@clerk/nextjs 7.3.1-snapshot.v20260501171802 → 7.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/server/clerkMiddleware.js +36 -5
- package/dist/cjs/server/clerkMiddleware.js.map +1 -1
- package/dist/cjs/server/constants.js +1 -1
- package/dist/cjs/server/createClerkClient.js +1 -1
- package/dist/cjs/server/createClerkClient.js.map +1 -1
- package/dist/cjs/utils/debugLogger.js +1 -1
- package/dist/cjs/utils/debugLogger.js.map +1 -1
- package/dist/esm/server/clerkMiddleware.js +37 -5
- package/dist/esm/server/clerkMiddleware.js.map +1 -1
- package/dist/esm/server/constants.js +1 -1
- package/dist/esm/server/createClerkClient.js +1 -1
- package/dist/esm/server/createClerkClient.js.map +1 -1
- package/dist/esm/utils/debugLogger.js +1 -1
- package/dist/esm/utils/debugLogger.js.map +1 -1
- package/dist/types/server/clerkMiddleware.d.ts.map +1 -1
- package/dist/types/server/errorThrower.d.ts +1 -1
- package/package.json +4 -4
|
@@ -123,6 +123,41 @@ const clerkMiddleware = ((...args) => {
|
|
|
123
123
|
logger
|
|
124
124
|
});
|
|
125
125
|
});
|
|
126
|
+
const bootstrapNextMiddleware = (0, import_debugLogger.withLogger)("clerkMiddleware", (logger) => async (request2, event2) => {
|
|
127
|
+
const resolvedParams = typeof params === "function" ? await params(request2) : params;
|
|
128
|
+
const keyless = await (0, import_keyless.getKeylessCookieValue)((name) => {
|
|
129
|
+
var _a;
|
|
130
|
+
return (_a = request2.cookies.get(name)) == null ? void 0 : _a.value;
|
|
131
|
+
});
|
|
132
|
+
const signInUrl = resolvedParams.signInUrl || import_constants.SIGN_IN_URL || "";
|
|
133
|
+
const signUpUrl = resolvedParams.signUpUrl || import_constants.SIGN_UP_URL || "";
|
|
134
|
+
const options = {
|
|
135
|
+
publishableKey: "",
|
|
136
|
+
secretKey: "",
|
|
137
|
+
signInUrl,
|
|
138
|
+
signUpUrl,
|
|
139
|
+
...resolvedParams
|
|
140
|
+
};
|
|
141
|
+
import_middleware_storage.clerkMiddlewareRequestDataStore.set("requestData", options);
|
|
142
|
+
if (options.debug) {
|
|
143
|
+
logger.enable();
|
|
144
|
+
}
|
|
145
|
+
const clerkRequest = (0, import_internal.createClerkRequest)(request2);
|
|
146
|
+
logger.debug("keyless bootstrap (no publishable key)", () => ({ signInUrl, signUpUrl }));
|
|
147
|
+
logger.debug("url", () => clerkRequest.toJSON());
|
|
148
|
+
const requestState = (0, import_internal.createBootstrapSignedOutState)({ signInUrl, signUpUrl });
|
|
149
|
+
return runHandlerWithRequestState({
|
|
150
|
+
clerkRequest,
|
|
151
|
+
request: request2,
|
|
152
|
+
event: event2,
|
|
153
|
+
requestState,
|
|
154
|
+
handler,
|
|
155
|
+
options,
|
|
156
|
+
resolvedParams,
|
|
157
|
+
keyless,
|
|
158
|
+
logger
|
|
159
|
+
});
|
|
160
|
+
});
|
|
126
161
|
const keylessMiddleware = async (request2, event2) => {
|
|
127
162
|
var _a, _b;
|
|
128
163
|
if (isKeylessSyncRequest(request2)) {
|
|
@@ -136,11 +171,7 @@ const clerkMiddleware = ((...args) => {
|
|
|
136
171
|
const isMissingPublishableKey = !(resolvedParams.publishableKey || import_constants.PUBLISHABLE_KEY || (keyless == null ? void 0 : keyless.publishableKey));
|
|
137
172
|
const authHeader = (_b = (_a = (0, import_headers_utils.getHeader)(request2, import_internal.constants.Headers.Authorization)) == null ? void 0 : _a.replace("Bearer ", "")) != null ? _b : "";
|
|
138
173
|
if (isMissingPublishableKey && !(0, import_internal.isMachineTokenByPrefix)(authHeader)) {
|
|
139
|
-
|
|
140
|
-
(0, import_utils2.setRequestHeadersOnNextResponse)(res, request2, {
|
|
141
|
-
[import_internal.constants.Headers.AuthStatus]: "signed-out"
|
|
142
|
-
});
|
|
143
|
-
return res;
|
|
174
|
+
return bootstrapNextMiddleware(request2, event2);
|
|
144
175
|
}
|
|
145
176
|
return baseNextMiddleware(request2, event2);
|
|
146
177
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/clerkMiddleware.ts"],"sourcesContent":["import type { AccountlessApplication, AuthObject, ClerkClient } from '@clerk/backend';\nimport type {\n AuthenticatedState,\n AuthenticateRequestOptions,\n ClerkRequest,\n RedirectFun,\n RequestState,\n SignedInAuthObject,\n SignedOutAuthObject,\n UnauthenticatedState,\n} from '@clerk/backend/internal';\nimport {\n AuthStatus,\n constants,\n createClerkRequest,\n createRedirect,\n getAuthObjectForAcceptedToken,\n isMachineTokenByPrefix,\n isTokenTypeAccepted,\n makeAuthObjectSerializable,\n TokenType,\n} from '@clerk/backend/internal';\nimport { clerkFrontendApiProxy, DEFAULT_PROXY_PATH, matchProxyPath } from '@clerk/backend/proxy';\nimport { isProductionFromPublishableKey, parsePublishableKey } from '@clerk/shared/keys';\nimport { handleNetlifyCacheInDevInstance } from '@clerk/shared/netlifyCacheHandler';\nimport { isMalformedURLError } from '@clerk/shared/pathMatcher';\nimport { shouldAutoProxy } from '@clerk/shared/proxy';\nimport { notFound as nextjsNotFound } from 'next/navigation';\nimport type { NextMiddleware, NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\n\nimport type { AuthFn } from '../app-router/server/auth';\nimport type { GetAuthOptions } from '../server/createGetAuth';\nimport { isRedirect, serverRedirectWithAuth, setHeader } from '../utils';\nimport type { Logger, LoggerNoCommit } from '../utils/debugLogger';\nimport { withLogger } from '../utils/debugLogger';\nimport { canUseKeyless } from '../utils/feature-flags';\nimport { clerkClient } from './clerkClient';\nimport { DOMAIN, PROXY_URL, PUBLISHABLE_KEY, SECRET_KEY, SIGN_IN_URL, SIGN_UP_URL } from './constants';\nimport { type ContentSecurityPolicyOptions, createContentSecurityPolicyHeaders } from './content-security-policy';\nimport { errorThrower } from './errorThrower';\nimport { getHeader } from './headers-utils';\nimport { getKeylessCookieValue } from './keyless';\nimport { clerkMiddlewareRequestDataStorage, clerkMiddlewareRequestDataStore } from './middleware-storage';\nimport {\n isNextjsNotFoundError,\n isNextjsRedirectError,\n isNextjsUnauthorizedError,\n isRedirectToSignInError,\n isRedirectToSignUpError,\n nextjsRedirectError,\n redirectToSignInError,\n redirectToSignUpError,\n unauthorized,\n} from './nextErrors';\nimport type { AuthProtect } from './protect';\nimport { createProtect } from './protect';\nimport type {\n FrontendApiProxyOptions,\n NextMiddlewareEvtParam,\n NextMiddlewareRequestParam,\n NextMiddlewareReturn,\n} from './types';\nimport {\n assertKey,\n decorateRequest,\n handleMultiDomainAndProxy,\n redirectAdapter,\n setRequestHeadersOnNextResponse,\n} from './utils';\n\nexport type ClerkMiddlewareSessionAuthObject = (SignedInAuthObject | SignedOutAuthObject) & {\n redirectToSignIn: RedirectFun<Response>;\n redirectToSignUp: RedirectFun<Response>;\n};\n\nexport type ClerkMiddlewareAuth = AuthFn;\n\ntype ClerkMiddlewareHandler = (\n auth: ClerkMiddlewareAuth,\n request: NextMiddlewareRequestParam,\n event: NextMiddlewareEvtParam,\n) => NextMiddlewareReturn;\n\ntype AuthenticateAnyRequestOptions = Omit<AuthenticateRequestOptions, 'acceptsToken'>;\n\n/**\n * The `clerkMiddleware()` function accepts an optional object. The following options are available.\n * @interface\n */\nexport interface ClerkMiddlewareOptions extends AuthenticateAnyRequestOptions {\n /**\n * If true, additional debug information will be logged to the console.\n */\n debug?: boolean;\n\n /**\n * When set, automatically injects a Content-Security-Policy header(s) compatible with Clerk.\n */\n contentSecurityPolicy?: ContentSecurityPolicyOptions;\n\n /**\n * When set, enables the middleware to proxy Frontend API requests to Clerk.\n * This is useful when direct communication with Clerk's API is blocked.\n */\n frontendApiProxy?: FrontendApiProxyOptions;\n}\n\ntype ClerkMiddlewareOptionsCallback = (req: NextRequest) => ClerkMiddlewareOptions | Promise<ClerkMiddlewareOptions>;\n\n/**\n * Middleware for Next.js that handles authentication and authorization with Clerk.\n * For more details, please refer to the docs: https://clerk.com/docs/reference/nextjs/clerk-middleware\n */\ninterface ClerkMiddleware {\n /**\n * @example\n * export default clerkMiddleware((auth, request, event) => { ... }, options);\n */\n (handler: ClerkMiddlewareHandler, options?: ClerkMiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware((auth, request, event) => { ... }, (req) => options);\n */\n (handler: ClerkMiddlewareHandler, options?: ClerkMiddlewareOptionsCallback): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware(options);\n */\n (options?: ClerkMiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware;\n */\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\n}\n\n/**\n * The `clerkMiddleware()` helper integrates Clerk authentication into your Next.js application through Middleware. `clerkMiddleware()` is compatible with both the App and Pages routers.\n */\nexport const clerkMiddleware = ((...args: unknown[]): NextMiddleware | NextMiddlewareReturn => {\n const [request, event] = parseRequestAndEvent(args);\n const [handler, params] = parseHandlerAndOptions(args);\n\n const middleware = clerkMiddlewareRequestDataStorage.run(clerkMiddlewareRequestDataStore, () => {\n const baseNextMiddleware: NextMiddleware = withLogger('clerkMiddleware', logger => async (request, event) => {\n // Handles the case where `options` is a callback function to dynamically access `NextRequest`\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const publishableKey = assertKey(\n resolvedParams.publishableKey || PUBLISHABLE_KEY || keyless?.publishableKey,\n () => errorThrower.throwMissingPublishableKeyError(),\n );\n\n const secretKey = assertKey(resolvedParams.secretKey || SECRET_KEY || keyless?.secretKey, () =>\n errorThrower.throwMissingSecretKeyError(),\n );\n\n // Handle Frontend API proxy requests early, before authentication\n const requestUrl = new URL(request.nextUrl.href);\n let frontendApiProxyConfig = resolvedParams.frontendApiProxy;\n\n // Auto-detect when no explicit proxy or domain is configured\n const hasExplicitProxyOrDomain = resolvedParams.proxyUrl || PROXY_URL || resolvedParams.domain || DOMAIN;\n if (!frontendApiProxyConfig && !hasExplicitProxyOrDomain && isProductionFromPublishableKey(publishableKey)) {\n if (shouldAutoProxy(requestUrl.hostname)) {\n frontendApiProxyConfig = { enabled: true };\n }\n }\n if (frontendApiProxyConfig) {\n const { enabled, path: proxyPath = DEFAULT_PROXY_PATH } = frontendApiProxyConfig;\n\n // Resolve enabled - either boolean or function\n const isEnabled = typeof enabled === 'function' ? enabled(requestUrl) : enabled;\n\n if (isEnabled && matchProxyPath(request, { proxyPath })) {\n return clerkFrontendApiProxy(request, {\n proxyPath,\n publishableKey,\n secretKey,\n });\n }\n }\n\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\n\n const options = {\n publishableKey,\n secretKey,\n signInUrl,\n signUpUrl,\n ...resolvedParams,\n };\n\n // Propagates the request data to be accessed on the server application runtime from helpers such as `clerkClient`\n clerkMiddlewareRequestDataStore.set('requestData', options);\n const resolvedClerkClient = await clerkClient();\n\n if (options.debug) {\n logger.enable();\n }\n const clerkRequest = createClerkRequest(request);\n logger.debug('options', options);\n logger.debug('url', () => clerkRequest.toJSON());\n\n const authHeader = request.headers.get(constants.Headers.Authorization);\n if (authHeader && authHeader.startsWith('Basic ')) {\n logger.debug('Basic Auth detected');\n }\n\n const cspHeader = request.headers.get(constants.Headers.ContentSecurityPolicy);\n if (cspHeader) {\n logger.debug('Content-Security-Policy detected', () => ({\n value: cspHeader,\n }));\n }\n\n const requestState = await resolvedClerkClient.authenticateRequest(\n clerkRequest,\n createAuthenticateRequestOptions(clerkRequest, options),\n );\n\n return runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n });\n });\n\n const keylessMiddleware: NextMiddleware = async (request, event) => {\n /**\n * This mechanism replaces a full-page reload. Ensures that middleware will re-run and authenticate the request properly without the secret key or publishable key to be missing.\n */\n if (isKeylessSyncRequest(request)) {\n return returnBackFromKeylessSync(request);\n }\n\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const isMissingPublishableKey = !(resolvedParams.publishableKey || PUBLISHABLE_KEY || keyless?.publishableKey);\n const authHeader = getHeader(request, constants.Headers.Authorization)?.replace('Bearer ', '') ?? '';\n\n /**\n * In keyless mode, if the publishable key is missing, let the request through, to render `<ClerkProvider/>` that will resume the flow gracefully.\n */\n if (isMissingPublishableKey && !isMachineTokenByPrefix(authHeader)) {\n const res = NextResponse.next();\n setRequestHeadersOnNextResponse(res, request, {\n [constants.Headers.AuthStatus]: 'signed-out',\n });\n return res;\n }\n\n return baseNextMiddleware(request, event);\n };\n\n const nextMiddleware: NextMiddleware = async (request, event) => {\n if (canUseKeyless) {\n return keylessMiddleware(request, event);\n }\n\n return baseNextMiddleware(request, event);\n };\n\n // If we have a request and event, we're being called as a middleware directly\n // eg, export default clerkMiddleware;\n if (request && event) {\n return nextMiddleware(request, event);\n }\n\n // Otherwise, return a middleware that can be called with a request and event\n // eg, export default clerkMiddleware(auth => { ... });\n return nextMiddleware;\n });\n\n return middleware;\n}) as ClerkMiddleware;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n return [args[0] instanceof Request ? args[0] : undefined, args[0] instanceof Request ? args[1] : undefined] as [\n NextMiddlewareRequestParam | undefined,\n NextMiddlewareEvtParam | undefined,\n ];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n return [\n typeof args[0] === 'function' ? args[0] : undefined,\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\n ] as [ClerkMiddlewareHandler | undefined, ClerkMiddlewareOptions | ClerkMiddlewareOptionsCallback];\n};\n\ntype RunHandlerWithRequestStateArgs = {\n clerkRequest: ClerkRequest;\n request: NextMiddlewareRequestParam;\n event: NextMiddlewareEvtParam;\n requestState: RequestState<'session_token'>;\n handler: ClerkMiddlewareHandler | undefined;\n options: ClerkMiddlewareOptions & {\n publishableKey: string;\n secretKey: string;\n signInUrl: string;\n signUpUrl: string;\n };\n resolvedParams: ClerkMiddlewareOptions;\n keyless: AccountlessApplication | undefined;\n logger: LoggerNoCommit<Logger>;\n};\n\n/**\n * Drives the post-authentication pipeline: handler invocation, CSP, redirects, header propagation,\n * and response decoration. Accepts a pre-computed `requestState` so callers can supply either a\n * real authentication result from `authenticateRequest()` or a synthetic signed-out state\n * (e.g. during keyless bootstrap when no publishable key is available yet).\n */\nasync function runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n}: RunHandlerWithRequestStateArgs): Promise<Response> {\n const { publishableKey, secretKey } = options;\n\n logger.debug('requestState', () => ({\n status: requestState.status,\n headers: JSON.stringify(Object.fromEntries(requestState.headers)),\n reason: requestState.reason,\n }));\n\n const locationHeader = requestState.headers.get(constants.Headers.Location);\n if (locationHeader) {\n handleNetlifyCacheInDevInstance({\n locationHeader,\n requestStateHeaders: requestState.headers,\n publishableKey: requestState.publishableKey,\n });\n\n const res = NextResponse.redirect(requestState.headers.get(constants.Headers.Location) || locationHeader);\n requestState.headers.forEach((value, key) => {\n if (key === constants.Headers.Location) {\n return;\n }\n res.headers.append(key, value);\n });\n return res;\n } else if (requestState.status === AuthStatus.Handshake) {\n throw new Error('Clerk: handshake status without redirect');\n }\n\n const authObject = requestState.toAuth();\n logger.debug('auth', () => ({ auth: authObject, debug: authObject.debug() }));\n\n const redirectToSignIn = createMiddlewareRedirectToSignIn(clerkRequest);\n const redirectToSignUp = createMiddlewareRedirectToSignUp(clerkRequest);\n const protect = await createMiddlewareProtect(clerkRequest, authObject, redirectToSignIn);\n\n const authHandler = createMiddlewareAuthHandler(requestState, redirectToSignIn, redirectToSignUp);\n authHandler.protect = protect;\n\n let handlerResult: Response = NextResponse.next();\n try {\n const userHandlerResult = await clerkMiddlewareRequestDataStorage.run(clerkMiddlewareRequestDataStore, async () =>\n handler?.(authHandler, request, event),\n );\n handlerResult = userHandlerResult || handlerResult;\n } catch (e: any) {\n handlerResult = handleControlFlowErrors(e, clerkRequest, request, requestState);\n }\n if (options.contentSecurityPolicy) {\n const { headers } = createContentSecurityPolicyHeaders(\n (parsePublishableKey(publishableKey)?.frontendApi ?? '').replace('$', ''),\n options.contentSecurityPolicy,\n );\n\n const cspRequestHeaders: Record<string, string> = {};\n headers.forEach(([key, value]) => {\n setHeader(handlerResult, key, value);\n cspRequestHeaders[key] = value;\n });\n\n // Forward CSP headers as request headers so server components\n // can access the nonce via headers()\n setRequestHeadersOnNextResponse(handlerResult, clerkRequest, cspRequestHeaders);\n\n logger.debug('Clerk generated CSP', () => ({\n headers,\n }));\n }\n\n // TODO @nikos: we need to make this more generic\n // and move the logic in clerk/backend\n if (requestState.headers) {\n requestState.headers.forEach((value, key) => {\n if (key === constants.Headers.ContentSecurityPolicy) {\n logger.debug('Content-Security-Policy detected', () => ({\n value,\n }));\n }\n handlerResult.headers.append(key, value);\n });\n }\n\n if (isRedirect(handlerResult)) {\n logger.debug('handlerResult is redirect');\n return serverRedirectWithAuth(clerkRequest, handlerResult, options);\n }\n\n if (options.debug) {\n setRequestHeadersOnNextResponse(handlerResult, clerkRequest, { [constants.Headers.EnableDebug]: 'true' });\n }\n\n const keylessKeysForRequestData =\n // Only pass keyless credentials when there are no explicit keys\n secretKey === keyless?.secretKey\n ? {\n publishableKey: keyless?.publishableKey,\n secretKey: keyless?.secretKey,\n }\n : {};\n\n decorateRequest(\n clerkRequest,\n handlerResult,\n requestState,\n resolvedParams,\n keylessKeysForRequestData,\n authObject.tokenType === 'session_token' ? null : makeAuthObjectSerializable(authObject),\n );\n\n return handlerResult;\n}\n\nconst isKeylessSyncRequest = (request: NextMiddlewareRequestParam) =>\n request.nextUrl.pathname === '/clerk-sync-keyless';\n\nconst returnBackFromKeylessSync = (request: NextMiddlewareRequestParam) => {\n const returnUrl = request.nextUrl.searchParams.get('returnUrl');\n const url = new URL(request.url);\n url.pathname = '';\n\n return NextResponse.redirect(returnUrl || url.toString());\n};\n\ntype AuthenticateRequest = Pick<ClerkClient, 'authenticateRequest'>['authenticateRequest'];\n\nexport const createAuthenticateRequestOptions = (\n clerkRequest: ClerkRequest,\n options: ClerkMiddlewareOptions,\n): Parameters<AuthenticateRequest>[1] => {\n // Auto-derive proxyUrl from frontendApiProxy config if not explicitly set\n let resolvedOptions = options;\n if (options.frontendApiProxy && !options.proxyUrl) {\n const { enabled, path: proxyPath = DEFAULT_PROXY_PATH } = options.frontendApiProxy;\n const requestUrl = new URL(clerkRequest.url);\n const isEnabled = typeof enabled === 'function' ? enabled(requestUrl) : enabled;\n\n if (isEnabled) {\n const derivedProxyUrl = `${requestUrl.origin}${proxyPath}`;\n resolvedOptions = { ...options, proxyUrl: derivedProxyUrl };\n }\n }\n\n return {\n ...resolvedOptions,\n ...handleMultiDomainAndProxy(clerkRequest, resolvedOptions),\n // TODO: Leaving the acceptsToken as 'any' opens up the possibility of\n // an economic attack. We should revisit this and only verify a token\n // when auth() or auth.protect() is invoked.