@frontegg/nextjs 9.0.4-alpha.11279302089 → 9.0.4-alpha.11365177255
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +5 -0
- package/README.md +2 -8
- package/config/constants.d.ts +0 -5
- package/config/constants.js +0 -1
- package/config/constants.js.map +1 -1
- package/config/index.js +1 -3
- package/config/index.js.map +1 -1
- package/index.js +1 -1
- package/middleware/ProxyRequestCallback.js +5 -0
- package/middleware/ProxyRequestCallback.js.map +1 -1
- package/package.json +1 -1
- package/sdkVersion.js +1 -1
- package/sdkVersion.js.map +1 -1
- package/utils/refreshAccessTokenIfNeeded/helpers.d.ts +6 -0
- package/utils/refreshAccessTokenIfNeeded/helpers.js +12 -0
- package/utils/refreshAccessTokenIfNeeded/helpers.js.map +1 -1
package/CHANGELOG.md
CHANGED
package/README.md
CHANGED
|
@@ -126,14 +126,8 @@ FRONTEGG_CLIENT_SECRET='{YOUR_APPLICATION_CLIENT_SECRET}'
|
|
|
126
126
|
# node -e "console.log(crypto.randomBytes(32).toString('hex'))"
|
|
127
127
|
FRONTEGG_ENCRYPTION_PASSWORD='{SESSION_ENCRYPTION_PASSWORD}'
|
|
128
128
|
|
|
129
|
-
# The stateless cookie name
|
|
130
|
-
|
|
131
|
-
FRONTEGG_COOKIE_NAME='FRONTEGG_COOKIE_NAME'
|
|
132
|
-
|
|
133
|
-
# Specifies the domain for storing the encrypted JWT as session cookies,
|
|
134
|
-
# enabling support for `getServerSideProps` and `ServerComponents`.
|
|
135
|
-
# If not provided, the domain will be the same as the `APP_URL` environment variable.
|
|
136
|
-
FRONTEGG_COOKIE_DOMAIN='FRONTEGG_COOKIE_DOMAIN'
|
|
129
|
+
# The stateless session cookie name
|
|
130
|
+
FRONTEGG_COOKIE_NAME='fe_session'
|
|
137
131
|
|
|
138
132
|
# The JWT public key generated by Frontegg to verify JWT before creating a session.
|
|
139
133
|
# Retrieve it by visiting: https://[YOUR_FRONTEGG_DOMAIN]/.well-known/jwks.json.
|
package/config/constants.d.ts
CHANGED
|
@@ -51,11 +51,6 @@ export declare enum EnvVariables {
|
|
|
51
51
|
* value as session cookies for supporting getServerSideProps and ServerComponents
|
|
52
52
|
*/
|
|
53
53
|
FRONTEGG_COOKIE_NAME = "FRONTEGG_COOKIE_NAME",
|
|
54
|
-
/**
|
|
55
|
-
* The stateless cookie domain for storing the encrypted JWT
|
|
56
|
-
* value as session cookies for supporting getServerSideProps and ServerComponents
|
|
57
|
-
*/
|
|
58
|
-
FRONTEGG_COOKIE_DOMAIN = "FRONTEGG_COOKIE_DOMAIN",
|
|
59
54
|
/**
|
|
60
55
|
* When `true`, the initial props will not refresh access token if it's valid.
|
|
61
56
|
*/
|
package/config/constants.js
CHANGED
|
@@ -13,7 +13,6 @@ let EnvVariables = /*#__PURE__*/function (EnvVariables) {
|
|
|
13
13
|
EnvVariables["FRONTEGG_ENCRYPTION_PASSWORD"] = "FRONTEGG_ENCRYPTION_PASSWORD";
|
|
14
14
|
EnvVariables["FRONTEGG_JWT_PUBLIC_KEY"] = "FRONTEGG_JWT_PUBLIC_KEY";
|
|
15
15
|
EnvVariables["FRONTEGG_COOKIE_NAME"] = "FRONTEGG_COOKIE_NAME";
|
|
16
|
-
EnvVariables["FRONTEGG_COOKIE_DOMAIN"] = "FRONTEGG_COOKIE_DOMAIN";
|
|
17
16
|
EnvVariables["DISABLE_INITIAL_PROPS_REFRESH_TOKEN"] = "DISABLE_INITIAL_PROPS_REFRESH_TOKEN";
|
|
18
17
|
EnvVariables["FRONTEGG_SECURE_JWT_ENABLED"] = "FRONTEGG_SECURE_JWT_ENABLED";
|
|
19
18
|
EnvVariables["FRONTEGG_HOSTED_LOGIN"] = "FRONTEGG_HOSTED_LOGIN";
|
package/config/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","names":["EnvVariables","exports"],"sources":["../../../../packages/nextjs/src/config/constants.ts"],"sourcesContent":["export enum EnvVariables {\n /**\n * The AppUrl is to tell Frontegg your application's app url\n * for generating cookies and proxy http requests\n */\n FRONTEGG_APP_URL = 'FRONTEGG_APP_URL',\n /**\n * The Frontegg domain is your unique URL to connect to the Frontegg gateway, get it by visit:\n * - For Dev environment [visit](https://portal.frontegg.com/development/settings/domains)\n * - For Prod environment [visit](https://portal.frontegg.com/production/settings/domains)\n */\n FRONTEGG_BASE_URL = 'FRONTEGG_BASE_URL',\n /**\n * The Frontegg test domain used for testing proxy middleware\n * @private for Frontegg\n */\n FRONTEGG_TEST_URL = 'FRONTEGG_TEST_URL',\n\n /**\n * Your Frontegg application's Client ID, get it by visit:\n * - For Dev environment [visit](https://portal.frontegg.com/development/settings/general)\n * - For Prod environment [visit](https://portal.frontegg.com/production/settings/general)\n */\n FRONTEGG_CLIENT_ID = 'FRONTEGG_CLIENT_ID',\n\n /**\n * Your Frontegg application's Client Secret, get it by visit:\n * - For Dev environment [visit](https://portal.frontegg.com/development/settings/general)\n * - For Prod environment [visit](https://portal.frontegg.com/production/settings/general)\n */\n FRONTEGG_CLIENT_SECRET = 'FRONTEGG_CLIENT_SECRET',\n\n /**\n * The stateless session encryption password, used to encrypt\n * JWT before sending it to the client side.\n *\n * For quick password generation use the following command:\n *\n * ```sh\n * node -e \"console.log(crypto.randomBytes(32).toString('hex'))\"\n * ```\n */\n FRONTEGG_ENCRYPTION_PASSWORD = 'FRONTEGG_ENCRYPTION_PASSWORD',\n\n /**\n * The JWT public key generated by frontegg, to verify JWT before create session,\n * get it by visit: https://[YOUR_FRONTEGG_FOMAIN]/.well-known/jwks.json.\n *\n * Then: Copy and Paste the first key from the response:\n * {keys: [{__KEY__}]}\n */\n FRONTEGG_JWT_PUBLIC_KEY = 'FRONTEGG_JWT_PUBLIC_KEY',\n\n /**\n * The stateless cookie name for storing the encrypted JWT\n * value as session cookies for supporting getServerSideProps and ServerComponents\n */\n FRONTEGG_COOKIE_NAME = 'FRONTEGG_COOKIE_NAME',\n\n /**\n *
|
|
1
|
+
{"version":3,"file":"constants.js","names":["EnvVariables","exports"],"sources":["../../../../packages/nextjs/src/config/constants.ts"],"sourcesContent":["export enum EnvVariables {\n /**\n * The AppUrl is to tell Frontegg your application's app url\n * for generating cookies and proxy http requests\n */\n FRONTEGG_APP_URL = 'FRONTEGG_APP_URL',\n /**\n * The Frontegg domain is your unique URL to connect to the Frontegg gateway, get it by visit:\n * - For Dev environment [visit](https://portal.frontegg.com/development/settings/domains)\n * - For Prod environment [visit](https://portal.frontegg.com/production/settings/domains)\n */\n FRONTEGG_BASE_URL = 'FRONTEGG_BASE_URL',\n /**\n * The Frontegg test domain used for testing proxy middleware\n * @private for Frontegg\n */\n FRONTEGG_TEST_URL = 'FRONTEGG_TEST_URL',\n\n /**\n * Your Frontegg application's Client ID, get it by visit:\n * - For Dev environment [visit](https://portal.frontegg.com/development/settings/general)\n * - For Prod environment [visit](https://portal.frontegg.com/production/settings/general)\n */\n FRONTEGG_CLIENT_ID = 'FRONTEGG_CLIENT_ID',\n\n /**\n * Your Frontegg application's Client Secret, get it by visit:\n * - For Dev environment [visit](https://portal.frontegg.com/development/settings/general)\n * - For Prod environment [visit](https://portal.frontegg.com/production/settings/general)\n */\n FRONTEGG_CLIENT_SECRET = 'FRONTEGG_CLIENT_SECRET',\n\n /**\n * The stateless session encryption password, used to encrypt\n * JWT before sending it to the client side.