nconst getNonceHeaders = React.cache(async function getNonceHeaders() {\n const headersList = await headers();\n const nonce = headersList.get('X-Nonce');\n return nonce\n ? nonce\n : // Fallback to extracting from CSP header\n getScriptNonceFromHeader(headersList.get('Content-Security-Policy') || '') || '';\n});\n\nexport async function ClerkProvider<TUi extends Ui = Ui>(\n props: Without<NextClerkProviderProps<TUi>, '
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/ClerkProvider.tsx"],"sourcesContent":["import type { Ui } from '@clerk/react/internal';\nimport type { InitialState, Without } from '@clerk/shared/types';\nimport { headers } from 'next/headers';\nimport type { ReactNode } from 'react';\nimport React from 'react';\n\nimport { PromisifiedAuthProvider } from '../../client-boundary/PromisifiedAuthProvider';\nimport { getDynamicAuthData } from '../../server/buildClerkProps';\nimport type { NextClerkProviderProps } from '../../types';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { ClientClerkProvider } from '../client/ClerkProvider';\nimport { getKeylessStatus, KeylessProvider } from './keyless-provider';\nimport { buildRequestLike, getScriptNonceFromHeader } from './utils';\n\nconst getDynamicClerkState = React.cache(async function getDynamicClerkState() {\n const request = await buildRequestLike();\n const data = getDynamicAuthData(request);\n\n return data;\n});\n\nconst getNonceHeaders = React.cache(async function getNonceHeaders() {\n const headersList = await headers();\n const nonce = headersList.get('X-Nonce');\n return nonce\n ? nonce\n : // Fallback to extracting from CSP header\n getScriptNonceFromHeader(headersList.get('Content-Security-Policy') || '') || '';\n});\n\nexport async function ClerkProvider<TUi extends Ui = Ui>(\n props: Without<NextClerkProviderProps<TUi>, '__internal_invokeMiddlewareOnAuthStateChange'>,\n) {\n const { children, dynamic, ...rest } = props;\n\n async function generateStatePromise() {\n if (!dynamic) {\n return Promise.resolve(null);\n }\n return getDynamicClerkState();\n }\n\n async function generateNonce() {\n if (!dynamic) {\n return Promise.resolve('');\n }\n return getNonceHeaders();\n }\n\n const propsWithEnvs = mergeNextClerkPropsWithEnv({\n ...rest,\n });\n\n const { shouldRunAsKeyless, runningWithClaimedKeys } = await getKeylessStatus(propsWithEnvs);\n\n let output: ReactNode;\n\n try {\n const detectKeylessEnvDrift = await import('../../server/keyless-telemetry.js').then(\n mod => mod.detectKeylessEnvDrift,\n );\n await detectKeylessEnvDrift();\n } catch {\n // ignore\n }\n\n if (shouldRunAsKeyless) {\n output = (\n <KeylessProvider\n rest={propsWithEnvs}\n generateNonce={generateNonce}\n generateStatePromise={generateStatePromise}\n runningWithClaimedKeys={runningWithClaimedKeys}\n >\n {children}\n </KeylessProvider>\n );\n } else {\n output = (\n <ClientClerkProvider\n {...propsWithEnvs}\n nonce={await generateNonce()}\n initialState={await generateStatePromise()}\n >\n {children}\n </ClientClerkProvider>\n );\n }\n\n if (dynamic) {\n return (\n // TODO: fix types so AuthObject is compatible with InitialState\n <PromisifiedAuthProvider authPromise={generateStatePromise() as unknown as Promise<InitialState>}>\n {output}\n </PromisifiedAuthProvider>\n );\n }\n return output;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAwB;AAExB,mBAAkB;AAElB,qCAAwC;AACxC,6BAAmC;AAEnC,wCAA2C;AAC3C,2BAAoC;AACpC,8BAAkD;AAClD,mBAA2D;AAE3D,MAAM,uBAAuB,aAAAA,QAAM,MAAM,eAAeC,wBAAuB;AAC7E,QAAM,UAAU,UAAM,+BAAiB;AACvC,QAAM,WAAO,2CAAmB,OAAO;AAEvC,SAAO;AACT,CAAC;AAED,MAAM,kBAAkB,aAAAD,QAAM,MAAM,eAAeE,mBAAkB;AACnE,QAAM,cAAc,UAAM,wBAAQ;AAClC,QAAM,QAAQ,YAAY,IAAI,SAAS;AACvC,SAAO,QACH;AAAA;AAAA,QAEA,uCAAyB,YAAY,IAAI,yBAAyB,KAAK,EAAE,KAAK;AAAA;AACpF,CAAC;AAED,eAAsB,cACpB,OACA;AACA,QAAM,EAAE,UAAU,SAAS,GAAG,KAAK,IAAI;AAEvC,iBAAe,uBAAuB;AACpC,QAAI,CAAC,SAAS;AACZ,aAAO,QAAQ,QAAQ,IAAI;AAAA,IAC7B;AACA,WAAO,qBAAqB;AAAA,EAC9B;AAEA,iBAAe,gBAAgB;AAC7B,QAAI,CAAC,SAAS;AACZ,aAAO,QAAQ,QAAQ,EAAE;AAAA,IAC3B;AACA,WAAO,gBAAgB;AAAA,EACzB;AAEA,QAAM,oBAAgB,8DAA2B;AAAA,IAC/C,GAAG;AAAA,EACL,CAAC;AAED,QAAM,EAAE,oBAAoB,uBAAuB,IAAI,UAAM,0CAAiB,aAAa;AAE3F,MAAI;AAEJ,MAAI;AACF,UAAM,wBAAwB,MAAM,OAAO,mCAAmC,EAAE;AAAA,MAC9E,SAAO,IAAI;AAAA,IACb;AACA,UAAM,sBAAsB;AAAA,EAC9B,QAAQ;AAAA,EAER;AAEA,MAAI,oBAAoB;AACtB,aACE,6BAAAF,QAAA;AAAA,MAAC;AAAA;AAAA,QACC,MAAM;AAAA,QACN;AAAA,QACA;AAAA,QACA;AAAA;AAAA,MAEC;AAAA,IACH;AAAA,EAEJ,OAAO;AACL,aACE,6BAAAA,QAAA;AAAA,MAAC;AAAA;AAAA,QACE,GAAG;AAAA,QACJ,OAAO,MAAM,cAAc;AAAA,QAC3B,cAAc,MAAM,qBAAqB;AAAA;AAAA,MAExC;AAAA,IACH;AAAA,EAEJ;AAEA,MAAI,SAAS;AACX;AAAA;AAAA,MAEE,6BAAAA,QAAA,cAAC,0DAAwB,aAAa,qBAAqB,KACxD,MACH;AAAA;AAAA,EAEJ;AACA,SAAO;AACT;","names":["React","getDynamicClerkState","getNonceHeaders"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/keyless-provider.tsx"],"sourcesContent":["import type { AuthObject } from '@clerk/backend';\nimport type { Without } from '@clerk/shared/types';\nimport { headers } from 'next/headers';\nimport type { PropsWithChildren } from 'react';\nimport React from 'react';\n\nimport { createClerkClientWithOptions } from '../../server/createClerkClient';\nimport { collectKeylessMetadata, formatMetadataHeaders } from '../../server/keyless-custom-headers';\nimport type { NextClerkProviderProps } from '../../types';\nimport { canUseKeyless } from '../../utils/feature-flags';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { onlyTry } from '../../utils/only-try';\nimport { ClientClerkProvider } from '../client/ClerkProvider';\nimport { deleteKeylessAction } from '../keyless-actions';\n\nexport async function getKeylessStatus(\n params: Without<NextClerkProviderProps, '
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/keyless-provider.tsx"],"sourcesContent":["import type { AuthObject } from '@clerk/backend';\nimport type { Without } from '@clerk/shared/types';\nimport { headers } from 'next/headers';\nimport type { PropsWithChildren } from 'react';\nimport React from 'react';\n\nimport { createClerkClientWithOptions } from '../../server/createClerkClient';\nimport { collectKeylessMetadata, formatMetadataHeaders } from '../../server/keyless-custom-headers';\nimport type { NextClerkProviderProps } from '../../types';\nimport { canUseKeyless } from '../../utils/feature-flags';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { onlyTry } from '../../utils/only-try';\nimport { ClientClerkProvider } from '../client/ClerkProvider';\nimport { deleteKeylessAction } from '../keyless-actions';\n\nexport async function getKeylessStatus(\n params: Without<NextClerkProviderProps, '__internal_invokeMiddlewareOnAuthStateChange'>,\n) {\n let [shouldRunAsKeyless, runningWithClaimedKeys, locallyStoredPublishableKey] = [false, false, ''];\n if (canUseKeyless) {\n locallyStoredPublishableKey = await import('../../server/keyless-node.js')\n .then(mod => mod.safeParseClerkFile()?.publishableKey || '')\n .catch(() => '');\n\n runningWithClaimedKeys = Boolean(params.publishableKey) && params.publishableKey === locallyStoredPublishableKey;\n shouldRunAsKeyless = !params.publishableKey || runningWithClaimedKeys;\n }\n\n return {\n shouldRunAsKeyless,\n runningWithClaimedKeys,\n };\n}\n\ntype KeylessProviderProps = PropsWithChildren<{\n rest: Without<NextClerkProviderProps, '__internal_invokeMiddlewareOnAuthStateChange'>;\n runningWithClaimedKeys: boolean;\n generateStatePromise: () => Promise<AuthObject | null>;\n generateNonce: () => Promise<string>;\n}>;\n\nexport const KeylessProvider = async (props: KeylessProviderProps) => {\n const { rest, runningWithClaimedKeys, generateNonce, generateStatePromise, children } = props;\n\n // NOTE: Create or read keys on every render. Usually this means only on hard refresh or hard navigations.\n const newOrReadKeys = await import('../../server/keyless-node.js')\n .then(mod => mod.createOrReadKeyless())\n .catch(() => null);\n\n const { clerkDevelopmentCache, createConfirmationMessage, createKeylessModeMessage } = await import(\n '../../server/keyless-log-cache.js'\n );\n\n if (!newOrReadKeys) {\n // When case keyless should run, but keys are not available, then fallback to throwing for missing keys\n return (\n <ClientClerkProvider\n {...mergeNextClerkPropsWithEnv(rest)}\n nonce={await generateNonce()}\n initialState={await generateStatePromise()}\n disableKeyless\n >\n {children}\n </ClientClerkProvider>\n );\n }\n\n const clientProvider = (\n <ClientClerkProvider\n {...mergeNextClerkPropsWithEnv({\n ...rest,\n publishableKey: newOrReadKeys.publishableKey,\n __internal_keyless_claimKeylessApplicationUrl: newOrReadKeys.claimUrl,\n __internal_keyless_copyInstanceKeysUrl: newOrReadKeys.apiKeysUrl,\n // Explicitly use `null` instead of `undefined` here to avoid persisting `deleteKeylessAction` during merging of options.\n __internal_keyless_dismissPrompt: runningWithClaimedKeys ? deleteKeylessAction : null,\n })}\n nonce={await generateNonce()}\n initialState={await generateStatePromise()}\n >\n {children}\n </ClientClerkProvider>\n );\n\n if (runningWithClaimedKeys) {\n try {\n const secretKey = await import('../../server/keyless-node.js').then(mod => mod.safeParseClerkFile()?.secretKey);\n if (!secretKey) {\n // we will ignore it later\n throw new Error('Missing secret key from `.clerk/`');\n }\n const client = createClerkClientWithOptions({\n secretKey,\n });\n\n // Collect metadata\n const keylessHeaders = await collectKeylessMetadata()\n .then(formatMetadataHeaders)\n .catch(() => new Headers());\n\n /**\n * Notifying the dashboard the should runs once. We are controlling this behaviour by caching the result of the request.\n * If the request fails, it will be considered stale after 10 minutes, otherwise it is cached for 24 hours.\n */\n await clerkDevelopmentCache?.run(\n () =>\n client.__experimental_accountlessApplications.completeAccountlessApplicationOnboarding({\n requestHeaders: keylessHeaders,\n }),\n {\n cacheKey: `${newOrReadKeys.publishableKey}_complete`,\n onSuccessStale: 24 * 60 * 60 * 1000, // 24 hours\n },\n );\n } catch {\n // noop\n }\n\n /**\n * Notify developers.\n */\n clerkDevelopmentCache?.log({\n cacheKey: `${newOrReadKeys.publishableKey}_claimed`,\n msg: createConfirmationMessage(),\n });\n\n return clientProvider;\n }\n\n const KeylessCookieSync = await import('../client/keyless-cookie-sync.js').then(mod => mod.KeylessCookieSync);\n\n const headerStore = await headers();\n /**\n * Allow developer to return to local application after claiming\n */\n const host = headerStore.get('x-forwarded-host');\n const proto = headerStore.get('x-forwarded-proto');\n\n const claimUrl = new URL(newOrReadKeys.claimUrl);\n if (host && proto) {\n onlyTry(() => claimUrl.searchParams.set('return_url', new URL(`${proto}://${host}`).href));\n }\n\n /**\n * Notify developers.\n */\n clerkDevelopmentCache?.log({\n cacheKey: newOrReadKeys.publishableKey,\n msg: createKeylessModeMessage({ ...newOrReadKeys, claimUrl: claimUrl.href }),\n });\n\n return <KeylessCookieSync {...newOrReadKeys}>{clientProvider}</KeylessCookieSync>;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAwB;AAExB,mBAAkB;AAElB,+BAA6C;AAC7C,oCAA8D;AAE9D,2BAA8B;AAC9B,wCAA2C;AAC3C,sBAAwB;AACxB,2BAAoC;AACpC,6BAAoC;AAEpC,eAAsB,iBACpB,QACA;AACA,MAAI,CAAC,oBAAoB,wBAAwB,2BAA2B,IAAI,CAAC,OAAO,OAAO,EAAE;AACjG,MAAI,oCAAe;AACjB,kCAA8B,MAAM,OAAO,8BAA8B,EACtE,KAAK,SAAI;AArBhB;AAqBmB,wBAAI,mBAAmB,MAAvB,mBAA0B,mBAAkB;AAAA,KAAE,EAC1D,MAAM,MAAM,EAAE;AAEjB,6BAAyB,QAAQ,OAAO,cAAc,KAAK,OAAO,mBAAmB;AACrF,yBAAqB,CAAC,OAAO,kBAAkB;AAAA,EACjD;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;AASO,MAAM,kBAAkB,OAAO,UAAgC;AACpE,QAAM,EAAE,MAAM,wBAAwB,eAAe,sBAAsB,SAAS,IAAI;AAGxF,QAAM,gBAAgB,MAAM,OAAO,8BAA8B,EAC9D,KAAK,SAAO,IAAI,oBAAoB,CAAC,EACrC,MAAM,MAAM,IAAI;AAEnB,QAAM,EAAE,uBAAuB,2BAA2B,yBAAyB,IAAI,MAAM,OAC3F,mCACF;AAEA,MAAI,CAAC,eAAe;AAElB,WACE,6BAAAA,QAAA;AAAA,MAAC;AAAA;AAAA,QACE,OAAG,8DAA2B,IAAI;AAAA,QACnC,OAAO,MAAM,cAAc;AAAA,QAC3B,cAAc,MAAM,qBAAqB;AAAA,QACzC,gBAAc;AAAA;AAAA,MAEb;AAAA,IACH;AAAA,EAEJ;AAEA,QAAM,iBACJ,6BAAAA,QAAA;AAAA,IAAC;AAAA;AAAA,MACE,OAAG,8DAA2B;AAAA,QAC7B,GAAG;AAAA,QACH,gBAAgB,cAAc;AAAA,QAC9B,+CAA+C,cAAc;AAAA,QAC7D,wCAAwC,cAAc;AAAA;AAAA,QAEtD,kCAAkC,yBAAyB,6CAAsB;AAAA,MACnF,CAAC;AAAA,MACD,OAAO,MAAM,cAAc;AAAA,MAC3B,cAAc,MAAM,qBAAqB;AAAA;AAAA,IAExC;AAAA,EACH;AAGF,MAAI,wBAAwB;AAC1B,QAAI;AACF,YAAM,YAAY,MAAM,OAAO,8BAA8B,EAAE,KAAK,SAAI;AAtF9E;AAsFiF,yBAAI,mBAAmB,MAAvB,mBAA0B;AAAA,OAAS;AAC9G,UAAI,CAAC,WAAW;AAEd,cAAM,IAAI,MAAM,mCAAmC;AAAA,MACrD;AACA,YAAM,aAAS,uDAA6B;AAAA,QAC1C;AAAA,MACF,CAAC;AAGD,YAAM,iBAAiB,UAAM,sDAAuB,EACjD,KAAK,mDAAqB,EAC1B,MAAM,MAAM,IAAI,QAAQ,CAAC;AAM5B,aAAM,+DAAuB;AAAA,QAC3B,MACE,OAAO,uCAAuC,yCAAyC;AAAA,UACrF,gBAAgB;AAAA,QAClB,CAAC;AAAA,QACH;AAAA,UACE,UAAU,GAAG,cAAc,cAAc;AAAA,UACzC,gBAAgB,KAAK,KAAK,KAAK;AAAA;AAAA,QACjC;AAAA;AAAA,IAEJ,QAAQ;AAAA,IAER;AAKA,mEAAuB,IAAI;AAAA,MACzB,UAAU,GAAG,cAAc,cAAc;AAAA,MACzC,KAAK,0BAA0B;AAAA,IACjC;AAEA,WAAO;AAAA,EACT;AAEA,QAAM,oBAAoB,MAAM,OAAO,kCAAkC,EAAE,KAAK,SAAO,IAAI,iBAAiB;AAE5G,QAAM,cAAc,UAAM,wBAAQ;AAIlC,QAAM,OAAO,YAAY,IAAI,kBAAkB;AAC/C,QAAM,QAAQ,YAAY,IAAI,mBAAmB;AAEjD,QAAM,WAAW,IAAI,IAAI,cAAc,QAAQ;AAC/C,MAAI,QAAQ,OAAO;AACjB,iCAAQ,MAAM,SAAS,aAAa,IAAI,cAAc,IAAI,IAAI,GAAG,KAAK,MAAM,IAAI,EAAE,EAAE,IAAI,CAAC;AAAA,EAC3F;AAKA,iEAAuB,IAAI;AAAA,IACzB,UAAU,cAAc;AAAA,IACxB,KAAK,yBAAyB,EAAE,GAAG,eAAe,UAAU,SAAS,KAAK,CAAC;AAAA,EAC7E;AAEA,SAAO,6BAAAA,QAAA,cAAC,qBAAmB,GAAG,iBAAgB,cAAe;AAC/D;","names":["React"]}
|
|
@@ -46,15 +46,15 @@ var import_router_telemetry = require("../utils/router-telemetry");
|
|
|
46
46
|
(0, import_internal.setClerkJsLoadingErrorPackageName)("@clerk/nextjs");
|
|
47
47
|
function ClerkProvider({ children, ...props }) {
|
|
48
48
|
var _a;
|
|
49
|
-
const {
|
|
49
|
+
const { __internal_invokeMiddlewareOnAuthStateChange = true } = props;
|
|
50
50
|
const { push, replace } = (0, import_router.useRouter)();
|
|
51
51
|
import_react.ClerkProvider.displayName = "ReactClerkProvider";
|
|
52
52
|
(0, import_useSafeLayoutEffect.useSafeLayoutEffect)(() => {
|
|
53
|
-
window.
|
|
53
|
+
window.__internal_onBeforeSetActive = import_invalidateNextRouterCache.invalidateNextRouterCache;
|
|
54
54
|
}, []);
|
|
55
55
|
(0, import_useSafeLayoutEffect.useSafeLayoutEffect)(() => {
|
|
56
|
-
window.