\n acceptsToken: 'any',\n };\n};\n\nconst createMiddlewareRedirectToSignIn = (\n clerkRequest: ClerkRequest,\n): ClerkMiddlewareSessionAuthObject['redirectToSignIn'] => {\n return (opts = {}) => {\n const url = clerkRequest.clerkUrl.toString();\n redirectToSignInError(url, opts.returnBackUrl);\n };\n};\n\nconst createMiddlewareRedirectToSignUp = (\n clerkRequest: ClerkRequest,\n): ClerkMiddlewareSessionAuthObject['redirectToSignUp'] => {\n return (opts = {}) => {\n const url = clerkRequest.clerkUrl.toString();\n redirectToSignUpError(url, opts.returnBackUrl);\n };\n};\n\nconst createMiddlewareProtect = (\n clerkRequest: ClerkRequest,\n rawAuthObject: AuthObject,\n redirectToSignIn: RedirectFun<Response>,\n) => {\n return (async (params: any, options: any) => {\n const notFound = () => nextjsNotFound();\n\n const redirect = (url: string) =>\n nextjsRedirectError(url, {\n redirectUrl: url,\n });\n\n const requestedToken = params?.token || options?.token || TokenType.SessionToken;\n const authObject = getAuthObjectForAcceptedToken({ authObject: rawAuthObject, acceptsToken: requestedToken });\n\n return createProtect({\n request: clerkRequest,\n redirect,\n notFound,\n unauthorized,\n authObject,\n redirectToSignIn,\n })(params, options);\n }) as unknown as Promise<AuthProtect>;\n};\n\n/**\n * Modifies the auth object based on the token type.\n * - For session tokens: adds redirect functions to the auth object\n * - For machine tokens: validates token type and returns appropriate auth object\n */\nconst createMiddlewareAuthHandler = (\n requestState: AuthenticatedState<'session_token'> | UnauthenticatedState<'session_token'>,\n redirectToSignIn: RedirectFun<Response>,\n redirectToSignUp: RedirectFun<Response>,\n): ClerkMiddlewareAuth => {\n const authHandler = async (options?: GetAuthOptions) => {\n const rawAuthObject = requestState.toAuth({ treatPendingAsSignedOut: options?.treatPendingAsSignedOut });\n const acceptsToken = options?.acceptsToken ?? TokenType.SessionToken;\n\n const authObject = getAuthObjectForAcceptedToken({\n authObject: rawAuthObject,\n acceptsToken,\n });\n\n if (authObject.tokenType === TokenType.SessionToken && isTokenTypeAccepted(TokenType.SessionToken, acceptsToken)) {\n return Object.assign(authObject, {\n redirectToSignIn,\n redirectToSignUp,\n });\n }\n\n return authObject;\n };\n\n return authHandler as ClerkMiddlewareAuth;\n};\n\n// Handle errors thrown by protect() and redirectToSignIn() calls,\n// as we want to align the APIs between middleware, pages and route handlers\n// Normally, middleware requires to explicitly return a response, but we want to\n// avoid discrepancies between the APIs as it's easy to miss the `return` statement\n// especially when copy-pasting code from one place to another.\n// This function handles the known errors thrown by the APIs described above,\n// and returns the appropriate response.\nconst handleControlFlowErrors = (\n e: any,\n clerkRequest: ClerkRequest,\n nextRequest: NextRequest,\n requestState: RequestState,\n): Response => {\n if (isMalformedURLError(e)) {\n return new NextResponse(null, { status: 400, statusText: 'Bad Request' });\n }\n\n if (isNextjsUnauthorizedError(e)) {\n const response = new NextResponse(null, { status: 401 });\n\n // RequestState.toAuth() returns a session_token type by default.\n // We need to cast it to the correct type to check for OAuth tokens.\n const authObject = (requestState as RequestState<TokenType>).toAuth();\n if (authObject && authObject.tokenType === TokenType.OAuthToken) {\n // Following MCP spec, we return WWW-Authenticate header on 401 responses\n // to enable OAuth 2.0 authorization server discovery (RFC9728).\n // See https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-1-authorization-server-location\n const publishableKey = parsePublishableKey(requestState.publishableKey);\n return setHeader(\n response,\n 'WWW-Authenticate',\n `Bearer resource_metadata=\"https://${publishableKey?.frontendApi}/.well-known/oauth-protected-resource\"`,\n );\n }\n\n return response;\n }\n\n if (isNextjsNotFoundError(e)) {\n // Rewrite to a bogus URL to force not found error\n return setHeader(\n // This is an internal rewrite purely to trigger a not found error. We do not want Next.js to think that the\n // destination URL is a valid page, so we use `nextRequest.url` as the base for the fake URL, which Next.js\n // understands is an internal URL and won't run middleware against the request.\n NextResponse.rewrite(new URL(`/clerk_${Date.now()}`, nextRequest.url)),\n constants.Headers.AuthReason,\n 'protect-rewrite',\n );\n }\n\n const isRedirectToSignIn = isRedirectToSignInError(e);\n const isRedirectToSignUp = isRedirectToSignUpError(e);\n\n if (isRedirectToSignIn || isRedirectToSignUp) {\n const redirect = createRedirect({\n redirectAdapter,\n baseUrl: clerkRequest.clerkUrl,\n signInUrl: requestState.signInUrl,\n signUpUrl: requestState.signUpUrl,\n publishableKey: requestState.publishableKey,\n sessionStatus: requestState.toAuth()?.sessionStatus,\n isSatellite: requestState.isSatellite,\n });\n\n const { returnBackUrl } = e;\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({ returnBackUrl });\n }\n\n if (isNextjsRedirectError(e)) {\n return redirectAdapter(e.redirectUrl);\n }\n\n throw e;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWA,sBAUO;AACP,mBAA0E;AAC1E,kBAAoE;AACpE,iCAAgD;AAChD,yBAAoC;AACpC,IAAAA,gBAAgC;AAChC,wBAA2C;AAE3C,oBAA6B;AAI7B,mBAA8D;AAE9D,yBAA2B;AAC3B,2BAA8B;AAC9B,yBAA4B;AAC5B,uBAAyF;AACzF,qCAAsF;AACtF,0BAA6B;AAC7B,2BAA0B;AAC1B,qBAAsC;AACtC,gCAAmF;AACnF,wBAUO;AAEP,qBAA8B;AAO9B,IAAAC,gBAMO;AA0EA,MAAM,mBAAmB,IAAI,SAA2D;AAC7F,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,4DAAkC,IAAI,2DAAiC,MAAM;AAC9F,UAAM,yBAAqC,+BAAW,mBAAmB,YAAU,OAAOC,UAASC,WAAU;AAE3G,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAE9E,YAAM,UAAU,UAAM,sCAAsB,UAAK;AAxJvD;AAwJ0D,qBAAAA,SAAQ,QAAQ,IAAI,IAAI,MAAxB,mBAA2B;AAAA,OAAK;AAEpF,YAAM,qBAAiB;AAAA,QACrB,eAAe,kBAAkB,qCAAmB,mCAAS;AAAA,QAC7D,MAAM,iCAAa,gCAAgC;AAAA,MACrD;AAEA,YAAM,gBAAY;AAAA,QAAU,eAAe,aAAa,gCAAc,mCAAS;AAAA,QAAW,MACxF,iCAAa,2BAA2B;AAAA,MAC1C;AAGA,YAAM,aAAa,IAAI,IAAIA,SAAQ,QAAQ,IAAI;AAC/C,UAAI,yBAAyB,eAAe;AAG5C,YAAM,2BAA2B,eAAe,YAAY,8BAAa,eAAe,UAAU;AAClG,UAAI,CAAC,0BAA0B,CAAC,gCAA4B,4CAA+B,cAAc,GAAG;AAC1G,gBAAI,+BAAgB,WAAW,QAAQ,GAAG;AACxC,mCAAyB,EAAE,SAAS,KAAK;AAAA,QAC3C;AAAA,MACF;AACA,UAAI,wBAAwB;AAC1B,cAAM,EAAE,SAAS,MAAM,YAAY,gCAAmB,IAAI;AAG1D,cAAM,YAAY,OAAO,YAAY,aAAa,QAAQ,UAAU,IAAI;AAExE,YAAI,iBAAa,6BAAeA,UAAS,EAAE,UAAU,CAAC,GAAG;AACvD,qBAAO,oCAAsBA,UAAS;AAAA,YACpC;AAAA,YACA;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAEA,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAGA,gEAAgC,IAAI,eAAe,OAAO;AAC1D,YAAM,sBAAsB,UAAM,gCAAY;AAE9C,UAAI,QAAQ,OAAO;AACjB,eAAO,OAAO;AAAA,MAChB;AACA,YAAM,mBAAe,oCAAmBA,QAAO;AAC/C,aAAO,MAAM,WAAW,OAAO;AAC/B,aAAO,MAAM,OAAO,MAAM,aAAa,OAAO,CAAC;AAE/C,YAAM,aAAaA,SAAQ,QAAQ,IAAI,0BAAU,QAAQ,aAAa;AACtE,UAAI,cAAc,WAAW,WAAW,QAAQ,GAAG;AACjD,eAAO,MAAM,qBAAqB;AAAA,MACpC;AAEA,YAAM,YAAYA,SAAQ,QAAQ,IAAI,0BAAU,QAAQ,qBAAqB;AAC7E,UAAI,WAAW;AACb,eAAO,MAAM,oCAAoC,OAAO;AAAA,UACtD,OAAO;AAAA,QACT,EAAE;AAAA,MACJ;AAEA,YAAM,eAAe,MAAM,oBAAoB;AAAA,QAC7C;AAAA,QACA,iCAAiC,cAAc,OAAO;AAAA,MACxD;AAEA,aAAO,2BAA2B;AAAA,QAChC;AAAA,QACA,SAAAA;AAAA,QACA,OAAAC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAED,UAAM,oBAAoC,OAAOD,UAASC,WAAU;AAjPxE;AAqPM,UAAI,qBAAqBD,QAAO,GAAG;AACjC,eAAO,0BAA0BA,QAAO;AAAA,MAC1C;AAEA,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOA,QAAO,IAAI;AAC9E,YAAM,UAAU,UAAM,sCAAsB,UAAK;AA1PvD,YAAAE;AA0P0D,gBAAAA,MAAAF,SAAQ,QAAQ,IAAI,IAAI,MAAxB,gBAAAE,IAA2B;AAAA,OAAK;AAEpF,YAAM,0BAA0B,EAAE,eAAe,kBAAkB,qCAAmB,mCAAS;AAC/F,YAAM,cAAa,+CAAUF,UAAS,0BAAU,QAAQ,aAAa,MAAlD,mBAAqD,QAAQ,WAAW,QAAxE,YAA+E;AAKlG,UAAI,2BAA2B,KAAC,wCAAuB,UAAU,GAAG;AAClE,cAAM,MAAM,2BAAa,KAAK;AAC9B,2DAAgC,KAAKA,UAAS;AAAA,UAC5C,CAAC,0BAAU,QAAQ,UAAU,GAAG;AAAA,QAClC,CAAC;AACD,eAAO;AAAA,MACT;AAEA,aAAO,mBAAmBA,UAASC,MAAK;AAAA,IAC1C;AAEA,UAAM,iBAAiC,OAAOD,UAASC,WAAU;AAC/D,UAAI,oCAAe;AACjB,eAAO,kBAAkBD,UAASC,MAAK;AAAA,MACzC;AAEA,aAAO,mBAAmBD,UAASC,MAAK;AAAA,IAC1C;AAIA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAIA,WAAO;AAAA,EACT,CAAC;AAED,SAAO;AACT;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO,CAAC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI,QAAW,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI,MAAS;AAI5G;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAyBA,eAAe,2BAA2B;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAsD;AAlVtD;AAmVE,QAAM,EAAE,gBAAgB,UAAU,IAAI;AAEtC,SAAO,MAAM,gBAAgB,OAAO;AAAA,IAClC,QAAQ,aAAa;AAAA,IACrB,SAAS,KAAK,UAAU,OAAO,YAAY,aAAa,OAAO,CAAC;AAAA,IAChE,QAAQ,aAAa;AAAA,EACvB,EAAE;AAEF,QAAM,iBAAiB,aAAa,QAAQ,IAAI,0BAAU,QAAQ,QAAQ;AAC1E,MAAI,gBAAgB;AAClB,oEAAgC;AAAA,MAC9B;AAAA,MACA,qBAAqB,aAAa;AAAA,MAClC,gBAAgB,aAAa;AAAA,IAC/B,CAAC;AAED,UAAM,MAAM,2BAAa,SAAS,aAAa,QAAQ,IAAI,0BAAU,QAAQ,QAAQ,KAAK,cAAc;AACxG,iBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,UAAI,QAAQ,0BAAU,QAAQ,UAAU;AACtC;AAAA,MACF;AACA,UAAI,QAAQ,OAAO,KAAK,KAAK;AAAA,IAC/B,CAAC;AACD,WAAO;AAAA,EACT,WAAW,aAAa,WAAW,2BAAW,WAAW;AACvD,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AAEA,QAAM,aAAa,aAAa,OAAO;AACvC,SAAO,MAAM,QAAQ,OAAO,EAAE,MAAM,YAAY,OAAO,WAAW,MAAM,EAAE,EAAE;AAE5E,QAAM,mBAAmB,iCAAiC,YAAY;AACtE,QAAM,mBAAmB,iCAAiC,YAAY;AACtE,QAAM,UAAU,MAAM,wBAAwB,cAAc,YAAY,gBAAgB;AAExF,QAAM,cAAc,4BAA4B,cAAc,kBAAkB,gBAAgB;AAChG,cAAY,UAAU;AAEtB,MAAI,gBAA0B,2BAAa,KAAK;AAChD,MAAI;AACF,UAAM,oBAAoB,MAAM,4DAAkC;AAAA,MAAI;AAAA,MAAiC,YACrG,mCAAU,aAAa,SAAS;AAAA,IAClC;AACA,oBAAgB,qBAAqB;AAAA,EACvC,SAAS,GAAQ;AACf,oBAAgB,wBAAwB,GAAG,cAAc,SAAS,YAAY;AAAA,EAChF;AACA,MAAI,QAAQ,uBAAuB;AACjC,UAAM,EAAE,QAAQ,QAAI;AAAA,QACjB,gDAAoB,cAAc,MAAlC,mBAAqC,gBAArC,YAAoD,IAAI,QAAQ,KAAK,EAAE;AAAA,MACxE,QAAQ;AAAA,IACV;AAEA,UAAM,oBAA4C,CAAC;AACnD,YAAQ,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChC,kCAAU,eAAe,KAAK,KAAK;AACnC,wBAAkB,GAAG,IAAI;AAAA,IAC3B,CAAC;AAID,uDAAgC,eAAe,cAAc,iBAAiB;AAE9E,WAAO,MAAM,uBAAuB,OAAO;AAAA,MACzC;AAAA,IACF,EAAE;AAAA,EACJ;AAIA,MAAI,aAAa,SAAS;AACxB,iBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,UAAI,QAAQ,0BAAU,QAAQ,uBAAuB;AACnD,eAAO,MAAM,oCAAoC,OAAO;AAAA,UACtD;AAAA,QACF,EAAE;AAAA,MACJ;AACA,oBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,IACzC,CAAC;AAAA,EACH;AAEA,UAAI,yBAAW,aAAa,GAAG;AAC7B,WAAO,MAAM,2BAA2B;AACxC,eAAO,qCAAuB,cAAc,eAAe,OAAO;AAAA,EACpE;AAEA,MAAI,QAAQ,OAAO;AACjB,uDAAgC,eAAe,cAAc,EAAE,CAAC,0BAAU,QAAQ,WAAW,GAAG,OAAO,CAAC;AAAA,EAC1G;AAEA,QAAM;AAAA;AAAA,IAEJ,eAAc,mCAAS,aACnB;AAAA,MACE,gBAAgB,mCAAS;AAAA,MACzB,WAAW,mCAAS;AAAA,IACtB,IACA,CAAC;AAAA;AAEP;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,cAAc,kBAAkB,WAAO,4CAA2B,UAAU;AAAA,EACzF;AAEA,SAAO;AACT;AAEA,MAAM,uBAAuB,CAAC,YAC5B,QAAQ,QAAQ,aAAa;AAE/B,MAAM,4BAA4B,CAAC,YAAwC;AACzE,QAAM,YAAY,QAAQ,QAAQ,aAAa,IAAI,WAAW;AAC9D,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,MAAI,WAAW;AAEf,SAAO,2BAAa,SAAS,aAAa,IAAI,SAAS,CAAC;AAC1D;AAIO,MAAM,mCAAmC,CAC9C,cACA,YACuC;AAEvC,MAAI,kBAAkB;AACtB,MAAI,QAAQ,oBAAoB,CAAC,QAAQ,UAAU;AACjD,UAAM,EAAE,SAAS,MAAM,YAAY,gCAAmB,IAAI,QAAQ;AAClE,UAAM,aAAa,IAAI,IAAI,aAAa,GAAG;AAC3C,UAAM,YAAY,OAAO,YAAY,aAAa,QAAQ,UAAU,IAAI;AAExE,QAAI,WAAW;AACb,YAAM,kBAAkB,GAAG,WAAW,MAAM,GAAG,SAAS;AACxD,wBAAkB,EAAE,GAAG,SAAS,UAAU,gBAAgB;AAAA,IAC5D;AAAA,EACF;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,OAAG,yCAA0B,cAAc,eAAe;AAAA;AAAA;AAAA;AAAA,IAI1D,cAAc;AAAA,EAChB;AACF;AAEA,MAAM,mCAAmC,CACvC,iBACyD;AACzD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,aAAa,SAAS,SAAS;AAC3C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAEA,MAAM,mCAAmC,CACvC,iBACyD;AACzD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,aAAa,SAAS,SAAS;AAC3C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAEA,MAAM,0BAA0B,CAC9B,cACA,eACA,qBACG;AACH,UAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,UAAM,kBAAAE,UAAe;AAEtC,UAAM,WAAW,CAAC,YAChB,uCAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,UAAM,kBAAiB,iCAAQ,WAAS,mCAAS,UAAS,0BAAU;AACpE,UAAM,iBAAa,+CAA8B,EAAE,YAAY,eAAe,cAAc,eAAe,CAAC;AAE5G,eAAO,8BAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAOA,MAAM,8BAA8B,CAClC,cACA,kBACA,qBACwB;AACxB,QAAM,cAAc,OAAO,YAA6B;AAjiB1D;AAkiBI,UAAM,gBAAgB,aAAa,OAAO,EAAE,yBAAyB,mCAAS,wBAAwB,CAAC;AACvG,UAAM,gBAAe,wCAAS,iBAAT,YAAyB,0BAAU;AAExD,UAAM,iBAAa,+CAA8B;AAAA,MAC/C,YAAY;AAAA,MACZ;AAAA,IACF,CAAC;AAED,QAAI,WAAW,cAAc,0BAAU,oBAAgB,qCAAoB,0BAAU,cAAc,YAAY,GAAG;AAChH,aAAO,OAAO,OAAO,YAAY;AAAA,QAC/B;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AASA,MAAM,0BAA0B,CAC9B,GACA,cACA,aACA,iBACa;AAnkBf;AAokBE,UAAI,wCAAoB,CAAC,GAAG;AAC1B,WAAO,IAAI,2BAAa,MAAM,EAAE,QAAQ,KAAK,YAAY,cAAc,CAAC;AAAA,EAC1E;AAEA,UAAI,6CAA0B,CAAC,GAAG;AAChC,UAAM,WAAW,IAAI,2BAAa,MAAM,EAAE,QAAQ,IAAI,CAAC;AAIvD,UAAM,aAAc,aAAyC,OAAO;AACpE,QAAI,cAAc,WAAW,cAAc,0BAAU,YAAY;AAI/D,YAAM,qBAAiB,iCAAoB,aAAa,cAAc;AACtE,iBAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,qCAAqC,iDAAgB,WAAW;AAAA,MAClE;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,UAAI,yCAAsB,CAAC,GAAG;AAE5B,eAAO;AAAA;AAAA;AAAA;AAAA,MAIL,2BAAa,QAAQ,IAAI,IAAI,UAAU,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACrE,0BAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,yBAAqB,2CAAwB,CAAC;AACpD,QAAM,yBAAqB,2CAAwB,CAAC;AAEpD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,eAAW,gCAAe;AAAA,MAC9B;AAAA,MACA,SAAS,aAAa;AAAA,MACtB,WAAW,aAAa;AAAA,MACxB,WAAW,aAAa;AAAA,MACxB,gBAAgB,aAAa;AAAA,MAC7B,gBAAe,kBAAa,OAAO,MAApB,mBAAuB;AAAA,MACtC,aAAa,aAAa;AAAA,IAC5B,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAC1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE,EAAE,cAAc,CAAC;AAAA,EACjG;AAEA,UAAI,yCAAsB,CAAC,GAAG;AAC5B,eAAO,+BAAgB,EAAE,WAAW;AAAA,EACtC;AAEA,QAAM;AACR;","names":["import_proxy","import_utils","request","event","_a","nextjsNotFound"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/clerkMiddleware.ts"],"sourcesContent":["import type { AccountlessApplication, AuthObject, ClerkClient } from '@clerk/backend';\nimport type {\n AuthenticatedState,\n AuthenticateRequestOptions,\n ClerkRequest,\n RedirectFun,\n RequestState,\n SignedInAuthObject,\n SignedOutAuthObject,\n UnauthenticatedState,\n} from '@clerk/backend/internal';\nimport {\n AuthStatus,\n constants,\n createBootstrapSignedOutState,\n createClerkRequest,\n createRedirect,\n getAuthObjectForAcceptedToken,\n isMachineTokenByPrefix,\n isTokenTypeAccepted,\n makeAuthObjectSerializable,\n TokenType,\n} from '@clerk/backend/internal';\nimport { clerkFrontendApiProxy, DEFAULT_PROXY_PATH, matchProxyPath } from '@clerk/backend/proxy';\nimport { isProductionFromPublishableKey, parsePublishableKey } from '@clerk/shared/keys';\nimport { handleNetlifyCacheInDevInstance } from '@clerk/shared/netlifyCacheHandler';\nimport { isMalformedURLError } from '@clerk/shared/pathMatcher';\nimport { shouldAutoProxy } from '@clerk/shared/proxy';\nimport { notFound as nextjsNotFound } from 'next/navigation';\nimport type { NextMiddleware, NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\n\nimport type { AuthFn } from '../app-router/server/auth';\nimport type { GetAuthOptions } from '../server/createGetAuth';\nimport { isRedirect, serverRedirectWithAuth, setHeader } from '../utils';\nimport type { Logger, LoggerNoCommit } from '../utils/debugLogger';\nimport { withLogger } from '../utils/debugLogger';\nimport { canUseKeyless } from '../utils/feature-flags';\nimport { clerkClient } from './clerkClient';\nimport { DOMAIN, PROXY_URL, PUBLISHABLE_KEY, SECRET_KEY, SIGN_IN_URL, SIGN_UP_URL } from './constants';\nimport { type ContentSecurityPolicyOptions, createContentSecurityPolicyHeaders } from './content-security-policy';\nimport { errorThrower } from './errorThrower';\nimport { getHeader } from './headers-utils';\nimport { getKeylessCookieValue } from './keyless';\nimport { clerkMiddlewareRequestDataStorage, clerkMiddlewareRequestDataStore } from './middleware-storage';\nimport {\n isNextjsNotFoundError,\n isNextjsRedirectError,\n isNextjsUnauthorizedError,\n isRedirectToSignInError,\n isRedirectToSignUpError,\n nextjsRedirectError,\n redirectToSignInError,\n redirectToSignUpError,\n unauthorized,\n} from './nextErrors';\nimport type { AuthProtect } from './protect';\nimport { createProtect } from './protect';\nimport type {\n FrontendApiProxyOptions,\n NextMiddlewareEvtParam,\n NextMiddlewareRequestParam,\n NextMiddlewareReturn,\n} from './types';\nimport {\n assertKey,\n decorateRequest,\n handleMultiDomainAndProxy,\n redirectAdapter,\n setRequestHeadersOnNextResponse,\n} from './utils';\n\nexport type ClerkMiddlewareSessionAuthObject = (SignedInAuthObject | SignedOutAuthObject) & {\n redirectToSignIn: RedirectFun<Response>;\n redirectToSignUp: RedirectFun<Response>;\n};\n\nexport type ClerkMiddlewareAuth = AuthFn;\n\ntype ClerkMiddlewareHandler = (\n auth: ClerkMiddlewareAuth,\n request: NextMiddlewareRequestParam,\n event: NextMiddlewareEvtParam,\n) => NextMiddlewareReturn;\n\ntype AuthenticateAnyRequestOptions = Omit<AuthenticateRequestOptions, 'acceptsToken'>;\n\n/**\n * The `clerkMiddleware()` function accepts an optional object. The following options are available.\n * @interface\n */\nexport interface ClerkMiddlewareOptions extends AuthenticateAnyRequestOptions {\n /**\n * If true, additional debug information will be logged to the console.\n */\n debug?: boolean;\n\n /**\n * When set, automatically injects a Content-Security-Policy header(s) compatible with Clerk.\n */\n contentSecurityPolicy?: ContentSecurityPolicyOptions;\n\n /**\n * When set, enables the middleware to proxy Frontend API requests to Clerk.\n * This is useful when direct communication with Clerk's API is blocked.\n */\n frontendApiProxy?: FrontendApiProxyOptions;\n}\n\ntype ClerkMiddlewareOptionsCallback = (req: NextRequest) => ClerkMiddlewareOptions | Promise<ClerkMiddlewareOptions>;\n\n/**\n * Middleware for Next.js that handles authentication and authorization with Clerk.\n * For more details, please refer to the docs: https://clerk.com/docs/reference/nextjs/clerk-middleware\n */\ninterface ClerkMiddleware {\n /**\n * @example\n * export default clerkMiddleware((auth, request, event) => { ... }, options);\n */\n (handler: ClerkMiddlewareHandler, options?: ClerkMiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware((auth, request, event) => { ... }, (req) => options);\n */\n (handler: ClerkMiddlewareHandler, options?: ClerkMiddlewareOptionsCallback): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware(options);\n */\n (options?: ClerkMiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware;\n */\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\n}\n\n/**\n * The `clerkMiddleware()` helper integrates Clerk authentication into your Next.js application through Middleware. `clerkMiddleware()` is compatible with both the App and Pages routers.