\n *\n * For quick password generation use the following command:\n *\n * ```sh\n * node -e \"console.log(crypto.randomBytes(32).toString('hex'))\"\n * ```\n */\n FRONTEGG_ENCRYPTION_PASSWORD = 'FRONTEGG_ENCRYPTION_PASSWORD',\n\n /**\n * The JWT public key generated by frontegg, to verify JWT before create session,\n * get it by visit: https://[YOUR_FRONTEGG_FOMAIN]/.well-known/jwks.json.\n *\n * Then: Copy and Paste the first key from the response:\n * {keys: [{__KEY__}]}\n */\n FRONTEGG_JWT_PUBLIC_KEY = 'FRONTEGG_JWT_PUBLIC_KEY',\n\n /**\n * The stateless cookie name for storing the encrypted JWT\n * value as session cookies for supporting getServerSideProps and ServerComponents\n */\n FRONTEGG_COOKIE_NAME = 'FRONTEGG_COOKIE_NAME',\n\n /**\n * When `true`, the initial props will not refresh access token if it's valid.\n */\n DISABLE_INITIAL_PROPS_REFRESH_TOKEN = 'DISABLE_INITIAL_PROPS_REFRESH_TOKEN',\n\n /**\n * Enable secure JWT by removing the signature from the JWT token.\n * In order to enable this feature, you need to provide {@link EnvVariables.FRONTEGG_CLIENT_SECRET}\n */\n FRONTEGG_SECURE_JWT_ENABLED = 'FRONTEGG_SECURE_JWT_ENABLED',\n\n /**\n * The Frontegg Hosted Login URL, used to redirect the user to the Frontegg login page\n * set to 'true' to enable the hosted login feature\n */\n FRONTEGG_HOSTED_LOGIN = 'FRONTEGG_HOSTED_LOGIN',\n\n /**\n * Forward client IP address to Frontegg gateway, used to detect the client's IP address\n * when the Next.js application using frontegg middleware proxy service\n * In order to enable this feature, you need to provide {@link EnvVariables.FRONTEGG_CLIENT_SECRET}\n */\n FRONTEGG_FORWARD_IP = 'FRONTEGG_FORWARD_IP',\n /**\n * This Env variable assign automatically when deploying you Next.js application\n * to Vercel deployments service, and will be used to detect to dynamically configure\n * the {@link EnvVariables.FRONTEGG_APP_URL}\n *\n * @see [Vercel Environment Variables](https://vercel.com/docs/concepts/projects/environment-variables#system-environment-variables)\n */\n VERCEL = 'VERCEL',\n VERCEL_URL = 'VERCEL_URL',\n}\n"],"mappings":";;;;;;IAAYA,YAAY,0BAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAZA,YAAY;EAAA,OAAZA,YAAY;AAAA;AAAAC,OAAA,CAAAD,YAAA,GAAAA,YAAA"}
|
package/config/index.js
CHANGED
|
@@ -21,7 +21,6 @@ const setupEnvVariables = {
|
|
|
21
21
|
FRONTEGG_CLIENT_SECRET: process.env.FRONTEGG_CLIENT_SECRET,
|
|
22
22
|
FRONTEGG_ENCRYPTION_PASSWORD: process.env.FRONTEGG_ENCRYPTION_PASSWORD,
|
|
23
23
|
FRONTEGG_COOKIE_NAME: process.env.FRONTEGG_COOKIE_NAME,
|
|
24
|
-
FRONTEGG_COOKIE_DOMAIN: process.env.FRONTEGG_COOKIE_DOMAIN,
|
|
25
24
|
FRONTEGG_JWT_PUBLIC_KEY: process.env.FRONTEGG_JWT_PUBLIC_KEY,
|
|
26
25
|
FRONTEGG_SECURE_JWT_ENABLED: process.env.FRONTEGG_SECURE_JWT_ENABLED,
|
|
27
26
|
DISABLE_INITIAL_PROPS_REFRESH_TOKEN: process.env.DISABLE_INITIAL_PROPS_REFRESH_TOKEN,
|
|
@@ -86,8 +85,7 @@ class Config {
|
|
|
86
85
|
return `${cookieNameEnv}-${this.clientId.replace(/-/g, '')}`;
|
|
87
86
|
}
|
|
88
87
|
get cookieDomain() {
|
|
89
|
-
|
|
90
|
-
return (0, _helpers.getEnvOrDefault)(_constants.EnvVariables.FRONTEGG_COOKIE_DOMAIN, (_setupEnvVariables$FR2 = setupEnvVariables.FRONTEGG_COOKIE_DOMAIN) != null ? _setupEnvVariables$FR2 : (0, _helpers.generateCookieDomain)(this.appUrl));
|
|
88
|
+
return (0, _helpers.generateCookieDomain)(this.appUrl);
|
|
91
89
|
}
|
|
92
90
|
get authRoutes() {
|
|
93
91
|
var _this$fronteggAppOpti, _this$fronteggAppOpti2, _this$fronteggAppOpti3;
|
package/config/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":["_helpers","require","_constants","_errors","setupEnvVariables","FRONTEGG_APP_URL","process","env","FRONTEGG_BASE_URL","FRONTEGG_TEST_URL","FRONTEGG_CLIENT_ID","FRONTEGG_CLIENT_SECRET","FRONTEGG_ENCRYPTION_PASSWORD","FRONTEGG_COOKIE_NAME","FRONTEGG_COOKIE_DOMAIN","FRONTEGG_JWT_PUBLIC_KEY","FRONTEGG_SECURE_JWT_ENABLED","DISABLE_INITIAL_PROPS_REFRESH_TOKEN","VERCEL","VERCEL_URL","Config","constructor","fronteggAppOptions","window","validatePassword","appUrl","generateAppUrl","testUrl","getEnvOrDefault","EnvVariables","baseUrl","_getEnv","getEnv","endsWith","slice","baseUrlHost","URL","hostname","clientId","_getEnv2","clientSecret","undefined","_getEnv3","e","secureJwtEnabled","InvalidFronteggEnv","jwtPublicKeyJson","_getEnv4","cookieName","_setupEnvVariables$FR","cookieNameEnv","replace","cookieDomain","_setupEnvVariables$FR2","generateCookieDomain","authRoutes","_this$fronteggAppOpti","_this$fronteggAppOpti2","_this$fronteggAppOpti3","authOptions","routes","passwordMaps","password","key","Object","keys","match","length","_getEnv5","encryptionPasswordEnv","normalizeStringPasswordToMap","isSSL","protocol","isHostedLogin","_this$fronteggAppOpti4","hostedLoginBox","FRONTEGG_HOSTED_LOGIN","isForwardIpEnabled","disableInitialPropsRefreshToken","appEnvConfig","config","envAppUrl","envBaseUrl","envClientId","console","log","_default","exports","default"],"sources":["../../../../packages/nextjs/src/config/index.ts"],"sourcesContent":["import { AuthPageRoutes } from '@frontegg/redux-store';\nimport { WithFronteggAppOptions } from '../pages';\nimport { AppEnvConfig, PasswordsMap } from './types';\nimport { generateAppUrl, generateCookieDomain, getEnv, getEnvOrDefault, normalizeStringPasswordToMap } from './helpers';\nimport { EnvVariables } from './constants';\nimport { InvalidFronteggEnv } from '../utils/errors';\n\nconst setupEnvVariables = {\n FRONTEGG_APP_URL: process.env.FRONTEGG_APP_URL,\n FRONTEGG_BASE_URL: process.env.FRONTEGG_BASE_URL,\n FRONTEGG_TEST_URL: process.env.FRONTEGG_TEST_URL,\n FRONTEGG_CLIENT_ID: process.env.FRONTEGG_CLIENT_ID,\n FRONTEGG_CLIENT_SECRET: process.env.FRONTEGG_CLIENT_SECRET,\n FRONTEGG_ENCRYPTION_PASSWORD: process.env.FRONTEGG_ENCRYPTION_PASSWORD,\n FRONTEGG_COOKIE_NAME: process.env.FRONTEGG_COOKIE_NAME,\n FRONTEGG_COOKIE_DOMAIN: process.env.FRONTEGG_COOKIE_DOMAIN,\n FRONTEGG_JWT_PUBLIC_KEY: process.env.FRONTEGG_JWT_PUBLIC_KEY,\n FRONTEGG_SECURE_JWT_ENABLED: process.env.FRONTEGG_SECURE_JWT_ENABLED,\n DISABLE_INITIAL_PROPS_REFRESH_TOKEN: process.env.DISABLE_INITIAL_PROPS_REFRESH_TOKEN,\n VERCEL: process.env.VERCEL,\n VERCEL_URL: process.env.VERCEL_URL,\n};\n\nclass Config {\n public fronteggAppOptions: Partial<WithFronteggAppOptions> = {};\n\n constructor() {\n if (typeof window === 'undefined') {\n this.validatePassword();\n }\n }\n\n get appUrl(): string {\n return generateAppUrl();\n }\n\n get testUrl(): string | undefined {\n return getEnvOrDefault(EnvVariables.FRONTEGG_TEST_URL, setupEnvVariables.FRONTEGG_TEST_URL);\n }\n\n get baseUrl(): string {\n const baseUrl = getEnv(EnvVariables.FRONTEGG_BASE_URL) ?? setupEnvVariables.FRONTEGG_BASE_URL;\n if (baseUrl.endsWith('/')) {\n return baseUrl.slice(0, -1);\n }\n return baseUrl;\n }\n\n get baseUrlHost(): string {\n return new URL(this.baseUrl).hostname;\n }\n\n get clientId(): string {\n return getEnv(EnvVariables.FRONTEGG_CLIENT_ID) ?? setupEnvVariables.FRONTEGG_CLIENT_ID;\n }\n\n get clientSecret(): string | undefined {\n let clientSecret = undefined;\n try {\n clientSecret = getEnv(EnvVariables.FRONTEGG_CLIENT_SECRET) ?? setupEnvVariables.FRONTEGG_CLIENT_SECRET;\n } catch (e) {\n clientSecret = setupEnvVariables.FRONTEGG_CLIENT_SECRET;\n }\n\n if (this.secureJwtEnabled === 'true' && !clientSecret) {\n throw new InvalidFronteggEnv(\n EnvVariables.FRONTEGG_CLIENT_SECRET,\n 'Client secret is required when secure JWT is enabled'\n );\n }\n return clientSecret;\n }\n\n get jwtPublicKeyJson(): string | undefined {\n return getEnv(EnvVariables.FRONTEGG_JWT_PUBLIC_KEY);\n }\n\n get secureJwtEnabled(): string | undefined {\n try {\n return getEnv(EnvVariables.FRONTEGG_SECURE_JWT_ENABLED) ?? setupEnvVariables.FRONTEGG_SECURE_JWT_ENABLED;\n } catch (e) {\n return setupEnvVariables.FRONTEGG_SECURE_JWT_ENABLED;\n }\n }\n\n get cookieName(): string {\n const cookieNameEnv = getEnvOrDefault(\n EnvVariables.FRONTEGG_COOKIE_NAME,\n setupEnvVariables.FRONTEGG_COOKIE_NAME ?? 