|
|
57
|
-
if (
|
|
56
|
+
window.__internal_onAfterSetActive = () => {
|
|
57
|
+
if (__internal_invokeMiddlewareOnAuthStateChange) {
|
|
58
58
|
void push(window.location.href);
|
|
59
59
|
}
|
|
60
60
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/pages/ClerkProvider.tsx"],"sourcesContent":["import { ClerkProvider as ReactClerkProvider } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\n// Override Clerk React error thrower to show that errors come from @clerk/nextjs\nimport { setClerkJsLoadingErrorPackageName, setErrorThrowerOptions } from '@clerk/react/internal';\nimport { useRouter } from 'next/router';\nimport React from 'react';\n\nimport { useSafeLayoutEffect } from '../client-boundary/hooks/useSafeLayoutEffect';\nimport { ClerkNextOptionsProvider } from '../client-boundary/NextOptionsContext';\nimport type { NextClerkProviderProps } from '../types';\nimport { ClerkScripts } from '../utils/clerk-script';\nimport { invalidateNextRouterCache } from '../utils/invalidateNextRouterCache';\nimport { mergeNextClerkPropsWithEnv } from '../utils/mergeNextClerkPropsWithEnv';\nimport { removeBasePath } from '../utils/removeBasePath';\nimport { RouterTelemetry } from '../utils/router-telemetry';\n\nsetErrorThrowerOptions({ packageName: PACKAGE_NAME });\nsetClerkJsLoadingErrorPackageName(PACKAGE_NAME);\n\nexport function ClerkProvider<TUi extends Ui = Ui>({ children, ...props }: NextClerkProviderProps<TUi>): JSX.Element {\n const {
|
|
1
|
+
{"version":3,"sources":["../../../src/pages/ClerkProvider.tsx"],"sourcesContent":["import { ClerkProvider as ReactClerkProvider } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\n// Override Clerk React error thrower to show that errors come from @clerk/nextjs\nimport { setClerkJsLoadingErrorPackageName, setErrorThrowerOptions } from '@clerk/react/internal';\nimport { useRouter } from 'next/router';\nimport React from 'react';\n\nimport { useSafeLayoutEffect } from '../client-boundary/hooks/useSafeLayoutEffect';\nimport { ClerkNextOptionsProvider } from '../client-boundary/NextOptionsContext';\nimport type { NextClerkProviderProps } from '../types';\nimport { ClerkScripts } from '../utils/clerk-script';\nimport { invalidateNextRouterCache } from '../utils/invalidateNextRouterCache';\nimport { mergeNextClerkPropsWithEnv } from '../utils/mergeNextClerkPropsWithEnv';\nimport { removeBasePath } from '../utils/removeBasePath';\nimport { RouterTelemetry } from '../utils/router-telemetry';\n\nsetErrorThrowerOptions({ packageName: PACKAGE_NAME });\nsetClerkJsLoadingErrorPackageName(PACKAGE_NAME);\n\nexport function ClerkProvider<TUi extends Ui = Ui>({ children, ...props }: NextClerkProviderProps<TUi>): JSX.Element {\n const { __internal_invokeMiddlewareOnAuthStateChange = true } = props;\n const { push, replace } = useRouter();\n ReactClerkProvider.displayName = 'ReactClerkProvider';\n\n useSafeLayoutEffect(() => {\n window.__internal_onBeforeSetActive = invalidateNextRouterCache;\n }, []);\n\n useSafeLayoutEffect(() => {\n window.__internal_onAfterSetActive = () => {\n // Re-run the middleware every time there auth state changes.\n // This enables complete control from a centralized place (NextJS middleware),\n // as we will invoke it every time the client-side auth state changes, eg: signing-out, switching orgs, etc.\\\n if (__internal_invokeMiddlewareOnAuthStateChange) {\n void push(window.location.href);\n }\n };\n }, []);\n\n const navigate = (to: string) => push(removeBasePath(to));\n const replaceNavigate = (to: string) => replace(removeBasePath(to));\n const mergedProps = mergeNextClerkPropsWithEnv({\n ...props,\n routerPush: navigate,\n routerReplace: replaceNavigate,\n });\n // ClerkProvider automatically injects __clerk_ssr_state\n // getAuth returns a user-facing authServerSideProps that hides __clerk_ssr_state\n // @ts-expect-error initialState is hidden from the types as it's a private prop\n const initialState = props.authServerSideProps?.__clerk_ssr_state || props.__clerk_ssr_state;\n\n return (\n <ClerkNextOptionsProvider options={mergedProps}>\n <ReactClerkProvider\n {...mergedProps}\n initialState={initialState}\n >\n <RouterTelemetry />\n <ClerkScripts router='pages' />\n {children}\n </ReactClerkProvider>\n </ClerkNextOptionsProvider>\n );\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAoD;AAGpD,sBAA0E;AAC1E,oBAA0B;AAC1B,IAAAA,gBAAkB;AAElB,iCAAoC;AACpC,gCAAyC;AAEzC,0BAA6B;AAC7B,uCAA0C;AAC1C,wCAA2C;AAC3C,4BAA+B;AAC/B,8BAAgC;AAAA,IAEhC,wCAAuB,EAAE,aAAa,gBAAa,CAAC;AAAA,IACpD,mDAAkC,eAAY;AAEvC,SAAS,cAAmC,EAAE,UAAU,GAAG,MAAM,GAA6C;AAnBrH;AAoBE,QAAM,EAAE,+CAA+C,KAAK,IAAI;AAChE,QAAM,EAAE,MAAM,QAAQ,QAAI,yBAAU;AACpC,eAAAC,cAAmB,cAAc;AAEjC,sDAAoB,MAAM;AACxB,WAAO,+BAA+B;AAAA,EACxC,GAAG,CAAC,CAAC;AAEL,sDAAoB,MAAM;AACxB,WAAO,8BAA8B,MAAM;AAIzC,UAAI,8CAA8C;AAChD,aAAK,KAAK,OAAO,SAAS,IAAI;AAAA,MAChC;AAAA,IACF;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,WAAW,CAAC,OAAe,SAAK,sCAAe,EAAE,CAAC;AACxD,QAAM,kBAAkB,CAAC,OAAe,YAAQ,sCAAe,EAAE,CAAC;AAClE,QAAM,kBAAc,8DAA2B;AAAA,IAC7C,GAAG;AAAA,IACH,YAAY;AAAA,IACZ,eAAe;AAAA,EACjB,CAAC;AAID,QAAM,iBAAe,WAAM,wBAAN,mBAA2B,sBAAqB,MAAM;AAE3E,SACE,8BAAAC,QAAA,cAAC,sDAAyB,SAAS,eACjC,8BAAAA,QAAA;AAAA,IAAC,aAAAD;AAAA,IAAA;AAAA,MACE,GAAG;AAAA,MACJ;AAAA;AAAA,IAEA,8BAAAC,QAAA,cAAC,6CAAgB;AAAA,IACjB,8BAAAA,QAAA,cAAC,oCAAa,QAAO,SAAQ;AAAA,IAC5B;AAAA,EACH,CACF;AAEJ;","names":["import_react","ReactClerkProvider","React"]}
|
|
@@ -56,7 +56,7 @@ const SIGN_IN_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || "";
|
|
|
56
56
|
const SIGN_UP_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || "";
|
|
57
57
|
const SDK_METADATA = {
|
|
58
58
|
name: "@clerk/nextjs",
|
|
59
|
-
version: "7.0.0-snapshot.
|
|
59
|
+
version: "7.0.0-snapshot.v20251204175016",
|
|
60
60
|
environment: process.env.NODE_ENV
|
|
61
61
|
};
|
|
62
62
|
const TELEMETRY_DISABLED = (0, import_underscore.isTruthy)(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DISABLED);
|
|
@@ -28,7 +28,7 @@ const clerkClientDefaultOptions = {
|
|
|
28
28
|
publishableKey: import_constants.PUBLISHABLE_KEY,
|
|
29
29
|
apiUrl: import_constants.API_URL,
|
|
30
30
|
apiVersion: import_constants.API_VERSION,
|
|
31
|
-
userAgent: `${"@clerk/nextjs"}@${"7.0.0-snapshot.
|
|
31
|
+
userAgent: `${"@clerk/nextjs"}@${"7.0.0-snapshot.v20251204175016"}`,
|
|
32
32
|
proxyUrl: import_constants.PROXY_URL,
|
|
33
33
|
domain: import_constants.DOMAIN,
|
|
34
34
|
isSatellite: import_constants.IS_SATELLITE,
|
|
@@ -22,6 +22,7 @@ __export(errors_exports, {
|
|
|
22
22
|
authSignatureInvalid: () => authSignatureInvalid,
|
|
23
23
|
encryptionKeyInvalid: () => encryptionKeyInvalid,
|
|
24
24
|
encryptionKeyInvalidDev: () => encryptionKeyInvalidDev,
|
|
25
|
+
encryptionKeyMissing: () => encryptionKeyMissing,
|
|
25
26
|
getAuthAuthHeaderMissing: () => getAuthAuthHeaderMissing,
|
|
26
27
|
missingDomainAndProxy: () => missingDomainAndProxy,
|
|
27
28
|
missingSignInUrlInDev: () => missingSignInUrlInDev
|
|
@@ -60,12 +61,14 @@ const encryptionKeyInvalidDev = `Clerk: Unable to decrypt request data.
|
|
|
60
61
|
Refresh the page if your .env file was just updated. If the issue persists, ensure the encryption key is valid and properly set.
|
|
61
62
|
|
|
62
63
|
For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;
|
|
64
|
+
const encryptionKeyMissing = "Clerk: Missing `CLERK_ENCRYPTION_KEY`. Required for propagating `secretKey` middleware option. See docs: https://clerk.com/docs/references/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_missing)";
|
|
63
65
|
// Annotate the CommonJS export names for ESM import in node:
|
|
64
66
|
0 && (module.exports = {
|
|
65
67
|
authAuthHeaderMissing,
|
|
66
68
|
authSignatureInvalid,
|
|
67
69
|
encryptionKeyInvalid,
|
|
68
70
|
encryptionKeyInvalidDev,
|
|
71
|
+
encryptionKeyMissing,
|
|
69
72
|
getAuthAuthHeaderMissing,
|
|
70
73
|
missingDomainAndProxy,
|
|
71
74
|
missingSignInUrlInDev
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/errors.ts"],"sourcesContent":["export const missingDomainAndProxy = `\nMissing domain and proxyUrl. A satellite application needs to specify a domain or a proxyUrl.\n\n1) With middleware\n e.g. export default clerkMiddleware({domain:'YOUR_DOMAIN',isSatellite:true});\n2) With environment variables e.g.\n NEXT_PUBLIC_CLERK_DOMAIN='YOUR_DOMAIN'\n NEXT_PUBLIC_CLERK_IS_SATELLITE='true'\n `;\n\nexport const missingSignInUrlInDev = `\nInvalid signInUrl. A satellite application requires a signInUrl for development instances.\nCheck if signInUrl is missing from your configuration or if it is not an absolute URL\n\n1) With middleware\n e.g. export default clerkMiddleware({signInUrl:'SOME_URL', isSatellite:true});\n2) With environment variables e.g.\n NEXT_PUBLIC_CLERK_SIGN_IN_URL='SOME_URL'\n NEXT_PUBLIC_CLERK_IS_SATELLITE='true'`;\n\nexport const getAuthAuthHeaderMissing = () => authAuthHeaderMissing('getAuth');\n\nexport const authAuthHeaderMissing = (helperName = 'auth', prefixSteps?: string[]) =>\n `Clerk: ${helperName}() was called but Clerk can't detect usage of clerkMiddleware(). Please ensure the following:\n- ${prefixSteps ? [...prefixSteps, ''].join('\\n- ') : ' '}clerkMiddleware() is used in your Next.js Middleware.\n- Your Middleware matcher is configured to match this route or page.\n- If you are using the src directory, make sure the Middleware file is inside of it.\n\nFor more details, see https://clerk.com/err/auth-middleware\n`;\n\nexport const authSignatureInvalid = `Clerk: Unable to verify request, this usually means the Clerk middleware did not run. Ensure Clerk's middleware is properly integrated and matches the current route. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware. (code=auth_signature_invalid)`;\n\nexport const encryptionKeyInvalid = `Clerk: Unable to decrypt request data, this usually means the encryption key is invalid. Ensure the encryption key is properly set. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;\n\nexport const encryptionKeyInvalidDev = `Clerk: Unable to decrypt request data.\\n\\nRefresh the page if your .env file was just updated. If the issue persists, ensure the encryption key is valid and properly set.\\n\\nFor more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,2BAA2B,MAAM,sBAAsB,SAAS;AAEtE,MAAM,wBAAwB,CAAC,aAAa,QAAQ,gBACzD,UAAU,UAAU;AAAA,IAClB,cAAc,CAAC,GAAG,aAAa,EAAE,EAAE,KAAK,MAAM,IAAI,GAAG;AAAA;AAAA;AAAA;AAAA;AAAA;AAOlD,MAAM,uBAAuB;AAE7B,MAAM,uBAAuB;AAE7B,MAAM,0BAA0B;AAAA;AAAA;AAAA;AAAA;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/errors.ts"],"sourcesContent":["export const missingDomainAndProxy = `\nMissing domain and proxyUrl. A satellite application needs to specify a domain or a proxyUrl.\n\n1) With middleware\n e.g. export default clerkMiddleware({domain:'YOUR_DOMAIN',isSatellite:true});\n2) With environment variables e.g.\n NEXT_PUBLIC_CLERK_DOMAIN='YOUR_DOMAIN'\n NEXT_PUBLIC_CLERK_IS_SATELLITE='true'\n `;\n\nexport const missingSignInUrlInDev = `\nInvalid signInUrl. A satellite application requires a signInUrl for development instances.\nCheck if signInUrl is missing from your configuration or if it is not an absolute URL\n\n1) With middleware\n e.g. export default clerkMiddleware({signInUrl:'SOME_URL', isSatellite:true});\n2) With environment variables e.g.\n NEXT_PUBLIC_CLERK_SIGN_IN_URL='SOME_URL'\n NEXT_PUBLIC_CLERK_IS_SATELLITE='true'`;\n\nexport const getAuthAuthHeaderMissing = () => authAuthHeaderMissing('getAuth');\n\nexport const authAuthHeaderMissing = (helperName = 'auth', prefixSteps?: string[]) =>\n `Clerk: ${helperName}() was called but Clerk can't detect usage of clerkMiddleware(). Please ensure the following:\n- ${prefixSteps ? [...prefixSteps, ''].join('\\n- ') : ' '}clerkMiddleware() is used in your Next.js Middleware.\n- Your Middleware matcher is configured to match this route or page.\n- If you are using the src directory, make sure the Middleware file is inside of it.\n\nFor more details, see https://clerk.com/err/auth-middleware\n`;\n\nexport const authSignatureInvalid = `Clerk: Unable to verify request, this usually means the Clerk middleware did not run. Ensure Clerk's middleware is properly integrated and matches the current route. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware. (code=auth_signature_invalid)`;\n\nexport const encryptionKeyInvalid = `Clerk: Unable to decrypt request data, this usually means the encryption key is invalid. Ensure the encryption key is properly set. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;\n\nexport const encryptionKeyInvalidDev = `Clerk: Unable to decrypt request data.\\n\\nRefresh the page if your .env file was just updated. If the issue persists, ensure the encryption key is valid and properly set.\\n\\nFor more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;\nexport const encryptionKeyMissing =\n 'Clerk: Missing `CLERK_ENCRYPTION_KEY`. Required for propagating `secretKey` middleware option. See docs: https://clerk.com/docs/references/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_missing)';\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,2BAA2B,MAAM,sBAAsB,SAAS;AAEtE,MAAM,wBAAwB,CAAC,aAAa,QAAQ,gBACzD,UAAU,UAAU;AAAA,IAClB,cAAc,CAAC,GAAG,aAAa,EAAE,EAAE,KAAK,MAAM,IAAI,GAAG;AAAA;AAAA;AAAA;AAAA;AAAA;AAOlD,MAAM,uBAAuB;AAE7B,MAAM,uBAAuB;AAE7B,MAAM,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAChC,MAAM,uBACX;","names":[]}
|
package/dist/cjs/server/utils.js
CHANGED
|
@@ -31,7 +31,6 @@ __export(utils_exports, {
|
|
|
31
31
|
module.exports = __toCommonJS(utils_exports);
|
|
32
32
|
var import_internal = require("@clerk/backend/internal");
|
|
33
33
|
var import_keys = require("@clerk/shared/keys");
|
|
34
|
-
var import_logger = require("@clerk/shared/logger");
|
|
35
34
|
var import_proxy = require("@clerk/shared/proxy");
|
|
36
35
|
var import_utils = require("@clerk/shared/utils");
|
|
37
36
|
var import_server = require("next/server");
|
|
@@ -154,10 +153,7 @@ function encryptClerkRequestData(requestData, keylessModeKeys, machineAuthObject
|
|
|
154
153
|
return;
|
|
155
154
|
}
|
|
156
155
|
if (requestData.secretKey && !import_constants2.ENCRYPTION_KEY) {
|
|
157
|
-
|
|
158
|
-
"Clerk: Missing `CLERK_ENCRYPTION_KEY`. Required for propagating `secretKey` middleware option. See docs: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys"
|
|
159
|
-
);
|
|
160
|
-
return;
|
|
156
|
+
throw new Error(import_errors.encryptionKeyMissing);
|
|
161
157
|
}
|
|
162
158
|
const maybeKeylessEncryptionKey = (0, import_utils.isProductionEnvironment)() ? import_constants2.ENCRYPTION_KEY || assertKey(import_constants2.SECRET_KEY, () => import_errorThrower.errorThrower.throwMissingSecretKeyError()) : import_constants2.ENCRYPTION_KEY || import_constants2.SECRET_KEY || KEYLESS_ENCRYPTION_KEY;
|
|
163
159
|
return import_crypto_es.AES.encrypt(
