@frontegg/nextjs 9.0.2 → 9.0.3-alpha.11272932408
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +1 -1
- package/middleware/ProxyRequestCallback.js +5 -0
- package/middleware/ProxyRequestCallback.js.map +1 -1
- package/package.json +1 -1
- package/sdkVersion.js +1 -1
- package/sdkVersion.js.map +1 -1
- package/utils/refreshAccessTokenIfNeeded/helpers.d.ts +6 -0
- package/utils/refreshAccessTokenIfNeeded/helpers.js +12 -0
- package/utils/refreshAccessTokenIfNeeded/helpers.js.map +1 -1
package/index.js
CHANGED
|
@@ -10,6 +10,7 @@ var _sdkVersion = _interopRequireDefault(require("../sdkVersion"));
|
|
|
10
10
|
var _config = _interopRequireDefault(require("../config"));
|
|
11
11
|
var _cookies = _interopRequireDefault(require("../utils/cookies"));
|
|
12
12
|
var _fronteggLogger = _interopRequireDefault(require("../utils/fronteggLogger"));
|
|
13
|
+
var _helpers = require("../utils/refreshAccessTokenIfNeeded/helpers");
|
|
13
14
|
const logger = _fronteggLogger.default.child({
|
|
14
15
|
tag: 'FronteggApiMiddleware.ProxyRequestCallback'
|
|
15
16
|
});
|
|
@@ -49,6 +50,10 @@ const ProxyRequestCallback = (proxyReq, req) => {
|
|
|
49
50
|
if (cfConnectionIp) {
|
|
50
51
|
proxyReq.setHeader('cf-connecting-ip', cfConnectionIp);
|
|
51
52
|
}
|
|
53
|
+
if ((0, _helpers.isRefreshTokenRequest)(req.url)) {
|
|
54
|
+
logger.debug(`${req.url} | removing Authorization header`);
|
|
55
|
+
proxyReq.removeHeader('authorization');
|
|
56
|
+
}
|
|
52
57
|
['x-invoke-path', 'x-invoke-query', 'x-middleware-invoke', 'x-middleware-next', 'transfer-encoding', 'cache-control'].map(header => proxyReq.removeHeader(header));
|
|
53
58
|
logger.debug(`${req.url} | check if request has body`);
|
|
54
59
|
if (req.method !== 'GET' && req.body) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ProxyRequestCallback.js","names":["_package","_interopRequireDefault","require","_sdkVersion","_config","_cookies","_fronteggLogger","logger","fronteggLogger","child","tag","ProxyRequestCallback","proxyReq","req","_req$headers$xFronte","_req$headers$xFronte2","info","url","debug","allCookies","CookieManager","parseCookieHeader","fronteggCookiesNames","Object","keys","filter","cookieName","startsWith","config","join","forEach","setHeader","headers","NextJsPkg","version","sdkVersion","xForwardedFor","xOriginalForwardedFor","cfConnectionIp","
|
|
1
|
+
{"version":3,"file":"ProxyRequestCallback.js","names":["_package","_interopRequireDefault","require","_sdkVersion","_config","_cookies","_fronteggLogger","_helpers","logger","fronteggLogger","child","tag","ProxyRequestCallback","proxyReq","req","_req$headers$xFronte","_req$headers$xFronte2","info","url","debug","allCookies","CookieManager","parseCookieHeader","fronteggCookiesNames","Object","keys","filter","cookieName","startsWith","config","join","forEach","setHeader","headers","NextJsPkg","version","sdkVersion","xForwardedFor","xOriginalForwardedFor","cfConnectionIp","isRefreshTokenRequest","removeHeader","map","header","method","body","bodyData","JSON","stringify","Buffer","byteLength","write","e","error","_default","exports","default"],"sources":["../../../../packages/nextjs/src/middleware/ProxyRequestCallback.ts"],"sourcesContent":["import