'fe_session'\n );\n return `${cookieNameEnv}-${this.clientId.replace(/-/g, '')}`;\n }\n\n get cookieDomain(): string {\n return getEnvOrDefault(\n EnvVariables.FRONTEGG_COOKIE_DOMAIN,\n setupEnvVariables.FRONTEGG_COOKIE_DOMAIN ?? generateCookieDomain(this.appUrl)\n );\n }\n\n get authRoutes(): Partial<AuthPageRoutes> {\n return this.fronteggAppOptions?.authOptions?.routes ?? {};\n }\n\n private validatePassword() {\n const passwordMaps = this.password;\n for (let key of Object.keys(passwordMaps)) {\n const password = passwordMaps[key];\n if (!password.match(/[0-9A-Fa-f]{6}/g) || password.length !== 64) {\n throw new InvalidFronteggEnv(\n EnvVariables.FRONTEGG_ENCRYPTION_PASSWORD,\n `Hex string.\\n\\nFor quick password generation use the following command:\\nnode -e \"console.log(crypto.randomBytes(32).toString('hex'))\"`\n );\n }\n }\n }\n\n get password(): PasswordsMap {\n const encryptionPasswordEnv =\n getEnv(EnvVariables.FRONTEGG_ENCRYPTION_PASSWORD) ?? setupEnvVariables.FRONTEGG_ENCRYPTION_PASSWORD;\n\n return normalizeStringPasswordToMap(encryptionPasswordEnv);\n }\n\n get isSSL(): boolean {\n return new URL(this.appUrl).protocol === 'https:';\n }\n\n get isHostedLogin(): boolean {\n return (\n this.fronteggAppOptions.hostedLoginBox ?? getEnvOrDefault(EnvVariables.FRONTEGG_HOSTED_LOGIN, 'false') === 'true'\n );\n }\n\n get isForwardIpEnabled(): boolean {\n if (this.clientSecret) {\n return getEnvOrDefault(EnvVariables.FRONTEGG_HOSTED_LOGIN, 'false') === 'true';\n }\n return false;\n }\n\n get disableInitialPropsRefreshToken(): boolean {\n const disableInitialPropsRefreshToken = getEnvOrDefault(\n EnvVariables.DISABLE_INITIAL_PROPS_REFRESH_TOKEN,\n setupEnvVariables.DISABLE_INITIAL_PROPS_REFRESH_TOKEN\n );\n return disableInitialPropsRefreshToken === 'true';\n }\n\n get appEnvConfig(): AppEnvConfig {\n const config = {\n envAppUrl: this.appUrl,\n envBaseUrl: this.baseUrl,\n envClientId: this.clientId,\n secureJwtEnabled: this.secureJwtEnabled,\n };\n console.log('this.appEnvConfig', config);\n return config;\n }\n}\n\nexport { EnvVariables } from './constants';\nexport default new Config();\n"],"mappings":";;;;;;;;;;;;AAGA,IAAAA,QAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,MAAMG,iBAAiB,GAAG;EACxBC,gBAAgB,EAAEC,OAAO,CAACC,GAAG,CAACF,gBAAgB;EAC9CG,iBAAiB,EAAEF,OAAO,CAACC,GAAG,CAACC,iBAAiB;EAChDC,iBAAiB,EAAEH,OAAO,CAACC,GAAG,CAACE,iBAAiB;EAChDC,kBAAkB,EAAEJ,OAAO,CAACC,GAAG,CAACG,kBAAkB;EAClDC,sBAAsB,EAAEL,OAAO,CAACC,GAAG,CAACI,sBAAsB;EAC1DC,4BAA4B,EAAEN,OAAO,CAACC,GAAG,CAACK,4BAA4B;EACtEC,oBAAoB,EAAEP,OAAO,CAACC,GAAG,CAACM,oBAAoB;EACtDC,sBAAsB,EAAER,OAAO,CAACC,GAAG,CAACO,sBAAsB;EAC1DC,uBAAuB,EAAET,OAAO,CAACC,GAAG,CAACQ,uBAAuB;EAC5DC,2BAA2B,EAAEV,OAAO,CAACC,GAAG,CAACS,2BAA2B;EACpEC,mCAAmC,EAAEX,OAAO,CAACC,GAAG,CAACU,mCAAmC;EACpFC,MAAM,EAAEZ,OAAO,CAACC,GAAG,CAACW,MAAM;EAC1BC,UAAU,EAAEb,OAAO,CAACC,GAAG,CAACY;AAC1B,CAAC;AAED,MAAMC,MAAM,CAAC;EAGXC,WAAWA,CAAA,EAAG;IAAA,KAFPC,kBAAkB,GAAoC,CAAC,CAAC;IAG7D,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;MACjC,IAAI,CAACC,gBAAgB,EAAE;IACzB;EACF;EAEA,IAAIC,MAAMA,CAAA,EAAW;IACnB,OAAO,IAAAC,uBAAc,GAAE;EACzB;EAEA,IAAIC,OAAOA,CAAA,EAAuB;IAChC,OAAO,IAAAC,wBAAe,EAACC,uBAAY,CAACpB,iBAAiB,EAAEL,iBAAiB,CAACK,iBAAiB,CAAC;EAC7F;EAEA,IAAIqB,OAAOA,CAAA,EAAW;IAAA,IAAAC,OAAA;IACpB,MAAMD,OAAO,IAAAC,OAAA,GAAG,IAAAC,eAAM,EAACH,uBAAY,CAACrB,iBAAiB,CAAC,YAAAuB,OAAA,GAAI3B,iBAAiB,CAACI,iBAAiB;IAC7F,IAAIsB,OAAO,CAACG,QAAQ,CAAC,GAAG,CAAC,EAAE;MACzB,OAAOH,OAAO,CAACI,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7B;IACA,OAAOJ,OAAO;EAChB;EAEA,IAAIK,WAAWA,CAAA,EAAW;IACxB,OAAO,IAAIC,GAAG,CAAC,IAAI,CAACN,OAAO,CAAC,CAACO,QAAQ;EACvC;EAEA,IAAIC,QAAQA,CAAA,EAAW;IAAA,IAAAC,QAAA;IACrB,QAAAA,QAAA,GAAO,IAAAP,eAAM,EAACH,uBAAY,CAACnB,kBAAkB,CAAC,YAAA6B,QAAA,GAAInC,iBAAiB,CAACM,kBAAkB;EACxF;EAEA,IAAI8B,YAAYA,CAAA,EAAuB;IACrC,IAAIA,YAAY,GAAGC,SAAS;IAC5B,IAAI;MAAA,IAAAC,QAAA;MACFF,YAAY,IAAAE,QAAA,GAAG,IAAAV,eAAM,EAACH,uBAAY,CAAClB,sBAAsB,CAAC,YAAA+B,QAAA,GAAItC,iBAAiB,CAACO,sBAAsB;IACxG,CAAC,CAAC,OAAOgC,CAAC,EAAE;MACVH,YAAY,GAAGpC,iBAAiB,CAACO,sBAAsB;IACzD;IAEA,IAAI,IAAI,CAACiC,gBAAgB,KAAK,MAAM,IAAI,CAACJ,YAAY,EAAE;MACrD,MAAM,IAAIK,0BAAkB,CAC1BhB,uBAAY,CAAClB,sBAAsB,EACnC,sDAAsD,CACvD;IACH;IACA,OAAO6B,YAAY;EACrB;EAEA,IAAIM,gBAAgBA,CAAA,EAAuB;IACzC,OAAO,IAAAd,eAAM,EAACH,uBAAY,CAACd,uBAAuB,CAAC;EACrD;EAEA,IAAI6B,gBAAgBA,CAAA,EAAuB;IACzC,IAAI;MAAA,IAAAG,QAAA;MACF,QAAAA,QAAA,GAAO,IAAAf,eAAM,EAACH,uBAAY,CAACb,2BAA2B,CAAC,YAAA+B,QAAA,GAAI3C,iBAAiB,CAACY,2BAA2B;IAC1G,CAAC,CAAC,OAAO2B,CAAC,EAAE;MACV,OAAOvC,iBAAiB,CAACY,2BAA2B;IACtD;EACF;EAEA,IAAIgC,UAAUA,CAAA,EAAW;IAAA,IAAAC,qBAAA;IACvB,MAAMC,aAAa,GAAG,IAAAtB,wBAAe,EACnCC,uBAAY,CAAChB,oBAAoB,GAAAoC,qBAAA,GACjC7C,iBAAiB,CAACS,oBAAoB,YAAAoC,qBAAA,GAAI,YAAY,CACvD;IACD,OAAQ,GAAEC,aAAc,IAAG,IAAI,CAACZ,QAAQ,CAACa,OAAO,CAAC,IAAI,EAAE,EAAE,CAAE,EAAC;EAC9D;EAEA,IAAIC,YAAYA,CAAA,EAAW;IAAA,IAAAC,sBAAA;IACzB,OAAO,IAAAzB,wBAAe,EACpBC,uBAAY,CAACf,sBAAsB,GAAAuC,sBAAA,GACnCjD,iBAAiB,CAACU,sBAAsB,YAAAuC,sBAAA,GAAI,IAAAC,6BAAoB,EAAC,IAAI,CAAC7B,MAAM,CAAC,CAC9E;EACH;EAEA,IAAI8B,UAAUA,CAAA,EAA4B;IAAA,IAAAC,qBAAA,EAAAC,sBAAA,EAAAC,sBAAA;IACxC,QAAAF,qBAAA,IAAAC,sBAAA,GAAO,IAAI,CAACnC,kBAAkB,sBAAAoC,sBAAA,GAAvBD,sBAAA,CAAyBE,WAAW,qBAApCD,sBAAA,CAAsCE,MAAM,YAAAJ,qBAAA,GAAI,CAAC,CAAC;EAC3D;EAEQhC,gBAAgBA,CAAA,EAAG;IACzB,MAAMqC,YAAY,GAAG,IAAI,CAACC,QAAQ;IAClC,KAAK,IAAIC,GAAG,IAAIC,MAAM,CAACC,IAAI,CAACJ,YAAY,CAAC,EAAE;MACzC,MAAMC,QAAQ,GAAGD,YAAY,CAACE,GAAG,CAAC;MAClC,IAAI,CAACD,QAAQ,CAACI,KAAK,CAAC,iBAAiB,CAAC,IAAIJ,QAAQ,CAACK,MAAM,KAAK,EAAE,EAAE;QAChE,MAAM,IAAItB,0BAAkB,CAC1BhB,uBAAY,CAACjB,4BAA4B,EACxC,wIAAuI,CACzI;MACH;IACF;EACF;EAEA,IAAIkD,QAAQA,CAAA,EAAiB;IAAA,IAAAM,QAAA;IAC3B,MAAMC,qBAAqB,IAAAD,QAAA,GACzB,IAAApC,eAAM,EAACH,uBAAY,CAACjB,4BAA4B,CAAC,YAAAwD,QAAA,GAAIhE,iBAAiB,CAACQ,4BAA4B;IAErG,OAAO,IAAA0D,qCAA4B,EAACD,qBAAqB,CAAC;EAC5D;EAEA,IAAIE,KAAKA,CAAA,EAAY;IACnB,OAAO,IAAInC,GAAG,CAAC,IAAI,CAACX,MAAM,CAAC,CAAC+C,QAAQ,KAAK,QAAQ;EACnD;EAEA,IAAIC,aAAaA,CAAA,EAAY;IAAA,IAAAC,sBAAA;IAC3B,QAAAA,sBAAA,GACE,IAAI,CAACpD,kBAAkB,CAACqD,cAAc,YAAAD,sBAAA,GAAI,IAAA9C,wBAAe,EAACC,uBAAY,CAAC+C,qBAAqB,EAAE,OAAO,CAAC,KAAK,MAAM;EAErH;EAEA,IAAIC,kBAAkBA,CAAA,EAAY;IAChC,IAAI,IAAI,CAACrC,YAAY,EAAE;MACrB,OAAO,IAAAZ,wBAAe,EAACC,uBAAY,CAAC+