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import type { AuthObject } from '@clerk/backend';\nimport type { AuthenticateRequestOptions, ClerkRequest, RequestState } from '@clerk/backend/internal';\nimport { constants } from '@clerk/backend/internal';\nimport { isDevelopmentFromSecretKey } from '@clerk/shared/keys';\nimport { logger } from '@clerk/shared/logger';\nimport { isHttpOrHttps } from '@clerk/shared/proxy';\nimport { handleValueOrFn, isProductionEnvironment } from '@clerk/shared/utils';\nimport { NextResponse } from 'next/server';\n\nimport { constants as nextConstants } from '../constants';\nimport { canUseKeyless } from '../utils/feature-flags';\nimport { AES, HmacSHA1, Utf8 } from '../vendor/crypto-es';\nimport { DOMAIN, ENCRYPTION_KEY, IS_SATELLITE, PROXY_URL, SECRET_KEY, SIGN_IN_URL } from './constants';\nimport {\n authSignatureInvalid,\n encryptionKeyInvalid,\n encryptionKeyInvalidDev,\n missingDomainAndProxy,\n missingSignInUrlInDev,\n} from './errors';\nimport { errorThrower } from './errorThrower';\nimport { detectClerkMiddleware } from './headers-utils';\nimport type { RequestLike } from './types';\n\nconst OVERRIDE_HEADERS = 'x-middleware-override-headers';\nconst MIDDLEWARE_HEADER_PREFIX = 'x-middleware-request' as string;\n\nexport const setRequestHeadersOnNextResponse = (\n res: NextResponse | Response,\n req: Request,\n newHeaders: Record<string, string>,\n) => {\n if (!res.headers.get(OVERRIDE_HEADERS)) {\n // Emulate a user setting overrides by explicitly adding the required nextjs headers\n // https://github.com/vercel/next.js/pull/41380\n // @ts-expect-error -- property keys does not exist on type Headers\n res.headers.set(OVERRIDE_HEADERS, [...req.headers.keys()]);\n req.headers.forEach((val, key) => {\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n });\n }\n\n // Now that we have normalised res to include overrides, just append the new header\n Object.entries(newHeaders).forEach(([key, val]) => {\n res.headers.set(OVERRIDE_HEADERS, `${res.headers.get(OVERRIDE_HEADERS)},${key}`);\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n });\n};\n\n// Auth result will be set as both a query param & header when applicable\nexport function decorateRequest(\n req: ClerkRequest,\n res: Response,\n requestState: RequestState,\n requestData: AuthenticateRequestOptions,\n keylessMode: Pick<AuthenticateRequestOptions, 'publishableKey' | 'secretKey'>,\n machineAuthObject: AuthObject | null,\n): Response {\n const { reason, message, status, token } = requestState;\n // pass-through case, convert to next()\n if (!res) {\n res = NextResponse.next();\n }\n\n // redirect() case, return early\n if (res.headers.get(nextConstants.Headers.NextRedirect)) {\n return res;\n }\n\n let rewriteURL;\n\n // next() case, convert to a rewrite\n if (res.headers.get(nextConstants.Headers.NextResume) === '1') {\n res.headers.delete(nextConstants.Headers.NextResume);\n rewriteURL = new URL(req.url);\n }\n\n // rewrite() case, set auth result only if origin remains the same\n const rewriteURLHeader = res.headers.get(nextConstants.Headers.NextRewrite);\n\n if (rewriteURLHeader) {\n const reqURL = new URL(req.url);\n rewriteURL = new URL(rewriteURLHeader);\n\n // if the origin has changed, return early\n if (rewriteURL.origin !== reqURL.origin) {\n return res;\n }\n }\n\n if (rewriteURL) {\n const clerkRequestData = encryptClerkRequestData(requestData, keylessMode, machineAuthObject);\n\n setRequestHeadersOnNextResponse(res, req, {\n [constants.Headers.AuthStatus]: status,\n [constants.Headers.AuthToken]: token || '',\n [constants.Headers.AuthSignature]: token\n ? createTokenSignature(token, requestData?.secretKey || SECRET_KEY || keylessMode.secretKey || '')\n : '',\n [constants.Headers.AuthMessage]: message || '',\n [constants.Headers.AuthReason]: reason || '',\n [constants.Headers.ClerkUrl]: req.clerkUrl.toString(),\n ...(clerkRequestData ? { [constants.Headers.ClerkRequestData]: clerkRequestData } : {}),\n });\n res.headers.set(nextConstants.Headers.NextRewrite, rewriteURL.href);\n }\n\n return res;\n}\n\nexport const handleMultiDomainAndProxy = (clerkRequest: ClerkRequest, opts: AuthenticateRequestOptions) => {\n const relativeOrAbsoluteProxyUrl = handleValueOrFn(opts?.proxyUrl, clerkRequest.clerkUrl, PROXY_URL);\n\n let proxyUrl;\n if (!!relativeOrAbsoluteProxyUrl && !isHttpOrHttps(relativeOrAbsoluteProxyUrl)) {\n proxyUrl = new URL(relativeOrAbsoluteProxyUrl, clerkRequest.clerkUrl).toString();\n } else {\n proxyUrl = relativeOrAbsoluteProxyUrl;\n }\n\n const isSatellite = handleValueOrFn(opts.isSatellite, new URL(clerkRequest.url), IS_SATELLITE);\n const domain = handleValueOrFn(opts.domain, new URL(clerkRequest.url), DOMAIN);\n const signInUrl = opts?.signInUrl || SIGN_IN_URL;\n\n if (isSatellite && !proxyUrl && !domain) {\n throw new Error(missingDomainAndProxy);\n }\n\n if (isSatellite && !isHttpOrHttps(signInUrl) && isDevelopmentFromSecretKey(opts.secretKey || SECRET_KEY)) {\n throw new Error(missingSignInUrlInDev);\n }\n\n return {\n proxyUrl,\n isSatellite,\n domain,\n signInUrl,\n };\n};\n\nexport const redirectAdapter = (url: string | URL) => {\n return NextResponse.redirect(url, { headers: { [constants.Headers.ClerkRedirectTo]: 'true' } });\n};\n\nexport function assertAuthStatus(req: RequestLike, error: string) {\n if (!detectClerkMiddleware(req)) {\n throw new Error(error);\n }\n}\n\nexport function assertKey(key: string | undefined, onError: () => never): string {\n if (!key) {\n onError();\n }\n\n return key;\n}\n\n/**\n * Compute a cryptographic signature from a session token and provided secret key. Used to validate that the token has not been modified when transferring between middleware and the Next.js origin.\n */\nfunction createTokenSignature(token: string, key: string): string {\n return HmacSHA1(token, key).toString();\n}\n\n/**\n * Assert that the provided token generates a matching signature.\n */\nexport function assertTokenSignature(token: string, key: string, signature?: string | null) {\n if (!signature) {\n throw new Error(authSignatureInvalid);\n }\n\n const expectedSignature = createTokenSignature(token, key);\n if (expectedSignature !== signature) {\n throw new Error(authSignatureInvalid);\n }\n}\n\nconst KEYLESS_ENCRYPTION_KEY = 'clerk_keyless_dummy_key';\n\n/**\n * Encrypt request data propagated between server requests.\n * @internal\n **/\nexport function encryptClerkRequestData(\n requestData: Partial<AuthenticateRequestOptions>,\n keylessModeKeys: Pick<AuthenticateRequestOptions, 'publishableKey' | 'secretKey'>,\n machineAuthObject: AuthObject | null,\n) {\n const isEmpty = (obj: Record<string, any> | undefined) => {\n if (!obj) {\n return true;\n }\n return !Object.values(obj).some(v => v !== undefined);\n };\n\n if (isEmpty(requestData) && isEmpty(keylessModeKeys) && !machineAuthObject) {\n return;\n }\n\n if (requestData.secretKey && !ENCRYPTION_KEY) {\n // TODO SDK-1833: change this to an error in the next major version of `@clerk/nextjs`\n logger.warnOnce(\n 'Clerk: Missing `CLERK_ENCRYPTION_KEY`. Required for propagating `secretKey` middleware option. See docs: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys',\n );\n\n return;\n }\n\n const maybeKeylessEncryptionKey = isProductionEnvironment()\n ? ENCRYPTION_KEY || assertKey(SECRET_KEY, () => errorThrower.throwMissingSecretKeyError())\n : ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY;\n\n return AES.encrypt(\n JSON.stringify({ ...keylessModeKeys, ...requestData, machineAuthObject: machineAuthObject ?? undefined }),\n maybeKeylessEncryptionKey,\n ).toString();\n}\n\n/**\n * Decrypt request data propagated between server requests.\n * @internal\n */\nexport function decryptClerkRequestData(\n encryptedRequestData?: string | undefined | null,\n): Partial<AuthenticateRequestOptions> & { machineAuthObject?: AuthObject } {\n if (!encryptedRequestData) {\n return {};\n }\n\n const maybeKeylessEncryptionKey = isProductionEnvironment()\n ? ENCRYPTION_KEY || SECRET_KEY\n : ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY;\n\n try {\n return decryptData(encryptedRequestData, maybeKeylessEncryptionKey);\n } catch {\n /**\n * There is a great chance when running in Keyless mode that the above fails,\n * because the keys hot-swapped and the Next.js dev server has not yet fully rebuilt middleware and routes.\n *\n * Attempt one more time with the default dummy value.\n */\n if (canUseKeyless) {\n try {\n return decryptData(encryptedRequestData, KEYLESS_ENCRYPTION_KEY);\n } catch {\n throwInvalidEncryptionKey();\n }\n }\n throwInvalidEncryptionKey();\n }\n}\n\nfunction throwInvalidEncryptionKey(): never {\n if (isProductionEnvironment()) {\n throw new Error(encryptionKeyInvalid);\n }\n throw new Error(encryptionKeyInvalidDev);\n}\n\nfunction decryptData(data: string, key: string) {\n const decryptedBytes = AES.decrypt(data, key);\n const encoded = decryptedBytes.toString(Utf8);\n return JSON.parse(encoded);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,sBAA0B;AAC1B,kBAA2C;AAC3C,oBAAuB;AACvB,mBAA8B;AAC9B,mBAAyD;AACzD,oBAA6B;AAE7B,uBAA2C;AAC3C,2BAA8B;AAC9B,uBAAoC;AACpC,IAAAA,oBAAyF;AACzF,oBAMO;AACP,0BAA6B;AAC7B,2BAAsC;AAGtC,MAAM,mBAAmB;AACzB,MAAM,2BAA2B;AAE1B,MAAM,kCAAkC,CAC7C,KACA,KACA,eACG;AACH,MAAI,CAAC,IAAI,QAAQ,IAAI,gBAAgB,GAAG;AAItC,QAAI,QAAQ,IAAI,kBAAkB,CAAC,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAC;AACzD,QAAI,QAAQ,QAAQ,CAAC,KAAK,QAAQ;AAChC,UAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,IAC3D,CAAC;AAAA,EACH;AAGA,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,GAAG,MAAM;AACjD,QAAI,QAAQ,IAAI,kBAAkB,GAAG,IAAI,QAAQ,IAAI,gBAAgB,CAAC,IAAI,GAAG,EAAE;AAC/E,QAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,EAC3D,CAAC;AACH;AAGO,SAAS,gBACd,KACA,KACA,cACA,aACA,aACA,mBACU;AACV,QAAM,EAAE,QAAQ,SAAS,QAAQ,MAAM,IAAI;AAE3C,MAAI,CAAC,KAAK;AACR,UAAM,2BAAa,KAAK;AAAA,EAC1B;AAGA,MAAI,IAAI,QAAQ,IAAI,iBAAAC,UAAc,QAAQ,YAAY,GAAG;AACvD,WAAO;AAAA,EACT;AAEA,MAAI;AAGJ,MAAI,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,UAAU,MAAM,KAAK;AAC7D,QAAI,QAAQ,OAAO,iBAAAA,UAAc,QAAQ,UAAU;AACnD,iBAAa,IAAI,IAAI,IAAI,GAAG;AAAA,EAC9B;AAGA,QAAM,mBAAmB,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,WAAW;AAE1E,MAAI,kBAAkB;AACpB,UAAM,SAAS,IAAI,IAAI,IAAI,GAAG;AAC9B,iBAAa,IAAI,IAAI,gBAAgB;AAGrC,QAAI,WAAW,WAAW,OAAO,QAAQ;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,YAAY;AACd,UAAM,mBAAmB,wBAAwB,aAAa,aAAa,iBAAiB;AAE5F,oCAAgC,KAAK,KAAK;AAAA,MACxC,CAAC,0BAAU,QAAQ,UAAU,GAAG;AAAA,MAChC,CAAC,0BAAU,QAAQ,SAAS,GAAG,SAAS;AAAA,MACxC,CAAC,0BAAU,QAAQ,aAAa,GAAG,QAC/B,qBAAqB,QAAO,2CAAa,cAAa,gCAAc,YAAY,aAAa,EAAE,IAC/F;AAAA,MACJ,CAAC,0BAAU,QAAQ,WAAW,GAAG,WAAW;AAAA,MAC5C,CAAC,0BAAU,QAAQ,UAAU,GAAG,UAAU;AAAA,MAC1C,CAAC,0BAAU,QAAQ,QAAQ,GAAG,IAAI,SAAS,SAAS;AAAA,MACpD,GAAI,mBAAmB,EAAE,CAAC,0BAAU,QAAQ,gBAAgB,GAAG,iBAAiB,IAAI,CAAC;AAAA,IACvF,CAAC;AACD,QAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,aAAa,WAAW,IAAI;AAAA,EACpE;AAEA,SAAO;AACT;AAEO,MAAM,4BAA4B,CAAC,cAA4B,SAAqC;AACzG,QAAM,iCAA6B,8BAAgB,6BAAM,UAAU,aAAa,UAAU,2BAAS;AAEnG,MAAI;AACJ,MAAI,CAAC,CAAC,8BAA8B,KAAC,4BAAc,0BAA0B,GAAG;AAC9E,eAAW,IAAI,IAAI,4BAA4B,aAAa,QAAQ,EAAE,SAAS;AAAA,EACjF,OAAO;AACL,eAAW;AAAA,EACb;AAEA,QAAM,kBAAc,8BAAgB,KAAK,aAAa,IAAI,IAAI,aAAa,GAAG,GAAG,8BAAY;AAC7F,QAAM,aAAS,8BAAgB,KAAK,QAAQ,IAAI,IAAI,aAAa,GAAG,GAAG,wBAAM;AAC7E,QAAM,aAAY,6BAAM,cAAa;AAErC,MAAI,eAAe,CAAC,YAAY,CAAC,QAAQ;AACvC,UAAM,IAAI,MAAM,mCAAqB;AAAA,EACvC;AAEA,MAAI,eAAe,KAAC,4BAAc,SAAS,SAAK,wCAA2B,KAAK,aAAa,4BAAU,GAAG;AACxG,UAAM,IAAI,MAAM,mCAAqB;AAAA,EACvC;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,2BAAa,SAAS,KAAK,EAAE,SAAS,EAAE,CAAC,0BAAU,QAAQ,eAAe,GAAG,OAAO,EAAE,CAAC;AAChG;AAEO,SAAS,iBAAiB,KAAkB,OAAe;AAChE,MAAI,KAAC,4CAAsB,GAAG,GAAG;AAC/B,UAAM,IAAI,MAAM,KAAK;AAAA,EACvB;AACF;AAEO,SAAS,UAAU,KAAyB,SAA8B;AAC/E,MAAI,CAAC,KAAK;AACR,YAAQ;AAAA,EACV;AAEA,SAAO;AACT;AAKA,SAAS,qBAAqB,OAAe,KAAqB;AAChE,aAAO,2BAAS,OAAO,GAAG,EAAE,SAAS;AACvC;AAKO,SAAS,qBAAqB,OAAe,KAAa,WAA2B;AAC1F,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,kCAAoB;AAAA,EACtC;AAEA,QAAM,oBAAoB,qBAAqB,OAAO,GAAG;AACzD,MAAI,sBAAsB,WAAW;AACnC,UAAM,IAAI,MAAM,kCAAoB;AAAA,EACtC;AACF;AAEA,MAAM,yBAAyB;AAMxB,SAAS,wBACd,aACA,iBACA,mBACA;AACA,QAAM,UAAU,CAAC,QAAyC;AACxD,QAAI,CAAC,KAAK;AACR,aAAO;AAAA,IACT;AACA,WAAO,CAAC,OAAO,OAAO,GAAG,EAAE,KAAK,OAAK,MAAM,MAAS;AAAA,EACtD;AAEA,MAAI,QAAQ,WAAW,KAAK,QAAQ,eAAe,KAAK,CAAC,mBAAmB;AAC1E;AAAA,EACF;AAEA,MAAI,YAAY,aAAa,CAAC,kCAAgB;AAE5C,yBAAO;AAAA,MACL;AAAA,IACF;AAEA;AAAA,EACF;AAEA,QAAM,gCAA4B,sCAAwB,IACtD,oCAAkB,UAAU,8BAAY,MAAM,iCAAa,2BAA2B,CAAC,IACvF,oCAAkB,gCAAc;AAEpC,SAAO,qBAAI;AAAA,IACT,KAAK,UAAU,EAAE,GAAG,iBAAiB,GAAG,aAAa,mBAAmB,gDAAqB,OAAU,CAAC;AAAA,IACxG;AAAA,EACF,EAAE,SAAS;AACb;AAMO,SAAS,wBACd,sBAC0E;AAC1E,MAAI,CAAC,sBAAsB;AACzB,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,gCAA4B,sCAAwB,IACtD,oCAAkB,+BAClB,oCAAkB,gCAAc;AAEpC,MAAI;AACF,WAAO,YAAY,sBAAsB,yBAAyB;AAAA,EACpE,QAAQ;AAON,QAAI,oCAAe;AACjB,UAAI;AACF,eAAO,YAAY,sBAAsB,sBAAsB;AAAA,MACjE,QAAQ;AACN,kCAA0B;AAAA,MAC5B;AAAA,IACF;AACA,8BAA0B;AAAA,EAC5B;AACF;AAEA,SAAS,4BAAmC;AAC1C,UAAI,sCAAwB,GAAG;AAC7B,UAAM,IAAI,MAAM,kCAAoB;AAAA,EACtC;AACA,QAAM,IAAI,MAAM,qCAAuB;AACzC;AAEA,SAAS,YAAY,MAAc,KAAa;AAC9C,QAAM,iBAAiB,qBAAI,QAAQ,MAAM,GAAG;AAC5C,QAAM,UAAU,eAAe,SAAS,qBAAI;AAC5C,SAAO,KAAK,MAAM,OAAO;AAC3B;","names":["import_constants","nextConstants"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import type { AuthObject } from '@clerk/backend';\nimport type { AuthenticateRequestOptions, ClerkRequest, RequestState } from '@clerk/backend/internal';\nimport { constants } from '@clerk/backend/internal';\nimport { isDevelopmentFromSecretKey } from '@clerk/shared/keys';\nimport { isHttpOrHttps } from '@clerk/shared/proxy';\nimport { handleValueOrFn, isProductionEnvironment } from '@clerk/shared/utils';\nimport { NextResponse } from 'next/server';\n\nimport { constants as nextConstants } from '../constants';\nimport { canUseKeyless } from '../utils/feature-flags';\nimport { AES, HmacSHA1, Utf8 } from '../vendor/crypto-es';\nimport { DOMAIN, ENCRYPTION_KEY, IS_SATELLITE, PROXY_URL, SECRET_KEY, SIGN_IN_URL } from './constants';\nimport {\n authSignatureInvalid,\n encryptionKeyInvalid,\n encryptionKeyInvalidDev,\n encryptionKeyMissing,\n missingDomainAndProxy,\n missingSignInUrlInDev,\n} from './errors';\nimport { errorThrower } from './errorThrower';\nimport { detectClerkMiddleware } from './headers-utils';\nimport type { RequestLike } from './types';\n\nconst OVERRIDE_HEADERS = 'x-middleware-override-headers';\nconst MIDDLEWARE_HEADER_PREFIX = 'x-middleware-request' as string;\n\nexport const setRequestHeadersOnNextResponse = (\n res: NextResponse | Response,\n req: Request,\n newHeaders: Record<string, string>,\n) => {\n if (!res.headers.get(OVERRIDE_HEADERS)) {\n // Emulate a user setting overrides by explicitly adding the required nextjs headers\n // https://github.com/vercel/next.js/pull/41380\n // @ts-expect-error -- property keys does not exist on type Headers\n res.headers.set(OVERRIDE_HEADERS, [...req.headers.keys()]);\n req.headers.forEach((val, key) => {\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n });\n }\n\n // Now that we have normalised res to include overrides, just append the new header\n Object.entries(newHeaders).forEach(([key, val]) => {\n res.headers.set(OVERRIDE_HEADERS, `${res.headers.get(OVERRIDE_HEADERS)},${key}`);\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n });\n};\n\n// Auth result will be set as both a query param & header when applicable\nexport function decorateRequest(\n req: ClerkRequest,\n res: Response,\n requestState: RequestState,\n requestData: AuthenticateRequestOptions,\n keylessMode: Pick<AuthenticateRequestOptions, 'publishableKey' | 'secretKey'>,\n machineAuthObject: AuthObject | null,\n): Response {\n const { reason, message, status, token } = requestState;\n // pass-through case, convert to next()\n if (!res) {\n res = NextResponse.next();\n }\n\n // redirect() case, return early\n if (res.headers.get(nextConstants.Headers.NextRedirect)) {\n return res;\n }\n\n let rewriteURL;\n\n // next() case, convert to a rewrite\n if (res.headers.get(nextConstants.Headers.NextResume) === '1') {\n res.headers.delete(nextConstants.Headers.NextResume);\n rewriteURL = new URL(req.url);\n }\n\n // rewrite() case, set auth result only if origin remains the same\n const rewriteURLHeader = res.headers.get(nextConstants.Headers.NextRewrite);\n\n if (rewriteURLHeader) {\n const reqURL = new URL(req.url);\n rewriteURL = new URL(rewriteURLHeader);\n\n // if the origin has changed, return early\n if (rewriteURL.origin !== reqURL.origin) {\n return res;\n }\n }\n\n if (rewriteURL) {\n const clerkRequestData = encryptClerkRequestData(requestData, keylessMode, machineAuthObject);\n\n setRequestHeadersOnNextResponse(res, req, {\n [constants.Headers.AuthStatus]: status,\n [constants.Headers.AuthToken]: token || '',\n [constants.Headers.AuthSignature]: token\n ? createTokenSignature(token, requestData?.secretKey || SECRET_KEY || keylessMode.secretKey || '')\n : '',\n [constants.Headers.AuthMessage]: message || '',\n [constants.Headers.AuthReason]: reason || '',\n [constants.Headers.ClerkUrl]: req.clerkUrl.toString(),\n ...(clerkRequestData ? { [constants.Headers.ClerkRequestData]: clerkRequestData } : {}),\n });\n res.headers.set(nextConstants.Headers.NextRewrite, rewriteURL.href);\n }\n\n return res;\n}\n\nexport const handleMultiDomainAndProxy = (clerkRequest: ClerkRequest, opts: AuthenticateRequestOptions) => {\n const relativeOrAbsoluteProxyUrl = handleValueOrFn(opts?.proxyUrl, clerkRequest.clerkUrl, PROXY_URL);\n\n let proxyUrl;\n if (!!relativeOrAbsoluteProxyUrl && !isHttpOrHttps(relativeOrAbsoluteProxyUrl)) {\n proxyUrl = new URL(relativeOrAbsoluteProxyUrl, clerkRequest.clerkUrl).toString();\n } else {\n proxyUrl = relativeOrAbsoluteProxyUrl;\n }\n\n const isSatellite = handleValueOrFn(opts.isSatellite, new URL(clerkRequest.url), IS_SATELLITE);\n const domain = handleValueOrFn(opts.domain, new URL(clerkRequest.url), DOMAIN);\n const signInUrl = opts?.signInUrl || SIGN_IN_URL;\n\n if (isSatellite && !proxyUrl && !domain) {\n throw new Error(missingDomainAndProxy);\n }\n\n if (isSatellite && !isHttpOrHttps(signInUrl) && isDevelopmentFromSecretKey(opts.secretKey || SECRET_KEY)) {\n throw new Error(missingSignInUrlInDev);\n }\n\n return {\n proxyUrl,\n isSatellite,\n domain,\n signInUrl,\n };\n};\n\nexport const redirectAdapter = (url: string | URL) => {\n return NextResponse.redirect(url, { headers: { [constants.Headers.ClerkRedirectTo]: 'true' } });\n};\n\nexport function assertAuthStatus(req: RequestLike, error: string) {\n if (!detectClerkMiddleware(req)) {\n throw new Error(error);\n }\n}\n\nexport function assertKey(key: string | undefined, onError: () => never): string {\n if (!key) {\n onError();\n }\n\n return key;\n}\n\n/**\n * Compute a cryptographic signature from a session token and provided secret key. Used to validate that the token has not been modified when transferring between middleware and the Next.js origin.\n */\nfunction createTokenSignature(token: string, key: string): string {\n return HmacSHA1(token, key).toString();\n}\n\n/**\n * Assert that the provided token generates a matching signature.\n */\nexport function assertTokenSignature(token: string, key: string, signature?: string | null) {\n if (!signature) {\n throw new Error(authSignatureInvalid);\n }\n\n const expectedSignature = createTokenSignature(token, key);\n if (expectedSignature !== signature) {\n throw new Error(authSignatureInvalid);\n }\n}\n\nconst KEYLESS_ENCRYPTION_KEY = 'clerk_keyless_dummy_key';\n\n/**\n * Encrypt request data propagated between server requests.