NextJsPkg from 'next/package.json';\nimport { ProxyReqCallback } from 'http-proxy';\nimport { ClientRequest } from 'http';\nimport { NextApiRequest } from 'next';\nimport sdkVersion from '../sdkVersion';\nimport config from '../config';\nimport CookieManager from '../utils/cookies';\nimport fronteggLogger from '../utils/fronteggLogger';\nimport { isRefreshTokenRequest } from '../utils/refreshAccessTokenIfNeeded/helpers';\n\nconst logger = fronteggLogger.child({ tag: 'FronteggApiMiddleware.ProxyRequestCallback' });\n/**\n * Proxy request callback fired on before each request to Frontegg services,\n * to transport frontegg cookies.\n *\n * @param {ClientRequest} proxyReq - Proxy request to be sent\n * @param {NextApiRequest} req - Next.js incoming request\n */\nconst ProxyRequestCallback: ProxyReqCallback<ClientRequest, NextApiRequest> = (proxyReq, req) => {\n try {\n logger.info(`${req.url} | Going to proxy request`);\n logger.debug(`${req.url} | parsing request cookies`);\n const allCookies = CookieManager.parseCookieHeader(req);\n logger.debug(`${req.url} | found ${allCookies} cookies`);\n const fronteggCookiesNames = Object.keys(allCookies).filter((cookieName) => {\n return cookieName.startsWith('fe_') && !cookieName.startsWith(config.cookieName);\n });\n\n logger.debug(`${req.url} | proxy FronteggCookies (${fronteggCookiesNames.join(', ')})`);\n fronteggCookiesNames.forEach((cookieName: string) => {\n proxyReq.setHeader(cookieName, allCookies[cookieName]);\n });\n\n proxyReq.setHeader('x-frontegg-framework', req.headers['x-frontegg-framework'] ?? `next@${NextJsPkg.version}`);\n proxyReq.setHeader('x-frontegg-sdk', req.headers['x-frontegg-sdk'] ?? `@frontegg/nextjs@${sdkVersion.version}`);\n proxyReq.setHeader('x-frontegg-middleware', 'true');\n\n const xForwardedFor = req.headers['x-forwarded-for'];\n const xOriginalForwardedFor = req.headers['x-original-forwarded-for'];\n const cfConnectionIp = req.headers['cf-connecting-ip'];\n\n if (xForwardedFor) {\n proxyReq.setHeader('x-forwarded-for', xForwardedFor);\n }\n if (xOriginalForwardedFor) {\n proxyReq.setHeader('x-original-forwarded-for', xOriginalForwardedFor);\n }\n if (cfConnectionIp) {\n proxyReq.setHeader('cf-connecting-ip', cfConnectionIp);\n }\n\n if (isRefreshTokenRequest(req.url!)) {\n logger.debug(`${req.url} | removing Authorization header`);\n proxyReq.removeHeader('authorization');\n }\n\n [\n 'x-invoke-path',\n 'x-invoke-query',\n 'x-middleware-invoke',\n 'x-middleware-next',\n 'transfer-encoding',\n 'cache-control',\n ].map((header) => proxyReq.removeHeader(header));\n\n logger.debug(`${req.url} | check if request has body`);\n if (req.method !