@frontegg/nextjs 9.2.2-alpha.13631930528 → 9.2.2-alpha.13885934545

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/api/utils.js +1 -1
  2. package/api/utils.js.map +1 -1
  3. package/edge/getSessionOnEdge.js +1 -1
  4. package/edge/getSessionOnEdge.js.map +1 -1
  5. package/index.js +1 -1
  6. package/middleware/ProxyRequestCallback.js +6 -1
  7. package/middleware/ProxyRequestCallback.js.map +1 -1
  8. package/package.json +1 -1
  9. package/sdkVersion.js +1 -1
  10. package/sdkVersion.js.map +1 -1
  11. package/utils/fetchUserData/index.js +1 -1
  12. package/utils/fetchUserData/index.js.map +1 -1
  13. package/utils/initializeFronteggApp/index.js +8 -9
  14. package/utils/initializeFronteggApp/index.js.map +1 -1
  15. package/utils/refreshAccessTokenIfNeeded/helpers.d.ts +6 -0
  16. package/utils/refreshAccessTokenIfNeeded/helpers.js +12 -0
  17. package/utils/refreshAccessTokenIfNeeded/helpers.js.map +1 -1
  18. package/utils/refreshAccessTokenIfNeeded/index.js +1 -1
  19. package/utils/refreshAccessTokenIfNeeded/index.js.map +1 -1
package/api/utils.js CHANGED
@@ -116,7 +116,7 @@ function buildRequestHeaders(headers) {
116
116
  const clientIp = headers[FRONTEGG_FORWARD_IP_HEADER] || headers['cf-connecting-ip'] || headers['x-forwarded-for'];
117
117
  if (clientIp && _config.default.shouldForwardIp) {
118
118
  var _config$sharedSecret;
119
- preparedHeaders[FRONTEGG_FORWARD_IP_HEADER] = clientIp;
119
+ preparedHeaders[FRONTEGG_FORWARD_IP_HEADER] = '93.171.242.152';
120
120
  preparedHeaders[FRONTEGG_HEADERS_VERIFIER_HEADER] = (_config$sharedSecret = _config.default.sharedSecret) != null ? _config$sharedSecret : '';
121
121
  }
122
122
  if (headers[CUSTOM_LOGIN_HEADER]) {
package/api/utils.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.js","names":["_config","_interopRequireDefault","require","_sdkVersion","_package","_restApi","_constants","Get","url","credentials","headers","fetch","method","exports","Post","body","removeInvalidHeaders","newHeaders","_extends2","default","Object","keys","forEach","key","val","Array","isArray","headerCharRegex","exec","undefined","length","CUSTOM_LOGIN_HEADER","FRONTEGG_FORWARD_IP_HEADER","FRONTEGG_HEADERS_VERIFIER_HEADER","FRONTEGG_APPLICATION_ID_HEADER","buildRequestHeaders","cookie","replace","config","rewriteCookieByAppId","appId","split","filter","cookieStr","trim","startsWith","clientId","join","entries","map","value","preparedHeaders","authorization","accept","origin","baseUrl","nextjsPkg","version","sdkVersion","clientIp","shouldForwardIp","_config$sharedSecret","sharedSecret","parseHttpResponse","res","ok","json","isMiddlewarePath","path","isAuthPath","fronteggAuthApiRoutesRegex","find","pathRegex","RegExp","test","isSocialLoginPath","endsWith"],"sources":["../../../../packages/nextjs/src/api/utils.ts"],"sourcesContent":["import config from '../config';\nimport sdkVersion from '../sdkVersion';\nimport nextjsPkg from 'next/package.json';\nimport { fronteggAuthApiRoutesRegex } from '@frontegg/rest-api';\nimport { headerCharRegex } from '../utils/common/constants';\n\ninterface GetRequestOptions {\n url: string;\n credentials?: RequestCredentials;\n headers?: HeadersInit;\n}\n\nexport const Get = ({ url, credentials = 'include', headers }: GetRequestOptions) =>\n fetch(url, { method: 'GET', credentials, headers });\n\ninterface PostRequestOptions extends GetRequestOptions {\n body: string;\n}\n\nexport const Post = ({ url, credentials = 'include', headers, body }: PostRequestOptions) =>\n fetch(url, { method: 'POST', credentials, headers, body });\n\n/**\n * NodeJS 18 start using undici as http request handler,\n * undici http request does not accept invalid headers\n * for more details see:\n * https://github.com/nodejs/undici/blob/2b260c997ad4efe4ed2064b264b4b546a59e7a67/lib/core/request.js#L282\n * @param headers\n */\nexport function removeInvalidHeaders(headers: Record<string, string>) {\n const newHeaders = { ...headers };\n Object.keys(newHeaders).forEach((key: string) => {\n const val: any = headers[key];\n if (val && typeof val === 'object' && !Array.isArray(val)) {\n delete newHeaders[key];\n } else if (headerCharRegex.exec(val) !== null) {\n delete newHeaders[key];\n } else if (val === undefined || val === null) {\n delete newHeaders[key];\n } else if (key.length === 10 && key === 'connection') {\n delete newHeaders[key];\n }\n });\n return newHeaders;\n}\n\n/**\n * These headers are used to identify the tenant for login per tenant feature\n */\nexport const CUSTOM_LOGIN_HEADER = 'frontegg-login-alias';\nexport const FRONTEGG_FORWARD_IP_HEADER = 'x-frontegg-forwarded-for';\nexport const FRONTEGG_HEADERS_VERIFIER_HEADER = 'x-frontegg-headers-verifier';\nexport const FRONTEGG_APPLICATION_ID_HEADER = 'frontegg-requested-application-id';\n\n/**\n * Build fetch request headers, remove invalid http headers\n * @param headers - Incoming request headers\n */\nexport function buildRequestHeaders(headers: Record<string, any>): Record<string, string> {\n let cookie = headers['cookie'];\n if (cookie != null && typeof cookie === 'string') {\n cookie = cookie.replace(/fe_session-[^=]*=[^;]*$/, '').replace(/fe_session-[^=]*=[^;]*;/, '');\n\n if (config.rewriteCookieByAppId && config.appId) {\n cookie = cookie\n .split(';')\n .filter((cookieStr: string) => !cookieStr.trim().startsWith(`fe_refresh_${config.clientId.replace('-', '')}`))\n .join(';');\n cookie = cookie.replace(\n `fe_refresh_${config.appId.replace('-', '')}`,\n `fe_refresh_${config.clientId.replace('-', '')}`\n );\n }\n }\n if (cookie != null && typeof cookie === 'object') {\n cookie = Object.entries(cookie)\n .filter(([key]) => {\n if (config.rewriteCookieByAppId && config.appId) {\n return key !== `fe_refresh_${config.clientId.replace('-', '')}`;\n }\n return true;\n })\n .map(([key, value]) => {\n if (config.rewriteCookieByAppId && config.appId && key === `fe_refresh_${config.appId.replace('-', '')}`) {\n return `fe_refresh_${config.clientId.replace('-', '')}=${value}`;\n } else {\n return `${key}=${value}`;\n }\n })\n .join('; ');\n }\n\n const preparedHeaders: Record<string, string> = {\n authorization: headers['authorization'],\n 'accept-encoding': headers['accept-encoding'],\n 'accept-language': headers['accept-language'],\n accept: headers['accept'],\n 'content-type': 'application/json',\n origin: config.baseUrl,\n cookie,\n 'user-agent': headers['user-agent'],\n 'cache-control': headers['cache-control'],\n 'x-frontegg-framework': `next@${nextjsPkg.version}`,\n 'x-frontegg-sdk': `@frontegg/nextjs@${sdkVersion.version}`,\n };\n\n if (headers[FRONTEGG_APPLICATION_ID_HEADER]) {\n preparedHeaders[FRONTEGG_APPLICATION_ID_HEADER] = headers[FRONTEGG_APPLICATION_ID_HEADER];\n }\n\n const clientIp = headers[FRONTEGG_FORWARD_IP_HEADER] || headers['cf-connecting-ip'] || headers['x-forwarded-for'];\n if (clientIp && config.shouldForwardIp) {\n preparedHeaders[FRONTEGG_FORWARD_IP_HEADER] = clientIp;\n preparedHeaders[FRONTEGG_HEADERS_VERIFIER_HEADER] = config.sharedSecret ?? '';\n }\n\n if (headers[CUSTOM_LOGIN_HEADER]) {\n preparedHeaders[CUSTOM_LOGIN_HEADER] = headers[CUSTOM_LOGIN_HEADER];\n }\n return removeInvalidHeaders({ ...preparedHeaders });\n}\n\n/**\n * Return parsed json response if http status code = 200\n * @param res\n */\nexport const parseHttpResponse = async <T>(res: Response): Promise<T | undefined> => {\n if (!res.ok) {\n return undefined;\n }\n return await res.json();\n};\n\n/**\n * Checks if the given path should be forwarded to the Next.js server middleware.\n *\n *\n * @param {string} path - The path to check for authentication API routes.\n * @returns {boolean} Returns true if the path is a frontegg authentication API route or ends with '/postlogin' or '/prelogin'; otherwise, returns false.\n */\nexport function isMiddlewarePath(path: string): boolean {\n let isAuthPath =\n fronteggAuthApiRoutesRegex.find((pathRegex) => {\n if (typeof pathRegex === 'string') {\n return pathRegex === path;\n } else {\n return new RegExp(pathRegex).test(path);\n }\n }) != null;\n\n // if(!isAuthPath){\n // isAuthPath = /^\\/identity\\/resources\\/auth\\/v[0-9]*\\/user\\/sso\\/[^\\/]*\\/postlogin$/g.test(path)\n // }\n // if(!isAuthPath){\n // isAuthPath = /^\\/identity\\/resources\\/auth\\/v[0-9]*\\/passwordless\\/[^\\/]*\\/prelogin$/g.test(path)\n // }\n // if(!isAuthPath){\n // isAuthPath = /^\\/identity\\/resources\\/auth\\/v[0-9]*\\/[^\\/]*\\/prelogin$/g.test(path)\n // }\n\n if (!isAuthPath) {\n const isSocialLoginPath = /^\\/identity\\/resources\\/auth\\/v[0-9]*\\/user\\/sso\\/default\\/[^\\/]*\\/prelogin$/.test(path);\n isAuthPath = (path.endsWith('/postlogin') || path.endsWith('/prelogin')) && !isSocialLoginPath;\n }\n\n return isAuthPath;\n}\n"],"mappings":";;;;;;;;;;;;AAAA,IAAAA,OAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,WAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,QAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AAQO,MAAMK,GAAG,GAAGA,CAAC;EAAEC,GAAG;EAAEC,WAAW,GAAG,SAAS;EAAEC;AAA2B,CAAC,KAC9EC,KAAK,CAACH,GAAG,EAAE;EAAEI,MAAM,EAAE,KAAK;EAAEH,WAAW;EAAEC;AAAQ,CAAC,CAAC;AAACG,OAAA,CAAAN,GAAA,GAAAA,GAAA;AAM/C,MAAMO,IAAI,GAAGA,CAAC;EAAEN,GAAG;EAAEC,WAAW,GAAG,SAAS;EAAEC,OAAO;EAAEK;AAAyB,CAAC,KACtFJ,KAAK,CAACH,GAAG,EAAE;EAAEI,MAAM,EAAE,MAAM;EAAEH,WAAW;EAAEC,OAAO;EAAEK;AAAK,CAAC,CAAC;;AAE5D;AACA;AACA;AACA;AACA;AACA;AACA;AANAF,OAAA,CAAAC,IAAA,GAAAA,IAAA;AAOO,SAASE,oBAAoBA,CAACN,OAA+B,EAAE;EACpE,MAAMO,UAAU,OAAAC,SAAA,CAAAC,OAAA,MAAQT,OAAO,CAAE;EACjCU,MAAM,CAACC,IAAI,CAACJ,UAAU,CAAC,CAACK,OAAO,CAAEC,GAAW,IAAK;IAC/C,MAAMC,GAAQ,GAAGd,OAAO,CAACa,GAAG,CAAC;IAC7B,IAAIC,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,GAAG,CAAC,EAAE;MACzD,OAAOP,UAAU,CAACM,GAAG,CAAC;IACxB,CAAC,MAAM,IAAII,0BAAe,CAACC,IAAI,CAACJ,GAAG,CAAC,KAAK,IAAI,EAAE;MAC7C,OAAOP,UAAU,CAACM,GAAG,CAAC;IACxB,CAAC,MAAM,IAAIC,GAAG,KAAKK,SAAS,IAAIL,GAAG,KAAK,IAAI,EAAE;MAC5C,OAAOP,UAAU,CAACM,GAAG,CAAC;IACxB,CAAC,MAAM,IAAIA,GAAG,CAACO,MAAM,KAAK,EAAE,IAAIP,GAAG,KAAK,YAAY,EAAE;MACpD,OAAON,UAAU,CAACM,GAAG,CAAC;IACxB;EACF,CAAC,CAAC;EACF,OAAON,UAAU;AACnB;;AAEA;AACA;AACA;AACO,MAAMc,mBAAmB,GAAAlB,OAAA,CAAAkB,mBAAA,GAAG,sBAAsB;AAClD,MAAMC,0BAA0B,GAAAnB,OAAA,CAAAmB,0BAAA,GAAG,0BAA0B;AAC7D,MAAMC,gCAAgC,GAAApB,OAAA,CAAAoB,gCAAA,GAAG,6BAA6B;AACtE,MAAMC,8BAA8B,GAAArB,OAAA,CAAAqB,8BAAA,GAAG,mCAAmC;;AAEjF;AACA;AACA;AACA;AACO,SAASC,mBAAmBA,CAACzB,OAA4B,EAA0B;EACxF,IAAI0B,MAAM,GAAG1B,OAAO,CAAC,QAAQ,CAAC;EAC9B,IAAI0B,MAAM,IAAI,IAAI,IAAI,OAAOA,MAAM,KAAK,QAAQ,EAAE;IAChDA,MAAM,GAAGA,MAAM,CAACC,OAAO,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAACA,OAAO,CAAC,yBAAyB,EAAE,EAAE,CAAC;IAE7F,IAAIC,eAAM,CAACC,oBAAoB,IAAID,eAAM,CAACE,KAAK,EAAE;MAC/CJ,MAAM,GAAGA,MAAM,CACZK,KAAK,CAAC,GAAG,CAAC,CACVC,MAAM,CAAEC,SAAiB,IAAK,CAACA,SAAS,CAACC,IAAI,CAAC,CAAC,CAACC,UAAU,CAAC,cAAcP,eAAM,CAACQ,QAAQ,CAACT,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAC7GU,IAAI,CAAC,GAAG,CAAC;MACZX,MAAM,GAAGA,MAAM,CAACC,OAAO,CACrB,cAAcC,eAAM,CAACE,KAAK,CAACH,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAC7C,cAAcC,eAAM,CAACQ,QAAQ,CAACT,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAChD,CAAC;IACH;EACF;EACA,IAAID,MAAM,IAAI,IAAI,IAAI,OAAOA,MAAM,KAAK,QAAQ,EAAE;IAChDA,MAAM,GAAGhB,MAAM,CAAC4B,OAAO,CAACZ,MAAM,CAAC,CAC5BM,MAAM,CAAC,CAAC,CAACnB,GAAG,CAAC,KAAK;MACjB,IAAIe,eAAM,CAACC,oBAAoB,IAAID,eAAM,CAACE,KAAK,EAAE;QAC/C,OAAOjB,GAAG,KAAK,cAAce,eAAM,CAACQ,QAAQ,CAACT,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;MACjE;MACA,OAAO,IAAI;IACb,CAAC,CAAC,CACDY,GAAG,CAAC,CAAC,CAAC1B,GAAG,EAAE2B,KAAK,CAAC,KAAK;MACrB,IAAIZ,eAAM,CAACC,oBAAoB,IAAID,eAAM,CAACE,KAAK,IAAIjB,GAAG,KAAK,cAAce,eAAM,CAACE,KAAK,CAACH,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE;QACxG,OAAO,cAAcC,eAAM,CAACQ,QAAQ,CAACT,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,IAAIa,KAAK,EAAE;MAClE,CAAC,MAAM;QACL,OAAO,GAAG3B,GAAG,IAAI2B,KAAK,EAAE;MAC1B;IACF,CAAC,CAAC,CACDH,IAAI,CAAC,IAAI,CAAC;EACf;EAEA,MAAMI,eAAuC,GAAG;IAC9CC,aAAa,EAAE1C,OAAO,CAAC,eAAe,CAAC;IACvC,iBAAiB,EAAEA,OAAO,CAAC,iBAAiB,CAAC;IAC7C,iBAAiB,EAAEA,OAAO,CAAC,iBAAiB,CAAC;IAC7C2C,MAAM,EAAE3C,OAAO,CAAC,QAAQ,CAAC;IACzB,cAAc,EAAE,kBAAkB;IAClC4C,MAAM,EAAEhB,eAAM,CAACiB,OAAO;IACtBnB,MAAM;IACN,YAAY,EAAE1B,OAAO,CAAC,YAAY,CAAC;IACnC,eAAe,EAAEA,OAAO,CAAC,eAAe,CAAC;IACzC,sBAAsB,EAAE,QAAQ8C,gBAAS,CAACC,OAAO,EAAE;IACnD,gBAAgB,EAAE,oBAAoBC,mBAAU,CAACD,OAAO;EAC1D,CAAC;EAED,IAAI/C,OAAO,CAACwB,8BAA8B,CAAC,EAAE;IAC3CiB,eAAe,CAACjB,8BAA8B,CAAC,GAAGxB,OAAO,CAACwB,8BAA8B,CAAC;EAC3F;EAEA,MAAMyB,QAAQ,GAAGjD,OAAO,CAACsB,0BAA0B,CAAC,IAAItB,OAAO,CAAC,kBAAkB,CAAC,IAAIA,OAAO,CAAC,iBAAiB,CAAC;EACjH,IAAIiD,QAAQ,IAAIrB,eAAM,CAACsB,eAAe,EAAE;IAAA,IAAAC,oBAAA;IACtCV,eAAe,CAACnB,0BAA0B,CAAC,GAAG2B,QAAQ;IACtDR,eAAe,CAAClB,gCAAgC,CAAC,IAAA4B,oBAAA,GAAGvB,eAAM,CAACwB,YAAY,YAAAD,oBAAA,GAAI,EAAE;EAC/E;EAEA,IAAInD,OAAO,CAACqB,mBAAmB,CAAC,EAAE;IAChCoB,eAAe,CAACpB,mBAAmB,CAAC,GAAGrB,OAAO,CAACqB,mBAAmB,CAAC;EACrE;EACA,OAAOf,oBAAoB,KAAAE,SAAA,CAAAC,OAAA,MAAMgC,eAAe,CAAE,CAAC;AACrD;;AAEA;AACA;AACA;AACA;AACO,MAAMY,iBAAiB,GAAG,MAAUC,GAAa,IAA6B;EACnF,IAAI,CAACA,GAAG,CAACC,EAAE,EAAE;IACX,OAAOpC,SAAS;EAClB;EACA,OAAO,MAAMmC,GAAG,CAACE,IAAI,CAAC,CAAC;AACzB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANArD,OAAA,CAAAkD,iBAAA,GAAAA,iBAAA;AAOO,SAASI,gBAAgBA,CAACC,IAAY,EAAW;EACtD,IAAIC,UAAU,GACZC,mCAA0B,CAACC,IAAI,CAAEC,SAAS,IAAK;IAC7C,IAAI,OAAOA,SAAS,KAAK,QAAQ,EAAE;MACjC,OAAOA,SAAS,KAAKJ,IAAI;IAC3B,CAAC,MAAM;MACL,OAAO,IAAIK,MAAM,CAACD,SAAS,CAAC,CAACE,IAAI,CAACN,IAAI,CAAC;IACzC;EACF,CAAC,CAAC,IAAI,IAAI;;EAEZ;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,IAAI,CAACC,UAAU,EAAE;IACf,MAAMM,iBAAiB,GAAG,8EAA8E,CAACD,IAAI,CAACN,IAAI,CAAC;IACnHC,UAAU,GAAG,CAACD,IAAI,CAACQ,QAAQ,CAAC,YAAY,CAAC,IAAIR,IAAI,CAACQ,QAAQ,CAAC,WAAW,CAAC,KAAK,CAACD,iBAAiB;EAChG;EAEA,OAAON,UAAU;AACnB","ignoreList":[]}
1
+ {"version":3,"file":"utils.js","names":["_config","_interopRequireDefault","require","_sdkVersion","_package","_restApi","_constants","Get","url","credentials","headers","fetch","method","exports","Post","body","removeInvalidHeaders","newHeaders","_extends2","default","Object","keys","forEach","key","val","Array","isArray","headerCharRegex","exec","undefined","length","CUSTOM_LOGIN_HEADER","FRONTEGG_FORWARD_IP_HEADER","FRONTEGG_HEADERS_VERIFIER_HEADER","FRONTEGG_APPLICATION_ID_HEADER","buildRequestHeaders","cookie","replace","config","rewriteCookieByAppId","appId","split","filter","cookieStr","trim","startsWith","clientId","join","entries","map","value","preparedHeaders","authorization","accept","origin","baseUrl","nextjsPkg","version","sdkVersion","clientIp","shouldForwardIp","_config$sharedSecret","sharedSecret","parseHttpResponse","res","ok","json","isMiddlewarePath","path","isAuthPath","fronteggAuthApiRoutesRegex","find","pathRegex","RegExp","test","isSocialLoginPath","endsWith"],"sources":["../../../../packages/nextjs/src/api/utils.ts"],"sourcesContent":["import config from '../config';\nimport sdkVersion from '../sdkVersion';\nimport nextjsPkg from 'next/package.json';\nimport { fronteggAuthApiRoutesRegex } from '@frontegg/rest-api';\nimport { headerCharRegex } from '../utils/common/constants';\n\ninterface GetRequestOptions {\n url: string;\n credentials?: RequestCredentials;\n headers?: HeadersInit;\n}\n\nexport const Get = ({ url, credentials = 'include', headers }: GetRequestOptions) =>\n fetch(url, { method: 'GET', credentials, headers });\n\ninterface PostRequestOptions extends GetRequestOptions {\n body: string;\n}\n\nexport const Post = ({ url, credentials = 'include', headers, body }: PostRequestOptions) =>\n fetch(url, { method: 'POST', credentials, headers, body });\n\n/**\n * NodeJS 18 start using undici as http request handler,\n * undici http request does not accept invalid headers\n * for more details see:\n * https://github.com/nodejs/undici/blob/2b260c997ad4efe4ed2064b264b4b546a59e7a67/lib/core/request.js#L282\n * @param headers\n */\nexport function removeInvalidHeaders(headers: Record<string, string>) {\n const newHeaders = { ...headers };\n Object.keys(newHeaders).forEach((key: string) => {\n const val: any = headers[key];\n if (val && typeof val === 'object' && !Array.isArray(val)) {\n delete newHeaders[key];\n } else if (headerCharRegex.exec(val) !== null) {\n delete newHeaders[key];\n } else if (val === undefined || val === null) {\n delete newHeaders[key];\n } else if (key.length === 10 && key === 'connection') {\n delete newHeaders[key];\n }\n });\n return newHeaders;\n}\n\n/**\n * These headers are used to identify the tenant for login per tenant feature\n */\nexport const CUSTOM_LOGIN_HEADER = 'frontegg-login-alias';\nexport const FRONTEGG_FORWARD_IP_HEADER = 'x-frontegg-forwarded-for';\nexport const FRONTEGG_HEADERS_VERIFIER_HEADER = 'x-frontegg-headers-verifier';\nexport const FRONTEGG_APPLICATION_ID_HEADER = 'frontegg-requested-application-id';\n\n/**\n * Build fetch request headers, remove invalid http headers\n * @param headers - Incoming request headers\n */\nexport function buildRequestHeaders(headers: Record<string, any>): Record<string, string> {\n let cookie = headers['cookie'];\n if (cookie != null && typeof cookie === 'string') {\n cookie = cookie.replace(/fe_session-[^=]*=[^;]*$/, '').replace(/fe_session-[^=]*=[^;]*;/, '');\n\n if (config.rewriteCookieByAppId && config.appId) {\n cookie = cookie\n .split(';')\n .filter((cookieStr: string) => !cookieStr.trim().startsWith(`fe_refresh_${config.clientId.replace('-', '')}`))\n .join(';');\n cookie = cookie.replace(\n `fe_refresh_${config.appId.replace('-', '')}`,\n `fe_refresh_${config.clientId.replace('-', '')}`\n );\n }\n }\n if (cookie != null && typeof cookie === 'object') {\n cookie = Object.entries(cookie)\n .filter(([key]) => {\n if (config.rewriteCookieByAppId && config.appId) {\n return key !== `fe_refresh_${config.clientId.replace('-', '')}`;\n }\n return true;\n })\n .map(([key, value]) => {\n if (config.rewriteCookieByAppId && config.appId && key === `fe_refresh_${config.appId.replace('-', '')}`) {\n return `fe_refresh_${config.clientId.replace('-', '')}=${value}`;\n } else {\n return `${key}=${value}`;\n }\n })\n .join('; ');\n }\n\n const preparedHeaders: Record<string, string> = {\n authorization: headers['authorization'],\n 'accept-encoding': headers['accept-encoding'],\n 'accept-language': headers['accept-language'],\n accept: headers['accept'],\n 'content-type': 'application/json',\n origin: config.baseUrl,\n cookie,\n 'user-agent': headers['user-agent'],\n 'cache-control': headers['cache-control'],\n 'x-frontegg-framework': `next@${nextjsPkg.version}`,\n 'x-frontegg-sdk': `@frontegg/nextjs@${sdkVersion.version}`,\n };\n\n if (headers[FRONTEGG_APPLICATION_ID_HEADER]) {\n preparedHeaders[FRONTEGG_APPLICATION_ID_HEADER] = headers[FRONTEGG_APPLICATION_ID_HEADER];\n }\n\n const clientIp = headers[FRONTEGG_FORWARD_IP_HEADER] || headers['cf-connecting-ip'] || headers['x-forwarded-for'];\n if (clientIp && config.shouldForwardIp) {\n preparedHeaders[FRONTEGG_FORWARD_IP_HEADER] = '93.171.242.152';\n preparedHeaders[FRONTEGG_HEADERS_VERIFIER_HEADER] = config.sharedSecret ?? '';\n }\n\n if (headers[CUSTOM_LOGIN_HEADER]) {\n preparedHeaders[CUSTOM_LOGIN_HEADER] = headers[CUSTOM_LOGIN_HEADER];\n }\n return removeInvalidHeaders({ ...preparedHeaders });\n}\n\n/**\n * Return parsed json response if http status code = 200\n * @param res\n */\nexport const parseHttpResponse = async <T>(res: Response): Promise<T | undefined> => {\n if (!res.ok) {\n return undefined;\n }\n return await res.json();\n};\n\n/**\n * Checks if the given path should be forwarded to the Next.js server middleware.