@frontegg/nextjs 7.0.1 → 7.0.2-alpha.4553641929

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/index.js +1 -1
  3. package/middleware/ProxyResponseCallback.js +3 -2
  4. package/middleware/ProxyResponseCallback.js.map +1 -1
  5. package/package.json +2 -2
  6. package/sdkVersion.js +1 -1
  7. package/sdkVersion.js.map +1 -1
  8. package/utils/refreshAccessToken/helpers.d.ts +11 -1
  9. package/utils/refreshAccessToken/helpers.js +19 -1
  10. package/utils/refreshAccessToken/helpers.js.map +1 -1
  11. package/utils/refreshAccessToken/index.js +1 -1
  12. package/utils/refreshAccessToken/index.js.map +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,24 @@
1
1
  # Change Log
2
2
 
3
+ ## [7.0.2](https://github.com/frontegg/frontegg-nextjs/compare/v7.0.1...v7.0.2) (2023-3-29)
4
+
5
+ - FR-11247 - fix version branch 6.82
6
+
7
+ - FR-11065 - add passkeys mock ff
8
+ - FR-11189 - mfa authenticator app change input type
9
+ - FR-10821 - fix table color
10
+ - FR-11204 - add unit testing with jest
11
+ - FR-11139 - fix groups
12
+ - FR-11039 - fix groups dummy
13
+ - FR-11039 - ff groups
14
+ - FR-10530 - fix ff store name
15
+ - FR-11067 - error handling on profile image upload
16
+ - FR-11039 - extend users table with groups column
17
+
18
+ ### NextJS Wrapper 7.0.2:
19
+ - FR-11268 - build .env.test file in runtime with random values
20
+ - FE-11268 - Add support for ForceMFA after SAML login
21
+
3
22
  ## [7.0.1](https://github.com/frontegg/frontegg-nextjs/compare/v7.0.0...v7.0.1) (2023-3-27)
4
23
 
5
24
  - FR-11247 - fix version branch 6.82
package/index.js CHANGED
@@ -1,4 +1,4 @@
1
- /** @license Frontegg v7.0.1
1
+ /** @license Frontegg v7.0.2-alpha.4553641929
2
2
  *
3
3
  * This source code is licensed under the MIT license found in the
4
4
  * LICENSE file in the root directory of this source tree.
package/middleware/ProxyResponseCallback.js CHANGED
@@ -10,6 +10,7 @@ var _cookies = _interopRequireDefault(require("../utils/cookies"));
10
10
  var _common = require("../common");
11
11
  var _helpers = require("./helpers");
12
12
  var _fronteggLogger = _interopRequireDefault(require("../utils/fronteggLogger"));
13
+ var _helpers2 = require("../utils/refreshAccessToken/helpers");
13
14
  const logger = _fronteggLogger.default.child({
14
15
  tag: 'FronteggApiMiddleware.ProxyResponseCallback'
15
16
  });
@@ -75,9 +76,9 @@ const ProxyResponseCallback = (proxyRes, req, res) => {
75
76
  * - Does not have accessToken / access_token
76
77
  * - Not json response
77
78
  */
78
- if (statusCode === 302 && url === '/frontegg/auth/saml/callback') {
79
+ if (statusCode === 302 && (0, _helpers2.isSSOPostRequest)(url)) {
79
80
  /**
80
- * Ignore saml postLogin response with redirect
81
+ * Ignore saml/oidc postLogin response with redirect
81
82
  */
82
83
  } else {
83
84
  logger.error('failed to create session', e, {
package/middleware/ProxyResponseCallback.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ProxyResponseCallback.js","names":["_config","_interopRequireDefault","require","_cookies","_common","_helpers","_fronteggLogger","logger","fronteggLogger","child","tag","ProxyResponseCallback","proxyRes","req","res","buffer","Buffer","totalLength","isSecured","URL","config","appUrl","protocol","on","chunk","length","concat","_proxyRes$statusCode","url","statusCode","isSuccess","bodyStr","toString","isLogout","isFronteggLogoutUrl","CookieManager","removeCookies","cookieDomain","_process$env$FRONTEGG","redirect","process","env","encodeURIComponent","status","end","_CookieManager$modify","cookies","modifySetCookie","headers","body","JSON","parse","accessToken","access_token","session","decodedJwt","createSessionFromAccessToken","sessionCookie","create","value","expires","Date","exp","secure","push","e","error","Object","keys","filter","header","forEach","setHeader","_default","exports","default"],"sources":["../../../../packages/nextjs/src/middleware/ProxyResponseCallback.ts"],"sourcesContent":["import { ProxyResCallback } from 'http-proxy';\nimport { IncomingMessage } from 'http';\nimport { NextApiResponse, NextApiRequest } from 'next';\nimport config from '../config';\nimport CookieManager from '../utils/cookies';\nimport { createSessionFromAccessToken } from '../common';\nimport { isFronteggLogoutUrl } from './helpers';\nimport fronteggLogger from '../utils/fronteggLogger';\n\nconst logger = fronteggLogger.child({ tag: 'FronteggApiMiddleware.ProxyResponseCallback' });\n/**\n * Proxy response callback fired on after each response from Frontegg services,\n * to transport frontegg modify cookies and generating encrypted JWT session cookie.\n *\n * @param {IncomingMessage} proxyRes - Proxy response from Frontegg services\n * @param {NextApiRequest} req - Next.js request sent from client-side\n * @param {NextApiResponse} res - Next.js response to send to client-side\n */\nconst ProxyResponseCallback: ProxyResCallback<IncomingMessage, NextApiResponse> = (proxyRes, req, res) => {\n let buffer = new Buffer('');\n let totalLength: number = 0;\n const isSecured = new URL(config.appUrl).protocol === 'https:';\n\n proxyRes.on('data', (chunk: Buffer) => {\n totalLength += chunk.length;\n buffer = Buffer.concat([buffer, chunk], totalLength);\n });\n proxyRes.on('end', async () => {\n try {\n const url = req.url!;\n const statusCode = proxyRes.statusCode ?? 500;\n const isSuccess = statusCode >= 200 && statusCode < 400;\n const bodyStr = buffer.toString('utf-8');\n const isLogout = isFronteggLogoutUrl(url);\n\n if (isLogout) {\n CookieManager.removeCookies({\n isSecured,\n cookieDomain: config.cookieDomain,\n res,\n req,\n });\n if (isSuccess) {\n res.redirect(\n `${process.env['FRONTEGG_BASE_URL']}/oauth/logout?post_logout_redirect_uri=${encodeURIComponent(\n process.env['FRONTEGG_APP_URL'] ?? ''\n )}`\n );\n } else {\n res.status(statusCode).end(bodyStr);\n }\n return;\n }\n\n if (isSuccess) {\n const cookies = CookieManager.modifySetCookie(proxyRes.headers['set-cookie'], isSecured) ?? [];\n\n try {\n if (bodyStr && bodyStr.length > 0) {\n const body = JSON.parse(bodyStr);\n if (body.accessToken || body.access_token) {\n const [session, decodedJwt] = await createSessionFromAccessToken(body);\n if (session) {\n const sessionCookie = CookieManager.create({\n value: session,\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n });\n cookies.push(...sessionCookie);\n }\n }\n }\n } catch (e) {\n /** ignore api call if:\n * - Does not have accessToken / access_token\n * - Not json response\n */\n if (statusCode === 302 && url === '/frontegg/auth/saml/callback') {\n /**\n * Ignore saml postLogin response with redirect\n */\n } else {\n logger.error('failed to create session', e, {\n url,\n statusCode,\n });\n }\n }\n Object.keys(proxyRes.headers)\n .filter((header) => header !