\n * @internal\n **/\nexport function encryptClerkRequestData(\n requestData: Partial<AuthenticateRequestOptions>,\n keylessModeKeys: Pick<AuthenticateRequestOptions, 'publishableKey' | 'secretKey'>,\n machineAuthObject: AuthObject | null,\n) {\n const isEmpty = (obj: Record<string, any> | undefined) => {\n if (!obj) {\n return true;\n }\n return !Object.values(obj).some(v => v !== undefined);\n };\n\n if (isEmpty(requestData) && isEmpty(keylessModeKeys) && !machineAuthObject) {\n return;\n }\n\n if (requestData.secretKey && !ENCRYPTION_KEY) {\n throw new Error(encryptionKeyMissing);\n }\n\n const maybeKeylessEncryptionKey = isProductionEnvironment()\n ? ENCRYPTION_KEY || assertKey(SECRET_KEY, () => errorThrower.throwMissingSecretKeyError())\n : ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY;\n\n return AES.encrypt(\n JSON.stringify({ ...keylessModeKeys, ...requestData, machineAuthObject: machineAuthObject ?? undefined }),\n maybeKeylessEncryptionKey,\n ).toString();\n}\n\n/**\n * Decrypt request data propagated between server requests.\n * @internal\n */\nexport function decryptClerkRequestData(\n encryptedRequestData?: string | undefined | null,\n): Partial<AuthenticateRequestOptions> & { machineAuthObject?: AuthObject } {\n if (!encryptedRequestData) {\n return {};\n }\n\n const maybeKeylessEncryptionKey = isProductionEnvironment()\n ? ENCRYPTION_KEY || SECRET_KEY\n : ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY;\n\n try {\n return decryptData(encryptedRequestData, maybeKeylessEncryptionKey);\n } catch {\n /**\n * There is a great chance when running in Keyless mode that the above fails,\n * because the keys hot-swapped and the Next.js dev server has not yet fully rebuilt middleware and routes.\n *\n * Attempt one more time with the default dummy value.\n */\n if (canUseKeyless) {\n try {\n return decryptData(encryptedRequestData, KEYLESS_ENCRYPTION_KEY);\n } catch {\n throwInvalidEncryptionKey();\n }\n }\n throwInvalidEncryptionKey();\n }\n}\n\nfunction throwInvalidEncryptionKey(): never {\n if (isProductionEnvironment()) {\n throw new Error(encryptionKeyInvalid);\n }\n throw new Error(encryptionKeyInvalidDev);\n}\n\nfunction decryptData(data: string, key: string) {\n const decryptedBytes = AES.decrypt(data, key);\n const encoded = decryptedBytes.toString(Utf8);\n return JSON.parse(encoded);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,sBAA0B;AAC1B,kBAA2C;AAC3C,mBAA8B;AAC9B,mBAAyD;AACzD,oBAA6B;AAE7B,uBAA2C;AAC3C,2BAA8B;AAC9B,uBAAoC;AACpC,IAAAA,oBAAyF;AACzF,oBAOO;AACP,0BAA6B;AAC7B,2BAAsC;AAGtC,MAAM,mBAAmB;AACzB,MAAM,2BAA2B;AAE1B,MAAM,kCAAkC,CAC7C,KACA,KACA,eACG;AACH,MAAI,CAAC,IAAI,QAAQ,IAAI,gBAAgB,GAAG;AAItC,QAAI,QAAQ,IAAI,kBAAkB,CAAC,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAC;AACzD,QAAI,QAAQ,QAAQ,CAAC,KAAK,QAAQ;AAChC,UAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,IAC3D,CAAC;AAAA,EACH;AAGA,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,GAAG,MAAM;AACjD,QAAI,QAAQ,IAAI,kBAAkB,GAAG,IAAI,QAAQ,IAAI,gBAAgB,CAAC,IAAI,GAAG,EAAE;AAC/E,QAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,EAC3D,CAAC;AACH;AAGO,SAAS,gBACd,KACA,KACA,cACA,aACA,aACA,mBACU;AACV,QAAM,EAAE,QAAQ,SAAS,QAAQ,MAAM,IAAI;AAE3C,MAAI,CAAC,KAAK;AACR,UAAM,2BAAa,KAAK;AAAA,EAC1B;AAGA,MAAI,IAAI,QAAQ,IAAI,iBAAAC,UAAc,QAAQ,YAAY,GAAG;AACvD,WAAO;AAAA,EACT;AAEA,MAAI;AAGJ,MAAI,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,UAAU,MAAM,KAAK;AAC7D,QAAI,QAAQ,OAAO,iBAAAA,UAAc,QAAQ,UAAU;AACnD,iBAAa,IAAI,IAAI,IAAI,GAAG;AAAA,EAC9B;AAGA,QAAM,mBAAmB,IAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,WAAW;AAE1E,MAAI,kBAAkB;AACpB,UAAM,SAAS,IAAI,IAAI,IAAI,GAAG;AAC9B,iBAAa,IAAI,IAAI,gBAAgB;AAGrC,QAAI,WAAW,WAAW,OAAO,QAAQ;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,YAAY;AACd,UAAM,mBAAmB,wBAAwB,aAAa,aAAa,iBAAiB;AAE5F,oCAAgC,KAAK,KAAK;AAAA,MACxC,CAAC,0BAAU,QAAQ,UAAU,GAAG;AAAA,MAChC,CAAC,0BAAU,QAAQ,SAAS,GAAG,SAAS;AAAA,MACxC,CAAC,0BAAU,QAAQ,aAAa,GAAG,QAC/B,qBAAqB,QAAO,2CAAa,cAAa,gCAAc,YAAY,aAAa,EAAE,IAC/F;AAAA,MACJ,CAAC,0BAAU,QAAQ,WAAW,GAAG,WAAW;AAAA,MAC5C,CAAC,0BAAU,QAAQ,UAAU,GAAG,UAAU;AAAA,MAC1C,CAAC,0BAAU,QAAQ,QAAQ,GAAG,IAAI,SAAS,SAAS;AAAA,MACpD,GAAI,mBAAmB,EAAE,CAAC,0BAAU,QAAQ,gBAAgB,GAAG,iBAAiB,IAAI,CAAC;AAAA,IACvF,CAAC;AACD,QAAI,QAAQ,IAAI,iBAAAA,UAAc,QAAQ,aAAa,WAAW,IAAI;AAAA,EACpE;AAEA,SAAO;AACT;AAEO,MAAM,4BAA4B,CAAC,cAA4B,SAAqC;AACzG,QAAM,iCAA6B,8BAAgB,6BAAM,UAAU,aAAa,UAAU,2BAAS;AAEnG,MAAI;AACJ,MAAI,CAAC,CAAC,8BAA8B,KAAC,4BAAc,0BAA0B,GAAG;AAC9E,eAAW,IAAI,IAAI,4BAA4B,aAAa,QAAQ,EAAE,SAAS;AAAA,EACjF,OAAO;AACL,eAAW;AAAA,EACb;AAEA,QAAM,kBAAc,8BAAgB,KAAK,aAAa,IAAI,IAAI,aAAa,GAAG,GAAG,8BAAY;AAC7F,QAAM,aAAS,8BAAgB,KAAK,QAAQ,IAAI,IAAI,aAAa,GAAG,GAAG,wBAAM;AAC7E,QAAM,aAAY,6BAAM,cAAa;AAErC,MAAI,eAAe,CAAC,YAAY,CAAC,QAAQ;AACvC,UAAM,IAAI,MAAM,mCAAqB;AAAA,EACvC;AAEA,MAAI,eAAe,KAAC,4BAAc,SAAS,SAAK,wCAA2B,KAAK,aAAa,4BAAU,GAAG;AACxG,UAAM,IAAI,MAAM,mCAAqB;AAAA,EACvC;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,2BAAa,SAAS,KAAK,EAAE,SAAS,EAAE,CAAC,0BAAU,QAAQ,eAAe,GAAG,OAAO,EAAE,CAAC;AAChG;AAEO,SAAS,iBAAiB,KAAkB,OAAe;AAChE,MAAI,KAAC,4CAAsB,GAAG,GAAG;AAC/B,UAAM,IAAI,MAAM,KAAK;AAAA,EACvB;AACF;AAEO,SAAS,UAAU,KAAyB,SAA8B;AAC/E,MAAI,CAAC,KAAK;AACR,YAAQ;AAAA,EACV;AAEA,SAAO;AACT;AAKA,SAAS,qBAAqB,OAAe,KAAqB;AAChE,aAAO,2BAAS,OAAO,GAAG,EAAE,SAAS;AACvC;AAKO,SAAS,qBAAqB,OAAe,KAAa,WAA2B;AAC1F,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,kCAAoB;AAAA,EACtC;AAEA,QAAM,oBAAoB,qBAAqB,OAAO,GAAG;AACzD,MAAI,sBAAsB,WAAW;AACnC,UAAM,IAAI,MAAM,kCAAoB;AAAA,EACtC;AACF;AAEA,MAAM,yBAAyB;AAMxB,SAAS,wBACd,aACA,iBACA,mBACA;AACA,QAAM,UAAU,CAAC,QAAyC;AACxD,QAAI,CAAC,KAAK;AACR,aAAO;AAAA,IACT;AACA,WAAO,CAAC,OAAO,OAAO,GAAG,EAAE,KAAK,OAAK,MAAM,MAAS;AAAA,EACtD;AAEA,MAAI,QAAQ,WAAW,KAAK,QAAQ,eAAe,KAAK,CAAC,mBAAmB;AAC1E;AAAA,EACF;AAEA,MAAI,YAAY,aAAa,CAAC,kCAAgB;AAC5C,UAAM,IAAI,MAAM,kCAAoB;AAAA,EACtC;AAEA,QAAM,gCAA4B,sCAAwB,IACtD,oCAAkB,UAAU,8BAAY,MAAM,iCAAa,2BAA2B,CAAC,IACvF,oCAAkB,gCAAc;AAEpC,SAAO,qBAAI;AAAA,IACT,KAAK,UAAU,EAAE,GAAG,iBAAiB,GAAG,aAAa,mBAAmB,gDAAqB,OAAU,CAAC;AAAA,IACxG;AAAA,EACF,EAAE,SAAS;AACb;AAMO,SAAS,wBACd,sBAC0E;AAC1E,MAAI,CAAC,sBAAsB;AACzB,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,gCAA4B,sCAAwB,IACtD,oCAAkB,+BAClB,oCAAkB,gCAAc;AAEpC,MAAI;AACF,WAAO,YAAY,sBAAsB,yBAAyB;AAAA,EACpE,QAAQ;AAON,QAAI,oCAAe;AACjB,UAAI;AACF,eAAO,YAAY,sBAAsB,sBAAsB;AAAA,MACjE,QAAQ;AACN,kCAA0B;AAAA,MAC5B;AAAA,IACF;AACA,8BAA0B;AAAA,EAC5B;AACF;AAEA,SAAS,4BAAmC;AAC1C,UAAI,sCAAwB,GAAG;AAC7B,UAAM,IAAI,MAAM,kCAAoB;AAAA,EACtC;AACA,QAAM,IAAI,MAAM,qCAAuB;AACzC;AAEA,SAAS,YAAY,MAAc,KAAa;AAC9C,QAAM,iBAAiB,qBAAI,QAAQ,MAAM,GAAG;AAC5C,QAAM,UAAU,eAAe,SAAS,qBAAI;AAC5C,SAAO,KAAK,MAAM,OAAO;AAC3B;","names":["import_constants","nextConstants"]}
|
package/dist/cjs/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/types.ts"],"sourcesContent":["import type { ClerkProviderProps } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\nimport type { Without } from '@clerk/shared/types';\n\nexport type NextClerkProviderProps<TUi extends Ui = Ui> = Without<ClerkProviderProps<TUi>, 'publishableKey'> & {\n /**\n * Used to override the default NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY env variable if needed.\n * This is optional for NextJS as the ClerkProvider will automatically use the NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY env variable if it exists.\n */\n publishableKey?: string;\n /**\n * If set to true, the NextJS middleware will be invoked\n * every time the client-side auth state changes (sign-out, sign-in, organization switch etc.).\n * That way, any auth-dependent logic can be placed inside the middleware.\n * Example: Configuring the middleware to force a redirect to `/sign-in` when the user signs out\n *\n * @default true\n */\n
|
|
1
|
+
{"version":3,"sources":["../../src/types.ts"],"sourcesContent":["import type { ClerkProviderProps } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\nimport type { Without } from '@clerk/shared/types';\n\nexport type NextClerkProviderProps<TUi extends Ui = Ui> = Without<ClerkProviderProps<TUi>, 'publishableKey'> & {\n /**\n * Used to override the default NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY env variable if needed.\n * This is optional for NextJS as the ClerkProvider will automatically use the NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY env variable if it exists.\n */\n publishableKey?: string;\n /**\n * If set to true, the NextJS middleware will be invoked\n * every time the client-side auth state changes (sign-out, sign-in, organization switch etc.).\n * That way, any auth-dependent logic can be placed inside the middleware.\n * Example: Configuring the middleware to force a redirect to `/sign-in` when the user signs out\n *\n * @default true\n */\n __internal_invokeMiddlewareOnAuthStateChange?: boolean;\n /**\n * If set to true, ClerkProvider will opt into dynamic rendering and make auth data available to all wrapper components.\n *\n * @default false\n */\n dynamic?: boolean;\n};\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}
|
|
@@ -90,7 +90,7 @@ function debugLogHeader(name) {
|
|
|
90
90
|
return `[clerk debug start: ${name}]`;
|
|
91
91
|
}
|
|
92
92
|
function debugLogFooter(name) {
|
|
93
|
-
return `[clerk debug end: ${name}] (@clerk/nextjs=${"7.0.0-snapshot.
|
|
93
|
+
return `[clerk debug end: ${name}] (@clerk/nextjs=${"7.0.0-snapshot.v20251204175016"},next=${import_package.default.version},timestamp=${Math.round((/* @__PURE__ */ new Date()).getTime() / 1e3)})`;
|
|
94
94
|
}
|
|
95
95
|
function truncate(str, maxLength) {
|
|
96
96
|
const encoder = new TextEncoder();
|
|
@@ -18,7 +18,7 @@ const LazyCreateKeylessApplication = dynamic(
|
|
|
18
18
|
() => import("./keyless-creator-reader.js").then((m) => m.KeylessCreatorOrReader)
|
|
19
19
|
);
|
|
20
20
|
const NextClientClerkProvider = (props) => {
|
|
21
|
-
const {
|
|
21
|
+
const { __internal_invokeMiddlewareOnAuthStateChange = true, children } = props;
|
|
22
22
|
const router = useRouter();
|
|
23
23
|
const push = useAwaitablePush();
|
|
24
24
|
const replace = useAwaitableReplace();
|
|
@@ -32,7 +32,7 @@ const NextClientClerkProvider = (props) => {
|
|
|
32
32
|
return props.children;
|
|
33
33
|
}
|
|
34
34
|
useSafeLayoutEffect(() => {
|
|
35
|
-
window.
|
|
35
|
+
window.__internal_onBeforeSetActive = (intent) => {
|
|
36
36
|
return new Promise((resolve) => {
|
|
37
37
|
var _a;
|
|
38
38
|
const nextVersion = ((_a = window == null ? void 0 : window.next) == null ? void 0 : _a.version) || "";
|
|
@@ -43,8 +43,8 @@ const NextClientClerkProvider = (props) => {
|
|
|
43
43
|
}
|
|
44
44
|
});
|
|
45
45
|
};
|
|
46
|
-
window.
|
|
47
|
-
if (
|
|
46
|
+
window.__internal_onAfterSetActive = () => {
|
|
47
|
+
if (__internal_invokeMiddlewareOnAuthStateChange) {
|
|
48
48
|
return router.refresh();
|
|
49
49
|
}
|
|
50
50
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/client/ClerkProvider.tsx"],"sourcesContent":["'use client';\nimport { ClerkProvider as ReactClerkProvider } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\nimport dynamic from 'next/dynamic';\nimport { useRouter } from 'next/navigation';\nimport React from 'react';\n\nimport { useSafeLayoutEffect } from '../../client-boundary/hooks/useSafeLayoutEffect';\nimport { ClerkNextOptionsProvider, useClerkNextOptions } from '../../client-boundary/NextOptionsContext';\nimport type { NextClerkProviderProps } from '../../types';\nimport { ClerkScripts } from '../../utils/clerk-script';\nimport { canUseKeyless } from '../../utils/feature-flags';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { RouterTelemetry } from '../../utils/router-telemetry';\nimport { detectKeylessEnvDriftAction } from '../keyless-actions';\nimport { invalidateCacheAction } from '../server-actions';\nimport { useAwaitablePush } from './useAwaitablePush';\nimport { useAwaitableReplace } from './useAwaitableReplace';\n\n/**\n * LazyCreateKeylessApplication should only be loaded if the conditions below are met.\n * Note: Using lazy() with Suspense instead of dynamic is not possible as React will throw a hydration error when `ClerkProvider` wraps `<html><body>...`\n */\nconst LazyCreateKeylessApplication = dynamic(() =>\n import('./keyless-creator-reader.js').then(m => m.KeylessCreatorOrReader),\n);\n\nconst NextClientClerkProvider = <TUi extends Ui = Ui>(props: NextClerkProviderProps<TUi>) => {\n const {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/client/ClerkProvider.tsx"],"sourcesContent":["'use client';\nimport { ClerkProvider as ReactClerkProvider } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\nimport dynamic from 'next/dynamic';\nimport { useRouter } from 'next/navigation';\nimport React from 'react';\n\nimport { useSafeLayoutEffect } from '../../client-boundary/hooks/useSafeLayoutEffect';\nimport { ClerkNextOptionsProvider, useClerkNextOptions } from '../../client-boundary/NextOptionsContext';\nimport type { NextClerkProviderProps } from '../../types';\nimport { ClerkScripts } from '../../utils/clerk-script';\nimport { canUseKeyless } from '../../utils/feature-flags';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { RouterTelemetry } from '../../utils/router-telemetry';\nimport { detectKeylessEnvDriftAction } from '../keyless-actions';\nimport { invalidateCacheAction } from '../server-actions';\nimport { useAwaitablePush } from './useAwaitablePush';\nimport { useAwaitableReplace } from './useAwaitableReplace';\n\n/**\n * LazyCreateKeylessApplication should only be loaded if the conditions below are met.\n * Note: Using lazy() with Suspense instead of dynamic is not possible as React will throw a hydration error when `ClerkProvider` wraps `<html><body>...`\n */\nconst LazyCreateKeylessApplication = dynamic(() =>\n import('./keyless-creator-reader.js').then(m => m.KeylessCreatorOrReader),\n);\n\nconst NextClientClerkProvider = <TUi extends Ui = Ui>(props: NextClerkProviderProps<TUi>) => {\n const { __internal_invokeMiddlewareOnAuthStateChange = true, children } = props;\n const router = useRouter();\n const push = useAwaitablePush();\n const replace = useAwaitableReplace();\n\n // Call drift detection on mount (client-side)\n useSafeLayoutEffect(() => {\n if (canUseKeyless) {\n void detectKeylessEnvDriftAction();\n }\n }, []);\n\n // Avoid rendering nested ClerkProviders by checking for the existence of the ClerkNextOptions context provider\n const isNested = Boolean(useClerkNextOptions());\n if (isNested) {\n return props.children;\n }\n\n useSafeLayoutEffect(() => {\n window.__internal_onBeforeSetActive = intent => {\n /**\n * We need to invalidate the cache in case the user is navigating to a page that\n * was previously cached using the auth state that was active at the time.\n *\n * We also need to await for the invalidation to happen before we navigate,\n * otherwise the navigation will use the cached page.\n *\n * For example, if we did not invalidate the flow, the following scenario would be broken:\n * - The middleware is configured in such a way that it redirects you back to the same page if a certain condition is true (eg, you need to pick an org)\n * - The user has a <Link href=/> component in the page\n * - The UB is mounted with afterSignOutUrl=/\n * - The user clicks the Link. A nav to / happens, a 307 to the current page is returned so a navigation does not take place. The / navigation is now cached as a 307 to the current page\n * - The user clicks sign out\n * - We call router.refresh()\n * - We navigate to / but its cached and instead, we 'redirect' to the current page\n *\n * For more information on cache invalidation, see:\n * https://nextjs.org/docs/app/building-your-application/caching#invalidation-1\n */\n return new Promise(resolve => {\n const nextVersion = window?.next?.version || '';\n\n // On Next.js 15+ calling a server action that returns a 404 error when deployed on Vercel is prohibited, failing with 405 status code.\n // When a user transitions from \"signed in\" to \"signed out\", we clear the `__session` cookie, then we call `__internal_onBeforeSetActive`.\n // If we were to call `invalidateCacheAction` while the user is already signed out (deleted cookie), any page protected by `auth.protect()`\n // will result to the server action returning a 404 error (this happens because server actions inherit the protection rules of the page they are called from).\n // SOLUTION:\n // To mitigate this, since the router cache on version 15+ is much less aggressive, we can treat this as a noop and simply resolve the promise.\n // Once `setActive` performs the navigation, `__internal_onAfterSetActive` will kick in and perform a router.refresh ensuring shared layouts will also update with the correct authentication context.\n if ((nextVersion.startsWith('15') || nextVersion.startsWith('16')) && intent === 'sign-out') {\n resolve(); // noop\n } else {\n void invalidateCacheAction().then(() => resolve());\n }\n });\n };\n\n window.