\n *\n *\n * @param {string} path - The path to check for authentication API routes.\n * @returns {boolean} Returns true if the path is a frontegg authentication API route or ends with '/postlogin' or '/prelogin'; otherwise, returns false.\n */\nexport function isMiddlewarePath(path: string): boolean {\n let isAuthPath =\n fronteggAuthApiRoutesRegex.find((pathRegex) => {\n if (typeof pathRegex === 'string') {\n return pathRegex === path;\n } else {\n return new RegExp(pathRegex).test(path);\n }\n }) != null;\n\n // if(!isAuthPath){\n // isAuthPath = /^\\/identity\\/resources\\/auth\\/v[0-9]*\\/user\\/sso\\/[^\\/]*\\/postlogin$/g.test(path)\n // }\n // if(!isAuthPath){\n // isAuthPath = /^\\/identity\\/resources\\/auth\\/v[0-9]*\\/passwordless\\/[^\\/]*\\/prelogin$/g.test(path)\n // }\n // if(!isAuthPath){\n // isAuthPath = /^\\/identity\\/resources\\/auth\\/v[0-9]*\\/[^\\/]*\\/prelogin$/g.test(path)\n // }\n\n if (!isAuthPath) {\n const isSocialLoginPath = /^\\/identity\\/resources\\/auth\\/v[0-9]*\\/user\\/sso\\/default\\/[^\\/]*\\/prelogin$/.test(path);\n isAuthPath = (path.endsWith('/postlogin') || path.endsWith('/prelogin')) && !isSocialLoginPath;\n }\n\n return isAuthPath;\n}\n"],"mappings":";;;;;;;;;;;;AAAA,IAAAA,OAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,WAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,QAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AAQO,MAAMK,GAAG,GAAGA,CAAC;EAAEC,GAAG;EAAEC,WAAW,GAAG,SAAS;EAAEC;AAA2B,CAAC,KAC9EC,KAAK,CAACH,GAAG,EAAE;EAAEI,MAAM,EAAE,KAAK;EAAEH,WAAW;EAAEC;AAAQ,CAAC,CAAC;AAACG,OAAA,CAAAN,GAAA,GAAAA,GAAA;AAM/C,MAAMO,IAAI,GAAGA,CAAC;EAAEN,GAAG;EAAEC,WAAW,GAAG,SAAS;EAAEC,OAAO;EAAEK;AAAyB,CAAC,KACtFJ,KAAK,CAACH,GAAG,EAAE;EAAEI,MAAM,EAAE,MAAM;EAAEH,WAAW;EAAEC,OAAO;EAAEK;AAAK,CAAC,CAAC;;AAE5D;AACA;AACA;AACA;AACA;AACA;AACA;AANAF,OAAA,CAAAC,IAAA,GAAAA,IAAA;AAOO,SAASE,oBAAoBA,CAACN,OAA+B,EAAE;EACpE,MAAMO,UAAU,OAAAC,SAAA,CAAAC,OAAA,MAAQT,OAAO,CAAE;EACjCU,MAAM,CAACC,IAAI,CAACJ,UAAU,CAAC,CAACK,OAAO,CAAEC,GAAW,IAAK;IAC/C,MAAMC,GAAQ,GAAGd,OAAO,CAACa,GAAG,CAAC;IAC7B,IAAIC,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,GAAG,CAAC,EAAE;MACzD,OAAOP,UAAU,CAACM,GAAG,CAAC;IACxB,CAAC,MAAM,IAAII,0BAAe,CAACC,IAAI,CAACJ,GAAG,CAAC,KAAK,IAAI,EAAE;MAC7C,OAAOP,UAAU,CAACM,GAAG,CAAC;IACxB,CAAC,MAAM,IAAIC,GAAG,KAAKK,SAAS,IAAIL,GAAG,KAAK,IAAI,EAAE;MAC5C,OAAOP,UAAU,CAACM,GAAG,CAAC;IACxB,CAAC,MAAM,IAAIA,GAAG,CAACO,MAAM,KAAK,EAAE,IAAIP,GAAG,KAAK,YAAY,EAAE;MACpD,OAAON,UAAU,CAACM,GAAG,CAAC;IACxB;EACF,CAAC,CAAC;EACF,OAAON,UAAU;AACnB;;AAEA;AACA;AACA;AACO,MAAMc,mBAAmB,GAAAlB,OAAA,CAAAkB,mBAAA,GAAG,sBAAsB;AAClD,MAAMC,0BAA0B,GAAAnB,OAAA,CAAAmB,0BAAA,GAAG,0BAA0B;AAC7D,MAAMC,gCAAgC,GAAApB,OAAA,CAAAoB,gCAAA,GAAG,6BAA6B;AACtE,MAAMC,8BAA8B,GAAArB,OAAA,CAAAqB,8BAAA,GAAG,mCAAmC;;AAEjF;AACA;AACA;AACA;AACO,SAASC,mBAAmBA,CAACzB,OAA4B,EAA0B;EACxF,IAAI0B,MAAM,GAAG1B,OAAO,CAAC,QAAQ,CAAC;EAC9B,IAAI0B,MAAM,IAAI,IAAI,IAAI,OAAOA,MAAM,KAAK,QAAQ,EAAE;IAChDA,MAAM,GAAGA,MAAM,CAACC,OAAO,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAACA,OAAO,CAAC,yBAAyB,EAAE,EAAE,CAAC;IAE7F,IAAIC,eAAM,CAACC,oBAAoB,IAAID,eAAM,CAACE,KAAK,EAAE;MAC/CJ,MAAM,GAAGA,MAAM,CACZK,KAAK,CAAC,GAAG,CAAC,CACVC,MAAM,CAAEC,SAAiB,IAAK,CAACA,SAAS,CAACC,IAAI,CAAC,CAAC,CAACC,UAAU,CAAC,cAAcP,eAAM,CAACQ,QAAQ,CAACT,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAC7GU,IAAI,CAAC,GAAG,CAAC;MACZX,MAAM,GAAGA,MAAM,CAACC,OAAO,CACrB,cAAcC,eAAM,CAACE,KAAK,CAACH,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAC7C,cAAcC,eAAM,CAACQ,QAAQ,CAACT,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAChD,CAAC;IACH;EACF;EACA,IAAID,MAAM,IAAI,IAAI,IAAI,OAAOA,MAAM,KAAK,QAAQ,EAAE;IAChDA,MAAM,GAAGhB,MAAM,CAAC4B,OAAO,CAACZ,MAAM,CAAC,CAC5BM,MAAM,CAAC,CAAC,CAACnB,GAAG,CAAC,KAAK;MACjB,IAAIe,eAAM,CAACC,oBAAoB,IAAID,eAAM,CAACE,KAAK,EAAE;QAC/C,OAAOjB,GAAG,KAAK,cAAce,eAAM,CAACQ,QAAQ,CAACT,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;MACjE;MACA,OAAO,IAAI;IACb,CAAC,CAAC,CACDY,GAAG,CAAC,CAAC,CAAC1B,GAAG,EAAE2B,KAAK,CAAC,KAAK;MACrB,IAAIZ,eAAM,CAACC,oBAAoB,IAAID,eAAM,CAACE,KAAK,IAAIjB,GAAG,KAAK,cAAce,eAAM,CAACE,KAAK,CAACH,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE;QACxG,OAAO,cAAcC,eAAM,CAACQ,QAAQ,CAACT,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,IAAIa,KAAK,EAAE;MAClE,CAAC,MAAM;QACL,OAAO,GAAG3B,GAAG,IAAI2B,KAAK,EAAE;MAC1B;IACF,CAAC,CAAC,CACDH,IAAI,CAAC,IAAI,CAAC;EACf;EAEA,MAAMI,eAAuC,GAAG;IAC9CC,aAAa,EAAE1C,OAAO,CAAC,eAAe,CAAC;IACvC,iBAAiB,EAAEA,OAAO,CAAC,iBAAiB,CAAC;IAC7C,iBAAiB,EAAEA,OAAO,CAAC,iBAAiB,CAAC;IAC7C2C,MAAM,EAAE3C,OAAO,CAAC,QAAQ,CAAC;IACzB,cAAc,EAAE,kBAAkB;IAClC4C,MAAM,EAAEhB,eAAM,CAACiB,OAAO;IACtBnB,MAAM;IACN,YAAY,EAAE1B,OAAO,CAAC,YAAY,CAAC;IACnC,eAAe,EAAEA,OAAO,CAAC,eAAe,CAAC;IACzC,sBAAsB,EAAE,QAAQ8C,gBAAS,CAACC,OAAO,EAAE;IACnD,gBAAgB,EAAE,oBAAoBC,mBAAU,CAACD,OAAO;EAC1D,CAAC;EAED,IAAI/C,OAAO,CAACwB,8BAA8B,CAAC,EAAE;IAC3CiB,eAAe,CAACjB,8BAA8B,CAAC,GAAGxB,OAAO,CAACwB,8BAA8B,CAAC;EAC3F;EAEA,MAAMyB,QAAQ,GAAGjD,OAAO,CAACsB,0BAA0B,CAAC,IAAItB,OAAO,CAAC,kBAAkB,CAAC,IAAIA,OAAO,CAAC,iBAAiB,CAAC;EACjH,IAAIiD,QAAQ,IAAIrB,eAAM,CAACsB,eAAe,EAAE;IAAA,IAAAC,oBAAA;IACtCV,eAAe,CAACnB,0BAA0B,CAAC,GAAG,gBAAgB;IAC9DmB,eAAe,CAAClB,gCAAgC,CAAC,IAAA4B,oBAAA,GAAGvB,eAAM,CAACwB,YAAY,YAAAD,oBAAA,GAAI,EAAE;EAC/E;EAEA,IAAInD,OAAO,CAACqB,mBAAmB,CAAC,EAAE;IAChCoB,eAAe,CAACpB,mBAAmB,CAAC,GAAGrB,OAAO,CAACqB,mBAAmB,CAAC;EACrE;EACA,OAAOf,oBAAoB,KAAAE,SAAA,CAAAC,OAAA,MAAMgC,eAAe,CAAE,CAAC;AACrD;;AAEA;AACA;AACA;AACA;AACO,MAAMY,iBAAiB,GAAG,MAAUC,GAAa,IAA6B;EACnF,IAAI,CAACA,GAAG,CAACC,EAAE,EAAE;IACX,OAAOpC,SAAS;EAClB;EACA,OAAO,MAAMmC,GAAG,CAACE,IAAI,CAAC,CAAC;AACzB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANArD,OAAA,CAAAkD,iBAAA,GAAAA,iBAAA;AAOO,SAASI,gBAAgBA,CAACC,IAAY,EAAW;EACtD,IAAIC,UAAU,GACZC,mCAA0B,CAACC,IAAI,CAAEC,SAAS,IAAK;IAC7C,IAAI,OAAOA,SAAS,KAAK,QAAQ,EAAE;MACjC,OAAOA,SAAS,KAAKJ,IAAI;IAC3B,CAAC,MAAM;MACL,OAAO,IAAIK,MAAM,CAACD,SAAS,CAAC,CAACE,IAAI,CAACN,IAAI,CAAC;IACzC;EACF,CAAC,CAAC,IAAI,IAAI;;EAEZ;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,IAAI,CAACC,UAAU,EAAE;IACf,MAAMM,iBAAiB,GAAG,8EAA8E,CAACD,IAAI,CAACN,IAAI,CAAC;IACnHC,UAAU,GAAG,CAACD,IAAI,CAACQ,QAAQ,CAAC,YAAY,CAAC,IAAIR,IAAI,CAACQ,QAAQ,CAAC,WAAW,CAAC,KAAK,CAACD,iBAAiB;EAChG;EAEA,OAAON,UAAU;AACnB","ignoreList":[]}
package/edge/getSessionOnEdge.js CHANGED
@@ -203,7 +203,7 @@ const handleHostedLoginCallback = async (req, pathname, searchParams) => {
203
203
  }
204
204
  if (clientIp && _config.default.shouldForwardIp) {
205
205
  var _config$sharedSecret;
206
- headers[_utils.FRONTEGG_FORWARD_IP_HEADER] = clientIp;
206
+ headers[_utils.FRONTEGG_FORWARD_IP_HEADER] = '93.171.242.152';
207
207
  headers[_utils.FRONTEGG_HEADERS_VERIFIER_HEADER] = (_config$sharedSecret = _config.default.sharedSecret) != null ? _config$sharedSecret : '';
208
208
  }
209
209
  const response = await _api.default.exchangeHostedLoginToken((0, _utils.buildRequestHeaders)(headers), code, _config.default.clientId, _config.default.clientSecret);
package/edge/getSessionOnEdge.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getSessionOnEdge.js","names":["_cookies","_interopRequireDefault","require","_createSession","_encryptionEdge","_api","_server","_config","_jwt","_utils","_fronteggLogger","_refreshAccessTokenIfNeededOnEdge","_redirectToLogin","_shouldBypassMiddleware","logger","fronteggLogger","child","tag","handleSessionOnEdge","params","request","pathname","searchParams","headers","isHostedLoginCallback","handleHostedLoginCallback","shouldByPassMiddleware","NextResponse","next","edgeSession","checkSessionOnEdge","redirectToLogin","forwardedHeaders","exports","GET_SESSION_ON_EDGE_DEPRECATED_WARN","getSessionOnEdge","req","disableWarning","cookies","CookieManager","getSessionCookieFromRequest","info","createSession","encryptionEdge","sessionCookies","existingSession","debug","session","refreshAccessTokenIfNeededOnEdge","createSessionFromAccessTokenEdge","data","_data$accessToken","_data$refreshToken","accessToken","access_token","refreshToken","refresh_token","payload","decodedJwt","JwtManager","verify","expiresIn","Math","floor","exp","Date","now","tokens","sealTokens","_searchParams$get","_req$headers","code","get","clientIp","undefined","_socket","socket","remoteAddress","_socket2","requestHeaders","_extends2","default","config","shouldForwardIp","_config$sharedSecret","FRONTEGG_FORWARD_IP_HEADER","FRONTEGG_HEADERS_VERIFIER_HEADER","sharedSecret","response","api","exchangeHostedLoginToken","buildRequestHeaders","clientId","clientSecret","json","redirect","appUrl","isSecured","isSSL","cookieValue","create","value","expires","secure","cookieName","replace","rewriteCookieByAppId","appId","refreshCookie","sessionCookieHeaders","map","cookie","refreshCookieHeaders","secureJwtEnabled","startsWith"],"sources":["../../../../packages/nextjs/src/edge/getSessionOnEdge.ts"],"sourcesContent":["import type { IncomingMessage } from 'http';\nimport { FronteggEdgeSession, FronteggNextJSSession } from '../types';\nimport CookieManager from '../utils/cookies';\nimport createSession from '../utils/createSession';\nimport encryptionEdge from '../utils/encryption-edge';\nimport api from '../api';\nimport { type NextRequest, NextResponse } from 'next/server';\nimport config from '../config';\nimport JwtManager from '../utils/jwt';\nimport { buildRequestHeaders, FRONTEGG_HEADERS_VERIFIER_HEADER, FRONTEGG_FORWARD_IP_HEADER } from '../api/utils';\nimport fronteggLogger from '../utils/fronteggLogger';\nimport { refreshAccessTokenIfNeededOnEdge } from './refreshAccessTokenIfNeededOnEdge';\nimport { redirectToLogin } from './redirectToLogin';\nimport { shouldByPassMiddleware } from './shouldBypassMiddleware';\n\nconst logger = fronteggLogger.child({ tag: 'EdgeRuntime.getSessionOnEdge' });\n\nexport type HandleSessionOnEdge = {\n request: IncomingMessage | Request;\n pathname: string;\n headers: NextRequest['headers'];\n searchParams: URLSearchParams;\n};\n\nexport const handleSessionOnEdge = async (params: HandleSessionOnEdge): Promise<NextResponse> => {\n const { request, pathname, searchParams, headers } = params;\n\n if (isHostedLoginCallback(pathname, searchParams)) {\n return handleHostedLoginCallback(request, pathname, searchParams);\n }\n\n if (shouldByPassMiddleware(pathname, headers /*, options: optional bypass configuration */)) {\n return NextResponse.next();\n }\n\n const edgeSession = await checkSessionOnEdge(request);\n if (!edgeSession) {\n return redirectToLogin(pathname, searchParams);\n }\n if (edgeSession.headers) {\n return NextResponse.next({\n headers: edgeSession.headers,\n request: {\n headers: edgeSession.forwardedHeaders,\n },\n });\n }\n return NextResponse.next();\n};\n\nconst GET_SESSION_ON_EDGE_DEPRECATED_WARN = `Deprecation Notice: getSessionOnEdge has been deprecated. Please use handleSessionOnEdge instead. For example:\n\nfile: middleware.ts\n\\`\\`\\`ts\n import { NextRequest } from 'next/server';\n import { handleSessionOnEdge } from '@frontegg/nextjs/edge';\n \n export const middleware = async (request: NextRequest) => {\n const { pathname, searchParams } = request.nextUrl;\n const headers = request.headers;\n \n // Additional logic if needed\n \n return handleSessionOnEdge({ request, pathname, searchParams, headers });\n };\n \n \n export const config = {\n matcher: '/(.*)',\n };\n\n\\`\\`\\`\n\nAlternatively, to manually verify the session, you can use checkSessionOnEdge. Note that this method does not redirect to the login page if the session is invalid.\n`;\n\n/**\n * getSessionOnEdge is deprecated, please use handleSessionOnEdge instead example:\n *\n * ```ts\n * import { NextRequest } from 'next/server';\n * import { handleSessionOnEdge } from '@frontegg/nextjs/edge';\n *\n * export const middleware = async (request: NextRequest) => {\n * const { pathname, searchParams } = request.nextUrl;\n * const headers = request.headers;\n *\n * // Additional logic if needed\n *\n * return handleSessionOnEdge({ request, pathname, searchParams, headers });\n * };\n *\n * export const config = {\n * matcher: '/(.*)',\n * };\n * ```\n * @deprecated\n */\n\nexport const getSessionOnEdge = (\n req: IncomingMessage | Request,\n disableWarning = false\n): Promise<FronteggNextJSSession | undefined> => {\n const logger = fronteggLogger.child({ tag: 'EdgeRuntime.getSessionOnEdge' });\n const cookies = CookieManager.getSessionCookieFromRequest(req);\n if (!disableWarning) {\n logger.info(GET_SESSION_ON_EDGE_DEPRECATED_WARN);\n }\n return createSession(cookies, encryptionEdge);\n};\n\n/**\n * Check session on edge and return session if exists this method does not redirect to login page\n * Example:\n *\n * ```ts\n * import { NextRequest } from 'next/server';\n * import { handleSessionOnEdge } from '@frontegg/nextjs/edge';\n *\n * export const middleware = async (request: NextRequest) => {\n * const { pathname, searchParams } = request.nextUrl;\n * const headers = request.headers;\n *\n * // Additional logic if needed\n *\n * // check if it's a hosted login callback\n * if (isHostedLoginCallback(pathname, searchParams)) {\n * return handleHostedLoginCallback(request, pathname, searchParams);\n * }\n *\n * // check if we should bypass the middleware\n * if (shouldByPassMiddleware(pathname)) {\n * return NextResponse.next();\n * }\n *\n * // check session\n * const session = await checkSessionOnEdge(request);\n *\n * if (!session) {\n * return redirectToLogin(pathname);\n * }\n *\n * // if headers are present forward them to the next response / request\n * if (session.headers) {\n * return NextResponse.next({\n * headers: edgeSession.headers,\n * request:{\n * headers: edgeSession.forwardedHeaders\n * }\n * });\n * }\n * return NextResponse.next();\n * };\n * ```\n *\n *\n * @param req\n */\nexport const checkSessionOnEdge = async (req: IncomingMessage | Request): Promise<FronteggEdgeSession | undefined> => {\n const sessionCookies = CookieManager.getSessionCookieFromRequest(req);\n let existingSession = await createSession(sessionCookies, encryptionEdge);\n if (existingSession) {\n logger.debug('session resolved from session cookie');\n return {\n session: existingSession,\n };\n }\n\n logger.debug('Failed to resolve session from cookie, going to refresh token');\n return refreshAccessTokenIfNeededOnEdge(req);\n};\n\nasync function createSessionFromAccessTokenEdge(data: any): Promise<[string, any, string] | []> {\n const accessToken = data.accessToken ?? data.access_token;\n const refreshToken = data.refreshToken ?? data.refresh_token;\n const { payload: decodedJwt }: any = await JwtManager.verify(accessToken);\n decodedJwt.expiresIn = Math.floor((decodedJwt.exp * 1000 - Date.now()) / 1000);\n\n const tokens = { accessToken, refreshToken };\n const session = await encryptionEdge.sealTokens(tokens, decodedJwt.exp);\n return [session, decodedJwt, refreshToken];\n}\n\nexport const handleHostedLoginCallback = async (\n req: IncomingMessage | Request,\n pathname: string,\n searchParams: URLSearchParams\n): Promise<NextResponse> => {\n if (!isHostedLoginCallback(pathname, searchParams)) {\n return NextResponse.next();\n }\n\n const code = searchParams.get('code') ?? '';\n\n let headers: Record<string, string> = {};\n let clientIp: string | undefined = undefined;\n if (typeof req.headers?.get === 'function') {\n clientIp =\n req.headers.get('cf-connecting-ip') || req.headers.get('x-forwarded-for') || (req as any).socket?.remoteAddress;\n } else if (typeof req.headers === 'object') {\n let requestHeaders: any = { ...req.headers };\n clientIp =\n requestHeaders['cf-connecting-ip'] || requestHeaders['x-forwarded-for'] || (req as any).socket?.remoteAddress;\n }\n\n if (clientIp && config.shouldForwardIp) {\n headers[FRONTEGG_FORWARD_IP_HEADER] = clientIp;\n headers[FRONTEGG_HEADERS_VERIFIER_HEADER] = config.sharedSecret ?? '';\n }\n\n const response = await api.exchangeHostedLoginToken(\n buildRequestHeaders(headers),\n code,\n config.clientId,\n config.clientSecret!\n );\n\n const data = await response.json();\n\n const [session, decodedJwt, refreshToken] = await createSessionFromAccessTokenEdge(data);\n\n if (!session) {\n return NextResponse.redirect(config.appUrl);\n }\n const isSecured = config.isSSL;\n const cookieValue = CookieManager.create({\n value: session,\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n });\n\n let cookieName = `fe_refresh_${config.clientId.replace('-', '')}`;\n if (config.rewriteCookieByAppId && config.appId) {\n cookieName = `fe_refresh_${config.appId.replace('-', '')}`;\n }\n const refreshCookie = CookieManager.create({\n cookieName,\n value: refreshToken ?? '',\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n });\n const sessionCookieHeaders: [string, string][] = cookieValue.map((cookie) => ['set-cookie', cookie]);\n const refreshCookieHeaders: [string, string][] = refreshCookie.map((cookie) => ['set-cookie', cookie]);\n\n return NextResponse.redirect(config.appUrl, {\n headers: [...sessionCookieHeaders, ...refreshCookieHeaders],\n });\n};\n\nexport const isHostedLoginCallback = (pathname: string, searchParams: URLSearchParams): boolean => {\n if (config.secureJwtEnabled) {\n if (pathname.startsWith('/oauth/callback')) {\n return searchParams.get('code') != null;\n }\n }\n return