== 'GET' && req.body) {\n logger.debug(`${req.url} | writing request body to proxyReq`);\n const bodyData = JSON.stringify(req.body);\n // in case if content-type is application/x-www-form-urlencoded -> we need to change to application/json\n proxyReq.setHeader('Content-Type', 'application/json');\n proxyReq.setHeader('Content-Length', Buffer.byteLength(bodyData));\n // stream the content\n proxyReq.write(bodyData);\n }\n } catch (e) {\n logger.error(`${req.url} | Failed to proxy request`, e);\n }\n};\n\nexport default ProxyRequestCallback;\n"],"mappings":";;;;;;;AAAA,IAAAA,QAAA,GAAAC,sBAAA,CAAAC,OAAA;AAIA,IAAAC,WAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,QAAA,GAAAJ,sBAAA,CAAAC,OAAA;AACA,IAAAI,eAAA,GAAAL,sBAAA,CAAAC,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;EAAEC,GAAG,EAAE;AAA6C,CAAC,CAAC;AAC1F;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,oBAAqE,GAAGA,CAACC,QAAQ,EAAEC,GAAG,KAAK;EAC/F,IAAI;IAAA,IAAAC,oBAAA,EAAAC,qBAAA;IACFR,MAAM,CAACS,IAAI,CAAE,GAAEH,GAAG,CAACI,GAAI,2BAA0B,CAAC;IAClDV,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,4BAA2B,CAAC;IACpD,MAAME,UAAU,GAAGC,gBAAa,CAACC,iBAAiB,CAACR,GAAG,CAAC;IACvDN,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,YAAWE,UAAW,UAAS,CAAC;IACxD,MAAMG,oBAAoB,GAAGC,MAAM,CAACC,IAAI,CAACL,UAAU,CAAC,CAACM,MAAM,CAAEC,UAAU,IAAK;MAC1E,OAAOA,UAAU,CAACC,UAAU,CAAC,KAAK,CAAC,IAAI,CAACD,UAAU,CAACC,UAAU,CAACC,eAAM,CAACF,UAAU,CAAC;IAClF,CAAC,CAAC;IAEFnB,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,6BAA4BK,oBAAoB,CAACO,IAAI,CAAC,IAAI,CAAE,GAAE,CAAC;IACvFP,oBAAoB,CAACQ,OAAO,CAAEJ,UAAkB,IAAK;MACnDd,QAAQ,CAACmB,SAAS,CAACL,UAAU,EAAEP,UAAU,CAACO,UAAU,CAAC,CAAC;IACxD,CAAC,CAAC;IAEFd,QAAQ,CAACmB,SAAS,CAAC,sBAAsB,GAAAjB,oBAAA,GAAED,GAAG,CAACmB,OAAO,CAAC,sBAAsB,CAAC,YAAAlB,oBAAA,GAAK,QAAOmB,gBAAS,CAACC,OAAQ,EAAC,CAAC;IAC9GtB,QAAQ,CAACmB,SAAS,CAAC,gBAAgB,GAAAhB,qBAAA,GAAEF,GAAG,CAACmB,OAAO,CAAC,gBAAgB,CAAC,YAAAjB,qBAAA,GAAK,oBAAmBoB,mBAAU,CAACD,OAAQ,EAAC,CAAC;IAC/GtB,QAAQ,CAACmB,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC;IAEnD,MAAMK,aAAa,GAAGvB,GAAG,CAACmB,OAAO,CAAC,iBAAiB,CAAC;IACpD,MAAMK,qBAAqB,GAAGxB,GAAG,CAACmB,OAAO,CAAC,0BAA0B,CAAC;IACrE,MAAMM,cAAc,GAAGzB,GAAG,CAACmB,OAAO,CAAC,kBAAkB,CAAC;IAEtD,IAAII,aAAa,EAAE;MACjBxB,QAAQ,CAACmB,SAAS,CAAC,iBAAiB,EAAEK,aAAa,CAAC;IACtD;IACA,IAAIC,qBAAqB,EAAE;MACzBzB,QAAQ,CAACmB,SAAS,CAAC,0BAA0B,EAAEM,qBAAqB,CAAC;IACvE;IACA,IAAIC,cAAc,EAAE;MAClB1B,QAAQ,CAACmB,SAAS,CAAC,kBAAkB,EAAEO,cAAc,CAAC;IACxD;IAEA,IAAI,IAAAC,8BAAqB,EAAC1B,GAAG,CAACI,GAAG,CAAE,EAAE;MACnCV,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,kCAAiC,CAAC;MAC1DL,QAAQ,CAAC4B,YAAY,CAAC,eAAe,CAAC;IACxC;IAEA,CACE,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,CAChB,CAACC,GAAG,CAAEC,MAAM,IAAK9B,QAAQ,CAAC4B,YAAY,CAACE,MAAM,CAAC,CAAC;IAEhDnC,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,8BAA6B,CAAC;IACtD,IAAIJ,GAAG,CAAC8B,MAAM,KAAK,KAAK,IAAI9B,GAAG,CAAC+B,IAAI,EAAE;MACpCrC,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