__internal_onAfterSetActive = () => {\n if (__internal_invokeMiddlewareOnAuthStateChange) {\n return router.refresh();\n }\n };\n }, []);\n\n const mergedProps = mergeNextClerkPropsWithEnv({\n ...props,\n // @ts-expect-error Error because of the stricter types of internal `push`\n routerPush: push,\n // @ts-expect-error Error because of the stricter types of internal `replace`\n routerReplace: replace,\n });\n\n return (\n <ClerkNextOptionsProvider options={mergedProps}>\n <ReactClerkProvider {...mergedProps}>\n <RouterTelemetry />\n <ClerkScripts router='app' />\n {children}\n </ReactClerkProvider>\n </ClerkNextOptionsProvider>\n );\n};\n\nexport const ClientClerkProvider = <TUi extends Ui = Ui>(\n props: NextClerkProviderProps<TUi> & { disableKeyless?: boolean },\n) => {\n const { children, disableKeyless = false, ...rest } = props;\n const safePublishableKey = mergeNextClerkPropsWithEnv(rest).publishableKey;\n\n if (safePublishableKey || !canUseKeyless || disableKeyless) {\n return <NextClientClerkProvider {...rest}>{children}</NextClientClerkProvider>;\n }\n\n return (\n <LazyCreateKeylessApplication>\n <NextClientClerkProvider {...rest}>{children}</NextClientClerkProvider>\n </LazyCreateKeylessApplication>\n );\n};\n"],"mappings":";;AACA,SAAS,iBAAiB,0BAA0B;AAEpD,OAAO,aAAa;AACpB,SAAS,iBAAiB;AAC1B,OAAO,WAAW;AAElB,SAAS,2BAA2B;AACpC,SAAS,0BAA0B,2BAA2B;AAE9D,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,kCAAkC;AAC3C,SAAS,uBAAuB;AAChC,SAAS,mCAAmC;AAC5C,SAAS,6BAA6B;AACtC,SAAS,wBAAwB;AACjC,SAAS,2BAA2B;AAMpC,MAAM,+BAA+B;AAAA,EAAQ,MAC3C,OAAO,6BAA6B,EAAE,KAAK,OAAK,EAAE,sBAAsB;AAC1E;AAEA,MAAM,0BAA0B,CAAsB,UAAuC;AAC3F,QAAM,EAAE,+CAA+C,MAAM,SAAS,IAAI;AAC1E,QAAM,SAAS,UAAU;AACzB,QAAM,OAAO,iBAAiB;AAC9B,QAAM,UAAU,oBAAoB;AAGpC,sBAAoB,MAAM;AACxB,QAAI,eAAe;AACjB,WAAK,4BAA4B;AAAA,IACnC;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,QAAM,WAAW,QAAQ,oBAAoB,CAAC;AAC9C,MAAI,UAAU;AACZ,WAAO,MAAM;AAAA,EACf;AAEA,sBAAoB,MAAM;AACxB,WAAO,+BAA+B,YAAU;AAoB9C,aAAO,IAAI,QAAQ,aAAW;AAnEpC;AAoEQ,cAAM,gBAAc,sCAAQ,SAAR,mBAAc,YAAW;AAS7C,aAAK,YAAY,WAAW,IAAI,KAAK,YAAY,WAAW,IAAI,MAAM,WAAW,YAAY;AAC3F,kBAAQ;AAAA,QACV,OAAO;AACL,eAAK,sBAAsB,EAAE,KAAK,MAAM,QAAQ,CAAC;AAAA,QACnD;AAAA,MACF,CAAC;AAAA,IACH;AAEA,WAAO,8BAA8B,MAAM;AACzC,UAAI,8CAA8C;AAChD,eAAO,OAAO,QAAQ;AAAA,MACxB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,cAAc,2BAA2B;AAAA,IAC7C,GAAG;AAAA;AAAA,IAEH,YAAY;AAAA;AAAA,IAEZ,eAAe;AAAA,EACjB,CAAC;AAED,SACE,oCAAC,4BAAyB,SAAS,eACjC,oCAAC,sBAAoB,GAAG,eACtB,oCAAC,qBAAgB,GACjB,oCAAC,gBAAa,QAAO,OAAM,GAC1B,QACH,CACF;AAEJ;AAEO,MAAM,sBAAsB,CACjC,UACG;AACH,QAAM,EAAE,UAAU,iBAAiB,OAAO,GAAG,KAAK,IAAI;AACtD,QAAM,qBAAqB,2BAA2B,IAAI,EAAE;AAE5D,MAAI,sBAAsB,CAAC,iBAAiB,gBAAgB;AAC1D,WAAO,oCAAC,2BAAyB,GAAG,QAAO,QAAS;AAAA,EACtD;AAEA,SACE,oCAAC,oCACC,oCAAC,2BAAyB,GAAG,QAAO,QAAS,CAC/C;AAEJ;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/ClerkProvider.tsx"],"sourcesContent":["import type { Ui } from '@clerk/react/internal';\nimport type { InitialState, Without } from '@clerk/shared/types';\nimport { headers } from 'next/headers';\nimport type { ReactNode } from 'react';\nimport React from 'react';\n\nimport { PromisifiedAuthProvider } from '../../client-boundary/PromisifiedAuthProvider';\nimport { getDynamicAuthData } from '../../server/buildClerkProps';\nimport type { NextClerkProviderProps } from '../../types';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { ClientClerkProvider } from '../client/ClerkProvider';\nimport { getKeylessStatus, KeylessProvider } from './keyless-provider';\nimport { buildRequestLike, getScriptNonceFromHeader } from './utils';\n\nconst getDynamicClerkState = React.cache(async function getDynamicClerkState() {\n const request = await buildRequestLike();\n const data = getDynamicAuthData(request);\n\n return data;\n});\n\nconst getNonceHeaders = React.cache(async function getNonceHeaders() {\n const headersList = await headers();\n const nonce = headersList.get('X-Nonce');\n return nonce\n ? nonce\n : // Fallback to extracting from CSP header\n getScriptNonceFromHeader(headersList.get('Content-Security-Policy') || '') || '';\n});\n\nexport async function ClerkProvider<TUi extends Ui = Ui>(\n props: Without<NextClerkProviderProps<TUi>, '
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/ClerkProvider.tsx"],"sourcesContent":["import type { Ui } from '@clerk/react/internal';\nimport type { InitialState, Without } from '@clerk/shared/types';\nimport { headers } from 'next/headers';\nimport type { ReactNode } from 'react';\nimport React from 'react';\n\nimport { PromisifiedAuthProvider } from '../../client-boundary/PromisifiedAuthProvider';\nimport { getDynamicAuthData } from '../../server/buildClerkProps';\nimport type { NextClerkProviderProps } from '../../types';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { ClientClerkProvider } from '../client/ClerkProvider';\nimport { getKeylessStatus, KeylessProvider } from './keyless-provider';\nimport { buildRequestLike, getScriptNonceFromHeader } from './utils';\n\nconst getDynamicClerkState = React.cache(async function getDynamicClerkState() {\n const request = await buildRequestLike();\n const data = getDynamicAuthData(request);\n\n return data;\n});\n\nconst getNonceHeaders = React.cache(async function getNonceHeaders() {\n const headersList = await headers();\n const nonce = headersList.get('X-Nonce');\n return nonce\n ? nonce\n : // Fallback to extracting from CSP header\n getScriptNonceFromHeader(headersList.get('Content-Security-Policy') || '') || '';\n});\n\nexport async function ClerkProvider<TUi extends Ui = Ui>(\n props: Without<NextClerkProviderProps<TUi>, '__internal_invokeMiddlewareOnAuthStateChange'>,\n) {\n const { children, dynamic, ...rest } = props;\n\n async function generateStatePromise() {\n if (!dynamic) {\n return Promise.resolve(null);\n }\n return getDynamicClerkState();\n }\n\n async function generateNonce() {\n if (!dynamic) {\n return Promise.resolve('');\n }\n return getNonceHeaders();\n }\n\n const propsWithEnvs = mergeNextClerkPropsWithEnv({\n ...rest,\n });\n\n const { shouldRunAsKeyless, runningWithClaimedKeys } = await getKeylessStatus(propsWithEnvs);\n\n let output: ReactNode;\n\n try {\n const detectKeylessEnvDrift = await import('../../server/keyless-telemetry.js').then(\n mod => mod.detectKeylessEnvDrift,\n );\n await detectKeylessEnvDrift();\n } catch {\n // ignore\n }\n\n if (shouldRunAsKeyless) {\n output = (\n <KeylessProvider\n rest={propsWithEnvs}\n generateNonce={generateNonce}\n generateStatePromise={generateStatePromise}\n runningWithClaimedKeys={runningWithClaimedKeys}\n >\n {children}\n </KeylessProvider>\n );\n } else {\n output = (\n <ClientClerkProvider\n {...propsWithEnvs}\n nonce={await generateNonce()}\n initialState={await generateStatePromise()}\n >\n {children}\n </ClientClerkProvider>\n );\n }\n\n if (dynamic) {\n return (\n // TODO: fix types so AuthObject is compatible with InitialState\n <PromisifiedAuthProvider authPromise={generateStatePromise() as unknown as Promise<InitialState>}>\n {output}\n </PromisifiedAuthProvider>\n );\n }\n return output;\n}\n"],"mappings":";AAEA,SAAS,eAAe;AAExB,OAAO,WAAW;AAElB,SAAS,+BAA+B;AACxC,SAAS,0BAA0B;AAEnC,SAAS,kCAAkC;AAC3C,SAAS,2BAA2B;AACpC,SAAS,kBAAkB,uBAAuB;AAClD,SAAS,kBAAkB,gCAAgC;AAE3D,MAAM,uBAAuB,MAAM,MAAM,eAAeA,wBAAuB;AAC7E,QAAM,UAAU,MAAM,iBAAiB;AACvC,QAAM,OAAO,mBAAmB,OAAO;AAEvC,SAAO;AACT,CAAC;AAED,MAAM,kBAAkB,MAAM,MAAM,eAAeC,mBAAkB;AACnE,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,QAAQ,YAAY,IAAI,SAAS;AACvC,SAAO,QACH;AAAA;AAAA,IAEA,yBAAyB,YAAY,IAAI,yBAAyB,KAAK,EAAE,KAAK;AAAA;AACpF,CAAC;AAED,eAAsB,cACpB,OACA;AACA,QAAM,EAAE,UAAU,SAAS,GAAG,KAAK,IAAI;AAEvC,iBAAe,uBAAuB;AACpC,QAAI,CAAC,SAAS;AACZ,aAAO,QAAQ,QAAQ,IAAI;AAAA,IAC7B;AACA,WAAO,qBAAqB;AAAA,EAC9B;AAEA,iBAAe,gBAAgB;AAC7B,QAAI,CAAC,SAAS;AACZ,aAAO,QAAQ,QAAQ,EAAE;AAAA,IAC3B;AACA,WAAO,gBAAgB;AAAA,EACzB;AAEA,QAAM,gBAAgB,2BAA2B;AAAA,IAC/C,GAAG;AAAA,EACL,CAAC;AAED,QAAM,EAAE,oBAAoB,uBAAuB,IAAI,MAAM,iBAAiB,aAAa;AAE3F,MAAI;AAEJ,MAAI;AACF,UAAM,wBAAwB,MAAM,OAAO,mCAAmC,EAAE;AAAA,MAC9E,SAAO,IAAI;AAAA,IACb;AACA,UAAM,sBAAsB;AAAA,EAC9B,QAAQ;AAAA,EAER;AAEA,MAAI,oBAAoB;AACtB,aACE;AAAA,MAAC;AAAA;AAAA,QACC,MAAM;AAAA,QACN;AAAA,QACA;AAAA,QACA;AAAA;AAAA,MAEC;AAAA,IACH;AAAA,EAEJ,OAAO;AACL,aACE;AAAA,MAAC;AAAA;AAAA,QACE,GAAG;AAAA,QACJ,OAAO,MAAM,cAAc;AAAA,QAC3B,cAAc,MAAM,qBAAqB;AAAA;AAAA,MAExC;AAAA,IACH;AAAA,EAEJ;AAEA,MAAI,SAAS;AACX;AAAA;AAAA,MAEE,oCAAC,2BAAwB,aAAa,qBAAqB,KACxD,MACH;AAAA;AAAA,EAEJ;AACA,SAAO;AACT;","names":["getDynamicClerkState","getNonceHeaders"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/keyless-provider.tsx"],"sourcesContent":["import type { AuthObject } from '@clerk/backend';\nimport type { Without } from '@clerk/shared/types';\nimport { headers } from 'next/headers';\nimport type { PropsWithChildren } from 'react';\nimport React from 'react';\n\nimport { createClerkClientWithOptions } from '../../server/createClerkClient';\nimport { collectKeylessMetadata, formatMetadataHeaders } from '../../server/keyless-custom-headers';\nimport type { NextClerkProviderProps } from '../../types';\nimport { canUseKeyless } from '../../utils/feature-flags';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { onlyTry } from '../../utils/only-try';\nimport { ClientClerkProvider } from '../client/ClerkProvider';\nimport { deleteKeylessAction } from '../keyless-actions';\n\nexport async function getKeylessStatus(\n params: Without<NextClerkProviderProps, '
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/keyless-provider.tsx"],"sourcesContent":["import type { AuthObject } from '@clerk/backend';\nimport type { Without } from '@clerk/shared/types';\nimport { headers } from 'next/headers';\nimport type { PropsWithChildren } from 'react';\nimport React from 'react';\n\nimport { createClerkClientWithOptions } from '../../server/createClerkClient';\nimport { collectKeylessMetadata, formatMetadataHeaders } from '../../server/keyless-custom-headers';\nimport type { NextClerkProviderProps } from '../../types';\nimport { canUseKeyless } from '../../utils/feature-flags';\nimport { mergeNextClerkPropsWithEnv } from '../../utils/mergeNextClerkPropsWithEnv';\nimport { onlyTry } from '../../utils/only-try';\nimport { ClientClerkProvider } from '../client/ClerkProvider';\nimport { deleteKeylessAction } from '../keyless-actions';\n\nexport async function getKeylessStatus(\n params: Without<NextClerkProviderProps, '__internal_invokeMiddlewareOnAuthStateChange'>,\n) {\n let [shouldRunAsKeyless, runningWithClaimedKeys, locallyStoredPublishableKey] = [false, false, ''];\n if (canUseKeyless) {\n locallyStoredPublishableKey = await import('../../server/keyless-node.js')\n .then(mod => mod.safeParseClerkFile()?.publishableKey || '')\n .catch(() => '');\n\n runningWithClaimedKeys = Boolean(params.publishableKey) && params.publishableKey === locallyStoredPublishableKey;\n shouldRunAsKeyless = !params.publishableKey || runningWithClaimedKeys;\n }\n\n return {\n shouldRunAsKeyless,\n runningWithClaimedKeys,\n };\n}\n\ntype KeylessProviderProps = PropsWithChildren<{\n rest: Without<NextClerkProviderProps, '__internal_invokeMiddlewareOnAuthStateChange'>;\n runningWithClaimedKeys: boolean;\n generateStatePromise: () => Promise<AuthObject | null>;\n generateNonce: () => Promise<string>;\n}>;\n\nexport const KeylessProvider = async (props: KeylessProviderProps) => {\n const { rest, runningWithClaimedKeys, generateNonce, generateStatePromise, children } = props;\n\n // NOTE: Create or read keys on every render. Usually this means only on hard refresh or hard navigations.\n const newOrReadKeys = await import('../../server/keyless-node.js')\n .then(mod => mod.createOrReadKeyless())\n .catch(() => null);\n\n const { clerkDevelopmentCache, createConfirmationMessage, createKeylessModeMessage } = await import(\n '../../server/keyless-log-cache.js'\n );\n\n if (!newOrReadKeys) {\n // When case keyless should run, but keys are not available, then fallback to throwing for missing keys\n return (\n <ClientClerkProvider\n {...mergeNextClerkPropsWithEnv(rest)}\n nonce={await generateNonce()}\n initialState={await generateStatePromise()}\n disableKeyless\n >\n {children}\n </ClientClerkProvider>\n );\n }\n\n const clientProvider = (\n <ClientClerkProvider\n {...mergeNextClerkPropsWithEnv({\n ...rest,\n publishableKey: newOrReadKeys.publishableKey,\n __internal_keyless_claimKeylessApplicationUrl: newOrReadKeys.claimUrl,\n __internal_keyless_copyInstanceKeysUrl: newOrReadKeys.apiKeysUrl,\n // Explicitly use `null` instead of `undefined` here to avoid persisting `deleteKeylessAction` during merging of options.\n __internal_keyless_dismissPrompt: runningWithClaimedKeys ? deleteKeylessAction : null,\n })}\n nonce={await generateNonce()}\n initialState={await generateStatePromise()}\n >\n {children}\n </ClientClerkProvider>\n );\n\n if (runningWithClaimedKeys) {\n try {\n const secretKey = await import('../../server/keyless-node.js').then(mod => mod.safeParseClerkFile()?.secretKey);\n if (!secretKey) {\n // we will ignore it later\n throw new Error('Missing secret key from `.clerk/`');\n }\n const client = createClerkClientWithOptions({\n secretKey,\n });\n\n // Collect metadata\n const keylessHeaders = await collectKeylessMetadata()\n .then(formatMetadataHeaders)\n .catch(() => new Headers());\n\n /**\n * Notifying the dashboard the should runs once. We are controlling this behaviour by caching the result of the request.\n * If the request fails, it will be considered stale after 10 minutes, otherwise it is cached for 24 hours.\n */\n await clerkDevelopmentCache?.run(\n () =>\n client.__experimental_accountlessApplications.completeAccountlessApplicationOnboarding({\n requestHeaders: keylessHeaders,\n }),\n {\n cacheKey: `${newOrReadKeys.publishableKey}_complete`,\n onSuccessStale: 24 * 60 * 60 * 1000, // 24 hours\n },\n );\n } catch {\n // noop\n }\n\n /**\n * Notify developers.\n */\n clerkDevelopmentCache?.log({\n cacheKey: `${newOrReadKeys.publishableKey}_claimed`,\n msg: createConfirmationMessage(),\n });\n\n return clientProvider;\n }\n\n const KeylessCookieSync = await import('../client/keyless-cookie-sync.js').then(mod => mod.KeylessCookieSync);\n\n const headerStore = await headers();\n /**\n * Allow developer to return to local application after claiming\n */\n const host = headerStore.get('x-forwarded-host');\n const proto = headerStore.get('x-forwarded-proto');\n\n const claimUrl = new URL(newOrReadKeys.claimUrl);\n if (host && proto) {\n onlyTry(() => claimUrl.searchParams.set('return_url', new URL(`${proto}://${host}`).href));\n }\n\n /**\n * Notify developers.\n */\n clerkDevelopmentCache?.log({\n cacheKey: newOrReadKeys.publishableKey,\n msg: createKeylessModeMessage({ ...newOrReadKeys, claimUrl: claimUrl.href }),\n });\n\n return <KeylessCookieSync {...newOrReadKeys}>{clientProvider}</KeylessCookieSync>;\n};\n"],"mappings":";AAEA,SAAS,eAAe;AAExB,OAAO,WAAW;AAElB,SAAS,oCAAoC;AAC7C,SAAS,wBAAwB,6BAA6B;AAE9D,SAAS,qBAAqB;AAC9B,SAAS,kCAAkC;AAC3C,SAAS,eAAe;AACxB,SAAS,2BAA2B;AACpC,SAAS,2BAA2B;AAEpC,eAAsB,iBACpB,QACA;AACA,MAAI,CAAC,oBAAoB,wBAAwB,2BAA2B,IAAI,CAAC,OAAO,OAAO,EAAE;AACjG,MAAI,eAAe;AACjB,kCAA8B,MAAM,OAAO,8BAA8B,EACtE,KAAK,SAAI;AArBhB;AAqBmB,wBAAI,mBAAmB,MAAvB,mBAA0B,mBAAkB;AAAA,KAAE,EAC1D,MAAM,MAAM,EAAE;AAEjB,6BAAyB,QAAQ,OAAO,cAAc,KAAK,OAAO,mBAAmB;AACrF,yBAAqB,CAAC,OAAO,kBAAkB;AAAA,EACjD;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;AASO,MAAM,kBAAkB,OAAO,UAAgC;AACpE,QAAM,EAAE,MAAM,wBAAwB,eAAe,sBAAsB,SAAS,IAAI;AAGxF,QAAM,gBAAgB,MAAM,OAAO,8BAA8B,EAC9D,KAAK,SAAO,IAAI,oBAAoB,CAAC,EACrC,MAAM,MAAM,IAAI;AAEnB,QAAM,EAAE,uBAAuB,2BAA2B,yBAAyB,IAAI,MAAM,OAC3F,mCACF;AAEA,MAAI,CAAC,eAAe;AAElB,WACE;AAAA,MAAC;AAAA;AAAA,QACE,GAAG,2BAA2B,IAAI;AAAA,QACnC,OAAO,MAAM,cAAc;AAAA,QAC3B,cAAc,MAAM,qBAAqB;AAAA,QACzC,gBAAc;AAAA;AAAA,MAEb;AAAA,IACH;AAAA,EAEJ;AAEA,QAAM,iBACJ;AAAA,IAAC;AAAA;AAAA,MACE,GAAG,2BAA2B;AAAA,QAC7B,GAAG;AAAA,QACH,gBAAgB,cAAc;AAAA,QAC9B,+CAA+C,cAAc;AAAA,QAC7D,wCAAwC,cAAc;AAAA;AAAA,QAEtD,kCAAkC,yBAAyB,sBAAsB;AAAA,MACnF,CAAC;AAAA,MACD,OAAO,MAAM,cAAc;AAAA,MAC3B,cAAc,MAAM,qBAAqB;AAAA;AAAA,IAExC;AAAA,EACH;AAGF,MAAI,wBAAwB;AAC1B,QAAI;AACF,YAAM,YAAY,MAAM,OAAO,8BAA8B,EAAE,KAAK,SAAI;AAtF9E;AAsFiF,yBAAI,mBAAmB,MAAvB,mBAA0B;AAAA,OAAS;AAC9G,UAAI,CAAC,WAAW;AAEd,cAAM,IAAI,MAAM,mCAAmC;AAAA,MACrD;AACA,YAAM,SAAS,6BAA6B;AAAA,QAC1C;AAAA,MACF,CAAC;AAGD,YAAM,iBAAiB,MAAM,uBAAuB,EACjD,KAAK,qBAAqB,EAC1B,MAAM,MAAM,IAAI,QAAQ,CAAC;AAM5B,aAAM,+DAAuB;AAAA,QAC3B,MACE,OAAO,uCAAuC,yCAAyC;AAAA,UACrF,gBAAgB;AAAA,QAClB,CAAC;AAAA,QACH;AAAA,UACE,UAAU,GAAG,cAAc,cAAc;AAAA,UACzC,gBAAgB,KAAK,KAAK,KAAK;AAAA;AAAA,QACjC;AAAA;AAAA,IAEJ,QAAQ;AAAA,IAER;AAKA,mEAAuB,IAAI;AAAA,MACzB,UAAU,GAAG,cAAc,cAAc;AAAA,MACzC,KAAK,0BAA0B;AAAA,IACjC;AAEA,WAAO;AAAA,EACT;AAEA,QAAM,oBAAoB,MAAM,OAAO,kCAAkC,EAAE,KAAK,SAAO,IAAI,iBAAiB;AAE5G,QAAM,cAAc,MAAM,QAAQ;AAIlC,QAAM,OAAO,YAAY,IAAI,kBAAkB;AAC/C,QAAM,QAAQ,YAAY,IAAI,mBAAmB;AAEjD,QAAM,WAAW,IAAI,IAAI,cAAc,QAAQ;AAC/C,MAAI,QAAQ,OAAO;AACjB,YAAQ,MAAM,SAAS,aAAa,IAAI,cAAc,IAAI,IAAI,GAAG,KAAK,MAAM,IAAI,EAAE,EAAE,IAAI,CAAC;AAAA,EAC3F;AAKA,iEAAuB,IAAI;AAAA,IACzB,UAAU,cAAc;AAAA,IACxB,KAAK,yBAAyB,EAAE,GAAG,eAAe,UAAU,SAAS,KAAK,CAAC;AAAA,EAC7E;AAEA,SAAO,oCAAC,qBAAmB,GAAG,iBAAgB,cAAe;AAC/D;","names":[]}
|
|
@@ -14,15 +14,15 @@ setErrorThrowerOptions({ packageName: "@clerk/nextjs" });
|
|
|
14
14
|
setClerkJsLoadingErrorPackageName("@clerk/nextjs");
|
|
15
15
|
function ClerkProvider({ children, ...props }) {
|
|
16
16
|
var _a;
|
|
17
|
-
const {
|
|
17
|
+
const { __internal_invokeMiddlewareOnAuthStateChange = true } = props;
|
|
18
18
|
const { push, replace } = useRouter();
|
|
19
19
|
ReactClerkProvider.displayName = "ReactClerkProvider";
|
|
20
20
|
useSafeLayoutEffect(() => {
|
|
21
|
-
window.