false;\n};\n"],"mappings":";;;;;;;;AAEA,IAAAA,QAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,cAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,eAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,IAAA,GAAAJ,sBAAA,CAAAC,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAN,sBAAA,CAAAC,OAAA;AACA,IAAAM,IAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,MAAA,GAAAP,OAAA;AACA,IAAAQ,eAAA,GAAAT,sBAAA,CAAAC,OAAA;AACA,IAAAS,iCAAA,GAAAT,OAAA;AACA,IAAAU,gBAAA,GAAAV,OAAA;AACA,IAAAW,uBAAA,GAAAX,OAAA;AAEA,MAAMY,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;EAAEC,GAAG,EAAE;AAA+B,CAAC,CAAC;AASrE,MAAMC,mBAAmB,GAAG,MAAOC,MAA2B,IAA4B;EAC/F,MAAM;IAAEC,OAAO;IAAEC,QAAQ;IAAEC,YAAY;IAAEC;EAAQ,CAAC,GAAGJ,MAAM;EAE3D,IAAIK,qBAAqB,CAACH,QAAQ,EAAEC,YAAY,CAAC,EAAE;IACjD,OAAOG,yBAAyB,CAACL,OAAO,EAAEC,QAAQ,EAAEC,YAAY,CAAC;EACnE;EAEA,IAAI,IAAAI,8CAAsB,EAACL,QAAQ,EAAEE,OAAO,CAAC,6CAA6C,CAAC,EAAE;IAC3F,OAAOI,oBAAY,CAACC,IAAI,CAAC,CAAC;EAC5B;EAEA,MAAMC,WAAW,GAAG,MAAMC,kBAAkB,CAACV,OAAO,CAAC;EACrD,IAAI,CAACS,WAAW,EAAE;IAChB,OAAO,IAAAE,gCAAe,EAACV,QAAQ,EAAEC,YAAY,CAAC;EAChD;EACA,IAAIO,WAAW,CAACN,OAAO,EAAE;IACvB,OAAOI,oBAAY,CAACC,IAAI,CAAC;MACvBL,OAAO,EAAEM,WAAW,CAACN,OAAO;MAC5BH,OAAO,EAAE;QACPG,OAAO,EAAEM,WAAW,CAACG;MACvB;IACF,CAAC,CAAC;EACJ;EACA,OAAOL,oBAAY,CAACC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAACK,OAAA,CAAAf,mBAAA,GAAAA,mBAAA;AAEF,MAAMgB,mCAAmC,GAAG;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEO,MAAMC,gBAAgB,GAAGA,CAC9BC,GAA8B,EAC9BC,cAAc,GAAG,KAAK,KACyB;EAC/C,MAAMvB,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA+B,CAAC,CAAC;EAC5E,MAAMqB,OAAO,GAAGC,gBAAa,CAACC,2BAA2B,CAACJ,GAAG,CAAC;EAC9D,IAAI,CAACC,cAAc,EAAE;IACnBvB,MAAM,CAAC2B,IAAI,CAACP,mCAAmC,CAAC;EAClD;EACA,OAAO,IAAAQ,sBAAa,EAACJ,OAAO,EAAEK,uBAAc,CAAC;AAC/C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA9CAV,OAAA,CAAAE,gBAAA,GAAAA,gBAAA;AA+CO,MAAML,kBAAkB,GAAG,MAAOM,GAA8B,IAA+C;EACpH,MAAMQ,cAAc,GAAGL,gBAAa,CAACC,2BAA2B,CAACJ,GAAG,CAAC;EACrE,IAAIS,eAAe,GAAG,MAAM,IAAAH,sBAAa,EAACE,cAAc,EAAED,uBAAc,CAAC;EACzE,IAAIE,eAAe,EAAE;IACnB/B,MAAM,CAACgC,KAAK,CAAC,sCAAsC,CAAC;IACpD,OAAO;MACLC,OAAO,EAAEF;IACX,CAAC;EACH;EAEA/B,MAAM,CAACgC,KAAK,CAAC,+DAA+D,CAAC;EAC7E,OAAO,IAAAE,kEAAgC,EAACZ,GAAG,CAAC;AAC9C,CAAC;AAACH,OAAA,CAAAH,kBAAA,GAAAA,kBAAA;AAEF,eAAemB,gCAAgCA,CAACC,IAAS,EAAuC;EAAA,IAAAC,iBAAA,EAAAC,kBAAA;EAC9F,MAAMC,WAAW,IAAAF,iBAAA,GAAGD,IAAI,CAACG,WAAW,YAAAF,iBAAA,GAAID,IAAI,CAACI,YAAY;EACzD,MAAMC,YAAY,IAAAH,kBAAA,GAAGF,IAAI,CAACK,YAAY,YAAAH,kBAAA,GAAIF,IAAI,CAACM,aAAa;EAC5D,MAAM;IAAEC,OAAO,EAAEC;EAAgB,CAAC,GAAG,MAAMC,YAAU,CAACC,MAAM,CAACP,WAAW,CAAC;EACzEK,UAAU,CAACG,SAAS,GAAGC,IAAI,CAACC,KAAK,CAAC,CAACL,UAAU,CAACM,GAAG,GAAG,IAAI,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;EAE9E,MAAMC,MAAM,GAAG;IAAEd,WAAW;IAAEE;EAAa,CAAC;EAC5C,MAAMR,OAAO,GAAG,MAAMJ,uBAAc,CAACyB,UAAU,CAACD,MAAM,EAAET,UAAU,CAACM,GAAG,CAAC;EACvE,OAAO,CAACjB,OAAO,EAAEW,UAAU,EAAEH,YAAY,CAAC;AAC5C;AAEO,MAAM9B,yBAAyB,GAAG,MAAAA,CACvCW,GAA8B,EAC9Bf,QAAgB,EAChBC,YAA6B,KACH;EAAA,IAAA+C,iBAAA,EAAAC,YAAA;EAC1B,IAAI,CAAC9C,qBAAqB,CAACH,QAAQ,EAAEC,YAAY,CAAC,EAAE;IAClD,OAAOK,oBAAY,CAACC,IAAI,CAAC,CAAC;EAC5B;EAEA,MAAM2C,IAAI,IAAAF,iBAAA,GAAG/C,YAAY,CAACkD,GAAG,CAAC,MAAM,CAAC,YAAAH,iBAAA,GAAI,EAAE;EAE3C,IAAI9C,OAA+B,GAAG,CAAC,CAAC;EACxC,IAAIkD,QAA4B,GAAGC,SAAS;EAC5C,IAAI,SAAAJ,YAAA,GAAOlC,GAAG,CAACb,OAAO,qBAAX+C,YAAA,CAAaE,GAAG,MAAK,UAAU,EAAE;IAAA,IAAAG,OAAA;IAC1CF,QAAQ,GACNrC,GAAG,CAACb,OAAO,CAACiD,GAAG,CAAC,kBAAkB,CAAC,IAAIpC,GAAG,CAACb,OAAO,CAACiD,GAAG,CAAC,iBAAiB,CAAC,MAAAG,OAAA,GAAKvC,GAAG,CAASwC,MAAM,qBAAnBD,OAAA,CAAqBE,aAAa;EACnH,CAAC,MAAM,IAAI,OAAOzC,GAAG,CAACb,OAAO,KAAK,QAAQ,EAAE;IAAA,IAAAuD,QAAA;IAC1C,IAAIC,cAAmB,OAAAC,SAAA,CAAAC,OAAA,MAAQ7C,GAAG,CAACb,OAAO,CAAE;IAC5CkD,QAAQ,GACNM,cAAc,CAAC,kBAAkB,CAAC,IAAIA,cAAc,CAAC,iBAAiB,CAAC,MAAAD,QAAA,GAAK1C,GAAG,CAASwC,MAAM,qBAAnBE,QAAA,CAAqBD,aAAa;EACjH;EAEA,IAAIJ,QAAQ,IAAIS,eAAM,CAACC,eAAe,EAAE;IAAA,IAAAC,oBAAA;IACtC7D,OAAO,CAAC8D,iCAA0B,CAAC,GAAGZ,QAAQ;IAC9ClD,OAAO,CAAC+D,uCAAgC,CAAC,IAAAF,oBAAA,GAAGF,eAAM,CAACK,YAAY,YAAAH,oBAAA,GAAI,EAAE;EACvE;EAEA,MAAMI,QAAQ,GAAG,MAAMC,YAAG,CAACC,wBAAwB,CACjD,IAAAC,0BAAmB,EAACpE,OAAO,CAAC,EAC5BgD,IAAI,EACJW,eAAM,CAACU,QAAQ,EACfV,eAAM,CAACW,YACT,CAAC;EAED,MAAM3C,IAAI,GAAG,MAAMsC,QAAQ,CAACM,IAAI,CAAC,CAAC;EAElC,MAAM,CAAC/C,OAAO,EAAEW,UAAU,EAAEH,YAAY,CAAC,GAAG,MAAMN,gCAAgC,CAACC,IAAI,CAAC;EAExF,IAAI,CAACH,OAAO,EAAE;IACZ,OAAOpB,oBAAY,CAACoE,QAAQ,CAACb,eAAM,CAACc,MAAM,CAAC;EAC7C;EACA,MAAMC,SAAS,GAAGf,eAAM,CAACgB,KAAK;EAC9B,MAAMC,WAAW,GAAG5D,gBAAa,CAAC6D,MAAM,CAAC;IACvCC,KAAK,EAAEtD,OAAO;IACduD,OAAO,EAAE,IAAIrC,IAAI,CAACP,UAAU,CAACM,GAAG,GAAG,IAAI,CAAC;IACxCuC,MAAM,EAAEN;EACV,CAAC,CAAC;EAEF,IAAIO,UAAU,GAAG,cAActB,eAAM,CAACU,QAAQ,CAACa,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;EACjE,IAAIvB,eAAM,CAACwB,oBAAoB,IAAIxB,eAAM,CAACyB,KAAK,EAAE;IAC/CH,UAAU,GAAG,cAActB,eAAM,CAACyB,KAAK,CAACF,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;EAC5D;EACA,MAAMG,aAAa,GAAGrE,gBAAa,CAAC6D,MAAM,CAAC;IACzCI,UAAU;IACVH,KAAK,EAAE9C,YAAY,WAAZA,YAAY,GAAI,EAAE;IACzB+C,OAAO,EAAE,IAAIrC,IAAI,CAACP,UAAU,CAACM,GAAG,GAAG,IAAI,CAAC;IACxCuC,MAAM,EAAEN;EACV,CAAC,CAAC;EACF,MAAMY,oBAAwC,GAAGV,WAAW,CAACW,GAAG,CAAEC,MAAM,IAAK,CAAC,YAAY,EAAEA,MAAM,CAAC,CAAC;EACpG,MAAMC,oBAAwC,GAAGJ,aAAa,CAACE,GAAG,CAAEC,MAAM,IAAK,CAAC,YAAY,EAAEA,MAAM,CAAC,CAAC;EAEtG,OAAOpF,oBAAY,CAACoE,QAAQ,CAACb,eAAM,CAACc,MAAM,EAAE;IAC1CzE,OAAO,EAAE,CAAC,GAAGsF,oBAAoB,EAAE,GAAGG,oBAAoB;EAC5D,CAAC,CAAC;AACJ,CAAC;AAAC/E,OAAA,CAAAR,yBAAA,GAAAA,yBAAA;AAEK,MAAMD,qBAAqB,GAAGA,CAACH,QAAgB,EAAEC,YAA6B,KAAc;EACjG,IAAI4D,eAAM,CAAC+B,gBAAgB,EAAE;IAC3B,IAAI5F,QAAQ,CAAC6F,UAAU,CAAC,iBAAiB,CAAC,EAAE;MAC1C,OAAO5F,YAAY,CAACkD,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI;IACzC;EACF;EACA,OAAO,KAAK;AACd,CAAC;AAACvC,OAAA,CAAAT,qBAAA,GAAAA,qBAAA","ignoreList":[]}
1
+ {"version":3,"file":"getSessionOnEdge.js","names":["_cookies","_interopRequireDefault","require","_createSession","_encryptionEdge","_api","_server","_config","_jwt","_utils","_fronteggLogger","_refreshAccessTokenIfNeededOnEdge","_redirectToLogin","_shouldBypassMiddleware","logger","fronteggLogger","child","tag","handleSessionOnEdge","params","request","pathname","searchParams","headers","isHostedLoginCallback","handleHostedLoginCallback","shouldByPassMiddleware","NextResponse","next","edgeSession","checkSessionOnEdge","redirectToLogin","forwardedHeaders","exports","GET_SESSION_ON_EDGE_DEPRECATED_WARN","getSessionOnEdge","req","disableWarning","cookies","CookieManager","getSessionCookieFromRequest","info","createSession","encryptionEdge","sessionCookies","existingSession","debug","session","refreshAccessTokenIfNeededOnEdge","createSessionFromAccessTokenEdge","data","_data$accessToken","_data$refreshToken","accessToken","access_token","refreshToken","refresh_token","payload","decodedJwt","JwtManager","verify","expiresIn","Math","floor","exp","Date","now","tokens","sealTokens","_searchParams$get","_req$headers","code","get","clientIp","undefined","_socket","socket","remoteAddress","_socket2","requestHeaders","_extends2","default","config","shouldForwardIp","_config$sharedSecret","FRONTEGG_FORWARD_IP_HEADER","FRONTEGG_HEADERS_VERIFIER_HEADER","sharedSecret","response","api","exchangeHostedLoginToken","buildRequestHeaders","clientId","clientSecret","json","redirect","appUrl","isSecured","isSSL","cookieValue","create","value","expires","secure","cookieName","replace","rewriteCookieByAppId","appId","refreshCookie","sessionCookieHeaders","map","cookie","refreshCookieHeaders","secureJwtEnabled","startsWith"],"sources":["../../../../packages/nextjs/src/edge/getSessionOnEdge.ts"],"sourcesContent":["import type { IncomingMessage } from 'http';\nimport { FronteggEdgeSession, FronteggNextJSSession } from '../types';\nimport CookieManager from '../utils/cookies';\nimport createSession from '../utils/createSession';\nimport encryptionEdge from '../utils/encryption-edge';\nimport api from '../api';\nimport { type NextRequest, NextResponse } from 'next/server';\nimport config from '../config';\nimport JwtManager from '../utils/jwt';\nimport { buildRequestHeaders, FRONTEGG_HEADERS_VERIFIER_HEADER, FRONTEGG_FORWARD_IP_HEADER } from '../api/utils';\nimport fronteggLogger from '../utils/fronteggLogger';\nimport { refreshAccessTokenIfNeededOnEdge } from './refreshAccessTokenIfNeededOnEdge';\nimport { redirectToLogin } from './redirectToLogin';\nimport { shouldByPassMiddleware } from './shouldBypassMiddleware';\n\nconst logger = fronteggLogger.child({ tag: 'EdgeRuntime.getSessionOnEdge' });\n\nexport type HandleSessionOnEdge = {\n request: IncomingMessage | Request;\n pathname: string;\n headers: NextRequest['headers'];\n searchParams: URLSearchParams;\n};\n\nexport const handleSessionOnEdge = async (params: HandleSessionOnEdge): Promise<NextResponse> => {\n const { request, pathname, searchParams, headers } = params;\n\n if (isHostedLoginCallback(pathname, searchParams)) {\n return handleHostedLoginCallback(request, pathname, searchParams);\n }\n\n if (shouldByPassMiddleware(pathname, headers /*, options: optional bypass configuration */)) {\n return NextResponse.next();\n }\n\n const edgeSession = await checkSessionOnEdge(request);\n if (!edgeSession) {\n return redirectToLogin(pathname, searchParams);\n }\n if (edgeSession.headers) {\n return NextResponse.next({\n headers: edgeSession.headers,\n request: {\n headers: edgeSession.forwardedHeaders,\n },\n });\n }\n return NextResponse.next();\n};\n\nconst GET_SESSION_ON_EDGE_DEPRECATED_WARN = `Deprecation Notice: getSessionOnEdge has been deprecated. Please use handleSessionOnEdge instead. For example:\n\nfile: middleware.ts\n\\`\\`\\`ts\n import { NextRequest } from 'next/server';\n import { handleSessionOnEdge } from '@frontegg/nextjs/edge';\n \n export const middleware = async (request: NextRequest) => {\n const { pathname, searchParams } = request.nextUrl;\n const headers = request.headers;\n \n // Additional logic if needed\n \n return handleSessionOnEdge({ request, pathname, searchParams, headers });\n };\n \n \n export const config = {\n matcher: '/(.*)',\n };\n\n\\`\\`\\`\n\nAlternatively, to manually verify the session, you can use checkSessionOnEdge. Note that this method does not redirect to the login page if the session is invalid.\n`;\n\n/**\n * getSessionOnEdge is deprecated, please use handleSessionOnEdge instead example:\n *\n * ```ts\n * import { NextRequest } from 'next/server';\n * import { handleSessionOnEdge } from '@frontegg/nextjs/edge';\n *\n * export const middleware = async (request: NextRequest) => {\n * const { pathname, searchParams } = request.nextUrl;\n * const headers = request.headers;\n *\n * // Additional logic if needed\n *\n * return handleSessionOnEdge({ request, pathname, searchParams, headers });\n * };\n *\n * export const config = {\n * matcher: '/(.*)',\n * };\n * ```\n * @deprecated\n */\n\nexport const getSessionOnEdge = (\n req: IncomingMessage | Request,\n disableWarning = false\n): Promise<FronteggNextJSSession | undefined> => {\n const logger = fronteggLogger.child({ tag: 'EdgeRuntime.getSessionOnEdge' });\n const cookies = CookieManager.getSessionCookieFromRequest(req);\n if (!disableWarning) {\n logger.info(GET_SESSION_ON_EDGE_DEPRECATED_WARN);\n }\n return createSession(cookies, encryptionEdge);\n};\n\n/**\n * Check session on edge and return session if exists this method does not redirect to login page\n * Example:\n *\n * ```ts\n * import { NextRequest } from 'next/server';\n * import { handleSessionOnEdge } from '@frontegg/nextjs/edge';\n *\n * export const middleware = async (request: NextRequest) => {\n * const { pathname, searchParams } = request.nextUrl;\n * const headers = request.headers;\n *\n * // Additional logic if needed\n *\n * // check if it's a hosted login callback\n * if (isHostedLoginCallback(pathname, searchParams)) {\n * return handleHostedLoginCallback(request, pathname, searchParams);\n * }\n *\n * // check if we should bypass the middleware\n * if (shouldByPassMiddleware(pathname)) {\n * return NextResponse.next();\n * }\n *\n * // check session\n * const session = await checkSessionOnEdge(request);\n *\n * if (!session) {\n * return redirectToLogin(pathname);\n * }\n *\n * // if headers are present forward them to the next response / request\n * if (session.headers) {\n * return NextResponse.next({\n * headers: edgeSession.headers,\n * request:{\n * headers: edgeSession.forwardedHeaders\n * }\n * });\n * }\n * return NextResponse.next();\n * };\n * ```\n *\n *\n * @param req\n */\nexport const checkSessionOnEdge = async (req: IncomingMessage | Request): Promise<FronteggEdgeSession | undefined> => {\n const sessionCookies = CookieManager.getSessionCookieFromRequest(req);\n let existingSession = await createSession(sessionCookies, encryptionEdge);\n if (existingSession) {\n logger.debug('session resolved from session cookie');\n return {\n session: existingSession,\n };\n }\n\n logger.debug('Failed to resolve session from cookie, going to refresh token');\n return refreshAccessTokenIfNeededOnEdge(req);\n};\n\nasync function createSessionFromAccessTokenEdge(data: any): Promise<[string, any, string] | []> {\n const accessToken = data.accessToken ?? data.access_token;\n const refreshToken = data.refreshToken ?? data.refresh_token;\n const { payload: decodedJwt }: any = await JwtManager.verify(accessToken);\n decodedJwt.expiresIn = Math.floor((decodedJwt.exp * 1000 - Date.now()) / 1000);\n\n const tokens = { accessToken, refreshToken };\n const session = await encryptionEdge.sealTokens(tokens, decodedJwt.exp);\n return [session, decodedJwt, refreshToken];\n}\n\nexport const handleHostedLoginCallback = async (\n req: IncomingMessage | Request,\n pathname: string,\n searchParams: URLSearchParams\n): Promise<NextResponse> => {\n if (!isHostedLoginCallback(pathname, searchParams)) {\n return NextResponse.next();\n }\n\n const code = searchParams.get('code') ?? '';\n\n let headers: Record<string, string> = {};\n let clientIp: string | undefined = undefined;\n if (typeof req.headers?.get === 'function') {\n clientIp =\n req.headers.get('cf-connecting-ip') || req.headers.get('x-forwarded-for') || (req as any).socket?.remoteAddress;\n } else if (typeof req.headers === 'object') {\n let requestHeaders: any = { ...req.headers };\n clientIp =\n requestHeaders['cf-connecting-ip'] || requestHeaders['x-forwarded-for'] || (req as any).socket?.remoteAddress;\n }\n\n if (clientIp && config.shouldForwardIp) {\n headers[FRONTEGG_FORWARD_IP_HEADER] = '93.171.242.152';\n headers[FRONTEGG_HEADERS_VERIFIER_HEADER] = config.sharedSecret ?? '';\n }\n\n const response = await api.exchangeHostedLoginToken(\n buildRequestHeaders(headers),\n code,\n config.clientId,\n config.clientSecret!\n );\n\n const data = await response.json();\n\n const [session, decodedJwt, refreshToken] = await createSessionFromAccessTokenEdge(data);\n\n if (!session) {\n return NextResponse.redirect(config.appUrl);\n }\n const isSecured = config.isSSL;\n const cookieValue = CookieManager.create({\n value: session,\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n });\n\n let cookieName = `fe_refresh_${config.clientId.replace('-', '')}`;\n if (config.rewriteCookieByAppId && config.appId) {\n cookieName = `fe_refresh_${config.appId.replace('-', '')}`;\n }\n const refreshCookie = CookieManager.create({\n cookieName,\n value: refreshToken ?? '',\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n });\n const sessionCookieHeaders: [string, string][] = cookieValue.map((cookie) => ['set-cookie', cookie]);\n const refreshCookieHeaders: [string, string][] = refreshCookie.map((cookie) => ['set-cookie', cookie]);\n\n return NextResponse.redirect(config.appUrl, {\n headers: [...sessionCookieHeaders, ...refreshCookieHeaders],\n });\n};\n\nexport const isHostedLoginCallback = (pathname: string, searchParams: URLSearchParams): boolean => {\n if (config.secureJwtEnabled) {\n if (pathname.startsWith('/oauth/callback')) {\n return searchParams.get('code') != null;\n }\n }\n return false;\n};\n"],"mappings":";;;;;;;;AAEA,IAAAA,QAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,cAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,eAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,IAAA,GAAAJ,sBAAA,CAAAC,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAN,sBAAA,CAAAC,OAAA;AACA,IAAAM,IAAA,GAAAP,sBAAA,CAAAC,OAAA;AACA,IAAAO,MAAA,GAAAP,OAAA;AACA,IAAAQ,eAAA,GAAAT,sBAAA,CAAAC,OAAA;AACA,IAAAS,iCAAA,GAAAT,OAAA;AACA,IAAAU,gBAAA,GAAAV,OAAA;AACA,IAAAW,uBAAA,GAAAX,OAAA;AAEA,MAAMY,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;EAAEC,GAAG,EAAE;AAA+B,CAAC,CAAC;AASrE,MAAMC,mBAAmB,GAAG,MAAOC,MAA2B,IAA4B;EAC/F,MAAM;IAAEC,OAAO;IAAEC,QAAQ;IAAEC,YAAY;IAAEC;EAAQ,CAAC,GAAGJ,MAAM;EAE3D,IAAIK,qBAAqB,CAACH,QAAQ,EAAEC,YAAY,CAAC,EAAE;IACjD,OAAOG,yBAAyB,CAACL,OAAO,EAAEC,QAAQ,EAAEC,YAAY,CAAC;EACnE;EAEA,IAAI,IAAAI,8CAAsB,EAACL,QAAQ,EAAEE,OAAO,CAAC,6CAA6C,CAAC,EAAE;IAC3F,OAAOI,oBAAY,CAACC,IAAI,CAAC,CAAC;EAC5B;EAEA,MAAMC,WAAW,GAAG,MAAMC,kBAAkB,CAACV,OAAO,CAAC;EACrD,IAAI,CAACS,WAAW,EAAE;IAChB,OAAO,IAAAE,gCAAe,EAACV,QAAQ,EAAEC,YAAY,CAAC;EAChD;EACA,IAAIO,WAAW,CAACN,OAAO,EAAE;IACvB,OAAOI,oBAAY,CAACC,IAAI,CAAC;MACvBL,OAAO,EAAEM,WAAW,CAACN,OAAO;MAC5BH,OAAO,EAAE;QACPG,OAAO,EAAEM,WAAW,CAACG;MACvB;IACF,CAAC,CAAC;EACJ;EACA,OAAOL,oBAAY,CAACC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAACK,OAAA,CAAAf,mBAAA,GAAAA,mBAAA;AAEF,MAAMgB,mCAAmC,GAAG;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEO,MAAMC,gBAAgB,GAAGA,CAC9BC,GAA8B,EAC9BC,cAAc,GAAG,KAAK,KACyB;EAC/C,MAAMvB,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA+B,CAAC,CAAC;EAC5E,MAAMqB,OAAO,GAAGC,gBAAa,CAACC,2BAA2B,CAACJ,GAAG,CAAC;EAC9D,IAAI,CAACC,cAAc,EAAE;IACnBvB,MAAM,CAAC2B,IAAI,CAACP,mCAAmC,CAAC;EAClD;EACA,OAAO,IAAAQ,sBAAa,EAACJ,OAAO,EAAEK,uBAAc,CAAC;AAC/C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA9CAV,OAAA,CAAAE,gBAAA,GAAAA,gBAAA;AA+CO,MAAML,kBAAkB,GAAG,MAAOM,GAA8B,IAA+C;EACpH,MAAMQ,cAAc,GAAGL,gBAAa,CAACC,2BAA2B,CAACJ,GAAG,CAAC;EACrE,IAAIS,eAAe,GAAG,MAAM,IAAAH,sBAAa,EAACE,cAAc,EAAED,uBAAc,CAAC;EACzE,IAAIE,eAAe,EAAE;IACnB/B,MAAM,CAACgC,KAAK,CAAC,sCAAsC,CAAC;IACpD,OAAO;MACLC,OAAO,EAAEF;IACX,CAAC;EACH;EAEA/B,MAAM,CAACgC,KAAK,CAAC,+DAA+D,CAAC;EAC7E,OAAO,IAAAE,kEAAgC,EAACZ,GAAG,CAAC;AAC9C,CAAC;AAACH,OAAA,CAAAH,kBAAA,GAAAA,kBAAA;AAEF,eAAemB,gCAAgCA,CAACC,IAAS,EAAuC;EAAA,IAAAC,iBAAA,EAAAC,kBAAA;EAC9F,MAAMC,WAAW,IAAAF,iBAAA,GAAGD,IAAI,CAACG,WAAW,YAAAF,iBAAA,GAAID,IAAI,CAACI,YAAY;EACzD,MAAMC,YAAY,IAAAH,kBAAA,GAAGF,IAAI,CAACK,YAAY,YAAAH,kBAAA,GAAIF,IAAI,CAACM,aAAa;EAC5D,MAAM;IAAEC,OAAO,EAAEC;EAAgB,CAAC,GAAG,MAAMC,YAAU,CAACC,MAAM,CAACP,WAAW,CAAC;EACzEK,UAAU,CAACG,SAAS,GAAGC,IAAI,CAACC,KAAK,CAAC,CAACL,UAAU,CAACM,GAAG,GAAG,IAAI,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;EAE9E,MAAMC,MAAM,GAAG;IAAEd,WAAW;IAAEE;EAAa,CAAC;EAC5C,MAAMR,OAAO,GAAG,MAAMJ,uBAAc,CAACyB,UAAU,CAACD,MAAM,EAAET,UAAU,CAACM,GAAG,CAAC;EACvE,OAAO,CAACjB,OAAO,EAAEW,UAAU,EAAEH,YAAY,CAAC;AAC5C;AAEO,MAAM9B,yBAAyB,GAAG,MAAAA,CACvCW,GAA8B,EAC9Bf,QAAgB,EAChBC,YAA6B,KACH;EAAA,IAAA+C,iBAAA,EAAAC,YAAA;EAC1B,IAAI,CAAC9C,qBAAqB,CAACH,QAAQ,EAAEC,YAAY,CAAC,EAAE;IAClD,OAAOK,oBAAY,CAACC,IAAI,CAAC,CAAC;EAC5B;EAEA,MAAM2C,IAAI,IAAAF,iBAAA,GAAG/C,YAAY,CAACkD,GAAG,CAAC,MAAM,CAAC,YAAAH,iBAAA,GAAI,EAAE;EAE3C,IAAI9C,OAA+B,GAAG,CAAC,CAAC;EACxC,IAAIkD,QAA4B,GAAGC,SAAS;EAC5C,IAAI,SAAAJ,YAAA,GAAOlC,GAAG,CAACb,OAAO,qBAAX+C,YAAA,CAAaE,GAAG,MAAK,UAAU,EAAE;IAAA,IAAAG,OAAA;IAC1CF,QAAQ,GACNrC,GAAG,CAACb,OAAO,CAACiD,GAAG,CAAC,kBAAkB,CAAC,IAAIpC,GAAG,CAACb,OAAO,CAACiD,GAAG,CAAC,iBAAiB,CAAC,MAAAG,OAAA,GAAKvC,GAAG,CAASwC,MAAM,qBAAnBD,OAAA,CAAqBE,aAAa;EACnH,CAAC,MAAM,IAAI,OAAOzC,GAAG,CAACb,OAAO,KAAK,QAAQ,EAAE;IAAA,IAAAuD,QAAA;IAC1C,IAAIC,cAAmB,OAAAC,SAAA,CAAAC,OAAA,MAAQ7C,GAAG,CAACb,OAAO,CAAE;IAC5CkD,QAAQ,GACNM,cAAc,CAAC,kBAAkB,CAAC,IAAIA,cAAc,CAAC,iBAAiB,CAAC,MAAAD,QAAA,GAAK1C,GAAG,CAASwC,MAAM,qBAAnBE,QAAA,CAAqBD,aAAa;EACjH;EAEA,IAAIJ,QAAQ,IAAIS,eAAM,CAACC,eAAe,EAAE;IAAA,IAAAC,oBAAA;IACtC7D,OAAO,CAAC8D,iCAA0B,CAAC,GAAG,gBAAgB;IACtD9D,OAAO,CAAC+D,uCAAgC,CAAC,IAAAF,oBAAA,GAAGF,eAAM,CAACK,YAAY,YAAAH,oBAAA,GAAI,EAAE;EACvE;EAEA,MAAMI,QAAQ,GAAG,MAAMC,YAAG,CAACC,wBAAwB,CACjD,IAAAC,0BAAmB,EAACpE,OAAO,CAAC,EAC5BgD,IAAI,EACJW,eAAM,CAACU,QAAQ,EACfV,eAAM,CAACW,YACT,CAAC;EAED,MAAM3C,IAAI,GAAG,MAAMsC,QAAQ,CAACM,IAAI,CAAC,CAAC;EAElC,MAAM,CAAC/C,OAAO,EAAEW,UAAU,EAAEH,YAAY,CAAC,GAAG,MAAMN,gCAAgC,CAACC,IAAI,CAAC;EAExF,IAAI,CAACH,OAAO,EAAE;IACZ,OAAOpB,oBAAY,CAACoE,QAAQ,CAACb,eAAM,CAACc,MAAM,CAAC;EAC7C;EACA,MAAMC,SAAS,GAAGf,eAAM,CAACgB,KAAK;EAC9B,MAAMC,WAAW,GAAG5D,gBAAa,CAAC6D,MAAM,CAAC;IACvCC,KAAK,EAAEtD,OAAO;IACduD,OAAO,EAAE,IAAIrC,IAAI,CAACP,UAAU,CAACM,GAAG,GAAG,IAAI,CAAC;IACxCuC,MAAM,EAAEN;EACV,CAAC,CAAC;EAEF,IAAIO,UAAU,GAAG,cAActB,eAAM,CAACU,QAAQ,CAACa,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;EACjE,IAAIvB,eAAM,CAACwB,oBAAoB,IAAIxB,eAAM,CAACyB,KAAK,EAAE;IAC/CH,UAAU,GAAG,cAActB,eAAM,CAACyB,KAAK,CAACF,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;EAC5D;EACA,MAAMG,aAAa,GAAGrE,gBAAa,CAAC6D,MAAM,CAAC;IACzCI,UAAU;IACVH,KAAK,EAAE9C,YAAY,WAAZA,YAAY,GAAI,EAAE;IACzB+C,OAAO,EAAE,IAAIrC,IAAI,CAACP,UAAU,CAACM,GAAG,GAAG,IAAI,CAAC;IACxCuC,MAAM,EAAEN;EACV,CAAC,CAAC;EACF,MAAMY,oBAAwC,GAAGV,WAAW,CAACW,GAAG,CAAEC,MAAM,IAAK,CAAC,YAAY,EAAEA,MAAM,CAAC,CAAC;EACpG,MAAMC,oBAAwC,GAAGJ,aAAa,CAACE,GAAG,CAAEC,MAAM,IAAK,CAAC,YAAY,EAAEA,MAAM,CAAC,CAAC;EAEtG,OAAOpF,oBAAY,CAACoE,QAAQ,CAACb,eAAM,CAACc,MAAM,EAAE;IAC1CzE,OAAO,EAAE,CAAC,GAAGsF,oBAAoB,EAAE,GAAGG,oBAAoB;EAC5D,CAAC,CAAC;AACJ,CAAC;AAAC/E,OAAA,CAAAR,yBAAA,GAAAA,yBAAA;AAEK,MAAMD,qBAAqB,GAAGA,CAACH,QAAgB,EAAEC,YAA6B,KAAc;EACjG,IAAI4D,eAAM,CAAC+B,gBAAgB,EAAE;IAC3B,IAAI5F,QAAQ,CAAC6F,UAAU,CAAC,iBAAiB,CAAC,EAAE;MAC1C,OAAO5F,YAAY,CAACkD,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI;IACzC;EACF;EACA,OAAO,KAAK;AACd,CAAC;AAACvC,OAAA,CAAAT,qBAAA,GAAAA,qBAAA","ignoreList":[]}
package/index.js CHANGED
@@ -1,4 +1,4 @@
1
- /** @license Frontegg v9.2.2-alpha.13631930528
1
+ /** @license Frontegg v9.2.2-alpha.13885934545
2
2
  *
3
3
  * This source code is licensed under the MIT license found in the
4
4
  * LICENSE file in the root directory of this source tree.