,qCAAoC,CAAC;MAC7D,MAAM4B,QAAQ,GAAGC,IAAI,CAACC,SAAS,CAAClC,GAAG,CAAC+B,IAAI,CAAC;MACzC;MACAhC,QAAQ,CAACmB,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC;MACtDnB,QAAQ,CAACmB,SAAS,CAAC,gBAAgB,EAAEiB,MAAM,CAACC,UAAU,CAACJ,QAAQ,CAAC,CAAC;MACjE;MACAjC,QAAQ,CAACsC,KAAK,CAACL,QAAQ,CAAC;IAC1B;EACF,CAAC,CAAC,OAAOM,CAAC,EAAE;IACV5C,MAAM,CAAC6C,KAAK,CAAE,GAAEvC,GAAG,CAACI,GAAI,4BAA2B,EAAEkC,CAAC,CAAC;EACzD;AACF,CAAC;AAAC,IAAAE,QAAA,GAEa1C,oBAAoB;AAAA2C,OAAA,CAAAC,OAAA,GAAAF,QAAA"}
|
package/package.json
CHANGED
package/sdkVersion.js
CHANGED
package/sdkVersion.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sdkVersion.js","names":["version","exports","default","_default"],"sources":["../../../packages/nextjs/src/sdkVersion.ts"],"sourcesContent":["export default { version: '9.0.
|
|
1
|
+
{"version":3,"file":"sdkVersion.js","names":["version","exports","default","_default"],"sources":["../../../packages/nextjs/src/sdkVersion.ts"],"sourcesContent":["export default { version: '9.0.3-alpha.11272932408' };\n"],"mappings":";;;;;;eAAe;EAAEA,OAAO,EAAE;AAA0B,CAAC;AAAAC,OAAA,CAAAC,OAAA,GAAAC,QAAA"}
|
|
@@ -24,3 +24,9 @@ export declare function isSamlCallback(url: string): boolean;
|
|
|
24
24
|
* is posting an http request to the nextjs backend middleware after successfully logged in the user
|
|
25
25
|
*/
|
|
26
26
|
export declare function isSSOPostRequest(url: string): boolean;
|
|
27
|
+
/**
|
|
28
|
+
* Checks if the request URL is a refresh token request.
|
|
29
|
+
* This is used to determine if the current request is targeting
|
|
30
|
+
* one of the predefined refresh token URLs (embedded or hosted modes).
|
|
31
|
+
*/
|
|
32
|
+
export declare function isRefreshTokenRequest(url: string): boolean;
|
|
@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
6
6
|
});
|
|
7
7
|
exports.hasRefreshTokenCookie = hasRefreshTokenCookie;
|
|
8
8
|
exports.isOauthCallback = isOauthCallback;
|
|
9
|
+
exports.isRefreshTokenRequest = isRefreshTokenRequest;
|
|
9
10
|
exports.isRuntimeNextRequest = isRuntimeNextRequest;
|
|
10
11
|
exports.isSSOPostRequest = isSSOPostRequest;
|
|
11
12
|
exports.isSamlCallback = isSamlCallback;
|
|
@@ -16,6 +17,7 @@ var _cookies = _interopRequireDefault(require("../cookies"));
|
|
|
16
17
|
var _api = _interopRequireDefault(require("../../api"));
|
|
17
18
|
var _common = require("../../common");
|
|
18
19
|
var _config = _interopRequireDefault(require("../../config"));
|
|
20
|
+
var _urls = require("../../api/urls");
|
|
19
21
|
function hasRefreshTokenCookie(cookies) {
|
|
20
22
|
const logger = _fronteggLogger.default.child({
|
|
21
23
|
tag: 'refreshToken.hasRefreshTokenCookie'
|
|
@@ -103,4 +105,14 @@ function isSamlCallback(url) {
|
|
|
103
105
|
function isSSOPostRequest(url) {
|
|
104
106
|
return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';
|
|
105
107
|
}
|
|
108
|
+
|
|
109
|
+
/**
|
|
110
|
+
* Checks if the request URL is a refresh token request.