== 'cookie')\n .forEach((header) => {\n res.setHeader(header, `${proxyRes.headers[header]}`);\n });\n res.setHeader('set-cookie', cookies);\n res.status(statusCode).end(bodyStr);\n } else {\n if (statusCode >= 400 && statusCode !== 404) {\n logger.error(`Middleware request failed statusCode: ${statusCode} for url: ${url}`);\n }\n Object.keys(proxyRes.headers)\n .filter((header) => header !== 'cookie')\n .forEach((header) => {\n res.setHeader(header, `${proxyRes.headers[header]}`);\n });\n res.status(statusCode).end(bodyStr);\n }\n } catch (e: any) {\n logger.error('proxy failed to send request', e);\n res.status(500).end('Internal Server Error');\n }\n });\n};\n\nexport default ProxyResponseCallback;\n"],"mappings":";;;;;;;AAGA,IAAAA,OAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,QAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AACA,IAAAI,eAAA,GAAAL,sBAAA,CAAAC,OAAA;AAEA,MAAMK,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;EAAEC,GAAG,EAAE;AAA8C,CAAC,CAAC;AAC3F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,qBAAyE,GAAGA,CAACC,QAAQ,EAAEC,GAAG,EAAEC,GAAG,KAAK;EACxG,IAAIC,MAAM,GAAG,IAAIC,MAAM,CAAC,EAAE,CAAC;EAC3B,IAAIC,WAAmB,GAAG,CAAC;EAC3B,MAAMC,SAAS,GAAG,IAAIC,GAAG,CAACC,eAAM,CAACC,MAAM,CAAC,CAACC,QAAQ,KAAK,QAAQ;EAE9DV,QAAQ,CAACW,EAAE,CAAC,MAAM,EAAGC,KAAa,IAAK;IACrCP,WAAW,IAAIO,KAAK,CAACC,MAAM;IAC3BV,MAAM,GAAGC,MAAM,CAACU,MAAM,CAAC,CAACX,MAAM,EAAES,KAAK,CAAC,EAAEP,WAAW,CAAC;EACtD,CAAC,CAAC;EACFL,QAAQ,CAACW,EAAE,CAAC,KAAK,EAAE,YAAY;IAC7B,IAAI;MAAA,IAAAI,oBAAA;MACF,MAAMC,GAAG,GAAGf,GAAG,CAACe,GAAI;MACpB,MAAMC,UAAU,IAAAF,oBAAA,GAAGf,QAAQ,CAACiB,UAAU,YAAAF,oBAAA,GAAI,GAAG;MAC7C,MAAMG,SAAS,GAAGD,UAAU,IAAI,GAAG,IAAIA,UAAU,GAAG,GAAG;MACvD,MAAME,OAAO,GAAGhB,MAAM,CAACiB,QAAQ,CAAC,OAAO,CAAC;MACxC,MAAMC,QAAQ,GAAG,IAAAC,4BAAmB,EAACN,GAAG,CAAC;MAEzC,IAAIK,QAAQ,EAAE;QACZE,gBAAa,CAACC,aAAa,CAAC;UAC1BlB,SAAS;UACTmB,YAAY,EAAEjB,eAAM,CAACiB,YAAY;UACjCvB,GAAG;UACHD;QACF,CAAC,CAAC;QACF,IAAIiB,SAAS,EAAE;UAAA,IAAAQ,qBAAA;UACbxB,GAAG,CAACyB,QAAQ,CACT,GAAEC,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAE,0CAAyCC,kBAAkB,EAAAJ,qBAAA,GAC7FE,OAAO,CAACC,GAAG,CAAC,kBAAkB,CAAC,YAAAH,qBAAA,GAAI,EAAE,CACrC,EAAC,CACJ;QACH,CAAC,MAAM;UACLxB,GAAG,CAAC6B,MAAM,CAACd,UAAU,CAAC,CAACe,GAAG,CAACb,OAAO,CAAC;QACrC;QACA;MACF;MAEA,IAAID,SAAS,EAAE;QAAA,IAAAe,qBAAA;QACb,MAAMC,OAAO,IAAAD,qBAAA,GAAGV,gBAAa,CAACY,eAAe,CAACnC,QAAQ,CAACoC,OAAO,CAAC,YAAY,CAAC,EAAE9B,SAAS,CAAC,YAAA2B,qBAAA,GAAI,EAAE;QAE9F,IAAI;UACF,IAAId,OAAO,IAAIA,OAAO,CAACN,MAAM,GAAG,CAAC,EAAE;YACjC,MAAMwB,IAAI,GAAGC,IAAI,CAACC,KAAK,CAACpB,OAAO,CAAC;YAChC,IAAIkB,IAAI,CAACG,WAAW,IAAIH,IAAI,CAACI,YAAY,EAAE;cACzC,MAAM,CAACC,OAAO,EAAEC,UAAU,CAAC,GAAG,MAAM,IAAAC,oCAA4B,EAACP,IAAI,CAAC;cACtE,IAAIK,OAAO,EAAE;gBACX,MAAMG,aAAa,GAAGtB,gBAAa,CAACuB,MAAM,CAAC;kBACzCC,KAAK,EAAEL,OAAO;kBACdM,OAAO,EAAE,IAAIC,IAAI,CAACN,UAAU,CAACO,GAAG,GAAG,IAAI,CAAC;kBACxCC,MAAM,EAAE7C;gBACV,CAAC,CAAC;gBACF4B,OAAO,CAACkB,IAAI,CAAC,GAAGP,aAAa,CAAC;cAChC;YACF;UACF;QACF,CAAC,CAAC,OAAOQ,CAAC,EAAE;UACV;AACV;AACA;AACA;UACU,IAAIpC,UAAU,KAAK,GAAG,IAAID,GAAG,KAAK,8BAA8B,EAAE;YAChE;AACZ;AACA;UAFY,CAGD,MAAM;YACLrB,MAAM,CAAC2D,KAAK,CAAC,0BAA0B,EAAED,CAAC,EAAE;cAC1CrC,GAAG;cACHC;YACF,CAAC,CAAC;UACJ;QACF;QACAsC,MAAM,CAACC,IAAI,CAACxD,QAAQ,CAACoC,OAAO,CAAC,CAC1BqB,MAAM,CAAEC,MAAM,IAAKA,MAAM,KAAK,QAAQ,CAAC,CACvCC,OAAO,CAAED,MAAM,IAAK;UACnBxD,GAAG,CAAC0D,SAAS,CAACF,MAAM,EAAG,GAAE1D,QAAQ,CAACoC,OAAO,CAACsB,MAAM,CAAE,EAAC,CAAC;QACtD,CAAC,CAAC;QACJxD,GAAG,CAAC0D,SAAS,CAAC,YAAY,EAAE1B,OAAO,CAAC;QACpChC,GAAG,CAAC6B,MAAM,CAACd,UAAU,CAAC,CAACe,GAAG,CAACb,OAAO,CAAC;MACrC,CAAC,MAAM;QACL,IAAIF,UAAU,IAAI,GAAG,IAAIA,UAAU,KAAK,GAAG,EAAE;UAC3CtB,MAAM,CAAC2D,KAAK,CAAE,yCAAwCrC,UAAW,aAAYD,GAAI,EAAC,CAAC;QACrF;QACAuC,MAAM,CAACC,IAAI,CAACxD,QAAQ,CAACoC,OAAO,CAAC,CAC1BqB,MAAM,CAAEC,MAAM,IAAKA,MAAM,KAAK,QAAQ,CAAC,CACvCC,OAAO,CAAED,MAAM,IAAK;UACnBxD,GAAG,CAAC0D,SAAS,CAACF,MAAM,EAAG,GAAE1D,QAAQ,CAACoC,OAAO,CAACsB,MAAM,CAAE,EAAC,CAAC;QACtD,CAAC,CAAC;QACJxD,GAAG,CAAC6B,MAAM,CAACd,UAAU,CAAC,CAACe,GAAG,CAACb,OAAO,CAAC;MACrC;IACF,CAAC,CAAC,OAAOkC,CAAM,EAAE;MACf1D,MAAM,CAAC2D,KAAK,CAAC,8BAA8B,EAAED,CAAC,CAAC;MAC/CnD,GAAG,CAAC6B,MAAM,CAAC,GAAG,CAAC,CAACC,GAAG,CAAC,uBAAuB,CAAC;IAC9C;EACF,CAAC,CAAC;AACJ,CAAC;AAAC,IAAA6B,QAAA,GAEa9D,qBAAqB;AAAA+D,OAAA,CAAAC,OAAA,GAAAF,QAAA"}
1
+ {"version":3,"file":"ProxyResponseCallback.js","names":["_config","_interopRequireDefault","require","_cookies","_common","_helpers","_fronteggLogger","_helpers2","logger","fronteggLogger","child","tag","ProxyResponseCallback","proxyRes","req","res","buffer","Buffer","totalLength","isSecured","URL","config","appUrl","protocol","on","chunk","length","concat","_proxyRes$statusCode","url","statusCode","isSuccess","bodyStr","toString","isLogout","isFronteggLogoutUrl","CookieManager","removeCookies","cookieDomain","_process$env$FRONTEGG","redirect","process","env","encodeURIComponent","status","end","_CookieManager$modify","cookies","modifySetCookie","headers","body","JSON","parse","accessToken","access_token","session","decodedJwt","createSessionFromAccessToken","sessionCookie","create","value","expires","Date","exp","secure","push","e","isSSOPostRequest","error","Object","keys","filter","header","forEach","setHeader","_default","exports","default"],"sources":["../../../../packages/nextjs/src/middleware/ProxyResponseCallback.ts"],"sourcesContent":["import { ProxyResCallback } from 'http-proxy';\nimport { IncomingMessage } from 'http';\nimport { NextApiResponse, NextApiRequest } from 'next';\nimport config from '../config';\nimport CookieManager from '../utils/cookies';\nimport { createSessionFromAccessToken } from '../common';\nimport { isFronteggLogoutUrl } from './helpers';\nimport fronteggLogger from '../utils/fronteggLogger';\nimport { isSSOPostRequest } from '../utils/refreshAccessToken/helpers';\n\nconst logger = fronteggLogger.child({ tag: 'FronteggApiMiddleware.ProxyResponseCallback' });\n/**\n * Proxy response callback fired on after each response from Frontegg services,\n * to transport frontegg modify cookies and generating encrypted JWT session cookie.