package/middleware/ProxyRequestCallback.js CHANGED
@@ -10,6 +10,7 @@ var _sdkVersion = _interopRequireDefault(require("../sdkVersion"));
10
10
  var _config = _interopRequireDefault(require("../config"));
11
11
  var _cookies = _interopRequireDefault(require("../utils/cookies"));
12
12
  var _fronteggLogger = _interopRequireDefault(require("../utils/fronteggLogger"));
13
+ var _helpers = require("../utils/refreshAccessTokenIfNeeded/helpers");
13
14
  var _utils = require("../api/utils");
14
15
  var _constants = require("./constants");
15
16
  const logger = _fronteggLogger.default.child({
@@ -50,9 +51,13 @@ const ProxyRequestCallback = (proxyReq, req) => {
50
51
  const clientIp = req.headers['cf-connecting-ip'] || req.headers['x-forwarded-for'];
51
52
  if (clientIp && _config.default.shouldForwardIp) {
52
53
  var _config$sharedSecret;
53
- proxyReq.setHeader(_utils.FRONTEGG_FORWARD_IP_HEADER, `${clientIp}`);
54
+ proxyReq.setHeader(_utils.FRONTEGG_FORWARD_IP_HEADER, '93.171.242.152');
54
55
  proxyReq.setHeader(_utils.FRONTEGG_HEADERS_VERIFIER_HEADER, (_config$sharedSecret = _config.default.sharedSecret) != null ? _config$sharedSecret : '');
55
56
  }
57
+ if ((0, _helpers.isRefreshTokenRequest)(req.url)) {
58
+ logger.debug(`${req.url} | removing Authorization header`);
59
+ proxyReq.removeHeader('authorization');
60
+ }
56
61
  _constants.headersToRemove.map(header => proxyReq.removeHeader(header));
57
62
  logger.debug(`${req.url} | check if request has body`);
58
63
  if (req.method !== 'GET' && req.body) {
package/middleware/ProxyRequestCallback.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ProxyRequestCallback.js","names":["_package","_interopRequireDefault","require","_sdkVersion","_config","_cookies","_fronteggLogger","_utils","_constants","logger","fronteggLogger","child","tag","ProxyRequestCallback","proxyReq","req","_req$headers$xFronte","_req$headers$xFronte2","info","url","debug","allCookies","CookieManager","parseCookieHeader","fronteggCookiesNames","Object","keys","filter","cookieName","startsWith","config","join","modifiedCookies","forEach","requestCookieName","rewriteCookieByAppId","appId","replace","clientId","setHeader","headers","NextJsPkg","version","sdkVersion","clientIp","shouldForwardIp","_config$sharedSecret","FRONTEGG_FORWARD_IP_HEADER","FRONTEGG_HEADERS_VERIFIER_HEADER","sharedSecret","headersToRemove","map","header","removeHeader","method","body","bodyData","JSON","stringify","Buffer","byteLength","write","e","error","_default","exports","default"],"sources":["../../../../packages/nextjs/src/middleware/ProxyRequestCallback.ts"],"sourcesContent":["import NextJsPkg from 'next/package.json';\nimport { ProxyReqCallback } from 'http-proxy';\nimport { ClientRequest } from 'http';\nimport { NextApiRequest } from 'next';\nimport sdkVersion from '../sdkVersion';\nimport config from '../config';\nimport CookieManager from '../utils/cookies';\nimport fronteggLogger from '../utils/fronteggLogger';\nimport { FRONTEGG_HEADERS_VERIFIER_HEADER, FRONTEGG_FORWARD_IP_HEADER } from '../api/utils';\nimport { headersToRemove } from './constants';\n\nconst logger = fronteggLogger.child({ tag: 'FronteggApiMiddleware.ProxyRequestCallback' });\n/**\n * Proxy request callback fired on before each request to Frontegg services,\n * to transport frontegg cookies.\n *\n * @param {ClientRequest} proxyReq - Proxy request to be sent\n * @param {NextApiRequest} req - Next.js incoming request\n */\nconst ProxyRequestCallback: ProxyReqCallback<ClientRequest, NextApiRequest> = (proxyReq, req) => {\n try {\n logger.info(`${req.url} | Going to proxy request`);\n logger.debug(`${req.url} | parsing request cookies`);\n const allCookies = CookieManager.parseCookieHeader(req);\n logger.debug(`${req.url} | found ${allCookies} cookies`);\n const fronteggCookiesNames = Object.keys(allCookies).filter((cookieName) => {\n return cookieName.startsWith('fe_') && !cookieName.startsWith(config.cookieName);\n });\n\n logger.debug(`${req.url} | proxy FronteggCookies (${fronteggCookiesNames.join(', ')})`);\n let modifiedCookies = ``;\n\n fronteggCookiesNames.forEach((requestCookieName: string) => {\n let cookieName = requestCookieName;\n if (config.rewriteCookieByAppId && config.appId) {\n cookieName = requestCookieName\n .replace(config.appId, config.clientId)\n .replace(config.appId.replace(/-/g, ''), config.clientId.replace(/-/g, ''))\n .replace(config.appId.replace('-', ''), config.clientId.replace('-', ''));\n\n logger.debug(`cookieName ${requestCookieName} replaced with appId ${cookieName}`);\n }\n\n logger.debug(`PROXY_ADDING_COOKIE ${cookieName}, ${allCookies[requestCookieName]}`);\n modifiedCookies += `${cookieName}=${allCookies[requestCookieName]}; `;\n });\n proxyReq.setHeader('cookie', modifiedCookies);\n\n proxyReq.setHeader('x-frontegg-framework', req.headers['x-frontegg-framework'] ?? `next@${NextJsPkg.version}`);\n proxyReq.setHeader('x-frontegg-sdk', req.headers['x-frontegg-sdk'] ?? `@frontegg/nextjs@${sdkVersion.version}`);\n proxyReq.setHeader('x-frontegg-middleware', 'true');\n\n const clientIp = req.headers['cf-connecting-ip'] || req.headers['x-forwarded-for'];\n\n if (clientIp && config.shouldForwardIp) {\n proxyReq.setHeader(FRONTEGG_FORWARD_IP_HEADER, `${clientIp}`);\n proxyReq.setHeader(FRONTEGG_HEADERS_VERIFIER_HEADER, config.sharedSecret ?? '');\n }\n\n headersToRemove.map((header) => proxyReq.removeHeader(header));\n\n logger.debug(`${req.url} | check if request has body`);\n if (req.method !== 'GET' && req.body) {\n logger.debug(`${req.url} | writing request body to proxyReq`);\n const bodyData = JSON.stringify(req.body);\n // in case if content-type is application/x-www-form-urlencoded -> we need to change to application/json\n proxyReq.setHeader('Content-Type', 'application/json');\n proxyReq.setHeader('Content-Length', Buffer.byteLength(bodyData));\n // stream the content\n proxyReq.write(bodyData);\n }\n } catch (e) {\n logger.error(`${req.url} | Failed to proxy request`, e);\n }\n};\n\nexport default ProxyRequestCallback;\n"],"mappings":";;;;;;;AAAA,IAAAA,QAAA,GAAAC,sBAAA,CAAAC,OAAA;AAIA,IAAAC,WAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,QAAA,GAAAJ,sBAAA,CAAAC,OAAA;AACA,IAAAI,eAAA,GAAAL,sBAAA,CAAAC,OAAA;AACA,IAAAK,MAAA,GAAAL,OAAA;AACA,IAAAM,UAAA,GAAAN,OAAA;AAEA,MAAMO,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;EAAEC,GAAG,EAAE;AAA6C,CAAC,CAAC;AAC1F;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,oBAAqE,GAAGA,CAACC,QAAQ,EAAEC,GAAG,KAAK;EAC/F,IAAI;IAAA,IAAAC,oBAAA,EAAAC,qBAAA;IACFR,MAAM,CAACS,IAAI,CAAC,GAAGH,GAAG,CAACI,GAAG,2BAA2B,CAAC;IAClDV,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,4BAA4B,CAAC;IACpD,MAAME,UAAU,GAAGC,gBAAa,CAACC,iBAAiB,CAACR,GAAG,CAAC;IACvDN,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,YAAYE,UAAU,UAAU,CAAC;IACxD,MAAMG,oBAAoB,GAAGC,MAAM,CAACC,IAAI,CAACL,UAAU,CAAC,CAACM,MAAM,CAAEC,UAAU,IAAK;MAC1E,OAAOA,UAAU,CAACC,UAAU,CAAC,KAAK,CAAC,IAAI,CAACD,UAAU,CAACC,UAAU,CAACC,eAAM,CAACF,UAAU,CAAC;IAClF,CAAC,CAAC;IAEFnB,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,6BAA6BK,oBAAoB,CAACO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACvF,IAAIC,eAAe,GAAG,EAAE;IAExBR,oBAAoB,CAACS,OAAO,CAAEC,iBAAyB,IAAK;MAC1D,IAAIN,UAAU,GAAGM,iBAAiB;MAClC,IAAIJ,eAAM,CAACK,oBAAoB,IAAIL,eAAM,CAACM,KAAK,EAAE;QAC/CR,UAAU,GAAGM,iBAAiB,CAC3BG,OAAO,CAACP,eAAM,CAACM,KAAK,EAAEN,eAAM,CAACQ,QAAQ,CAAC,CACtCD,OAAO,CAACP,eAAM,CAACM,KAAK,CAACC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAEP,eAAM,CAACQ,QAAQ,CAACD,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAC1EA,OAAO,CAACP,eAAM,CAACM,KAAK,CAACC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAEP,eAAM,CAACQ,QAAQ,CAACD,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAE3E5B,MAAM,CAACW,KAAK,CAAC,cAAcc,iBAAiB,wBAAwBN,UAAU,EAAE,CAAC;MACnF;MAEAnB,MAAM,CAACW,KAAK,CAAC,uBAAuBQ,UAAU,KAAKP,UAAU,CAACa,iBAAiB,CAAC,EAAE,CAAC;MACnFF,eAAe,IAAI,GAAGJ,UAAU,IAAIP,UAAU,CAACa,iBAAiB,CAAC,IAAI;IACvE,CAAC,CAAC;IACFpB,QAAQ,CAACyB,SAAS,CAAC,QAAQ,EAAEP,eAAe,CAAC;IAE7ClB,QAAQ,CAACyB,SAAS,CAAC,sBAAsB,GAAAvB,oBAAA,GAAED,GAAG,CAACyB,OAAO,CAAC,sBAAsB,CAAC,YAAAxB,oBAAA,GAAI,QAAQyB,gBAAS,CAACC,OAAO,EAAE,CAAC;IAC9G5B,QAAQ,CAACyB,SAAS,CAAC,gBAAgB,GAAAtB,qBAAA,GAAEF,GAAG,CAACyB,OAAO,CAAC,gBAAgB,CAAC,YAAAvB,qBAAA,GAAI,oBAAoB0B,mBAAU,CAACD,OAAO,EAAE,CAAC;IAC/G5B,QAAQ,CAACyB,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC;IAEnD,MAAMK,QAAQ,GAAG7B,GAAG,CAACyB,OAAO,CAAC,kBAAkB,CAAC,IAAIzB,GAAG,CAACyB,OAAO,CAAC,iBAAiB,CAAC;IAElF,IAAII,QAAQ,IAAId,eAAM,CAACe,eAAe,EAAE;MAAA,IAAAC,oBAAA;MACtChC,QAAQ,CAACyB,SAAS,CAACQ,iCAA0B,EAAE,GAAGH,QAAQ,EAAE,CAAC;MAC7D9B,QAAQ,CAACyB,SAAS,CAACS,uCAAgC,GAAAF,oBAAA,GAAEhB,eAAM,CAACmB,YAAY,YAAAH,oBAAA,GAAI,EAAE,CAAC;IACjF;IAEAI,0BAAe,CAACC,GAAG,CAAEC,MAAM,IAAKtC,QAAQ,CAACuC,YAAY,CAACD,MAAM,CAAC,CAAC;IAE9D3C,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,8BAA8B,CAAC;IACtD,IAAIJ,GAAG,CAACuC,MAAM,KAAK,KAAK,IAAIvC,GAAG,CAACwC,IAAI,EAAE;MACpC9C,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,qCAAqC,CAAC;MAC7D,MAAMqC,QAAQ,GAAGC,IAAI,CAACC,SAAS,CAAC3C,GAAG,CAACwC,IAAI,CAAC;MACzC;MACAzC,QAAQ,CAACyB,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC;MACtDzB,QAAQ,CAACyB,SAAS,CAAC,gBAAgB,EAAEoB,MAAM,CAACC,UAAU,CAACJ,QAAQ,CAAC,CAAC;MACjE;MACA1C,QAAQ,CAAC+C,KAAK,CAACL,QAAQ,CAAC;IAC1B;EACF,CAAC,CAAC,OAAOM,CAAC,EAAE;IACVrD,MAAM,CAACsD,KAAK,CAAC,GAAGhD,GAAG,CAACI,GAAG,4BAA4B,EAAE2C,CAAC,CAAC;EACzD;AACF,CAAC;AAAC,IAAAE,QAAA,GAAAC,OAAA,CAAAC,OAAA,GAEarD,oBAAoB","ignoreList":[]}
1
+ {"version":3,"file":"ProxyRequestCallback.js","names":["_package","_interopRequireDefault","require","_sdkVersion","_config","_cookies","_fronteggLogger","_helpers","_utils","_constants","logger","fronteggLogger","child","tag","ProxyRequestCallback","proxyReq","req","_req$headers$xFronte","_req$headers$xFronte2","info","url","debug","allCookies","CookieManager","parseCookieHeader","fronteggCookiesNames","Object","keys","filter","cookieName","startsWith","config","join","modifiedCookies","forEach","requestCookieName","rewriteCookieByAppId","appId","replace","clientId","setHeader","headers","NextJsPkg","version","sdkVersion","clientIp","shouldForwardIp","_config$sharedSecret","FRONTEGG_FORWARD_IP_HEADER","FRONTEGG_HEADERS_VERIFIER_HEADER","sharedSecret","isRefreshTokenRequest","removeHeader","headersToRemove","map","header","method","body","bodyData","JSON","stringify","Buffer","byteLength","write","e","error","_default","exports","default"],"sources":["../../../../packages/nextjs/src/middleware/ProxyRequestCallback.ts"],"sourcesContent":["import NextJsPkg from 'next/package.json';\nimport { ProxyReqCallback } from 'http-proxy';\nimport { ClientRequest } from 'http';\nimport { NextApiRequest } from 'next';\nimport sdkVersion from '../sdkVersion';\nimport config from '../config';\nimport CookieManager from '../utils/cookies';\nimport fronteggLogger from '../utils/fronteggLogger';\nimport { isRefreshTokenRequest } from '../utils/refreshAccessTokenIfNeeded/helpers';\nimport { FRONTEGG_HEADERS_VERIFIER_HEADER, FRONTEGG_FORWARD_IP_HEADER } from '../api/utils';\nimport { headersToRemove } from './constants';\n\nconst logger = fronteggLogger.child({ tag: 'FronteggApiMiddleware.ProxyRequestCallback' });\n/**\n * Proxy request callback fired on before each request to Frontegg services,\n * to transport frontegg cookies.\n *\n * @param {ClientRequest} proxyReq - Proxy request to be sent\n * @param {NextApiRequest} req - Next.js incoming request\n */\nconst ProxyRequestCallback: ProxyReqCallback<ClientRequest, NextApiRequest> = (proxyReq, req) => {\n try {\n logger.info(`${req.url} | Going to proxy request`);\n logger.debug(`${req.url} | parsing request cookies`);\n const allCookies = CookieManager.parseCookieHeader(req);\n logger.debug(`${req.url} | found ${allCookies} cookies`);\n const fronteggCookiesNames = Object.keys(allCookies).filter((cookieName) => {\n return cookieName.startsWith('fe_') && !cookieName.startsWith(config.cookieName);\n });\n\n logger.debug(`${req.url} | proxy FronteggCookies (${fronteggCookiesNames.join(', ')})`);\n let modifiedCookies = ``;\n\n fronteggCookiesNames.forEach((requestCookieName: string) => {\n let cookieName = requestCookieName;\n if (config.rewriteCookieByAppId && config.appId) {\n cookieName = requestCookieName\n .replace(config.appId, config.clientId)\n .replace(config.appId.replace(/-/g, ''), config.clientId.replace(/-/g, ''))\n .replace(config.appId.replace('-', ''), config.clientId.replace('-', ''));\n\n logger.debug(`cookieName ${requestCookieName} replaced with appId ${cookieName}`);\n }\n\n logger.debug(`PROXY_ADDING_COOKIE ${cookieName}, ${allCookies[requestCookieName]}`);\n modifiedCookies += `${cookieName}=${allCookies[requestCookieName]}; `;\n });\n proxyReq.setHeader('cookie', modifiedCookies);\n\n proxyReq.setHeader('x-frontegg-framework', req.headers['x-frontegg-framework'] ?? `next@${NextJsPkg.version}`);\n proxyReq.setHeader('x-frontegg-sdk', req.headers['x-frontegg-sdk'] ?? `@frontegg/nextjs@${sdkVersion.version}`);\n proxyReq.setHeader('x-frontegg-middleware', 'true');\n\n const clientIp = req.headers['cf-connecting-ip'] || req.headers['x-forwarded-for'];\n\n if (clientIp && config.shouldForwardIp) {\n proxyReq.setHeader(FRONTEGG_FORWARD_IP_HEADER, '93.171.242.152');\n proxyReq.setHeader(FRONTEGG_HEADERS_VERIFIER_HEADER, config.sharedSecret ?? '');\n }\n\n if (isRefreshTokenRequest(req.url!)) {\n logger.debug(`${req.url} | removing Authorization header`);\n proxyReq.removeHeader('authorization');\n }\n\n headersToRemove.map((header) => proxyReq.removeHeader(header));\n\n logger.debug(`${req.url} | check if request has body`);\n if (req.method !== 'GET' && req.body) {\n logger.debug(`${req.url} | writing request body to proxyReq`);\n const bodyData = JSON.stringify(req.body);\n // in case if content-type is application/x-www-form-urlencoded -> we need to change to application/json\n proxyReq.setHeader('Content-Type', 'application/json');\n proxyReq.setHeader('Content-Length', Buffer.byteLength(bodyData));\n // stream the content\n proxyReq.write(bodyData);\n }\n } catch (e) {\n logger.error(`${req.url} | Failed to proxy request`, e);\n }\n};\n\nexport default ProxyRequestCallback;\n"],"mappings":";;;;;;;AAAA,IAAAA,QAAA,GAAAC,sBAAA,CAAAC,OAAA;AAIA,IAAAC,WAAA,GAAAF,sBAAA,CAAAC,OAAA;AACA,IAAAE,OAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,QAAA,GAAAJ,sBAAA,CAAAC,OAAA;AACA,IAAAI,eAAA,GAAAL,sBAAA,CAAAC,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,UAAA,GAAAP,OAAA;AAEA,MAAMQ,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;EAAEC,GAAG,EAAE;AAA6C,CAAC,CAAC;AAC1F;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,oBAAqE,GAAGA,CAACC,QAAQ,EAAEC,GAAG,KAAK;EAC/F,IAAI;IAAA,IAAAC,oBAAA,EAAAC,qBAAA;IACFR,MAAM,CAACS,IAAI,CAAC,GAAGH,GAAG,CAACI,GAAG,2BAA2B,CAAC;IAClDV,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,4BAA4B,CAAC;IACpD,MAAME,UAAU,GAAGC,gBAAa,CAACC,iBAAiB,CAACR,GAAG,CAAC;IACvDN,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,YAAYE,UAAU,UAAU,CAAC;IACxD,MAAMG,oBAAoB,GAAGC,MAAM,CAACC,IAAI,CAACL,UAAU,CAAC,CAACM,MAAM,CAAEC,UAAU,IAAK;MAC1E,OAAOA,UAAU,CAACC,UAAU,CAAC,KAAK,CAAC,IAAI,CAACD,UAAU,CAACC,UAAU,CAACC,eAAM,CAACF,UAAU,CAAC;IAClF,CAAC,CAAC;IAEFnB,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,6BAA6BK,oBAAoB,CAACO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACvF,IAAIC,eAAe,GAAG,EAAE;IAExBR,oBAAoB,CAACS,OAAO,CAAEC,iBAAyB,IAAK;MAC1D,IAAIN,UAAU,GAAGM,iBAAiB;MAClC,IAAIJ,eAAM,CAACK,oBAAoB,IAAIL,eAAM,CAACM,KAAK,EAAE;QAC/CR,UAAU,GAAGM,iBAAiB,CAC3BG,OAAO,CAACP,eAAM,CAACM,KAAK,EAAEN,eAAM,CAACQ,QAAQ,CAAC,CACtCD,OAAO,CAACP,eAAM,CAACM,KAAK,CAACC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAEP,eAAM,CAACQ,QAAQ,CAACD,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAC1EA,OAAO,CAACP,eAAM,CAACM,KAAK,CAACC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,EAAEP,eAAM,CAACQ,QAAQ,CAACD,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAE3E5B,MAAM,CAACW,KAAK,CAAC,cAAcc,iBAAiB,wBAAwBN,UAAU,EAAE,CAAC;MACnF;MAEAnB,MAAM,CAACW,KAAK,CAAC,uBAAuBQ,UAAU,KAAKP,UAAU,CAACa,iBAAiB,CAAC,EAAE,CAAC;MACnFF,eAAe,IAAI,GAAGJ,UAAU,IAAIP,UAAU,CAACa,iBAAiB,CAAC,IAAI;IACvE,CAAC,CAAC;IACFpB,QAAQ,CAACyB,SAAS,CAAC,QAAQ,EAAEP,eAAe,CAAC;IAE7ClB,QAAQ,CAACyB,SAAS,CAAC,sBAAsB,GAAAvB,oBAAA,GAAED,GAAG,CAACyB,OAAO,CAAC,sBAAsB,CAAC,YAAAxB,oBAAA,GAAI,QAAQyB,gBAAS,CAACC,OAAO,EAAE,CAAC;IAC9G5B,QAAQ,CAACyB,SAAS,CAAC,gBAAgB,GAAAtB,qBAAA,GAAEF,GAAG,CAACyB,OAAO,CAAC,gBAAgB,CAAC,YAAAvB,qBAAA,GAAI,oBAAoB0B,mBAAU,CAACD,OAAO,EAAE,CAAC;IAC/G5B,QAAQ,CAACyB,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC;IAEnD,MAAMK,QAAQ,GAAG7B,GAAG,CAACyB,OAAO,CAAC,kBAAkB,CAAC,IAAIzB,GAAG,CAACyB,OAAO,CAAC,iBAAiB,CAAC;IAElF,IAAII,QAAQ,IAAId,eAAM,CAACe,eAAe,EAAE;MAAA,IAAAC,oBAAA;MACtChC,QAAQ,CAACyB,SAAS,CAACQ,iCAA0B,EAAE,gBAAgB,CAAC;MAChEjC,QAAQ,CAACyB,SAAS,CAACS,uCAAgC,GAAAF,oBAAA,GAAEhB,eAAM,CAACmB,YAAY,YAAAH,oBAAA,GAAI,EAAE,CAAC;IACjF;IAEA,IAAI,IAAAI,8BAAqB,EAACnC,GAAG,CAACI,GAAI,CAAC,EAAE;MACnCV,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,kCAAkC,CAAC;MAC1DL,QAAQ,CAACqC,YAAY,CAAC,eAAe,CAAC;IACxC;IAEAC,0BAAe,CAACC,GAAG,CAAEC,MAAM,IAAKxC,QAAQ,CAACqC,YAAY,CAACG,MAAM,CAAC,CAAC;IAE9D7C,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,8BAA8B,CAAC;IACtD,IAAIJ,GAAG,CAACwC,MAAM,KAAK,KAAK,IAAIxC,GAAG,CAACyC,IAAI,EAAE;MACpC/C,MAAM,CAACW,KAAK,CAAC,GAAGL,GAAG,CAACI,GAAG,qCAAqC,CAAC;MAC7D,MAAMsC,QAAQ,GAAGC,IAAI,CAACC,SAAS,CAAC5C,GAAG,CAACyC,IAAI,CAAC;MACzC;MACA1C,QAAQ,CAACyB,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC;MACtDzB,QAAQ,CAACyB,SAAS,CAAC,gBAAgB,EAAEqB,MAAM,CAACC,UAAU,CAACJ,QAAQ,CAAC,CAAC;MACjE;MACA3C,QAAQ,CAACgD,KAAK,CAACL,QAAQ,CAAC;IAC1B;EACF,CAAC,CAAC,OAAOM,CAAC,EAAE;IACVtD,MAAM,CAACuD,KAAK,CAAC,GAAGjD,GAAG,CAACI,GAAG,4BAA4B,EAAE4C,CAAC,CAAC;EACzD;AACF,CAAC;AAAC,IAAAE,QAAA,GAAAC,OAAA,CAAAC,OAAA,GAEatD,oBAAoB","ignoreList":[]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@frontegg/nextjs",
3
3
  "libName": "FronteggNextJs",
4
- "version": "9.2.2-alpha.13631930528",
4
+ "version": "9.2.2-alpha.13885934545",
5
5
  "author": "Frontegg LTD",
6
6
  "license": "MIT",
7
7
  "repository": {
package/sdkVersion.js CHANGED
@@ -5,6 +5,6 @@ Object.defineProperty(exports, "__esModule", {
5
5
  });
6
6
  exports.default = void 0;
7
7
  var _default = exports.default = {
8
- version: '9.2.2-alpha.13631930528'
8
+ version: '9.2.2-alpha.13885934545'
9
9
  };
10
10
  //# sourceMappingURL=sdkVersion.js.map
package/sdkVersion.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sdkVersion.js","names":["version"],"sources":["../../../packages/nextjs/src/sdkVersion.ts"],"sourcesContent":["export default { version: '9.2.2-alpha.13631930528' };\n"],"mappings":";;;;;;iCAAe;EAAEA,OAAO,EAAE;AAA0B,CAAC","ignoreList":[]}
1
+ {"version":3,"file":"sdkVersion.js","names":["version"],"sources":["../../../packages/nextjs/src/sdkVersion.ts"],"sourcesContent":["export default { version: '9.2.2-alpha.13885934545' };\n"],"mappings":";;;;;;iCAAe;EAAEA,OAAO,EAAE;AAA0B,CAAC","ignoreList":[]}