|
|
111
|
+
* This is used to determine if the current request is targeting
|
|
112
|
+
* one of the predefined refresh token URLs (embedded or hosted modes).
|
|
113
|
+
*/
|
|
114
|
+
function isRefreshTokenRequest(url) {
|
|
115
|
+
const refreshTokenUrls = [_urls.ApiUrls.refreshToken.embedded, _urls.ApiUrls.refreshToken.hosted];
|
|
116
|
+
return refreshTokenUrls.includes(url);
|
|
117
|
+
}
|
|
106
118
|
//# sourceMappingURL=helpers.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"helpers.js","names":["_fronteggLogger","_interopRequireDefault","require","_cookies","_api","_common","_config","hasRefreshTokenCookie","cookies","logger","fronteggLogger","child","tag","refreshTokenKey","CookieManager","debug","cookieKey","Object","keys","find","cookie","replace","exists","refreshAccessTokenEmbedded","request","headers","info","api","refreshTokenEmbedded","refreshAccessTokenHostedLogin","sealFromCookies","getSessionCookieFromRequest","tokens","getTokensFromCookie","refreshToken","config","secureJwtEnabled","clientId","clientSecret","refreshTokenHostedLogin","e","error","isRuntimeNextRequest","url","startsWith","isOauthCallback","isSamlCallback","isSSOPostRequest"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessTokenIfNeeded/helpers.ts"],"sourcesContent":["import fronteggLogger from '../fronteggLogger';\nimport CookieManager from '../cookies';\nimport { NextApiRequest } from 'next/dist/shared/lib/utils';\nimport api from '../../api';\nimport { getTokensFromCookie } from '../../common';\nimport { IncomingMessage } from 'http';\nimport config from '../../config';\n\nexport function hasRefreshTokenCookie(cookies: Record<string, any>): boolean {\n const logger = fronteggLogger.child({ tag: 'refreshToken.hasRefreshTokenCookie' });\n const refreshTokenKey = CookieManager.refreshTokenKey;\n logger.debug(`Checking if '${refreshTokenKey}' exists in cookies`);\n const cookieKey = Object.keys(cookies).find((cookie) => {\n return cookie.replace(/-/g, '') === refreshTokenKey;\n });\n const exists: boolean = cookieKey != null;\n logger.debug(`Cookie '${refreshTokenKey}' ${exists ? 'exists' : 'NOT exists'} in cookies`);\n return exists;\n}\n\nexport async function refreshAccessTokenEmbedded(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenEmbedded' });\n\n const headers = request.headers as Record<string, string>;\n const cookies = (request as NextApiRequest).cookies;\n\n logger.info('check if has refresh token headers');\n if (hasRefreshTokenCookie(cookies)) {\n logger.info('going to refresh token (embedded mode)');\n return await api.refreshTokenEmbedded(headers);\n }\n return null;\n}\n\nexport async function refreshAccessTokenHostedLogin(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenHostedLogin' });\n const headers = request.headers as Record<string, string>;\n\n logger.info('trying to get token from cookies');\n\n const sealFromCookies = CookieManager.getSessionCookieFromRequest(request);\n try {\n const tokens = await getTokensFromCookie(sealFromCookies);\n if (!tokens?.refreshToken) {\n logger.info('refresh token not found');\n return null;\n }\n\n if (config.secureJwtEnabled) {\n const clientId = config.clientId;\n const clientSecret = config.clientSecret;\n\n logger.info('going to refresh token (hosted-login mode) (secure-jwt mode)');\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken, clientId, clientSecret);\n } else {\n logger.info('going to refresh token (hosted-login mode) ', tokens.refreshToken);\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken);\n }\n } catch (e) {\n logger.error(e);\n return null;\n }\n}\n\n/**\n * If url starts with /_next/ means that the user trying to navigate\n * to a new nextjs page, in this scenario no need to refresh token\n * we can just return the actual stateless session from\n * the encrypted cookie\n */\nexport function isRuntimeNextRequest(url: string): boolean {\n return url.startsWith('/_next/');\n}\n\n/**\n * If url starts with '/oauth/callback' means that the user navigated back\n * from frontegg hosted login, in this scenario no need to SSR refresh token\n */\nexport function isOauthCallback(url: string): boolean {\n return url.startsWith('/oauth/callback');\n}\n\n/**\n * If url starts with '/account/saml/callback' means that the user navigated back\n * from sso login, in this scenario no need to SSR refresh token\n */\nexport function isSamlCallback(url: string): boolean {\n return url.startsWith('/account/saml/callback') || url.startsWith('/account/oidc/callback');\n}\n\n/**\n * If the url equals to '/frontegg/auth/{provider}/callback', it means that the SSO provider\n * is posting an http request to the nextjs backend middleware after successfully logged in the user\n */\nexport function isSSOPostRequest(url: string): boolean {\n return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';\n}\n"],"mappings":"
|
|
1
|
+
{"version":3,"file":"helpers.js","names":["_fronteggLogger","_interopRequireDefault","require","_cookies","_api","_common","_config","_urls","hasRefreshTokenCookie","cookies","logger","fronteggLogger","child","tag","refreshTokenKey","CookieManager","debug","cookieKey","Object","keys","find","cookie","replace","exists","refreshAccessTokenEmbedded","request","headers","info","api","refreshTokenEmbedded","refreshAccessTokenHostedLogin","sealFromCookies","getSessionCookieFromRequest","tokens","getTokensFromCookie","refreshToken","config","secureJwtEnabled","clientId","clientSecret","refreshTokenHostedLogin","e","error","isRuntimeNextRequest","url","startsWith","isOauthCallback","isSamlCallback","isSSOPostRequest","isRefreshTokenRequest","refreshTokenUrls","ApiUrls","embedded","hosted","includes"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessTokenIfNeeded/helpers.ts"],"sourcesContent":["import fronteggLogger from '../fronteggLogger';\nimport CookieManager from '../cookies';\nimport { NextApiRequest } from 'next/dist/shared/lib/utils';\nimport api from '../../api';\nimport { getTokensFromCookie } from '../../common';\nimport { IncomingMessage } from 'http';\nimport config from '../../config';\nimport { ApiUrls } from '../../api/urls';\n\nexport function hasRefreshTokenCookie(cookies: Record<string, any>): boolean {\n const logger = fronteggLogger.child({ tag: 'refreshToken.hasRefreshTokenCookie' });\n const refreshTokenKey = CookieManager.refreshTokenKey;\n logger.debug(`Checking if '${refreshTokenKey}' exists in cookies`);\n const cookieKey = Object.keys(cookies).find((cookie) => {\n return cookie.replace(/-/g, '') === refreshTokenKey;\n });\n const exists: boolean = cookieKey != null;\n logger.debug(`Cookie '${refreshTokenKey}' ${exists ? 