|
|
21
|
+
window.__internal_onBeforeSetActive = invalidateNextRouterCache;
|
|
22
22
|
}, []);
|
|
23
23
|
useSafeLayoutEffect(() => {
|
|
24
|
-
window.
|
|
25
|
-
if (
|
|
24
|
+
window.__internal_onAfterSetActive = () => {
|
|
25
|
+
if (__internal_invokeMiddlewareOnAuthStateChange) {
|
|
26
26
|
void push(window.location.href);
|
|
27
27
|
}
|
|
28
28
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/pages/ClerkProvider.tsx"],"sourcesContent":["import { ClerkProvider as ReactClerkProvider } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\n// Override Clerk React error thrower to show that errors come from @clerk/nextjs\nimport { setClerkJsLoadingErrorPackageName, setErrorThrowerOptions } from '@clerk/react/internal';\nimport { useRouter } from 'next/router';\nimport React from 'react';\n\nimport { useSafeLayoutEffect } from '../client-boundary/hooks/useSafeLayoutEffect';\nimport { ClerkNextOptionsProvider } from '../client-boundary/NextOptionsContext';\nimport type { NextClerkProviderProps } from '../types';\nimport { ClerkScripts } from '../utils/clerk-script';\nimport { invalidateNextRouterCache } from '../utils/invalidateNextRouterCache';\nimport { mergeNextClerkPropsWithEnv } from '../utils/mergeNextClerkPropsWithEnv';\nimport { removeBasePath } from '../utils/removeBasePath';\nimport { RouterTelemetry } from '../utils/router-telemetry';\n\nsetErrorThrowerOptions({ packageName: PACKAGE_NAME });\nsetClerkJsLoadingErrorPackageName(PACKAGE_NAME);\n\nexport function ClerkProvider<TUi extends Ui = Ui>({ children, ...props }: NextClerkProviderProps<TUi>): JSX.Element {\n const {
|
|
1
|
+
{"version":3,"sources":["../../../src/pages/ClerkProvider.tsx"],"sourcesContent":["import { ClerkProvider as ReactClerkProvider } from '@clerk/react';\nimport type { Ui } from '@clerk/react/internal';\n// Override Clerk React error thrower to show that errors come from @clerk/nextjs\nimport { setClerkJsLoadingErrorPackageName, setErrorThrowerOptions } from '@clerk/react/internal';\nimport { useRouter } from 'next/router';\nimport React from 'react';\n\nimport { useSafeLayoutEffect } from '../client-boundary/hooks/useSafeLayoutEffect';\nimport { ClerkNextOptionsProvider } from '../client-boundary/NextOptionsContext';\nimport type { NextClerkProviderProps } from '../types';\nimport { ClerkScripts } from '../utils/clerk-script';\nimport { invalidateNextRouterCache } from '../utils/invalidateNextRouterCache';\nimport { mergeNextClerkPropsWithEnv } from '../utils/mergeNextClerkPropsWithEnv';\nimport { removeBasePath } from '../utils/removeBasePath';\nimport { RouterTelemetry } from '../utils/router-telemetry';\n\nsetErrorThrowerOptions({ packageName: PACKAGE_NAME });\nsetClerkJsLoadingErrorPackageName(PACKAGE_NAME);\n\nexport function ClerkProvider<TUi extends Ui = Ui>({ children, ...props }: NextClerkProviderProps<TUi>): JSX.Element {\n const { __internal_invokeMiddlewareOnAuthStateChange = true } = props;\n const { push, replace } = useRouter();\n ReactClerkProvider.displayName = 'ReactClerkProvider';\n\n useSafeLayoutEffect(() => {\n window.__internal_onBeforeSetActive = invalidateNextRouterCache;\n }, []);\n\n useSafeLayoutEffect(() => {\n window.__internal_onAfterSetActive = () => {\n // Re-run the middleware every time there auth state changes.\n // This enables complete control from a centralized place (NextJS middleware),\n // as we will invoke it every time the client-side auth state changes, eg: signing-out, switching orgs, etc.\\\n if (__internal_invokeMiddlewareOnAuthStateChange) {\n void push(window.location.href);\n }\n };\n }, []);\n\n const navigate = (to: string) => push(removeBasePath(to));\n const replaceNavigate = (to: string) => replace(removeBasePath(to));\n const mergedProps = mergeNextClerkPropsWithEnv({\n ...props,\n routerPush: navigate,\n routerReplace: replaceNavigate,\n });\n // ClerkProvider automatically injects __clerk_ssr_state\n // getAuth returns a user-facing authServerSideProps that hides __clerk_ssr_state\n // @ts-expect-error initialState is hidden from the types as it's a private prop\n const initialState = props.authServerSideProps?.__clerk_ssr_state || props.__clerk_ssr_state;\n\n return (\n <ClerkNextOptionsProvider options={mergedProps}>\n <ReactClerkProvider\n {...mergedProps}\n initialState={initialState}\n >\n <RouterTelemetry />\n <ClerkScripts router='pages' />\n {children}\n </ReactClerkProvider>\n </ClerkNextOptionsProvider>\n );\n}\n"],"mappings":";AAAA,SAAS,iBAAiB,0BAA0B;AAGpD,SAAS,mCAAmC,8BAA8B;AAC1E,SAAS,iBAAiB;AAC1B,OAAO,WAAW;AAElB,SAAS,2BAA2B;AACpC,SAAS,gCAAgC;AAEzC,SAAS,oBAAoB;AAC7B,SAAS,iCAAiC;AAC1C,SAAS,kCAAkC;AAC3C,SAAS,sBAAsB;AAC/B,SAAS,uBAAuB;AAEhC,uBAAuB,EAAE,aAAa,gBAAa,CAAC;AACpD,kCAAkC,eAAY;AAEvC,SAAS,cAAmC,EAAE,UAAU,GAAG,MAAM,GAA6C;AAnBrH;AAoBE,QAAM,EAAE,+CAA+C,KAAK,IAAI;AAChE,QAAM,EAAE,MAAM,QAAQ,IAAI,UAAU;AACpC,qBAAmB,cAAc;AAEjC,sBAAoB,MAAM;AACxB,WAAO,+BAA+B;AAAA,EACxC,GAAG,CAAC,CAAC;AAEL,sBAAoB,MAAM;AACxB,WAAO,8BAA8B,MAAM;AAIzC,UAAI,8CAA8C;AAChD,aAAK,KAAK,OAAO,SAAS,IAAI;AAAA,MAChC;AAAA,IACF;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,WAAW,CAAC,OAAe,KAAK,eAAe,EAAE,CAAC;AACxD,QAAM,kBAAkB,CAAC,OAAe,QAAQ,eAAe,EAAE,CAAC;AAClE,QAAM,cAAc,2BAA2B;AAAA,IAC7C,GAAG;AAAA,IACH,YAAY;AAAA,IACZ,eAAe;AAAA,EACjB,CAAC;AAID,QAAM,iBAAe,WAAM,wBAAN,mBAA2B,sBAAqB,MAAM;AAE3E,SACE,oCAAC,4BAAyB,SAAS,eACjC;AAAA,IAAC;AAAA;AAAA,MACE,GAAG;AAAA,MACJ;AAAA;AAAA,IAEA,oCAAC,qBAAgB;AAAA,IACjB,oCAAC,gBAAa,QAAO,SAAQ;AAAA,IAC5B;AAAA,EACH,CACF;AAEJ;","names":[]}
|
|
@@ -17,7 +17,7 @@ const SIGN_IN_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || "";
|
|
|
17
17
|
const SIGN_UP_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || "";
|
|
18
18
|
const SDK_METADATA = {
|
|
19
19
|
name: "@clerk/nextjs",
|
|
20
|
-
version: "7.0.0-snapshot.
|
|
20
|
+
version: "7.0.0-snapshot.v20251204175016",
|
|
21
21
|
environment: process.env.NODE_ENV
|
|
22
22
|
};
|
|
23
23
|
const TELEMETRY_DISABLED = isTruthy(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DISABLED);
|
|
@@ -18,7 +18,7 @@ const clerkClientDefaultOptions = {
|
|
|
18
18
|
publishableKey: PUBLISHABLE_KEY,
|
|
19
19
|
apiUrl: API_URL,
|
|
20
20
|
apiVersion: API_VERSION,
|
|
21
|
-
userAgent: `${"@clerk/nextjs"}@${"7.0.0-snapshot.
|
|
21
|
+
userAgent: `${"@clerk/nextjs"}@${"7.0.0-snapshot.v20251204175016"}`,
|
|
22
22
|
proxyUrl: PROXY_URL,
|
|
23
23
|
domain: DOMAIN,
|
|
24
24
|
isSatellite: IS_SATELLITE,
|
|
@@ -32,11 +32,13 @@ const encryptionKeyInvalidDev = `Clerk: Unable to decrypt request data.
|
|
|
32
32
|
Refresh the page if your .env file was just updated. If the issue persists, ensure the encryption key is valid and properly set.
|
|
33
33
|
|
|
34
34
|
For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;
|
|
35
|
+
const encryptionKeyMissing = "Clerk: Missing `CLERK_ENCRYPTION_KEY`. Required for propagating `secretKey` middleware option. See docs: https://clerk.com/docs/references/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_missing)";
|
|
35
36
|
export {
|
|
36
37
|
authAuthHeaderMissing,
|
|
37
38
|
authSignatureInvalid,
|
|
38
39
|
encryptionKeyInvalid,
|
|
39
40
|
encryptionKeyInvalidDev,
|
|
41
|
+
encryptionKeyMissing,
|
|
40
42
|
getAuthAuthHeaderMissing,
|
|
41
43
|
missingDomainAndProxy,
|
|
42
44
|
missingSignInUrlInDev
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/errors.ts"],"sourcesContent":["export const missingDomainAndProxy = `\nMissing domain and proxyUrl. A satellite application needs to specify a domain or a proxyUrl.\n\n1) With middleware\n e.g. export default clerkMiddleware({domain:'YOUR_DOMAIN',isSatellite:true});\n2) With environment variables e.g.\n NEXT_PUBLIC_CLERK_DOMAIN='YOUR_DOMAIN'\n NEXT_PUBLIC_CLERK_IS_SATELLITE='true'\n `;\n\nexport const missingSignInUrlInDev = `\nInvalid signInUrl. A satellite application requires a signInUrl for development instances.\nCheck if signInUrl is missing from your configuration or if it is not an absolute URL\n\n1) With middleware\n e.g. export default clerkMiddleware({signInUrl:'SOME_URL', isSatellite:true});\n2) With environment variables e.g.\n NEXT_PUBLIC_CLERK_SIGN_IN_URL='SOME_URL'\n NEXT_PUBLIC_CLERK_IS_SATELLITE='true'`;\n\nexport const getAuthAuthHeaderMissing = () => authAuthHeaderMissing('getAuth');\n\nexport const authAuthHeaderMissing = (helperName = 'auth', prefixSteps?: string[]) =>\n `Clerk: ${helperName}() was called but Clerk can't detect usage of clerkMiddleware(). Please ensure the following:\n- ${prefixSteps ? [...prefixSteps, ''].join('\\n- ') : ' '}clerkMiddleware() is used in your Next.js Middleware.\n- Your Middleware matcher is configured to match this route or page.\n- If you are using the src directory, make sure the Middleware file is inside of it.\n\nFor more details, see https://clerk.com/err/auth-middleware\n`;\n\nexport const authSignatureInvalid = `Clerk: Unable to verify request, this usually means the Clerk middleware did not run. Ensure Clerk's middleware is properly integrated and matches the current route. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware. (code=auth_signature_invalid)`;\n\nexport const encryptionKeyInvalid = `Clerk: Unable to decrypt request data, this usually means the encryption key is invalid. Ensure the encryption key is properly set. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;\n\nexport const encryptionKeyInvalidDev = `Clerk: Unable to decrypt request data.\\n\\nRefresh the page if your .env file was just updated. If the issue persists, ensure the encryption key is valid and properly set.\\n\\nFor more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;\n"],"mappings":";AAAO,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,2BAA2B,MAAM,sBAAsB,SAAS;AAEtE,MAAM,wBAAwB,CAAC,aAAa,QAAQ,gBACzD,UAAU,UAAU;AAAA,IAClB,cAAc,CAAC,GAAG,aAAa,EAAE,EAAE,KAAK,MAAM,IAAI,GAAG;AAAA;AAAA;AAAA;AAAA;AAAA;AAOlD,MAAM,uBAAuB;AAE7B,MAAM,uBAAuB;AAE7B,MAAM,0BAA0B;AAAA;AAAA;AAAA;AAAA;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/errors.ts"],"sourcesContent":["export const missingDomainAndProxy = `\nMissing domain and proxyUrl. A satellite application needs to specify a domain or a proxyUrl.\n\n1) With middleware\n e.g. export default clerkMiddleware({domain:'YOUR_DOMAIN',isSatellite:true});\n2) With environment variables e.g.\n NEXT_PUBLIC_CLERK_DOMAIN='YOUR_DOMAIN'\n NEXT_PUBLIC_CLERK_IS_SATELLITE='true'\n `;\n\nexport const missingSignInUrlInDev = `\nInvalid signInUrl. A satellite application requires a signInUrl for development instances.\nCheck if signInUrl is missing from your configuration or if it is not an absolute URL\n\n1) With middleware\n e.g. export default clerkMiddleware({signInUrl:'SOME_URL', isSatellite:true});\n2) With environment variables e.g.\n NEXT_PUBLIC_CLERK_SIGN_IN_URL='SOME_URL'\n NEXT_PUBLIC_CLERK_IS_SATELLITE='true'`;\n\nexport const getAuthAuthHeaderMissing = () => authAuthHeaderMissing('getAuth');\n\nexport const authAuthHeaderMissing = (helperName = 'auth', prefixSteps?: string[]) =>\n `Clerk: ${helperName}() was called but Clerk can't detect usage of clerkMiddleware(). Please ensure the following:\n- ${prefixSteps ? [...prefixSteps, ''].join('\\n- ') : ' '}clerkMiddleware() is used in your Next.js Middleware.\n- Your Middleware matcher is configured to match this route or page.\n- If you are using the src directory, make sure the Middleware file is inside of it.\n\nFor more details, see https://clerk.com/err/auth-middleware\n`;\n\nexport const authSignatureInvalid = `Clerk: Unable to verify request, this usually means the Clerk middleware did not run. Ensure Clerk's middleware is properly integrated and matches the current route. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware. (code=auth_signature_invalid)`;\n\nexport const encryptionKeyInvalid = `Clerk: Unable to decrypt request data, this usually means the encryption key is invalid. Ensure the encryption key is properly set. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;\n\nexport const encryptionKeyInvalidDev = `Clerk: Unable to decrypt request data.\\n\\nRefresh the page if your .env file was just updated. If the issue persists, ensure the encryption key is valid and properly set.\\n\\nFor more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)`;\nexport const encryptionKeyMissing =\n 'Clerk: Missing `CLERK_ENCRYPTION_KEY`. Required for propagating `secretKey` middleware option. See docs: https://clerk.com/docs/references/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_missing)';\n"],"mappings":";AAAO,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,2BAA2B,MAAM,sBAAsB,SAAS;AAEtE,MAAM,wBAAwB,CAAC,aAAa,QAAQ,gBACzD,UAAU,UAAU;AAAA,IAClB,cAAc,CAAC,GAAG,aAAa,EAAE,EAAE,KAAK,MAAM,IAAI,GAAG;AAAA;AAAA;AAAA;AAAA;AAAA;AAOlD,MAAM,uBAAuB;AAE7B,MAAM,uBAAuB;AAE7B,MAAM,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAChC,MAAM,uBACX;","names":[]}
|
package/dist/esm/server/utils.js
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import "../chunk-BUSYA2B4.js";
|
|
2
2
|
import { constants } from "@clerk/backend/internal";
|
|
3
3
|
import { isDevelopmentFromSecretKey } from "@clerk/shared/keys";
|
|
4
|
-
import { logger } from "@clerk/shared/logger";
|
|
5
4
|
import { isHttpOrHttps } from "@clerk/shared/proxy";
|
|
6
5
|
import { handleValueOrFn, isProductionEnvironment } from "@clerk/shared/utils";
|
|
7
6
|
import { NextResponse } from "next/server";
|
|
@@ -13,6 +12,7 @@ import {
|
|
|
13
12
|
authSignatureInvalid,
|
|
14
13
|
encryptionKeyInvalid,
|
|
15
14
|
encryptionKeyInvalidDev,
|
|
15
|
+
encryptionKeyMissing,
|
|
16
16
|
missingDomainAndProxy,
|
|
17
17
|
missingSignInUrlInDev
|
|
18
18
|
} from "./errors";
|
|
@@ -130,10 +130,7 @@ function encryptClerkRequestData(requestData, keylessModeKeys, machineAuthObject
|
|
|
130
130
|
return;
|
|
131
131
|
}
|
|
132
132
|
if (requestData.secretKey && !ENCRYPTION_KEY) {
|
|
133
|
-
|
|
134
|
-
"Clerk: Missing `CLERK_ENCRYPTION_KEY`. Required for propagating `secretKey` middleware option. See docs: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys"
|
|
135
|
-
);
|
|
136
|
-
return;
|
|
133
|
+
throw new Error(encryptionKeyMissing);
|
|
137
134
|
}
|
|
138
135
|
const maybeKeylessEncryptionKey = isProductionEnvironment() ? ENCRYPTION_KEY || assertKey(SECRET_KEY, () => errorThrower.throwMissingSecretKeyError()) : ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY;
|
|
139
136
|
return AES.encrypt(