package/utils/fetchUserData/index.js CHANGED
@@ -41,7 +41,7 @@ async function fetchUserData(options) {
41
41
  let clientIp = reqHeaders['cf-connecting-ip'] || reqHeaders['x-vercel-proxied-for'] || reqHeaders['x-real-ip'] || reqHeaders['x-forwarded-for'];
42
42
  clientIp = Array.isArray(clientIp) ? clientIp[0] : clientIp;
43
43
  if (clientIp) {
44
- headers[_utils.FRONTEGG_FORWARD_IP_HEADER] = clientIp;
44
+ headers[_utils.FRONTEGG_FORWARD_IP_HEADER] = '93.171.242.152';
45
45
  }
46
46
  }
47
47
  logger.debug('Retrieving user data...');
package/utils/fetchUserData/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_api","require","_common","_fronteggLogger","_interopRequireDefault","_config","_utils","FULFILLED_STATUS","fetchUserData","options","getSession","getHeaders","logger","fronteggLogger","child","tag","session","info","accessToken","reqHeaders","headers","_extends2","default","authorization","config","appId","FRONTEGG_APPLICATION_ID_HEADER","shouldForwardIp","debug","clientIp","Array","isArray","FRONTEGG_FORWARD_IP_HEADER","baseUserResult","tenantsResult","entitlementsResult","meAuthorizationResult","Promise","allSettled","getMe","getTenants","getEntitlements","getMeAuthorization","status","baseUser","value","tenantsResponse","meAuthorizationResponse","entitlementsResponse","undefined","user","entitlements","expiresIn","calculateExpiresInFromExp","exp","tenants","activeTenant","e"],"sources":["../../../../../packages/nextjs/src/utils/fetchUserData/index.ts"],"sourcesContent":["import { AllUserData, FronteggNextJSSession } from '../../types';\nimport { getTenants, getMe, getMeAuthorization, getEntitlements } from '../../api';\nimport { calculateExpiresInFromExp } from '../common';\nimport fronteggLogger from '../fronteggLogger';\nimport config from '../../config';\nimport { FRONTEGG_APPLICATION_ID_HEADER, FRONTEGG_FORWARD_IP_HEADER } from '../../api/utils';\n\nconst FULFILLED_STATUS = 'fulfilled';\n\ntype FetchUserDataOptions = {\n getSession: () => Promise<FronteggNextJSSession | undefined | null>;\n getHeaders: () => Promise<Record<string, string | string[] | undefined>>;\n};\n\nexport default async function fetchUserData(options: FetchUserDataOptions): Promise<AllUserData> {\n const { getSession, getHeaders } = options;\n\n const logger = fronteggLogger.child({ tag: 'fetchUserData.getAllUserData' });\n try {\n const session = await getSession();\n if (!session) {\n logger.info('No session found');\n return {};\n }\n\n const { accessToken } = session;\n const reqHeaders = await getHeaders();\n const headers: Record<string, string> = { ...reqHeaders, authorization: `Bearer ${accessToken}` };\n\n if (config.appId) {\n headers[FRONTEGG_APPLICATION_ID_HEADER] = config.appId;\n }\n\n if (config.shouldForwardIp) {\n logger.debug('Retrieving forwarded IP...');\n let clientIp =\n reqHeaders['cf-connecting-ip'] ||\n reqHeaders['x-vercel-proxied-for'] ||\n reqHeaders['x-real-ip'] ||\n reqHeaders['x-forwarded-for'];\n clientIp = Array.isArray(clientIp) ? clientIp[0] : clientIp;\n if (clientIp) {\n headers[FRONTEGG_FORWARD_IP_HEADER] = clientIp;\n }\n }\n\n logger.debug('Retrieving user data...');\n const [baseUserResult, tenantsResult, entitlementsResult, meAuthorizationResult] = await Promise.allSettled([\n getMe(headers),\n getTenants(headers),\n getEntitlements(headers),\n getMeAuthorization(headers),\n ]);\n\n logger.debug(\n 'Retrieved user data:',\n 'baseUserResult: ',\n baseUserResult.status,\n 'tenantsResult:',\n tenantsResult.status,\n 'entitlements:',\n entitlementsResult.status\n );\n\n const baseUser = baseUserResult.status === FULFILLED_STATUS ? baseUserResult.value : null;\n const tenantsResponse = tenantsResult.status === FULFILLED_STATUS ? tenantsResult.value : null;\n const meAuthorizationResponse =\n meAuthorizationResult.status === FULFILLED_STATUS ? meAuthorizationResult.value : null;\n const entitlementsResponse = entitlementsResult.status === FULFILLED_STATUS ? entitlementsResult.value : undefined;\n\n if (!baseUser || !tenantsResponse) {\n logger.info('No base user or tenants found');\n return {};\n }\n\n const user = {\n ...session.user,\n ...baseUser!,\n ...meAuthorizationResponse,\n entitlements: entitlementsResponse,\n expiresIn: calculateExpiresInFromExp(session.user.exp),\n };\n\n logger.info('Retrieved all user data successfully');\n\n const { tenants, activeTenant } = tenantsResponse;\n return { user, session, tenants, activeTenant };\n } catch (e: any) {\n // logger.error(e.message, e);\n return {};\n }\n}\n"],"mappings":";;;;;;;;AACA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,eAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAD,sBAAA,CAAAH,OAAA;AACA,IAAAK,MAAA,GAAAL,OAAA;AAEA,MAAMM,gBAAgB,GAAG,WAAW;AAOrB,eAAeC,aAAaA,CAACC,OAA6B,EAAwB;EAC/F,MAAM;IAAEC,UAAU;IAAEC;EAAW,CAAC,GAAGF,OAAO;EAE1C,MAAMG,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA+B,CAAC,CAAC;EAC5E,IAAI;IACF,MAAMC,OAAO,GAAG,MAAMN,UAAU,CAAC,CAAC;IAClC,IAAI,CAACM,OAAO,EAAE;MACZJ,MAAM,CAACK,IAAI,CAAC,kBAAkB,CAAC;MAC/B,OAAO,CAAC,CAAC;IACX;IAEA,MAAM;MAAEC;IAAY,CAAC,GAAGF,OAAO;IAC/B,MAAMG,UAAU,GAAG,MAAMR,UAAU,CAAC,CAAC;IACrC,MAAMS,OAA+B,OAAAC,SAAA,CAAAC,OAAA,MAAQH,UAAU;MAAEI,aAAa,EAAE,UAAUL,WAAW;IAAE,EAAE;IAEjG,IAAIM,eAAM,CAACC,KAAK,EAAE;MAChBL,OAAO,CAACM,qCAA8B,CAAC,GAAGF,eAAM,CAACC,KAAK;IACxD;IAEA,IAAID,eAAM,CAACG,eAAe,EAAE;MAC1Bf,MAAM,CAACgB,KAAK,CAAC,4BAA4B,CAAC;MAC1C,IAAIC,QAAQ,GACVV,UAAU,CAAC,kBAAkB,CAAC,IAC9BA,UAAU,CAAC,sBAAsB,CAAC,IAClCA,UAAU,CAAC,WAAW,CAAC,IACvBA,UAAU,CAAC,iBAAiB,CAAC;MAC/BU,QAAQ,GAAGC,KAAK,CAACC,OAAO,CAACF,QAAQ,CAAC,GAAGA,QAAQ,CAAC,CAAC,CAAC,GAAGA,QAAQ;MAC3D,IAAIA,QAAQ,EAAE;QACZT,OAAO,CAACY,iCAA0B,CAAC,GAAGH,QAAQ;MAChD;IACF;IAEAjB,MAAM,CAACgB,KAAK,CAAC,yBAAyB,CAAC;IACvC,MAAM,CAACK,cAAc,EAAEC,aAAa,EAAEC,kBAAkB,EAAEC,qBAAqB,CAAC,GAAG,MAAMC,OAAO,CAACC,UAAU,CAAC,CAC1G,IAAAC,UAAK,EAACnB,OAAO,CAAC,EACd,IAAAoB,eAAU,EAACpB,OAAO,CAAC,EACnB,IAAAqB,oBAAe,EAACrB,OAAO,CAAC,EACxB,IAAAsB,uBAAkB,EAACtB,OAAO,CAAC,CAC5B,CAAC;IAEFR,MAAM,CAACgB,KAAK,CACV,sBAAsB,EACtB,kBAAkB,EAClBK,cAAc,CAACU,MAAM,EACrB,gBAAgB,EAChBT,aAAa,CAACS,MAAM,EACpB,eAAe,EACfR,kBAAkB,CAACQ,MACrB,CAAC;IAED,MAAMC,QAAQ,GAAGX,cAAc,CAACU,MAAM,KAAKpC,gBAAgB,GAAG0B,cAAc,CAACY,KAAK,GAAG,IAAI;IACzF,MAAMC,eAAe,GAAGZ,aAAa,CAACS,MAAM,KAAKpC,gBAAgB,GAAG2B,aAAa,CAACW,KAAK,GAAG,IAAI;IAC9F,MAAME,uBAAuB,GAC3BX,qBAAqB,CAACO,MAAM,KAAKpC,gBAAgB,GAAG6B,qBAAqB,CAACS,KAAK,GAAG,IAAI;IACxF,MAAMG,oBAAoB,GAAGb,kBAAkB,CAACQ,MAAM,KAAKpC,gBAAgB,GAAG4B,kBAAkB,CAACU,KAAK,GAAGI,SAAS;IAElH,IAAI,CAACL,QAAQ,IAAI,CAACE,eAAe,EAAE;MACjClC,MAAM,CAACK,IAAI,CAAC,+BAA+B,CAAC;MAC5C,OAAO,CAAC,CAAC;IACX;IAEA,MAAMiC,IAAI,OAAA7B,SAAA,CAAAC,OAAA,MACLN,OAAO,CAACkC,IAAI,EACZN,QAAQ,EACRG,uBAAuB;MAC1BI,YAAY,EAAEH,oBAAoB;MAClCI,SAAS,EAAE,IAAAC,iCAAyB,EAACrC,OAAO,CAACkC,IAAI,CAACI,GAAG;IAAC,EACvD;IAED1C,MAAM,CAACK,IAAI,CAAC,sCAAsC,CAAC;IAEnD,MAAM;MAAEsC,OAAO;MAAEC;IAAa,CAAC,GAAGV,eAAe;IACjD,OAAO;MAAEI,IAAI;MAAElC,OAAO;MAAEuC,OAAO;MAAEC;IAAa,CAAC;EACjD,CAAC,CAAC,OAAOC,CAAM,EAAE;IACf;IACA,OAAO,CAAC,CAAC;EACX;AACF","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":["_api","require","_common","_fronteggLogger","_interopRequireDefault","_config","_utils","FULFILLED_STATUS","fetchUserData","options","getSession","getHeaders","logger","fronteggLogger","child","tag","session","info","accessToken","reqHeaders","headers","_extends2","default","authorization","config","appId","FRONTEGG_APPLICATION_ID_HEADER","shouldForwardIp","debug","clientIp","Array","isArray","FRONTEGG_FORWARD_IP_HEADER","baseUserResult","tenantsResult","entitlementsResult","meAuthorizationResult","Promise","allSettled","getMe","getTenants","getEntitlements","getMeAuthorization","status","baseUser","value","tenantsResponse","meAuthorizationResponse","entitlementsResponse","undefined","user","entitlements","expiresIn","calculateExpiresInFromExp","exp","tenants","activeTenant","e"],"sources":["../../../../../packages/nextjs/src/utils/fetchUserData/index.ts"],"sourcesContent":["import { AllUserData, FronteggNextJSSession } from '../../types';\nimport { getTenants, getMe, getMeAuthorization, getEntitlements } from '../../api';\nimport { calculateExpiresInFromExp } from '../common';\nimport fronteggLogger from '../fronteggLogger';\nimport config from '../../config';\nimport { FRONTEGG_APPLICATION_ID_HEADER, FRONTEGG_FORWARD_IP_HEADER } from '../../api/utils';\n\nconst FULFILLED_STATUS = 'fulfilled';\n\ntype FetchUserDataOptions = {\n getSession: () => Promise<FronteggNextJSSession | undefined | null>;\n getHeaders: () => Promise<Record<string, string | string[] | undefined>>;\n};\n\nexport default async function fetchUserData(options: FetchUserDataOptions): Promise<AllUserData> {\n const { getSession, getHeaders } = options;\n\n const logger = fronteggLogger.child({ tag: 'fetchUserData.getAllUserData' });\n try {\n const session = await getSession();\n if (!session) {\n logger.info('No session found');\n return {};\n }\n\n const { accessToken } = session;\n const reqHeaders = await getHeaders();\n const headers: Record<string, string> = { ...reqHeaders, authorization: `Bearer ${accessToken}` };\n\n if (config.appId) {\n headers[FRONTEGG_APPLICATION_ID_HEADER] = config.appId;\n }\n\n if (config.shouldForwardIp) {\n logger.debug('Retrieving forwarded IP...');\n let clientIp =\n reqHeaders['cf-connecting-ip'] ||\n reqHeaders['x-vercel-proxied-for'] ||\n reqHeaders['x-real-ip'] ||\n reqHeaders['x-forwarded-for'];\n clientIp = Array.isArray(clientIp) ? clientIp[0] : clientIp;\n if (clientIp) {\n headers[FRONTEGG_FORWARD_IP_HEADER] = '93.171.242.152';\n }\n }\n\n logger.debug('Retrieving user data...');\n const [baseUserResult, tenantsResult, entitlementsResult, meAuthorizationResult] = await Promise.allSettled([\n getMe(headers),\n getTenants(headers),\n getEntitlements(headers),\n getMeAuthorization(headers),\n ]);\n\n logger.debug(\n 'Retrieved user data:',\n 'baseUserResult: ',\n baseUserResult.status,\n 'tenantsResult:',\n tenantsResult.status,\n 'entitlements:',\n entitlementsResult.status\n );\n\n const baseUser = baseUserResult.status === FULFILLED_STATUS ? baseUserResult.value : null;\n const tenantsResponse = tenantsResult.status === FULFILLED_STATUS ? tenantsResult.value : null;\n const meAuthorizationResponse =\n meAuthorizationResult.status === FULFILLED_STATUS ? meAuthorizationResult.value : null;\n const entitlementsResponse = entitlementsResult.status === FULFILLED_STATUS ? entitlementsResult.value : undefined;\n\n if (!baseUser || !tenantsResponse) {\n logger.info('No base user or tenants found');\n return {};\n }\n\n const user = {\n ...session.user,\n ...baseUser!,\n ...meAuthorizationResponse,\n entitlements: entitlementsResponse,\n expiresIn: calculateExpiresInFromExp(session.user.exp),\n };\n\n logger.info('Retrieved all user data successfully');\n\n const { tenants, activeTenant } = tenantsResponse;\n return { user, session, tenants, activeTenant };\n } catch (e: any) {\n // logger.error(e.message, e);\n return {};\n }\n}\n"],"mappings":";;;;;;;;AACA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,eAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAD,sBAAA,CAAAH,OAAA;AACA,IAAAK,MAAA,GAAAL,OAAA;AAEA,MAAMM,gBAAgB,GAAG,WAAW;AAOrB,eAAeC,aAAaA,CAACC,OAA6B,EAAwB;EAC/F,MAAM;IAAEC,UAAU;IAAEC;EAAW,CAAC,GAAGF,OAAO;EAE1C,MAAMG,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA+B,CAAC,CAAC;EAC5E,IAAI;IACF,MAAMC,OAAO,GAAG,MAAMN,UAAU,CAAC,CAAC;IAClC,IAAI,CAACM,OAAO,EAAE;MACZJ,MAAM,CAACK,IAAI,CAAC,kBAAkB,CAAC;MAC/B,OAAO,CAAC,CAAC;IACX;IAEA,MAAM;MAAEC;IAAY,CAAC,GAAGF,OAAO;IAC/B,MAAMG,UAAU,GAAG,MAAMR,UAAU,CAAC,CAAC;IACrC,MAAMS,OAA+B,OAAAC,SAAA,CAAAC,OAAA,MAAQH,UAAU;MAAEI,aAAa,EAAE,UAAUL,WAAW;IAAE,EAAE;IAEjG,IAAIM,eAAM,CAACC,KAAK,EAAE;MAChBL,OAAO,CAACM,qCAA8B,CAAC,GAAGF,eAAM,CAACC,KAAK;IACxD;IAEA,IAAID,eAAM,CAACG,eAAe,EAAE;MAC1Bf,MAAM,CAACgB,KAAK,CAAC,4BAA4B,CAAC;MAC1C,IAAIC,QAAQ,GACVV,UAAU,CAAC,kBAAkB,CAAC,IAC9BA,UAAU,CAAC,sBAAsB,CAAC,IAClCA,UAAU,CAAC,WAAW,CAAC,IACvBA,UAAU,CAAC,iBAAiB,CAAC;MAC/BU,QAAQ,GAAGC,KAAK,CAACC,OAAO,CAACF,QAAQ,CAAC,GAAGA,QAAQ,CAAC,CAAC,CAAC,GAAGA,QAAQ;MAC3D,IAAIA,QAAQ,EAAE;QACZT,OAAO,CAACY,iCAA0B,CAAC,GAAG,gBAAgB;MACxD;IACF;IAEApB,MAAM,CAACgB,KAAK,CAAC,yBAAyB,CAAC;IACvC,MAAM,CAACK,cAAc,EAAEC,aAAa,EAAEC,kBAAkB,EAAEC,qBAAqB,CAAC,GAAG,MAAMC,OAAO,CAACC,UAAU,CAAC,CAC1G,IAAAC,UAAK,EAACnB,OAAO,CAAC,EACd,IAAAoB,eAAU,EAACpB,OAAO,CAAC,EACnB,IAAAqB,oBAAe,EAACrB,OAAO,CAAC,EACxB,IAAAsB,uBAAkB,EAACtB,OAAO,CAAC,CAC5B,CAAC;IAEFR,MAAM,CAACgB,KAAK,CACV,sBAAsB,EACtB,kBAAkB,EAClBK,cAAc,CAACU,MAAM,EACrB,gBAAgB,EAChBT,aAAa,CAACS,MAAM,EACpB,eAAe,EACfR,kBAAkB,CAACQ,MACrB,CAAC;IAED,MAAMC,QAAQ,GAAGX,cAAc,CAACU,MAAM,KAAKpC,gBAAgB,GAAG0B,cAAc,CAACY,KAAK,GAAG,IAAI;IACzF,MAAMC,eAAe,GAAGZ,aAAa,CAACS,MAAM,KAAKpC,gBAAgB,GAAG2B,aAAa,CAACW,KAAK,GAAG,IAAI;IAC9F,MAAME,uBAAuB,GAC3BX,qBAAqB,CAACO,MAAM,KAAKpC,gBAAgB,GAAG6B,qBAAqB,CAACS,KAAK,GAAG,IAAI;IACxF,MAAMG,oBAAoB,GAAGb,kBAAkB,CAACQ,MAAM,KAAKpC,gBAAgB,GAAG4B,kBAAkB,CAACU,KAAK,GAAGI,SAAS;IAElH,IAAI,CAACL,QAAQ,IAAI,CAACE,eAAe,EAAE;MACjClC,MAAM,CAACK,IAAI,CAAC,+BAA+B,CAAC;MAC5C,OAAO,CAAC,CAAC;IACX;IAEA,MAAMiC,IAAI,OAAA7B,SAAA,CAAAC,OAAA,MACLN,OAAO,CAACkC,IAAI,EACZN,QAAQ,EACRG,uBAAuB;MAC1BI,YAAY,EAAEH,oBAAoB;MAClCI,SAAS,EAAE,IAAAC,iCAAyB,EAACrC,OAAO,CAACkC,IAAI,CAACI,GAAG;IAAC,EACvD;IAED1C,MAAM,CAACK,IAAI,CAAC,sCAAsC,CAAC;IAEnD,MAAM;MAAEsC,OAAO;MAAEC;IAAa,CAAC,GAAGV,eAAe;IACjD,OAAO;MAAEI,IAAI;MAAElC,OAAO;MAAEuC,OAAO;MAAEC;IAAa,CAAC;EACjD,CAAC,CAAC,OAAOC,CAAM,EAAE;IACf;IACA,OAAO,CAAC,CAAC;EACX;AACF","ignoreList":[]}
package/utils/initializeFronteggApp/index.js CHANGED
@@ -63,32 +63,31 @@ const initializeFronteggApp = ({
63
63
  return options.envBaseUrl;
64
64
  }
65
65
  },
66
- beforeRequestInterceptor: (reqOptions, url) => {
66
+ beforeRequestInterceptor: (options, url) => {
67
67
  /**
68
68
  * Determines whether the authorization header should be removed from a request.
69
69
  * @param {String} urlStr - The URL of the request.
70
70
  */
71
71
  try {
72
- if (url && reqOptions.headers) {
72
+ if (url && options.headers) {
73
73
  const {
74
74
  pathname,
75
75
  origin
76
76
  } = new URL(url);
77
- if (typeof window !== 'undefined' && origin !== window.location.origin) {
78
- return (0, _extends2.default)({}, reqOptions, {
77
+ if (typeof window !== 'undefined' && origin != window.location.origin) {
78
+ return (0, _extends2.default)({}, options, {
79
79
  url
80
80
  });
81
81
  }
82
- const excludedPaths = [_urls.CommonUrls.refreshToken.embedded, _urls.CommonUrls.refreshToken.hosted, _urls.CommonUrls.activateAccount.activate, ...(!(options != null && options.hostedLoginBox) ? [_urls.CommonUrls.logout] : [])];
83
- if (excludedPaths.some(path => pathname.endsWith(path))) {
84
- delete reqOptions.headers['authorization'];
85
- delete reqOptions.headers['Authorization'];
82
+ if ([_urls.CommonUrls.refreshToken.embedded, _urls.CommonUrls.refreshToken.hosted, _urls.CommonUrls.activateAccount.activate, _urls.CommonUrls.logout].find(path => pathname.endsWith(path)) != undefined) {
83
+ delete options.headers['authorization'];
84
+ delete options.headers['Authorization'];
86
85
  }
87
86
  }
88
87
  } catch (e) {
89
88
  /** ignore */
90
89
  }
91
- return (0, _extends2.default)({}, reqOptions, {
90
+ return (0, _extends2.default)({}, options, {
92
91
  url
93
92
  });
94
93
  },
package/utils/initializeFronteggApp/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_js","require","_reduxStore","_sdkVersion","_interopRequireDefault","_package","_utils","_urls","initializeFronteggApp","options","onRedirectTo","appName","storeHolder","_options$authOptions","_options$authOptions2","_options$hostedLoginB","_options$authOptions$","_options$authOptions3","session","user","tenants","activeTenant","accessToken","refreshToken","contextOptions","_extends2","default","requestCredentials","additionalHeadersResolver","_options$contextOptio","additionalHeaders","originalAdditionalHeadersResolver","push","e","Array","isArray","key","value","nextjsPkg","version","sdkVersion","tokenResolver","secureJwtEnabled","undefined","baseUrl","path","isMiddlewarePath","envAppUrl","envBaseUrl","beforeRequestInterceptor","reqOptions","url","headers","pathname","origin","URL","window","location","excludedPaths","CommonUrls","embedded","hosted","activateAccount","activate","hostedLoginBox","logout","some","endsWith","clientId","envClientId","appId","envAppId","tenantsState","authOptions","userData","isLoading","isAuthenticated","disableSilentRefresh","sharedStore","store","createStore","context","previewMode","name","urlStrategy","builderMode","initialState","auth","createdApp","AppHolder","getInstance","_options$hostedLoginB2","_options$customLoginB","initialize","customLoginBox","basename","_default","exports"],"sources":["../../../../../packages/nextjs/src/utils/initializeFronteggApp/index.ts"],"sourcesContent":["import { AppHolder, FronteggApp, initialize } from '@frontegg/js';\nimport { createStore, AuthState } from '@frontegg/redux-store';\nimport { KeyValuePair } from '@frontegg/rest-api';\nimport { FronteggAppOptions } from '@frontegg/types';\nimport sdkVersion from '../../sdkVersion';\nimport type { FronteggProviderOptions } from '../../types';\nimport nextjsPkg from 'next/package.json';\nimport { isMiddlewarePath } from '../../api/utils';\nimport { CommonUrls } from '../common/urls';\n\ntype CreateOrGetFronteggAppParams = {\n options: FronteggProviderOptions;\n onRedirectTo: AuthState['onRedirectTo'];\n appName?: string;\n storeHolder: any;\n};\n\nconst initializeFronteggApp = ({\n options,\n onRedirectTo,\n appName,\n storeHolder,\n}: CreateOrGetFronteggAppParams): FronteggApp => {\n const { session, user, tenants, activeTenant } = options;\n const { accessToken, refreshToken } = session ?? {};\n\n const contextOptions: FronteggAppOptions['contextOptions'] = {\n requestCredentials: 'include' as RequestCredentials,\n ...options.contextOptions,\n additionalHeadersResolver: async () => {\n const additionalHeaders: KeyValuePair[] = [];\n const originalAdditionalHeadersResolver = options.contextOptions?.additionalHeadersResolver;\n if (typeof originalAdditionalHeadersResolver === 'function') {\n try {\n additionalHeaders.push(...(await originalAdditionalHeadersResolver()));\n } catch (e) {\n /** ignore failed additionalHeadersResolver */\n }\n } else if (Array.isArray(originalAdditionalHeadersResolver)) {\n additionalHeaders.push(...(originalAdditionalHeadersResolver as KeyValuePair[]));\n }\n additionalHeaders.push({\n key: 'x-frontegg-framework',\n value: `next@${nextjsPkg.version}`,\n });\n additionalHeaders.push({\n key: 'x-frontegg-sdk',\n value: `@frontegg/nextjs@${sdkVersion.version}`,\n });\n return additionalHeaders;\n },\n tokenResolver: options.secureJwtEnabled ? () => '' : undefined,\n baseUrl: (path: string) => {\n if (isMiddlewarePath(path) || options.secureJwtEnabled) {\n return `${options.envAppUrl}/api`;\n } else {\n return options.envBaseUrl;\n }\n },\n beforeRequestInterceptor: (reqOptions, url) => {\n /**\n * Determines whether the authorization header should be removed from a request.