\n *\n * @param {IncomingMessage} proxyRes - Proxy response from Frontegg services\n * @param {NextApiRequest} req - Next.js request sent from client-side\n * @param {NextApiResponse} res - Next.js response to send to client-side\n */\nconst ProxyResponseCallback: ProxyResCallback<IncomingMessage, NextApiResponse> = (proxyRes, req, res) => {\n let buffer = new Buffer('');\n let totalLength: number = 0;\n const isSecured = new URL(config.appUrl).protocol === 'https:';\n\n proxyRes.on('data', (chunk: Buffer) => {\n totalLength += chunk.length;\n buffer = Buffer.concat([buffer, chunk], totalLength);\n });\n proxyRes.on('end', async () => {\n try {\n const url = req.url!;\n const statusCode = proxyRes.statusCode ?? 500;\n const isSuccess = statusCode >= 200 && statusCode < 400;\n const bodyStr = buffer.toString('utf-8');\n const isLogout = isFronteggLogoutUrl(url);\n\n if (isLogout) {\n CookieManager.removeCookies({\n isSecured,\n cookieDomain: config.cookieDomain,\n res,\n req,\n });\n if (isSuccess) {\n res.redirect(\n `${process.env['FRONTEGG_BASE_URL']}/oauth/logout?post_logout_redirect_uri=${encodeURIComponent(\n process.env['FRONTEGG_APP_URL'] ?? ''\n )}`\n );\n } else {\n res.status(statusCode).end(bodyStr);\n }\n return;\n }\n\n if (isSuccess) {\n const cookies = CookieManager.modifySetCookie(proxyRes.headers['set-cookie'], isSecured) ?? [];\n\n try {\n if (bodyStr && bodyStr.length > 0) {\n const body = JSON.parse(bodyStr);\n if (body.accessToken || body.access_token) {\n const [session, decodedJwt] = await createSessionFromAccessToken(body);\n if (session) {\n const sessionCookie = CookieManager.create({\n value: session,\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n });\n cookies.push(...sessionCookie);\n }\n }\n }\n } catch (e) {\n /** ignore api call if:\n * - Does not have accessToken / access_token\n * - Not json response\n */\n if (statusCode === 302 && isSSOPostRequest(url)) {\n /**\n * Ignore saml/oidc postLogin response with redirect\n */\n } else {\n logger.error('failed to create session', e, {\n url,\n statusCode,\n });\n }\n }\n Object.keys(proxyRes.headers)\n .filter((header) => header !== 'cookie')\n .forEach((header) => {\n res.setHeader(header, `${proxyRes.headers[header]}`);\n });\n res.setHeader('set-cookie', cookies);\n res.status(statusCode).end(bodyStr);\n } else {\n if (statusCode >= 400 && statusCode !== 404) {\n logger.error(`Middleware request failed statusCode: ${statusCode} for url: ${url}`);\n }\n Object.keys(proxyRes.headers)\n .filter((header) => header !== 'cookie')\n .forEach((header) => {\n res.setHeader(header, `${proxyRes.headers[header]}`);\n });\n res.status(statusCode).end(bodyStr);\n }\n } catch (e: any) {\n logger.error('proxy failed to send request', e);\n res.status(500).end('Internal Server Error');\n }\n });\n};\n\nexport default ProxyResponseCallback;\n"],"mappings":";;;;;;;AAGA,IAAAA,OAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,QAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AACA,IAAAI,eAAA,GAAAL,sBAAA,CAAAC,OAAA;AACA,IAAAK,SAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;EAAEC,GAAG,EAAE;AAA8C,CAAC,CAAC;AAC3F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,qBAAyE,GAAGA,CAACC,QAAQ,EAAEC,GAAG,EAAEC,GAAG,KAAK;EACxG,IAAIC,MAAM,GAAG,IAAIC,MAAM,CAAC,EAAE,CAAC;EAC3B,IAAIC,WAAmB,GAAG,CAAC;EAC3B,MAAMC,SAAS,GAAG,IAAIC,GAAG,CAACC,eAAM,CAACC,MAAM,CAAC,CAACC,QAAQ,KAAK,QAAQ;EAE9DV,QAAQ,CAACW,EAAE,CAAC,MAAM,EAAGC,KAAa,IAAK;IACrCP,WAAW,IAAIO,KAAK,CAACC,MAAM;IAC3BV,MAAM,GAAGC,MAAM,CAACU,MAAM,CAAC,CAACX,MAAM,EAAES,KAAK,CAAC,EAAEP,WAAW,CAAC;EACtD,CAAC,CAAC;EACFL,QAAQ,CAACW,EAAE,CAAC,KAAK,EAAE,YAAY;IAC7B,IAAI;MAAA,IAAAI,oBAAA;MACF,MAAMC,GAAG,GAAGf,GAAG,CAACe,GAAI;MACpB,MAAMC,UAAU,IAAAF,oBAAA,GAAGf,QAAQ,CAACiB,UAAU,YAAAF,oBAAA,GAAI,GAAG;MAC7C,MAAMG,SAAS,GAAGD,UAAU,IAAI,GAAG,IAAIA,UAAU,GAAG,GAAG;MACvD,MAAME,OAAO,GAAGhB,MAAM,CAACiB,QAAQ,CAAC,OAAO,CAAC;MACxC,MAAMC,QAAQ,GAAG,IAAAC,4BAAmB,EAACN,GAAG,CAAC;MAEzC,IAAIK,QAAQ,EAAE;QACZE,gBAAa,CAACC,aAAa,CAAC;UAC1BlB,SAAS;UACTmB,YAAY,EAAEjB,eAAM,CAACiB,YAAY;UACjCvB,GAAG;UACHD;QACF,CAAC,CAAC;QACF,IAAIiB,SAAS,EAAE;UAAA,IAAAQ,qBAAA;UACbxB,GAAG,CAACyB,QAAQ,CACT,GAAEC,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAE,0CAAyCC,kBAAkB,EAAAJ,qBAAA,GAC7FE,OAAO,CAACC,GAAG,CAAC,kBAAkB,CAAC,YAAAH,qBAAA,GAAI,EAAE,CACrC,EAAC,CACJ;QACH,CAAC,MAAM;UACLxB,GAAG,CAAC6B,MAAM,CAACd,UAAU,CAAC,CAACe,GAAG,CAACb,OAAO,CAAC;QACrC;QACA;MACF;MAEA,IAAID,SAAS,EAAE;QAAA,IAAAe,qBAAA;QACb,MAAMC,OAAO,IAAAD,qBAAA,GAAGV,gBAAa,CAACY,eAAe,CAACnC,QAAQ,CAACoC,OAAO,CAAC,YAAY,CAAC,EAAE9B,SAAS,CAAC,YAAA2B,qBAAA,GAAI,EAAE;QAE9F,IAAI;UACF,IAAId,OAAO,IAAIA,OAAO,CAACN,MAAM,GAAG,CAAC,EAAE;YACjC,MAAMwB,IAAI,GAAGC,IAAI,CAACC,KAAK,CAACpB,OAAO,CAAC;YAChC,IAAIkB,IAAI,CAACG,WAAW,IAAIH,IAAI,CAACI,YAAY,EAAE;cACzC,MAAM,CAACC,OAAO,EAAEC,UAAU,CAAC,GAAG,MAAM,IAAAC,oCAA4B,EAACP,IAAI,CAAC;cACtE,IAAIK,OAAO,EAAE;gBACX,MAAMG,aAAa,GAAGtB,gBAAa,CAACuB,MAAM,CAAC;kBACzCC,KAAK,EAAEL,OAAO;kBACdM,OAAO,EAAE,IAAIC,IAAI,CAACN,UAAU,CAACO,GAAG,GAAG,IAAI,CAAC;kBACxCC,MAAM,EAAE7C;gBACV,CAAC,CAAC;gBACF4B,OAAO,CAACkB,IAAI,CAAC,GAAGP,aAAa,CAAC;cAChC;YACF;UACF;QACF,CAAC,CAAC,OAAOQ,CAAC,EAAE;UACV;AACV;AACA;AACA;UACU,IAAIpC,UAAU,KAAK,GAAG,IAAI,IAAAqC,0BAAgB,EAACtC,GAAG,CAAC,EAAE;YAC/C;AACZ;AACA;UAFY,CAGD,MAAM;YACLrB,MAAM,CAAC4D,KAAK,CAAC,0BAA0B,EAAEF,CAAC,EAAE;cAC1CrC,GAAG;cACHC;YACF,CAAC,CAAC;UACJ;QACF;QACAuC,MAAM,CAACC,IAAI,CAACzD,QAAQ,CAACoC,OAAO,CAAC,CAC1BsB,MAAM,CAAEC,MAAM,IAAKA,MAAM,KAAK,QAAQ,CAAC,CACvCC,OAAO,CAAED,MAAM,IAAK;UACnBzD,GAAG,CAAC2D,SAAS,CAACF,MAAM,EAAG,GAAE3D,QAAQ,CAACoC,OAAO,CAACuB,MAAM,CAAE,EAAC,CAAC;QACtD,CAAC,CAAC;QACJzD,GAAG,CAAC2D,SAAS,CAAC,YAAY,EAAE3B,OAAO,CAAC;QACpChC,GAAG,CAAC6B,MAAM,CAACd,UAAU,CAAC,CAACe,GAAG,CAACb,OAAO,CAAC;MACrC,CAAC,MAAM;QACL,IAAIF,UAAU,IAAI,GAAG,IAAIA,UAAU,KAAK,GAAG,EAAE;UAC3CtB,MAAM,CAAC4D,KAAK,CAAE,yCAAwCtC,UAAW,aAAYD,GAAI,EAAC,CAAC;QACrF;QACAwC,MAAM,CAACC,IAAI,CAACzD,QAAQ,CAACoC,OAAO,CAAC,CAC1BsB,MAAM,CAAEC,MAAM,IAAKA,MAAM,KAAK,QAAQ,CAAC,CACvCC,OAAO,CAAED,MAAM,IAAK;UACnBzD,GAAG,CAAC2D,SAAS,CAACF,MAAM,EAAG,GAAE3D,QAAQ,CAACoC,OAAO,CAACuB,MAAM,CAAE,EAAC,CAAC;QACtD,CAAC,CAAC;QACJzD,GAAG,CAAC6B,MAAM,CAACd,UAAU,CAAC,CAACe,GAAG,CAACb,OAAO,CAAC;MACrC;IACF,CAAC,CAAC,OAAOkC,CAAM,EAAE;MACf1D,MAAM,CAAC4D,KAAK,CAAC,8BAA8B,EAAEF,CAAC,CAAC;MAC/CnD,GAAG,CAAC6B,MAAM,CAAC,GAAG,CAAC,CAACC,GAAG,CAAC,uBAAuB,CAAC;IAC9C;EACF,CAAC,CAAC;AACJ,CAAC;AAAC,IAAA8B,QAAA,GAEa/D,qBAAqB;AAAAgE,OAAA,CAAAC,OAAA,GAAAF,QAAA"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@frontegg/nextjs",