\n */\nexport const clerkMiddleware = ((...args: unknown[]): NextMiddleware | NextMiddlewareReturn => {\n const [request, event] = parseRequestAndEvent(args);\n const [handler, params] = parseHandlerAndOptions(args);\n\n const middleware = clerkMiddlewareRequestDataStorage.run(clerkMiddlewareRequestDataStore, () => {\n const baseNextMiddleware: NextMiddleware = withLogger('clerkMiddleware', logger => async (request, event) => {\n // Handles the case where `options` is a callback function to dynamically access `NextRequest`\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const publishableKey = assertKey(\n resolvedParams.publishableKey || PUBLISHABLE_KEY || keyless?.publishableKey,\n () => errorThrower.throwMissingPublishableKeyError(),\n );\n\n const secretKey = assertKey(resolvedParams.secretKey || SECRET_KEY || keyless?.secretKey, () =>\n errorThrower.throwMissingSecretKeyError(),\n );\n\n // Handle Frontend API proxy requests early, before authentication\n const requestUrl = new URL(request.nextUrl.href);\n let frontendApiProxyConfig = resolvedParams.frontendApiProxy;\n\n // Auto-detect when no explicit proxy or domain is configured\n const hasExplicitProxyOrDomain = resolvedParams.proxyUrl || PROXY_URL || resolvedParams.domain || DOMAIN;\n if (!frontendApiProxyConfig && !hasExplicitProxyOrDomain && isProductionFromPublishableKey(publishableKey)) {\n if (shouldAutoProxy(requestUrl.hostname)) {\n frontendApiProxyConfig = { enabled: true };\n }\n }\n if (frontendApiProxyConfig) {\n const { enabled, path: proxyPath = DEFAULT_PROXY_PATH } = frontendApiProxyConfig;\n\n // Resolve enabled - either boolean or function\n const isEnabled = typeof enabled === 'function' ? enabled(requestUrl) : enabled;\n\n if (isEnabled && matchProxyPath(request, { proxyPath })) {\n return clerkFrontendApiProxy(request, {\n proxyPath,\n publishableKey,\n secretKey,\n });\n }\n }\n\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\n\n const options = {\n publishableKey,\n secretKey,\n signInUrl,\n signUpUrl,\n ...resolvedParams,\n };\n\n // Propagates the request data to be accessed on the server application runtime from helpers such as `clerkClient`\n clerkMiddlewareRequestDataStore.set('requestData', options);\n const resolvedClerkClient = await clerkClient();\n\n if (options.debug) {\n logger.enable();\n }\n const clerkRequest = createClerkRequest(request);\n logger.debug('options', options);\n logger.debug('url', () => clerkRequest.toJSON());\n\n const authHeader = request.headers.get(constants.Headers.Authorization);\n if (authHeader && authHeader.startsWith('Basic ')) {\n logger.debug('Basic Auth detected');\n }\n\n const cspHeader = request.headers.get(constants.Headers.ContentSecurityPolicy);\n if (cspHeader) {\n logger.debug('Content-Security-Policy detected', () => ({\n value: cspHeader,\n }));\n }\n\n const requestState = await resolvedClerkClient.authenticateRequest(\n clerkRequest,\n createAuthenticateRequestOptions(clerkRequest, options),\n );\n\n return runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n });\n });\n\n /**\n * Runs the user's handler against a synthetic signed-out `RequestState` during the keyless\n * bootstrap window, so authorization fails closed until a publishable key is provisioned.\n */\n const bootstrapNextMiddleware: NextMiddleware = withLogger('clerkMiddleware', logger => async (request, event) => {\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL || '';\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL || '';\n\n const options = {\n publishableKey: '',\n secretKey: '',\n signInUrl,\n signUpUrl,\n ...resolvedParams,\n };\n\n clerkMiddlewareRequestDataStore.set('requestData', options);\n\n if (options.debug) {\n logger.enable();\n }\n\n const clerkRequest = createClerkRequest(request);\n logger.debug('keyless bootstrap (no publishable key)', () => ({ signInUrl, signUpUrl }));\n logger.debug('url', () => clerkRequest.toJSON());\n\n const requestState = createBootstrapSignedOutState({ signInUrl, signUpUrl });\n\n return runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n });\n });\n\n const keylessMiddleware: NextMiddleware = async (request, event) => {\n /**\n * This mechanism replaces a full-page reload. Ensures that middleware will re-run and authenticate the request properly without the secret key or publishable key to be missing.\n */\n if (isKeylessSyncRequest(request)) {\n return returnBackFromKeylessSync(request);\n }\n\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const isMissingPublishableKey = !(resolvedParams.publishableKey || PUBLISHABLE_KEY || keyless?.publishableKey);\n const authHeader = getHeader(request, constants.Headers.Authorization)?.replace('Bearer ', '') ?? '';\n\n if (isMissingPublishableKey && !isMachineTokenByPrefix(authHeader)) {\n return bootstrapNextMiddleware(request, event);\n }\n\n return baseNextMiddleware(request, event);\n };\n\n const nextMiddleware: NextMiddleware = async (request, event) => {\n if (canUseKeyless) {\n return keylessMiddleware(request, event);\n }\n\n return baseNextMiddleware(request, event);\n };\n\n // If we have a request and event, we're being called as a middleware directly\n // eg, export default clerkMiddleware;\n if (request && event) {\n return nextMiddleware(request, event);\n }\n\n // Otherwise, return a middleware that can be called with a request and event\n // eg, export default clerkMiddleware(auth => { ... });\n return nextMiddleware;\n });\n\n return middleware;\n}) as ClerkMiddleware;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n return [args[0] instanceof Request ? args[0] : undefined, args[0] instanceof Request ? args[1] : undefined] as [\n NextMiddlewareRequestParam | undefined,\n NextMiddlewareEvtParam | undefined,\n ];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n return [\n typeof args[0] === 'function' ? args[0] : undefined,\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\n ] as [ClerkMiddlewareHandler | undefined, ClerkMiddlewareOptions | ClerkMiddlewareOptionsCallback];\n};\n\ntype RunHandlerWithRequestStateArgs = {\n clerkRequest: ClerkRequest;\n request: NextMiddlewareRequestParam;\n event: NextMiddlewareEvtParam;\n requestState: RequestState<'session_token'>;\n handler: ClerkMiddlewareHandler | undefined;\n options: ClerkMiddlewareOptions & {\n publishableKey: string;\n secretKey: string;\n signInUrl: string;\n signUpUrl: string;\n };\n resolvedParams: ClerkMiddlewareOptions;\n keyless: AccountlessApplication | undefined;\n logger: LoggerNoCommit<Logger>;\n};\n\n/**\n * Drives the post-authentication pipeline: handler invocation, CSP, redirects, header propagation,\n * and response decoration. Accepts a pre-computed `requestState` so callers can supply either a\n * real authentication result from `authenticateRequest()` or a synthetic signed-out state\n * (e.g. during keyless bootstrap when no publishable key is available yet).\n */\nasync function runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n}: RunHandlerWithRequestStateArgs): Promise<Response> {\n const { publishableKey, secretKey } = options;\n\n logger.debug('requestState', () => ({\n status: requestState.status,\n headers: JSON.stringify(Object.fromEntries(requestState.headers)),\n reason: requestState.reason,\n }));\n\n const locationHeader = requestState.headers.get(constants.Headers.Location);\n if (locationHeader) {\n handleNetlifyCacheInDevInstance({\n locationHeader,\n requestStateHeaders: requestState.headers,\n publishableKey: requestState.publishableKey,\n });\n\n const res = NextResponse.redirect(requestState.headers.get(constants.Headers.Location) || locationHeader);\n requestState.headers.forEach((value, key) => {\n if (key === constants.Headers.Location) {\n return;\n }\n res.headers.append(key, value);\n });\n return res;\n } else if (requestState.status === AuthStatus.Handshake) {\n throw new Error('Clerk: handshake status without redirect');\n }\n\n const authObject = requestState.toAuth();\n logger.debug('auth', () => ({ auth: authObject, debug: authObject.debug() }));\n\n const redirectToSignIn = createMiddlewareRedirectToSignIn(clerkRequest);\n const redirectToSignUp = createMiddlewareRedirectToSignUp(clerkRequest);\n const protect = await createMiddlewareProtect(clerkRequest, authObject, redirectToSignIn);\n\n const authHandler = createMiddlewareAuthHandler(requestState, redirectToSignIn, redirectToSignUp);\n authHandler.protect = protect;\n\n let handlerResult: Response = NextResponse.next();\n try {\n const userHandlerResult = await clerkMiddlewareRequestDataStorage.run(clerkMiddlewareRequestDataStore, async () =>\n handler?.(authHandler, request, event),\n );\n handlerResult = userHandlerResult || handlerResult;\n } catch (e: any) {\n handlerResult = handleControlFlowErrors(e, clerkRequest, request, requestState);\n }\n if (options.contentSecurityPolicy) {\n const { headers } = createContentSecurityPolicyHeaders(\n (parsePublishableKey(publishableKey)?.frontendApi ?? '').replace('$', ''),\n options.contentSecurityPolicy,\n );\n\n const cspRequestHeaders: Record<string, string> = {};\n headers.forEach(([key, value]) => {\n setHeader(handlerResult, key, value);\n cspRequestHeaders[key] = value;\n });\n\n // Forward CSP headers as request headers so server components\n // can access the nonce via headers()\n setRequestHeadersOnNextResponse(handlerResult, clerkRequest, cspRequestHeaders);\n\n logger.debug('Clerk generated CSP', () => ({\n headers,\n }));\n }\n\n // TODO @nikos: we need to make this more generic\n // and move the logic in clerk/backend\n if (requestState.headers) {\n requestState.headers.forEach((value, key) => {\n if (key === constants.Headers.ContentSecurityPolicy) {\n logger.debug('Content-Security-Policy detected', () => ({\n value,\n }));\n }\n handlerResult.headers.append(key, value);\n });\n }\n\n if (isRedirect(handlerResult)) {\n logger.debug('handlerResult is redirect');\n return serverRedirectWithAuth(clerkRequest, handlerResult, options);\n }\n\n if (options.debug) {\n setRequestHeadersOnNextResponse(handlerResult, clerkRequest, { [constants.Headers.EnableDebug]: 'true' });\n }\n\n const keylessKeysForRequestData =\n // Only pass keyless credentials when there are no explicit keys\n secretKey === keyless?.secretKey\n ? {\n publishableKey: keyless?.publishableKey,\n secretKey: keyless?.secretKey,\n }\n : {};\n\n decorateRequest(\n clerkRequest,\n handlerResult,\n requestState,\n resolvedParams,\n keylessKeysForRequestData,\n authObject.tokenType === 'session_token' ? null : makeAuthObjectSerializable(authObject),\n );\n\n return handlerResult;\n}\n\nconst isKeylessSyncRequest = (request: NextMiddlewareRequestParam) =>\n request.nextUrl.pathname === '/clerk-sync-keyless';\n\nconst returnBackFromKeylessSync = (request: NextMiddlewareRequestParam) => {\n const returnUrl = request.nextUrl.searchParams.get('returnUrl');\n const url = new URL(request.url);\n url.pathname = '';\n\n return NextResponse.redirect(returnUrl || url.toString());\n};\n\ntype AuthenticateRequest = Pick<ClerkClient, 'authenticateRequest'>['authenticateRequest'];\n\nexport const createAuthenticateRequestOptions = (\n clerkRequest: ClerkRequest,\n options: ClerkMiddlewareOptions,\n): Parameters<AuthenticateRequest>[1] => {\n // Auto-derive proxyUrl from frontendApiProxy config if not explicitly set\n let resolvedOptions = options;\n if (options.frontendApiProxy && !options.proxyUrl) {\n const { enabled, path: proxyPath = DEFAULT_PROXY_PATH } = options.frontendApiProxy;\n const requestUrl = new URL(clerkRequest.url);\n const isEnabled = typeof enabled === 'function' ? enabled(requestUrl) : enabled;\n\n if (isEnabled) {\n const derivedProxyUrl = `${requestUrl.origin}${proxyPath}`;\n resolvedOptions = { ...options, proxyUrl: derivedProxyUrl };\n }\n }\n\n return {\n ...resolvedOptions,\n ...handleMultiDomainAndProxy(clerkRequest, resolvedOptions),\n // TODO: Leaving the acceptsToken as 'any' opens up the possibility of\n // an economic attack. We should revisit this and only verify a token\n // when auth() or auth.protect() is invoked.\n acceptsToken: 'any',\n };\n};\n\nconst createMiddlewareRedirectToSignIn = (\n clerkRequest: ClerkRequest,\n): ClerkMiddlewareSessionAuthObject['redirectToSignIn'] => {\n return (opts = {}) => {\n const url = clerkRequest.clerkUrl.toString();\n redirectToSignInError(url, opts.returnBackUrl);\n };\n};\n\nconst createMiddlewareRedirectToSignUp = (\n clerkRequest: ClerkRequest,\n): ClerkMiddlewareSessionAuthObject['redirectToSignUp'] => {\n return (opts = {}) => {\n const url = clerkRequest.clerkUrl.toString();\n redirectToSignUpError(url, opts.returnBackUrl);\n };\n};\n\nconst createMiddlewareProtect = (\n clerkRequest: ClerkRequest,\n rawAuthObject: AuthObject,\n redirectToSignIn: RedirectFun<Response>,\n) => {\n return (async (params: any, options: any) => {\n const notFound = () => nextjsNotFound();\n\n const redirect = (url: string) =>\n nextjsRedirectError(url, {\n redirectUrl: url,\n });\n\n const requestedToken = params?.token || options?.token || TokenType.SessionToken;\n const authObject = getAuthObjectForAcceptedToken({ authObject: rawAuthObject, acceptsToken: requestedToken });\n\n return createProtect({\n request: clerkRequest,\n redirect,\n notFound,\n unauthorized,\n authObject,\n redirectToSignIn,\n })(params, options);\n }) as unknown as Promise<AuthProtect>;\n};\n\n/**\n * Modifies the auth object based on the token type.\n * - For session tokens: adds redirect functions to the auth object\n * - For machine tokens: validates token type and returns appropriate auth object\n */\nconst createMiddlewareAuthHandler = (\n requestState: AuthenticatedState<'session_token'> | UnauthenticatedState<'session_token'>,\n redirectToSignIn: RedirectFun<Response>,\n redirectToSignUp: RedirectFun<Response>,\n): ClerkMiddlewareAuth => {\n const authHandler = async (options?: GetAuthOptions) => {\n const rawAuthObject = requestState.toAuth({ treatPendingAsSignedOut: options?.treatPendingAsSignedOut });\n const acceptsToken = options?.acceptsToken ?? TokenType.SessionToken;\n\n const authObject = getAuthObjectForAcceptedToken({\n authObject: rawAuthObject,\n acceptsToken,\n });\n\n if (authObject.tokenType === TokenType.SessionToken && isTokenTypeAccepted(TokenType.SessionToken, acceptsToken)) {\n return Object.assign(authObject, {\n redirectToSignIn,\n redirectToSignUp,\n });\n }\n\n return authObject;\n };\n\n return authHandler as ClerkMiddlewareAuth;\n};\n\n// Handle errors thrown by protect() and redirectToSignIn() calls,\n// as we want to align the APIs between middleware, pages and route handlers\n// Normally, middleware requires to explicitly return a response, but we want to\n// avoid discrepancies between the APIs as it's easy to miss the `return` statement\n// especially when copy-pasting code from one place to another.\n// This function handles the known errors thrown by the APIs described above,\n// and returns the appropriate response.\nconst handleControlFlowErrors = (\n e: any,\n clerkRequest: ClerkRequest,\n nextRequest: NextRequest,\n requestState: RequestState,\n): Response => {\n if (isMalformedURLError(e)) {\n return new NextResponse(null, { status: 400, statusText: 'Bad Request' });\n }\n\n if (isNextjsUnauthorizedError(e)) {\n const response = new NextResponse(null, { status: 401 });\n\n // RequestState.toAuth() returns a session_token type by default.\n // We need to cast it to the correct type to check for OAuth tokens.\n const authObject = (requestState as RequestState<TokenType>).toAuth();\n if (authObject && authObject.tokenType === TokenType.OAuthToken) {\n // Following MCP spec, we return WWW-Authenticate header on 401 responses\n // to enable OAuth 2.0 authorization server discovery (RFC9728).\n // See https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-1-authorization-server-location\n const publishableKey = parsePublishableKey(requestState.publishableKey);\n return setHeader(\n response,\n 'WWW-Authenticate',\n `Bearer resource_metadata=\"https://${publishableKey?.frontendApi}/.well-known/oauth-protected-resource\"`,\n );\n }\n\n return response;\n }\n\n if (isNextjsNotFoundError(e)) {\n // Rewrite to a bogus URL to force not found error\n return setHeader(\n // This is an internal rewrite purely to trigger a not found error. We do not want Next.js to think that the\n // destination URL is a valid page, so we use `nextRequest.url` as the base for the fake URL, which Next.js\n // understands is an internal URL and won't run middleware against the request.\n NextResponse.rewrite(new URL(`/clerk_${Date.now()}`, nextRequest.url)),\n constants.Headers.AuthReason,\n 'protect-rewrite',\n );\n }\n\n const isRedirectToSignIn = isRedirectToSignInError(e);\n const isRedirectToSignUp = isRedirectToSignUpError(e);\n\n if (isRedirectToSignIn || isRedirectToSignUp) {\n const redirect = createRedirect({\n redirectAdapter,\n baseUrl: clerkRequest.clerkUrl,\n signInUrl: requestState.signInUrl,\n signUpUrl: requestState.signUpUrl,\n publishableKey: requestState.publishableKey,\n sessionStatus: requestState.toAuth()?.sessionStatus,\n isSatellite: requestState.isSatellite,\n });\n\n const { returnBackUrl } = e;\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({ returnBackUrl });\n }\n\n if (isNextjsRedirectError(e)) {\n return redirectAdapter(e.redirectUrl);\n }\n\n throw e;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWA,sBAWO;AACP,mBAA0E;AAC1E,kBAAoE;AACpE,iCAAgD;AAChD,yBAAoC;AACpC,IAAAA,gBAAgC;AAChC,wBAA2C;AAE3C,oBAA6B;AAI7B,mBAA8D;AAE9D,yBAA2B;AAC3B,2BAA8B;AAC9B,yBAA4B;AAC5B,uBAAyF;AACzF,qCAAsF;AACtF,0BAA6B;AAC7B,2BAA0B;AAC1B,qBAAsC;AACtC,gCAAmF;AACnF,wBAUO;AAEP,qBAA8B;AAO9B,IAAAC,gBAMO;AA0EA,MAAM,mBAAmB,IAAI,SAA2D;AAC7F,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,4DAAkC,IAAI,2DAAiC,MAAM;AAC9F,UAAM,yBAAqC,+BAAW,mBAAmB,YAAU,OAAOC,UAASC,WAAU;AAE3G,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAE9E,YAAM,UAAU,UAAM,sCAAsB,UAAK;AAzJvD;AAyJ0D,qBAAAA,SAAQ,QAAQ,IAAI,IAAI,MAAxB,mBAA2B;AAAA,OAAK;AAEpF,YAAM,qBAAiB;AAAA,QACrB,eAAe,kBAAkB,qCAAmB,mCAAS;AAAA,QAC7D,MAAM,iCAAa,gCAAgC;AAAA,MACrD;AAEA,YAAM,gBAAY;AAAA,QAAU,eAAe,aAAa,gCAAc,mCAAS;AAAA,QAAW,MACxF,iCAAa,2BAA2B;AAAA,MAC1C;AAGA,YAAM,aAAa,IAAI,IAAIA,SAAQ,QAAQ,IAAI;AAC/C,UAAI,yBAAyB,eAAe;AAG5C,YAAM,2BAA2B,eAAe,YAAY,8BAAa,eAAe,UAAU;AAClG,UAAI,CAAC,0BAA0B,CAAC,gCAA4B,4CAA+B,cAAc,GAAG;AAC1G,gBAAI,+BAAgB,WAAW,QAAQ,GAAG;AACxC,mCAAyB,EAAE,SAAS,KAAK;AAAA,QAC3C;AAAA,MACF;AACA,UAAI,wBAAwB;AAC1B,cAAM,EAAE,SAAS,MAAM,YAAY,gCAAmB,IAAI;AAG1D,cAAM,YAAY,OAAO,YAAY,aAAa,QAAQ,UAAU,IAAI;AAExE,YAAI,iBAAa,6BAAeA,UAAS,EAAE,UAAU,CAAC,GAAG;AACvD,qBAAO,oCAAsBA,UAAS;AAAA,YACpC;AAAA,YACA;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAEA,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAGA,gEAAgC,IAAI,eAAe,OAAO;AAC1D,YAAM,sBAAsB,UAAM,gCAAY;AAE9C,UAAI,QAAQ,OAAO;AACjB,eAAO,OAAO;AAAA,MAChB;AACA,YAAM,mBAAe,oCAAmBA,QAAO;AAC/C,aAAO,MAAM,WAAW,OAAO;AAC/B,aAAO,MAAM,OAAO,MAAM,aAAa,OAAO,CAAC;AAE/C,YAAM,aAAaA,SAAQ,QAAQ,IAAI,0BAAU,QAAQ,aAAa;AACtE,UAAI,cAAc,WAAW,WAAW,QAAQ,GAAG;AACjD,eAAO,MAAM,qBAAqB;AAAA,MACpC;AAEA,YAAM,YAAYA,SAAQ,QAAQ,IAAI,0BAAU,QAAQ,qBAAqB;AAC7E,UAAI,WAAW;AACb,eAAO,MAAM,oCAAoC,OAAO;AAAA,UACtD,OAAO;AAAA,QACT,EAAE;AAAA,MACJ;AAEA,YAAM,eAAe,MAAM,oBAAoB;AAAA,QAC7C;AAAA,QACA,iCAAiC,cAAc,OAAO;AAAA,MACxD;AAEA,aAAO,2BAA2B;AAAA,QAChC;AAAA,QACA,SAAAA;AAAA,QACA,OAAAC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAMD,UAAM,8BAA0C,+BAAW,mBAAmB,YAAU,OAAOD,UAASC,WAAU;AAChH,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAC9E,YAAM,UAAU,UAAM,sCAAsB,UAAK;AAxPvD;AAwP0D,qBAAAA,SAAQ,QAAQ,IAAI,IAAI,MAAxB,mBAA2B;AAAA,OAAK;AAEpF,YAAM,YAAY,eAAe,aAAa,gCAAe;AAC7D,YAAM,YAAY,eAAe,aAAa,gCAAe;AAE7D,YAAM,UAAU;AAAA,QACd,gBAAgB;AAAA,QAChB,WAAW;AAAA,QACX;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,gEAAgC,IAAI,eAAe,OAAO;AAE1D,UAAI,QAAQ,OAAO;AACjB,eAAO,OAAO;AAAA,MAChB;AAEA,YAAM,mBAAe,oCAAmBA,QAAO;AAC/C,aAAO,MAAM,0CAA0C,OAAO,EAAE,WAAW,UAAU,EAAE;AACvF,aAAO,MAAM,OAAO,MAAM,aAAa,OAAO,CAAC;AAE/C,YAAM,mBAAe,+CAA8B,EAAE,WAAW,UAAU,CAAC;AAE3E,aAAO,2BAA2B;AAAA,QAChC;AAAA,QACA,SAAAA;AAAA,QACA,OAAAC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAED,UAAM,oBAAoC,OAAOD,UAASC,WAAU;AA9RxE;AAkSM,UAAI,qBAAqBD,QAAO,GAAG;AACjC,eAAO,0BAA0BA,QAAO;AAAA,MAC1C;AAEA,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOA,QAAO,IAAI;AAC9E,YAAM,UAAU,UAAM,sCAAsB,UAAK;AAvSvD,YAAAE;AAuS0D,gBAAAA,MAAAF,SAAQ,QAAQ,IAAI,IAAI,MAAxB,gBAAAE,IAA2B;AAAA,OAAK;AAEpF,YAAM,0BAA0B,EAAE,eAAe,kBAAkB,qCAAmB,mCAAS;AAC/F,YAAM,cAAa,+CAAUF,UAAS,0BAAU,QAAQ,aAAa,MAAlD,mBAAqD,QAAQ,WAAW,QAAxE,YAA+E;AAElG,UAAI,2BAA2B,KAAC,wCAAuB,UAAU,GAAG;AAClE,eAAO,wBAAwBA,UAASC,MAAK;AAAA,MAC/C;AAEA,aAAO,mBAAmBD,UAASC,MAAK;AAAA,IAC1C;AAEA,UAAM,iBAAiC,OAAOD,UAASC,WAAU;AAC/D,UAAI,oCAAe;AACjB,eAAO,kBAAkBD,UAASC,MAAK;AAAA,MACzC;AAEA,aAAO,mBAAmBD,UAASC,MAAK;AAAA,IAC1C;AAIA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAIA,WAAO;AAAA,EACT,CAAC;AAED,SAAO;AACT;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO,CAAC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI,QAAW,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI,MAAS;AAI5G;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAyBA,eAAe,2BAA2B;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAsD;AAxXtD;AAyXE,QAAM,EAAE,gBAAgB,UAAU,IAAI;AAEtC,SAAO,MAAM,gBAAgB,OAAO;AAAA,IAClC,QAAQ,aAAa;AAAA,IACrB,SAAS,KAAK,UAAU,OAAO,YAAY,aAAa,OAAO,CAAC;AAAA,IAChE,QAAQ,aAAa;AAAA,EACvB,EAAE;AAEF,QAAM,iBAAiB,aAAa,QAAQ,IAAI,0BAAU,QAAQ,QAAQ;AAC1E,MAAI,gBAAgB;AAClB,oEAAgC;AAAA,MAC9B;AAAA,MACA,qBAAqB,aAAa;AAAA,MAClC,gBAAgB,aAAa;AAAA,IAC/B,CAAC;AAED,UAAM,MAAM,2BAAa,SAAS,aAAa,QAAQ,IAAI,0BAAU,QAAQ,QAAQ,KAAK,cAAc;AACxG,iBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,UAAI,QAAQ,0BAAU,QAAQ,UAAU;AACtC;AAAA,MACF;AACA,UAAI,QAAQ,OAAO,KAAK,KAAK;AAAA,IAC/B,CAAC;AACD,WAAO;AAAA,EACT,WAAW,aAAa,WAAW,2BAAW,WAAW;AACvD,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AAEA,QAAM,aAAa,aAAa,OAAO;AACvC,SAAO,MAAM,QAAQ,OAAO,EAAE,MAAM,YAAY,OAAO,WAAW,MAAM,EAAE,EAAE;AAE5E,QAAM,mBAAmB,iCAAiC,YAAY;AACtE,QAAM,mBAAmB,iCAAiC,YAAY;AACtE,QAAM,UAAU,MAAM,wBAAwB,cAAc,YAAY,gBAAgB;AAExF,QAAM,cAAc,4BAA4B,cAAc,kBAAkB,gBAAgB;AAChG,cAAY,UAAU;AAEtB,MAAI,gBAA0B,2BAAa,KAAK;AAChD,MAAI;AACF,UAAM,oBAAoB,MAAM,4DAAkC;AAAA,MAAI;AAAA,MAAiC,YACrG,mCAAU,aAAa,SAAS;AAAA,IAClC;AACA,oBAAgB,qBAAqB;AAAA,EACvC,SAAS,GAAQ;AACf,oBAAgB,wBAAwB,GAAG,cAAc,SAAS,YAAY;AAAA,EAChF;AACA,MAAI,QAAQ,uBAAuB;AACjC,UAAM,EAAE,QAAQ,QAAI;AAAA,QACjB,gDAAoB,cAAc,MAAlC,mBAAqC,gBAArC,YAAoD,IAAI,QAAQ,KAAK,EAAE;AAAA,MACxE,QAAQ;AAAA,IACV;AAEA,UAAM,oBAA4C,CAAC;AACnD,YAAQ,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChC,kCAAU,eAAe,KAAK,KAAK;AACnC,wBAAkB,GAAG,IAAI;AAAA,IAC3B,CAAC;AAID,uDAAgC,eAAe,cAAc,iBAAiB;AAE9E,WAAO,MAAM,uBAAuB,OAAO;AAAA,MACzC;AAAA,IACF,EAAE;AAAA,EACJ;AAIA,MAAI,aAAa,SAAS;AACxB,iBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,UAAI,QAAQ,0BAAU,QAAQ,uBAAuB;AACnD,eAAO,MAAM,oCAAoC,OAAO;AAAA,UACtD;AAAA,QACF,EAAE;AAAA,MACJ;AACA,oBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,IACzC,CAAC;AAAA,EACH;AAEA,UAAI,yBAAW,aAAa,GAAG;AAC7B,WAAO,MAAM,2BAA2B;AACxC,eAAO,qCAAuB,cAAc,eAAe,OAAO;AAAA,EACpE;AAEA,MAAI,QAAQ,OAAO;AACjB,uDAAgC,eAAe,cAAc,EAAE,CAAC,0BAAU,QAAQ,WAAW,GAAG,OAAO,CAAC;AAAA,EAC1G;AAEA,QAAM;AAAA;AAAA,IAEJ,eAAc,mCAAS,aACnB;AAAA,MACE,gBAAgB,mCAAS;AAAA,MACzB,WAAW,mCAAS;AAAA,IACtB,IACA,CAAC;AAAA;AAEP;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,cAAc,kBAAkB,WAAO,4CAA2B,UAAU;AAAA,EACzF;AAEA,SAAO;AACT;AAEA,MAAM,uBAAuB,CAAC,YAC5B,QAAQ,QAAQ,aAAa;AAE/B,MAAM,4BAA4B,CAAC,YAAwC;AACzE,QAAM,YAAY,QAAQ,QAAQ,aAAa,IAAI,WAAW;AAC9D,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,MAAI,WAAW;AAEf,SAAO,2BAAa,SAAS,aAAa,IAAI,SAAS,CAAC;AAC1D;AAIO,MAAM,mCAAmC,CAC9C,cACA,YACuC;AAEvC,MAAI,kBAAkB;AACtB,MAAI,QAAQ,oBAAoB,CAAC,QAAQ,UAAU;AACjD,UAAM,EAAE,SAAS,MAAM,YAAY,gCAAmB,IAAI,QAAQ;AAClE,UAAM,aAAa,IAAI,IAAI,aAAa,GAAG;AAC3C,UAAM,YAAY,OAAO,YAAY,aAAa,QAAQ,UAAU,IAAI;AAExE,QAAI,WAAW;AACb,YAAM,kBAAkB,GAAG,WAAW,MAAM,GAAG,SAAS;AACxD,wBAAkB,EAAE,GAAG,SAAS,UAAU,gBAAgB;AAAA,IAC5D;AAAA,EACF;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,OAAG,yCAA0B,cAAc,eAAe;AAAA;AAAA;AAAA;AAAA,IAI1D,cAAc;AAAA,EAChB;AACF;AAEA,MAAM,mCAAmC,CACvC,iBACyD;AACzD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,aAAa,SAAS,SAAS;AAC3C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAEA,MAAM,mCAAmC,CACvC,iBACyD;AACzD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,aAAa,SAAS,SAAS;AAC3C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAEA,MAAM,0BAA0B,CAC9B,cACA,eACA,qBACG;AACH,UAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,UAAM,kBAAAE,UAAe;AAEtC,UAAM,WAAW,CAAC,YAChB,uCAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,UAAM,kBAAiB,iCAAQ,WAAS,mCAAS,UAAS,0BAAU;AACpE,UAAM,iBAAa,+CAA8B,EAAE,YAAY,eAAe,cAAc,eAAe,CAAC;AAE5G,eAAO,8BAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAOA,MAAM,8BAA8B,CAClC,cACA,kBACA,qBACwB;AACxB,QAAM,cAAc,OAAO,YAA6B;AAvkB1D;AAwkBI,UAAM,gBAAgB,aAAa,OAAO,EAAE,yBAAyB,mCAAS,wBAAwB,CAAC;AACvG,UAAM,gBAAe,wCAAS,iBAAT,YAAyB,0BAAU;AAExD,UAAM,iBAAa,+CAA8B;AAAA,MAC/C,YAAY;AAAA,MACZ;AAAA,IACF,CAAC;AAED,QAAI,WAAW,cAAc,0BAAU,oBAAgB,qCAAoB,0BAAU,cAAc,YAAY,GAAG;AAChH,aAAO,OAAO,OAAO,YAAY;AAAA,QAC/B;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AASA,MAAM,0BAA0B,CAC9B,GACA,cACA,aACA,iBACa;AAzmBf;AA0mBE,UAAI,wCAAoB,CAAC,GAAG;AAC1B,WAAO,IAAI,2BAAa,MAAM,EAAE,QAAQ,KAAK,YAAY,cAAc,CAAC;AAAA,EAC1E;AAEA,UAAI,6CAA0B,CAAC,GAAG;AAChC,UAAM,WAAW,IAAI,2BAAa,MAAM,EAAE,QAAQ,IAAI,CAAC;AAIvD,UAAM,aAAc,aAAyC,OAAO;AACpE,QAAI,cAAc,WAAW,cAAc,0BAAU,YAAY;AAI/D,YAAM,qBAAiB,iCAAoB,aAAa,cAAc;AACtE,iBAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,qCAAqC,iDAAgB,WAAW;AAAA,MAClE;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,UAAI,yCAAsB,CAAC,GAAG;AAE5B,eAAO;AAAA;AAAA;AAAA;AAAA,MAIL,2BAAa,QAAQ,IAAI,IAAI,UAAU,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACrE,0BAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,yBAAqB,2CAAwB,CAAC;AACpD,QAAM,yBAAqB,2CAAwB,CAAC;AAEpD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,eAAW,gCAAe;AAAA,MAC9B;AAAA,MACA,SAAS,aAAa;AAAA,MACtB,WAAW,aAAa;AAAA,MACxB,WAAW,aAAa;AAAA,MACxB,gBAAgB,aAAa;AAAA,MAC7B,gBAAe,kBAAa,OAAO,MAApB,mBAAuB;AAAA,MACtC,aAAa,aAAa;AAAA,IAC5B,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAC1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE,EAAE,cAAc,CAAC;AAAA,EACjG;AAEA,UAAI,yCAAsB,CAAC,GAAG;AAC5B,eAAO,+BAAgB,EAAE,WAAW;AAAA,EACtC;AAEA,QAAM;AACR;","names":["import_proxy","import_utils","request","event","_a","nextjsNotFound"]}
|
|
@@ -58,7 +58,7 @@ const SIGN_IN_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || "";
|
|
|
58
58
|
const SIGN_UP_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || "";
|
|
59
59
|
const SDK_METADATA = {
|
|
60
60
|
name: "@clerk/nextjs",
|
|
61
|
-
version: "7.3.1
|
|
61
|
+
version: "7.3.1",
|
|
62
62
|
environment: process.env.NODE_ENV
|
|
63
63
|
};
|
|
64
64
|
const TELEMETRY_DISABLED = (0, import_underscore.isTruthy)(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DISABLED);
|
|
@@ -28,7 +28,7 @@ const clerkClientDefaultOptions = {
|
|
|
28
28
|
publishableKey: import_constants.PUBLISHABLE_KEY,
|
|
29
29
|
apiUrl: import_constants.API_URL,
|
|
30
30
|
apiVersion: import_constants.API_VERSION,
|
|
31
|
-
userAgent: `${"@clerk/nextjs"}@${"7.3.1
|
|
31
|
+
userAgent: `${"@clerk/nextjs"}@${"7.3.1"}`,
|
|
32
32
|
proxyUrl: import_constants.PROXY_URL,
|
|
33
33
|
domain: import_constants.DOMAIN,
|
|
34
34
|
isSatellite: import_constants.IS_SATELLITE,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/createClerkClient.ts"],"sourcesContent":["import { createClerkClient } from '@clerk/backend';\n\nimport {\n API_URL,\n API_VERSION,\n DOMAIN,\n IS_SATELLITE,\n MACHINE_SECRET_KEY,\n PROXY_URL,\n PUBLISHABLE_KEY,\n SDK_METADATA,\n SECRET_KEY,\n TELEMETRY_DEBUG,\n TELEMETRY_DISABLED,\n} from './constants';\n\nconst clerkClientDefaultOptions = {\n secretKey: SECRET_KEY,\n publishableKey: PUBLISHABLE_KEY,\n apiUrl: API_URL,\n apiVersion: API_VERSION,\n userAgent: `${PACKAGE_NAME}@${PACKAGE_VERSION}`,\n proxyUrl: PROXY_URL,\n domain: DOMAIN,\n isSatellite: IS_SATELLITE,\n machineSecretKey: MACHINE_SECRET_KEY,\n sdkMetadata: SDK_METADATA,\n telemetry: {\n disabled: TELEMETRY_DISABLED,\n debug: TELEMETRY_DEBUG,\n },\n};\n\nexport const createClerkClientWithOptions: typeof createClerkClient = options =>\n createClerkClient({ ...clerkClientDefaultOptions, ...options });\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAAkC;AAElC,uBAYO;AAEP,MAAM,4BAA4B;AAAA,EAChC,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW,GAAG,eAAY,IAAI,
|
|
1
|
+
{"version":3,"sources":["../../../src/server/createClerkClient.ts"],"sourcesContent":["import { createClerkClient } from '@clerk/backend';\n\nimport {\n API_URL,\n API_VERSION,\n DOMAIN,\n IS_SATELLITE,\n MACHINE_SECRET_KEY,\n PROXY_URL,\n PUBLISHABLE_KEY,\n SDK_METADATA,\n SECRET_KEY,\n TELEMETRY_DEBUG,\n TELEMETRY_DISABLED,\n} from './constants';\n\nconst clerkClientDefaultOptions = {\n secretKey: SECRET_KEY,\n publishableKey: PUBLISHABLE_KEY,\n apiUrl: API_URL,\n apiVersion: API_VERSION,\n userAgent: `${PACKAGE_NAME}@${PACKAGE_VERSION}`,\n proxyUrl: PROXY_URL,\n domain: DOMAIN,\n isSatellite: IS_SATELLITE,\n machineSecretKey: MACHINE_SECRET_KEY,\n sdkMetadata: SDK_METADATA,\n telemetry: {\n disabled: TELEMETRY_DISABLED,\n debug: TELEMETRY_DEBUG,\n },\n};\n\nexport const createClerkClientWithOptions: typeof createClerkClient = options =>\n createClerkClient({ ...clerkClientDefaultOptions, ...options });\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAAkC;AAElC,uBAYO;AAEP,MAAM,4BAA4B;AAAA,EAChC,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW,GAAG,eAAY,IAAI,OAAe;AAAA,EAC7C,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,aAAa;AAAA,EACb,WAAW;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,EACT;AACF;AAEO,MAAM,+BAAyD,iBACpE,kCAAkB,EAAE,GAAG,2BAA2B,GAAG,QAAQ,CAAC;","names":[]}
|
|
@@ -90,7 +90,7 @@ function debugLogHeader(name) {
|
|
|
90
90
|
return `[clerk debug start: ${name}]`;
|
|
91
91
|
}
|
|
92
92
|
function debugLogFooter(name) {
|
|
93
|
-
return `[clerk debug end: ${name}] (@clerk/nextjs=${"7.3.1
|
|
93
|
+
return `[clerk debug end: ${name}] (@clerk/nextjs=${"7.3.1"},next=${import_package.default.version},timestamp=${Math.round((/* @__PURE__ */ new Date()).getTime() / 1e3)})`;
|
|
94
94
|
}
|
|
95
95
|
function truncate(str, maxLength) {
|
|
96
96
|
const encoder = new TextEncoder();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/utils/debugLogger.ts"],"sourcesContent":["// TODO: Replace with a more sophisticated logging solution\n\nimport nextPkg from 'next/package.json';\n\nimport { logFormatter } from './logFormatter';\n\nexport type Log = string | Record<string, unknown>;\nexport type LogEntry = Log | Log[];\nexport type Logger<L = Log> = {\n commit: () => void;\n debug: (...args: Array<L | (() => L)>) => void;\n enable: () => void;\n};\nexport type LoggerNoCommit<L = Logger> = Omit<L, 'commit'>;\n\nexport const createDebugLogger = (name: string, formatter: (val: LogEntry) => string) => (): Logger => {\n const entries: LogEntry[] = [];\n let isEnabled = false;\n\n return {\n enable: () => {\n isEnabled = true;\n },\n debug: (...args) => {\n if (isEnabled) {\n entries.push(args.map(arg => (typeof arg === 'function' ? arg() : arg)));\n }\n },\n commit: () => {\n if (isEnabled) {\n console.log(debugLogHeader(name));\n\n /**\n * We buffer each collected log entry so we can format them and log them all at once.\n * Individual console.log calls are used to ensure we don't hit platform-specific log limits (Vercel and Netlify are 4kb).\n */\n for (const log of entries) {\n let output = formatter(log);\n\n output = output\n .split('\\n')\n .map(l => ` ${l}`)\n .join('\\n');\n\n // Vercel errors if the output is > 4kb, so we truncate it\n if (process.env.VERCEL) {\n output = truncate(output, 4096);\n }\n\n console.log(output);\n }\n\n console.log(debugLogFooter(name));\n }\n },\n };\n};\n\ntype WithLogger = <L extends Logger, H extends (...args: any[]) => any>(\n loggerFactoryOrName: string | (() => L),\n handlerCtor: (logger: LoggerNoCommit<L>) => H,\n) => H;\n\nexport const withLogger: WithLogger = (loggerFactoryOrName, handlerCtor) => {\n return ((...args: any) => {\n const factory =\n typeof loggerFactoryOrName === 'string'\n ? createDebugLogger(loggerFactoryOrName, logFormatter)\n : loggerFactoryOrName;\n\n const logger = factory();\n const handler = handlerCtor(logger as any);\n\n try {\n const res = handler(...args);\n if (typeof res === 'object' && 'then' in res && typeof res.then === 'function') {\n return res\n .then((val: any) => {\n logger.commit();\n return val;\n })\n .catch((err: any) => {\n logger.commit();\n throw err;\n });\n }\n // handle sync methods\n logger.commit();\n return res;\n } catch (err: any) {\n logger.commit();\n throw err;\n }\n }) as ReturnType<typeof handlerCtor>;\n};\n\nfunction debugLogHeader(name: string) {\n return `[clerk debug start: ${name}]`;\n}\n\nfunction debugLogFooter(name: string) {\n return `[clerk debug end: ${name}] (@clerk/nextjs=${PACKAGE_VERSION},next=${nextPkg.version},timestamp=${Math.round(new Date().getTime() / 1_000)})`;\n}\n\n// ref: https://stackoverflow.com/questions/57769465/javascript-truncate-text-by-bytes-length\nfunction truncate(str: string, maxLength: number) {\n const encoder = new TextEncoder();\n const decoder = new TextDecoder('utf-8');\n\n const encodedString = encoder.encode(str);\n const truncatedString = encodedString.slice(0, maxLength);\n\n // return the truncated string, removing any replacement characters that result from partially truncated characters\n return decoder.decode(truncatedString).replace(/\\uFFFD/g, '');\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAoB;AAEpB,0BAA6B;AAWtB,MAAM,oBAAoB,CAAC,MAAc,cAAyC,MAAc;AACrG,QAAM,UAAsB,CAAC;AAC7B,MAAI,YAAY;AAEhB,SAAO;AAAA,IACL,QAAQ,MAAM;AACZ,kBAAY;AAAA,IACd;AAAA,IACA,OAAO,IAAI,SAAS;AAClB,UAAI,WAAW;AACb,gBAAQ,KAAK,KAAK,IAAI,SAAQ,OAAO,QAAQ,aAAa,IAAI,IAAI,GAAI,CAAC;AAAA,MACzE;AAAA,IACF;AAAA,IACA,QAAQ,MAAM;AACZ,UAAI,WAAW;AACb,gBAAQ,IAAI,eAAe,IAAI,CAAC;AAMhC,mBAAW,OAAO,SAAS;AACzB,cAAI,SAAS,UAAU,GAAG;AAE1B,mBAAS,OACN,MAAM,IAAI,EACV,IAAI,OAAK,KAAK,CAAC,EAAE,EACjB,KAAK,IAAI;AAGZ,cAAI,QAAQ,IAAI,QAAQ;AACtB,qBAAS,SAAS,QAAQ,IAAI;AAAA,UAChC;AAEA,kBAAQ,IAAI,MAAM;AAAA,QACpB;AAEA,gBAAQ,IAAI,eAAe,IAAI,CAAC;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AACF;AAOO,MAAM,aAAyB,CAAC,qBAAqB,gBAAgB;AAC1E,UAAQ,IAAI,SAAc;AACxB,UAAM,UACJ,OAAO,wBAAwB,WAC3B,kBAAkB,qBAAqB,gCAAY,IACnD;AAEN,UAAM,SAAS,QAAQ;AACvB,UAAM,UAAU,YAAY,MAAa;AAEzC,QAAI;AACF,YAAM,MAAM,QAAQ,GAAG,IAAI;AAC3B,UAAI,OAAO,QAAQ,YAAY,UAAU,OAAO,OAAO,IAAI,SAAS,YAAY;AAC9E,eAAO,IACJ,KAAK,CAAC,QAAa;AAClB,iBAAO,OAAO;AACd,iBAAO;AAAA,QACT,CAAC,EACA,MAAM,CAAC,QAAa;AACnB,iBAAO,OAAO;AACd,gBAAM;AAAA,QACR,CAAC;AAAA,MACL;AAEA,aAAO,OAAO;AACd,aAAO;AAAA,IACT,SAAS,KAAU;AACjB,aAAO,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAEA,SAAS,eAAe,MAAc;AACpC,SAAO,uBAAuB,IAAI;AACpC;AAEA,SAAS,eAAe,MAAc;AACpC,SAAO,qBAAqB,IAAI,oBAAoB,
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/debugLogger.ts"],"sourcesContent":["// TODO: Replace with a more sophisticated logging solution\n\nimport nextPkg from 'next/package.json';\n\nimport { logFormatter } from './logFormatter';\n\nexport type Log = string | Record<string, unknown>;\nexport type LogEntry = Log | Log[];\nexport type Logger<L = Log> = {\n commit: () => void;\n debug: (...args: Array<L | (() => L)>) => void;\n enable: () => void;\n};\nexport type LoggerNoCommit<L = Logger> = Omit<L, 'commit'>;\n\nexport const createDebugLogger = (name: string, formatter: (val: LogEntry) => string) => (): Logger => {\n const entries: LogEntry[] = [];\n let isEnabled = false;\n\n return {\n enable: () => {\n isEnabled = true;\n },\n debug: (...args) => {\n if (isEnabled) {\n entries.push(args.map(arg => (typeof arg === 'function' ? arg() : arg)));\n }\n },\n commit: () => {\n if (isEnabled) {\n console.log(debugLogHeader(name));\n\n /**\n * We buffer each collected log entry so we can format them and log them all at once.\n * Individual console.log calls are used to ensure we don't hit platform-specific log limits (Vercel and Netlify are 4kb).\n */\n for (const log of entries) {\n let output = formatter(log);\n\n output = output\n .split('\\n')\n .map(l => ` ${l}`)\n .join('\\n');\n\n // Vercel errors if the output is > 4kb, so we truncate it\n if (process.env.VERCEL) {\n output = truncate(output, 4096);\n }\n\n console.log(output);\n }\n\n console.log(debugLogFooter(name));\n }\n },\n };\n};\n\ntype WithLogger = <L extends Logger, H extends (...args: any[]) => any>(\n loggerFactoryOrName: string | (() => L),\n handlerCtor: (logger: LoggerNoCommit<L>) => H,\n) => H;\n\nexport const withLogger: WithLogger = (loggerFactoryOrName, handlerCtor) => {\n return ((...args: any) => {\n const factory =\n typeof loggerFactoryOrName === 'string'\n ? createDebugLogger(loggerFactoryOrName, logFormatter)\n : loggerFactoryOrName;\n\n const logger = factory();\n const handler = handlerCtor(logger as any);\n\n try {\n const res = handler(...args);\n if (typeof res === 'object' && 'then' in res && typeof res.then === 'function') {\n return res\n .then((val: any) => {\n logger.commit();\n return val;\n })\n .catch((err: any) => {\n logger.commit();\n throw err;\n });\n }\n // handle sync methods\n logger.commit();\n return res;\n } catch (err: any) {\n logger.commit();\n throw err;\n }\n }) as ReturnType<typeof handlerCtor>;\n};\n\nfunction debugLogHeader(name: string) {\n return `[clerk debug start: ${name}]`;\n}\n\nfunction debugLogFooter(name: string) {\n return `[clerk debug end: ${name}] (@clerk/nextjs=${PACKAGE_VERSION},next=${nextPkg.version},timestamp=${Math.round(new Date().getTime() / 1_000)})`;\n}\n\n// ref: https://stackoverflow.com/questions/57769465/javascript-truncate-text-by-bytes-length\nfunction truncate(str: string, maxLength: number) {\n const encoder = new TextEncoder();\n const decoder = new TextDecoder('utf-8');\n\n const encodedString = encoder.encode(str);\n const truncatedString = encodedString.slice(0, maxLength);\n\n // return the truncated string, removing any replacement characters that result from partially truncated characters\n return decoder.decode(truncatedString).replace(/\\uFFFD/g, '');\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,qBAAoB;AAEpB,0BAA6B;AAWtB,MAAM,oBAAoB,CAAC,MAAc,cAAyC,MAAc;AACrG,QAAM,UAAsB,CAAC;AAC7B,MAAI,YAAY;AAEhB,SAAO;AAAA,IACL,QAAQ,MAAM;AACZ,kBAAY;AAAA,IACd;AAAA,IACA,OAAO,IAAI,SAAS;AAClB,UAAI,WAAW;AACb,gBAAQ,KAAK,KAAK,IAAI,SAAQ,OAAO,QAAQ,aAAa,IAAI,IAAI,GAAI,CAAC;AAAA,MACzE;AAAA,IACF;AAAA,IACA,QAAQ,MAAM;AACZ,UAAI,WAAW;AACb,gBAAQ,IAAI,eAAe,IAAI,CAAC;AAMhC,mBAAW,OAAO,SAAS;AACzB,cAAI,SAAS,UAAU,GAAG;AAE1B,mBAAS,OACN,MAAM,IAAI,EACV,IAAI,OAAK,KAAK,CAAC,EAAE,EACjB,KAAK,IAAI;AAGZ,cAAI,QAAQ,IAAI,QAAQ;AACtB,qBAAS,SAAS,QAAQ,IAAI;AAAA,UAChC;AAEA,kBAAQ,IAAI,MAAM;AAAA,QACpB;AAEA,gBAAQ,IAAI,eAAe,IAAI,CAAC;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AACF;AAOO,MAAM,aAAyB,CAAC,qBAAqB,gBAAgB;AAC1E,UAAQ,IAAI,SAAc;AACxB,UAAM,UACJ,OAAO,wBAAwB,WAC3B,kBAAkB,qBAAqB,gCAAY,IACnD;AAEN,UAAM,SAAS,QAAQ;AACvB,UAAM,UAAU,YAAY,MAAa;AAEzC,QAAI;AACF,YAAM,MAAM,QAAQ,GAAG,IAAI;AAC3B,UAAI,OAAO,QAAQ,YAAY,UAAU,OAAO,OAAO,IAAI,SAAS,YAAY;AAC9E,eAAO,IACJ,KAAK,CAAC,QAAa;AAClB,iBAAO,OAAO;AACd,iBAAO;AAAA,QACT,CAAC,EACA,MAAM,CAAC,QAAa;AACnB,iBAAO,OAAO;AACd,gBAAM;AAAA,QACR,CAAC;AAAA,MACL;AAEA,aAAO,OAAO;AACd,aAAO;AAAA,IACT,SAAS,KAAU;AACjB,aAAO,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAEA,SAAS,eAAe,MAAc;AACpC,SAAO,uBAAuB,IAAI;AACpC;AAEA,SAAS,eAAe,MAAc;AACpC,SAAO,qBAAqB,IAAI,oBAAoB,OAAe,SAAS,eAAAA,QAAQ,OAAO,cAAc,KAAK,OAAM,oBAAI,KAAK,GAAE,QAAQ,IAAI,GAAK,CAAC;AACnJ;AAGA,SAAS,SAAS,KAAa,WAAmB;AAChD,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,UAAU,IAAI,YAAY,OAAO;AAEvC,QAAM,gBAAgB,QAAQ,OAAO,GAAG;AACxC,QAAM,kBAAkB,cAAc,MAAM,GAAG,SAAS;AAGxD,SAAO,QAAQ,OAAO,eAAe,EAAE,QAAQ,WAAW,EAAE;AAC9D;","names":["nextPkg"]}
|
|
@@ -2,6 +2,7 @@ import "../chunk-BUSYA2B4.js";
|
|
|
2
2
|
import {
|
|
3
3
|
AuthStatus,
|
|
4
4
|
constants,
|
|
5
|
+
createBootstrapSignedOutState,
|
|
5
6
|
createClerkRequest,
|
|
6
7
|
createRedirect,
|
|
7
8
|
getAuthObjectForAcceptedToken,
|
|
@@ -126,6 +127,41 @@ const clerkMiddleware = ((...args) => {
|
|
|
126
127
|
logger
|
|
127
128
|
});
|
|
128
129
|
});
|
|
130
|
+
const bootstrapNextMiddleware = withLogger("clerkMiddleware", (logger) => async (request2, event2) => {
|
|
131
|
+
const resolvedParams = typeof params === "function" ? await params(request2) : params;
|
|
132
|
+
const keyless = await getKeylessCookieValue((name) => {
|
|
133
|
+
var _a;
|
|
134
|
+
return (_a = request2.cookies.get(name)) == null ? void 0 : _a.value;
|
|
135
|
+
});
|
|
136
|
+
const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL || "";
|
|
137
|
+
const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL || "";
|
|
138
|
+
const options = {
|
|
139
|
+
publishableKey: "",
|
|
140
|
+
secretKey: "",
|
|
141
|
+
signInUrl,
|
|
142
|
+
signUpUrl,
|
|
143
|
+
...resolvedParams
|
|
144
|
+
};
|
|
145
|
+
clerkMiddlewareRequestDataStore.set("requestData", options);
|
|
146
|
+
if (options.debug) {
|
|
147
|
+
logger.enable();
|
|
148