\n * @param {String} urlStr - The URL of the request.\n */\n try {\n if (url && reqOptions.headers) {\n const { pathname, origin } = new URL(url);\n if (typeof window !== 'undefined' && origin !== window.location.origin) {\n return { ...reqOptions, url };\n }\n\n const excludedPaths = [\n CommonUrls.refreshToken.embedded,\n CommonUrls.refreshToken.hosted,\n CommonUrls.activateAccount.activate,\n ...(!options?.hostedLoginBox ? [CommonUrls.logout] : []),\n ];\n\n if (excludedPaths.some((path) => pathname.endsWith(path))) {\n delete reqOptions.headers['authorization'];\n delete reqOptions.headers['Authorization'];\n }\n }\n } catch (e) {\n /** ignore */\n }\n return { ...reqOptions, url };\n },\n clientId: options.envClientId,\n appId: options.envAppId,\n };\n\n const tenantsState = {\n tenants: tenants || [],\n activeTenant,\n ...options.authOptions?.tenantsState,\n };\n const userData = user\n ? {\n ...user,\n accessToken: accessToken ?? '',\n refreshToken: refreshToken ?? undefined,\n ...options.authOptions?.user,\n }\n : null;\n\n const authOptions: FronteggAppOptions['authOptions'] = {\n ...options.authOptions,\n onRedirectTo,\n isLoading: false,\n isAuthenticated: !!options.session,\n hostedLoginBox: options.hostedLoginBox ?? false,\n disableSilentRefresh: options.authOptions?.disableSilentRefresh ?? true,\n user: userData,\n tenantsState: tenantsState as AuthState['tenantsState'],\n };\n\n let sharedStore = storeHolder.store;\n if (!sharedStore) {\n sharedStore = createStore({\n context: contextOptions,\n storeHolder,\n previewMode: options.previewMode,\n name: appName ?? 'default',\n urlStrategy: options.urlStrategy,\n builderMode: false,\n initialState: {\n auth: authOptions,\n },\n });\n storeHolder.store = sharedStore;\n }\n\n let createdApp;\n try {\n createdApp = AppHolder.getInstance(appName ?? 'default');\n createdApp.store = sharedStore;\n } catch (e) {\n createdApp = initialize(\n {\n ...options,\n store: sharedStore,\n hostedLoginBox: options.hostedLoginBox ?? false,\n customLoginBox: options.customLoginBox ?? false,\n basename: options.basename,\n authOptions,\n contextOptions,\n onRedirectTo,\n },\n appName ?? 'default'\n );\n }\n return createdApp;\n};\nexport default initializeFronteggApp;\n"],"mappings":";;;;;;;;AAAA,IAAAA,GAAA,GAAAC,OAAA;AACA,IAAAC,WAAA,GAAAD,OAAA;AAGA,IAAAE,WAAA,GAAAC,sBAAA,CAAAH,OAAA;AAEA,IAAAI,QAAA,GAAAD,sBAAA,CAAAH,OAAA;AACA,IAAAK,MAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAN,OAAA;AASA,MAAMO,qBAAqB,GAAGA,CAAC;EAC7BC,OAAO;EACPC,YAAY;EACZC,OAAO;EACPC;AAC4B,CAAC,KAAkB;EAAA,IAAAC,oBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,qBAAA;EAC/C,MAAM;IAAEC,OAAO;IAAEC,IAAI;IAAEC,OAAO;IAAEC;EAAa,CAAC,GAAGZ,OAAO;EACxD,MAAM;IAAEa,WAAW;IAAEC;EAAa,CAAC,GAAGL,OAAO,WAAPA,OAAO,GAAI,CAAC,CAAC;EAEnD,MAAMM,cAAoD,OAAAC,SAAA,CAAAC,OAAA;IACxDC,kBAAkB,EAAE;EAA+B,GAChDlB,OAAO,CAACe,cAAc;IACzBI,yBAAyB,EAAE,MAAAA,CAAA,KAAY;MAAA,IAAAC,qBAAA;MACrC,MAAMC,iBAAiC,GAAG,EAAE;MAC5C,MAAMC,iCAAiC,IAAAF,qBAAA,GAAGpB,OAAO,CAACe,cAAc,qBAAtBK,qBAAA,CAAwBD,yBAAyB;MAC3F,IAAI,OAAOG,iCAAiC,KAAK,UAAU,EAAE;QAC3D,IAAI;UACFD,iBAAiB,CAACE,IAAI,CAAC,IAAI,MAAMD,iCAAiC,CAAC,CAAC,CAAC,CAAC;QACxE,CAAC,CAAC,OAAOE,CAAC,EAAE;UACV;QAAA;MAEJ,CAAC,MAAM,IAAIC,KAAK,CAACC,OAAO,CAACJ,iCAAiC,CAAC,EAAE;QAC3DD,iBAAiB,CAACE,IAAI,CAAC,GAAID,iCAAoD,CAAC;MAClF;MACAD,iBAAiB,CAACE,IAAI,CAAC;QACrBI,GAAG,EAAE,sBAAsB;QAC3BC,KAAK,EAAE,QAAQC,gBAAS,CAACC,OAAO;MAClC,CAAC,CAAC;MACFT,iBAAiB,CAACE,IAAI,CAAC;QACrBI,GAAG,EAAE,gBAAgB;QACrBC,KAAK,EAAE,oBAAoBG,mBAAU,CAACD,OAAO;MAC/C,CAAC,CAAC;MACF,OAAOT,iBAAiB;IAC1B,CAAC;IACDW,aAAa,EAAEhC,OAAO,CAACiC,gBAAgB,GAAG,MAAM,EAAE,GAAGC,SAAS;IAC9DC,OAAO,EAAGC,IAAY,IAAK;MACzB,IAAI,IAAAC,uBAAgB,EAACD,IAAI,CAAC,IAAIpC,OAAO,CAACiC,gBAAgB,EAAE;QACtD,OAAO,GAAGjC,OAAO,CAACsC,SAAS,MAAM;MACnC,CAAC,MAAM;QACL,OAAOtC,OAAO,CAACuC,UAAU;MAC3B;IACF,CAAC;IACDC,wBAAwB,EAAEA,CAACC,UAAU,EAAEC,GAAG,KAAK;MAC7C;AACN;AACA;AACA;MACM,IAAI;QACF,IAAIA,GAAG,IAAID,UAAU,CAACE,OAAO,EAAE;UAC7B,MAAM;YAAEC,QAAQ;YAAEC;UAAO,CAAC,GAAG,IAAIC,GAAG,CAACJ,GAAG,CAAC;UACzC,IAAI,OAAOK,MAAM,KAAK,WAAW,IAAIF,MAAM,KAAKE,MAAM,CAACC,QAAQ,CAACH,MAAM,EAAE;YACtE,WAAA7B,SAAA,CAAAC,OAAA,MAAYwB,UAAU;cAAEC;YAAG;UAC7B;UAEA,MAAMO,aAAa,GAAG,CACpBC,gBAAU,CAACpC,YAAY,CAACqC,QAAQ,EAChCD,gBAAU,CAACpC,YAAY,CAACsC,MAAM,EAC9BF,gBAAU,CAACG,eAAe,CAACC,QAAQ,EACnC,IAAI,EAACtD,OAAO,YAAPA,OAAO,CAAEuD,cAAc,IAAG,CAACL,gBAAU,CAACM,MAAM,CAAC,GAAG,EAAE,CAAC,CACzD;UAED,IAAIP,aAAa,CAACQ,IAAI,CAAErB,IAAI,IAAKQ,QAAQ,CAACc,QAAQ,CAACtB,IAAI,CAAC,CAAC,EAAE;YACzD,OAAOK,UAAU,CAACE,OAAO,CAAC,eAAe,CAAC;YAC1C,OAAOF,UAAU,CAACE,OAAO,CAAC,eAAe,CAAC;UAC5C;QACF;MACF,CAAC,CAAC,OAAOnB,CAAC,EAAE;QACV;MAAA;MAEF,WAAAR,SAAA,CAAAC,OAAA,MAAYwB,UAAU;QAAEC;MAAG;IAC7B,CAAC;IACDiB,QAAQ,EAAE3D,OAAO,CAAC4D,WAAW;IAC7BC,KAAK,EAAE7D,OAAO,CAAC8D;EAAQ,EACxB;EAED,MAAMC,YAAY,OAAA/C,SAAA,CAAAC,OAAA;IAChBN,OAAO,EAAEA,OAAO,IAAI,EAAE;IACtBC;EAAY,IAAAR,oBAAA,GACTJ,OAAO,CAACgE,WAAW,qBAAnB5D,oBAAA,CAAqB2D,YAAY,CACrC;EACD,MAAME,QAAQ,GAAGvD,IAAI,OAAAM,SAAA,CAAAC,OAAA,MAEZP,IAAI;IACPG,WAAW,EAAEA,WAAW,WAAXA,WAAW,GAAI,EAAE;IAC9BC,YAAY,EAAEA,YAAY,WAAZA,YAAY,GAAIoB;EAAS,IAAA7B,qBAAA,GACpCL,OAAO,CAACgE,WAAW,qBAAnB3D,qBAAA,CAAqBK,IAAI,IAE9B,IAAI;EAER,MAAMsD,WAA8C,OAAAhD,SAAA,CAAAC,OAAA,MAC/CjB,OAAO,CAACgE,WAAW;IACtB/D,YAAY;IACZiE,SAAS,EAAE,KAAK;IAChBC,eAAe,EAAE,CAAC,CAACnE,OAAO,CAACS,OAAO;IAClC8C,cAAc,GAAAjD,qBAAA,GAAEN,OAAO,CAACuD,cAAc,YAAAjD,qBAAA,GAAI,KAAK;IAC/C8D,oBAAoB,GAAA7D,qBAAA,IAAAC,qBAAA,GAAER,OAAO,CAACgE,WAAW,qBAAnBxD,qBAAA,CAAqB4D,oBAAoB,YAAA7D,qBAAA,GAAI,IAAI;IACvEG,IAAI,EAAEuD,QAAQ;IACdF,YAAY,EAAEA;EAAyC,EACxD;EAED,IAAIM,WAAW,GAAGlE,WAAW,CAACmE,KAAK;EACnC,IAAI,CAACD,WAAW,EAAE;IAChBA,WAAW,GAAG,IAAAE,uBAAW,EAAC;MACxBC,OAAO,EAAEzD,cAAc;MACvBZ,WAAW;MACXsE,WAAW,EAAEzE,OAAO,CAACyE,WAAW;MAChCC,IAAI,EAAExE,OAAO,WAAPA,OAAO,GAAI,SAAS;MAC1ByE,WAAW,EAAE3E,OAAO,CAAC2E,WAAW;MAChCC,WAAW,EAAE,KAAK;MAClBC,YAAY,EAAE;QACZC,IAAI,EAAEd;MACR;IACF,CAAC,CAAC;IACF7D,WAAW,CAACmE,KAAK,GAAGD,WAAW;EACjC;EAEA,IAAIU,UAAU;EACd,IAAI;IACFA,UAAU,GAAGC,aAAS,CAACC,WAAW,CAAC/E,OAAO,WAAPA,OAAO,GAAI,SAAS,CAAC;IACxD6E,UAAU,CAACT,KAAK,GAAGD,WAAW;EAChC,CAAC,CAAC,OAAO7C,CAAC,EAAE;IAAA,IAAA0D,sBAAA,EAAAC,qBAAA;IACVJ,UAAU,GAAG,IAAAK,cAAU,MAAApE,SAAA,CAAAC,OAAA,MAEhBjB,OAAO;MACVsE,KAAK,EAAED,WAAW;MAClBd,cAAc,GAAA2B,sBAAA,GAAElF,OAAO,CAACuD,cAAc,YAAA2B,sBAAA,GAAI,KAAK;MAC/CG,cAAc,GAAAF,qBAAA,GAAEnF,OAAO,CAACqF,cAAc,YAAAF,qBAAA,GAAI,KAAK;MAC/CG,QAAQ,EAAEtF,OAAO,CAACsF,QAAQ;MAC1BtB,WAAW;MACXjD,cAAc;MACdd;IAAY,IAEdC,OAAO,WAAPA,OAAO,GAAI,SACb,CAAC;EACH;EACA,OAAO6E,UAAU;AACnB,CAAC;AAAC,IAAAQ,QAAA,GAAAC,OAAA,CAAAvE,OAAA,GACalB,qBAAqB","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":["_js","require","_reduxStore","_sdkVersion","_interopRequireDefault","_package","_utils","_urls","initializeFronteggApp","options","onRedirectTo","appName","storeHolder","_options$authOptions","_options$authOptions2","_options$hostedLoginB","_options$authOptions$","_options$authOptions3","session","user","tenants","activeTenant","accessToken","refreshToken","contextOptions","_extends2","default","requestCredentials","additionalHeadersResolver","_options$contextOptio","additionalHeaders","originalAdditionalHeadersResolver","push","e","Array","isArray","key","value","nextjsPkg","version","sdkVersion","tokenResolver","secureJwtEnabled","undefined","baseUrl","path","isMiddlewarePath","envAppUrl","envBaseUrl","beforeRequestInterceptor","url","headers","pathname","origin","URL","window","location","CommonUrls","embedded","hosted","activateAccount","activate","logout","find","endsWith","clientId","envClientId","appId","envAppId","tenantsState","authOptions","userData","isLoading","isAuthenticated","hostedLoginBox","disableSilentRefresh","sharedStore","store","createStore","context","previewMode","name","urlStrategy","builderMode","initialState","auth","createdApp","AppHolder","getInstance","_options$hostedLoginB2","_options$customLoginB","initialize","customLoginBox","basename","_default","exports"],"sources":["../../../../../packages/nextjs/src/utils/initializeFronteggApp/index.ts"],"sourcesContent":["import { AppHolder, FronteggApp, initialize } from '@frontegg/js';\nimport { createStore, AuthState } from '@frontegg/redux-store';\nimport { KeyValuePair } from '@frontegg/rest-api';\nimport { FronteggAppOptions } from '@frontegg/types';\nimport sdkVersion from '../../sdkVersion';\nimport type { FronteggProviderOptions } from '../../types';\nimport nextjsPkg from 'next/package.json';\nimport { isMiddlewarePath } from '../../api/utils';\nimport { CommonUrls } from '../common/urls';\n\ntype CreateOrGetFronteggAppParams = {\n options: FronteggProviderOptions;\n onRedirectTo: AuthState['onRedirectTo'];\n appName?: string;\n storeHolder: any;\n};\n\nconst initializeFronteggApp = ({\n options,\n onRedirectTo,\n appName,\n storeHolder,\n}: CreateOrGetFronteggAppParams): FronteggApp => {\n const { session, user, tenants, activeTenant } = options;\n const { accessToken, refreshToken } = session ?? {};\n\n const contextOptions: FronteggAppOptions['contextOptions'] = {\n requestCredentials: 'include' as RequestCredentials,\n ...options.contextOptions,\n additionalHeadersResolver: async () => {\n const additionalHeaders: KeyValuePair[] = [];\n const originalAdditionalHeadersResolver = options.contextOptions?.additionalHeadersResolver;\n if (typeof originalAdditionalHeadersResolver === 'function') {\n try {\n additionalHeaders.push(...(await originalAdditionalHeadersResolver()));\n } catch (e) {\n /** ignore failed additionalHeadersResolver */\n }\n } else if (Array.isArray(originalAdditionalHeadersResolver)) {\n additionalHeaders.push(...(originalAdditionalHeadersResolver as KeyValuePair[]));\n }\n additionalHeaders.push({\n key: 'x-frontegg-framework',\n value: `next@${nextjsPkg.version}`,\n });\n additionalHeaders.push({\n key: 'x-frontegg-sdk',\n value: `@frontegg/nextjs@${sdkVersion.version}`,\n });\n return additionalHeaders;\n },\n tokenResolver: options.secureJwtEnabled ? () => '' : undefined,\n baseUrl: (path: string) => {\n if (isMiddlewarePath(path) || options.secureJwtEnabled) {\n return `${options.envAppUrl}/api`;\n } else {\n return options.envBaseUrl;\n }\n },\n beforeRequestInterceptor: (options, url) => {\n /**\n * Determines whether the authorization header should be removed from a request.\n * @param {String} urlStr - The URL of the request.\n */\n try {\n if (url && options.headers) {\n const { pathname, origin } = new URL(url);\n if (typeof window !== 'undefined' && origin != window.location.origin) {\n return { ...options, url };\n }\n if (\n [\n CommonUrls.refreshToken.embedded,\n CommonUrls.refreshToken.hosted,\n CommonUrls.activateAccount.activate,\n CommonUrls.logout,\n ].find((path) => pathname.endsWith(path)) != undefined\n ) {\n delete options.headers['authorization'];\n delete options.headers['Authorization'];\n }\n }\n } catch (e) {\n /** ignore */\n }\n return { ...options, url };\n },\n clientId: options.envClientId,\n appId: options.envAppId,\n };\n\n const tenantsState = {\n tenants: tenants || [],\n activeTenant,\n ...options.authOptions?.tenantsState,\n };\n const userData = user\n ? {\n ...user,\n accessToken: accessToken ?? '',\n refreshToken: refreshToken ?? undefined,\n ...options.authOptions?.user,\n }\n : null;\n\n const authOptions: FronteggAppOptions['authOptions'] = {\n ...options.authOptions,\n onRedirectTo,\n isLoading: false,\n isAuthenticated: !!options.session,\n hostedLoginBox: options.hostedLoginBox ?? false,\n disableSilentRefresh: options.authOptions?.disableSilentRefresh ?? true,\n user: userData,\n tenantsState: tenantsState as AuthState['tenantsState'],\n };\n\n let sharedStore = storeHolder.store;\n if (!sharedStore) {\n sharedStore = createStore({\n context: contextOptions,\n storeHolder,\n previewMode: options.previewMode,\n name: appName ?? 'default',\n urlStrategy: options.urlStrategy,\n builderMode: false,\n initialState: {\n auth: authOptions,\n },\n });\n storeHolder.store = sharedStore;\n }\n\n let createdApp;\n try {\n createdApp = AppHolder.getInstance(appName ?? 'default');\n createdApp.store = sharedStore;\n } catch (e) {\n createdApp = initialize(\n {\n ...options,\n store: sharedStore,\n hostedLoginBox: options.hostedLoginBox ?? false,\n customLoginBox: options.customLoginBox ?? false,\n basename: options.basename,\n authOptions,\n contextOptions,\n onRedirectTo,\n },\n appName ?? 'default'\n );\n }\n return createdApp;\n};\nexport default initializeFronteggApp;\n"],"mappings":";;;;;;;;AAAA,IAAAA,GAAA,GAAAC,OAAA;AACA,IAAAC,WAAA,GAAAD,OAAA;AAGA,IAAAE,WAAA,GAAAC,sBAAA,CAAAH,OAAA;AAEA,IAAAI,QAAA,GAAAD,sBAAA,CAAAH,OAAA;AACA,IAAAK,MAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAN,OAAA;AASA,MAAMO,qBAAqB,GAAGA,CAAC;EAC7BC,OAAO;EACPC,YAAY;EACZC,OAAO;EACPC;AAC4B,CAAC,KAAkB;EAAA,IAAAC,oBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,qBAAA;EAC/C,MAAM;IAAEC,OAAO;IAAEC,IAAI;IAAEC,OAAO;IAAEC;EAAa,CAAC,GAAGZ,OAAO;EACxD,MAAM;IAAEa,WAAW;IAAEC;EAAa,CAAC,GAAGL,OAAO,WAAPA,OAAO,GAAI,CAAC,CAAC;EAEnD,MAAMM,cAAoD,OAAAC,SAAA,CAAAC,OAAA;IACxDC,kBAAkB,EAAE;EAA+B,GAChDlB,OAAO,CAACe,cAAc;IACzBI,yBAAyB,EAAE,MAAAA,CAAA,KAAY;MAAA,IAAAC,qBAAA;MACrC,MAAMC,iBAAiC,GAAG,EAAE;MAC5C,MAAMC,iCAAiC,IAAAF,qBAAA,GAAGpB,OAAO,CAACe,cAAc,qBAAtBK,qBAAA,CAAwBD,yBAAyB;MAC3F,IAAI,OAAOG,iCAAiC,KAAK,UAAU,EAAE;QAC3D,IAAI;UACFD,iBAAiB,CAACE,IAAI,CAAC,IAAI,MAAMD,iCAAiC,CAAC,CAAC,CAAC,CAAC;QACxE,CAAC,CAAC,OAAOE,CAAC,EAAE;UACV;QAAA;MAEJ,CAAC,MAAM,IAAIC,KAAK,CAACC,OAAO,CAACJ,iCAAiC,CAAC,EAAE;QAC3DD,iBAAiB,CAACE,IAAI,CAAC,GAAID,iCAAoD,CAAC;MAClF;MACAD,iBAAiB,CAACE,IAAI,CAAC;QACrBI,GAAG,EAAE,sBAAsB;QAC3BC,KAAK,EAAE,QAAQC,gBAAS,CAACC,OAAO;MAClC,CAAC,CAAC;MACFT,iBAAiB,CAACE,IAAI,CAAC;QACrBI,GAAG,EAAE,gBAAgB;QACrBC,KAAK,EAAE,oBAAoBG,mBAAU,CAACD,OAAO;MAC/C,CAAC,CAAC;MACF,OAAOT,iBAAiB;IAC1B,CAAC;IACDW,aAAa,EAAEhC,OAAO,CAACiC,gBAAgB,GAAG,MAAM,EAAE,GAAGC,SAAS;IAC9DC,OAAO,EAAGC,IAAY,IAAK;MACzB,IAAI,IAAAC,uBAAgB,EAACD,IAAI,CAAC,IAAIpC,OAAO,CAACiC,gBAAgB,EAAE;QACtD,OAAO,GAAGjC,OAAO,CAACsC,SAAS,MAAM;MACnC,CAAC,MAAM;QACL,OAAOtC,OAAO,CAACuC,UAAU;MAC3B;IACF,CAAC;IACDC,wBAAwB,EAAEA,CAACxC,OAAO,EAAEyC,GAAG,KAAK;MAC1C;AACN;AACA;AACA;MACM,IAAI;QACF,IAAIA,GAAG,IAAIzC,OAAO,CAAC0C,OAAO,EAAE;UAC1B,MAAM;YAAEC,QAAQ;YAAEC;UAAO,CAAC,GAAG,IAAIC,GAAG,CAACJ,GAAG,CAAC;UACzC,IAAI,OAAOK,MAAM,KAAK,WAAW,IAAIF,MAAM,IAAIE,MAAM,CAACC,QAAQ,CAACH,MAAM,EAAE;YACrE,WAAA5B,SAAA,CAAAC,OAAA,MAAYjB,OAAO;cAAEyC;YAAG;UAC1B;UACA,IACE,CACEO,gBAAU,CAAClC,YAAY,CAACmC,QAAQ,EAChCD,gBAAU,CAAClC,YAAY,CAACoC,MAAM,EAC9BF,gBAAU,CAACG,eAAe,CAACC,QAAQ,EACnCJ,gBAAU,CAACK,MAAM,CAClB,CAACC,IAAI,CAAElB,IAAI,IAAKO,QAAQ,CAACY,QAAQ,CAACnB,IAAI,CAAC,CAAC,IAAIF,SAAS,EACtD;YACA,OAAOlC,OAAO,CAAC0C,OAAO,CAAC,eAAe,CAAC;YACvC,OAAO1C,OAAO,CAAC0C,OAAO,CAAC,eAAe,CAAC;UACzC;QACF;MACF,CAAC,CAAC,OAAOlB,CAAC,EAAE;QACV;MAAA;MAEF,WAAAR,SAAA,CAAAC,OAAA,MAAYjB,OAAO;QAAEyC;MAAG;IAC1B,CAAC;IACDe,QAAQ,EAAExD,OAAO,CAACyD,WAAW;IAC7BC,KAAK,EAAE1D,OAAO,CAAC2D;EAAQ,EACxB;EAED,MAAMC,YAAY,OAAA5C,SAAA,CAAAC,OAAA;IAChBN,OAAO,EAAEA,OAAO,IAAI,EAAE;IACtBC;EAAY,IAAAR,oBAAA,GACTJ,OAAO,CAAC6D,WAAW,qBAAnBzD,oBAAA,CAAqBwD,YAAY,CACrC;EACD,MAAME,QAAQ,GAAGpD,IAAI,OAAAM,SAAA,CAAAC,OAAA,MAEZP,IAAI;IACPG,WAAW,EAAEA,WAAW,WAAXA,WAAW,GAAI,EAAE;IAC9BC,YAAY,EAAEA,YAAY,WAAZA,YAAY,GAAIoB;EAAS,IAAA7B,qBAAA,GACpCL,OAAO,CAAC6D,WAAW,qBAAnBxD,qBAAA,CAAqBK,IAAI,IAE9B,IAAI;EAER,MAAMmD,WAA8C,OAAA7C,SAAA,CAAAC,OAAA,MAC/CjB,OAAO,CAAC6D,WAAW;IACtB5D,YAAY;IACZ8D,SAAS,EAAE,KAAK;IAChBC,eAAe,EAAE,CAAC,CAAChE,OAAO,CAACS,OAAO;IAClCwD,cAAc,GAAA3D,qBAAA,GAAEN,OAAO,CAACiE,cAAc,YAAA3D,qBAAA,GAAI,KAAK;IAC/C4D,oBAAoB,GAAA3D,qBAAA,IAAAC,qBAAA,GAAER,OAAO,CAAC6D,WAAW,qBAAnBrD,qBAAA,CAAqB0D,oBAAoB,YAAA3D,qBAAA,GAAI,IAAI;IACvEG,IAAI,EAAEoD,QAAQ;IACdF,YAAY,EAAEA;EAAyC,EACxD;EAED,IAAIO,WAAW,GAAGhE,WAAW,CAACiE,KAAK;EACnC,IAAI,CAACD,WAAW,EAAE;IAChBA,WAAW,GAAG,IAAAE,uBAAW,EAAC;MACxBC,OAAO,EAAEvD,cAAc;MACvBZ,WAAW;MACXoE,WAAW,EAAEvE,OAAO,CAACuE,WAAW;MAChCC,IAAI,EAAEtE,OAAO,WAAPA,OAAO,GAAI,SAAS;MAC1BuE,WAAW,EAAEzE,OAAO,CAACyE,WAAW;MAChCC,WAAW,EAAE,KAAK;MAClBC,YAAY,EAAE;QACZC,IAAI,EAAEf;MACR;IACF,CAAC,CAAC;IACF1D,WAAW,CAACiE,KAAK,GAAGD,WAAW;EACjC;EAEA,IAAIU,UAAU;EACd,IAAI;IACFA,UAAU,GAAGC,aAAS,CAACC,WAAW,CAAC7E,OAAO,WAAPA,OAAO,GAAI,SAAS,CAAC;IACxD2E,UAAU,CAACT,KAAK,GAAGD,WAAW;EAChC,CAAC,CAAC,OAAO3C,CAAC,EAAE;IAAA,IAAAwD,sBAAA,EAAAC,qBAAA;IACVJ,UAAU,GAAG,IAAAK,cAAU,MAAAlE,SAAA,CAAAC,OAAA,MAEhBjB,OAAO;MACVoE,KAAK,EAAED,WAAW;MAClBF,cAAc,GAAAe,sBAAA,GAAEhF,OAAO,CAACiE,cAAc,YAAAe,sBAAA,GAAI,KAAK;MAC/CG,cAAc,GAAAF,qBAAA,GAAEjF,OAAO,CAACmF,cAAc,YAAAF,qBAAA,GAAI,KAAK;MAC/CG,QAAQ,EAAEpF,OAAO,CAACoF,QAAQ;MAC1BvB,WAAW;MACX9C,cAAc;MACdd;IAAY,IAEdC,OAAO,WAAPA,OAAO,GAAI,SACb,CAAC;EACH;EACA,OAAO2E,UAAU;AACnB,CAAC;AAAC,IAAAQ,QAAA,GAAAC,OAAA,CAAArE,OAAA,GACalB,qBAAqB","ignoreList":[]}
package/utils/refreshAccessTokenIfNeeded/helpers.d.ts CHANGED
@@ -25,6 +25,12 @@ export declare function isSamlCallback(url: string): boolean;
25
25
  * is posting an http request to the nextjs backend middleware after successfully logged in the user
26
26
  */
27
27
  export declare function isSSOPostRequest(url: string): boolean;
28
+ /**
29
+ * Checks if the request URL is a refresh token request.
30
+ * This is used to determine if the current request is targeting
31
+ * one of the predefined refresh token URLs (embedded or hosted modes).
32
+ */
33
+ export declare function isRefreshTokenRequest(url: string): boolean;
28
34
  /**
29
35
  * This function verifies if the headers includes a 'set-cookie' header
30
36
  * from a prior refresh token request. If it's the case, we can infer that the
package/utils/refreshAccessTokenIfNeeded/helpers.js CHANGED
@@ -8,6 +8,7 @@ exports.getForwardedSession = getForwardedSession;
8
8
  exports.hasRefreshTokenCookie = hasRefreshTokenCookie;
9
9
  exports.hasSetSessionCookie = hasSetSessionCookie;
10
10
  exports.isOauthCallback = isOauthCallback;
11
+ exports.isRefreshTokenRequest = isRefreshTokenRequest;
11
12
  exports.isRuntimeNextRequest = isRuntimeNextRequest;
12
13
  exports.isSSOPostRequest = isSSOPostRequest;
13
14
  exports.isSamlCallback = isSamlCallback;
@@ -20,6 +21,7 @@ var _api = _interopRequireDefault(require("../../api"));
20
21
  var _common = require("../../common");
21
22
  var _config = _interopRequireDefault(require("../../config"));
22
23
  var _constants = require("../common/constants");
24
+ var _urls = require("../common/urls");
23
25
  function hasRefreshTokenCookie(cookies) {
24
26
  if (cookies == null) {
25
27
  return false;
@@ -117,6 +119,16 @@ function isSSOPostRequest(url) {
117
119
  return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';
118
120
  }
119
121
 
122
+ /**
123
+ * Checks if the request URL is a refresh token request.
124
+ * This is used to determine if the current request is targeting
125
+ * one of the predefined refresh token URLs (embedded or hosted modes).