C,qBAAqB,EAAE,OAAO,CAAC,KAAK,MAAM;IAChF;IACA,OAAO,KAAK;EACd;EAEA,IAAIE,+BAA+BA,CAAA,EAAY;IAC7C,MAAMA,+BAA+B,GAAG,IAAAlD,wBAAe,EACrDC,uBAAY,CAACZ,mCAAmC,EAChDb,iBAAiB,CAACa,mCAAmC,CACtD;IACD,OAAO6D,+BAA+B,KAAK,MAAM;EACnD;EAEA,IAAIC,YAAYA,CAAA,EAAiB;IAC/B,MAAMC,MAAM,GAAG;MACbC,SAAS,EAAE,IAAI,CAACxD,MAAM;MACtByD,UAAU,EAAE,IAAI,CAACpD,OAAO;MACxBqD,WAAW,EAAE,IAAI,CAAC7C,QAAQ;MAC1BM,gBAAgB,EAAE,IAAI,CAACA;IACzB,CAAC;IACDwC,OAAO,CAACC,GAAG,CAAC,mBAAmB,EAAEL,MAAM,CAAC;IACxC,OAAOA,MAAM;EACf;AACF;AAAC,IAAAM,QAAA,GAGc,IAAIlE,MAAM,EAAE;AAAAmE,OAAA,CAAAC,OAAA,GAAAF,QAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","names":["_helpers","require","_constants","_errors","setupEnvVariables","FRONTEGG_APP_URL","process","env","FRONTEGG_BASE_URL","FRONTEGG_TEST_URL","FRONTEGG_CLIENT_ID","FRONTEGG_CLIENT_SECRET","FRONTEGG_ENCRYPTION_PASSWORD","FRONTEGG_COOKIE_NAME","FRONTEGG_JWT_PUBLIC_KEY","FRONTEGG_SECURE_JWT_ENABLED","DISABLE_INITIAL_PROPS_REFRESH_TOKEN","VERCEL","VERCEL_URL","Config","constructor","fronteggAppOptions","window","validatePassword","appUrl","generateAppUrl","testUrl","getEnvOrDefault","EnvVariables","baseUrl","_getEnv","getEnv","endsWith","slice","baseUrlHost","URL","hostname","clientId","_getEnv2","clientSecret","undefined","_getEnv3","e","secureJwtEnabled","InvalidFronteggEnv","jwtPublicKeyJson","_getEnv4","cookieName","_setupEnvVariables$FR","cookieNameEnv","replace","cookieDomain","generateCookieDomain","authRoutes","_this$fronteggAppOpti","_this$fronteggAppOpti2","_this$fronteggAppOpti3","authOptions","routes","passwordMaps","password","key","Object","keys","match","length","_getEnv5","encryptionPasswordEnv","normalizeStringPasswordToMap","isSSL","protocol","isHostedLogin","_this$fronteggAppOpti4","hostedLoginBox","FRONTEGG_HOSTED_LOGIN","isForwardIpEnabled","disableInitialPropsRefreshToken","appEnvConfig","config","envAppUrl","envBaseUrl","envClientId","console","log","_default","exports","default"],"sources":["../../../../packages/nextjs/src/config/index.ts"],"sourcesContent":["import { AuthPageRoutes } from '@frontegg/redux-store';\nimport { WithFronteggAppOptions } from '../pages';\nimport { AppEnvConfig, PasswordsMap } from './types';\nimport { generateAppUrl, generateCookieDomain, getEnv, getEnvOrDefault, normalizeStringPasswordToMap } from './helpers';\nimport { EnvVariables } from './constants';\nimport { InvalidFronteggEnv } from '../utils/errors';\n\nconst setupEnvVariables = {\n FRONTEGG_APP_URL: process.env.FRONTEGG_APP_URL,\n FRONTEGG_BASE_URL: process.env.FRONTEGG_BASE_URL,\n FRONTEGG_TEST_URL: process.env.FRONTEGG_TEST_URL,\n FRONTEGG_CLIENT_ID: process.env.FRONTEGG_CLIENT_ID,\n FRONTEGG_CLIENT_SECRET: process.env.FRONTEGG_CLIENT_SECRET,\n FRONTEGG_ENCRYPTION_PASSWORD: process.env.FRONTEGG_ENCRYPTION_PASSWORD,\n FRONTEGG_COOKIE_NAME: process.env.FRONTEGG_COOKIE_NAME,\n FRONTEGG_JWT_PUBLIC_KEY: process.env.FRONTEGG_JWT_PUBLIC_KEY,\n FRONTEGG_SECURE_JWT_ENABLED: process.env.FRONTEGG_SECURE_JWT_ENABLED,\n DISABLE_INITIAL_PROPS_REFRESH_TOKEN: process.env.DISABLE_INITIAL_PROPS_REFRESH_TOKEN,\n VERCEL: process.env.VERCEL,\n VERCEL_URL: process.env.VERCEL_URL,\n};\n\nclass Config {\n public fronteggAppOptions: Partial<WithFronteggAppOptions> = {};\n\n constructor() {\n if (typeof window === 'undefined') {\n this.validatePassword();\n }\n }\n\n get appUrl(): string {\n return generateAppUrl();\n }\n\n get testUrl(): string | undefined {\n return getEnvOrDefault(EnvVariables.FRONTEGG_TEST_URL, setupEnvVariables.FRONTEGG_TEST_URL);\n }\n\n get baseUrl(): string {\n const baseUrl = getEnv(EnvVariables.FRONTEGG_BASE_URL) ?? setupEnvVariables.FRONTEGG_BASE_URL;\n if (baseUrl.endsWith('/')) {\n return baseUrl.slice(0, -1);\n }\n return baseUrl;\n }\n\n get baseUrlHost(): string {\n return new URL(this.baseUrl).hostname;\n }\n\n get clientId(): string {\n return getEnv(EnvVariables.FRONTEGG_CLIENT_ID) ?? setupEnvVariables.FRONTEGG_CLIENT_ID;\n }\n\n get clientSecret(): string | undefined {\n let clientSecret = undefined;\n try {\n clientSecret = getEnv(EnvVariables.FRONTEGG_CLIENT_SECRET) ?? setupEnvVariables.FRONTEGG_CLIENT_SECRET;\n } catch (e) {\n clientSecret = setupEnvVariables.FRONTEGG_CLIENT_SECRET;\n }\n\n if (this.secureJwtEnabled === 'true' && !clientSecret) {\n throw new InvalidFronteggEnv(\n EnvVariables.FRONTEGG_CLIENT_SECRET,\n 'Client secret is required when secure JWT is enabled'\n );\n }\n return clientSecret;\n }\n\n get jwtPublicKeyJson(): string | undefined {\n return getEnv(EnvVariables.FRONTEGG_JWT_PUBLIC_KEY);\n }\n\n get secureJwtEnabled(): string | undefined {\n try {\n return getEnv(EnvVariables.FRONTEGG_SECURE_JWT_ENABLED) ?? setupEnvVariables.FRONTEGG_SECURE_JWT_ENABLED;\n } catch (e) {\n return setupEnvVariables.FRONTEGG_SECURE_JWT_ENABLED;\n }\n }\n\n get cookieName(): string {\n const cookieNameEnv = getEnvOrDefault(\n EnvVariables.FRONTEGG_COOKIE_NAME,\n setupEnvVariables.FRONTEGG_COOKIE_NAME ?? 'fe_session'\n );\n return `${cookieNameEnv}-${this.clientId.replace(/-/g, '')}`;\n }\n\n get cookieDomain(): string {\n return generateCookieDomain(this.appUrl);\n }\n\n get authRoutes(): Partial<AuthPageRoutes> {\n return this.fronteggAppOptions?.authOptions?.routes ?? {};\n }\n\n private validatePassword() {\n const passwordMaps = this.password;\n for (let key of Object.keys(passwordMaps)) {\n const password = passwordMaps[key];\n if (!password.match(/[0-9A-Fa-f]{6}/g) || password.length !== 64) {\n throw new InvalidFronteggEnv(\n EnvVariables.FRONTEGG_ENCRYPTION_PASSWORD,\n `Hex string.\\n\\nFor quick password generation use the following command:\\nnode -e \"console.log(crypto.randomBytes(32).toString('hex'))\"`\n );\n }\n }\n }\n\n get password(): PasswordsMap {\n const encryptionPasswordEnv =\n getEnv(EnvVariables.FRONTEGG_ENCRYPTION_PASSWORD) ?? setupEnvVariables.FRONTEGG_ENCRYPTION_PASSWORD;\n\n return normalizeStringPasswordToMap(encryptionPasswordEnv);\n }\n\n get isSSL(): boolean {\n return new URL(this.appUrl).protocol === 'https:';\n }\n\n get isHostedLogin(): boolean {\n return (\n this.fronteggAppOptions.hostedLoginBox ?? getEnvOrDefault(EnvVariables.FRONTEGG_HOSTED_LOGIN, 'false') === 'true'\n );\n }\n\n get isForwardIpEnabled(): boolean {\n if (this.clientSecret) {\n return getEnvOrDefault(EnvVariables.FRONTEGG_HOSTED_LOGIN, 'false') === 'true';\n }\n return false;\n }\n\n get disableInitialPropsRefreshToken(): boolean {\n const disableInitialPropsRefreshToken = getEnvOrDefault(\n EnvVariables.DISABLE_INITIAL_PROPS_REFRESH_TOKEN,\n setupEnvVariables.DISABLE_INITIAL_PROPS_REFRESH_TOKEN\n );\n return disableInitialPropsRefreshToken === 'true';\n }\n\n get appEnvConfig(): AppEnvConfig {\n const config = {\n envAppUrl: this.appUrl,\n envBaseUrl: this.baseUrl,\n envClientId: this.clientId,\n secureJwtEnabled: this.secureJwtEnabled,\n };\n console.log('this.appEnvConfig', config);\n return config;\n }\n}\n\nexport { EnvVariables } from './constants';\nexport default new