|
+
}
|
|
149
|
+
const clerkRequest = createClerkRequest(request2);
|
|
150
|
+
logger.debug("keyless bootstrap (no publishable key)", () => ({ signInUrl, signUpUrl }));
|
|
151
|
+
logger.debug("url", () => clerkRequest.toJSON());
|
|
152
|
+
const requestState = createBootstrapSignedOutState({ signInUrl, signUpUrl });
|
|
153
|
+
return runHandlerWithRequestState({
|
|
154
|
+
clerkRequest,
|
|
155
|
+
request: request2,
|
|
156
|
+
event: event2,
|
|
157
|
+
requestState,
|
|
158
|
+
handler,
|
|
159
|
+
options,
|
|
160
|
+
resolvedParams,
|
|
161
|
+
keyless,
|
|
162
|
+
logger
|
|
163
|
+
});
|
|
164
|
+
});
|
|
129
165
|
const keylessMiddleware = async (request2, event2) => {
|
|
130
166
|
var _a, _b;
|
|
131
167
|
if (isKeylessSyncRequest(request2)) {
|
|
@@ -139,11 +175,7 @@ const clerkMiddleware = ((...args) => {
|
|
|
139
175
|
const isMissingPublishableKey = !(resolvedParams.publishableKey || PUBLISHABLE_KEY || (keyless == null ? void 0 : keyless.publishableKey));
|
|
140
176
|
const authHeader = (_b = (_a = getHeader(request2, constants.Headers.Authorization)) == null ? void 0 : _a.replace("Bearer ", "")) != null ? _b : "";
|
|
141
177
|
if (isMissingPublishableKey && !isMachineTokenByPrefix(authHeader)) {
|
|
142
|
-
|
|
143
|
-
setRequestHeadersOnNextResponse(res, request2, {
|
|
144
|
-
[constants.Headers.AuthStatus]: "signed-out"
|
|
145
|
-
});
|
|
146
|
-
return res;
|
|
178
|
+
return bootstrapNextMiddleware(request2, event2);
|
|
147
179
|
}
|
|
148
180
|
return baseNextMiddleware(request2, event2);
|
|
149
181
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/clerkMiddleware.ts"],"sourcesContent":["import type { AccountlessApplication, AuthObject, ClerkClient } from '@clerk/backend';\nimport type {\n AuthenticatedState,\n AuthenticateRequestOptions,\n ClerkRequest,\n RedirectFun,\n RequestState,\n SignedInAuthObject,\n SignedOutAuthObject,\n UnauthenticatedState,\n} from '@clerk/backend/internal';\nimport {\n AuthStatus,\n constants,\n createClerkRequest,\n createRedirect,\n getAuthObjectForAcceptedToken,\n isMachineTokenByPrefix,\n isTokenTypeAccepted,\n makeAuthObjectSerializable,\n TokenType,\n} from '@clerk/backend/internal';\nimport { clerkFrontendApiProxy, DEFAULT_PROXY_PATH, matchProxyPath } from '@clerk/backend/proxy';\nimport { isProductionFromPublishableKey, parsePublishableKey } from '@clerk/shared/keys';\nimport { handleNetlifyCacheInDevInstance } from '@clerk/shared/netlifyCacheHandler';\nimport { isMalformedURLError } from '@clerk/shared/pathMatcher';\nimport { shouldAutoProxy } from '@clerk/shared/proxy';\nimport { notFound as nextjsNotFound } from 'next/navigation';\nimport type { NextMiddleware, NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\n\nimport type { AuthFn } from '../app-router/server/auth';\nimport type { GetAuthOptions } from '../server/createGetAuth';\nimport { isRedirect, serverRedirectWithAuth, setHeader } from '../utils';\nimport type { Logger, LoggerNoCommit } from '../utils/debugLogger';\nimport { withLogger } from '../utils/debugLogger';\nimport { canUseKeyless } from '../utils/feature-flags';\nimport { clerkClient } from './clerkClient';\nimport { DOMAIN, PROXY_URL, PUBLISHABLE_KEY, SECRET_KEY, SIGN_IN_URL, SIGN_UP_URL } from './constants';\nimport { type ContentSecurityPolicyOptions, createContentSecurityPolicyHeaders } from './content-security-policy';\nimport { errorThrower } from './errorThrower';\nimport { getHeader } from './headers-utils';\nimport { getKeylessCookieValue } from './keyless';\nimport { clerkMiddlewareRequestDataStorage, clerkMiddlewareRequestDataStore } from './middleware-storage';\nimport {\n isNextjsNotFoundError,\n isNextjsRedirectError,\n isNextjsUnauthorizedError,\n isRedirectToSignInError,\n isRedirectToSignUpError,\n nextjsRedirectError,\n redirectToSignInError,\n redirectToSignUpError,\n unauthorized,\n} from './nextErrors';\nimport type { AuthProtect } from './protect';\nimport { createProtect } from './protect';\nimport type {\n FrontendApiProxyOptions,\n NextMiddlewareEvtParam,\n NextMiddlewareRequestParam,\n NextMiddlewareReturn,\n} from './types';\nimport {\n assertKey,\n decorateRequest,\n handleMultiDomainAndProxy,\n redirectAdapter,\n setRequestHeadersOnNextResponse,\n} from './utils';\n\nexport type ClerkMiddlewareSessionAuthObject = (SignedInAuthObject | SignedOutAuthObject) & {\n redirectToSignIn: RedirectFun<Response>;\n redirectToSignUp: RedirectFun<Response>;\n};\n\nexport type ClerkMiddlewareAuth = AuthFn;\n\ntype ClerkMiddlewareHandler = (\n auth: ClerkMiddlewareAuth,\n request: NextMiddlewareRequestParam,\n event: NextMiddlewareEvtParam,\n) => NextMiddlewareReturn;\n\ntype AuthenticateAnyRequestOptions = Omit<AuthenticateRequestOptions, 'acceptsToken'>;\n\n/**\n * The `clerkMiddleware()` function accepts an optional object. The following options are available.\n * @interface\n */\nexport interface ClerkMiddlewareOptions extends AuthenticateAnyRequestOptions {\n /**\n * If true, additional debug information will be logged to the console.\n */\n debug?: boolean;\n\n /**\n * When set, automatically injects a Content-Security-Policy header(s) compatible with Clerk.\n */\n contentSecurityPolicy?: ContentSecurityPolicyOptions;\n\n /**\n * When set, enables the middleware to proxy Frontend API requests to Clerk.\n * This is useful when direct communication with Clerk's API is blocked.\n */\n frontendApiProxy?: FrontendApiProxyOptions;\n}\n\ntype ClerkMiddlewareOptionsCallback = (req: NextRequest) => ClerkMiddlewareOptions | Promise<ClerkMiddlewareOptions>;\n\n/**\n * Middleware for Next.js that handles authentication and authorization with Clerk.\n * For more details, please refer to the docs: https://clerk.com/docs/reference/nextjs/clerk-middleware\n */\ninterface ClerkMiddleware {\n /**\n * @example\n * export default clerkMiddleware((auth, request, event) => { ... }, options);\n */\n (handler: ClerkMiddlewareHandler, options?: ClerkMiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware((auth, request, event) => { ... }, (req) => options);\n */\n (handler: ClerkMiddlewareHandler, options?: ClerkMiddlewareOptionsCallback): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware(options);\n */\n (options?: ClerkMiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware;\n */\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\n}\n\n/**\n * The `clerkMiddleware()` helper integrates Clerk authentication into your Next.js application through Middleware. `clerkMiddleware()` is compatible with both the App and Pages routers.\n */\nexport const clerkMiddleware = ((...args: unknown[]): NextMiddleware | NextMiddlewareReturn => {\n const [request, event] = parseRequestAndEvent(args);\n const [handler, params] = parseHandlerAndOptions(args);\n\n const middleware = clerkMiddlewareRequestDataStorage.run(clerkMiddlewareRequestDataStore, () => {\n const baseNextMiddleware: NextMiddleware = withLogger('clerkMiddleware', logger => async (request, event) => {\n // Handles the case where `options` is a callback function to dynamically access `NextRequest`\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const publishableKey = assertKey(\n resolvedParams.publishableKey || PUBLISHABLE_KEY || keyless?.publishableKey,\n () => errorThrower.throwMissingPublishableKeyError(),\n );\n\n const secretKey = assertKey(resolvedParams.secretKey || SECRET_KEY || keyless?.secretKey, () =>\n errorThrower.throwMissingSecretKeyError(),\n );\n\n // Handle Frontend API proxy requests early, before authentication\n const requestUrl = new URL(request.nextUrl.href);\n let frontendApiProxyConfig = resolvedParams.frontendApiProxy;\n\n // Auto-detect when no explicit proxy or domain is configured\n const hasExplicitProxyOrDomain = resolvedParams.proxyUrl || PROXY_URL || resolvedParams.domain || DOMAIN;\n if (!frontendApiProxyConfig && !hasExplicitProxyOrDomain && isProductionFromPublishableKey(publishableKey)) {\n if (shouldAutoProxy(requestUrl.hostname)) {\n frontendApiProxyConfig = { enabled: true };\n }\n }\n if (frontendApiProxyConfig) {\n const { enabled, path: proxyPath = DEFAULT_PROXY_PATH } = frontendApiProxyConfig;\n\n // Resolve enabled - either boolean or function\n const isEnabled = typeof enabled === 'function' ? enabled(requestUrl) : enabled;\n\n if (isEnabled && matchProxyPath(request, { proxyPath })) {\n return clerkFrontendApiProxy(request, {\n proxyPath,\n publishableKey,\n secretKey,\n });\n }\n }\n\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\n\n const options = {\n publishableKey,\n secretKey,\n signInUrl,\n signUpUrl,\n ...resolvedParams,\n };\n\n // Propagates the request data to be accessed on the server application runtime from helpers such as `clerkClient`\n clerkMiddlewareRequestDataStore.set('requestData', options);\n const resolvedClerkClient = await clerkClient();\n\n if (options.debug) {\n logger.enable();\n }\n const clerkRequest = createClerkRequest(request);\n logger.debug('options', options);\n logger.debug('url', () => clerkRequest.toJSON());\n\n const authHeader = request.headers.get(constants.Headers.Authorization);\n if (authHeader && authHeader.startsWith('Basic ')) {\n logger.debug('Basic Auth detected');\n }\n\n const cspHeader = request.headers.get(constants.Headers.ContentSecurityPolicy);\n if (cspHeader) {\n logger.debug('Content-Security-Policy detected', () => ({\n value: cspHeader,\n }));\n }\n\n const requestState = await resolvedClerkClient.authenticateRequest(\n clerkRequest,\n createAuthenticateRequestOptions(clerkRequest, options),\n );\n\n return runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n });\n });\n\n const keylessMiddleware: NextMiddleware = async (request, event) => {\n /**\n * This mechanism replaces a full-page reload. Ensures that middleware will re-run and authenticate the request properly without the secret key or publishable key to be missing.\n */\n if (isKeylessSyncRequest(request)) {\n return returnBackFromKeylessSync(request);\n }\n\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const isMissingPublishableKey = !(resolvedParams.publishableKey || PUBLISHABLE_KEY || keyless?.publishableKey);\n const authHeader = getHeader(request, constants.Headers.Authorization)?.replace('Bearer ', '') ?? '';\n\n /**\n * In keyless mode, if the publishable key is missing, let the request through, to render `<ClerkProvider/>` that will resume the flow gracefully.\n */\n if (isMissingPublishableKey && !isMachineTokenByPrefix(authHeader)) {\n const res = NextResponse.next();\n setRequestHeadersOnNextResponse(res, request, {\n [constants.Headers.AuthStatus]: 'signed-out',\n });\n return res;\n }\n\n return baseNextMiddleware(request, event);\n };\n\n const nextMiddleware: NextMiddleware = async (request, event) => {\n if (canUseKeyless) {\n return keylessMiddleware(request, event);\n }\n\n return baseNextMiddleware(request, event);\n };\n\n // If we have a request and event, we're being called as a middleware directly\n // eg, export default clerkMiddleware;\n if (request && event) {\n return nextMiddleware(request, event);\n }\n\n // Otherwise, return a middleware that can be called with a request and event\n // eg, export default clerkMiddleware(auth => { ... });\n return nextMiddleware;\n });\n\n return middleware;\n}) as ClerkMiddleware;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n return [args[0] instanceof Request ? args[0] : undefined, args[0] instanceof Request ? args[1] : undefined] as [\n NextMiddlewareRequestParam | undefined,\n NextMiddlewareEvtParam | undefined,\n ];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n return [\n typeof args[0] === 'function' ? args[0] : undefined,\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\n ] as [ClerkMiddlewareHandler | undefined, ClerkMiddlewareOptions | ClerkMiddlewareOptionsCallback];\n};\n\ntype RunHandlerWithRequestStateArgs = {\n clerkRequest: ClerkRequest;\n request: NextMiddlewareRequestParam;\n event: NextMiddlewareEvtParam;\n requestState: RequestState<'session_token'>;\n handler: ClerkMiddlewareHandler | undefined;\n options: ClerkMiddlewareOptions & {\n publishableKey: string;\n secretKey: string;\n signInUrl: string;\n signUpUrl: string;\n };\n resolvedParams: ClerkMiddlewareOptions;\n keyless: AccountlessApplication | undefined;\n logger: LoggerNoCommit<Logger>;\n};\n\n/**\n * Drives the post-authentication pipeline: handler invocation, CSP, redirects, header propagation,\n * and response decoration. Accepts a pre-computed `requestState` so callers can supply either a\n * real authentication result from `authenticateRequest()` or a synthetic signed-out state\n * (e.g. during keyless bootstrap when no publishable key is available yet).\n */\nasync function runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n}: RunHandlerWithRequestStateArgs): Promise<Response> {\n const { publishableKey, secretKey } = options;\n\n logger.debug('requestState', () => ({\n status: requestState.status,\n headers: JSON.stringify(Object.fromEntries(requestState.headers)),\n reason: requestState.reason,\n }));\n\n const locationHeader = requestState.headers.get(constants.Headers.Location);\n if (locationHeader) {\n handleNetlifyCacheInDevInstance({\n locationHeader,\n requestStateHeaders: requestState.headers,\n publishableKey: requestState.publishableKey,\n });\n\n const res = NextResponse.redirect(requestState.headers.get(constants.Headers.Location) || locationHeader);\n requestState.headers.forEach((value, key) => {\n if (key === constants.Headers.Location) {\n return;\n }\n res.headers.append(key, value);\n });\n return res;\n } else if (requestState.status === AuthStatus.Handshake) {\n throw new Error('Clerk: handshake status without redirect');\n }\n\n const authObject = requestState.toAuth();\n logger.debug('auth', () => ({ auth: authObject, debug: authObject.debug() }));\n\n const redirectToSignIn = createMiddlewareRedirectToSignIn(clerkRequest);\n const redirectToSignUp = createMiddlewareRedirectToSignUp(clerkRequest);\n const protect = await createMiddlewareProtect(clerkRequest, authObject, redirectToSignIn);\n\n const authHandler = createMiddlewareAuthHandler(requestState, redirectToSignIn, redirectToSignUp);\n authHandler.protect = protect;\n\n let handlerResult: Response = NextResponse.next();\n try {\n const userHandlerResult = await clerkMiddlewareRequestDataStorage.run(clerkMiddlewareRequestDataStore, async () =>\n handler?.(authHandler, request, event),\n );\n handlerResult = userHandlerResult || handlerResult;\n } catch (e: any) {\n handlerResult = handleControlFlowErrors(e, clerkRequest, request, requestState);\n }\n if (options.contentSecurityPolicy) {\n const { headers } = createContentSecurityPolicyHeaders(\n (parsePublishableKey(publishableKey)?.frontendApi ?? '').replace('$', ''),\n options.contentSecurityPolicy,\n );\n\n const cspRequestHeaders: Record<string, string> = {};\n headers.forEach(([key, value]) => {\n setHeader(handlerResult, key, value);\n cspRequestHeaders[key] = value;\n });\n\n // Forward CSP headers as request headers so server components\n // can access the nonce via headers()\n setRequestHeadersOnNextResponse(handlerResult, clerkRequest, cspRequestHeaders);\n\n logger.debug('Clerk generated CSP', () => ({\n headers,\n }));\n }\n\n // TODO @nikos: we need to make this more generic\n // and move the logic in clerk/backend\n if (requestState.headers) {\n requestState.headers.forEach((value, key) => {\n if (key === constants.Headers.ContentSecurityPolicy) {\n logger.debug('Content-Security-Policy detected', () => ({\n value,\n }));\n }\n handlerResult.headers.append(key, value);\n });\n }\n\n if (isRedirect(handlerResult)) {\n logger.debug('handlerResult is redirect');\n return serverRedirectWithAuth(clerkRequest, handlerResult, options);\n }\n\n if (options.debug) {\n setRequestHeadersOnNextResponse(handlerResult, clerkRequest, { [constants.Headers.EnableDebug]: 'true' });\n }\n\n const keylessKeysForRequestData =\n // Only pass keyless credentials when there are no explicit keys\n secretKey === keyless?.secretKey\n ? {\n publishableKey: keyless?.publishableKey,\n secretKey: keyless?.secretKey,\n }\n : {};\n\n decorateRequest(\n clerkRequest,\n handlerResult,\n requestState,\n resolvedParams,\n keylessKeysForRequestData,\n authObject.tokenType === 'session_token' ? null : makeAuthObjectSerializable(authObject),\n );\n\n return handlerResult;\n}\n\nconst isKeylessSyncRequest = (request: NextMiddlewareRequestParam) =>\n request.nextUrl.pathname === '/clerk-sync-keyless';\n\nconst returnBackFromKeylessSync = (request: NextMiddlewareRequestParam) => {\n const returnUrl = request.nextUrl.searchParams.get('returnUrl');\n const url = new URL(request.url);\n url.pathname = '';\n\n return NextResponse.redirect(returnUrl || url.toString());\n};\n\ntype AuthenticateRequest = Pick<ClerkClient, 'authenticateRequest'>['authenticateRequest'];\n\nexport const createAuthenticateRequestOptions = (\n clerkRequest: ClerkRequest,\n options: ClerkMiddlewareOptions,\n): Parameters<AuthenticateRequest>[1] => {\n // Auto-derive proxyUrl from frontendApiProxy config if not explicitly set\n let resolvedOptions = options;\n if (options.frontendApiProxy && !options.proxyUrl) {\n const { enabled, path: proxyPath = DEFAULT_PROXY_PATH } = options.frontendApiProxy;\n const requestUrl = new URL(clerkRequest.url);\n const isEnabled = typeof enabled === 'function' ? enabled(requestUrl) : enabled;\n\n if (isEnabled) {\n const derivedProxyUrl = `${requestUrl.origin}${proxyPath}`;\n resolvedOptions = { ...options, proxyUrl: derivedProxyUrl };\n }\n }\n\n return {\n ...resolvedOptions,\n ...handleMultiDomainAndProxy(clerkRequest, resolvedOptions),\n // TODO: Leaving the acceptsToken as 'any' opens up the possibility of\n // an economic attack. We should revisit this and only verify a token\n // when auth() or auth.protect() is invoked.\n acceptsToken: 'any',\n };\n};\n\nconst createMiddlewareRedirectToSignIn = (\n clerkRequest: ClerkRequest,\n): ClerkMiddlewareSessionAuthObject['redirectToSignIn'] => {\n return (opts = {}) => {\n const url = clerkRequest.clerkUrl.toString();\n redirectToSignInError(url, opts.returnBackUrl);\n };\n};\n\nconst createMiddlewareRedirectToSignUp = (\n clerkRequest: ClerkRequest,\n): ClerkMiddlewareSessionAuthObject['redirectToSignUp'] => {\n return (opts = {}) => {\n const url = clerkRequest.clerkUrl.toString();\n redirectToSignUpError(url, opts.returnBackUrl);\n };\n};\n\nconst createMiddlewareProtect = (\n clerkRequest: ClerkRequest,\n rawAuthObject: AuthObject,\n redirectToSignIn: RedirectFun<Response>,\n) => {\n return (async (params: any, options: any) => {\n const notFound = () => nextjsNotFound();\n\n const redirect = (url: string) =>\n nextjsRedirectError(url, {\n redirectUrl: url,\n });\n\n const requestedToken = params?.token || options?.token || TokenType.SessionToken;\n const authObject = getAuthObjectForAcceptedToken({ authObject: rawAuthObject, acceptsToken: requestedToken });\n\n return createProtect({\n request: clerkRequest,\n redirect,\n notFound,\n unauthorized,\n authObject,\n redirectToSignIn,\n })(params, options);\n }) as unknown as Promise<AuthProtect>;\n};\n\n/**\n * Modifies the auth object based on the token type.\n * - For session tokens: adds redirect functions to the auth object\n * - For machine tokens: validates token type and returns appropriate auth object\n */\nconst createMiddlewareAuthHandler = (\n requestState: AuthenticatedState<'session_token'> | UnauthenticatedState<'session_token'>,\n redirectToSignIn: RedirectFun<Response>,\n redirectToSignUp: RedirectFun<Response>,\n): ClerkMiddlewareAuth => {\n const authHandler = async (options?: GetAuthOptions) => {\n const rawAuthObject = requestState.toAuth({ treatPendingAsSignedOut: options?.treatPendingAsSignedOut });\n const acceptsToken = options?.acceptsToken ?? TokenType.SessionToken;\n\n const authObject = getAuthObjectForAcceptedToken({\n authObject: rawAuthObject,\n acceptsToken,\n });\n\n if (authObject.tokenType === TokenType.SessionToken && isTokenTypeAccepted(TokenType.SessionToken, acceptsToken)) {\n return Object.assign(authObject, {\n redirectToSignIn,\n redirectToSignUp,\n });\n }\n\n return authObject;\n };\n\n return authHandler as ClerkMiddlewareAuth;\n};\n\n// Handle errors thrown by protect() and redirectToSignIn() calls,\n// as we want to align the APIs between middleware, pages and route handlers\n// Normally, middleware requires to explicitly return a response, but we want to\n// avoid discrepancies between the APIs as it's easy to miss the `return` statement\n// especially when copy-pasting code from one place to another.