3
3
  "libName": "FronteggNextJs",
4
- "version": "7.0.1",
4
+ "version": "7.0.2-alpha.4553641929",
5
5
  "author": "Frontegg LTD",
6
6
  "license": "MIT",
7
7
  "repository": {
@@ -23,7 +23,7 @@
23
23
  "build:stable": "node ../../scripts/build node",
24
24
  "build:types": "tsc -b tsconfig.build.json",
25
25
  "build:copy-files": "node ../../scripts/copy-files.js",
26
- "test": "cp .env.test .env && CI=true npx playwright test",
26
+ "test": "node ../../scripts/prepare-env-test-file.js && CI=true npx playwright test",
27
27
  "lint-json": "eslint -c .eslintrc.json -o ./lint-report.json --format json --no-color ./src/**/*.{ts,tsx}"
28
28
  },
29
29
  "dependencies": {
package/sdkVersion.js CHANGED
@@ -5,7 +5,7 @@ Object.defineProperty(exports, "__esModule", {
5
5
  });
6
6
  exports.default = void 0;
7
7
  var _default = {
8
- version: '7.0.1'
8
+ version: '7.0.2-alpha.4553641929'
9
9
  };
10
10
  exports.default = _default;
11
11
  //# sourceMappingURL=sdkVersion.js.map
package/sdkVersion.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sdkVersion.js","names":["version","exports","default","_default"],"sources":["../../../packages/nextjs/src/sdkVersion.ts"],"sourcesContent":["export default { version: '7.0.1' };\n"],"mappings":";;;;;;eAAe;EAAEA,OAAO,EAAE;AAAQ,CAAC;AAAAC,OAAA,CAAAC,OAAA,GAAAC,QAAA"}
1
+ {"version":3,"file":"sdkVersion.js","names":["version","exports","default","_default"],"sources":["../../../packages/nextjs/src/sdkVersion.ts"],"sourcesContent":["export default { version: '7.0.2-alpha.4553641929' };\n"],"mappings":";;;;;;eAAe;EAAEA,OAAO,EAAE;AAAyB,CAAC;AAAAC,OAAA,CAAAC,OAAA,GAAAC,QAAA"}
package/utils/refreshAccessToken/helpers.d.ts CHANGED
@@ -11,6 +11,16 @@ export declare function refreshAccessTokenHostedLogin(request: IncomingMessage):
11
11
  export declare function isRuntimeNextRequest(url: string): boolean;
12
12
  /**
13
13
  * If url starts with '/oauth/callback' means that the user navigated back
14
- * from frontegg hosted login, in this scenario no need to refresh token
14
+ * from frontegg hosted login, in this scenario no need to SSR refresh token
15
15
  */
16
16
  export declare function isOauthCallback(url: string): boolean;
17
+ /**
18
+ * If url starts with '/account/saml/callback' means that the user navigated back
19
+ * from sso login, in this scenario no need to SSR refresh token
20
+ */
21
+ export declare function isSamlCallback(url: string): boolean;
22
+ /**
23
+ * If the url equals to '/frontegg/auth/{provider}/callback', it means that the SSO provider
24
+ * is posting an http request to the nextjs backend middleware after successfully logged in the user
25
+ */
26
+ export declare function isSSOPostRequest(url: string): boolean;
package/utils/refreshAccessToken/helpers.js CHANGED
@@ -7,6 +7,8 @@ Object.defineProperty(exports, "__esModule", {
7
7
  exports.hasRefreshTokenCookie = hasRefreshTokenCookie;
8
8
  exports.isOauthCallback = isOauthCallback;
9
9
  exports.isRuntimeNextRequest = isRuntimeNextRequest;
10
+ exports.isSSOPostRequest = isSSOPostRequest;
11
+ exports.isSamlCallback = isSamlCallback;
10
12
  exports.refreshAccessTokenEmbedded = refreshAccessTokenEmbedded;
11
13
  exports.refreshAccessTokenHostedLogin = refreshAccessTokenHostedLogin;
12
14
  var _fronteggLogger = _interopRequireDefault(require("../fronteggLogger"));
@@ -72,9 +74,25 @@ function isRuntimeNextRequest(url) {
72
74
 
73
75
  /**
74
76
  * If url starts with '/oauth/callback' means that the user navigated back
75
- * from frontegg hosted login, in this scenario no need to refresh token
77
+ * from frontegg hosted login, in this scenario no need to SSR refresh token
76
78
  */
77
79
  function isOauthCallback(url) {
78
80
  return url.startsWith('/oauth/callback');
79
81
  }
82
+
83
+ /**
84
+ * If url starts with '/account/saml/callback' means that the user navigated back
85
+ * from sso login, in this scenario no need to SSR refresh token
86
+ */
87
+ function isSamlCallback(url) {
88
+ return url.startsWith('/account/saml/callback') || url.startsWith('/account/oidc/callback');
89
+ }
90
+
91
+ /**
92
+ * If the url equals to '/frontegg/auth/{provider}/callback', it means that the SSO provider
93
+ * is posting an http request to the nextjs backend middleware after successfully logged in the user
94
+ */
95
+ function isSSOPostRequest(url) {
96
+ return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';
97
+ }
80
98
  //# sourceMappingURL=helpers.js.map
package/utils/refreshAccessToken/helpers.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"helpers.js","names":["_fronteggLogger","_interopRequireDefault","require","_cookies","_api","_common","hasRefreshTokenCookie","cookies","logger","fronteggLogger","child","tag","refreshTokenKey","CookieManager","debug","cookieKey","Object","keys","find","cookie","replace","exists","refreshAccessTokenEmbedded","request","headers","info","api","refreshTokenEmbedded","refreshAccessTokenHostedLogin","sealFromCookies","getSessionCookieFromRequest","tokens","getTokensFromCookie","refreshToken","refreshTokenHostedLogin","e","error","isRuntimeNextRequest","url","startsWith","isOauthCallback"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessToken/helpers.ts"],"sourcesContent":["import fronteggLogger from '../fronteggLogger';\nimport CookieManager from '../cookies';\nimport { NextApiRequest } from 'next/dist/shared/lib/utils';\nimport api from '../../api';\nimport { getTokensFromCookie } from '../../common';\nimport { IncomingMessage } from 'http';\n\nexport function hasRefreshTokenCookie(cookies: Record<string, any>): boolean {\n const logger = fronteggLogger.child({ tag: 'refreshToken.hasRefreshTokenCookie' });\n const refreshTokenKey = CookieManager.refreshTokenKey;\n logger.debug(`Checking if '${refreshTokenKey}' exists in cookies`);\n const cookieKey = Object.keys(cookies).find((cookie) => {\n return cookie.replace(/-/g, '') === refreshTokenKey;\n });\n const exists: boolean = cookieKey != null;\n logger.debug(`Cookie '${refreshTokenKey}' ${exists ? 