Config();\n"],"mappings":";;;;;;;;;;;;AAGA,IAAAA,QAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,MAAMG,iBAAiB,GAAG;EACxBC,gBAAgB,EAAEC,OAAO,CAACC,GAAG,CAACF,gBAAgB;EAC9CG,iBAAiB,EAAEF,OAAO,CAACC,GAAG,CAACC,iBAAiB;EAChDC,iBAAiB,EAAEH,OAAO,CAACC,GAAG,CAACE,iBAAiB;EAChDC,kBAAkB,EAAEJ,OAAO,CAACC,GAAG,CAACG,kBAAkB;EAClDC,sBAAsB,EAAEL,OAAO,CAACC,GAAG,CAACI,sBAAsB;EAC1DC,4BAA4B,EAAEN,OAAO,CAACC,GAAG,CAACK,4BAA4B;EACtEC,oBAAoB,EAAEP,OAAO,CAACC,GAAG,CAACM,oBAAoB;EACtDC,uBAAuB,EAAER,OAAO,CAACC,GAAG,CAACO,uBAAuB;EAC5DC,2BAA2B,EAAET,OAAO,CAACC,GAAG,CAACQ,2BAA2B;EACpEC,mCAAmC,EAAEV,OAAO,CAACC,GAAG,CAACS,mCAAmC;EACpFC,MAAM,EAAEX,OAAO,CAACC,GAAG,CAACU,MAAM;EAC1BC,UAAU,EAAEZ,OAAO,CAACC,GAAG,CAACW;AAC1B,CAAC;AAED,MAAMC,MAAM,CAAC;EAGXC,WAAWA,CAAA,EAAG;IAAA,KAFPC,kBAAkB,GAAoC,CAAC,CAAC;IAG7D,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;MACjC,IAAI,CAACC,gBAAgB,EAAE;IACzB;EACF;EAEA,IAAIC,MAAMA,CAAA,EAAW;IACnB,OAAO,IAAAC,uBAAc,GAAE;EACzB;EAEA,IAAIC,OAAOA,CAAA,EAAuB;IAChC,OAAO,IAAAC,wBAAe,EAACC,uBAAY,CAACnB,iBAAiB,EAAEL,iBAAiB,CAACK,iBAAiB,CAAC;EAC7F;EAEA,IAAIoB,OAAOA,CAAA,EAAW;IAAA,IAAAC,OAAA;IACpB,MAAMD,OAAO,IAAAC,OAAA,GAAG,IAAAC,eAAM,EAACH,uBAAY,CAACpB,iBAAiB,CAAC,YAAAsB,OAAA,GAAI1B,iBAAiB,CAACI,iBAAiB;IAC7F,IAAIqB,OAAO,CAACG,QAAQ,CAAC,GAAG,CAAC,EAAE;MACzB,OAAOH,OAAO,CAACI,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7B;IACA,OAAOJ,OAAO;EAChB;EAEA,IAAIK,WAAWA,CAAA,EAAW;IACxB,OAAO,IAAIC,GAAG,CAAC,IAAI,CAACN,OAAO,CAAC,CAACO,QAAQ;EACvC;EAEA,IAAIC,QAAQA,CAAA,EAAW;IAAA,IAAAC,QAAA;IACrB,QAAAA,QAAA,GAAO,IAAAP,eAAM,EAACH,uBAAY,CAAClB,kBAAkB,CAAC,YAAA4B,QAAA,GAAIlC,iBAAiB,CAACM,kBAAkB;EACxF;EAEA,IAAI6B,YAAYA,CAAA,EAAuB;IACrC,IAAIA,YAAY,GAAGC,SAAS;IAC5B,IAAI;MAAA,IAAAC,QAAA;MACFF,YAAY,IAAAE,QAAA,GAAG,IAAAV,eAAM,EAACH,uBAAY,CAACjB,sBAAsB,CAAC,YAAA8B,QAAA,GAAIrC,iBAAiB,CAACO,sBAAsB;IACxG,CAAC,CAAC,OAAO+B,CAAC,EAAE;MACVH,YAAY,GAAGnC,iBAAiB,CAACO,sBAAsB;IACzD;IAEA,IAAI,IAAI,CAACgC,gBAAgB,KAAK,MAAM,IAAI,CAACJ,YAAY,EAAE;MACrD,MAAM,IAAIK,0BAAkB,CAC1BhB,uBAAY,CAACjB,sBAAsB,EACnC,sDAAsD,CACvD;IACH;IACA,OAAO4B,YAAY;EACrB;EAEA,IAAIM,gBAAgBA,CAAA,EAAuB;IACzC,OAAO,IAAAd,eAAM,EAACH,uBAAY,CAACd,uBAAuB,CAAC;EACrD;EAEA,IAAI6B,gBAAgBA,CAAA,EAAuB;IACzC,IAAI;MAAA,IAAAG,QAAA;MACF,QAAAA,QAAA,GAAO,IAAAf,eAAM,EAACH,uBAAY,CAACb,2BAA2B,CAAC,YAAA+B,QAAA,GAAI1C,iBAAiB,CAACW,2BAA2B;IAC1G,CAAC,CAAC,OAAO2B,CAAC,EAAE;MACV,OAAOtC,iBAAiB,CAACW,2BAA2B;IACtD;EACF;EAEA,IAAIgC,UAAUA,CAAA,EAAW;IAAA,IAAAC,qBAAA;IACvB,MAAMC,aAAa,GAAG,IAAAtB,wBAAe,EACnCC,uBAAY,CAACf,oBAAoB,GAAAmC,qBAAA,GACjC5C,iBAAiB,CAACS,oBAAoB,YAAAmC,qBAAA,GAAI,YAAY,CACvD;IACD,OAAQ,GAAEC,aAAc,IAAG,IAAI,CAACZ,QAAQ,CAACa,OAAO,CAAC,IAAI,EAAE,EAAE,CAAE,EAAC;EAC9D;EAEA,IAAIC,YAAYA,CAAA,EAAW;IACzB,OAAO,IAAAC,6BAAoB,EAAC,IAAI,CAAC5B,MAAM,CAAC;EAC1C;EAEA,IAAI6B,UAAUA,CAAA,EAA4B;IAAA,IAAAC,qBAAA,EAAAC,sBAAA,EAAAC,sBAAA;IACxC,QAAAF,qBAAA,IAAAC,sBAAA,GAAO,IAAI,CAAClC,kBAAkB,sBAAAmC,sBAAA,GAAvBD,sBAAA,CAAyBE,WAAW,qBAApCD,sBAAA,CAAsCE,MAAM,YAAAJ,qBAAA,GAAI,CAAC,CAAC;EAC3D;EAEQ/B,gBAAgBA,CAAA,EAAG;IACzB,MAAMoC,YAAY,GAAG,IAAI,CAACC,QAAQ;IAClC,KAAK,IAAIC,GAAG,IAAIC,MAAM,CAACC,IAAI,CAACJ,YAAY,CAAC,EAAE;MACzC,MAAMC,QAAQ,GAAGD,YAAY,CAACE,GAAG,CAAC;MAClC,IAAI,CAACD,QAAQ,CAACI,KAAK,CAAC,iBAAiB,CAAC,IAAIJ,QAAQ,CAACK,MAAM,KAAK,EAAE,EAAE;QAChE,MAAM,IAAIrB,0BAAkB,CAC1BhB,uBAAY,CAAChB,4BAA4B,EACxC,wIAAuI,CACzI;MACH;IACF;EACF;EAEA,IAAIgD,QAAQA,CAAA,EAAiB;IAAA,IAAAM,QAAA;IAC3B,MAAMC,qBAAqB,IAAAD,QAAA,GACzB,IAAAnC,eAAM,EAACH,uBAAY,CAAChB,4BAA4B,CAAC,YAAAsD,QAAA,GAAI9D,iBAAiB,CAACQ,4BAA4B;IAErG,OAAO,IAAAwD,qCAA4B,EAACD,qBAAqB,CAAC;EAC5D;EAEA,IAAIE,KAAKA,CAAA,EAAY;IACnB,OAAO,IAAIlC,GAAG,CAAC,IAAI,CAACX,MAAM,CAAC,CAAC8C,QAAQ,KAAK,QAAQ;EACnD;EAEA,IAAIC,aAAaA,CAAA,EAAY;IAAA,IAAAC,sBAAA;IAC3B,QAAAA,sBAAA,GACE,IAAI,CAACnD,kBAAkB,CAACoD,cAAc,YAAAD,sBAAA,GAAI,IAAA7C,wBAAe,EAACC,uBAAY,CAAC8C,qBAAqB,EAAE,OAAO,CAAC,KAAK,MAAM;EAErH;EAEA,IAAIC,kBAAkBA,CAAA,EAAY;IAChC,IAAI,IAAI,CAACpC,YAAY,EAAE;MACrB,OAAO,IAAAZ,wBAAe,EAACC,uBAAY,CAAC8C,qBAAqB,EAAE,OAAO,CAAC,KAAK,MAAM;IAChF;IACA,OAAO,KAAK;EACd;EAEA,IAAIE,+BAA+BA,CAAA,EAAY;IAC7C,MAAMA,+BAA+B,GAAG,IAAAjD,wBAAe,EACrDC,uBAAY,CAACZ,mCAAmC,EAChDZ,iBAAiB,CAACY,mCAAmC,CACtD;IACD,OAAO4D,+BAA+B,KAAK,MAAM;EACnD;EAEA,IAAIC,YAAYA,CAAA,EAAiB;IAC/B,MAAMC,MAAM,GAAG;MACbC,SAAS,EAAE,IAAI,CAACvD,MAAM;MACtBwD,UAAU,EAAE,IAAI,CAACnD,OAAO;MACxBoD,WAAW,EAAE,IAAI,CAAC5C,QAAQ;MAC1BM,gBAAgB,EAAE,IAAI,CAACA;IACzB,CAAC;IACDuC,OAAO,CAACC,GAAG,CAAC,mBAAmB,EAAEL,MAAM,CAAC;IACxC,OAAOA,MAAM;EACf;AACF;AAAC,IAAAM,QAAA,GAGc,IAAIjE,MAAM,EAAE;AAAAkE,OAAA,CAAAC,OAAA,GAAAF,QAAA"}
|
package/index.js
CHANGED
|
@@ -10,6 +10,7 @@ var _sdkVersion = _interopRequireDefault(require("../sdkVersion"));
|
|
|
10
10
|
var _config = _interopRequireDefault(require("../config"));
|
|
11
11
|
var _cookies = _interopRequireDefault(require("../utils/cookies"));
|
|
12
12
|
var _fronteggLogger = _interopRequireDefault(require("../utils/fronteggLogger"));
|
|
13
|
+
var _helpers = require("../utils/refreshAccessTokenIfNeeded/helpers");
|
|
13
14
|
const logger = _fronteggLogger.default.child({
|
|
14
15
|
tag: 'FronteggApiMiddleware.ProxyRequestCallback'
|
|
15
16
|
});
|
|
@@ -49,6 +50,10 @@ const ProxyRequestCallback = (proxyReq, req) => {
|
|
|
49
50
|
if (cfConnectionIp) {
|
|
50
51
|
proxyReq.setHeader('cf-connecting-ip', cfConnectionIp);
|
|
51
52
|
}
|
|
53
|
+
if ((0, _helpers.isRefreshTokenRequest)(req.url)) {
|
|
54
|
+
logger.debug(`${req.url} | removing Authorization header`);
|
|
55
|
+
proxyReq.removeHeader('authorization');
|
|
56
|
+
}
|
|
52
57
|
['x-invoke-path', 'x-invoke-query', 'x-middleware-invoke', 'x-middleware-next', 'transfer-encoding', 'cache-control'].map(header => proxyReq.removeHeader(header));
|
|
53
58
|
logger.debug(`${req.url} | check if request has body`);
|
|
54
59
|
if (req.method !== 'GET' && req.body) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ProxyRequestCallback.js","names":["_package","_interopRequireDefault","require","_sdkVersion","_config","_cookies","_fronteggLogger","logger","fronteggLogger","child","tag","ProxyRequestCallback","proxyReq","req","_req$headers$xFronte","_req$headers$xFronte2","info","url","debug","allCookies","CookieManager","parseCookieHeader","fronteggCookiesNames","Object","keys","filter","cookieName","startsWith","config","join","forEach","setHeader","headers","NextJsPkg","version","sdkVersion","xForwardedFor","xOriginalForwardedFor","cfConnectionIp","
|
|
1
|
+