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import type { AuthObject } from '@clerk/backend';\nimport type { AuthenticateRequestOptions, ClerkRequest, RequestState } from '@clerk/backend/internal';\nimport { constants } from '@clerk/backend/internal';\nimport { isDevelopmentFromSecretKey } from '@clerk/shared/keys';\nimport { logger } from '@clerk/shared/logger';\nimport { isHttpOrHttps } from '@clerk/shared/proxy';\nimport { handleValueOrFn, isProductionEnvironment } from '@clerk/shared/utils';\nimport { NextResponse } from 'next/server';\n\nimport { constants as nextConstants } from '../constants';\nimport { canUseKeyless } from '../utils/feature-flags';\nimport { AES, HmacSHA1, Utf8 } from '../vendor/crypto-es';\nimport { DOMAIN, ENCRYPTION_KEY, IS_SATELLITE, PROXY_URL, SECRET_KEY, SIGN_IN_URL } from './constants';\nimport {\n authSignatureInvalid,\n encryptionKeyInvalid,\n encryptionKeyInvalidDev,\n missingDomainAndProxy,\n missingSignInUrlInDev,\n} from './errors';\nimport { errorThrower } from './errorThrower';\nimport { detectClerkMiddleware } from './headers-utils';\nimport type { RequestLike } from './types';\n\nconst OVERRIDE_HEADERS = 'x-middleware-override-headers';\nconst MIDDLEWARE_HEADER_PREFIX = 'x-middleware-request' as string;\n\nexport const setRequestHeadersOnNextResponse = (\n res: NextResponse | Response,\n req: Request,\n newHeaders: Record<string, string>,\n) => {\n if (!res.headers.get(OVERRIDE_HEADERS)) {\n // Emulate a user setting overrides by explicitly adding the required nextjs headers\n // https://github.com/vercel/next.js/pull/41380\n // @ts-expect-error -- property keys does not exist on type Headers\n res.headers.set(OVERRIDE_HEADERS, [...req.headers.keys()]);\n req.headers.forEach((val, key) => {\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n });\n }\n\n // Now that we have normalised res to include overrides, just append the new header\n Object.entries(newHeaders).forEach(([key, val]) => {\n res.headers.set(OVERRIDE_HEADERS, `${res.headers.get(OVERRIDE_HEADERS)},${key}`);\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n });\n};\n\n// Auth result will be set as both a query param & header when applicable\nexport function decorateRequest(\n req: ClerkRequest,\n res: Response,\n requestState: RequestState,\n requestData: AuthenticateRequestOptions,\n keylessMode: Pick<AuthenticateRequestOptions, 'publishableKey' | 'secretKey'>,\n machineAuthObject: AuthObject | null,\n): Response {\n const { reason, message, status, token } = requestState;\n // pass-through case, convert to next()\n if (!res) {\n res = NextResponse.next();\n }\n\n // redirect() case, return early\n if (res.headers.get(nextConstants.Headers.NextRedirect)) {\n return res;\n }\n\n let rewriteURL;\n\n // next() case, convert to a rewrite\n if (res.headers.get(nextConstants.Headers.NextResume) === '1') {\n res.headers.delete(nextConstants.Headers.NextResume);\n rewriteURL = new URL(req.url);\n }\n\n // rewrite() case, set auth result only if origin remains the same\n const rewriteURLHeader = res.headers.get(nextConstants.Headers.NextRewrite);\n\n if (rewriteURLHeader) {\n const reqURL = new URL(req.url);\n rewriteURL = new URL(rewriteURLHeader);\n\n // if the origin has changed, return early\n if (rewriteURL.origin !== reqURL.origin) {\n return res;\n }\n }\n\n if (rewriteURL) {\n const clerkRequestData = encryptClerkRequestData(requestData, keylessMode, machineAuthObject);\n\n setRequestHeadersOnNextResponse(res, req, {\n [constants.Headers.AuthStatus]: status,\n [constants.Headers.AuthToken]: token || '',\n [constants.Headers.AuthSignature]: token\n ? createTokenSignature(token, requestData?.secretKey || SECRET_KEY || keylessMode.secretKey || '')\n : '',\n [constants.Headers.AuthMessage]: message || '',\n [constants.Headers.AuthReason]: reason || '',\n [constants.Headers.ClerkUrl]: req.clerkUrl.toString(),\n ...(clerkRequestData ? { [constants.Headers.ClerkRequestData]: clerkRequestData } : {}),\n });\n res.headers.set(nextConstants.Headers.NextRewrite, rewriteURL.href);\n }\n\n return res;\n}\n\nexport const handleMultiDomainAndProxy = (clerkRequest: ClerkRequest, opts: AuthenticateRequestOptions) => {\n const relativeOrAbsoluteProxyUrl = handleValueOrFn(opts?.proxyUrl, clerkRequest.clerkUrl, PROXY_URL);\n\n let proxyUrl;\n if (!!relativeOrAbsoluteProxyUrl && !isHttpOrHttps(relativeOrAbsoluteProxyUrl)) {\n proxyUrl = new URL(relativeOrAbsoluteProxyUrl, clerkRequest.clerkUrl).toString();\n } else {\n proxyUrl = relativeOrAbsoluteProxyUrl;\n }\n\n const isSatellite = handleValueOrFn(opts.isSatellite, new URL(clerkRequest.url), IS_SATELLITE);\n const domain = handleValueOrFn(opts.domain, new URL(clerkRequest.url), DOMAIN);\n const signInUrl = opts?.signInUrl || SIGN_IN_URL;\n\n if (isSatellite && !proxyUrl && !domain) {\n throw new Error(missingDomainAndProxy);\n }\n\n if (isSatellite && !isHttpOrHttps(signInUrl) && isDevelopmentFromSecretKey(opts.secretKey || SECRET_KEY)) {\n throw new Error(missingSignInUrlInDev);\n }\n\n return {\n proxyUrl,\n isSatellite,\n domain,\n signInUrl,\n };\n};\n\nexport const redirectAdapter = (url: string | URL) => {\n return NextResponse.redirect(url, { headers: { [constants.Headers.ClerkRedirectTo]: 'true' } });\n};\n\nexport function assertAuthStatus(req: RequestLike, error: string) {\n if (!detectClerkMiddleware(req)) {\n throw new Error(error);\n }\n}\n\nexport function assertKey(key: string | undefined, onError: () => never): string {\n if (!key) {\n onError();\n }\n\n return key;\n}\n\n/**\n * Compute a cryptographic signature from a session token and provided secret key. Used to validate that the token has not been modified when transferring between middleware and the Next.js origin.\n */\nfunction createTokenSignature(token: string, key: string): string {\n return HmacSHA1(token, key).toString();\n}\n\n/**\n * Assert that the provided token generates a matching signature.\n */\nexport function assertTokenSignature(token: string, key: string, signature?: string | null) {\n if (!signature) {\n throw new Error(authSignatureInvalid);\n }\n\n const expectedSignature = createTokenSignature(token, key);\n if (expectedSignature !== signature) {\n throw new Error(authSignatureInvalid);\n }\n}\n\nconst KEYLESS_ENCRYPTION_KEY = 'clerk_keyless_dummy_key';\n\n/**\n * Encrypt request data propagated between server requests.\n * @internal\n **/\nexport function encryptClerkRequestData(\n requestData: Partial<AuthenticateRequestOptions>,\n keylessModeKeys: Pick<AuthenticateRequestOptions, 'publishableKey' | 'secretKey'>,\n machineAuthObject: AuthObject | null,\n) {\n const isEmpty = (obj: Record<string, any> | undefined) => {\n if (!obj) {\n return true;\n }\n return !Object.values(obj).some(v => v !== undefined);\n };\n\n if (isEmpty(requestData) && isEmpty(keylessModeKeys) && !machineAuthObject) {\n return;\n }\n\n if (requestData.secretKey && !ENCRYPTION_KEY) {\n // TODO SDK-1833: change this to an error in the next major version of `@clerk/nextjs`\n logger.warnOnce(\n 'Clerk: Missing `CLERK_ENCRYPTION_KEY`. Required for propagating `secretKey` middleware option. See docs: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys',\n );\n\n return;\n }\n\n const maybeKeylessEncryptionKey = isProductionEnvironment()\n ? ENCRYPTION_KEY || assertKey(SECRET_KEY, () => errorThrower.throwMissingSecretKeyError())\n : ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY;\n\n return AES.encrypt(\n JSON.stringify({ ...keylessModeKeys, ...requestData, machineAuthObject: machineAuthObject ?? undefined }),\n maybeKeylessEncryptionKey,\n ).toString();\n}\n\n/**\n * Decrypt request data propagated between server requests.\n * @internal\n */\nexport function decryptClerkRequestData(\n encryptedRequestData?: string | undefined | null,\n): Partial<AuthenticateRequestOptions> & { machineAuthObject?: AuthObject } {\n if (!encryptedRequestData) {\n return {};\n }\n\n const maybeKeylessEncryptionKey = isProductionEnvironment()\n ? ENCRYPTION_KEY || SECRET_KEY\n : ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY;\n\n try {\n return decryptData(encryptedRequestData, maybeKeylessEncryptionKey);\n } catch {\n /**\n * There is a great chance when running in Keyless mode that the above fails,\n * because the keys hot-swapped and the Next.js dev server has not yet fully rebuilt middleware and routes.\n *\n * Attempt one more time with the default dummy value.\n */\n if (canUseKeyless) {\n try {\n return decryptData(encryptedRequestData, KEYLESS_ENCRYPTION_KEY);\n } catch {\n throwInvalidEncryptionKey();\n }\n }\n throwInvalidEncryptionKey();\n }\n}\n\nfunction throwInvalidEncryptionKey(): never {\n if (isProductionEnvironment()) {\n throw new Error(encryptionKeyInvalid);\n }\n throw new Error(encryptionKeyInvalidDev);\n}\n\nfunction decryptData(data: string, key: string) {\n const decryptedBytes = AES.decrypt(data, key);\n const encoded = decryptedBytes.toString(Utf8);\n return JSON.parse(encoded);\n}\n"],"mappings":";AAEA,SAAS,iBAAiB;AAC1B,SAAS,kCAAkC;AAC3C,SAAS,cAAc;AACvB,SAAS,qBAAqB;AAC9B,SAAS,iBAAiB,+BAA+B;AACzD,SAAS,oBAAoB;AAE7B,SAAS,aAAa,qBAAqB;AAC3C,SAAS,qBAAqB;AAC9B,SAAS,KAAK,UAAU,YAAY;AACpC,SAAS,QAAQ,gBAAgB,cAAc,WAAW,YAAY,mBAAmB;AACzF;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,oBAAoB;AAC7B,SAAS,6BAA6B;AAGtC,MAAM,mBAAmB;AACzB,MAAM,2BAA2B;AAE1B,MAAM,kCAAkC,CAC7C,KACA,KACA,eACG;AACH,MAAI,CAAC,IAAI,QAAQ,IAAI,gBAAgB,GAAG;AAItC,QAAI,QAAQ,IAAI,kBAAkB,CAAC,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAC;AACzD,QAAI,QAAQ,QAAQ,CAAC,KAAK,QAAQ;AAChC,UAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,IAC3D,CAAC;AAAA,EACH;AAGA,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,GAAG,MAAM;AACjD,QAAI,QAAQ,IAAI,kBAAkB,GAAG,IAAI,QAAQ,IAAI,gBAAgB,CAAC,IAAI,GAAG,EAAE;AAC/E,QAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,EAC3D,CAAC;AACH;AAGO,SAAS,gBACd,KACA,KACA,cACA,aACA,aACA,mBACU;AACV,QAAM,EAAE,QAAQ,SAAS,QAAQ,MAAM,IAAI;AAE3C,MAAI,CAAC,KAAK;AACR,UAAM,aAAa,KAAK;AAAA,EAC1B;AAGA,MAAI,IAAI,QAAQ,IAAI,cAAc,QAAQ,YAAY,GAAG;AACvD,WAAO;AAAA,EACT;AAEA,MAAI;AAGJ,MAAI,IAAI,QAAQ,IAAI,cAAc,QAAQ,UAAU,MAAM,KAAK;AAC7D,QAAI,QAAQ,OAAO,cAAc,QAAQ,UAAU;AACnD,iBAAa,IAAI,IAAI,IAAI,GAAG;AAAA,EAC9B;AAGA,QAAM,mBAAmB,IAAI,QAAQ,IAAI,cAAc,QAAQ,WAAW;AAE1E,MAAI,kBAAkB;AACpB,UAAM,SAAS,IAAI,IAAI,IAAI,GAAG;AAC9B,iBAAa,IAAI,IAAI,gBAAgB;AAGrC,QAAI,WAAW,WAAW,OAAO,QAAQ;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,YAAY;AACd,UAAM,mBAAmB,wBAAwB,aAAa,aAAa,iBAAiB;AAE5F,oCAAgC,KAAK,KAAK;AAAA,MACxC,CAAC,UAAU,QAAQ,UAAU,GAAG;AAAA,MAChC,CAAC,UAAU,QAAQ,SAAS,GAAG,SAAS;AAAA,MACxC,CAAC,UAAU,QAAQ,aAAa,GAAG,QAC/B,qBAAqB,QAAO,2CAAa,cAAa,cAAc,YAAY,aAAa,EAAE,IAC/F;AAAA,MACJ,CAAC,UAAU,QAAQ,WAAW,GAAG,WAAW;AAAA,MAC5C,CAAC,UAAU,QAAQ,UAAU,GAAG,UAAU;AAAA,MAC1C,CAAC,UAAU,QAAQ,QAAQ,GAAG,IAAI,SAAS,SAAS;AAAA,MACpD,GAAI,mBAAmB,EAAE,CAAC,UAAU,QAAQ,gBAAgB,GAAG,iBAAiB,IAAI,CAAC;AAAA,IACvF,CAAC;AACD,QAAI,QAAQ,IAAI,cAAc,QAAQ,aAAa,WAAW,IAAI;AAAA,EACpE;AAEA,SAAO;AACT;AAEO,MAAM,4BAA4B,CAAC,cAA4B,SAAqC;AACzG,QAAM,6BAA6B,gBAAgB,6BAAM,UAAU,aAAa,UAAU,SAAS;AAEnG,MAAI;AACJ,MAAI,CAAC,CAAC,8BAA8B,CAAC,cAAc,0BAA0B,GAAG;AAC9E,eAAW,IAAI,IAAI,4BAA4B,aAAa,QAAQ,EAAE,SAAS;AAAA,EACjF,OAAO;AACL,eAAW;AAAA,EACb;AAEA,QAAM,cAAc,gBAAgB,KAAK,aAAa,IAAI,IAAI,aAAa,GAAG,GAAG,YAAY;AAC7F,QAAM,SAAS,gBAAgB,KAAK,QAAQ,IAAI,IAAI,aAAa,GAAG,GAAG,MAAM;AAC7E,QAAM,aAAY,6BAAM,cAAa;AAErC,MAAI,eAAe,CAAC,YAAY,CAAC,QAAQ;AACvC,UAAM,IAAI,MAAM,qBAAqB;AAAA,EACvC;AAEA,MAAI,eAAe,CAAC,cAAc,SAAS,KAAK,2BAA2B,KAAK,aAAa,UAAU,GAAG;AACxG,UAAM,IAAI,MAAM,qBAAqB;AAAA,EACvC;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,aAAa,SAAS,KAAK,EAAE,SAAS,EAAE,CAAC,UAAU,QAAQ,eAAe,GAAG,OAAO,EAAE,CAAC;AAChG;AAEO,SAAS,iBAAiB,KAAkB,OAAe;AAChE,MAAI,CAAC,sBAAsB,GAAG,GAAG;AAC/B,UAAM,IAAI,MAAM,KAAK;AAAA,EACvB;AACF;AAEO,SAAS,UAAU,KAAyB,SAA8B;AAC/E,MAAI,CAAC,KAAK;AACR,YAAQ;AAAA,EACV;AAEA,SAAO;AACT;AAKA,SAAS,qBAAqB,OAAe,KAAqB;AAChE,SAAO,SAAS,OAAO,GAAG,EAAE,SAAS;AACvC;AAKO,SAAS,qBAAqB,OAAe,KAAa,WAA2B;AAC1F,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,oBAAoB,qBAAqB,OAAO,GAAG;AACzD,MAAI,sBAAsB,WAAW;AACnC,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AACF;AAEA,MAAM,yBAAyB;AAMxB,SAAS,wBACd,aACA,iBACA,mBACA;AACA,QAAM,UAAU,CAAC,QAAyC;AACxD,QAAI,CAAC,KAAK;AACR,aAAO;AAAA,IACT;AACA,WAAO,CAAC,OAAO,OAAO,GAAG,EAAE,KAAK,OAAK,MAAM,MAAS;AAAA,EACtD;AAEA,MAAI,QAAQ,WAAW,KAAK,QAAQ,eAAe,KAAK,CAAC,mBAAmB;AAC1E;AAAA,EACF;AAEA,MAAI,YAAY,aAAa,CAAC,gBAAgB;AAE5C,WAAO;AAAA,MACL;AAAA,IACF;AAEA;AAAA,EACF;AAEA,QAAM,4BAA4B,wBAAwB,IACtD,kBAAkB,UAAU,YAAY,MAAM,aAAa,2BAA2B,CAAC,IACvF,kBAAkB,cAAc;AAEpC,SAAO,IAAI;AAAA,IACT,KAAK,UAAU,EAAE,GAAG,iBAAiB,GAAG,aAAa,mBAAmB,gDAAqB,OAAU,CAAC;AAAA,IACxG;AAAA,EACF,EAAE,SAAS;AACb;AAMO,SAAS,wBACd,sBAC0E;AAC1E,MAAI,CAAC,sBAAsB;AACzB,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,4BAA4B,wBAAwB,IACtD,kBAAkB,aAClB,kBAAkB,cAAc;AAEpC,MAAI;AACF,WAAO,YAAY,sBAAsB,yBAAyB;AAAA,EACpE,QAAQ;AAON,QAAI,eAAe;AACjB,UAAI;AACF,eAAO,YAAY,sBAAsB,sBAAsB;AAAA,MACjE,QAAQ;AACN,kCAA0B;AAAA,MAC5B;AAAA,IACF;AACA,8BAA0B;AAAA,EAC5B;AACF;AAEA,SAAS,4BAAmC;AAC1C,MAAI,wBAAwB,GAAG;AAC7B,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AACA,QAAM,IAAI,MAAM,uBAAuB;AACzC;AAEA,SAAS,YAAY,MAAc,KAAa;AAC9C,QAAM,iBAAiB,IAAI,QAAQ,MAAM,GAAG;AAC5C,QAAM,UAAU,eAAe,SAAS,IAAI;AAC5C,SAAO,KAAK,MAAM,OAAO;AAC3B;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import type { AuthObject } from '@clerk/backend';\nimport type { AuthenticateRequestOptions, ClerkRequest, RequestState } from '@clerk/backend/internal';\nimport { constants } from '@clerk/backend/internal';\nimport { isDevelopmentFromSecretKey } from '@clerk/shared/keys';\nimport { isHttpOrHttps } from '@clerk/shared/proxy';\nimport { handleValueOrFn, isProductionEnvironment } from '@clerk/shared/utils';\nimport { NextResponse } from 'next/server';\n\nimport { constants as nextConstants } from '../constants';\nimport { canUseKeyless } from '../utils/feature-flags';\nimport { AES, HmacSHA1, Utf8 } from '../vendor/crypto-es';\nimport { DOMAIN, ENCRYPTION_KEY, IS_SATELLITE, PROXY_URL, SECRET_KEY, SIGN_IN_URL } from './constants';\nimport {\n authSignatureInvalid,\n encryptionKeyInvalid,\n encryptionKeyInvalidDev,\n encryptionKeyMissing,\n missingDomainAndProxy,\n missingSignInUrlInDev,\n} from './errors';\nimport { errorThrower } from './errorThrower';\nimport { detectClerkMiddleware } from './headers-utils';\nimport type { RequestLike } from './types';\n\nconst OVERRIDE_HEADERS = 'x-middleware-override-headers';\nconst MIDDLEWARE_HEADER_PREFIX = 'x-middleware-request' as string;\n\nexport const setRequestHeadersOnNextResponse = (\n res: NextResponse | Response,\n req: Request,\n newHeaders: Record<string, string>,\n) => {\n if (!res.headers.get(OVERRIDE_HEADERS)) {\n // Emulate a user setting overrides by explicitly adding the required nextjs headers\n // https://github.com/vercel/next.js/pull/41380\n // @ts-expect-error -- property keys does not exist on type Headers\n res.headers.set(OVERRIDE_HEADERS, [...req.headers.keys()]);\n req.headers.forEach((val, key) => {\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n });\n }\n\n // Now that we have normalised res to include overrides, just append the new header\n Object.entries(newHeaders).forEach(([key, val]) => {\n res.headers.set(OVERRIDE_HEADERS, `${res.headers.get(OVERRIDE_HEADERS)},${key}`);\n res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n });\n};\n\n// Auth result will be set as both a query param & header when applicable\nexport function decorateRequest(\n req: ClerkRequest,\n res: Response,\n requestState: RequestState,\n requestData: AuthenticateRequestOptions,\n keylessMode: Pick<AuthenticateRequestOptions, 'publishableKey' | 'secretKey'>,\n machineAuthObject: AuthObject | null,\n): Response {\n const { reason, message, status, token } = requestState;\n // pass-through case, convert to next()\n if (!res) {\n res = NextResponse.next();\n }\n\n // redirect() case, return early\n if (res.headers.get(nextConstants.Headers.NextRedirect)) {\n return res;\n }\n\n let rewriteURL;\n\n // next() case, convert to a rewrite\n if (res.headers.get(nextConstants.Headers.NextResume) === '1') {\n res.headers.delete(nextConstants.Headers.NextResume);\n rewriteURL = new URL(req.url);\n }\n\n // rewrite() case, set auth result only if origin remains the same\n const rewriteURLHeader = res.headers.get(nextConstants.Headers.NextRewrite);\n\n if (rewriteURLHeader) {\n const reqURL = new URL(req.url);\n rewriteURL = new URL(rewriteURLHeader);\n\n // if the origin has changed, return early\n if (rewriteURL.origin !== reqURL.origin) {\n return res;\n }\n }\n\n if (rewriteURL) {\n const clerkRequestData = encryptClerkRequestData(requestData, keylessMode, machineAuthObject);\n\n setRequestHeadersOnNextResponse(res, req, {\n [constants.Headers.AuthStatus]: status,\n [constants.Headers.AuthToken]: token || '',\n [constants.Headers.AuthSignature]: token\n ? createTokenSignature(token, requestData?.secretKey || SECRET_KEY || keylessMode.secretKey || '')\n : '',\n [constants.Headers.AuthMessage]: message || '',\n [constants.Headers.AuthReason]: reason || '',\n [constants.Headers.ClerkUrl]: req.clerkUrl.toString(),\n ...