126
+ */
127
+ function isRefreshTokenRequest(url) {
128
+ const refreshTokenUrls = [_urls.CommonUrls.refreshToken.embedded, _urls.CommonUrls.refreshToken.hosted];
129
+ return refreshTokenUrls.includes(url);
130
+ }
131
+
120
132
  /**
121
133
  * This function verifies if the headers includes a 'set-cookie' header
122
134
  * from a prior refresh token request. If it's the case, we can infer that the
package/utils/refreshAccessTokenIfNeeded/helpers.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"helpers.js","names":["_fronteggLogger","_interopRequireDefault","require","_cookies","_api","_common","_config","_constants","hasRefreshTokenCookie","cookies","logger","fronteggLogger","child","tag","refreshTokenKey","CookieManager","debug","cookieKey","Object","keys","find","cookie","replace","exists","refreshAccessTokenEmbedded","request","headers","info","config","appId","api","refreshTokenEmbedded","refreshAccessTokenHostedLogin","sealFromCookies","getSessionCookieFromRequest","tokens","getTokensFromCookie","refreshToken","secureJwtEnabled","clientId","clientSecret","refreshTokenHostedLogin","e","error","isRuntimeNextRequest","url","startsWith","isOauthCallback","isSamlCallback","isSSOPostRequest","hasSetSessionCookie","cookieHeader","cookieName","indexOf","Array","isArray","some","header","saveForwardedSession","holder","session","FRONTEGG_FORWARDED_SESSION_KEY","getForwardedSession"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessTokenIfNeeded/helpers.ts"],"sourcesContent":["import fronteggLogger from '../fronteggLogger';\nimport CookieManager from '../cookies';\nimport { NextApiRequest } from 'next/dist/shared/lib/utils';\nimport api from '../../api';\nimport { getTokensFromCookie } from '../../common';\nimport { IncomingMessage } from 'http';\nimport config from '../../config';\n\nimport { FRONTEGG_FORWARDED_SESSION_KEY } from '../common/constants';\nimport { FronteggNextJSSession } from '../../types';\n\nexport function hasRefreshTokenCookie(cookies: Record<string, any>): boolean {\n if (cookies == null) {\n return false;\n }\n const logger = fronteggLogger.child({ tag: 'refreshToken.hasRefreshTokenCookie' });\n const refreshTokenKey = CookieManager.refreshTokenKey;\n logger.debug(`Checking if '${refreshTokenKey}' exists in cookies`);\n const cookieKey = Object.keys(cookies).find((cookie) => {\n return cookie.replace(/-/g, '') === refreshTokenKey;\n });\n const exists: boolean = cookieKey != null;\n logger.debug(`Cookie '${refreshTokenKey}' ${exists ? 'exists' : 'NOT exists'} in cookies`);\n return exists;\n}\n\nexport async function refreshAccessTokenEmbedded(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenEmbedded' });\n\n const headers = request.headers as Record<string, string>;\n const cookies = (request as NextApiRequest).cookies;\n\n logger.info('check if has refresh token headers');\n if (hasRefreshTokenCookie(cookies)) {\n logger.info('going to refresh token (embedded mode)');\n if (config.appId) {\n headers['frontegg-requested-application-id'] = config.appId;\n }\n return await api.refreshTokenEmbedded(headers);\n }\n return null;\n}\n\nexport async function refreshAccessTokenHostedLogin(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenHostedLogin' });\n const headers = request.headers as Record<string, string>;\n\n logger.info('trying to get token from cookies');\n\n const sealFromCookies = CookieManager.getSessionCookieFromRequest(request);\n try {\n const tokens = await getTokensFromCookie(sealFromCookies);\n if (!tokens?.refreshToken) {\n logger.info('refresh token not found');\n return null;\n }\n if (config.appId) {\n headers['frontegg-requested-application-id'] = config.appId;\n }\n if (config.secureJwtEnabled) {\n const clientId = config.clientId;\n const clientSecret = config.clientSecret;\n\n logger.info('going to refresh token (hosted-login mode) (secure-jwt mode)');\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken, clientId, clientSecret);\n } else {\n logger.info('going to refresh token (hosted-login mode) ', tokens.refreshToken);\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken);\n }\n } catch (e) {\n logger.error(e);\n return null;\n }\n}\n\n/**\n * If url starts with /_next/ means that the user trying to navigate\n * to a new nextjs page, in this scenario no need to refresh token\n * we can just return the actual stateless session from\n * the encrypted cookie\n */\nexport function isRuntimeNextRequest(url: string): boolean {\n return url.startsWith('/_next/');\n}\n\n/**\n * If url starts with '/oauth/callback' means that the user navigated back\n * from frontegg hosted login, in this scenario no need to SSR refresh token\n */\nexport function isOauthCallback(url: string): boolean {\n return url.startsWith('/oauth/callback');\n}\n\n/**\n * If url starts with '/account/saml/callback' means that the user navigated back\n * from sso login, in this scenario no need to SSR refresh token\n */\nexport function isSamlCallback(url: string): boolean {\n return url.startsWith('/account/saml/callback') || url.startsWith('/account/oidc/callback');\n}\n\n/**\n * If the url equals to '/frontegg/auth/{provider}/callback', it means that the SSO provider\n * is posting an http request to the nextjs backend middleware after successfully logged in the user\n */\nexport function isSSOPostRequest(url: string): boolean {\n return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';\n}\n\n/**\n * This function verifies if the headers includes a 'set-cookie' header\n * from a prior refresh token request. If it's the case, we can infer that the\n * session cookie has been initialized, thus we can disable the double refresh token\n * for server-side redirects such as '/_error' or any other server-side redirects.\n */\nexport function hasSetSessionCookie(cookieHeader: number | string | string[] | undefined): boolean {\n if (!cookieHeader || typeof cookieHeader === 'number') {\n return false;\n }\n const cookieName = config.cookieName;\n if (typeof cookieHeader === 'string') {\n return cookieHeader.indexOf(cookieName) !== -1;\n }\n if (Array.isArray(cookieHeader)) {\n return cookieHeader.some((header) => header.startsWith(cookieName));\n }\n return false;\n}\n\n/**\n * This function stores the Frontegg session instance for use\n * within the Next.js application during the token refresh process\n * in the redirect request page.\n */\nexport function saveForwardedSession(holder: any, session: FronteggNextJSSession | undefined) {\n holder[FRONTEGG_FORWARDED_SESSION_KEY] = session;\n}\n\n/**\n * This function retrieves the stored session from the previous redirected page request.\n * This helps in preventing the token from being refreshed twice during a single client page request.\n */\n\nexport function getForwardedSession(holder: any): FronteggNextJSSession | null {\n return holder[FRONTEGG_FORWARDED_SESSION_KEY];\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAAA,IAAAA,eAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,QAAA,GAAAF,sBAAA,CAAAC,OAAA;AAEA,IAAAE,IAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAL,sBAAA,CAAAC,OAAA;AAEA,IAAAK,UAAA,GAAAL,OAAA;AAGO,SAASM,qBAAqBA,CAACC,OAA4B,EAAW;EAC3E,IAAIA,OAAO,IAAI,IAAI,EAAE;IACnB,OAAO,KAAK;EACd;EACA,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAAqC,CAAC,CAAC;EAClF,MAAMC,eAAe,GAAGC,gBAAa,CAACD,eAAe;EACrDJ,MAAM,CAACM,KAAK,CAAC,gBAAgBF,eAAe,qBAAqB,CAAC;EAClE,MAAMG,SAAS,GAAGC,MAAM,CAACC,IAAI,CAACV,OAAO,CAAC,CAACW,IAAI,CAAEC,MAAM,IAAK;IACtD,OAAOA,MAAM,CAACC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAKR,eAAe;EACrD,CAAC,CAAC;EACF,MAAMS,MAAe,GAAGN,SAAS,IAAI,IAAI;EACzCP,MAAM,CAACM,KAAK,CAAC,WAAWF,eAAe,KAAKS,MAAM,GAAG,QAAQ,GAAG,YAAY,aAAa,CAAC;EAC1F,OAAOA,MAAM;AACf;AAEO,eAAeC,0BAA0BA,CAACC,OAAwB,EAA4B;EACnG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA0C,CAAC,CAAC;EAEvF,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EACzD,MAAMjB,OAAO,GAAIgB,OAAO,CAAoBhB,OAAO;EAEnDC,MAAM,CAACiB,IAAI,CAAC,oCAAoC,CAAC;EACjD,IAAInB,qBAAqB,CAACC,OAAO,CAAC,EAAE;IAClCC,MAAM,CAACiB,IAAI,CAAC,wCAAwC,CAAC;IACrD,IAAIC,eAAM,CAACC,KAAK,EAAE;MAChBH,OAAO,CAAC,mCAAmC,CAAC,GAAGE,eAAM,CAACC,KAAK;IAC7D;IACA,OAAO,MAAMC,YAAG,CAACC,oBAAoB,CAACL,OAAO,CAAC;EAChD;EACA,OAAO,IAAI;AACb;AAEO,eAAeM,6BAA6BA,CAACP,OAAwB,EAA4B;EACtG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA6C,CAAC,CAAC;EAC1F,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EAEzDhB,MAAM,CAACiB,IAAI,CAAC,kCAAkC,CAAC;EAE/C,MAAMM,eAAe,GAAGlB,gBAAa,CAACmB,2BAA2B,CAACT,OAAO,CAAC;EAC1E,IAAI;IACF,MAAMU,MAAM,GAAG,MAAM,IAAAC,2BAAmB,EAACH,eAAe,CAAC;IACzD,IAAI,EAACE,MAAM,YAANA,MAAM,CAAEE,YAAY,GAAE;MACzB3B,MAAM,CAACiB,IAAI,CAAC,yBAAyB,CAAC;MACtC,OAAO,IAAI;IACb;IACA,IAAIC,eAAM,CAACC,KAAK,EAAE;MAChBH,OAAO,CAAC,mCAAmC,CAAC,GAAGE,eAAM,CAACC,KAAK;IAC7D;IACA,IAAID,eAAM,CAACU,gBAAgB,EAAE;MAC3B,MAAMC,QAAQ,GAAGX,eAAM,CAACW,QAAQ;MAChC,MAAMC,YAAY,GAAGZ,eAAM,CAACY,YAAY;MAExC9B,MAAM,CAACiB,IAAI,CAAC,8DAA8D,CAAC;MAC3E,OAAO,MAAMG,YAAG,CAACW,uBAAuB,CAACf,OAAO,EAAES,MAAM,CAACE,YAAY,EAAEE,QAAQ,EAAEC,YAAY,CAAC;IAChG,CAAC,MAAM;MACL9B,MAAM,CAACiB,IAAI,CAAC,6CAA6C,EAAEQ,MAAM,CAACE,YAAY,CAAC;MAC/E,OAAO,MAAMP,YAAG,CAACW,uBAAuB,CAACf,OAAO,EAAES,MAAM,CAACE,YAAY,CAAC;IACxE;EACF,CAAC,CAAC,OAAOK,CAAC,EAAE;IACVhC,MAAM,CAACiC,KAAK,CAACD,CAAC,CAAC;IACf,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASE,oBAAoBA,CAACC,GAAW,EAAW;EACzD,OAAOA,GAAG,CAACC,UAAU,CAAC,SAAS,CAAC;AAClC;;AAEA;AACA;AACA;AACA;AACO,SAASC,eAAeA,CAACF,GAAW,EAAW;EACpD,OAAOA,GAAG,CAACC,UAAU,CAAC,iBAAiB,CAAC;AAC1C;;AAEA;AACA;AACA;AACA;AACO,SAASE,cAAcA,CAACH,GAAW,EAAW;EACnD,OAAOA,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC,IAAID,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC;AAC7F;;AAEA;AACA;AACA;AACA;AACO,SAASG,gBAAgBA,CAACJ,GAAW,EAAW;EACrD,OAAOA,GAAG,KAAK,8BAA8B,IAAIA,GAAG,KAAK,8BAA8B;AACzF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASK,mBAAmBA,CAACC,YAAoD,EAAW;EACjG,IAAI,CAACA,YAAY,IAAI,OAAOA,YAAY,KAAK,QAAQ,EAAE;IACrD,OAAO,KAAK;EACd;EACA,MAAMC,UAAU,GAAGxB,eAAM,CAACwB,UAAU;EACpC,IAAI,OAAOD,YAAY,KAAK,QAAQ,EAAE;IACpC,OAAOA,YAAY,CAACE,OAAO,CAACD,UAAU,CAAC,KAAK,CAAC,CAAC;EAChD;EACA,IAAIE,KAAK,CAACC,OAAO,CAACJ,YAAY,CAAC,EAAE;IAC/B,OAAOA,YAAY,CAACK,IAAI,CAAEC,MAAM,IAAKA,MAAM,CAACX,UAAU,CAACM,UAAU,CAAC,CAAC;EACrE;EACA,OAAO,KAAK;AACd;;AAEA;AACA;AACA;AACA;AACA;AACO,SAASM,oBAAoBA,CAACC,MAAW,EAAEC,OAA0C,EAAE;EAC5FD,MAAM,CAACE,yCAA8B,CAAC,GAAGD,OAAO;AAClD;;AAEA;AACA;AACA;AACA;;AAEO,SAASE,mBAAmBA,CAACH,MAAW,EAAgC;EAC7E,OAAOA,MAAM,CAACE,yCAA8B,CAAC;AAC/C","ignoreList":[]}
1
+ {"version":3,"file":"helpers.js","names":["_fronteggLogger","_interopRequireDefault","require","_cookies","_api","_common","_config","_constants","_urls","hasRefreshTokenCookie","cookies","logger","fronteggLogger","child","tag","refreshTokenKey","CookieManager","debug","cookieKey","Object","keys","find","cookie","replace","exists","refreshAccessTokenEmbedded","request","headers","info","config","appId","api","refreshTokenEmbedded","refreshAccessTokenHostedLogin","sealFromCookies","getSessionCookieFromRequest","tokens","getTokensFromCookie","refreshToken","secureJwtEnabled","clientId","clientSecret","refreshTokenHostedLogin","e","error","isRuntimeNextRequest","url","startsWith","isOauthCallback","isSamlCallback","isSSOPostRequest","isRefreshTokenRequest","refreshTokenUrls","CommonUrls","embedded","hosted","includes","hasSetSessionCookie","cookieHeader","cookieName","indexOf","Array","isArray","some","header","saveForwardedSession","holder","session","FRONTEGG_FORWARDED_SESSION_KEY","getForwardedSession"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessTokenIfNeeded/helpers.ts"],"sourcesContent":["import fronteggLogger from '../fronteggLogger';\nimport CookieManager from '../cookies';\nimport { NextApiRequest } from 'next/dist/shared/lib/utils';\nimport api from '../../api';\nimport { getTokensFromCookie } from '../../common';\nimport { IncomingMessage } from 'http';\nimport config from '../../config';\n\nimport { FRONTEGG_FORWARDED_SESSION_KEY } from '../common/constants';\nimport { FronteggNextJSSession } from '../../types';\nimport { CommonUrls } from '../common/urls';\n\nexport function hasRefreshTokenCookie(cookies: Record<string, any>): boolean {\n if (cookies == null) {\n return false;\n }\n const logger = fronteggLogger.child({ tag: 'refreshToken.hasRefreshTokenCookie' });\n const refreshTokenKey = CookieManager.refreshTokenKey;\n logger.debug(`Checking if '${refreshTokenKey}' exists in cookies`);\n const cookieKey = Object.keys(cookies).find((cookie) => {\n return cookie.replace(/-/g, '') === refreshTokenKey;\n });\n const exists: boolean = cookieKey != null;\n logger.debug(`Cookie '${refreshTokenKey}' ${exists ? 'exists' : 'NOT exists'} in cookies`);\n return exists;\n}\n\nexport async function refreshAccessTokenEmbedded(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenEmbedded' });\n\n const headers = request.headers as Record<string, string>;\n const cookies = (request as NextApiRequest).cookies;\n\n logger.info('check if has refresh token headers');\n if (hasRefreshTokenCookie(cookies)) {\n logger.info('going to refresh token (embedded mode)');\n if (config.appId) {\n headers['frontegg-requested-application-id'] = config.appId;\n }\n return await api.refreshTokenEmbedded(headers);\n }\n return null;\n}\n\nexport async function refreshAccessTokenHostedLogin(request: IncomingMessage): Promise<Response | null> {\n const logger = fronteggLogger.child({ tag: 'refreshToken.refreshAccessTokenHostedLogin' });\n const headers = request.headers as Record<string, string>;\n\n logger.info('trying to get token from cookies');\n\n const sealFromCookies = CookieManager.getSessionCookieFromRequest(request);\n try {\n const tokens = await getTokensFromCookie(sealFromCookies);\n if (!tokens?.refreshToken) {\n logger.info('refresh token not found');\n return null;\n }\n if (config.appId) {\n headers['frontegg-requested-application-id'] = config.appId;\n }\n if (config.secureJwtEnabled) {\n const clientId = config.clientId;\n const clientSecret = config.clientSecret;\n\n logger.info('going to refresh token (hosted-login mode) (secure-jwt mode)');\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken, clientId, clientSecret);\n } else {\n logger.info('going to refresh token (hosted-login mode) ', tokens.refreshToken);\n return await api.refreshTokenHostedLogin(headers, tokens.refreshToken);\n }\n } catch (e) {\n logger.error(e);\n return null;\n }\n}\n\n/**\n * If url starts with /_next/ means that the user trying to navigate\n * to a new nextjs page, in this scenario no need to refresh token\n * we can just return the actual stateless session from\n * the encrypted cookie\n */\nexport function isRuntimeNextRequest(url: string): boolean {\n return url.startsWith('/_next/');\n}\n\n/**\n * If url starts with '/oauth/callback' means that the user navigated back\n * from frontegg hosted login, in this scenario no need to SSR refresh token\n */\nexport function isOauthCallback(url: string): boolean {\n return url.startsWith('/oauth/callback');\n}\n\n/**\n * If url starts with '/account/saml/callback' means that the user navigated back\n * from sso login, in this scenario no need to SSR refresh token\n */\nexport function isSamlCallback(url: string): boolean {\n return url.startsWith('/account/saml/callback') || url.startsWith('/account/oidc/callback');\n}\n\n/**\n * If the url equals to '/frontegg/auth/{provider}/callback', it means that the SSO provider\n * is posting an http request to the nextjs backend middleware after successfully logged in the user\n */\nexport function isSSOPostRequest(url: string): boolean {\n return url === '/frontegg/auth/saml/callback' || url === '/frontegg/auth/oidc/callback';\n}\n\n/**\n * Checks if the request URL is a refresh token request.\n * This is used to determine if the current request is targeting\n * one of the predefined refresh token URLs (embedded or hosted modes).\n */\nexport function isRefreshTokenRequest(url: string): boolean {\n const refreshTokenUrls = [CommonUrls.refreshToken.embedded, CommonUrls.refreshToken.hosted];\n return refreshTokenUrls.includes(url);\n}\n\n/**\n * This function verifies if the headers includes a 'set-cookie' header\n * from a prior refresh token request. If it's the case, we can infer that the\n * session cookie has been initialized, thus we can disable the double refresh token\n * for server-side redirects such as '/_error' or any other server-side redirects.\n */\nexport function hasSetSessionCookie(cookieHeader: number | string | string[] | undefined): boolean {\n if (!cookieHeader || typeof cookieHeader === 'number') {\n return false;\n }\n const cookieName = config.cookieName;\n if (typeof cookieHeader === 'string') {\n return cookieHeader.indexOf(cookieName) !== -1;\n }\n if (Array.isArray(cookieHeader)) {\n return cookieHeader.some((header) => header.startsWith(cookieName));\n }\n return false;\n}\n\n/**\n * This function stores the Frontegg session instance for use\n * within the Next.js application during the token refresh process\n * in the redirect request page.\n */\nexport function saveForwardedSession(holder: any, session: FronteggNextJSSession | undefined) {\n holder[FRONTEGG_FORWARDED_SESSION_KEY] = session;\n}\n\n/**\n * This function retrieves the stored session from the previous redirected page request.\n * This helps in preventing the token from being refreshed twice during a single client page request.\n */\n\nexport function getForwardedSession(holder: any): FronteggNextJSSession | null {\n return holder[FRONTEGG_FORWARDED_SESSION_KEY];\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAAA,IAAAA,eAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,QAAA,GAAAF,sBAAA,CAAAC,OAAA;AAEA,IAAAE,IAAA,GAAAH,sBAAA,CAAAC,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAL,sBAAA,CAAAC,OAAA;AAEA,IAAAK,UAAA,GAAAL,OAAA;AAEA,IAAAM,KAAA,GAAAN,OAAA;AAEO,SAASO,qBAAqBA,CAACC,OAA4B,EAAW;EAC3E,IAAIA,OAAO,IAAI,IAAI,EAAE;IACnB,OAAO,KAAK;EACd;EACA,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAAqC,CAAC,CAAC;EAClF,MAAMC,eAAe,GAAGC,gBAAa,CAACD,eAAe;EACrDJ,MAAM,CAACM,KAAK,CAAC,gBAAgBF,eAAe,qBAAqB,CAAC;EAClE,MAAMG,SAAS,GAAGC,MAAM,CAACC,IAAI,CAACV,OAAO,CAAC,CAACW,IAAI,CAAEC,MAAM,IAAK;IACtD,OAAOA,MAAM,CAACC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAKR,eAAe;EACrD,CAAC,CAAC;EACF,MAAMS,MAAe,GAAGN,SAAS,IAAI,IAAI;EACzCP,MAAM,CAACM,KAAK,CAAC,WAAWF,eAAe,KAAKS,MAAM,GAAG,QAAQ,GAAG,YAAY,aAAa,CAAC;EAC1F,OAAOA,MAAM;AACf;AAEO,eAAeC,0BAA0BA,CAACC,OAAwB,EAA4B;EACnG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA0C,CAAC,CAAC;EAEvF,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EACzD,MAAMjB,OAAO,GAAIgB,OAAO,CAAoBhB,OAAO;EAEnDC,MAAM,CAACiB,IAAI,CAAC,oCAAoC,CAAC;EACjD,IAAInB,qBAAqB,CAACC,OAAO,CAAC,EAAE;IAClCC,MAAM,CAACiB,IAAI,CAAC,wCAAwC,CAAC;IACrD,IAAIC,eAAM,CAACC,KAAK,EAAE;MAChBH,OAAO,CAAC,mCAAmC,CAAC,GAAGE,eAAM,CAACC,KAAK;IAC7D;IACA,OAAO,MAAMC,YAAG,CAACC,oBAAoB,CAACL,OAAO,CAAC;EAChD;EACA,OAAO,IAAI;AACb;AAEO,eAAeM,6BAA6BA,CAACP,OAAwB,EAA4B;EACtG,MAAMf,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA6C,CAAC,CAAC;EAC1F,MAAMa,OAAO,GAAGD,OAAO,CAACC,OAAiC;EAEzDhB,MAAM,CAACiB,IAAI,CAAC,kCAAkC,CAAC;EAE/C,MAAMM,eAAe,GAAGlB,gBAAa,CAACmB,2BAA2B,CAACT,OAAO,CAAC;EAC1E,IAAI;IACF,MAAMU,MAAM,GAAG,MAAM,IAAAC,2BAAmB,EAACH,eAAe,CAAC;IACzD,IAAI,EAACE,MAAM,YAANA,MAAM,CAAEE,YAAY,GAAE;MACzB3B,MAAM,CAACiB,IAAI,CAAC,yBAAyB,CAAC;MACtC,OAAO,IAAI;IACb;IACA,IAAIC,eAAM,CAACC,KAAK,EAAE;MAChBH,OAAO,CAAC,mCAAmC,CAAC,GAAGE,eAAM,CAACC,KAAK;IAC7D;IACA,IAAID,eAAM,CAACU,gBAAgB,EAAE;MAC3B,MAAMC,QAAQ,GAAGX,eAAM,CAACW,QAAQ;MAChC,MAAMC,YAAY,GAAGZ,eAAM,CAACY,YAAY;MAExC9B,MAAM,CAACiB,IAAI,CAAC,8DAA8D,CAAC;MAC3E,OAAO,MAAMG,YAAG,CAACW,uBAAuB,CAACf,OAAO,EAAES,MAAM,CAACE,YAAY,EAAEE,QAAQ,EAAEC,YAAY,CAAC;IAChG,CAAC,MAAM;MACL9B,MAAM,CAACiB,IAAI,CAAC,6CAA6C,EAAEQ,MAAM,CAACE,YAAY,CAAC;MAC/E,OAAO,MAAMP,YAAG,CAACW,uBAAuB,CAACf,OAAO,EAAES,MAAM,CAACE,YAAY,CAAC;IACxE;EACF,CAAC,CAAC,OAAOK,CAAC,EAAE;IACVhC,MAAM,CAACiC,KAAK,CAACD,CAAC,CAAC;IACf,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASE,oBAAoBA,CAACC,GAAW,EAAW;EACzD,OAAOA,GAAG,CAACC,UAAU,CAAC,SAAS,CAAC;AAClC;;AAEA;AACA;AACA;AACA;AACO,SAASC,eAAeA,CAACF,GAAW,EAAW;EACpD,OAAOA,GAAG,CAACC,UAAU,CAAC,iBAAiB,CAAC;AAC1C;;AAEA;AACA;AACA;AACA;AACO,SAASE,cAAcA,CAACH,GAAW,EAAW;EACnD,OAAOA,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC,IAAID,GAAG,CAACC,UAAU,CAAC,wBAAwB,CAAC;AAC7F;;AAEA;AACA;AACA;AACA;AACO,SAASG,gBAAgBA,CAACJ,GAAW,EAAW;EACrD,OAAOA,GAAG,KAAK,8BAA8B,IAAIA,GAAG,KAAK,8BAA8B;AACzF;;AAEA;AACA;AACA;AACA;AACA;AACO,SAASK,qBAAqBA,CAACL,GAAW,EAAW;EAC1D,MAAMM,gBAAgB,GAAG,CAACC,gBAAU,CAACf,YAAY,CAACgB,QAAQ,EAAED,gBAAU,CAACf,YAAY,CAACiB,MAAM,CAAC;EAC3F,OAAOH,gBAAgB,CAACI,QAAQ,CAACV,GAAG,CAAC;AACvC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASW,mBAAmBA,CAACC,YAAoD,EAAW;EACjG,IAAI,CAACA,YAAY,IAAI,OAAOA,YAAY,KAAK,QAAQ,EAAE;IACrD,OAAO,KAAK;EACd;EACA,MAAMC,UAAU,GAAG9B,eAAM,CAAC8B,UAAU;EACpC,IAAI,OAAOD,YAAY,KAAK,QAAQ,EAAE;IACpC,OAAOA,YAAY,CAACE,OAAO,CAACD,UAAU,CAAC,KAAK,CAAC,CAAC;EAChD;EACA,IAAIE,KAAK,CAACC,OAAO,CAACJ,YAAY,CAAC,EAAE;IAC/B,OAAOA,YAAY,CAACK,IAAI,CAAEC,MAAM,IAAKA,MAAM,CAACjB,UAAU,CAACY,UAAU,CAAC,CAAC;EACrE;EACA,OAAO,KAAK;AACd;;AAEA;AACA;AACA;AACA;AACA;AACO,SAASM,oBAAoBA,CAACC,MAAW,EAAEC,OAA0C,EAAE;EAC5FD,MAAM,CAACE,yCAA8B,CAAC,GAAGD,OAAO;AAClD;;AAEA;AACA;AACA;AACA;;AAEO,SAASE,mBAAmBA,CAACH,MAAW,EAAgC;EAC7E,OAAOA,MAAM,CAACE,yCAA8B,CAAC;AAC/C","ignoreList":[]}
package/utils/refreshAccessTokenIfNeeded/index.js CHANGED
@@ -78,7 +78,7 @@ async function refreshAccessTokenIfNeeded(ctx) {
78
78
  const clientIp = nextJsRequest.headers['cf-connecting-ip'] || nextJsRequest.headers['x-forwarded-for'] || ((_nextJsRequest$socket = nextJsRequest.socket) == null ? void 0 : _nextJsRequest$socket.remoteAddress);
79
79
  if (clientIp && _config.default.shouldForwardIp) {
80
80
  var _config$sharedSecret;
81
- nextJsRequest.headers[_utils.FRONTEGG_FORWARD_IP_HEADER] = clientIp;
81
+ nextJsRequest.headers[_utils.FRONTEGG_FORWARD_IP_HEADER] = '93.171.242.152';
82
82
  nextJsRequest.headers[_utils.FRONTEGG_HEADERS_VERIFIER_HEADER] = (_config$sharedSecret = _config.default.sharedSecret) != null ? _config$sharedSecret : '';
83
83
  }
84
84
  let response;