{"version":3,"file":"ProxyRequestCallback.js","names":["_package","_interopRequireDefault","require","_sdkVersion","_config","_cookies","_fronteggLogger","_helpers","logger","fronteggLogger","child","tag","ProxyRequestCallback","proxyReq","req","_req$headers$xFronte","_req$headers$xFronte2","info","url","debug","allCookies","CookieManager","parseCookieHeader","fronteggCookiesNames","Object","keys","filter","cookieName","startsWith","config","join","forEach","setHeader","headers","NextJsPkg","version","sdkVersion","xForwardedFor","xOriginalForwardedFor","cfConnectionIp","isRefreshTokenRequest","removeHeader","map","header","method","body","bodyData","JSON","stringify","Buffer","byteLength","write","e","error","_default","exports","default"],"sources":["../../../../packages/nextjs/src/middleware/ProxyRequestCallback.ts"],"sourcesContent":["import NextJsPkg from 'next/package.json';\nimport { ProxyReqCallback } from 'http-proxy';\nimport { ClientRequest } from 'http';\nimport { NextApiRequest } from 'next';\nimport sdkVersion from '../sdkVersion';\nimport config from '../config';\nimport CookieManager from '../utils/cookies';\nimport fronteggLogger from '../utils/fronteggLogger';\nimport { isRefreshTokenRequest } from '../utils/refreshAccessTokenIfNeeded/helpers';\n\nconst logger = fronteggLogger.child({ tag: 'FronteggApiMiddleware.ProxyRequestCallback' });\n/**\n * Proxy request callback fired on before each request to Frontegg services,\n * to transport frontegg cookies.\n *\n * @param {ClientRequest} proxyReq - Proxy request to be sent\n * @param {NextApiRequest} req - Next.js incoming request\n */\nconst ProxyRequestCallback: ProxyReqCallback<ClientRequest, NextApiRequest> = (proxyReq, req) => {\n try {\n logger.info(`${req.url} | Going to proxy request`);\n logger.debug(`${req.url} | parsing request cookies`);\n const allCookies = CookieManager.parseCookieHeader(req);\n logger.debug(`${req.url} | found ${allCookies} cookies`);\n const fronteggCookiesNames = Object.keys(allCookies).filter((cookieName) => {\n return cookieName.startsWith('fe_') && !cookieName.startsWith(config.cookieName);\n });\n\n logger.debug(`${req.url} | proxy FronteggCookies (${fronteggCookiesNames.join(', ')})`);\n fronteggCookiesNames.forEach((cookieName: string) => {\n proxyReq.setHeader(cookieName, allCookies[cookieName]);\n });\n\n proxyReq.setHeader('x-frontegg-framework', req.headers['x-frontegg-framework'] ?? `next@${NextJsPkg.version}`);\n proxyReq.setHeader('x-frontegg-sdk', req.headers['x-frontegg-sdk'] ?? `@frontegg/nextjs@${sdkVersion.version}`);\n proxyReq.setHeader('x-frontegg-middleware', 'true');\n\n const xForwardedFor = req.headers['x-forwarded-for'];\n const xOriginalForwardedFor = req.headers['x-original-forwarded-for'];\n const cfConnectionIp = req.headers['cf-connecting-ip'];\n\n if (xForwardedFor) {\n proxyReq.setHeader('x-forwarded-for', xForwardedFor);\n }\n if (xOriginalForwardedFor) {\n proxyReq.setHeader('x-original-forwarded-for', xOriginalForwardedFor);\n }\n if (cfConnectionIp) {\n proxyReq.setHeader('cf-connecting-ip', cfConnectionIp);\n }\n\n if (isRefreshTokenRequest(req.url!)) {\n logger.debug(`${req.url} | removing Authorization header`);\n proxyReq.removeHeader('authorization');\n }\n\n [\n 'x-invoke-path',\n 'x-invoke-query',\n 'x-middleware-invoke',\n 'x-middleware-next',\n 'transfer-encoding',\n 'cache-control',\n ].map((header) => proxyReq.removeHeader(header));\n\n logger.debug(`${req.url} | check if request has body`);\n if (req.method !== 'GET' && req.body) {\n logger.debug(`${req.url} | writing request body to proxyReq`);\n const bodyData = JSON.stringify(req.body);\n // in case if content-type is application/x-www-form-urlencoded -> we need to change to application/json\n proxyReq.setHeader('Content-Type', 'application/json');\n proxyReq.setHeader('Content-Length', Buffer.byteLength(bodyData));\n // stream the content\n proxyReq.write(bodyData);\n }\n } catch (e) {\n logger.error(`${req.url} | Failed to proxy request`, e);\n }\n};\n\nexport default ProxyRequestCallback;\n"],"mappings":";;;;;;;AAAA,IAAAA,QAAA,GAAAC,sBAAA,CAAAC,OAAA;AAIA,IAAAC,WAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,QAAA,GAAAJ,sBAAA,CAAAC,OAAA;AACA,IAAAI,eAAA,GAAAL,sBAAA,CAAAC,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;EAAEC,GAAG,EAAE;AAA6C,CAAC,CAAC;AAC1F;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,oBAAqE,GAAGA,CAACC,QAAQ,EAAEC,GAAG,KAAK;EAC/F,IAAI;IAAA,IAAAC,oBAAA,EAAAC,qBAAA;IACFR,MAAM,CAACS,IAAI,CAAE,GAAEH,GAAG,CAACI,GAAI,2BAA0B,CAAC;IAClDV,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,4BAA2B,CAAC;IACpD,MAAME,UAAU,GAAGC,gBAAa,CAACC,iBAAiB,CAACR,GAAG,CAAC;IACvDN,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,YAAWE,UAAW,UAAS,CAAC;IACxD,MAAMG,oBAAoB,GAAGC,MAAM,CAACC,IAAI,CAACL,UAAU,CAAC,CAACM,MAAM,CAAEC,UAAU,IAAK;MAC1E,OAAOA,UAAU,CAACC,UAAU,CAAC,KAAK,CAAC,IAAI,CAACD,UAAU,CAACC,UAAU,CAACC,eAAM,CAACF,UAAU,CAAC;IAClF,CAAC,CAAC;IAEFnB,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,6BAA4BK,oBAAoB,CAACO,IAAI,CAAC,IAAI,CAAE,GAAE,CAAC;IACvFP,oBAAoB,CAACQ,OAAO,CAAEJ,UAAkB,IAAK;MACnDd,QAAQ,CAACmB,SAAS,CAACL,UAAU,EAAEP,UAAU,CAACO,UAAU,CAAC,CAAC;IACxD,CAAC,CAAC;IAEFd,QAAQ,CAACmB,SAAS,CAAC,sBAAsB,GAAAjB,oBAAA,GAAED,GAAG,CAACmB,OAAO,CAAC,sBAAsB,CAAC,YAAAlB,oBAAA,GAAK,QAAOmB,gBAAS,CAACC,OAAQ,EAAC,CAAC;IAC9GtB,QAAQ,CAACmB,SAAS,CAAC,gBAAgB,GAAAhB,qBAAA,GAAEF,GAAG,CAACmB,OAAO,CAAC,gBAAgB,CAAC,YAAAjB,qBAAA,GAAK,oBAAmBoB,mBAAU,CAACD,OAAQ,EAAC,CAAC;IAC/GtB,QAAQ,CAACmB,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC;IAEnD,MAAMK,aAAa,GAAGvB,GAAG,CAACmB,OAAO,CAAC,iBAAiB,CAAC;IACpD,MAAMK,qBAAqB,GAAGxB,GAAG,CAACmB,OAAO,CAAC,0BAA0B,CAAC;IACrE,MAAMM,cAAc,GAAGzB,GAAG,CAACmB,OAAO,CAAC,kBAAkB,CAAC;IAEtD,IAAII,aAAa,EAAE;MACjBxB,QAAQ,CAACmB,SAAS,CAAC,iBAAiB,EAAEK,aAAa,CAAC;IACtD;IACA,IAAIC,qBAAqB,EAAE;MACzBzB,QAAQ,CAACmB,SAAS,CAAC,0BAA0B,EAAEM,qBAAqB,CAAC;IACvE;IACA,IAAIC,cAAc,EAAE;MAClB1B,QAAQ,CAACmB,SAAS,CAAC,kBAAkB,EAAEO,cAAc,CAAC;IACxD;IAEA,IAAI,IAAAC,8BAAqB,EAAC1B,GAAG,CAACI,GAAG,CAAE,EAAE;MACnCV,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,kCAAiC,CAAC;MAC1DL,QAAQ,CAAC4B,YAAY,CAAC,eAAe,CAAC;IACxC;IAEA,CACE,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,CAChB,CAACC,GAAG,CAAEC,MAAM,IAAK9B,QAAQ,CAAC4B,YAAY,CAACE,MAAM,CAAC,CAAC;IAEhDnC,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,8BAA6B,CAAC;IACtD,IAAIJ,GAAG,CAAC8B,MAAM,KAAK,KAAK,IAAI9B,GAAG,CAAC+B,IAAI,EAAE;MACpCrC,MAAM,CAACW,KAAK,CAAE,GAAEL,GAAG,CAACI,GAAI,qCAAoC,CAAC;MAC7D,MAAM4B,QAAQ,GAAGC,IAAI,CAACC,SAAS,CAAClC,GAAG,CAAC+B,IAAI,CAAC;MACzC;MACAhC,QAAQ,CAACmB,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC;MACtDnB,QAAQ,CAACmB,SAAS,CAAC,gBAAgB,EAAEiB,MAAM,CAACC,UAAU,CAACJ,QAAQ,CAAC,CAAC;MACjE;MACAjC,QAAQ,CAACsC,KAAK,CAACL,QAAQ,CAAC;IAC1B;EACF,CAAC,CAAC,OAAOM,CAAC,EAAE;IACV5C,MAAM,CAAC6C,KAAK,CAAE,GAAEvC,GAAG,CAACI,GAAI,4BAA2B,EAAEkC,CAAC,CAAC;EACzD;AACF,CAAC;AAAC,IAAAE,QAAA,GAEa1C,oBAAoB;AAAA2C,OAAA,CAAAC,OAAA,GAAAF,QAAA"}
|
package/package.json
CHANGED
package/sdkVersion.js
CHANGED
package/sdkVersion.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sdkVersion.js","names":["version","exports","default","_default"],"sources":["../../../packages/nextjs/src/sdkVersion.ts"],"sourcesContent":["export default { version: '9.0.4-alpha.
|
|
1
|
+
{"version":3,"file":"sdkVersion.js","names":["version","exports","default","_default"],"sources":["../../../packages/nextjs/src/sdkVersion.ts"],"sourcesContent":["export default { version: '9.0.4-alpha.11365177255' };\n"],"mappings":";;;;;;eAAe;EAAEA,OAAO,EAAE;AAA0B,CAAC;AAAAC,OAAA,CAAAC,OAAA,GAAAC,QAAA"}
|
|
@@ -24,3 +24,9 @@ export declare function isSamlCallback(url: string): boolean;
|
|
|
24
24
|
* is posting an http request to the nextjs backend middleware after successfully logged in the user
|
|
25
25
|
*/
|
|
26
26
|
export declare function isSSOPostRequest(url: string): boolean;
|
|
27
|
+
/**
|
|
28
|
+
* Checks if the request URL is a refresh token request.
|
|
29
|
+