'exists' : 'NOT exists'} in cookies`);\n return exists;\n}\n\nexport async function refreshAccessTokenEmbedded(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenEmbedded' });\n\n const headers = request.headers as Record<string, string>;\n const cookies = (request as NextApiRequest).cookies;\n\n logger.info('check if has refresh token headers');\n if (hasRefreshTokenCookie(cookies)) {\n logger.info('going to refresh token (embedded mode)');\n return await api.refreshTokenEmbedded(headers);\n }\n return null;\n}\n\nexport async function refreshAccessTokenHostedLogin(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenHostedLogin' });\n const headers = request.headers as Record<string, string>;\n logger.info('trying to get token from cookies');\n\n const sealFromCookies = CookieManager.getSessionCookieFromRequest(request);\n try {\n const tokens = await getTokensFromCookie(sealFromCookies);\n if (!tokens?.refreshToken) {\n logger.info('refresh token not found');\n return null;\n }\n\n logger.info('going to refresh token (hosted-login mode)');\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken);\n } catch (e) {\n logger.error(e);\n return null;\n }\n}\n\n/**\n * If url starts with /_next/ means that the user trying to navigate\n * to a new nextjs page, in this scenario no need to refresh token\n * we can just return the actual stateless session from\n * the encrypted cookie\n */\nexport function isRuntimeNextRequest(url: string): boolean {\n return url.startsWith('/_next/');\n}\n\n/**\n * If url starts with '/oauth/callback' means that the user navigated back\n * from frontegg hosted login, in this scenario no need to refresh token\n */\nexport function isOauthCallback(url: string): boolean {\n return url.startsWith('/oauth/callback');\n}\n"],"mappings":";;;;;;;;;;;AAAA,IAAAA,eAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,QAAA,GAAAF,sBAAA,CAAAC,OAAA;AAEA,IAAAE,IAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAGO,SAASI,qBAAqBA,CAACC,OAA4B,EAAW;EAC3E,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAAqC,CAAC,CAAC;EAClF,MAAMC,eAAe,GAAGC,gBAAa,CAACD,eAAe;EACrDJ,MAAM,CAACM,KAAK,CAAE,gBAAeF,eAAgB,qBAAoB,CAAC;EAClE,MAAMG,SAAS,GAAGC,MAAM,CAACC,IAAI,CAACV,OAAO,CAAC,CAACW,IAAI,CAAEC,MAAM,IAAK;IACtD,OAAOA,MAAM,CAACC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAKR,eAAe;EACrD,CAAC,CAAC;EACF,MAAMS,MAAe,GAAGN,SAAS,IAAI,IAAI;EACzCP,MAAM,CAACM,KAAK,CAAE,WAAUF,eAAgB,KAAIS,MAAM,GAAG,QAAQ,GAAG,YAAa,aAAY,CAAC;EAC1F,OAAOA,MAAM;AACf;AAEO,eAAeC,0BAA0BA,CAACC,OAAwB,EAA4B;EACnG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA0C,CAAC,CAAC;EAEvF,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EACzD,MAAMjB,OAAO,GAAIgB,OAAO,CAAoBhB,OAAO;EAEnDC,MAAM,CAACiB,IAAI,CAAC,oCAAoC,CAAC;EACjD,IAAInB,qBAAqB,CAACC,OAAO,CAAC,EAAE;IAClCC,MAAM,CAACiB,IAAI,CAAC,wCAAwC,CAAC;IACrD,OAAO,MAAMC,YAAG,CAACC,oBAAoB,CAACH,OAAO,CAAC;EAChD;EACA,OAAO,IAAI;AACb;AAEO,eAAeI,6BAA6BA,CAACL,OAAwB,EAA4B;EACtG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA6C,CAAC,CAAC;EAC1F,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EACzDhB,MAAM,CAACiB,IAAI,CAAC,kCAAkC,CAAC;EAE/C,MAAMI,eAAe,GAAGhB,gBAAa,CAACiB,2BAA2B,CAACP,OAAO,CAAC;EAC1E,IAAI;IACF,MAAMQ,MAAM,GAAG,MAAM,IAAAC,2BAAmB,EAACH,eAAe,CAAC;IACzD,IAAI,EAACE,MAAM,YAANA,MAAM,CAAEE,YAAY,GAAE;MACzBzB,MAAM,CAACiB,IAAI,CAAC,yBAAyB,CAAC;MACtC,OAAO,IAAI;IACb;IAEAjB,MAAM,CAACiB,IAAI,CAAC,4CAA4C,CAAC;IACzD,OAAO,MAAMC,YAAG,CAACQ,uBAAuB,CAACV,OAAO,EAAEO,MAAM,CAACE,YAAY,CAAC;EACxE,CAAC,CAAC,OAAOE,CAAC,EAAE;IACV3B,MAAM,CAAC4B,KAAK,CAACD,CAAC,CAAC;IACf,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASE,oBAAoBA,CAACC,GAAW,EAAW;EACzD,OAAOA,GAAG,CAACC,UAAU,CAAC,SAAS,CAAC;AAClC;;AAEA;AACA;AACA;AACA;AACO,SAASC,eAAeA,CAACF,GAAW,EAAW;EACpD,OAAOA,GAAG,CAACC,UAAU,CAAC,iBAAiB,CAAC;AAC1C"}
1
+ {"version":3,"file":"helpers.js","names":["_fronteggLogger","_interopRequireDefault","require","_cookies","_api","_common","hasRefreshTokenCookie","cookies","logger","fronteggLogger","child","tag","refreshTokenKey","CookieManager","debug","cookieKey","Object","keys","find","cookie","replace","exists","refreshAccessTokenEmbedded","request","headers","info","api","refreshTokenEmbedded","refreshAccessTokenHostedLogin","sealFromCookies","getSessionCookieFromRequest","tokens","getTokensFromCookie","refreshToken","refreshTokenHostedLogin","e","error","isRuntimeNextRequest","url","startsWith","isOauthCallback","isSamlCallback","isSSOPostRequest"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessToken/helpers.ts"],"sourcesContent":["import fronteggLogger from '../fronteggLogger';\nimport CookieManager from '../cookies';\nimport { NextApiRequest } from 'next/dist/shared/lib/utils';\nimport api from '../../api';\nimport { getTokensFromCookie } from '../../common';\nimport { IncomingMessage } from 'http';\n\nexport function hasRefreshTokenCookie(cookies: Record<string, any>): boolean {\n const logger = fronteggLogger.child({ tag: 'refreshToken.hasRefreshTokenCookie' });\n const refreshTokenKey = CookieManager.refreshTokenKey;\n logger.debug(`Checking if '${refreshTokenKey}' exists in cookies`);\n const cookieKey = Object.keys(cookies).find((cookie) => {\n return cookie.replace(/-/g, '') === refreshTokenKey;\n });\n const exists: boolean = cookieKey != null;\n logger.debug(`Cookie '${refreshTokenKey}' ${exists ? 