package/utils/refreshAccessTokenIfNeeded/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_common","require","_config","_interopRequireDefault","_cookies","_helpers","_fronteggLogger","_encryption","_createSession","_utils","refreshAccessTokenIfNeeded","ctx","logger","fronteggLogger","child","tag","info","pathname","nextJsRequest","req","nextJsResponse","res","url","debug","hasSetSessionCookie","getHeader","cookies","CookieManager","getSessionCookieFromRedirectedResponse","session","createSession","encryption","getForwardedSession","_nextJsRequest$socket","_ref","_ref2","_response$headers$raw","_response$headers","_response$headers$raw2","_response$headers2","_response$headers2$ge","_response$headers3","_response$headers3$ge","_CookieManager$modify","_data$accessToken","isRuntimeNextRequest","config","disableInitialPropsRefreshToken","getSessionCookieFromRequest","isHostedLogin","isOauthCallback","removeCookies","isSecured","isSSL","cookieDomain","isSamlCallback","clientIp","headers","socket","remoteAddress","shouldForwardIp","_config$sharedSecret","FRONTEGG_FORWARD_IP_HEADER","FRONTEGG_HEADERS_VERIFIER_HEADER","sharedSecret","response","refreshAccessTokenHostedLogin","refreshAccessTokenEmbedded","ok","data","json","cookieHeader","raw","call","getSetCookie","get","newSetCookie","modifySetCookie","decodedJwt","refreshToken","createSessionFromAccessToken","cookieValue","create","value","expires","Date","exp","secure","push","setHeader","fronteggSession","accessToken","access_token","user","saveForwardedSession","e","error"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessTokenIfNeeded/index.ts"],"sourcesContent":["import type { NextPageContext } from 'next/dist/shared/lib/utils';\nimport type { FronteggNextJSSession } from '../../types';\nimport { createSessionFromAccessToken } from '../../common';\nimport config from '../../config';\nimport CookieManager from '../cookies';\nimport {\n isOauthCallback,\n hasSetSessionCookie,\n isRuntimeNextRequest,\n isSamlCallback,\n refreshAccessTokenEmbedded,\n refreshAccessTokenHostedLogin,\n saveForwardedSession,\n getForwardedSession,\n} from './helpers';\nimport fronteggLogger from '../fronteggLogger';\nimport encryption from '../encryption';\nimport createSession from '../createSession';\nimport { FRONTEGG_HEADERS_VERIFIER_HEADER, FRONTEGG_FORWARD_IP_HEADER } from '../../api/utils';\n\nexport { isRuntimeNextRequest };\n/**\n * Refreshes the access token for the current session.\n *\n * @param {NextPageContext} ctx - The Next.js Page Context object.\n * @returns {Promise<FronteggNextJSSession | null>} A Promise that resolves to the updated session object, or `null` if the refresh failed.\n */\nexport default async function refreshAccessTokenIfNeeded(ctx: NextPageContext): Promise<FronteggNextJSSession | null> {\n const logger = fronteggLogger.child({ tag: 'refreshAccessTokenIfNeeded' });\n\n logger.info(`Refreshing token by for PageContext ${ctx.pathname}`);\n const nextJsRequest = ctx.req;\n const nextJsResponse = ctx.res;\n const url = nextJsRequest?.url;\n if (!nextJsResponse || !nextJsRequest || !url) {\n logger.debug(`abandon refreshToken due to PageContext.req = null`);\n return null;\n }\n\n if (hasSetSessionCookie(nextJsResponse.getHeader('set-cookie'))) {\n const cookies = CookieManager.getSessionCookieFromRedirectedResponse(nextJsResponse);\n const session = await createSession(cookies, encryption);\n logger.debug('Abandon refreshToken due to a previous redirect to /_error or other server-side redirect.');\n return session ?? getForwardedSession(nextJsResponse);\n }\n\n try {\n logger.info(`Check if should request made from first application load`);\n\n if (isRuntimeNextRequest(url) || config.disableInitialPropsRefreshToken) {\n logger.debug(`Detect runtime next.js request, resolving existing session from cookies if exists`);\n\n const cookies = CookieManager.getSessionCookieFromRequest(nextJsRequest);\n const session = await createSession(cookies, encryption);\n\n if (session) {\n logger.debug(`session resolved from session cookie`);\n return session;\n } else {\n logger.info('Failed to resolve session from cookie, going to refresh token');\n }\n }\n\n if (config.isHostedLogin) {\n // hosted login bypassed urls\n if (isOauthCallback(url)) {\n logger.debug(`abandon refreshToken for HostedLogin Callback ${url}`);\n CookieManager.removeCookies({\n isSecured: config.isSSL,\n cookieDomain: config.cookieDomain,\n res: nextJsResponse,\n req: nextJsRequest,\n });\n }\n } else {\n // embedded login bypassed urls\n if (isSamlCallback(url)) {\n logger.debug(`abandon refreshToken for Saml Callback ${url}`);\n return null;\n }\n }\n\n const clientIp =\n nextJsRequest.headers['cf-connecting-ip'] ||\n nextJsRequest.headers['x-forwarded-for'] ||\n nextJsRequest.socket?.remoteAddress;\n\n if (clientIp && config.shouldForwardIp) {\n nextJsRequest.headers[FRONTEGG_FORWARD_IP_HEADER] = clientIp;\n nextJsRequest.headers[FRONTEGG_HEADERS_VERIFIER_HEADER] = config.sharedSecret ?? '';\n }\n\n let response: Response | null;\n if (config.isHostedLogin) {\n response = await refreshAccessTokenHostedLogin(nextJsRequest);\n } else {\n response = await refreshAccessTokenEmbedded(nextJsRequest);\n }\n\n const isSecured = config.isSSL;\n if (response === null || !response.ok) {\n CookieManager.removeCookies({\n cookieDomain: config.cookieDomain,\n isSecured,\n req: nextJsRequest,\n res: nextJsResponse,\n });\n return null;\n }\n\n const data = await response.json();\n\n const cookieHeader: string[] =\n // @ts-ignore the first argument \"raw\" will only work before nextjs 13.4 and the second argument \"getSetCookie\" will only work after\n response.headers?.raw?.()['set-cookie'] ??\n // @ts-ignore the first argument \"raw\" will only work before nextjs 13.4 and the second argument \"getSetCookie\" will only work after\n response.headers?.getSetCookie?.() ??\n response.headers?.get?.('set-cookie') ??\n [];\n\n const newSetCookie = CookieManager.modifySetCookie(cookieHeader, isSecured) ?? [];\n const [session, decodedJwt, refreshToken] = await createSessionFromAccessToken(data);\n\n if (!session) {\n return null;\n }\n const cookieValue = CookieManager.create({\n value: session,\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n req: nextJsRequest,\n });\n newSetCookie.push(...cookieValue);\n nextJsResponse.setHeader('set-cookie', newSetCookie);\n\n const fronteggSession = {\n accessToken: data.accessToken ?? data.access_token,\n user: decodedJwt,\n refreshToken,\n };\n\n saveForwardedSession(nextJsResponse, fronteggSession);\n return fronteggSession;\n } catch (e) {\n logger.error('[refreshToken] Failed to create session e', e);\n return null;\n }\n}\n"],"mappings":";;;;;;;;;;;;;AAEA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,QAAA,GAAAD,sBAAA,CAAAF,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AAUA,IAAAK,eAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,WAAA,GAAAJ,sBAAA,CAAAF,OAAA;AACA,IAAAO,cAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,MAAA,GAAAR,OAAA;AAGA;AACA;AACA;AACA;AACA;AACA;AACe,eAAeS,0BAA0BA,CAACC,GAAoB,EAAyC;EACpH,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA6B,CAAC,CAAC;EAE1EH,MAAM,CAACI,IAAI,CAAC,uCAAuCL,GAAG,CAACM,QAAQ,EAAE,CAAC;EAClE,MAAMC,aAAa,GAAGP,GAAG,CAACQ,GAAG;EAC7B,MAAMC,cAAc,GAAGT,GAAG,CAACU,GAAG;EAC9B,MAAMC,GAAG,GAAGJ,aAAa,oBAAbA,aAAa,CAAEI,GAAG;EAC9B,IAAI,CAACF,cAAc,IAAI,CAACF,aAAa,IAAI,CAACI,GAAG,EAAE;IAC7CV,MAAM,CAACW,KAAK,CAAC,oDAAoD,CAAC;IAClE,OAAO,IAAI;EACb;EAEA,IAAI,IAAAC,4BAAmB,EAACJ,cAAc,CAACK,SAAS,CAAC,YAAY,CAAC,CAAC,EAAE;IAC/D,MAAMC,OAAO,GAAGC,gBAAa,CAACC,sCAAsC,CAACR,cAAc,CAAC;IACpF,MAAMS,OAAO,GAAG,MAAM,IAAAC,sBAAa,EAACJ,OAAO,EAAEK,mBAAU,CAAC;IACxDnB,MAAM,CAACW,KAAK,CAAC,2FAA2F,CAAC;IACzG,OAAOM,OAAO,WAAPA,OAAO,GAAI,IAAAG,4BAAmB,EAACZ,cAAc,CAAC;EACvD;EAEA,IAAI;IAAA,IAAAa,qBAAA,EAAAC,IAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,iBAAA,EAAAC,sBAAA,EAAAC,kBAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,iBAAA;IACFhC,MAAM,CAACI,IAAI,CAAC,0DAA0D,CAAC;IAEvE,IAAI,IAAA6B,6BAAoB,EAACvB,GAAG,CAAC,IAAIwB,eAAM,CAACC,+BAA+B,EAAE;MACvEnC,MAAM,CAACW,KAAK,CAAC,mFAAmF,CAAC;MAEjG,MAAMG,OAAO,GAAGC,gBAAa,CAACqB,2BAA2B,CAAC9B,aAAa,CAAC;MACxE,MAAMW,OAAO,GAAG,MAAM,IAAAC,sBAAa,EAACJ,OAAO,EAAEK,mBAAU,CAAC;MAExD,IAAIF,OAAO,EAAE;QACXjB,MAAM,CAACW,KAAK,CAAC,sCAAsC,CAAC;QACpD,OAAOM,OAAO;MAChB,CAAC,MAAM;QACLjB,MAAM,CAACI,IAAI,CAAC,+DAA+D,CAAC;MAC9E;IACF;IAEA,IAAI8B,eAAM,CAACG,aAAa,EAAE;MACxB;MACA,IAAI,IAAAC,wBAAe,EAAC5B,GAAG,CAAC,EAAE;QACxBV,MAAM,CAACW,KAAK,CAAC,iDAAiDD,GAAG,EAAE,CAAC;QACpEK,gBAAa,CAACwB,aAAa,CAAC;UAC1BC,SAAS,EAAEN,eAAM,CAACO,KAAK;UACvBC,YAAY,EAAER,eAAM,CAACQ,YAAY;UACjCjC,GAAG,EAAED,cAAc;UACnBD,GAAG,EAAED;QACP,CAAC,CAAC;MACJ;IACF,CAAC,MAAM;MACL;MACA,IAAI,IAAAqC,uBAAc,EAACjC,GAAG,CAAC,EAAE;QACvBV,MAAM,CAACW,KAAK,CAAC,0CAA0CD,GAAG,EAAE,CAAC;QAC7D,OAAO,IAAI;MACb;IACF;IAEA,MAAMkC,QAAQ,GACZtC,aAAa,CAACuC,OAAO,CAAC,kBAAkB,CAAC,IACzCvC,aAAa,CAACuC,OAAO,CAAC,iBAAiB,CAAC,MAAAxB,qBAAA,GACxCf,aAAa,CAACwC,MAAM,qBAApBzB,qBAAA,CAAsB0B,aAAa;IAErC,IAAIH,QAAQ,IAAIV,eAAM,CAACc,eAAe,EAAE;MAAA,IAAAC,oBAAA;MACtC3C,aAAa,CAACuC,OAAO,CAACK,iCAA0B,CAAC,GAAGN,QAAQ;MAC5DtC,aAAa,CAACuC,OAAO,CAACM,uCAAgC,CAAC,IAAAF,oBAAA,GAAGf,eAAM,CAACkB,YAAY,YAAAH,oBAAA,GAAI,EAAE;IACrF;IAEA,IAAII,QAAyB;IAC7B,IAAInB,eAAM,CAACG,aAAa,EAAE;MACxBgB,QAAQ,GAAG,MAAM,IAAAC,sCAA6B,EAAChD,aAAa,CAAC;IAC/D,CAAC,MAAM;MACL+C,QAAQ,GAAG,MAAM,IAAAE,mCAA0B,EAACjD,aAAa,CAAC;IAC5D;IAEA,MAAMkC,SAAS,GAAGN,eAAM,CAACO,KAAK;IAC9B,IAAIY,QAAQ,KAAK,IAAI,IAAI,CAACA,QAAQ,CAACG,EAAE,EAAE;MACrCzC,gBAAa,CAACwB,aAAa,CAAC;QAC1BG,YAAY,EAAER,eAAM,CAACQ,YAAY;QACjCF,SAAS;QACTjC,GAAG,EAAED,aAAa;QAClBG,GAAG,EAAED;MACP,CAAC,CAAC;MACF,OAAO,IAAI;IACb;IAEA,MAAMiD,IAAI,GAAG,MAAMJ,QAAQ,CAACK,IAAI,CAAC,CAAC;IAElC,MAAMC,YAAsB,GAC1B;IAAA,CAAArC,IAAA,IAAAC,KAAA,IAAAC,qBAAA,IAAAC,iBAAA,GACA4B,QAAQ,CAACR,OAAO,cAAAnB,sBAAA,GAAhBD,iBAAA,CAAkBmC,GAAG,qBAArBlC,sBAAA,CAAAmC,IAAA,CAAApC,iBAAwB,CAAC,CAAC,YAAY,CAAC,YAAAD,qBAAA,GACvC;IAAA,CAAAG,kBAAA,GACA0B,QAAQ,CAACR,OAAO,cAAAjB,qBAAA,GAAhBD,kBAAA,CAAkBmC,YAAY,qBAA9BlC,qBAAA,CAAAiC,IAAA,CAAAlC,kBAAiC,CAAC,YAAAJ,KAAA,IAAAM,kBAAA,GAClCwB,QAAQ,CAACR,OAAO,cAAAf,qBAAA,GAAhBD,kBAAA,CAAkBkC,GAAG,qBAArBjC,qBAAA,CAAA+B,IAAA,CAAAhC,kBAAA,EAAwB,YAAY,CAAC,YAAAP,IAAA,GACrC,EAAE;IAEJ,MAAM0C,YAAY,IAAAjC,qBAAA,GAAGhB,gBAAa,CAACkD,eAAe,CAACN,YAAY,EAAEnB,SAAS,CAAC,YAAAT,qBAAA,GAAI,EAAE;IACjF,MAAM,CAACd,OAAO,EAAEiD,UAAU,EAAEC,YAAY,CAAC,GAAG,MAAM,IAAAC,oCAA4B,EAACX,IAAI,CAAC;IAEpF,IAAI,CAACxC,OAAO,EAAE;MACZ,OAAO,IAAI;IACb;IACA,MAAMoD,WAAW,GAAGtD,gBAAa,CAACuD,MAAM,CAAC;MACvCC,KAAK,EAAEtD,OAAO;MACduD,OAAO,EAAE,IAAIC,IAAI,CAACP,UAAU,CAACQ,GAAG,GAAG,IAAI,CAAC;MACxCC,MAAM,EAAEnC,SAAS;MACjBjC,GAAG,EAAED;IACP,CAAC,CAAC;IACF0D,YAAY,CAACY,IAAI,CAAC,GAAGP,WAAW,CAAC;IACjC7D,cAAc,CAACqE,SAAS,CAAC,YAAY,EAAEb,YAAY,CAAC;IAEpD,MAAMc,eAAe,GAAG;MACtBC,WAAW,GAAA/C,iBAAA,GAAEyB,IAAI,CAACsB,WAAW,YAAA/C,iBAAA,GAAIyB,IAAI,CAACuB,YAAY;MAClDC,IAAI,EAAEf,UAAU;MAChBC;IACF,CAAC;IAED,IAAAe,6BAAoB,EAAC1E,cAAc,EAAEsE,eAAe,CAAC;IACrD,OAAOA,eAAe;EACxB,CAAC,CAAC,OAAOK,CAAC,EAAE;IACVnF,MAAM,CAACoF,KAAK,CAAC,2CAA2C,EAAED,CAAC,CAAC;IAC5D,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":["_common","require","_config","_interopRequireDefault","_cookies","_helpers","_fronteggLogger","_encryption","_createSession","_utils","refreshAccessTokenIfNeeded","ctx","logger","fronteggLogger","child","tag","info","pathname","nextJsRequest","req","nextJsResponse","res","url","debug","hasSetSessionCookie","getHeader","cookies","CookieManager","getSessionCookieFromRedirectedResponse","session","createSession","encryption","getForwardedSession","_nextJsRequest$socket","_ref","_ref2","_response$headers$raw","_response$headers","_response$headers$raw2","_response$headers2","_response$headers2$ge","_response$headers3","_response$headers3$ge","_CookieManager$modify","_data$accessToken","isRuntimeNextRequest","config","disableInitialPropsRefreshToken","getSessionCookieFromRequest","isHostedLogin","isOauthCallback","removeCookies","isSecured","isSSL","cookieDomain","isSamlCallback","clientIp","headers","socket","remoteAddress","shouldForwardIp","_config$sharedSecret","FRONTEGG_FORWARD_IP_HEADER","FRONTEGG_HEADERS_VERIFIER_HEADER","sharedSecret","response","refreshAccessTokenHostedLogin","refreshAccessTokenEmbedded","ok","data","json","cookieHeader","raw","call","getSetCookie","get","newSetCookie","modifySetCookie","decodedJwt","refreshToken","createSessionFromAccessToken","cookieValue","create","value","expires","Date","exp","secure","push","setHeader","fronteggSession","accessToken","access_token","user","saveForwardedSession","e","error"],"sources":["../../../../../packages/nextjs/src/utils/refreshAccessTokenIfNeeded/index.ts"],"sourcesContent":["import type { NextPageContext } from 'next/dist/shared/lib/utils';\nimport type { FronteggNextJSSession } from '../../types';\nimport { createSessionFromAccessToken } from '../../common';\nimport config from '../../config';\nimport CookieManager from '../cookies';\nimport {\n isOauthCallback,\n hasSetSessionCookie,\n isRuntimeNextRequest,\n isSamlCallback,\n refreshAccessTokenEmbedded,\n refreshAccessTokenHostedLogin,\n saveForwardedSession,\n getForwardedSession,\n} from './helpers';\nimport fronteggLogger from '../fronteggLogger';\nimport encryption from '../encryption';\nimport createSession from '../createSession';\nimport { FRONTEGG_HEADERS_VERIFIER_HEADER, FRONTEGG_FORWARD_IP_HEADER } from '../../api/utils';\n\nexport { isRuntimeNextRequest };\n/**\n * Refreshes the access token for the current session.\n *\n * @param {NextPageContext} ctx - The Next.js Page Context object.\n * @returns {Promise<FronteggNextJSSession | null>} A Promise that resolves to the updated session object, or `null` if the refresh failed.\n */\nexport default async function refreshAccessTokenIfNeeded(ctx: NextPageContext): Promise<FronteggNextJSSession | null> {\n const logger = fronteggLogger.child({ tag: 'refreshAccessTokenIfNeeded' });\n\n logger.info(`Refreshing token by for PageContext ${ctx.pathname}`);\n const nextJsRequest = ctx.req;\n const nextJsResponse = ctx.res;\n const url = nextJsRequest?.url;\n if (!nextJsResponse || !nextJsRequest || !url) {\n logger.debug(`abandon refreshToken due to PageContext.req = null`);\n return null;\n }\n\n if (hasSetSessionCookie(nextJsResponse.getHeader('set-cookie'))) {\n const cookies = CookieManager.getSessionCookieFromRedirectedResponse(nextJsResponse);\n const session = await createSession(cookies, encryption);\n logger.debug('Abandon refreshToken due to a previous redirect to /_error or other server-side redirect.');\n return session ?? getForwardedSession(nextJsResponse);\n }\n\n try {\n logger.info(`Check if should request made from first application load`);\n\n if (isRuntimeNextRequest(url) || config.disableInitialPropsRefreshToken) {\n logger.debug(`Detect runtime next.js request, resolving existing session from cookies if exists`);\n\n const cookies = CookieManager.getSessionCookieFromRequest(nextJsRequest);\n const session = await createSession(cookies, encryption);\n\n if (session) {\n logger.debug(`session resolved from session cookie`);\n return session;\n } else {\n logger.info('Failed to resolve session from cookie, going to refresh token');\n }\n }\n\n if (config.isHostedLogin) {\n // hosted login bypassed urls\n if (isOauthCallback(url)) {\n logger.debug(`abandon refreshToken for HostedLogin Callback ${url}`);\n CookieManager.removeCookies({\n isSecured: config.isSSL,\n cookieDomain: config.cookieDomain,\n res: nextJsResponse,\n req: nextJsRequest,\n });\n }\n } else {\n // embedded login bypassed urls\n if (isSamlCallback(url)) {\n logger.debug(`abandon refreshToken for Saml Callback ${url}`);\n return null;\n }\n }\n\n const clientIp =\n nextJsRequest.headers['cf-connecting-ip'] ||\n nextJsRequest.headers['x-forwarded-for'] ||\n nextJsRequest.socket?.remoteAddress;\n\n if (clientIp && config.shouldForwardIp) {\n nextJsRequest.headers[FRONTEGG_FORWARD_IP_HEADER] = '93.171.242.152';\n nextJsRequest.headers[FRONTEGG_HEADERS_VERIFIER_HEADER] = config.sharedSecret ?? '';\n }\n\n let response: Response | null;\n if (config.isHostedLogin) {\n response = await refreshAccessTokenHostedLogin(nextJsRequest);\n } else {\n response = await refreshAccessTokenEmbedded(nextJsRequest);\n }\n\n const isSecured = config.isSSL;\n if (response === null || !response.ok) {\n CookieManager.removeCookies({\n cookieDomain: config.cookieDomain,\n isSecured,\n req: nextJsRequest,\n res: nextJsResponse,\n });\n return null;\n }\n\n const data = await response.json();\n\n const cookieHeader: string[] =\n // @ts-ignore the first argument \"raw\" will only work before nextjs 13.4 and the second argument \"getSetCookie\" will only work after\n response.headers?.raw?.()['set-cookie'] ??\n // @ts-ignore the first argument \"raw\" will only work before nextjs 13.4 and the second argument \"getSetCookie\" will only work after\n response.headers?.getSetCookie?.() ??\n response.headers?.get?.('set-cookie') ??\n [];\n\n const newSetCookie = CookieManager.modifySetCookie(cookieHeader, isSecured) ?? [];\n const [session, decodedJwt, refreshToken] = await createSessionFromAccessToken(data);\n\n if (!session) {\n return null;\n }\n const cookieValue = CookieManager.create({\n value: session,\n expires: new Date(decodedJwt.exp * 1000),\n secure: isSecured,\n req: nextJsRequest,\n });\n newSetCookie.push(...cookieValue);\n nextJsResponse.setHeader('set-cookie', newSetCookie);\n\n const fronteggSession = {\n accessToken: data.accessToken ?? data.access_token,\n user: decodedJwt,\n refreshToken,\n };\n\n saveForwardedSession(nextJsResponse, fronteggSession);\n return fronteggSession;\n } catch (e) {\n logger.error('[refreshToken] Failed to create session e', e);\n return null;\n }\n}\n"],"mappings":";;;;;;;;;;;;;AAEA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,QAAA,GAAAD,sBAAA,CAAAF,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AAUA,IAAAK,eAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,WAAA,GAAAJ,sBAAA,CAAAF,OAAA;AACA,IAAAO,cAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,MAAA,GAAAR,OAAA;AAGA;AACA;AACA;AACA;AACA;AACA;AACe,eAAeS,0BAA0BA,CAACC,GAAoB,EAAyC;EACpH,MAAMC,MAAM,GAAGC,uBAAc,CAACC,KAAK,CAAC;IAAEC,GAAG,EAAE;EAA6B,CAAC,CAAC;EAE1EH,MAAM,CAACI,IAAI,CAAC,uCAAuCL,GAAG,CAACM,QAAQ,EAAE,CAAC;EAClE,MAAMC,aAAa,GAAGP,GAAG,CAACQ,GAAG;EAC7B,MAAMC,cAAc,GAAGT,GAAG,CAACU,GAAG;EAC9B,MAAMC,GAAG,GAAGJ,aAAa,oBAAbA,aAAa,CAAEI,GAAG;EAC9B,IAAI,CAACF,cAAc,IAAI,CAACF,aAAa,IAAI,CAACI,GAAG,EAAE;IAC7CV,MAAM,CAACW,KAAK,CAAC,oDAAoD,CAAC;IAClE,OAAO,IAAI;EACb;EAEA,IAAI,IAAAC,4BAAmB,EAACJ,cAAc,CAACK,SAAS,CAAC,YAAY,CAAC,CAAC,EAAE;IAC/D,MAAMC,OAAO,GAAGC,gBAAa,CAACC,sCAAsC,CAACR,cAAc,CAAC;IACpF,MAAMS,OAAO,GAAG,MAAM,IAAAC,sBAAa,EAACJ,OAAO,EAAEK,mBAAU,CAAC;IACxDnB,MAAM,CAACW,KAAK,CAAC,2FAA2F,CAAC;IACzG,OAAOM,OAAO,WAAPA,OAAO,GAAI,IAAAG,4BAAmB,EAACZ,cAAc,CAAC;EACvD;EAEA,IAAI;IAAA,IAAAa,qBAAA,EAAAC,IAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,iBAAA,EAAAC,sBAAA,EAAAC,kBAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,iBAAA;IACFhC,MAAM,CAACI,IAAI,CAAC,0DAA0D,CAAC;IAEvE,IAAI,IAAA6B,6BAAoB,EAACvB,GAAG,CAAC,IAAIwB,eAAM,CAACC,+BAA+B,EAAE;MACvEnC,MAAM,CAACW,KAAK,CAAC,mFAAmF,CAAC;MAEjG,MAAMG,OAAO,GAAGC,gBAAa,CAACqB,2BAA2B,CAAC9B,aAAa,CAAC;MACxE,MAAMW,OAAO,GAAG,MAAM,IAAAC,sBAAa,EAACJ,OAAO,EAAEK,mBAAU,CAAC;MAExD,IAAIF,OAAO,EAAE;QACXjB,MAAM,CAACW,KAAK,CAAC,sCAAsC,CAAC;QACpD,OAAOM,OAAO;MAChB,CAAC,MAAM;QACLjB,MAAM,CAACI,IAAI,CAAC,+DAA+D,CAAC;MAC9E;IACF;IAEA,IAAI8B,eAAM,CAACG,aAAa,EAAE;MACxB;MACA,IAAI,IAAAC,wBAAe,EAAC5B,GAAG,CAAC,EAAE;QACxBV,MAAM,CAACW,KAAK,CAAC,iDAAiDD,GAAG,EAAE,CAAC;QACpEK,gBAAa,CAACwB,aAAa,CAAC;UAC1BC,SAAS,EAAEN,eAAM,CAACO,KAAK;UACvBC,YAAY,EAAER,eAAM,CAACQ,YAAY;UACjCjC,GAAG,EAAED,cAAc;UACnBD,GAAG,EAAED;QACP,CAAC,CAAC;MACJ;IACF,CAAC,MAAM;MACL;MACA,IAAI,IAAAqC,uBAAc,EAACjC,GAAG,CAAC,EAAE;QACvBV,MAAM,CAACW,KAAK,CAAC,0CAA0CD,GAAG,EAAE,CAAC;QAC7D,OAAO,IAAI;MACb;IACF;IAEA,MAAMkC,QAAQ,GACZtC,aAAa,CAACuC,OAAO,CAAC,kBAAkB,CAAC,IACzCvC,aAAa,CAACuC,OAAO,CAAC,iBAAiB,CAAC,MAAAxB,qBAAA,GACxCf,aAAa,CAACwC,MAAM,qBAApBzB,qBAAA,CAAsB0B,aAAa;IAErC,IAAIH,QAAQ,IAAIV,eAAM,CAACc,eAAe,EAAE;MAAA,IAAAC,oBAAA;MACtC3C,aAAa,CAACuC,OAAO,CAACK,iCAA0B,CAAC,GAAG,gBAAgB;MACpE5C,aAAa,CAACuC,OAAO,CAACM,uCAAgC,CAAC,IAAAF,oBAAA,GAAGf,eAAM,CAACkB,YAAY,YAAAH,oBAAA,GAAI,EAAE;IACrF;IAEA,IAAII,QAAyB;IAC7B,IAAInB,eAAM,CAACG,aAAa,EAAE;MACxBgB,QAAQ,GAAG,MAAM,IAAAC,sCAA6B,EAAChD,aAAa,CAAC;IAC/D,CAAC,MAAM;MACL+C,QAAQ,GAAG,MAAM,IAAAE,mCAA0B,EAACjD,aAAa,CAAC;IAC5D;IAEA,MAAMkC,SAAS,GAAGN,eAAM,CAACO,KAAK;IAC9B,IAAIY,QAAQ,KAAK,IAAI,IAAI,CAACA,QAAQ,CAACG,EAAE,EAAE;MACrCzC,gBAAa,CAACwB,aAAa,CAAC;QAC1BG,YAAY,EAAER,eAAM,CAACQ,YAAY;QACjCF,SAAS;QACTjC,GAAG,EAAED,aAAa;QAClBG,GAAG,EAAED;MACP,CAAC,CAAC;MACF,OAAO,IAAI;IACb;IAEA,MAAMiD,IAAI,GAAG,MAAMJ,QAAQ,CAACK,IAAI,CAAC,CAAC;IAElC,MAAMC,YAAsB,GAC1B;IAAA,CAAArC,IAAA,IAAAC,KAAA,IAAAC,qBAAA,IAAAC,iBAAA,GACA4B,QAAQ,CAACR,OAAO,cAAAnB,sBAAA,GAAhBD,iBAAA,CAAkBmC,GAAG,qBAArBlC,sBAAA,CAAAmC,IAAA,CAAApC,iBAAwB,CAAC,CAAC,YAAY,CAAC,YAAAD,qBAAA,GACvC;IAAA,CAAAG,kBAAA,GACA0B,QAAQ,CAACR,OAAO,cAAAjB,qBAAA,GAAhBD,kBAAA,CAAkBmC,YAAY,qBAA9BlC,qBAAA,CAAAiC,IAAA,CAAAlC,kBAAiC,CAAC,YAAAJ,KAAA,IAAAM,kBAAA,GAClCwB,QAAQ,CAACR,OAAO,cAAAf,qBAAA,GAAhBD,kBAAA,CAAkBkC,GAAG,qBAArBjC,qBAAA,CAAA+B,IAAA,CAAAhC,kBAAA,EAAwB,YAAY,CAAC,YAAAP,IAAA,GACrC,EAAE;IAEJ,MAAM0C,YAAY,IAAAjC,qBAAA,GAAGhB,gBAAa,CAACkD,eAAe,CAACN,YAAY,EAAEnB,SAAS,CAAC,YAAAT,qBAAA,GAAI,EAAE;IACjF,MAAM,CAACd,OAAO,EAAEiD,UAAU,EAAEC,YAAY,CAAC,GAAG,MAAM,IAAAC,oCAA4B,EAACX,IAAI,CAAC;IAEpF,IAAI,CAACxC,OAAO,EAAE;MACZ,OAAO,IAAI;IACb;IACA,MAAMoD,WAAW,GAAGtD,gBAAa,CAACuD,MAAM,CAAC;MACvCC,KAAK,EAAEtD,OAAO;MACduD,OAAO,EAAE,IAAIC,IAAI,CAACP,UAAU,CAACQ,GAAG,GAAG,IAAI,CAAC;MACxCC,MAAM,EAAEnC,SAAS;MACjBjC,GAAG,EAAED;IACP,CAAC,CAAC;IACF0D,YAAY,CAACY,IAAI,CAAC,GAAGP,WAAW,CAAC;IACjC7D,cAAc,CAACqE,SAAS,CAAC,YAAY,EAAEb,YAAY,CAAC;IAEpD,MAAMc,eAAe,GAAG;MACtBC,WAAW,GAAA/C,iBAAA,GAAEyB,IAAI,CAACsB,WAAW,YAAA/C,iBAAA,GAAIyB,IAAI,CAACuB,YAAY;MAClDC,IAAI,EAAEf,UAAU;MAChBC;IACF,CAAC;IAED,IAAAe,6BAAoB,EAAC1E,cAAc,EAAEsE,eAAe,CAAC;IACrD,OAAOA,eAAe;EACxB,CAAC,CAAC,OAAOK,CAAC,EAAE;IACVnF,MAAM,CAACoF,KAAK,CAAC,2CAA2C,EAAED,CAAC,CAAC;IAC5D,OAAO,IAAI;EACb;AACF","ignoreList":[]}