* This is used to determine if the current request is targeting
|
|
30
|
+
* one of the predefined refresh token URLs (embedded or hosted modes).
|
|
31
|
+
*/
|
|
32
|
+
export declare function isRefreshTokenRequest(url: string): boolean;
|
|
@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
6
6
|
});
|
|
7
7
|
exports.hasRefreshTokenCookie = hasRefreshTokenCookie;
|
|
8
8
|
exports.isOauthCallback = isOauthCallback;
|
|
9
|
+
exports.isRefreshTokenRequest = isRefreshTokenRequest;
|
|
9
10
|
exports.isRuntimeNextRequest = isRuntimeNextRequest;
|
|
10
11
|
exports.isSSOPostRequest = isSSOPostRequest;
|
|
11
12
|
exports.isSamlCallback = isSamlCallback;
|
|
@@ -16,6 +17,7 @@ var _cookies = _interopRequireDefault(require("../cookies"));
|
|
|
16
17
|
var _api = _interopRequireDefault(require("../../api"));
|
|
17
18
|
var _common = require("../../common");
|
|
18
19
|
var _config = _interopRequireDefault(require("../../config"));
|
|
20
|
+
var _urls = require("../../api/urls");
|
|
19
21
|
function hasRefreshTokenCookie(cookies) {
|
|
20
22
|
const logger = _fronteggLogger.default.child({
|
|
21
23
|
tag: 'refreshToken.hasRefreshTokenCookie'
|
|
@@ -103,4 +105,14 @@ function isSamlCallback(url) {
|
|
|
103
105
|
function isSSOPostRequest(url) {
|
|
104
106
|
return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';
|
|
105
107
|
}
|
|
108
|
+
|
|
109
|
+
/**
|
|
110
|
+
* Checks if the request URL is a refresh token request.
|
|
111
|
+
* This is used to determine if the current request is targeting
|
|
112
|
+
* one of the predefined refresh token URLs (embedded or hosted modes).
|
|
113
|
+
*/
|
|
114
|
+
function isRefreshTokenRequest(url) {
|
|
115
|
+
const refreshTokenUrls = [_urls.ApiUrls.refreshToken.embedded, _urls.ApiUrls.refreshToken.hosted];
|
|
116
|
+
return refreshTokenUrls.includes(url);
|
|
117
|
+
}
|
|
106
118
|
//# sourceMappingURL=helpers.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"helpers.js","names":["_fronteggLogger","_interopRequireDefault","require","_cookies","_api","_common","_config","hasRefreshTokenCookie","cookies","logger","fronteggLogger","child","tag","refreshTokenKey","CookieManager","debug","cookieKey","Object","keys","find","cookie","replace","exists","refreshAccessTokenEmbedded","request","headers","info","api","refreshTokenEmbedded","refreshAccessTokenHostedLogin","sealFromCookies","getSessionCookieFromRequest","tokens","getTokensFromCookie","refreshToken","config","secureJwtEnabled","clientId","clientSecret","refreshTokenHostedLogin","e","error","isRuntimeNextRequest","url","startsWith","isOauthCallback","isSamlCallback","isSSOPostRequest"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessTokenIfNeeded/helpers.ts"],"sourcesContent":["import fronteggLogger from '../fronteggLogger';\nimport CookieManager from '../cookies';\nimport { NextApiRequest } from 'next/dist/shared/lib/utils';\nimport api from '../../api';\nimport { getTokensFromCookie } from '../../common';\nimport { IncomingMessage } from 'http';\nimport config from '../../config';\n\nexport function hasRefreshTokenCookie(cookies: Record<string, any>): boolean {\n const logger = fronteggLogger.child({ tag: 'refreshToken.hasRefreshTokenCookie' });\n const refreshTokenKey = CookieManager.refreshTokenKey;\n logger.debug(`Checking if '${refreshTokenKey}' exists in cookies`);\n const cookieKey = Object.keys(cookies).find((cookie) => {\n return cookie.replace(/-/g, '') === refreshTokenKey;\n });\n const exists: boolean = cookieKey != null;\n logger.debug(`Cookie '${refreshTokenKey}' ${exists ? 'exists' : 'NOT exists'} in cookies`);\n return exists;\n}\n\nexport async function refreshAccessTokenEmbedded(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenEmbedded' });\n\n const headers = request.headers as Record<string, string>;\n const cookies = (request as NextApiRequest).cookies;\n\n logger.info('check if has refresh token headers');\n if (hasRefreshTokenCookie(cookies)) {\n logger.info('going to refresh token (embedded mode)');\n return await api.refreshTokenEmbedded(headers);\n }\n return null;\n}\n\nexport async function refreshAccessTokenHostedLogin(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenHostedLogin' });\n const headers = request.headers as Record<string, string>;\n\n logger.info('trying to get token from cookies');\n\n const sealFromCookies = CookieManager.getSessionCookieFromRequest(request);\n try {\n const tokens = await getTokensFromCookie(sealFromCookies);\n if (!tokens?.refreshToken) {\n logger.info('refresh token not found');\n return null;\n }\n\n if (config.secureJwtEnabled) {\n const clientId = config.clientId;\n const clientSecret = config.clientSecret;\n\n logger.info('going to refresh token (hosted-login mode) (secure-jwt mode)');\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken, clientId, clientSecret);\n } else {\n logger.info('going to refresh token (hosted-login mode) ', tokens.refreshToken);\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken);\n }\n } catch (e) {\n logger.error(e);\n return null;\n }\n}\n\n/**\n * If url starts with /_next/ means that the user trying to navigate\n * to a new nextjs page, in this scenario no need to refresh token\n * we can just return the actual stateless session from\n * the encrypted cookie\n */\nexport function isRuntimeNextRequest(url: string): boolean {\n return url.startsWith('/_next/');\n}\n\n/**\n * If url starts with '/oauth/callback' means that the user navigated back\n * from frontegg hosted login, in this scenario no need to SSR refresh token\n */\nexport function isOauthCallback(url: string): boolean {\n return url.startsWith('/oauth/callback');\n}\n\n/**\n * If url starts with '/account/saml/callback' means that the user navigated back\n * from sso login, in this scenario no need to SSR refresh token\n */\nexport function isSamlCallback(url: string): boolean {\n return url.startsWith('/account/saml/callback') || url.startsWith('/account/oidc/callback');\n}\n\n/**\n * If the url equals to '/frontegg/auth/{provider}/callback', it means that the SSO provider\n * is posting an http request to the nextjs backend middleware after successfully logged in the user\n */\nexport function isSSOPostRequest(url: string): boolean {\n return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';\n}\n"],"mappings":"
|
|
1
|
+