'exists' : 'NOT exists'} in cookies`);\n return exists;\n}\n\nexport async function refreshAccessTokenEmbedded(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenEmbedded' });\n\n const headers = request.headers as Record<string, string>;\n const cookies = (request as NextApiRequest).cookies;\n\n logger.info('check if has refresh token headers');\n if (hasRefreshTokenCookie(cookies)) {\n logger.info('going to refresh token (embedded mode)');\n return await api.refreshTokenEmbedded(headers);\n }\n return null;\n}\n\nexport async function refreshAccessTokenHostedLogin(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenHostedLogin' });\n const headers = request.headers as Record<string, string>;\n logger.info('trying to get token from cookies');\n\n const sealFromCookies = CookieManager.getSessionCookieFromRequest(request);\n try {\n const tokens = await getTokensFromCookie(sealFromCookies);\n if (!tokens?.refreshToken) {\n logger.info('refresh token not found');\n return null;\n }\n\n logger.info('going to refresh token (hosted-login mode)');\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken);\n } catch (e) {\n logger.error(e);\n return null;\n }\n}\n\n/**\n * If url starts with /_next/ means that the user trying to navigate\n * to a new nextjs page, in this scenario no need to refresh token\n * we can just return the actual stateless session from\n * the encrypted cookie\n */\nexport function isRuntimeNextRequest(url: string): boolean {\n return url.startsWith('/_next/');\n}\n\n/**\n * If url starts with '/oauth/callback' means that the user navigated back\n * from frontegg hosted login, in this scenario no need to SSR refresh token\n */\nexport function isOauthCallback(url: string): boolean {\n return url.startsWith('/oauth/callback');\n}\n\n/**\n * If url starts with '/account/saml/callback' means that the user navigated back\n * from sso login, in this scenario no need to SSR refresh token\n */\nexport function isSamlCallback(url: string): boolean {\n return url.startsWith('/account/saml/callback') || url.startsWith('/account/oidc/callback');\n}\n\n/**\n * If the url equals to '/frontegg/auth/{provider}/callback', it means that the SSO provider\n * is posting an http request to the nextjs backend middleware after successfully logged in the user\n */\nexport function isSSOPostRequest(url: string): boolean {\n return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';\n}\n"],"mappings":";;;;;;;;;;;;;AAAA,IAAAA,eAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,QAAA,GAAAF,sBAAA,CAAAC,OAAA;AAEA,IAAAE,IAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAGO,SAASI,qBAAqBA,CAACC,OAA4B,EAAW;EAC3E,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAAqC,CAAC,CAAC;EAClF,MAAMC,eAAe,GAAGC,gBAAa,CAACD,eAAe;EACrDJ,MAAM,CAACM,KAAK,CAAE,gBAAeF,eAAgB,qBAAoB,CAAC;EAClE,MAAMG,SAAS,GAAGC,MAAM,CAACC,IAAI,CAACV,OAAO,CAAC,CAACW,IAAI,CAAEC,MAAM,IAAK;IACtD,OAAOA,MAAM,CAACC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAKR,eAAe;EACrD,CAAC,CAAC;EACF,MAAMS,MAAe,GAAGN,SAAS,IAAI,IAAI;EACzCP,MAAM,CAACM,KAAK,CAAE,WAAUF,eAAgB,KAAIS,MAAM,GAAG,QAAQ,GAAG,YAAa,aAAY,CAAC;EAC1F,OAAOA,MAAM;AACf;AAEO,eAAeC,0BAA0BA,CAACC,OAAwB,EAA4B;EACnG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA0C,CAAC,CAAC;EAEvF,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EACzD,MAAMjB,OAAO,GAAIgB,OAAO,CAAoBhB,OAAO;EAEnDC,MAAM,CAACiB,IAAI,CAAC,oCAAoC,CAAC;EACjD,IAAInB,qBAAqB,CAACC,OAAO,CAAC,EAAE;IAClCC,MAAM,CAACiB,IAAI,CAAC,wCAAwC,CAAC;IACrD,OAAO,MAAMC,YAAG,CAACC,oBAAoB,CAACH,OAAO,CAAC;EAChD;EACA,OAAO,IAAI;AACb;AAEO,eAAeI,6BAA6BA,CAACL,OAAwB,EAA4B;EACtG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA6C,CAAC,CAAC;EAC1F,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EACzDhB,MAAM,CAACiB,IAAI,CAAC,kCAAkC,CAAC;EAE/C,MAAMI,eAAe,GAAGhB,gBAAa,CAACiB,2BAA2B,CAACP,OAAO,CAAC;EAC1E,IAAI;IACF,MAAMQ,MAAM,GAAG,MAAM,IAAAC,2BAAmB,EAACH,eAAe,CAAC;IACzD,IAAI,EAACE,MAAM,YAANA,MAAM,CAAEE,YAAY,GAAE;MACzBzB,MAAM,CAACiB,IAAI,CAAC,yBAAyB,CAAC;MACtC,OAAO,IAAI;IACb;IAEAjB,MAAM,CAACiB,IAAI,CAAC,4CAA4C,CAAC;IACzD,OAAO,MAAMC,YAAG,CAACQ,uBAAuB,CAACV,OAAO,EAAEO,MAAM,CAACE,YAAY,CAAC;EACxE,CAAC,CAAC,OAAOE,CAAC,EAAE;IACV3B,MAAM,CAAC4B,KAAK,CAACD,CAAC,CAAC;IACf,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASE,oBAAoBA,CAACC,GAAW,EAAW;EACzD,OAAOA,GAAG,CAACC,UAAU,CAAC,SAAS,CAAC;AAClC;;AAEA;AACA;AACA;AACA;AACO,SAASC,eAAeA,CAACF,GAAW,EAAW;EACpD,OAAOA,GAAG,CAACC,UAAU,CAAC,iBAAiB,CAAC;AAC1C;;AAEA;AACA;AACA;AACA;AACO,SAASE,cAAcA,CAACH,GAAW,EAAW;EACnD,OAAOA,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC,IAAID,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC;AAC7F;;AAEA;AACA;AACA;AACA;AACO,SAASG,gBAAgBA,CAACJ,GAAW,EAAW;EACrD,OAAOA,GAAG,KAAK,8BAA8B,IAAIA,GAAG,KAAK,8BAA8B;AACzF"}
package/utils/refreshAccessToken/index.js CHANGED
@@ -44,7 +44,7 @@ async function refreshAccessToken(ctx) {
44
44
  logger.info('Failed to resolve session from cookie, going to refresh token');
45
45
  }
46
46
  }
47
- if ((0, _helpers.isOauthCallback)(url)) {
47
+ if ((0, _helpers.isOauthCallback)(url) || (0, _helpers.isSamlCallback)(url)) {
48
48
  /* Prevent refresh token due to oauth login callback */
49
49
  logger.debug(`abandon refreshToken for url='/oauth/callback'`);
50
50
  return null;
package/utils/refreshAccessToken/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_common","require","_config","_interopRequireDefault","_cookies","_helpers","_fronteggLogger","_encryption","_createSession","refreshAccessToken","ctx","logger","fronteggLogger","child","tag","info","pathname","nextJsRequest","req","nextJsResponse","res","url","debug","_response$headers","_response$headers$raw","_CookieManager$modify","_ctx$res","_data$accessToken","isRuntimeNextRequest","cookies","CookieManager","getSessionCookieFromRequest","session","createSession","encryption","isOauthCallback","response","config","isHostedLogin","refreshAccessTokenHostedLogin","refreshAccessTokenEmbedded","isSecured","isSSL","ok","removeCookies","cookieDomain","data","json","cookieHeader","headers","raw","call","newSetCookie","modifySetCookie","decodedJwt","refreshToken","createSessionFromAccessToken","cookieValue","create","value","expires","Date","exp","secure","push","setHeader","accessToken","access_token","user","e","error"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessToken/index.ts"],"sourcesContent":["import type { NextPageContext } from 'next/dist/shared/lib/utils';\nimport type { FronteggNextJSSession } from '../../types';\nimport { createSessionFromAccessToken } from '../../common';\nimport config from '../../config';\nimport CookieManager from '../cookies';\nimport {\n isOauthCallback,\n isRuntimeNextRequest,\n refreshAccessTokenEmbedded,\n refreshAccessTokenHostedLogin,\n} from './helpers';\nimport fronteggLogger from '../fronteggLogger';\nimport encryption from '../encryption';\nimport createSession from '../createSession';\n\n/**\n * Refreshes the access token for the current session.\n *\n * @param {NextPageContext} ctx - The Next.js Page Context object.