'exists' : 'NOT exists'} in cookies`);\n return exists;\n}\n\nexport async function refreshAccessTokenEmbedded(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenEmbedded' });\n\n const headers = request.headers as Record<string, string>;\n const cookies = (request as NextApiRequest).cookies;\n\n logger.info('check if has refresh token headers');\n if (hasRefreshTokenCookie(cookies)) {\n logger.info('going to refresh token (embedded mode)');\n return await api.refreshTokenEmbedded(headers);\n }\n return null;\n}\n\nexport async function refreshAccessTokenHostedLogin(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenHostedLogin' });\n const headers = request.headers as Record<string, string>;\n\n logger.info('trying to get token from cookies');\n\n const sealFromCookies = CookieManager.getSessionCookieFromRequest(request);\n try {\n const tokens = await getTokensFromCookie(sealFromCookies);\n if (!tokens?.refreshToken) {\n logger.info('refresh token not found');\n return null;\n }\n\n if (config.secureJwtEnabled) {\n const clientId = config.clientId;\n const clientSecret = config.clientSecret;\n\n logger.info('going to refresh token (hosted-login mode) (secure-jwt mode)');\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken, clientId, clientSecret);\n } else {\n logger.info('going to refresh token (hosted-login mode) ', tokens.refreshToken);\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken);\n }\n } catch (e) {\n logger.error(e);\n return null;\n }\n}\n\n/**\n * If url starts with /_next/ means that the user trying to navigate\n * to a new nextjs page, in this scenario no need to refresh token\n * we can just return the actual stateless session from\n * the encrypted cookie\n */\nexport function isRuntimeNextRequest(url: string): boolean {\n return url.startsWith('/_next/');\n}\n\n/**\n * If url starts with '/oauth/callback' means that the user navigated back\n * from frontegg hosted login, in this scenario no need to SSR refresh token\n */\nexport function isOauthCallback(url: string): boolean {\n return url.startsWith('/oauth/callback');\n}\n\n/**\n * If url starts with '/account/saml/callback' means that the user navigated back\n * from sso login, in this scenario no need to SSR refresh token\n */\nexport function isSamlCallback(url: string): boolean {\n return url.startsWith('/account/saml/callback') || url.startsWith('/account/oidc/callback');\n}\n\n/**\n * If the url equals to '/frontegg/auth/{provider}/callback', it means that the SSO provider\n * is posting an http request to the nextjs backend middleware after successfully logged in the user\n */\nexport function isSSOPostRequest(url: string): boolean {\n return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';\n}\n\n/**\n * Checks if the request URL is a refresh token request.