\n// This function handles the known errors thrown by the APIs described above,\n// and returns the appropriate response.\nconst handleControlFlowErrors = (\n e: any,\n clerkRequest: ClerkRequest,\n nextRequest: NextRequest,\n requestState: RequestState,\n): Response => {\n if (isMalformedURLError(e)) {\n return new NextResponse(null, { status: 400, statusText: 'Bad Request' });\n }\n\n if (isNextjsUnauthorizedError(e)) {\n const response = new NextResponse(null, { status: 401 });\n\n // RequestState.toAuth() returns a session_token type by default.\n // We need to cast it to the correct type to check for OAuth tokens.\n const authObject = (requestState as RequestState<TokenType>).toAuth();\n if (authObject && authObject.tokenType === TokenType.OAuthToken) {\n // Following MCP spec, we return WWW-Authenticate header on 401 responses\n // to enable OAuth 2.0 authorization server discovery (RFC9728).\n // See https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-1-authorization-server-location\n const publishableKey = parsePublishableKey(requestState.publishableKey);\n return setHeader(\n response,\n 'WWW-Authenticate',\n `Bearer resource_metadata=\"https://${publishableKey?.frontendApi}/.well-known/oauth-protected-resource\"`,\n );\n }\n\n return response;\n }\n\n if (isNextjsNotFoundError(e)) {\n // Rewrite to a bogus URL to force not found error\n return setHeader(\n // This is an internal rewrite purely to trigger a not found error. We do not want Next.js to think that the\n // destination URL is a valid page, so we use `nextRequest.url` as the base for the fake URL, which Next.js\n // understands is an internal URL and won't run middleware against the request.\n NextResponse.rewrite(new URL(`/clerk_${Date.now()}`, nextRequest.url)),\n constants.Headers.AuthReason,\n 'protect-rewrite',\n );\n }\n\n const isRedirectToSignIn = isRedirectToSignInError(e);\n const isRedirectToSignUp = isRedirectToSignUpError(e);\n\n if (isRedirectToSignIn || isRedirectToSignUp) {\n const redirect = createRedirect({\n redirectAdapter,\n baseUrl: clerkRequest.clerkUrl,\n signInUrl: requestState.signInUrl,\n signUpUrl: requestState.signUpUrl,\n publishableKey: requestState.publishableKey,\n sessionStatus: requestState.toAuth()?.sessionStatus,\n isSatellite: requestState.isSatellite,\n });\n\n const { returnBackUrl } = e;\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({ returnBackUrl });\n }\n\n if (isNextjsRedirectError(e)) {\n return redirectAdapter(e.redirectUrl);\n }\n\n throw e;\n};\n"],"mappings":";AAWA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,uBAAuB,oBAAoB,sBAAsB;AAC1E,SAAS,gCAAgC,2BAA2B;AACpE,SAAS,uCAAuC;AAChD,SAAS,2BAA2B;AACpC,SAAS,uBAAuB;AAChC,SAAS,YAAY,sBAAsB;AAE3C,SAAS,oBAAoB;AAI7B,SAAS,YAAY,wBAAwB,iBAAiB;AAE9D,SAAS,kBAAkB;AAC3B,SAAS,qBAAqB;AAC9B,SAAS,mBAAmB;AAC5B,SAAS,QAAQ,WAAW,iBAAiB,YAAY,aAAa,mBAAmB;AACzF,SAA4C,0CAA0C;AACtF,SAAS,oBAAoB;AAC7B,SAAS,iBAAiB;AAC1B,SAAS,6BAA6B;AACtC,SAAS,mCAAmC,uCAAuC;AACnF;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,qBAAqB;AAO9B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AA0EA,MAAM,mBAAmB,IAAI,SAA2D;AAC7F,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,kCAAkC,IAAI,iCAAiC,MAAM;AAC9F,UAAM,qBAAqC,WAAW,mBAAmB,YAAU,OAAOA,UAASC,WAAU;AAE3G,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAE9E,YAAM,UAAU,MAAM,sBAAsB,UAAK;AAxJvD;AAwJ0D,qBAAAA,SAAQ,QAAQ,IAAI,IAAI,MAAxB,mBAA2B;AAAA,OAAK;AAEpF,YAAM,iBAAiB;AAAA,QACrB,eAAe,kBAAkB,oBAAmB,mCAAS;AAAA,QAC7D,MAAM,aAAa,gCAAgC;AAAA,MACrD;AAEA,YAAM,YAAY;AAAA,QAAU,eAAe,aAAa,eAAc,mCAAS;AAAA,QAAW,MACxF,aAAa,2BAA2B;AAAA,MAC1C;AAGA,YAAM,aAAa,IAAI,IAAIA,SAAQ,QAAQ,IAAI;AAC/C,UAAI,yBAAyB,eAAe;AAG5C,YAAM,2BAA2B,eAAe,YAAY,aAAa,eAAe,UAAU;AAClG,UAAI,CAAC,0BAA0B,CAAC,4BAA4B,+BAA+B,cAAc,GAAG;AAC1G,YAAI,gBAAgB,WAAW,QAAQ,GAAG;AACxC,mCAAyB,EAAE,SAAS,KAAK;AAAA,QAC3C;AAAA,MACF;AACA,UAAI,wBAAwB;AAC1B,cAAM,EAAE,SAAS,MAAM,YAAY,mBAAmB,IAAI;AAG1D,cAAM,YAAY,OAAO,YAAY,aAAa,QAAQ,UAAU,IAAI;AAExE,YAAI,aAAa,eAAeA,UAAS,EAAE,UAAU,CAAC,GAAG;AACvD,iBAAO,sBAAsBA,UAAS;AAAA,YACpC;AAAA,YACA;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAEA,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAGA,sCAAgC,IAAI,eAAe,OAAO;AAC1D,YAAM,sBAAsB,MAAM,YAAY;AAE9C,UAAI,QAAQ,OAAO;AACjB,eAAO,OAAO;AAAA,MAChB;AACA,YAAM,eAAe,mBAAmBA,QAAO;AAC/C,aAAO,MAAM,WAAW,OAAO;AAC/B,aAAO,MAAM,OAAO,MAAM,aAAa,OAAO,CAAC;AAE/C,YAAM,aAAaA,SAAQ,QAAQ,IAAI,UAAU,QAAQ,aAAa;AACtE,UAAI,cAAc,WAAW,WAAW,QAAQ,GAAG;AACjD,eAAO,MAAM,qBAAqB;AAAA,MACpC;AAEA,YAAM,YAAYA,SAAQ,QAAQ,IAAI,UAAU,QAAQ,qBAAqB;AAC7E,UAAI,WAAW;AACb,eAAO,MAAM,oCAAoC,OAAO;AAAA,UACtD,OAAO;AAAA,QACT,EAAE;AAAA,MACJ;AAEA,YAAM,eAAe,MAAM,oBAAoB;AAAA,QAC7C;AAAA,QACA,iCAAiC,cAAc,OAAO;AAAA,MACxD;AAEA,aAAO,2BAA2B;AAAA,QAChC;AAAA,QACA,SAAAA;AAAA,QACA,OAAAC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAED,UAAM,oBAAoC,OAAOD,UAASC,WAAU;AAjPxE;AAqPM,UAAI,qBAAqBD,QAAO,GAAG;AACjC,eAAO,0BAA0BA,QAAO;AAAA,MAC1C;AAEA,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOA,QAAO,IAAI;AAC9E,YAAM,UAAU,MAAM,sBAAsB,UAAK;AA1PvD,YAAAE;AA0P0D,gBAAAA,MAAAF,SAAQ,QAAQ,IAAI,IAAI,MAAxB,gBAAAE,IAA2B;AAAA,OAAK;AAEpF,YAAM,0BAA0B,EAAE,eAAe,kBAAkB,oBAAmB,mCAAS;AAC/F,YAAM,cAAa,qBAAUF,UAAS,UAAU,QAAQ,aAAa,MAAlD,mBAAqD,QAAQ,WAAW,QAAxE,YAA+E;AAKlG,UAAI,2BAA2B,CAAC,uBAAuB,UAAU,GAAG;AAClE,cAAM,MAAM,aAAa,KAAK;AAC9B,wCAAgC,KAAKA,UAAS;AAAA,UAC5C,CAAC,UAAU,QAAQ,UAAU,GAAG;AAAA,QAClC,CAAC;AACD,eAAO;AAAA,MACT;AAEA,aAAO,mBAAmBA,UAASC,MAAK;AAAA,IAC1C;AAEA,UAAM,iBAAiC,OAAOD,UAASC,WAAU;AAC/D,UAAI,eAAe;AACjB,eAAO,kBAAkBD,UAASC,MAAK;AAAA,MACzC;AAEA,aAAO,mBAAmBD,UAASC,MAAK;AAAA,IAC1C;AAIA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAIA,WAAO;AAAA,EACT,CAAC;AAED,SAAO;AACT;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO,CAAC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI,QAAW,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI,MAAS;AAI5G;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAyBA,eAAe,2BAA2B;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAsD;AAlVtD;AAmVE,QAAM,EAAE,gBAAgB,UAAU,IAAI;AAEtC,SAAO,MAAM,gBAAgB,OAAO;AAAA,IAClC,QAAQ,aAAa;AAAA,IACrB,SAAS,KAAK,UAAU,OAAO,YAAY,aAAa,OAAO,CAAC;AAAA,IAChE,QAAQ,aAAa;AAAA,EACvB,EAAE;AAEF,QAAM,iBAAiB,aAAa,QAAQ,IAAI,UAAU,QAAQ,QAAQ;AAC1E,MAAI,gBAAgB;AAClB,oCAAgC;AAAA,MAC9B;AAAA,MACA,qBAAqB,aAAa;AAAA,MAClC,gBAAgB,aAAa;AAAA,IAC/B,CAAC;AAED,UAAM,MAAM,aAAa,SAAS,aAAa,QAAQ,IAAI,UAAU,QAAQ,QAAQ,KAAK,cAAc;AACxG,iBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,UAAI,QAAQ,UAAU,QAAQ,UAAU;AACtC;AAAA,MACF;AACA,UAAI,QAAQ,OAAO,KAAK,KAAK;AAAA,IAC/B,CAAC;AACD,WAAO;AAAA,EACT,WAAW,aAAa,WAAW,WAAW,WAAW;AACvD,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AAEA,QAAM,aAAa,aAAa,OAAO;AACvC,SAAO,MAAM,QAAQ,OAAO,EAAE,MAAM,YAAY,OAAO,WAAW,MAAM,EAAE,EAAE;AAE5E,QAAM,mBAAmB,iCAAiC,YAAY;AACtE,QAAM,mBAAmB,iCAAiC,YAAY;AACtE,QAAM,UAAU,MAAM,wBAAwB,cAAc,YAAY,gBAAgB;AAExF,QAAM,cAAc,4BAA4B,cAAc,kBAAkB,gBAAgB;AAChG,cAAY,UAAU;AAEtB,MAAI,gBAA0B,aAAa,KAAK;AAChD,MAAI;AACF,UAAM,oBAAoB,MAAM,kCAAkC;AAAA,MAAI;AAAA,MAAiC,YACrG,mCAAU,aAAa,SAAS;AAAA,IAClC;AACA,oBAAgB,qBAAqB;AAAA,EACvC,SAAS,GAAQ;AACf,oBAAgB,wBAAwB,GAAG,cAAc,SAAS,YAAY;AAAA,EAChF;AACA,MAAI,QAAQ,uBAAuB;AACjC,UAAM,EAAE,QAAQ,IAAI;AAAA,QACjB,+BAAoB,cAAc,MAAlC,mBAAqC,gBAArC,YAAoD,IAAI,QAAQ,KAAK,EAAE;AAAA,MACxE,QAAQ;AAAA,IACV;AAEA,UAAM,oBAA4C,CAAC;AACnD,YAAQ,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChC,gBAAU,eAAe,KAAK,KAAK;AACnC,wBAAkB,GAAG,IAAI;AAAA,IAC3B,CAAC;AAID,oCAAgC,eAAe,cAAc,iBAAiB;AAE9E,WAAO,MAAM,uBAAuB,OAAO;AAAA,MACzC;AAAA,IACF,EAAE;AAAA,EACJ;AAIA,MAAI,aAAa,SAAS;AACxB,iBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,UAAI,QAAQ,UAAU,QAAQ,uBAAuB;AACnD,eAAO,MAAM,oCAAoC,OAAO;AAAA,UACtD;AAAA,QACF,EAAE;AAAA,MACJ;AACA,oBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,IACzC,CAAC;AAAA,EACH;AAEA,MAAI,WAAW,aAAa,GAAG;AAC7B,WAAO,MAAM,2BAA2B;AACxC,WAAO,uBAAuB,cAAc,eAAe,OAAO;AAAA,EACpE;AAEA,MAAI,QAAQ,OAAO;AACjB,oCAAgC,eAAe,cAAc,EAAE,CAAC,UAAU,QAAQ,WAAW,GAAG,OAAO,CAAC;AAAA,EAC1G;AAEA,QAAM;AAAA;AAAA,IAEJ,eAAc,mCAAS,aACnB;AAAA,MACE,gBAAgB,mCAAS;AAAA,MACzB,WAAW,mCAAS;AAAA,IACtB,IACA,CAAC;AAAA;AAEP;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,cAAc,kBAAkB,OAAO,2BAA2B,UAAU;AAAA,EACzF;AAEA,SAAO;AACT;AAEA,MAAM,uBAAuB,CAAC,YAC5B,QAAQ,QAAQ,aAAa;AAE/B,MAAM,4BAA4B,CAAC,YAAwC;AACzE,QAAM,YAAY,QAAQ,QAAQ,aAAa,IAAI,WAAW;AAC9D,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,MAAI,WAAW;AAEf,SAAO,aAAa,SAAS,aAAa,IAAI,SAAS,CAAC;AAC1D;AAIO,MAAM,mCAAmC,CAC9C,cACA,YACuC;AAEvC,MAAI,kBAAkB;AACtB,MAAI,QAAQ,oBAAoB,CAAC,QAAQ,UAAU;AACjD,UAAM,EAAE,SAAS,MAAM,YAAY,mBAAmB,IAAI,QAAQ;AAClE,UAAM,aAAa,IAAI,IAAI,aAAa,GAAG;AAC3C,UAAM,YAAY,OAAO,YAAY,aAAa,QAAQ,UAAU,IAAI;AAExE,QAAI,WAAW;AACb,YAAM,kBAAkB,GAAG,WAAW,MAAM,GAAG,SAAS;AACxD,wBAAkB,EAAE,GAAG,SAAS,UAAU,gBAAgB;AAAA,IAC5D;AAAA,EACF;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG,0BAA0B,cAAc,eAAe;AAAA;AAAA;AAAA;AAAA,IAI1D,cAAc;AAAA,EAChB;AACF;AAEA,MAAM,mCAAmC,CACvC,iBACyD;AACzD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,aAAa,SAAS,SAAS;AAC3C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAEA,MAAM,mCAAmC,CACvC,iBACyD;AACzD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,aAAa,SAAS,SAAS;AAC3C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAEA,MAAM,0BAA0B,CAC9B,cACA,eACA,qBACG;AACH,UAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,MAAM,eAAe;AAEtC,UAAM,WAAW,CAAC,QAChB,oBAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,UAAM,kBAAiB,iCAAQ,WAAS,mCAAS,UAAS,UAAU;AACpE,UAAM,aAAa,8BAA8B,EAAE,YAAY,eAAe,cAAc,eAAe,CAAC;AAE5G,WAAO,cAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAOA,MAAM,8BAA8B,CAClC,cACA,kBACA,qBACwB;AACxB,QAAM,cAAc,OAAO,YAA6B;AAjiB1D;AAkiBI,UAAM,gBAAgB,aAAa,OAAO,EAAE,yBAAyB,mCAAS,wBAAwB,CAAC;AACvG,UAAM,gBAAe,wCAAS,iBAAT,YAAyB,UAAU;AAExD,UAAM,aAAa,8BAA8B;AAAA,MAC/C,YAAY;AAAA,MACZ;AAAA,IACF,CAAC;AAED,QAAI,WAAW,cAAc,UAAU,gBAAgB,oBAAoB,UAAU,cAAc,YAAY,GAAG;AAChH,aAAO,OAAO,OAAO,YAAY;AAAA,QAC/B;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AASA,MAAM,0BAA0B,CAC9B,GACA,cACA,aACA,iBACa;AAnkBf;AAokBE,MAAI,oBAAoB,CAAC,GAAG;AAC1B,WAAO,IAAI,aAAa,MAAM,EAAE,QAAQ,KAAK,YAAY,cAAc,CAAC;AAAA,EAC1E;AAEA,MAAI,0BAA0B,CAAC,GAAG;AAChC,UAAM,WAAW,IAAI,aAAa,MAAM,EAAE,QAAQ,IAAI,CAAC;AAIvD,UAAM,aAAc,aAAyC,OAAO;AACpE,QAAI,cAAc,WAAW,cAAc,UAAU,YAAY;AAI/D,YAAM,iBAAiB,oBAAoB,aAAa,cAAc;AACtE,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,qCAAqC,iDAAgB,WAAW;AAAA,MAClE;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,MAAI,sBAAsB,CAAC,GAAG;AAE5B,WAAO;AAAA;AAAA;AAAA;AAAA,MAIL,aAAa,QAAQ,IAAI,IAAI,UAAU,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACrE,UAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,qBAAqB,wBAAwB,CAAC;AACpD,QAAM,qBAAqB,wBAAwB,CAAC;AAEpD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,WAAW,eAAe;AAAA,MAC9B;AAAA,MACA,SAAS,aAAa;AAAA,MACtB,WAAW,aAAa;AAAA,MACxB,WAAW,aAAa;AAAA,MACxB,gBAAgB,aAAa;AAAA,MAC7B,gBAAe,kBAAa,OAAO,MAApB,mBAAuB;AAAA,MACtC,aAAa,aAAa;AAAA,IAC5B,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAC1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE,EAAE,cAAc,CAAC;AAAA,EACjG;AAEA,MAAI,sBAAsB,CAAC,GAAG;AAC5B,WAAO,gBAAgB,EAAE,WAAW;AAAA,EACtC;AAEA,QAAM;AACR;","names":["request","event","_a"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/clerkMiddleware.ts"],"sourcesContent":["import type { AccountlessApplication, AuthObject, ClerkClient } from '@clerk/backend';\nimport type {\n AuthenticatedState,\n AuthenticateRequestOptions,\n ClerkRequest,\n RedirectFun,\n RequestState,\n SignedInAuthObject,\n SignedOutAuthObject,\n UnauthenticatedState,\n} from '@clerk/backend/internal';\nimport {\n AuthStatus,\n constants,\n createBootstrapSignedOutState,\n createClerkRequest,\n createRedirect,\n getAuthObjectForAcceptedToken,\n isMachineTokenByPrefix,\n isTokenTypeAccepted,\n makeAuthObjectSerializable,\n TokenType,\n} from '@clerk/backend/internal';\nimport { clerkFrontendApiProxy, DEFAULT_PROXY_PATH, matchProxyPath } from '@clerk/backend/proxy';\nimport { isProductionFromPublishableKey, parsePublishableKey } from '@clerk/shared/keys';\nimport { handleNetlifyCacheInDevInstance } from '@clerk/shared/netlifyCacheHandler';\nimport { isMalformedURLError } from '@clerk/shared/pathMatcher';\nimport { shouldAutoProxy } from '@clerk/shared/proxy';\nimport { notFound as nextjsNotFound } from 'next/navigation';\nimport type { NextMiddleware, NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\n\nimport type { AuthFn } from '../app-router/server/auth';\nimport type { GetAuthOptions } from '../server/createGetAuth';\nimport { isRedirect, serverRedirectWithAuth, setHeader } from '../utils';\nimport type { Logger, LoggerNoCommit } from '../utils/debugLogger';\nimport { withLogger } from '../utils/debugLogger';\nimport { canUseKeyless } from '../utils/feature-flags';\nimport { clerkClient } from './clerkClient';\nimport { DOMAIN, PROXY_URL, PUBLISHABLE_KEY, SECRET_KEY, SIGN_IN_URL, SIGN_UP_URL } from './constants';\nimport { type ContentSecurityPolicyOptions, createContentSecurityPolicyHeaders } from './content-security-policy';\nimport { errorThrower } from './errorThrower';\nimport { getHeader } from './headers-utils';\nimport { getKeylessCookieValue } from './keyless';\nimport { clerkMiddlewareRequestDataStorage, clerkMiddlewareRequestDataStore } from './middleware-storage';\nimport {\n isNextjsNotFoundError,\n isNextjsRedirectError,\n isNextjsUnauthorizedError,\n isRedirectToSignInError,\n isRedirectToSignUpError,\n nextjsRedirectError,\n redirectToSignInError,\n redirectToSignUpError,\n unauthorized,\n} from './nextErrors';\nimport type { AuthProtect } from './protect';\nimport { createProtect } from './protect';\nimport type {\n FrontendApiProxyOptions,\n NextMiddlewareEvtParam,\n NextMiddlewareRequestParam,\n NextMiddlewareReturn,\n} from './types';\nimport {\n assertKey,\n decorateRequest,\n handleMultiDomainAndProxy,\n redirectAdapter,\n setRequestHeadersOnNextResponse,\n} from './utils';\n\nexport type ClerkMiddlewareSessionAuthObject = (SignedInAuthObject | SignedOutAuthObject) & {\n redirectToSignIn: RedirectFun<Response>;\n redirectToSignUp: RedirectFun<Response>;\n};\n\nexport type ClerkMiddlewareAuth = AuthFn;\n\ntype ClerkMiddlewareHandler = (\n auth: ClerkMiddlewareAuth,\n request: NextMiddlewareRequestParam,\n event: NextMiddlewareEvtParam,\n) => NextMiddlewareReturn;\n\ntype AuthenticateAnyRequestOptions = Omit<AuthenticateRequestOptions, 'acceptsToken'>;\n\n/**\n * The `clerkMiddleware()` function accepts an optional object. The following options are available.\n * @interface\n */\nexport interface ClerkMiddlewareOptions extends AuthenticateAnyRequestOptions {\n /**\n * If true, additional debug information will be logged to the console.\n */\n debug?: boolean;\n\n /**\n * When set, automatically injects a Content-Security-Policy header(s) compatible with Clerk.\n */\n contentSecurityPolicy?: ContentSecurityPolicyOptions;\n\n /**\n * When set, enables the middleware to proxy Frontend API requests to Clerk.\n * This is useful when direct communication with Clerk's API is blocked.\n */\n frontendApiProxy?: FrontendApiProxyOptions;\n}\n\ntype ClerkMiddlewareOptionsCallback = (req: NextRequest) => ClerkMiddlewareOptions | Promise<ClerkMiddlewareOptions>;\n\n/**\n * Middleware for Next.js that handles authentication and authorization with Clerk.\n * For more details, please refer to the docs: https://clerk.com/docs/reference/nextjs/clerk-middleware\n */\ninterface ClerkMiddleware {\n /**\n * @example\n * export default clerkMiddleware((auth, request, event) => { ... }, options);\n */\n (handler: ClerkMiddlewareHandler, options?: ClerkMiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware((auth, request, event) => { ... }, (req) => options);\n */\n (handler: ClerkMiddlewareHandler, options?: ClerkMiddlewareOptionsCallback): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware(options);\n */\n (options?: ClerkMiddlewareOptions): NextMiddleware;\n\n /**\n * @example\n * export default clerkMiddleware;\n */\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\n}\n\n/**\n * The `clerkMiddleware()` helper integrates Clerk authentication into your Next.js application through Middleware. `clerkMiddleware()` is compatible with both the App and Pages routers.\n */\nexport const clerkMiddleware = ((...args: unknown[]): NextMiddleware | NextMiddlewareReturn => {\n const [request, event] = parseRequestAndEvent(args);\n const [handler, params] = parseHandlerAndOptions(args);\n\n const middleware = clerkMiddlewareRequestDataStorage.run(clerkMiddlewareRequestDataStore, () => {\n const baseNextMiddleware: NextMiddleware = withLogger('clerkMiddleware', logger => async (request, event) => {\n // Handles the case where `options` is a callback function to dynamically access `NextRequest`\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const publishableKey = assertKey(\n resolvedParams.publishableKey || PUBLISHABLE_KEY || keyless?.publishableKey,\n () => errorThrower.throwMissingPublishableKeyError(),\n );\n\n const secretKey = assertKey(resolvedParams.secretKey || SECRET_KEY || keyless?.secretKey, () =>\n errorThrower.throwMissingSecretKeyError(),\n );\n\n // Handle Frontend API proxy requests early, before authentication\n const requestUrl = new URL(request.nextUrl.href);\n let frontendApiProxyConfig = resolvedParams.frontendApiProxy;\n\n // Auto-detect when no explicit proxy or domain is configured\n const hasExplicitProxyOrDomain = resolvedParams.proxyUrl || PROXY_URL || resolvedParams.domain || DOMAIN;\n if (!frontendApiProxyConfig && !hasExplicitProxyOrDomain && isProductionFromPublishableKey(publishableKey)) {\n if (shouldAutoProxy(requestUrl.hostname)) {\n frontendApiProxyConfig = { enabled: true };\n }\n }\n if (frontendApiProxyConfig) {\n const { enabled, path: proxyPath = DEFAULT_PROXY_PATH } = frontendApiProxyConfig;\n\n // Resolve enabled - either boolean or function\n const isEnabled = typeof enabled === 'function' ? enabled(requestUrl) : enabled;\n\n if (isEnabled && matchProxyPath(request, { proxyPath })) {\n return clerkFrontendApiProxy(request, {\n proxyPath,\n publishableKey,\n secretKey,\n });\n }\n }\n\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\n\n const options = {\n publishableKey,\n secretKey,\n signInUrl,\n signUpUrl,\n ...resolvedParams,\n };\n\n // Propagates the request data to be accessed on the server application runtime from helpers such as `clerkClient`\n clerkMiddlewareRequestDataStore.set('requestData', options);\n const resolvedClerkClient = await clerkClient();\n\n if (options.debug) {\n logger.enable();\n }\n const clerkRequest = createClerkRequest(request);\n logger.debug('options', options);\n logger.debug('url', () => clerkRequest.toJSON());\n\n const authHeader = request.headers.get(constants.Headers.Authorization);\n if (authHeader && authHeader.startsWith('Basic ')) {\n logger.debug('Basic Auth detected');\n }\n\n const cspHeader = request.headers.get(constants.Headers.ContentSecurityPolicy);\n if (cspHeader) {\n logger.debug('Content-Security-Policy detected', () => ({\n value: cspHeader,\n }));\n }\n\n const requestState = await resolvedClerkClient.authenticateRequest(\n clerkRequest,\n createAuthenticateRequestOptions(clerkRequest, options),\n );\n\n return runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n });\n });\n\n /**\n * Runs the user's handler against a synthetic signed-out `RequestState` during the keyless\n * bootstrap window, so authorization fails closed until a publishable key is provisioned.