\n * @returns {Promise<FronteggNextJSSession | null>} A Promise that resolves to the updated session object, or `null` if the refresh failed.\n */\nexport default async function refreshAccessToken(ctx: NextPageContext): Promise<FronteggNextJSSession | null> {\n const logger = fronteggLogger.child({ tag: 'refreshAccessToken' });\n logger.info(`Refreshing token by for PageContext ${ctx.pathname}`);\n const nextJsRequest = ctx.req;\n const nextJsResponse = ctx.res;\n const url = nextJsRequest?.url;\n if (!nextJsResponse || !nextJsRequest || !url) {\n logger.debug(`abandon refreshToken due to PageContext.req = null`);\n return null;\n }\n\n try {\n logger.info(`Check if should request made from first application load`);\n\n if (isRuntimeNextRequest(url)) {\n logger.debug(`Detect runtime next.js request, resolving existing session from cookies if exists`);\n\n const cookies = CookieManager.getSessionCookieFromRequest(nextJsRequest);\n const session = await createSession(cookies, encryption);\n\n if (session) {\n logger.debug(`session resolved from session cookie`);\n return session;\n } else {\n logger.info('Failed to resolve session from cookie, going to refresh token');\n }\n }\n\n if (isOauthCallback(url)) {\n /* Prevent refresh token due to oauth login callback */\n logger.debug(`abandon refreshToken for url='/oauth/callback'`);\n return null;\n }\n\n let response: Response | null;\n if (config.isHostedLogin) {\n response = await refreshAccessTokenHostedLogin(nextJsRequest);\n } else {\n response = await refreshAccessTokenEmbedded(nextJsRequest);\n }\n\n const isSecured = config.isSSL;\n if (response === null || !response.ok) {\n CookieManager.removeCookies({\n cookieDomain: config.cookieDomain,\n isSecured,\n req: nextJsRequest,\n res: nextJsResponse,\n });\n return null;\n }\n\n const data = await response.json();\n\n // @ts-ignore\n const cookieHeader = response.headers?.raw?.()['set-cookie'];\n const newSetCookie = CookieManager.modifySetCookie(cookieHeader, isSecured) ?? [];\n const [session, decodedJwt, refreshToken] = await createSessionFromAccessToken(data);\n\n if (!session) {\n return null;\n }\n const cookieValue = CookieManager.create({\n value: session,\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n });\n newSetCookie.push(...cookieValue);\n ctx.res?.setHeader('set-cookie', newSetCookie);\n\n return {\n accessToken: data.accessToken ?? data.access_token,\n user: decodedJwt,\n refreshToken,\n };\n } catch (e) {\n logger.error('[refreshToken] Failed to create session e', e);\n return null;\n }\n}\n"],"mappings":";;;;;;;AAEA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,QAAA,GAAAD,sBAAA,CAAAF,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AAMA,IAAAK,eAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,WAAA,GAAAJ,sBAAA,CAAAF,OAAA;AACA,IAAAO,cAAA,GAAAL,sBAAA,CAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACe,eAAeQ,kBAAkBA,CAACC,GAAoB,EAAyC;EAC5G,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAAqB,CAAC,CAAC;EAClEH,MAAM,CAACI,IAAI,CAAE,uCAAsCL,GAAG,CAACM,QAAS,EAAC,CAAC;EAClE,MAAMC,aAAa,GAAGP,GAAG,CAACQ,GAAG;EAC7B,MAAMC,cAAc,GAAGT,GAAG,CAACU,GAAG;EAC9B,MAAMC,GAAG,GAAGJ,aAAa,oBAAbA,aAAa,CAAEI,GAAG;EAC9B,IAAI,CAACF,cAAc,IAAI,CAACF,aAAa,IAAI,CAACI,GAAG,EAAE;IAC7CV,MAAM,CAACW,KAAK,CAAE,oDAAmD,CAAC;IAClE,OAAO,IAAI;EACb;EAEA,IAAI;IAAA,IAAAC,iBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,QAAA,EAAAC,iBAAA;IACFhB,MAAM,CAACI,IAAI,CAAE,0DAAyD,CAAC;IAEvE,IAAI,IAAAa,6BAAoB,EAACP,GAAG,CAAC,EAAE;MAC7BV,MAAM,CAACW,KAAK,CAAE,mFAAkF,CAAC;MAEjG,MAAMO,OAAO,GAAGC,gBAAa,CAACC,2BAA2B,CAACd,aAAa,CAAC;MACxE,MAAMe,OAAO,GAAG,MAAM,IAAAC,sBAAa,EAACJ,OAAO,EAAEK,mBAAU,CAAC;MAExD,IAAIF,OAAO,EAAE;QACXrB,MAAM,CAACW,KAAK,CAAE,sCAAqC,CAAC;QACpD,OAAOU,OAAO;MAChB,CAAC,MAAM;QACLrB,MAAM,CAACI,IAAI,CAAC,+DAA+D,CAAC;MAC9E;IACF;IAEA,IAAI,IAAAoB,wBAAe,EAACd,GAAG,CAAC,EAAE;MACxB;MACAV,MAAM,CAACW,KAAK,CAAE,gDAA+C,CAAC;MAC9D,OAAO,IAAI;IACb;IAEA,IAAIc,QAAyB;IAC7B,IAAIC,eAAM,CAACC,aAAa,EAAE;MACxBF,QAAQ,GAAG,MAAM,IAAAG,sCAA6B,EAACtB,aAAa,CAAC;IAC/D,CAAC,MAAM;MACLmB,QAAQ,GAAG,MAAM,IAAAI,mCAA0B,EAACvB,aAAa,CAAC;IAC5D;IAEA,MAAMwB,SAAS,GAAGJ,eAAM,CAACK,KAAK;IAC9B,IAAIN,QAAQ,KAAK,IAAI,IAAI,CAACA,QAAQ,CAACO,EAAE,EAAE;MACrCb,gBAAa,CAACc,aAAa,CAAC;QAC1BC,YAAY,EAAER,eAAM,CAACQ,YAAY;QACjCJ,SAAS;QACTvB,GAAG,EAAED,aAAa;QAClBG,GAAG,EAAED;MACP,CAAC,CAAC;MACF,OAAO,IAAI;IACb;IAEA,MAAM2B,IAAI,GAAG,MAAMV,QAAQ,CAACW,IAAI,EAAE;;IAElC;IACA,MAAMC,YAAY,IAAAzB,iBAAA,GAAGa,QAAQ,CAACa,OAAO,sBAAAzB,qBAAA,GAAhBD,iBAAA,CAAkB2B,GAAG,qBAArB1B,qBAAA,CAAA2B,IAAA,CAAA5B,iBAAA,CAAyB,CAAC,YAAY,CAAC;IAC5D,MAAM6B,YAAY,IAAA3B,qBAAA,GAAGK,gBAAa,CAACuB,eAAe,CAACL,YAAY,EAAEP,SAAS,CAAC,YAAAhB,qBAAA,GAAI,EAAE;IACjF,MAAM,CAACO,OAAO,EAAEsB,UAAU,EAAEC,YAAY,CAAC,GAAG,MAAM,IAAAC,oCAA4B,EAACV,IAAI,CAAC;IAEpF,IAAI,CAACd,OAAO,EAAE;MACZ,OAAO,IAAI;IACb;IACA,MAAMyB,WAAW,GAAG3B,gBAAa,CAAC4B,MAAM,CAAC;MACvCC,KAAK,EAAE3B,OAAO;MACd4B,OAAO,EAAE,IAAIC,IAAI,CAACP,UAAU,CAACQ,GAAG,GAAG,IAAI,CAAC;MACxCC,MAAM,EAAEtB;IACV,CAAC,CAAC;IACFW,YAAY,CAACY,IAAI,CAAC,GAAGP,WAAW,CAAC;IACjC,CAAA/B,QAAA,GAAAhB,GAAG,CAACU,GAAG,qBAAPM,QAAA,CAASuC,SAAS,CAAC,YAAY,EAAEb,YAAY,CAAC;IAE9C,OAAO;MACLc,WAAW,GAAAvC,iBAAA,GAAEmB,IAAI,CAACoB,WAAW,YAAAvC,iBAAA,GAAImB,IAAI,CAACqB,YAAY;MAClDC,IAAI,EAAEd,UAAU;MAChBC;IACF,CAAC;EACH,CAAC,CAAC,OAAOc,CAAC,EAAE;IACV1D,MAAM,CAAC2D,KAAK,CAAC,2CAA2C,EAAED,CAAC,CAAC;IAC5D,OAAO,IAAI;EACb;AACF"}
1