\n * This is used to determine if the current request is targeting\n * one of the predefined refresh token URLs (embedded or hosted modes).\n */\nexport function isRefreshTokenRequest(url: string): boolean {\n const refreshTokenUrls = [ApiUrls.refreshToken.embedded, ApiUrls.refreshToken.hosted];\n return refreshTokenUrls.includes(url);\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA,IAAAA,eAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,QAAA,GAAAF,sBAAA,CAAAC,OAAA;AAEA,IAAAE,IAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAL,sBAAA,CAAAC,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAEO,SAASM,qBAAqBA,CAACC,OAA4B,EAAW;EAC3E,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAAqC,CAAC,CAAC;EAClF,MAAMC,eAAe,GAAGC,gBAAa,CAACD,eAAe;EACrDJ,MAAM,CAACM,KAAK,CAAE,gBAAeF,eAAgB,qBAAoB,CAAC;EAClE,MAAMG,SAAS,GAAGC,MAAM,CAACC,IAAI,CAACV,OAAO,CAAC,CAACW,IAAI,CAAEC,MAAM,IAAK;IACtD,OAAOA,MAAM,CAACC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAKR,eAAe;EACrD,CAAC,CAAC;EACF,MAAMS,MAAe,GAAGN,SAAS,IAAI,IAAI;EACzCP,MAAM,CAACM,KAAK,CAAE,WAAUF,eAAgB,KAAIS,MAAM,GAAG,QAAQ,GAAG,YAAa,aAAY,CAAC;EAC1F,OAAOA,MAAM;AACf;AAEO,eAAeC,0BAA0BA,CAACC,OAAwB,EAA4B;EACnG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA0C,CAAC,CAAC;EAEvF,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EACzD,MAAMjB,OAAO,GAAIgB,OAAO,CAAoBhB,OAAO;EAEnDC,MAAM,CAACiB,IAAI,CAAC,oCAAoC,CAAC;EACjD,IAAInB,qBAAqB,CAACC,OAAO,CAAC,EAAE;IAClCC,MAAM,CAACiB,IAAI,CAAC,wCAAwC,CAAC;IACrD,OAAO,MAAMC,YAAG,CAACC,oBAAoB,CAACH,OAAO,CAAC;EAChD;EACA,OAAO,IAAI;AACb;AAEO,eAAeI,6BAA6BA,CAACL,OAAwB,EAA4B;EACtG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA6C,CAAC,CAAC;EAC1F,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EAEzDhB,MAAM,CAACiB,IAAI,CAAC,kCAAkC,CAAC;EAE/C,MAAMI,eAAe,GAAGhB,gBAAa,CAACiB,2BAA2B,CAACP,OAAO,CAAC;EAC1E,IAAI;IACF,MAAMQ,MAAM,GAAG,MAAM,IAAAC,2BAAmB,EAACH,eAAe,CAAC;IACzD,IAAI,EAACE,MAAM,YAANA,MAAM,CAAEE,YAAY,GAAE;MACzBzB,MAAM,CAACiB,IAAI,CAAC,yBAAyB,CAAC;MACtC,OAAO,IAAI;IACb;IAEA,IAAIS,eAAM,CAACC,gBAAgB,EAAE;MAC3B,MAAMC,QAAQ,GAAGF,eAAM,CAACE,QAAQ;MAChC,MAAMC,YAAY,GAAGH,eAAM,CAACG,YAAY;MAExC7B,MAAM,CAACiB,IAAI,CAAC,8DAA8D,CAAC;MAC3E,OAAO,MAAMC,YAAG,CAACY,uBAAuB,CAACd,OAAO,EAAEO,MAAM,CAACE,YAAY,EAAEG,QAAQ,EAAEC,YAAY,CAAC;IAChG,CAAC,MAAM;MACL7B,MAAM,CAACiB,IAAI,CAAC,6CAA6C,EAAEM,MAAM,CAACE,YAAY,CAAC;MAC/E,OAAO,MAAMP,YAAG,CAACY,uBAAuB,CAACd,OAAO,EAAEO,MAAM,CAACE,YAAY,CAAC;IACxE;EACF,CAAC,CAAC,OAAOM,CAAC,EAAE;IACV/B,MAAM,CAACgC,KAAK,CAACD,CAAC,CAAC;IACf,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASE,oBAAoBA,CAACC,GAAW,EAAW;EACzD,OAAOA,GAAG,CAACC,UAAU,CAAC,SAAS,CAAC;AAClC;;AAEA;AACA;AACA;AACA;AACO,SAASC,eAAeA,CAACF,GAAW,EAAW;EACpD,OAAOA,GAAG,CAACC,UAAU,CAAC,iBAAiB,CAAC;AAC1C;;AAEA;AACA;AACA;AACA;AACO,SAASE,cAAcA,CAACH,GAAW,EAAW;EACnD,OAAOA,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC,IAAID,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC;AAC7F;;AAEA;AACA;AACA;AACA;AACO,SAASG,gBAAgBA,CAACJ,GAAW,EAAW;EACrD,OAAOA,GAAG,KAAK,8BAA8B,IAAIA,GAAG,KAAK,8BAA8B;AACzF;;AAEA;AACA;AACA;AACA;AACA;AACO,SAASK,qBAAqBA,CAACL,GAAW,EAAW;EAC1D,MAAMM,gBAAgB,GAAG,CAACC,aAAO,CAAChB,YAAY,CAACiB,QAAQ,EAAED,aAAO,CAAChB,YAAY,CAACkB,MAAM,CAAC;EACrF,OAAOH,gBAAgB,CAACI,QAAQ,CAACV,GAAG,CAAC;AACvC"}
|