{"version":3,"file":"helpers.js","names":["_fronteggLogger","_interopRequireDefault","require","_cookies","_api","_common","_config","_urls","hasRefreshTokenCookie","cookies","logger","fronteggLogger","child","tag","refreshTokenKey","CookieManager","debug","cookieKey","Object","keys","find","cookie","replace","exists","refreshAccessTokenEmbedded","request","headers","info","api","refreshTokenEmbedded","refreshAccessTokenHostedLogin","sealFromCookies","getSessionCookieFromRequest","tokens","getTokensFromCookie","refreshToken","config","secureJwtEnabled","clientId","clientSecret","refreshTokenHostedLogin","e","error","isRuntimeNextRequest","url","startsWith","isOauthCallback","isSamlCallback","isSSOPostRequest","isRefreshTokenRequest","refreshTokenUrls","ApiUrls","embedded","hosted","includes"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessTokenIfNeeded/helpers.ts"],"sourcesContent":["import fronteggLogger from '../fronteggLogger';\nimport CookieManager from '../cookies';\nimport { NextApiRequest } from 'next/dist/shared/lib/utils';\nimport api from '../../api';\nimport { getTokensFromCookie } from '../../common';\nimport { IncomingMessage } from 'http';\nimport config from '../../config';\nimport { ApiUrls } from '../../api/urls';\n\nexport function hasRefreshTokenCookie(cookies: Record<string, any>): boolean {\n const logger = fronteggLogger.child({ tag: 'refreshToken.hasRefreshTokenCookie' });\n const refreshTokenKey = CookieManager.refreshTokenKey;\n logger.debug(`Checking if '${refreshTokenKey}' exists in cookies`);\n const cookieKey = Object.keys(cookies).find((cookie) => {\n return cookie.replace(/-/g, '') === refreshTokenKey;\n });\n const exists: boolean = cookieKey != null;\n logger.debug(`Cookie '${refreshTokenKey}' ${exists ? 'exists' : 'NOT exists'} in cookies`);\n return exists;\n}\n\nexport async function refreshAccessTokenEmbedded(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenEmbedded' });\n\n const headers = request.headers as Record<string, string>;\n const cookies = (request as NextApiRequest).cookies;\n\n logger.info('check if has refresh token headers');\n if (hasRefreshTokenCookie(cookies)) {\n logger.info('going to refresh token (embedded mode)');\n return await api.refreshTokenEmbedded(headers);\n }\n return null;\n}\n\nexport async function refreshAccessTokenHostedLogin(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenHostedLogin' });\n const headers = request.headers as Record<string, string>;\n\n logger.info('trying to get token from cookies');\n\n const sealFromCookies = CookieManager.getSessionCookieFromRequest(request);\n try {\n const tokens = await getTokensFromCookie(sealFromCookies);\n if (!tokens?.refreshToken) {\n logger.info('refresh token not found');\n return null;\n }\n\n if (config.secureJwtEnabled) {\n const clientId = config.clientId;\n const clientSecret = config.clientSecret;\n\n logger.info('going to refresh token (hosted-login mode) (secure-jwt mode)');\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken, clientId, clientSecret);\n } else {\n logger.info('going to refresh token (hosted-login mode) ', tokens.refreshToken);\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken);\n }\n } catch (e) {\n logger.error(e);\n return null;\n }\n}\n\n/**\n * If url starts with /_next/ means that the user trying to navigate\n * to a new nextjs page, in this scenario no need to refresh token\n * we can just return the actual stateless session from\n * the encrypted cookie\n */\nexport function isRuntimeNextRequest(url: string): boolean {\n return url.startsWith('/_next/');\n}\n\n/**\n * If url starts with '/oauth/callback' means that the user navigated back\n * from frontegg hosted login, in this scenario no need to SSR refresh token\n */\nexport function isOauthCallback(url: string): boolean {\n return url.startsWith('/oauth/callback');\n}\n\n/**\n * If url starts with '/account/saml/callback' means that the user navigated back\n * from sso login, in this scenario no need to SSR refresh token\n */\nexport function isSamlCallback(url: string): boolean {\n return url.startsWith('/account/saml/callback') || url.startsWith('/account/oidc/callback');\n}\n\n/**\n * If the url equals to '/frontegg/auth/{provider}/callback', it means that the SSO provider\n * is posting an http request to the nextjs backend middleware after successfully logged in the user\n */\nexport function isSSOPostRequest(url: string): boolean {\n return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';\n}\n\n/**\n * Checks if the request URL is a refresh token request.\n * This is used to determine if the current request is targeting\n * one of the predefined refresh token URLs (embedded or hosted modes).\n */\nexport function isRefreshTokenRequest(url: string): boolean {\n const refreshTokenUrls = [ApiUrls.refreshToken.embedded, ApiUrls.refreshToken.hosted];\n return refreshTokenUrls.includes(url);\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA,IAAAA,eAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,QAAA,GAAAF,sBAAA,CAAAC,OAAA;AAEA,IAAAE,IAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAL,sBAAA,CAAAC,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAEO,SAASM,qBAAqBA,CAACC,OAA4B,EAAW;EAC3E,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAAqC,CAAC,CAAC;EAClF,MAAMC,eAAe,GAAGC,gBAAa,CAACD,eAAe;EACrDJ,MAAM,CAACM,KAAK,CAAE,gBAAeF,eAAgB,qBAAoB,CAAC;EAClE,MAAMG,SAAS,GAAGC,MAAM,CAACC,IAAI,CAACV,OAAO,CAAC,CAACW,IAAI,CAAEC,MAAM,IAAK;IACtD,OAAOA,MAAM,CAACC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAKR,eAAe;EACrD,CAAC,CAAC;EACF,MAAMS,MAAe,GAAGN,SAAS,IAAI,IAAI;EACzCP,MAAM,CAACM,KAAK,CAAE,WAAUF,eAAgB,KAAIS,MAAM,GAAG,QAAQ,GAAG,YAAa,aAAY,CAAC;EAC1F,OAAOA,MAAM;AACf;AAEO,eAAeC,0BAA0BA,CAACC,OAAwB,EAA4B;EACnG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA0C,CAAC,CAAC;EAEvF,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EACzD,MAAMjB,OAAO,GAAIgB,OAAO,CAAoBhB,OAAO;EAEnDC,MAAM,CAACiB,IAAI,CAAC,oCAAoC,CAAC;EACjD,IAAInB,qBAAqB,CAACC,OAAO,CAAC,EAAE;IAClCC,MAAM,CAACiB,IAAI,CAAC,wCAAwC,CAAC;IACrD,OAAO,MAAMC,YAAG,CAACC,oBAAoB,CAACH,OAAO,CAAC;EAChD;EACA,OAAO,IAAI;AACb;AAEO,eAAeI,6BAA6BA,CAACL,OAAwB,EAA4B;EACtG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA6C,CAAC,CAAC;EAC1F,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EAEzDhB,MAAM,CAACiB,IAAI,CAAC,kCAAkC,CAAC;EAE/C,MAAMI,eAAe,GAAGhB,gBAAa,CAACiB,2BAA2B,CAACP,OAAO,CAAC;EAC1E,IAAI;IACF,MAAMQ,MAAM,GAAG,MAAM,IAAAC,2BAAmB,EAACH,eAAe,CAAC;IACzD,IAAI,EAACE,MAAM,YAANA,MAAM,CAAEE,YAAY,GAAE;MACzBzB,MAAM,CAACiB,IAAI,CAAC,yBAAyB,CAAC;MACtC,OAAO,IAAI;IACb;IAEA,IAAIS,eAAM,CAACC,gBAAgB,EAAE;MAC3B,MAAMC,QAAQ,GAAGF,eAAM,CAACE,QAAQ;MAChC,MAAMC,YAAY,GAAGH,eAAM,CAACG,YAAY;MAExC7B,MAAM,CAACiB,IAAI,CAAC,8DAA8D,CAAC;MAC3E,OAAO,MAAMC,YAAG,CAACY,uBAAuB,CAACd,OAAO,EAAEO,MAAM,CAACE,YAAY,EAAEG,QAAQ,EAAEC,YAAY,CAAC;IAChG,CAAC,MAAM;MACL7B,MAAM,CAACiB,IAAI,CAAC,6CAA6C,EAAEM,MAAM,CAACE,YAAY,CAAC;MAC/E,OAAO,MAAMP,YAAG,CAACY,uBAAuB,CAACd,OAAO,EAAEO,MAAM,CAACE,YAAY,CAAC;IACxE;EACF,CAAC,CAAC,OAAOM,CAAC,EAAE;IACV/B,MAAM,CAACgC,KAAK,CAACD,CAAC,CAAC;IACf,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASE,oBAAoBA,CAACC,GAAW,EAAW;EACzD,OAAOA,GAAG,CAACC,UAAU,CAAC,SAAS,CAAC;AAClC;;AAEA;AACA;AACA;AACA;AACO,SAASC,eAAeA,CAACF,GAAW,EAAW;EACpD,OAAOA,GAAG,CAACC,UAAU,CAAC,iBAAiB,CAAC;AAC1C;;AAEA;AACA;AACA;AACA;AACO,SAASE,cAAcA,CAACH,GAAW,EAAW;EACnD,OAAOA,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC,IAAID,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC;AAC7F;;AAEA;AACA;AACA;AACA;AACO,SAASG,gBAAgBA,CAACJ,GAAW,EAAW;EACrD,OAAOA,GAAG,KAAK,8BAA8B,IAAIA,GAAG,KAAK,8BAA8B;AACzF;;AAEA;AACA;AACA;AACA;AACA;AACO,SAASK,qBAAqBA,CAACL,GAAW,EAAW;EAC1D,MAAMM,gBAAgB,GAAG,CAACC,aAAO,CAAChB,YAAY,CAACiB,QAAQ,EAAED,aAAO,CAAChB,YAAY,CAACkB,MAAM,CAAC;EACrF,OAAOH,gBAAgB,CAACI,QAAQ,CAACV,GAAG,CAAC;AACvC"}
|