\n */\n const bootstrapNextMiddleware: NextMiddleware = withLogger('clerkMiddleware', logger => async (request, event) => {\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL || '';\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL || '';\n\n const options = {\n publishableKey: '',\n secretKey: '',\n signInUrl,\n signUpUrl,\n ...resolvedParams,\n };\n\n clerkMiddlewareRequestDataStore.set('requestData', options);\n\n if (options.debug) {\n logger.enable();\n }\n\n const clerkRequest = createClerkRequest(request);\n logger.debug('keyless bootstrap (no publishable key)', () => ({ signInUrl, signUpUrl }));\n logger.debug('url', () => clerkRequest.toJSON());\n\n const requestState = createBootstrapSignedOutState({ signInUrl, signUpUrl });\n\n return runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n });\n });\n\n const keylessMiddleware: NextMiddleware = async (request, event) => {\n /**\n * This mechanism replaces a full-page reload. Ensures that middleware will re-run and authenticate the request properly without the secret key or publishable key to be missing.\n */\n if (isKeylessSyncRequest(request)) {\n return returnBackFromKeylessSync(request);\n }\n\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\n const keyless = await getKeylessCookieValue(name => request.cookies.get(name)?.value);\n\n const isMissingPublishableKey = !(resolvedParams.publishableKey || PUBLISHABLE_KEY || keyless?.publishableKey);\n const authHeader = getHeader(request, constants.Headers.Authorization)?.replace('Bearer ', '') ?? '';\n\n if (isMissingPublishableKey && !isMachineTokenByPrefix(authHeader)) {\n return bootstrapNextMiddleware(request, event);\n }\n\n return baseNextMiddleware(request, event);\n };\n\n const nextMiddleware: NextMiddleware = async (request, event) => {\n if (canUseKeyless) {\n return keylessMiddleware(request, event);\n }\n\n return baseNextMiddleware(request, event);\n };\n\n // If we have a request and event, we're being called as a middleware directly\n // eg, export default clerkMiddleware;\n if (request && event) {\n return nextMiddleware(request, event);\n }\n\n // Otherwise, return a middleware that can be called with a request and event\n // eg, export default clerkMiddleware(auth => { ... });\n return nextMiddleware;\n });\n\n return middleware;\n}) as ClerkMiddleware;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n return [args[0] instanceof Request ? args[0] : undefined, args[0] instanceof Request ? args[1] : undefined] as [\n NextMiddlewareRequestParam | undefined,\n NextMiddlewareEvtParam | undefined,\n ];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n return [\n typeof args[0] === 'function' ? args[0] : undefined,\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\n ] as [ClerkMiddlewareHandler | undefined, ClerkMiddlewareOptions | ClerkMiddlewareOptionsCallback];\n};\n\ntype RunHandlerWithRequestStateArgs = {\n clerkRequest: ClerkRequest;\n request: NextMiddlewareRequestParam;\n event: NextMiddlewareEvtParam;\n requestState: RequestState<'session_token'>;\n handler: ClerkMiddlewareHandler | undefined;\n options: ClerkMiddlewareOptions & {\n publishableKey: string;\n secretKey: string;\n signInUrl: string;\n signUpUrl: string;\n };\n resolvedParams: ClerkMiddlewareOptions;\n keyless: AccountlessApplication | undefined;\n logger: LoggerNoCommit<Logger>;\n};\n\n/**\n * Drives the post-authentication pipeline: handler invocation, CSP, redirects, header propagation,\n * and response decoration. Accepts a pre-computed `requestState` so callers can supply either a\n * real authentication result from `authenticateRequest()` or a synthetic signed-out state\n * (e.g. during keyless bootstrap when no publishable key is available yet).\n */\nasync function runHandlerWithRequestState({\n clerkRequest,\n request,\n event,\n requestState,\n handler,\n options,\n resolvedParams,\n keyless,\n logger,\n}: RunHandlerWithRequestStateArgs): Promise<Response> {\n const { publishableKey, secretKey } = options;\n\n logger.debug('requestState', () => ({\n status: requestState.status,\n headers: JSON.stringify(Object.fromEntries(requestState.headers)),\n reason: requestState.reason,\n }));\n\n const locationHeader = requestState.headers.get(constants.Headers.Location);\n if (locationHeader) {\n handleNetlifyCacheInDevInstance({\n locationHeader,\n requestStateHeaders: requestState.headers,\n publishableKey: requestState.publishableKey,\n });\n\n const res = NextResponse.redirect(requestState.headers.get(constants.Headers.Location) || locationHeader);\n requestState.headers.forEach((value, key) => {\n if (key === constants.Headers.Location) {\n return;\n }\n res.headers.append(key, value);\n });\n return res;\n } else if (requestState.status === AuthStatus.Handshake) {\n throw new Error('Clerk: handshake status without redirect');\n }\n\n const authObject = requestState.toAuth();\n logger.debug('auth', () => ({ auth: authObject, debug: authObject.debug() }));\n\n const redirectToSignIn = createMiddlewareRedirectToSignIn(clerkRequest);\n const redirectToSignUp = createMiddlewareRedirectToSignUp(clerkRequest);\n const protect = await createMiddlewareProtect(clerkRequest, authObject, redirectToSignIn);\n\n const authHandler = createMiddlewareAuthHandler(requestState, redirectToSignIn, redirectToSignUp);\n authHandler.protect = protect;\n\n let handlerResult: Response = NextResponse.next();\n try {\n const userHandlerResult = await clerkMiddlewareRequestDataStorage.run(clerkMiddlewareRequestDataStore, async () =>\n handler?.(authHandler, request, event),\n );\n handlerResult = userHandlerResult || handlerResult;\n } catch (e: any) {\n handlerResult = handleControlFlowErrors(e, clerkRequest, request, requestState);\n }\n if (options.contentSecurityPolicy) {\n const { headers } = createContentSecurityPolicyHeaders(\n (parsePublishableKey(publishableKey)?.frontendApi ?? '').replace('$', ''),\n options.contentSecurityPolicy,\n );\n\n const cspRequestHeaders: Record<string, string> = {};\n headers.forEach(([key, value]) => {\n setHeader(handlerResult, key, value);\n cspRequestHeaders[key] = value;\n });\n\n // Forward CSP headers as request headers so server components\n // can access the nonce via headers()\n setRequestHeadersOnNextResponse(handlerResult, clerkRequest, cspRequestHeaders);\n\n logger.debug('Clerk generated CSP', () => ({\n headers,\n }));\n }\n\n // TODO @nikos: we need to make this more generic\n // and move the logic in clerk/backend\n if (requestState.headers) {\n requestState.headers.forEach((value, key) => {\n if (key === constants.Headers.ContentSecurityPolicy) {\n logger.debug('Content-Security-Policy detected', () => ({\n value,\n }));\n }\n handlerResult.headers.append(key, value);\n });\n }\n\n if (isRedirect(handlerResult)) {\n logger.debug('handlerResult is redirect');\n return serverRedirectWithAuth(clerkRequest, handlerResult, options);\n }\n\n if (options.debug) {\n setRequestHeadersOnNextResponse(handlerResult, clerkRequest, { [constants.Headers.EnableDebug]: 'true' });\n }\n\n const keylessKeysForRequestData =\n // Only pass keyless credentials when there are no explicit keys\n secretKey === keyless?.secretKey\n ? {\n publishableKey: keyless?.publishableKey,\n secretKey: keyless?.secretKey,\n }\n : {};\n\n decorateRequest(\n clerkRequest,\n handlerResult,\n requestState,\n resolvedParams,\n keylessKeysForRequestData,\n authObject.tokenType === 'session_token' ? null : makeAuthObjectSerializable(authObject),\n );\n\n return handlerResult;\n}\n\nconst isKeylessSyncRequest = (request: NextMiddlewareRequestParam) =>\n request.nextUrl.pathname === '/clerk-sync-keyless';\n\nconst returnBackFromKeylessSync = (request: NextMiddlewareRequestParam) => {\n const returnUrl = request.nextUrl.searchParams.get('returnUrl');\n const url = new URL(request.url);\n url.pathname = '';\n\n return NextResponse.redirect(returnUrl || url.toString());\n};\n\ntype AuthenticateRequest = Pick<ClerkClient, 'authenticateRequest'>['authenticateRequest'];\n\nexport const createAuthenticateRequestOptions = (\n clerkRequest: ClerkRequest,\n options: ClerkMiddlewareOptions,\n): Parameters<AuthenticateRequest>[1] => {\n // Auto-derive proxyUrl from frontendApiProxy config if not explicitly set\n let resolvedOptions = options;\n if (options.frontendApiProxy && !options.proxyUrl) {\n const { enabled, path: proxyPath = DEFAULT_PROXY_PATH } = options.frontendApiProxy;\n const requestUrl = new URL(clerkRequest.url);\n const isEnabled = typeof enabled === 'function' ? enabled(requestUrl) : enabled;\n\n if (isEnabled) {\n const derivedProxyUrl = `${requestUrl.origin}${proxyPath}`;\n resolvedOptions = { ...options, proxyUrl: derivedProxyUrl };\n }\n }\n\n return {\n ...resolvedOptions,\n ...handleMultiDomainAndProxy(clerkRequest, resolvedOptions),\n // TODO: Leaving the acceptsToken as 'any' opens up the possibility of\n // an economic attack. We should revisit this and only verify a token\n // when auth() or auth.protect() is invoked.\n acceptsToken: 'any',\n };\n};\n\nconst createMiddlewareRedirectToSignIn = (\n clerkRequest: ClerkRequest,\n): ClerkMiddlewareSessionAuthObject['redirectToSignIn'] => {\n return (opts = {}) => {\n const url = clerkRequest.clerkUrl.toString();\n redirectToSignInError(url, opts.returnBackUrl);\n };\n};\n\nconst createMiddlewareRedirectToSignUp = (\n clerkRequest: ClerkRequest,\n): ClerkMiddlewareSessionAuthObject['redirectToSignUp'] => {\n return (opts = {}) => {\n const url = clerkRequest.clerkUrl.toString();\n redirectToSignUpError(url, opts.returnBackUrl);\n };\n};\n\nconst createMiddlewareProtect = (\n clerkRequest: ClerkRequest,\n rawAuthObject: AuthObject,\n redirectToSignIn: RedirectFun<Response>,\n) => {\n return (async (params: any, options: any) => {\n const notFound = () => nextjsNotFound();\n\n const redirect = (url: string) =>\n nextjsRedirectError(url, {\n redirectUrl: url,\n });\n\n const requestedToken = params?.token || options?.token || TokenType.SessionToken;\n const authObject = getAuthObjectForAcceptedToken({ authObject: rawAuthObject, acceptsToken: requestedToken });\n\n return createProtect({\n request: clerkRequest,\n redirect,\n notFound,\n unauthorized,\n authObject,\n redirectToSignIn,\n })(params, options);\n }) as unknown as Promise<AuthProtect>;\n};\n\n/**\n * Modifies the auth object based on the token type.\n * - For session tokens: adds redirect functions to the auth object\n * - For machine tokens: validates token type and returns appropriate auth object\n */\nconst createMiddlewareAuthHandler = (\n requestState: AuthenticatedState<'session_token'> | UnauthenticatedState<'session_token'>,\n redirectToSignIn: RedirectFun<Response>,\n redirectToSignUp: RedirectFun<Response>,\n): ClerkMiddlewareAuth => {\n const authHandler = async (options?: GetAuthOptions) => {\n const rawAuthObject = requestState.toAuth({ treatPendingAsSignedOut: options?.treatPendingAsSignedOut });\n const acceptsToken = options?.acceptsToken ?? TokenType.SessionToken;\n\n const authObject = getAuthObjectForAcceptedToken({\n authObject: rawAuthObject,\n acceptsToken,\n });\n\n if (authObject.tokenType === TokenType.SessionToken && isTokenTypeAccepted(TokenType.SessionToken, acceptsToken)) {\n return Object.assign(authObject, {\n redirectToSignIn,\n redirectToSignUp,\n });\n }\n\n return authObject;\n };\n\n return authHandler as ClerkMiddlewareAuth;\n};\n\n// Handle errors thrown by protect() and redirectToSignIn() calls,\n// as we want to align the APIs between middleware, pages and route handlers\n// Normally, middleware requires to explicitly return a response, but we want to\n// avoid discrepancies between the APIs as it's easy to miss the `return` statement\n// especially when copy-pasting code from one place to another.\n// This function handles the known errors thrown by the APIs described above,\n// and returns the appropriate response.\nconst handleControlFlowErrors = (\n e: any,\n clerkRequest: ClerkRequest,\n nextRequest: NextRequest,\n requestState: RequestState,\n): Response => {\n if (isMalformedURLError(e)) {\n return new NextResponse(null, { status: 400, statusText: 'Bad Request' });\n }\n\n if (isNextjsUnauthorizedError(e)) {\n const response = new NextResponse(null, { status: 401 });\n\n // RequestState.toAuth() returns a session_token type by default.\n // We need to cast it to the correct type to check for OAuth tokens.\n const authObject = (requestState as RequestState<TokenType>).toAuth();\n if (authObject && authObject.tokenType === TokenType.OAuthToken) {\n // Following MCP spec, we return WWW-Authenticate header on 401 responses\n // to enable OAuth 2.0 authorization server discovery (RFC9728).\n // See https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-1-authorization-server-location\n const publishableKey = parsePublishableKey(requestState.publishableKey);\n return setHeader(\n response,\n 'WWW-Authenticate',\n `Bearer resource_metadata=\"https://${publishableKey?.frontendApi}/.well-known/oauth-protected-resource\"`,\n );\n }\n\n return response;\n }\n\n if (isNextjsNotFoundError(e)) {\n // Rewrite to a bogus URL to force not found error\n return setHeader(\n // This is an internal rewrite purely to trigger a not found error. We do not want Next.js to think that the\n // destination URL is a valid page, so we use `nextRequest.url` as the base for the fake URL, which Next.js\n // understands is an internal URL and won't run middleware against the request.\n NextResponse.rewrite(new URL(`/clerk_${Date.now()}`, nextRequest.url)),\n constants.Headers.AuthReason,\n 'protect-rewrite',\n );\n }\n\n const isRedirectToSignIn = isRedirectToSignInError(e);\n const isRedirectToSignUp = isRedirectToSignUpError(e);\n\n if (isRedirectToSignIn || isRedirectToSignUp) {\n const redirect = createRedirect({\n redirectAdapter,\n baseUrl: clerkRequest.clerkUrl,\n signInUrl: requestState.signInUrl,\n signUpUrl: requestState.signUpUrl,\n publishableKey: requestState.publishableKey,\n sessionStatus: requestState.toAuth()?.sessionStatus,\n isSatellite: requestState.isSatellite,\n });\n\n const { returnBackUrl } = e;\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({ returnBackUrl });\n }\n\n if (isNextjsRedirectError(e)) {\n return redirectAdapter(e.redirectUrl);\n }\n\n throw e;\n};\n"],"mappings":";AAWA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,uBAAuB,oBAAoB,sBAAsB;AAC1E,SAAS,gCAAgC,2BAA2B;AACpE,SAAS,uCAAuC;AAChD,SAAS,2BAA2B;AACpC,SAAS,uBAAuB;AAChC,SAAS,YAAY,sBAAsB;AAE3C,SAAS,oBAAoB;AAI7B,SAAS,YAAY,wBAAwB,iBAAiB;AAE9D,SAAS,kBAAkB;AAC3B,SAAS,qBAAqB;AAC9B,SAAS,mBAAmB;AAC5B,SAAS,QAAQ,WAAW,iBAAiB,YAAY,aAAa,mBAAmB;AACzF,SAA4C,0CAA0C;AACtF,SAAS,oBAAoB;AAC7B,SAAS,iBAAiB;AAC1B,SAAS,6BAA6B;AACtC,SAAS,mCAAmC,uCAAuC;AACnF;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,qBAAqB;AAO9B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AA0EA,MAAM,mBAAmB,IAAI,SAA2D;AAC7F,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,kCAAkC,IAAI,iCAAiC,MAAM;AAC9F,UAAM,qBAAqC,WAAW,mBAAmB,YAAU,OAAOA,UAASC,WAAU;AAE3G,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAE9E,YAAM,UAAU,MAAM,sBAAsB,UAAK;AAzJvD;AAyJ0D,qBAAAA,SAAQ,QAAQ,IAAI,IAAI,MAAxB,mBAA2B;AAAA,OAAK;AAEpF,YAAM,iBAAiB;AAAA,QACrB,eAAe,kBAAkB,oBAAmB,mCAAS;AAAA,QAC7D,MAAM,aAAa,gCAAgC;AAAA,MACrD;AAEA,YAAM,YAAY;AAAA,QAAU,eAAe,aAAa,eAAc,mCAAS;AAAA,QAAW,MACxF,aAAa,2BAA2B;AAAA,MAC1C;AAGA,YAAM,aAAa,IAAI,IAAIA,SAAQ,QAAQ,IAAI;AAC/C,UAAI,yBAAyB,eAAe;AAG5C,YAAM,2BAA2B,eAAe,YAAY,aAAa,eAAe,UAAU;AAClG,UAAI,CAAC,0BAA0B,CAAC,4BAA4B,+BAA+B,cAAc,GAAG;AAC1G,YAAI,gBAAgB,WAAW,QAAQ,GAAG;AACxC,mCAAyB,EAAE,SAAS,KAAK;AAAA,QAC3C;AAAA,MACF;AACA,UAAI,wBAAwB;AAC1B,cAAM,EAAE,SAAS,MAAM,YAAY,mBAAmB,IAAI;AAG1D,cAAM,YAAY,OAAO,YAAY,aAAa,QAAQ,UAAU,IAAI;AAExE,YAAI,aAAa,eAAeA,UAAS,EAAE,UAAU,CAAC,GAAG;AACvD,iBAAO,sBAAsBA,UAAS;AAAA,YACpC;AAAA,YACA;AAAA,YACA;AAAA,UACF,CAAC;AAAA,QACH;AAAA,MACF;AAEA,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAGA,sCAAgC,IAAI,eAAe,OAAO;AAC1D,YAAM,sBAAsB,MAAM,YAAY;AAE9C,UAAI,QAAQ,OAAO;AACjB,eAAO,OAAO;AAAA,MAChB;AACA,YAAM,eAAe,mBAAmBA,QAAO;AAC/C,aAAO,MAAM,WAAW,OAAO;AAC/B,aAAO,MAAM,OAAO,MAAM,aAAa,OAAO,CAAC;AAE/C,YAAM,aAAaA,SAAQ,QAAQ,IAAI,UAAU,QAAQ,aAAa;AACtE,UAAI,cAAc,WAAW,WAAW,QAAQ,GAAG;AACjD,eAAO,MAAM,qBAAqB;AAAA,MACpC;AAEA,YAAM,YAAYA,SAAQ,QAAQ,IAAI,UAAU,QAAQ,qBAAqB;AAC7E,UAAI,WAAW;AACb,eAAO,MAAM,oCAAoC,OAAO;AAAA,UACtD,OAAO;AAAA,QACT,EAAE;AAAA,MACJ;AAEA,YAAM,eAAe,MAAM,oBAAoB;AAAA,QAC7C;AAAA,QACA,iCAAiC,cAAc,OAAO;AAAA,MACxD;AAEA,aAAO,2BAA2B;AAAA,QAChC;AAAA,QACA,SAAAA;AAAA,QACA,OAAAC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAMD,UAAM,0BAA0C,WAAW,mBAAmB,YAAU,OAAOD,UAASC,WAAU;AAChH,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAC9E,YAAM,UAAU,MAAM,sBAAsB,UAAK;AAxPvD;AAwP0D,qBAAAA,SAAQ,QAAQ,IAAI,IAAI,MAAxB,mBAA2B;AAAA,OAAK;AAEpF,YAAM,YAAY,eAAe,aAAa,eAAe;AAC7D,YAAM,YAAY,eAAe,aAAa,eAAe;AAE7D,YAAM,UAAU;AAAA,QACd,gBAAgB;AAAA,QAChB,WAAW;AAAA,QACX;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,sCAAgC,IAAI,eAAe,OAAO;AAE1D,UAAI,QAAQ,OAAO;AACjB,eAAO,OAAO;AAAA,MAChB;AAEA,YAAM,eAAe,mBAAmBA,QAAO;AAC/C,aAAO,MAAM,0CAA0C,OAAO,EAAE,WAAW,UAAU,EAAE;AACvF,aAAO,MAAM,OAAO,MAAM,aAAa,OAAO,CAAC;AAE/C,YAAM,eAAe,8BAA8B,EAAE,WAAW,UAAU,CAAC;AAE3E,aAAO,2BAA2B;AAAA,QAChC;AAAA,QACA,SAAAA;AAAA,QACA,OAAAC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAED,UAAM,oBAAoC,OAAOD,UAASC,WAAU;AA9RxE;AAkSM,UAAI,qBAAqBD,QAAO,GAAG;AACjC,eAAO,0BAA0BA,QAAO;AAAA,MAC1C;AAEA,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOA,QAAO,IAAI;AAC9E,YAAM,UAAU,MAAM,sBAAsB,UAAK;AAvSvD,YAAAE;AAuS0D,gBAAAA,MAAAF,SAAQ,QAAQ,IAAI,IAAI,MAAxB,gBAAAE,IAA2B;AAAA,OAAK;AAEpF,YAAM,0BAA0B,EAAE,eAAe,kBAAkB,oBAAmB,mCAAS;AAC/F,YAAM,cAAa,qBAAUF,UAAS,UAAU,QAAQ,aAAa,MAAlD,mBAAqD,QAAQ,WAAW,QAAxE,YAA+E;AAElG,UAAI,2BAA2B,CAAC,uBAAuB,UAAU,GAAG;AAClE,eAAO,wBAAwBA,UAASC,MAAK;AAAA,MAC/C;AAEA,aAAO,mBAAmBD,UAASC,MAAK;AAAA,IAC1C;AAEA,UAAM,iBAAiC,OAAOD,UAASC,WAAU;AAC/D,UAAI,eAAe;AACjB,eAAO,kBAAkBD,UAASC,MAAK;AAAA,MACzC;AAEA,aAAO,mBAAmBD,UAASC,MAAK;AAAA,IAC1C;AAIA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAIA,WAAO;AAAA,EACT,CAAC;AAED,SAAO;AACT;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO,CAAC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI,QAAW,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI,MAAS;AAI5G;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAyBA,eAAe,2BAA2B;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAsD;AAxXtD;AAyXE,QAAM,EAAE,gBAAgB,UAAU,IAAI;AAEtC,SAAO,MAAM,gBAAgB,OAAO;AAAA,IAClC,QAAQ,aAAa;AAAA,IACrB,SAAS,KAAK,UAAU,OAAO,YAAY,aAAa,OAAO,CAAC;AAAA,IAChE,QAAQ,aAAa;AAAA,EACvB,EAAE;AAEF,QAAM,iBAAiB,aAAa,QAAQ,IAAI,UAAU,QAAQ,QAAQ;AAC1E,MAAI,gBAAgB;AAClB,oCAAgC;AAAA,MAC9B;AAAA,MACA,qBAAqB,aAAa;AAAA,MAClC,gBAAgB,aAAa;AAAA,IAC/B,CAAC;AAED,UAAM,MAAM,aAAa,SAAS,aAAa,QAAQ,IAAI,UAAU,QAAQ,QAAQ,KAAK,cAAc;AACxG,iBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,UAAI,QAAQ,UAAU,QAAQ,UAAU;AACtC;AAAA,MACF;AACA,UAAI,QAAQ,OAAO,KAAK,KAAK;AAAA,IAC/B,CAAC;AACD,WAAO;AAAA,EACT,WAAW,aAAa,WAAW,WAAW,WAAW;AACvD,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AAEA,QAAM,aAAa,aAAa,OAAO;AACvC,SAAO,MAAM,QAAQ,OAAO,EAAE,MAAM,YAAY,OAAO,WAAW,MAAM,EAAE,EAAE;AAE5E,QAAM,mBAAmB,iCAAiC,YAAY;AACtE,QAAM,mBAAmB,iCAAiC,YAAY;AACtE,QAAM,UAAU,MAAM,wBAAwB,cAAc,YAAY,gBAAgB;AAExF,QAAM,cAAc,4BAA4B,cAAc,kBAAkB,gBAAgB;AAChG,cAAY,UAAU;AAEtB,MAAI,gBAA0B,aAAa,KAAK;AAChD,MAAI;AACF,UAAM,oBAAoB,MAAM,kCAAkC;AAAA,MAAI;AAAA,MAAiC,YACrG,mCAAU,aAAa,SAAS;AAAA,IAClC;AACA,oBAAgB,qBAAqB;AAAA,EACvC,SAAS,GAAQ;AACf,oBAAgB,wBAAwB,GAAG,cAAc,SAAS,YAAY;AAAA,EAChF;AACA,MAAI,QAAQ,uBAAuB;AACjC,UAAM,EAAE,QAAQ,IAAI;AAAA,QACjB,+BAAoB,cAAc,MAAlC,mBAAqC,gBAArC,YAAoD,IAAI,QAAQ,KAAK,EAAE;AAAA,MACxE,QAAQ;AAAA,IACV;AAEA,UAAM,oBAA4C,CAAC;AACnD,YAAQ,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChC,gBAAU,eAAe,KAAK,KAAK;AACnC,wBAAkB,GAAG,IAAI;AAAA,IAC3B,CAAC;AAID,oCAAgC,eAAe,cAAc,iBAAiB;AAE9E,WAAO,MAAM,uBAAuB,OAAO;AAAA,MACzC;AAAA,IACF,EAAE;AAAA,EACJ;AAIA,MAAI,aAAa,SAAS;AACxB,iBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