(clerkRequestData ? { [constants.Headers.ClerkRequestData]: clerkRequestData } : {}),\n });\n res.headers.set(nextConstants.Headers.NextRewrite, rewriteURL.href);\n }\n\n return res;\n}\n\nexport const handleMultiDomainAndProxy = (clerkRequest: ClerkRequest, opts: AuthenticateRequestOptions) => {\n const relativeOrAbsoluteProxyUrl = handleValueOrFn(opts?.proxyUrl, clerkRequest.clerkUrl, PROXY_URL);\n\n let proxyUrl;\n if (!!relativeOrAbsoluteProxyUrl && !isHttpOrHttps(relativeOrAbsoluteProxyUrl)) {\n proxyUrl = new URL(relativeOrAbsoluteProxyUrl, clerkRequest.clerkUrl).toString();\n } else {\n proxyUrl = relativeOrAbsoluteProxyUrl;\n }\n\n const isSatellite = handleValueOrFn(opts.isSatellite, new URL(clerkRequest.url), IS_SATELLITE);\n const domain = handleValueOrFn(opts.domain, new URL(clerkRequest.url), DOMAIN);\n const signInUrl = opts?.signInUrl || SIGN_IN_URL;\n\n if (isSatellite && !proxyUrl && !domain) {\n throw new Error(missingDomainAndProxy);\n }\n\n if (isSatellite && !isHttpOrHttps(signInUrl) && isDevelopmentFromSecretKey(opts.secretKey || SECRET_KEY)) {\n throw new Error(missingSignInUrlInDev);\n }\n\n return {\n proxyUrl,\n isSatellite,\n domain,\n signInUrl,\n };\n};\n\nexport const redirectAdapter = (url: string | URL) => {\n return NextResponse.redirect(url, { headers: { [constants.Headers.ClerkRedirectTo]: 'true' } });\n};\n\nexport function assertAuthStatus(req: RequestLike, error: string) {\n if (!detectClerkMiddleware(req)) {\n throw new Error(error);\n }\n}\n\nexport function assertKey(key: string | undefined, onError: () => never): string {\n if (!key) {\n onError();\n }\n\n return key;\n}\n\n/**\n * Compute a cryptographic signature from a session token and provided secret key. Used to validate that the token has not been modified when transferring between middleware and the Next.js origin.\n */\nfunction createTokenSignature(token: string, key: string): string {\n return HmacSHA1(token, key).toString();\n}\n\n/**\n * Assert that the provided token generates a matching signature.\n */\nexport function assertTokenSignature(token: string, key: string, signature?: string | null) {\n if (!signature) {\n throw new Error(authSignatureInvalid);\n }\n\n const expectedSignature = createTokenSignature(token, key);\n if (expectedSignature !== signature) {\n throw new Error(authSignatureInvalid);\n }\n}\n\nconst KEYLESS_ENCRYPTION_KEY = 'clerk_keyless_dummy_key';\n\n/**\n * Encrypt request data propagated between server requests.\n * @internal\n **/\nexport function encryptClerkRequestData(\n requestData: Partial<AuthenticateRequestOptions>,\n keylessModeKeys: Pick<AuthenticateRequestOptions, 'publishableKey' | 'secretKey'>,\n machineAuthObject: AuthObject | null,\n) {\n const isEmpty = (obj: Record<string, any> | undefined) => {\n if (!obj) {\n return true;\n }\n return !Object.values(obj).some(v => v !== undefined);\n };\n\n if (isEmpty(requestData) && isEmpty(keylessModeKeys) && !machineAuthObject) {\n return;\n }\n\n if (requestData.secretKey && !ENCRYPTION_KEY) {\n throw new Error(encryptionKeyMissing);\n }\n\n const maybeKeylessEncryptionKey = isProductionEnvironment()\n ? ENCRYPTION_KEY || assertKey(SECRET_KEY, () => errorThrower.throwMissingSecretKeyError())\n : ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY;\n\n return AES.encrypt(\n JSON.stringify({ ...keylessModeKeys, ...requestData, machineAuthObject: machineAuthObject ?? undefined }),\n maybeKeylessEncryptionKey,\n ).toString();\n}\n\n/**\n * Decrypt request data propagated between server requests.\n * @internal\n */\nexport function decryptClerkRequestData(\n encryptedRequestData?: string | undefined | null,\n): Partial<AuthenticateRequestOptions> & { machineAuthObject?: AuthObject } {\n if (!encryptedRequestData) {\n return {};\n }\n\n const maybeKeylessEncryptionKey = isProductionEnvironment()\n ? ENCRYPTION_KEY || SECRET_KEY\n : ENCRYPTION_KEY || SECRET_KEY || KEYLESS_ENCRYPTION_KEY;\n\n try {\n return decryptData(encryptedRequestData, maybeKeylessEncryptionKey);\n } catch {\n /**\n * There is a great chance when running in Keyless mode that the above fails,\n * because the keys hot-swapped and the Next.js dev server has not yet fully rebuilt middleware and routes.\n *\n * Attempt one more time with the default dummy value.\n */\n if (canUseKeyless) {\n try {\n return decryptData(encryptedRequestData, KEYLESS_ENCRYPTION_KEY);\n } catch {\n throwInvalidEncryptionKey();\n }\n }\n throwInvalidEncryptionKey();\n }\n}\n\nfunction throwInvalidEncryptionKey(): never {\n if (isProductionEnvironment()) {\n throw new Error(encryptionKeyInvalid);\n }\n throw new Error(encryptionKeyInvalidDev);\n}\n\nfunction decryptData(data: string, key: string) {\n const decryptedBytes = AES.decrypt(data, key);\n const encoded = decryptedBytes.toString(Utf8);\n return JSON.parse(encoded);\n}\n"],"mappings":";AAEA,SAAS,iBAAiB;AAC1B,SAAS,kCAAkC;AAC3C,SAAS,qBAAqB;AAC9B,SAAS,iBAAiB,+BAA+B;AACzD,SAAS,oBAAoB;AAE7B,SAAS,aAAa,qBAAqB;AAC3C,SAAS,qBAAqB;AAC9B,SAAS,KAAK,UAAU,YAAY;AACpC,SAAS,QAAQ,gBAAgB,cAAc,WAAW,YAAY,mBAAmB;AACzF;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,oBAAoB;AAC7B,SAAS,6BAA6B;AAGtC,MAAM,mBAAmB;AACzB,MAAM,2BAA2B;AAE1B,MAAM,kCAAkC,CAC7C,KACA,KACA,eACG;AACH,MAAI,CAAC,IAAI,QAAQ,IAAI,gBAAgB,GAAG;AAItC,QAAI,QAAQ,IAAI,kBAAkB,CAAC,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAC;AACzD,QAAI,QAAQ,QAAQ,CAAC,KAAK,QAAQ;AAChC,UAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,IAC3D,CAAC;AAAA,EACH;AAGA,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,GAAG,MAAM;AACjD,QAAI,QAAQ,IAAI,kBAAkB,GAAG,IAAI,QAAQ,IAAI,gBAAgB,CAAC,IAAI,GAAG,EAAE;AAC/E,QAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,EAC3D,CAAC;AACH;AAGO,SAAS,gBACd,KACA,KACA,cACA,aACA,aACA,mBACU;AACV,QAAM,EAAE,QAAQ,SAAS,QAAQ,MAAM,IAAI;AAE3C,MAAI,CAAC,KAAK;AACR,UAAM,aAAa,KAAK;AAAA,EAC1B;AAGA,MAAI,IAAI,QAAQ,IAAI,cAAc,QAAQ,YAAY,GAAG;AACvD,WAAO;AAAA,EACT;AAEA,MAAI;AAGJ,MAAI,IAAI,QAAQ,IAAI,cAAc,QAAQ,UAAU,MAAM,KAAK;AAC7D,QAAI,QAAQ,OAAO,cAAc,QAAQ,UAAU;AACnD,iBAAa,IAAI,IAAI,IAAI,GAAG;AAAA,EAC9B;AAGA,QAAM,mBAAmB,IAAI,QAAQ,IAAI,cAAc,QAAQ,WAAW;AAE1E,MAAI,kBAAkB;AACpB,UAAM,SAAS,IAAI,IAAI,IAAI,GAAG;AAC9B,iBAAa,IAAI,IAAI,gBAAgB;AAGrC,QAAI,WAAW,WAAW,OAAO,QAAQ;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,YAAY;AACd,UAAM,mBAAmB,wBAAwB,aAAa,aAAa,iBAAiB;AAE5F,oCAAgC,KAAK,KAAK;AAAA,MACxC,CAAC,UAAU,QAAQ,UAAU,GAAG;AAAA,MAChC,CAAC,UAAU,QAAQ,SAAS,GAAG,SAAS;AAAA,MACxC,CAAC,UAAU,QAAQ,aAAa,GAAG,QAC/B,qBAAqB,QAAO,2CAAa,cAAa,cAAc,YAAY,aAAa,EAAE,IAC/F;AAAA,MACJ,CAAC,UAAU,QAAQ,WAAW,GAAG,WAAW;AAAA,MAC5C,CAAC,UAAU,QAAQ,UAAU,GAAG,UAAU;AAAA,MAC1C,CAAC,UAAU,QAAQ,QAAQ,GAAG,IAAI,SAAS,SAAS;AAAA,MACpD,GAAI,mBAAmB,EAAE,CAAC,UAAU,QAAQ,gBAAgB,GAAG,iBAAiB,IAAI,CAAC;AAAA,IACvF,CAAC;AACD,QAAI,QAAQ,IAAI,cAAc,QAAQ,aAAa,WAAW,IAAI;AAAA,EACpE;AAEA,SAAO;AACT;AAEO,MAAM,4BAA4B,CAAC,cAA4B,SAAqC;AACzG,QAAM,6BAA6B,gBAAgB,6BAAM,UAAU,aAAa,UAAU,SAAS;AAEnG,MAAI;AACJ,MAAI,CAAC,CAAC,8BAA8B,CAAC,cAAc,0BAA0B,GAAG;AAC9E,eAAW,IAAI,IAAI,4BAA4B,aAAa,QAAQ,EAAE,SAAS;AAAA,EACjF,OAAO;AACL,eAAW;AAAA,EACb;AAEA,QAAM,cAAc,gBAAgB,KAAK,aAAa,IAAI,IAAI,aAAa,GAAG,GAAG,YAAY;AAC7F,QAAM,SAAS,gBAAgB,KAAK,QAAQ,IAAI,IAAI,aAAa,GAAG,GAAG,MAAM;AAC7E,QAAM,aAAY,6BAAM,cAAa;AAErC,MAAI,eAAe,CAAC,YAAY,CAAC,QAAQ;AACvC,UAAM,IAAI,MAAM,qBAAqB;AAAA,EACvC;AAEA,MAAI,eAAe,CAAC,cAAc,SAAS,KAAK,2BAA2B,KAAK,aAAa,UAAU,GAAG;AACxG,UAAM,IAAI,MAAM,qBAAqB;AAAA,EACvC;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,aAAa,SAAS,KAAK,EAAE,SAAS,EAAE,CAAC,UAAU,QAAQ,eAAe,GAAG,OAAO,EAAE,CAAC;AAChG;AAEO,SAAS,iBAAiB,KAAkB,OAAe;AAChE,MAAI,CAAC,sBAAsB,GAAG,GAAG;AAC/B,UAAM,IAAI,MAAM,KAAK;AAAA,EACvB;AACF;AAEO,SAAS,UAAU,KAAyB,SAA8B;AAC/E,MAAI,CAAC,KAAK;AACR,YAAQ;AAAA,EACV;AAEA,SAAO;AACT;AAKA,SAAS,qBAAqB,OAAe,KAAqB;AAChE,SAAO,SAAS,OAAO,GAAG,EAAE,SAAS;AACvC;AAKO,SAAS,qBAAqB,OAAe,KAAa,WAA2B;AAC1F,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,oBAAoB,qBAAqB,OAAO,GAAG;AACzD,MAAI,sBAAsB,WAAW;AACnC,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AACF;AAEA,MAAM,yBAAyB;AAMxB,SAAS,wBACd,aACA,iBACA,mBACA;AACA,QAAM,UAAU,CAAC,QAAyC;AACxD,QAAI,CAAC,KAAK;AACR,aAAO;AAAA,IACT;AACA,WAAO,CAAC,OAAO,OAAO,GAAG,EAAE,KAAK,OAAK,MAAM,MAAS;AAAA,EACtD;AAEA,MAAI,QAAQ,WAAW,KAAK,QAAQ,eAAe,KAAK,CAAC,mBAAmB;AAC1E;AAAA,EACF;AAEA,MAAI,YAAY,aAAa,CAAC,gBAAgB;AAC5C,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,4BAA4B,wBAAwB,IACtD,kBAAkB,UAAU,YAAY,MAAM,aAAa,2BAA2B,CAAC,IACvF,kBAAkB,cAAc;AAEpC,SAAO,IAAI;AAAA,IACT,KAAK,UAAU,EAAE,GAAG,iBAAiB,GAAG,aAAa,mBAAmB,gDAAqB,OAAU,CAAC;AAAA,IACxG;AAAA,EACF,EAAE,SAAS;AACb;AAMO,SAAS,wBACd,sBAC0E;AAC1E,MAAI,CAAC,sBAAsB;AACzB,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,4BAA4B,wBAAwB,IACtD,kBAAkB,aAClB,kBAAkB,cAAc;AAEpC,MAAI;AACF,WAAO,YAAY,sBAAsB,yBAAyB;AAAA,EACpE,QAAQ;AAON,QAAI,eAAe;AACjB,UAAI;AACF,eAAO,YAAY,sBAAsB,sBAAsB;AAAA,MACjE,QAAQ;AACN,kCAA0B;AAAA,MAC5B;AAAA,IACF;AACA,8BAA0B;AAAA,EAC5B;AACF;AAEA,SAAS,4BAAmC;AAC1C,MAAI,wBAAwB,GAAG;AAC7B,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AACA,QAAM,IAAI,MAAM,uBAAuB;AACzC;AAEA,SAAS,YAAY,MAAc,KAAa;AAC9C,QAAM,iBAAiB,IAAI,QAAQ,MAAM,GAAG;AAC5C,QAAM,UAAU,eAAe,SAAS,IAAI;AAC5C,SAAO,KAAK,MAAM,OAAO;AAC3B;","names":[]}
|
|
@@ -57,7 +57,7 @@ function debugLogHeader(name) {
|
|
|
57
57
|
return `[clerk debug start: ${name}]`;
|
|
58
58
|
}
|
|
59
59
|
function debugLogFooter(name) {
|
|
60
|
-
return `[clerk debug end: ${name}] (@clerk/nextjs=${"7.0.0-snapshot.
|
|
60
|
+
return `[clerk debug end: ${name}] (@clerk/nextjs=${"7.0.0-snapshot.v20251204175016"},next=${nextPkg.version},timestamp=${Math.round((/* @__PURE__ */ new Date()).getTime() / 1e3)})`;
|
|
61
61
|
}
|
|
62
62
|
function truncate(str, maxLength) {
|
|
63
63
|
const encoder = new TextEncoder();
|
|
@@ -2,5 +2,5 @@ import type { Ui } from '@clerk/react/internal';
|
|
|
2
2
|
import type { Without } from '@clerk/shared/types';
|
|
3
3
|
import React from 'react';
|
|
4
4
|
import type { NextClerkProviderProps } from '../../types';
|
|
5
|
-
export declare function ClerkProvider<TUi extends Ui = Ui>(props: Without<NextClerkProviderProps<TUi>, '
|
|
5
|
+
export declare function ClerkProvider<TUi extends Ui = Ui>(props: Without<NextClerkProviderProps<TUi>, '__internal_invokeMiddlewareOnAuthStateChange'>): Promise<React.JSX.Element>;
|
|
6
6
|
//# sourceMappingURL=ClerkProvider.d.ts.map
|
|
@@ -3,12 +3,12 @@ import type { Without } from '@clerk/shared/types';
|
|
|
3
3
|
import type { PropsWithChildren } from 'react';
|
|
4
4
|
import React from 'react';
|
|
5
5
|
import type { NextClerkProviderProps } from '../../types';
|
|
6
|
-
export declare function getKeylessStatus(params: Without<NextClerkProviderProps, '
|
|
6
|
+
export declare function getKeylessStatus(params: Without<NextClerkProviderProps, '__internal_invokeMiddlewareOnAuthStateChange'>): Promise<{
|
|
7
7
|
shouldRunAsKeyless: boolean;
|
|
8
8
|
runningWithClaimedKeys: boolean;
|
|
9
9
|
}>;
|
|
10
10
|
type KeylessProviderProps = PropsWithChildren<{
|
|
11
|
-
rest: Without<NextClerkProviderProps, '
|
|
11
|
+
rest: Without<NextClerkProviderProps, '__internal_invokeMiddlewareOnAuthStateChange'>;
|
|
12
12
|
runningWithClaimedKeys: boolean;
|
|
13
13
|
generateStatePromise: () => Promise<AuthObject | null>;
|
|
14
14
|
generateNonce: () => Promise<string>;
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const errorThrower: import("@clerk/shared/error-
|
|
1
|
+
export declare const errorThrower: import("@clerk/shared/error-CwbYlf2s").y;
|
|
2
2
|
//# sourceMappingURL=errorThrower.d.ts.map
|
|
@@ -5,4 +5,5 @@ export declare const authAuthHeaderMissing: (helperName?: string, prefixSteps?:
|
|
|
5
5
|
export declare const authSignatureInvalid = "Clerk: Unable to verify request, this usually means the Clerk middleware did not run. Ensure Clerk's middleware is properly integrated and matches the current route. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware. (code=auth_signature_invalid)";
|
|
6
6
|
export declare const encryptionKeyInvalid = "Clerk: Unable to decrypt request data, this usually means the encryption key is invalid. Ensure the encryption key is properly set. For more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)";
|
|
7
7
|
export declare const encryptionKeyInvalidDev = "Clerk: Unable to decrypt request data.\n\nRefresh the page if your .env file was just updated. If the issue persists, ensure the encryption key is valid and properly set.\n\nFor more information, see: https://clerk.com/docs/reference/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_invalid)";
|
|
8
|
+
export declare const encryptionKeyMissing = "Clerk: Missing `CLERK_ENCRYPTION_KEY`. Required for propagating `secretKey` middleware option. See docs: https://clerk.com/docs/references/nextjs/clerk-middleware#dynamic-keys. (code=encryption_key_missing)";
|
|
8
9
|
//# sourceMappingURL=errors.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/server/errors.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB,0UAQ9B,CAAC;AAEL,eAAO,MAAM,qBAAqB,4ZAQO,CAAC;AAE1C,eAAO,MAAM,wBAAwB,cAAyC,CAAC;AAE/E,eAAO,MAAM,qBAAqB,GAAI,mBAAmB,EAAE,cAAc,MAAM,EAAE,WAOhF,CAAC;AAEF,eAAO,MAAM,oBAAoB,6RAA6R,CAAC;AAE/T,eAAO,MAAM,oBAAoB,wQAAwQ,CAAC;AAE1S,eAAO,MAAM,uBAAuB,kTAAkT,CAAC"}
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/server/errors.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB,0UAQ9B,CAAC;AAEL,eAAO,MAAM,qBAAqB,4ZAQO,CAAC;AAE1C,eAAO,MAAM,wBAAwB,cAAyC,CAAC;AAE/E,eAAO,MAAM,qBAAqB,GAAI,mBAAmB,EAAE,cAAc,MAAM,EAAE,WAOhF,CAAC;AAEF,eAAO,MAAM,oBAAoB,6RAA6R,CAAC;AAE/T,eAAO,MAAM,oBAAoB,wQAAwQ,CAAC;AAE1S,eAAO,MAAM,uBAAuB,kTAAkT,CAAC;AACvV,eAAO,MAAM,oBAAoB,mNACiL,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"keyless-log-cache.d.ts","sourceRoot":"","sources":["../../../src/server/keyless-log-cache.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAuD7D,eAAO,MAAM,wBAAwB,GAAI,MAAM,sBAAsB,WAEpE,CAAC;AAEF,eAAO,MAAM,yBAAyB,cAErC,CAAC;AAEF,eAAO,MAAM,qBAAqB;;;
|
|
1
|
+
{"version":3,"file":"keyless-log-cache.d.ts","sourceRoot":"","sources":["../../../src/server/keyless-log-cache.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAuD7D,eAAO,MAAM,wBAAwB,GAAI,MAAM,sBAAsB,WAEpE,CAAC;AAEF,eAAO,MAAM,yBAAyB,cAErC,CAAC;AAEF,eAAO,MAAM,qBAAqB;;;YACE,CAAC;;;;;;;;sBAAyS,CAAC;oBAAkC,CAAC;;aADxT,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/server/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,KAAK,EAAE,0BAA0B,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/server/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,KAAK,EAAE,0BAA0B,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAKtG,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAgB3C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAK3C,eAAO,MAAM,+BAA+B,GAC1C,KAAK,YAAY,GAAG,QAAQ,EAC5B,KAAK,OAAO,EACZ,YAAY,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,SAiBnC,CAAC;AAGF,wBAAgB,eAAe,CAC7B,GAAG,EAAE,YAAY,EACjB,GAAG,EAAE,QAAQ,EACb,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,0BAA0B,EACvC,WAAW,EAAE,IAAI,CAAC,0BAA0B,EAAE,gBAAgB,GAAG,WAAW,CAAC,EAC7E,iBAAiB,EAAE,UAAU,GAAG,IAAI,GACnC,QAAQ,CAmDV;AAED,eAAO,MAAM,yBAAyB,GAAI,cAAc,YAAY,EAAE,MAAM,0BAA0B;;;;;CA4BrG,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,KAAK,MAAM,GAAG,GAAG,0BAEhD,CAAC;AAEF,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,QAI/D;AAED,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,OAAO,EAAE,MAAM,KAAK,GAAG,MAAM,CAM/E;AASD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,QASzF;AAID;;;IAGI;AACJ,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,OAAO,CAAC,0BAA0B,CAAC,EAChD,eAAe,EAAE,IAAI,CAAC,0BAA0B,EAAE,gBAAgB,GAAG,WAAW,CAAC,EACjF,iBAAiB,EAAE,UAAU,GAAG,IAAI,sBAyBrC;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,oBAAoB,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAC/C,OAAO,CAAC,0BAA0B,CAAC,GAAG;IAAE,iBAAiB,CAAC,EAAE,UAAU,CAAA;CAAE,CA2B1E"}
|
package/dist/types/types.d.ts
CHANGED
|
@@ -15,7 +15,7 @@ export type NextClerkProviderProps<TUi extends Ui = Ui> = Without<ClerkProviderP
|
|
|
15
15
|
*
|
|
16
16
|
* @default true
|
|
17
17
|
*/
|
|
18
|
-
|
|
18
|
+
__internal_invokeMiddlewareOnAuthStateChange?: boolean;
|
|
19
19
|
/**
|
|
20
20
|
* If set to true, ClerkProvider will opt into dynamic rendering and make auth data available to all wrapper components.
|
|
21
21
|
*
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@clerk/nextjs",
|
|
3
|
-
"version": "7.0.0-snapshot.
|
|
3
|
+
"version": "7.0.0-snapshot.v20251204175016",
|
|
4
4
|
"description": "Clerk SDK for NextJS",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"clerk",
|
|
@@ -71,9 +71,9 @@
|
|
|
71
71
|
"dependencies": {
|
|
72
72
|
"server-only": "0.0.1",
|
|
73
73
|
"tslib": "2.8.1",
|
|
74
|
-
"@clerk/
|
|
75
|
-
"@clerk/
|
|
76
|
-
"@clerk/
|
|
74
|
+
"@clerk/react": "^6.0.0-snapshot.v20251204175016",
|
|
75
|
+
"@clerk/shared": "^4.0.0-snapshot.v20251204175016",
|
|
76
|
+
"@clerk/backend": "^3.0.0-snapshot.v20251204175016"
|
|
77
77
|
},
|
|
78
78
|
"devDependencies": {
|
|
79
79
|
"crypto-es": "^2.1.0",
|