+ {"version":3,"file":"index.js","names":["_common","require","_config","_interopRequireDefault","_cookies","_helpers","_fronteggLogger","_encryption","_createSession","refreshAccessToken","ctx","logger","fronteggLogger","child","tag","info","pathname","nextJsRequest","req","nextJsResponse","res","url","debug","_response$headers","_response$headers$raw","_CookieManager$modify","_ctx$res","_data$accessToken","isRuntimeNextRequest","cookies","CookieManager","getSessionCookieFromRequest","session","createSession","encryption","isOauthCallback","isSamlCallback","response","config","isHostedLogin","refreshAccessTokenHostedLogin","refreshAccessTokenEmbedded","isSecured","isSSL","ok","removeCookies","cookieDomain","data","json","cookieHeader","headers","raw","call","newSetCookie","modifySetCookie","decodedJwt","refreshToken","createSessionFromAccessToken","cookieValue","create","value","expires","Date","exp","secure","push","setHeader","accessToken","access_token","user","e","error"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessToken/index.ts"],"sourcesContent":["import type { NextPageContext } from 'next/dist/shared/lib/utils';\nimport type { FronteggNextJSSession } from '../../types';\nimport { createSessionFromAccessToken } from '../../common';\nimport config from '../../config';\nimport CookieManager from '../cookies';\nimport {\n isOauthCallback,\n isRuntimeNextRequest,\n isSamlCallback,\n refreshAccessTokenEmbedded,\n refreshAccessTokenHostedLogin,\n} from './helpers';\nimport fronteggLogger from '../fronteggLogger';\nimport encryption from '../encryption';\nimport createSession from '../createSession';\n\n/**\n * Refreshes the access token for the current session.\n *\n * @param {NextPageContext} ctx - The Next.js Page Context object.\n * @returns {Promise<FronteggNextJSSession | null>} A Promise that resolves to the updated session object, or `null` if the refresh failed.\n */\nexport default async function refreshAccessToken(ctx: NextPageContext): Promise<FronteggNextJSSession | null> {\n const logger = fronteggLogger.child({ tag: 'refreshAccessToken' });\n logger.info(`Refreshing token by for PageContext ${ctx.pathname}`);\n const nextJsRequest = ctx.req;\n const nextJsResponse = ctx.res;\n const url = nextJsRequest?.url;\n if (!nextJsResponse || !nextJsRequest || !url) {\n logger.debug(`abandon refreshToken due to PageContext.req = null`);\n return null;\n }\n\n try {\n logger.info(`Check if should request made from first application load`);\n\n if (isRuntimeNextRequest(url)) {\n logger.debug(`Detect runtime next.js request, resolving existing session from cookies if exists`);\n\n const cookies = CookieManager.getSessionCookieFromRequest(nextJsRequest);\n const session = await createSession(cookies, encryption);\n\n if (session) {\n logger.debug(`session resolved from session cookie`);\n return session;\n } else {\n logger.info('Failed to resolve session from cookie, going to refresh token');\n }\n }\n\n if (isOauthCallback(url) || isSamlCallback(url)) {\n /* Prevent refresh token due to oauth login callback */\n logger.debug(`abandon refreshToken for url='/oauth/callback'`);\n return null;\n }\n\n let response: Response | null;\n if (config.isHostedLogin) {\n response = await refreshAccessTokenHostedLogin(nextJsRequest);\n } else {\n response = await refreshAccessTokenEmbedded(nextJsRequest);\n }\n\n const isSecured = config.isSSL;\n if (response === null || !response.ok) {\n CookieManager.removeCookies({\n cookieDomain: config.cookieDomain,\n isSecured,\n req: nextJsRequest,\n res: nextJsResponse,\n });\n return null;\n }\n\n const data = await response.json();\n\n // @ts-ignore\n const cookieHeader = response.headers?.raw?.()['set-cookie'];\n const newSetCookie = CookieManager.modifySetCookie(cookieHeader, isSecured) ?? [];\n\n const [session, decodedJwt, refreshToken] = await createSessionFromAccessToken(data);\n\n if (!session) {\n return null;\n }\n const cookieValue = CookieManager.create({\n value: session,\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n });\n newSetCookie.push(...cookieValue);\n ctx.res?.setHeader('set-cookie', newSetCookie);\n\n return {\n accessToken: data.accessToken ?? data.access_token,\n user: decodedJwt,\n refreshToken,\n };\n } catch (e) {\n logger.error('[refreshToken] Failed to create session e', e);\n return null;\n }\n}\n"],"mappings":";;;;;;;AAEA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,QAAA,GAAAD,sBAAA,CAAAF,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AAOA,IAAAK,eAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,WAAA,GAAAJ,sBAAA,CAAAF,OAAA;AACA,IAAAO,cAAA,GAAAL,sBAAA,CAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACe,eAAeQ,kBAAkBA,CAACC,GAAoB,EAAyC;EAC5G,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAAqB,CAAC,CAAC;EAClEH,MAAM,CAACI,IAAI,CAAE,uCAAsCL,GAAG,CAACM,QAAS,EAAC,CAAC;EAClE,MAAMC,aAAa,GAAGP,GAAG,CAACQ,GAAG;EAC7B,MAAMC,cAAc,GAAGT,GAAG,CAACU,GAAG;EAC9B,MAAMC,GAAG,GAAGJ,aAAa,oBAAbA,aAAa,CAAEI,GAAG;EAC9B,IAAI,CAACF,cAAc,IAAI,CAACF,aAAa,IAAI,CAACI,GAAG,EAAE;IAC7CV,MAAM,CAACW,KAAK,CAAE,oDAAmD,CAAC;IAClE,OAAO,IAAI;EACb;EAEA,IAAI;IAAA,IAAAC,iBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,QAAA,EAAAC,iBAAA;IACFhB,MAAM,CAACI,IAAI,CAAE,0DAAyD,CAAC;IAEvE,IAAI,IAAAa,6BAAoB,EAACP,GAAG,CAAC,EAAE;MAC7BV,MAAM,CAACW,KAAK,CAAE,mFAAkF,CAAC;MAEjG,MAAMO,OAAO,GAAGC,gBAAa,CAACC,2BAA2B,CAACd,aAAa,CAAC;MACxE,MAAMe,OAAO,GAAG,MAAM,IAAAC,sBAAa,EAACJ,OAAO,EAAEK,mBAAU,CAAC;MAExD,IAAIF,OAAO,EAAE;QACXrB,MAAM,CAACW,KAAK,CAAE,sCAAqC,CAAC;QACpD,OAAOU,OAAO;MAChB,CAAC,MAAM;QACLrB,MAAM,CAACI,IAAI,CAAC,+DAA+D,CAAC;MAC9E;IACF;IAEA,IAAI,IAAAoB,wBAAe,EAACd,GAAG,CAAC,IAAI,IAAAe,uBAAc,EAACf,GAAG,CAAC,EAAE;MAC/C;MACAV,MAAM,CAACW,KAAK,CAAE,gDAA+C,CAAC;MAC9D,OAAO,IAAI;IACb;IAEA,IAAIe,QAAyB;IAC7B,IAAIC,eAAM,CAACC,aAAa,EAAE;MACxBF,QAAQ,GAAG,MAAM,IAAAG,sCAA6B,EAACvB,aAAa,CAAC;IAC/D,CAAC,MAAM;MACLoB,QAAQ,GAAG,MAAM,IAAAI,mCAA0B,EAACxB,aAAa,CAAC;IAC5D;IAEA,MAAMyB,SAAS,GAAGJ,eAAM,CAACK,KAAK;IAC9B,IAAIN,QAAQ,KAAK,IAAI,IAAI,CAACA,QAAQ,CAACO,EAAE,EAAE;MACrCd,gBAAa,CAACe,aAAa,CAAC;QAC1BC,YAAY,EAAER,eAAM,CAACQ,YAAY;QACjCJ,SAAS;QACTxB,GAAG,EAAED,aAAa;QAClBG,GAAG,EAAED;MACP,CAAC,CAAC;MACF,OAAO,IAAI;IACb;IAEA,MAAM4B,IAAI,GAAG,MAAMV,QAAQ,CAACW,IAAI,EAAE;;IAElC;IACA,MAAMC,YAAY,IAAA1B,iBAAA,GAAGc,QAAQ,CAACa,OAAO,sBAAA1B,qBAAA,GAAhBD,iBAAA,CAAkB4B,GAAG,qBAArB3B,qBAAA,CAAA4B,IAAA,CAAA7B,iBAAA,CAAyB,CAAC,YAAY,CAAC;IAC5D,MAAM8B,YAAY,IAAA5B,qBAAA,GAAGK,gBAAa,CAACwB,eAAe,CAACL,YAAY,EAAEP,SAAS,CAAC,YAAAjB,qBAAA,GAAI,EAAE;IAEjF,MAAM,CAACO,OAAO,EAAEuB,UAAU,EAAEC,YAAY,CAAC,GAAG,MAAM,IAAAC,oCAA4B,EAACV,IAAI,CAAC;IAEpF,IAAI,CAACf,OAAO,EAAE;MACZ,OAAO,IAAI;IACb;IACA,MAAM0B,WAAW,GAAG5B,gBAAa,CAAC6B,MAAM,CAAC;MACvCC,KAAK,EAAE5B,OAAO;MACd6B,OAAO,EAAE,IAAIC,IAAI,CAACP,UAAU,CAACQ,GAAG,GAAG,IAAI,CAAC;MACxCC,MAAM,EAAEtB;IACV,CAAC,CAAC;IACFW,YAAY,CAACY,IAAI,CAAC,GAAGP,WAAW,CAAC;IACjC,CAAAhC,QAAA,GAAAhB,GAAG,CAACU,GAAG,qBAAPM,QAAA,CAASwC,SAAS,CAAC,YAAY,EAAEb,YAAY,CAAC;IAE9C,OAAO;MACLc,WAAW,GAAAxC,iBAAA,GAAEoB,IAAI,CAACoB,WAAW,YAAAxC,iBAAA,GAAIoB,IAAI,CAACqB,YAAY;MAClDC,IAAI,EAAEd,UAAU;MAChBC;IACF,CAAC;EACH,CAAC,CAAC,OAAOc,CAAC,EAAE;IACV3D,MAAM,CAAC4D,KAAK,CAAC,2CAA2C,EAAED,CAAC,CAAC;IAC5D,OAAO,IAAI;EACb;AACF"}