,UAAI,QAAQ,UAAU,QAAQ,uBAAuB;AACnD,eAAO,MAAM,oCAAoC,OAAO;AAAA,UACtD;AAAA,QACF,EAAE;AAAA,MACJ;AACA,oBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,IACzC,CAAC;AAAA,EACH;AAEA,MAAI,WAAW,aAAa,GAAG;AAC7B,WAAO,MAAM,2BAA2B;AACxC,WAAO,uBAAuB,cAAc,eAAe,OAAO;AAAA,EACpE;AAEA,MAAI,QAAQ,OAAO;AACjB,oCAAgC,eAAe,cAAc,EAAE,CAAC,UAAU,QAAQ,WAAW,GAAG,OAAO,CAAC;AAAA,EAC1G;AAEA,QAAM;AAAA;AAAA,IAEJ,eAAc,mCAAS,aACnB;AAAA,MACE,gBAAgB,mCAAS;AAAA,MACzB,WAAW,mCAAS;AAAA,IACtB,IACA,CAAC;AAAA;AAEP;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,cAAc,kBAAkB,OAAO,2BAA2B,UAAU;AAAA,EACzF;AAEA,SAAO;AACT;AAEA,MAAM,uBAAuB,CAAC,YAC5B,QAAQ,QAAQ,aAAa;AAE/B,MAAM,4BAA4B,CAAC,YAAwC;AACzE,QAAM,YAAY,QAAQ,QAAQ,aAAa,IAAI,WAAW;AAC9D,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,MAAI,WAAW;AAEf,SAAO,aAAa,SAAS,aAAa,IAAI,SAAS,CAAC;AAC1D;AAIO,MAAM,mCAAmC,CAC9C,cACA,YACuC;AAEvC,MAAI,kBAAkB;AACtB,MAAI,QAAQ,oBAAoB,CAAC,QAAQ,UAAU;AACjD,UAAM,EAAE,SAAS,MAAM,YAAY,mBAAmB,IAAI,QAAQ;AAClE,UAAM,aAAa,IAAI,IAAI,aAAa,GAAG;AAC3C,UAAM,YAAY,OAAO,YAAY,aAAa,QAAQ,UAAU,IAAI;AAExE,QAAI,WAAW;AACb,YAAM,kBAAkB,GAAG,WAAW,MAAM,GAAG,SAAS;AACxD,wBAAkB,EAAE,GAAG,SAAS,UAAU,gBAAgB;AAAA,IAC5D;AAAA,EACF;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG,0BAA0B,cAAc,eAAe;AAAA;AAAA;AAAA;AAAA,IAI1D,cAAc;AAAA,EAChB;AACF;AAEA,MAAM,mCAAmC,CACvC,iBACyD;AACzD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,aAAa,SAAS,SAAS;AAC3C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAEA,MAAM,mCAAmC,CACvC,iBACyD;AACzD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,aAAa,SAAS,SAAS;AAC3C,0BAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AACF;AAEA,MAAM,0BAA0B,CAC9B,cACA,eACA,qBACG;AACH,UAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,MAAM,eAAe;AAEtC,UAAM,WAAW,CAAC,QAChB,oBAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,UAAM,kBAAiB,iCAAQ,WAAS,mCAAS,UAAS,UAAU;AACpE,UAAM,aAAa,8BAA8B,EAAE,YAAY,eAAe,cAAc,eAAe,CAAC;AAE5G,WAAO,cAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAOA,MAAM,8BAA8B,CAClC,cACA,kBACA,qBACwB;AACxB,QAAM,cAAc,OAAO,YAA6B;AAvkB1D;AAwkBI,UAAM,gBAAgB,aAAa,OAAO,EAAE,yBAAyB,mCAAS,wBAAwB,CAAC;AACvG,UAAM,gBAAe,wCAAS,iBAAT,YAAyB,UAAU;AAExD,UAAM,aAAa,8BAA8B;AAAA,MAC/C,YAAY;AAAA,MACZ;AAAA,IACF,CAAC;AAED,QAAI,WAAW,cAAc,UAAU,gBAAgB,oBAAoB,UAAU,cAAc,YAAY,GAAG;AAChH,aAAO,OAAO,OAAO,YAAY;AAAA,QAC/B;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AASA,MAAM,0BAA0B,CAC9B,GACA,cACA,aACA,iBACa;AAzmBf;AA0mBE,MAAI,oBAAoB,CAAC,GAAG;AAC1B,WAAO,IAAI,aAAa,MAAM,EAAE,QAAQ,KAAK,YAAY,cAAc,CAAC;AAAA,EAC1E;AAEA,MAAI,0BAA0B,CAAC,GAAG;AAChC,UAAM,WAAW,IAAI,aAAa,MAAM,EAAE,QAAQ,IAAI,CAAC;AAIvD,UAAM,aAAc,aAAyC,OAAO;AACpE,QAAI,cAAc,WAAW,cAAc,UAAU,YAAY;AAI/D,YAAM,iBAAiB,oBAAoB,aAAa,cAAc;AACtE,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,qCAAqC,iDAAgB,WAAW;AAAA,MAClE;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,MAAI,sBAAsB,CAAC,GAAG;AAE5B,WAAO;AAAA;AAAA;AAAA;AAAA,MAIL,aAAa,QAAQ,IAAI,IAAI,UAAU,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACrE,UAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,qBAAqB,wBAAwB,CAAC;AACpD,QAAM,qBAAqB,wBAAwB,CAAC;AAEpD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,WAAW,eAAe;AAAA,MAC9B;AAAA,MACA,SAAS,aAAa;AAAA,MACtB,WAAW,aAAa;AAAA,MACxB,WAAW,aAAa;AAAA,MACxB,gBAAgB,aAAa;AAAA,MAC7B,gBAAe,kBAAa,OAAO,MAApB,mBAAuB;AAAA,MACtC,aAAa,aAAa;AAAA,IAC5B,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAC1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE,EAAE,cAAc,CAAC;AAAA,EACjG;AAEA,MAAI,sBAAsB,CAAC,GAAG;AAC5B,WAAO,gBAAgB,EAAE,WAAW;AAAA,EACtC;AAEA,QAAM;AACR;","names":["request","event","_a"]}
|
|
@@ -18,7 +18,7 @@ const SIGN_IN_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || "";
|
|
|
18
18
|
const SIGN_UP_URL = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || "";
|
|
19
19
|
const SDK_METADATA = {
|
|
20
20
|
name: "@clerk/nextjs",
|
|
21
|
-
version: "7.3.1
|
|
21
|
+
version: "7.3.1",
|
|
22
22
|
environment: process.env.NODE_ENV
|
|
23
23
|
};
|
|
24
24
|
const TELEMETRY_DISABLED = isTruthy(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DISABLED);
|
|
@@ -18,7 +18,7 @@ const clerkClientDefaultOptions = {
|
|
|
18
18
|
publishableKey: PUBLISHABLE_KEY,
|
|
19
19
|
apiUrl: API_URL,
|
|
20
20
|
apiVersion: API_VERSION,
|
|
21
|
-
userAgent: `${"@clerk/nextjs"}@${"7.3.1
|
|
21
|
+
userAgent: `${"@clerk/nextjs"}@${"7.3.1"}`,
|
|
22
22
|
proxyUrl: PROXY_URL,
|
|
23
23
|
domain: DOMAIN,
|
|
24
24
|
isSatellite: IS_SATELLITE,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/createClerkClient.ts"],"sourcesContent":["import { createClerkClient } from '@clerk/backend';\n\nimport {\n API_URL,\n API_VERSION,\n DOMAIN,\n IS_SATELLITE,\n MACHINE_SECRET_KEY,\n PROXY_URL,\n PUBLISHABLE_KEY,\n SDK_METADATA,\n SECRET_KEY,\n TELEMETRY_DEBUG,\n TELEMETRY_DISABLED,\n} from './constants';\n\nconst clerkClientDefaultOptions = {\n secretKey: SECRET_KEY,\n publishableKey: PUBLISHABLE_KEY,\n apiUrl: API_URL,\n apiVersion: API_VERSION,\n userAgent: `${PACKAGE_NAME}@${PACKAGE_VERSION}`,\n proxyUrl: PROXY_URL,\n domain: DOMAIN,\n isSatellite: IS_SATELLITE,\n machineSecretKey: MACHINE_SECRET_KEY,\n sdkMetadata: SDK_METADATA,\n telemetry: {\n disabled: TELEMETRY_DISABLED,\n debug: TELEMETRY_DEBUG,\n },\n};\n\nexport const createClerkClientWithOptions: typeof createClerkClient = options =>\n createClerkClient({ ...clerkClientDefaultOptions, ...options });\n"],"mappings":";AAAA,SAAS,yBAAyB;AAElC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,MAAM,4BAA4B;AAAA,EAChC,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW,GAAG,eAAY,IAAI,
|
|
1
|
+
{"version":3,"sources":["../../../src/server/createClerkClient.ts"],"sourcesContent":["import { createClerkClient } from '@clerk/backend';\n\nimport {\n API_URL,\n API_VERSION,\n DOMAIN,\n IS_SATELLITE,\n MACHINE_SECRET_KEY,\n PROXY_URL,\n PUBLISHABLE_KEY,\n SDK_METADATA,\n SECRET_KEY,\n TELEMETRY_DEBUG,\n TELEMETRY_DISABLED,\n} from './constants';\n\nconst clerkClientDefaultOptions = {\n secretKey: SECRET_KEY,\n publishableKey: PUBLISHABLE_KEY,\n apiUrl: API_URL,\n apiVersion: API_VERSION,\n userAgent: `${PACKAGE_NAME}@${PACKAGE_VERSION}`,\n proxyUrl: PROXY_URL,\n domain: DOMAIN,\n isSatellite: IS_SATELLITE,\n machineSecretKey: MACHINE_SECRET_KEY,\n sdkMetadata: SDK_METADATA,\n telemetry: {\n disabled: TELEMETRY_DISABLED,\n debug: TELEMETRY_DEBUG,\n },\n};\n\nexport const createClerkClientWithOptions: typeof createClerkClient = options =>\n createClerkClient({ ...clerkClientDefaultOptions, ...options });\n"],"mappings":";AAAA,SAAS,yBAAyB;AAElC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,MAAM,4BAA4B;AAAA,EAChC,WAAW;AAAA,EACX,gBAAgB;AAAA,EAChB,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW,GAAG,eAAY,IAAI,OAAe;AAAA,EAC7C,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,kBAAkB;AAAA,EAClB,aAAa;AAAA,EACb,WAAW;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,EACT;AACF;AAEO,MAAM,+BAAyD,aACpE,kBAAkB,EAAE,GAAG,2BAA2B,GAAG,QAAQ,CAAC;","names":[]}
|
|
@@ -57,7 +57,7 @@ function debugLogHeader(name) {
|
|
|
57
57
|
return `[clerk debug start: ${name}]`;
|
|
58
58
|
}
|
|
59
59
|
function debugLogFooter(name) {
|
|
60
|
-
return `[clerk debug end: ${name}] (@clerk/nextjs=${"7.3.1
|
|
60
|
+
return `[clerk debug end: ${name}] (@clerk/nextjs=${"7.3.1"},next=${nextPkg.version},timestamp=${Math.round((/* @__PURE__ */ new Date()).getTime() / 1e3)})`;
|
|
61
61
|
}
|
|
62
62
|
function truncate(str, maxLength) {
|
|
63
63
|
const encoder = new TextEncoder();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/utils/debugLogger.ts"],"sourcesContent":["// TODO: Replace with a more sophisticated logging solution\n\nimport nextPkg from 'next/package.json';\n\nimport { logFormatter } from './logFormatter';\n\nexport type Log = string | Record<string, unknown>;\nexport type LogEntry = Log | Log[];\nexport type Logger<L = Log> = {\n commit: () => void;\n debug: (...args: Array<L | (() => L)>) => void;\n enable: () => void;\n};\nexport type LoggerNoCommit<L = Logger> = Omit<L, 'commit'>;\n\nexport const createDebugLogger = (name: string, formatter: (val: LogEntry) => string) => (): Logger => {\n const entries: LogEntry[] = [];\n let isEnabled = false;\n\n return {\n enable: () => {\n isEnabled = true;\n },\n debug: (...args) => {\n if (isEnabled) {\n entries.push(args.map(arg => (typeof arg === 'function' ? arg() : arg)));\n }\n },\n commit: () => {\n if (isEnabled) {\n console.log(debugLogHeader(name));\n\n /**\n * We buffer each collected log entry so we can format them and log them all at once.\n * Individual console.log calls are used to ensure we don't hit platform-specific log limits (Vercel and Netlify are 4kb).\n */\n for (const log of entries) {\n let output = formatter(log);\n\n output = output\n .split('\\n')\n .map(l => ` ${l}`)\n .join('\\n');\n\n // Vercel errors if the output is > 4kb, so we truncate it\n if (process.env.VERCEL) {\n output = truncate(output, 4096);\n }\n\n console.log(output);\n }\n\n console.log(debugLogFooter(name));\n }\n },\n };\n};\n\ntype WithLogger = <L extends Logger, H extends (...args: any[]) => any>(\n loggerFactoryOrName: string | (() => L),\n handlerCtor: (logger: LoggerNoCommit<L>) => H,\n) => H;\n\nexport const withLogger: WithLogger = (loggerFactoryOrName, handlerCtor) => {\n return ((...args: any) => {\n const factory =\n typeof loggerFactoryOrName === 'string'\n ? createDebugLogger(loggerFactoryOrName, logFormatter)\n : loggerFactoryOrName;\n\n const logger = factory();\n const handler = handlerCtor(logger as any);\n\n try {\n const res = handler(...args);\n if (typeof res === 'object' && 'then' in res && typeof res.then === 'function') {\n return res\n .then((val: any) => {\n logger.commit();\n return val;\n })\n .catch((err: any) => {\n logger.commit();\n throw err;\n });\n }\n // handle sync methods\n logger.commit();\n return res;\n } catch (err: any) {\n logger.commit();\n throw err;\n }\n }) as ReturnType<typeof handlerCtor>;\n};\n\nfunction debugLogHeader(name: string) {\n return `[clerk debug start: ${name}]`;\n}\n\nfunction debugLogFooter(name: string) {\n return `[clerk debug end: ${name}] (@clerk/nextjs=${PACKAGE_VERSION},next=${nextPkg.version},timestamp=${Math.round(new Date().getTime() / 1_000)})`;\n}\n\n// ref: https://stackoverflow.com/questions/57769465/javascript-truncate-text-by-bytes-length\nfunction truncate(str: string, maxLength: number) {\n const encoder = new TextEncoder();\n const decoder = new TextDecoder('utf-8');\n\n const encodedString = encoder.encode(str);\n const truncatedString = encodedString.slice(0, maxLength);\n\n // return the truncated string, removing any replacement characters that result from partially truncated characters\n return decoder.decode(truncatedString).replace(/\\uFFFD/g, '');\n}\n"],"mappings":";AAEA,OAAO,aAAa;AAEpB,SAAS,oBAAoB;AAWtB,MAAM,oBAAoB,CAAC,MAAc,cAAyC,MAAc;AACrG,QAAM,UAAsB,CAAC;AAC7B,MAAI,YAAY;AAEhB,SAAO;AAAA,IACL,QAAQ,MAAM;AACZ,kBAAY;AAAA,IACd;AAAA,IACA,OAAO,IAAI,SAAS;AAClB,UAAI,WAAW;AACb,gBAAQ,KAAK,KAAK,IAAI,SAAQ,OAAO,QAAQ,aAAa,IAAI,IAAI,GAAI,CAAC;AAAA,MACzE;AAAA,IACF;AAAA,IACA,QAAQ,MAAM;AACZ,UAAI,WAAW;AACb,gBAAQ,IAAI,eAAe,IAAI,CAAC;AAMhC,mBAAW,OAAO,SAAS;AACzB,cAAI,SAAS,UAAU,GAAG;AAE1B,mBAAS,OACN,MAAM,IAAI,EACV,IAAI,OAAK,KAAK,CAAC,EAAE,EACjB,KAAK,IAAI;AAGZ,cAAI,QAAQ,IAAI,QAAQ;AACtB,qBAAS,SAAS,QAAQ,IAAI;AAAA,UAChC;AAEA,kBAAQ,IAAI,MAAM;AAAA,QACpB;AAEA,gBAAQ,IAAI,eAAe,IAAI,CAAC;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AACF;AAOO,MAAM,aAAyB,CAAC,qBAAqB,gBAAgB;AAC1E,UAAQ,IAAI,SAAc;AACxB,UAAM,UACJ,OAAO,wBAAwB,WAC3B,kBAAkB,qBAAqB,YAAY,IACnD;AAEN,UAAM,SAAS,QAAQ;AACvB,UAAM,UAAU,YAAY,MAAa;AAEzC,QAAI;AACF,YAAM,MAAM,QAAQ,GAAG,IAAI;AAC3B,UAAI,OAAO,QAAQ,YAAY,UAAU,OAAO,OAAO,IAAI,SAAS,YAAY;AAC9E,eAAO,IACJ,KAAK,CAAC,QAAa;AAClB,iBAAO,OAAO;AACd,iBAAO;AAAA,QACT,CAAC,EACA,MAAM,CAAC,QAAa;AACnB,iBAAO,OAAO;AACd,gBAAM;AAAA,QACR,CAAC;AAAA,MACL;AAEA,aAAO,OAAO;AACd,aAAO;AAAA,IACT,SAAS,KAAU;AACjB,aAAO,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAEA,SAAS,eAAe,MAAc;AACpC,SAAO,uBAAuB,IAAI;AACpC;AAEA,SAAS,eAAe,MAAc;AACpC,SAAO,qBAAqB,IAAI,oBAAoB,
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/debugLogger.ts"],"sourcesContent":["// TODO: Replace with a more sophisticated logging solution\n\nimport nextPkg from 'next/package.json';\n\nimport { logFormatter } from './logFormatter';\n\nexport type Log = string | Record<string, unknown>;\nexport type LogEntry = Log | Log[];\nexport type Logger<L = Log> = {\n commit: () => void;\n debug: (...args: Array<L | (() => L)>) => void;\n enable: () => void;\n};\nexport type LoggerNoCommit<L = Logger> = Omit<L, 'commit'>;\n\nexport const createDebugLogger = (name: string, formatter: (val: LogEntry) => string) => (): Logger => {\n const entries: LogEntry[] = [];\n let isEnabled = false;\n\n return {\n enable: () => {\n isEnabled = true;\n },\n debug: (...args) => {\n if (isEnabled) {\n entries.push(args.map(arg => (typeof arg === 'function' ? arg() : arg)));\n }\n },\n commit: () => {\n if (isEnabled) {\n console.log(debugLogHeader(name));\n\n /**\n * We buffer each collected log entry so we can format them and log them all at once.\n * Individual console.log calls are used to ensure we don't hit platform-specific log limits (Vercel and Netlify are 4kb).\n */\n for (const log of entries) {\n let output = formatter(log);\n\n output = output\n .split('\\n')\n .map(l => ` ${l}`)\n .join('\\n');\n\n // Vercel errors if the output is > 4kb, so we truncate it\n if (process.env.VERCEL) {\n output = truncate(output, 4096);\n }\n\n console.log(output);\n }\n\n console.log(debugLogFooter(name));\n }\n },\n };\n};\n\ntype WithLogger = <L extends Logger, H extends (...args: any[]) => any>(\n loggerFactoryOrName: string | (() => L),\n handlerCtor: (logger: LoggerNoCommit<L>) => H,\n) => H;\n\nexport const withLogger: WithLogger = (loggerFactoryOrName, handlerCtor) => {\n return ((...args: any) => {\n const factory =\n typeof loggerFactoryOrName === 'string'\n ? createDebugLogger(loggerFactoryOrName, logFormatter)\n : loggerFactoryOrName;\n\n const logger = factory();\n const handler = handlerCtor(logger as any);\n\n try {\n const res = handler(...args);\n if (typeof res === 'object' && 'then' in res && typeof res.then === 'function') {\n return res\n .then((val: any) => {\n logger.commit();\n return val;\n })\n .catch((err: any) => {\n logger.commit();\n throw err;\n });\n }\n // handle sync methods\n logger.commit();\n return res;\n } catch (err: any) {\n logger.commit();\n throw err;\n }\n }) as ReturnType<typeof handlerCtor>;\n};\n\nfunction debugLogHeader(name: string) {\n return `[clerk debug start: ${name}]`;\n}\n\nfunction debugLogFooter(name: string) {\n return `[clerk debug end: ${name}] (@clerk/nextjs=${PACKAGE_VERSION},next=${nextPkg.version},timestamp=${Math.round(new Date().getTime() / 1_000)})`;\n}\n\n// ref: https://stackoverflow.com/questions/57769465/javascript-truncate-text-by-bytes-length\nfunction truncate(str: string, maxLength: number) {\n const encoder = new TextEncoder();\n const decoder = new TextDecoder('utf-8');\n\n const encodedString = encoder.encode(str);\n const truncatedString = encodedString.slice(0, maxLength);\n\n // return the truncated string, removing any replacement characters that result from partially truncated characters\n return decoder.decode(truncatedString).replace(/\\uFFFD/g, '');\n}\n"],"mappings":";AAEA,OAAO,aAAa;AAEpB,SAAS,oBAAoB;AAWtB,MAAM,oBAAoB,CAAC,MAAc,cAAyC,MAAc;AACrG,QAAM,UAAsB,CAAC;AAC7B,MAAI,YAAY;AAEhB,SAAO;AAAA,IACL,QAAQ,MAAM;AACZ,kBAAY;AAAA,IACd;AAAA,IACA,OAAO,IAAI,SAAS;AAClB,UAAI,WAAW;AACb,gBAAQ,KAAK,KAAK,IAAI,SAAQ,OAAO,QAAQ,aAAa,IAAI,IAAI,GAAI,CAAC;AAAA,MACzE;AAAA,IACF;AAAA,IACA,QAAQ,MAAM;AACZ,UAAI,WAAW;AACb,gBAAQ,IAAI,eAAe,IAAI,CAAC;AAMhC,mBAAW,OAAO,SAAS;AACzB,cAAI,SAAS,UAAU,GAAG;AAE1B,mBAAS,OACN,MAAM,IAAI,EACV,IAAI,OAAK,KAAK,CAAC,EAAE,EACjB,KAAK,IAAI;AAGZ,cAAI,QAAQ,IAAI,QAAQ;AACtB,qBAAS,SAAS,QAAQ,IAAI;AAAA,UAChC;AAEA,kBAAQ,IAAI,MAAM;AAAA,QACpB;AAEA,gBAAQ,IAAI,eAAe,IAAI,CAAC;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AACF;AAOO,MAAM,aAAyB,CAAC,qBAAqB,gBAAgB;AAC1E,UAAQ,IAAI,SAAc;AACxB,UAAM,UACJ,OAAO,wBAAwB,WAC3B,kBAAkB,qBAAqB,YAAY,IACnD;AAEN,UAAM,SAAS,QAAQ;AACvB,UAAM,UAAU,YAAY,MAAa;AAEzC,QAAI;AACF,YAAM,MAAM,QAAQ,GAAG,IAAI;AAC3B,UAAI,OAAO,QAAQ,YAAY,UAAU,OAAO,OAAO,IAAI,SAAS,YAAY;AAC9E,eAAO,IACJ,KAAK,CAAC,QAAa;AAClB,iBAAO,OAAO;AACd,iBAAO;AAAA,QACT,CAAC,EACA,MAAM,CAAC,QAAa;AACnB,iBAAO,OAAO;AACd,gBAAM;AAAA,QACR,CAAC;AAAA,MACL;AAEA,aAAO,OAAO;AACd,aAAO;AAAA,IACT,SAAS,KAAU;AACjB,aAAO,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAEA,SAAS,eAAe,MAAc;AACpC,SAAO,uBAAuB,IAAI;AACpC;AAEA,SAAS,eAAe,MAAc;AACpC,SAAO,qBAAqB,IAAI,oBAAoB,OAAe,SAAS,QAAQ,OAAO,cAAc,KAAK,OAAM,oBAAI,KAAK,GAAE,QAAQ,IAAI,GAAK,CAAC;AACnJ;AAGA,SAAS,SAAS,KAAa,WAAmB;AAChD,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,UAAU,IAAI,YAAY,OAAO;AAEvC,QAAM,gBAAgB,QAAQ,OAAO,GAAG;AACxC,QAAM,kBAAkB,cAAc,MAAM,GAAG,SAAS;AAGxD,SAAO,QAAQ,OAAO,eAAe,EAAE,QAAQ,WAAW,EAAE;AAC9D;","names":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"clerkMiddleware.d.ts","sourceRoot":"","sources":["../../../src/server/clerkMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAsC,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACtF,OAAO,KAAK,EAEV,0BAA0B,EAC1B,YAAY,EACZ,WAAW,EAEX,kBAAkB,EAClB,mBAAmB,EAEpB,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"clerkMiddleware.d.ts","sourceRoot":"","sources":["../../../src/server/clerkMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAsC,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACtF,OAAO,KAAK,EAEV,0BAA0B,EAC1B,YAAY,EACZ,WAAW,EAEX,kBAAkB,EAClB,mBAAmB,EAEpB,MAAM,yBAAyB,CAAC;AAmBjC,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AAQxD,OAAO,EAAE,KAAK,4BAA4B,EAAsC,MAAM,2BAA2B,CAAC;AAkBlH,OAAO,KAAK,EACV,uBAAuB,EACvB,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACrB,MAAM,SAAS,CAAC;AASjB,MAAM,MAAM,gCAAgC,GAAG,CAAC,kBAAkB,GAAG,mBAAmB,CAAC,GAAG;IAC1F,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxC,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;CACzC,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAEzC,KAAK,sBAAsB,GAAG,CAC5B,IAAI,EAAE,mBAAmB,EACzB,OAAO,EAAE,0BAA0B,EACnC,KAAK,EAAE,sBAAsB,KAC1B,oBAAoB,CAAC;AAE1B,KAAK,6BAA6B,GAAG,IAAI,CAAC,0BAA0B,EAAE,cAAc,CAAC,CAAC;AAEtF;;;GAGG;AACH,MAAM,WAAW,sBAAuB,SAAQ,6BAA6B;IAC3E;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;OAEG;IACH,qBAAqB,CAAC,EAAE,4BAA4B,CAAC;IAErD;;;OAGG;IACH,gBAAgB,CAAC,EAAE,uBAAuB,CAAC;CAC5C;AAED,KAAK,8BAA8B,GAAG,CAAC,GAAG,EAAE,WAAW,KAAK,sBAAsB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAAC;AAErH;;;GAGG;AACH,UAAU,eAAe;IACvB;;;OAGG;IACH,CAAC,OAAO,EAAE,sBAAsB,EAAE,OAAO,CAAC,EAAE,sBAAsB,GAAG,cAAc,CAAC;IAEpF;;;OAGG;IACH,CAAC,OAAO,EAAE,sBAAsB,EAAE,OAAO,CAAC,EAAE,8BAA8B,GAAG,cAAc,CAAC;IAE5F;;;OAGG;IACH,CAAC,OAAO,CAAC,EAAE,sBAAsB,GAAG,cAAc,CAAC;IAEnD;;;OAGG;IACH,CAAC,OAAO,EAAE,0BAA0B,EAAE,KAAK,EAAE,sBAAsB,GAAG,oBAAoB,CAAC;CAC5F;AAED;;GAEG;AACH,eAAO,MAAM,eAAe,EAuLtB,eAAe,CAAC;AA4KtB,KAAK,mBAAmB,GAAG,IAAI,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC,qBAAqB,CAAC,CAAC;AAE3F,eAAO,MAAM,gCAAgC,GAC3C,cAAc,YAAY,EAC1B,SAAS,sBAAsB,KAC9B,UAAU,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAsBnC,CAAC"}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const errorThrower: import("@clerk/shared/index-
|
|
1
|
+
export declare const errorThrower: import("@clerk/shared/index-D4413SlB").ar;
|
|
2
2
|
//# sourceMappingURL=errorThrower.d.ts.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@clerk/nextjs",
|
|
3
|
-
"version": "7.3.1
|
|
3
|
+
"version": "7.3.1",
|
|
4
4
|
"description": "Clerk SDK for NextJS",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"clerk",
|
|
@@ -72,9 +72,9 @@
|
|
|
72
72
|
"dependencies": {
|
|
73
73
|
"server-only": "0.0.1",
|
|
74
74
|
"tslib": "2.8.1",
|
|
75
|
-
"@clerk/
|
|
76
|
-
"@clerk/
|
|
77
|
-
"@clerk/shared": "4.
|
|
75
|
+
"@clerk/backend": "^3.4.5",
|
|
76
|
+
"@clerk/react": "^6.6.0",
|
|
77
|
+
"@clerk/shared": "^4.10.0"
|
|
78
78
|
},
|
|
79
79
|
"devDependencies": {
|
|
80
80
|
"crypto-es": "^2.1.0",
|