@propelauth/nextjs 0.0.110 → 0.0.112-beta.0
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/client/index.d.ts +40 -2
- package/dist/client/index.js +122 -15
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +122 -15
- package/dist/client/index.mjs.map +1 -1
- package/dist/server/app-router/index.d.ts +34 -2
- package/dist/server/app-router/index.js +276 -56
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +276 -56
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.d.ts +32 -1
- package/dist/server/index.js +36 -15
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +36 -15
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.d.ts +32 -1
- package/dist/server/pages/index.js +51 -23
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +51 -23
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +67 -67
|
@@ -83,8 +83,9 @@ var import_server = require("next/server.js");
|
|
|
83
83
|
|
|
84
84
|
// src/user.ts
|
|
85
85
|
var UserFromToken = class {
|
|
86
|
-
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
|
|
86
|
+
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId) {
|
|
87
87
|
this.userId = userId;
|
|
88
|
+
this.activeOrgId = activeOrgId;
|
|
88
89
|
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
|
|
89
90
|
this.email = email;
|
|
90
91
|
this.firstName = firstName;
|
|
@@ -94,6 +95,15 @@ var UserFromToken = class {
|
|
|
94
95
|
this.impersonatorUserId = impersonatorUserId;
|
|
95
96
|
this.properties = properties;
|
|
96
97
|
}
|
|
98
|
+
getActiveOrg() {
|
|
99
|
+
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
|
|
100
|
+
return void 0;
|
|
101
|
+
}
|
|
102
|
+
return this.orgIdToOrgMemberInfo[this.activeOrgId];
|
|
103
|
+
}
|
|
104
|
+
getActiveOrgId() {
|
|
105
|
+
return this.activeOrgId;
|
|
106
|
+
}
|
|
97
107
|
getOrg(orgId) {
|
|
98
108
|
if (!this.orgIdToOrgMemberInfo) {
|
|
99
109
|
return void 0;
|
|
@@ -126,9 +136,7 @@ var UserFromToken = class {
|
|
|
126
136
|
const obj = JSON.parse(json);
|
|
127
137
|
const orgIdToOrgMemberInfo = {};
|
|
128
138
|
for (const orgId in obj.orgIdToOrgMemberInfo) {
|
|
129
|
-
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
|
|
130
|
-
JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
|
|
131
|
-
);
|
|
139
|
+
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
|
|
132
140
|
}
|
|
133
141
|
return new UserFromToken(
|
|
134
142
|
obj.userId,
|
|
@@ -142,6 +150,29 @@ var UserFromToken = class {
|
|
|
142
150
|
obj.properties
|
|
143
151
|
);
|
|
144
152
|
}
|
|
153
|
+
static fromJwtPayload(payload) {
|
|
154
|
+
let activeOrgId;
|
|
155
|
+
let orgIdToOrgMemberInfo;
|
|
156
|
+
if (payload.org_member_info) {
|
|
157
|
+
activeOrgId = payload.org_member_info.org_id;
|
|
158
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
|
|
159
|
+
} else {
|
|
160
|
+
activeOrgId = void 0;
|
|
161
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
|
|
162
|
+
}
|
|
163
|
+
return new UserFromToken(
|
|
164
|
+
payload.user_id,
|
|
165
|
+
payload.email,
|
|
166
|
+
orgIdToOrgMemberInfo,
|
|
167
|
+
payload.first_name,
|
|
168
|
+
payload.last_name,
|
|
169
|
+
payload.username,
|
|
170
|
+
payload.legacy_user_id,
|
|
171
|
+
payload.impersonatorUserId,
|
|
172
|
+
payload.properties,
|
|
173
|
+
activeOrgId
|
|
174
|
+
);
|
|
175
|
+
}
|
|
145
176
|
};
|
|
146
177
|
var OrgMemberInfo = class {
|
|
147
178
|
constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
|
|
@@ -190,17 +221,7 @@ var OrgMemberInfo = class {
|
|
|
190
221
|
}
|
|
191
222
|
};
|
|
192
223
|
function toUser(snake_case) {
|
|
193
|
-
return
|
|
194
|
-
snake_case.user_id,
|
|
195
|
-
snake_case.email,
|
|
196
|
-
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
|
|
197
|
-
snake_case.first_name,
|
|
198
|
-
snake_case.last_name,
|
|
199
|
-
snake_case.username,
|
|
200
|
-
snake_case.legacy_user_id,
|
|
201
|
-
snake_case.impersonatorUserId,
|
|
202
|
-
snake_case.properties
|
|
203
|
-
);
|
|
224
|
+
return UserFromToken.fromJwtPayload(snake_case);
|
|
204
225
|
}
|
|
205
226
|
function toOrgIdToOrgMemberInfo(snake_case) {
|
|
206
227
|
if (snake_case === void 0) {
|
|
@@ -272,12 +293,17 @@ function getVerifierKey() {
|
|
|
272
293
|
}
|
|
273
294
|
return verifierKey.replace(/\\n/g, "\n");
|
|
274
295
|
}
|
|
275
|
-
function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
|
296
|
+
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
|
276
297
|
return __async(this, null, function* () {
|
|
277
298
|
const body = {
|
|
278
299
|
refresh_token: refreshToken
|
|
279
300
|
};
|
|
280
|
-
const
|
|
301
|
+
const queryParams = new URLSearchParams();
|
|
302
|
+
if (activeOrgId) {
|
|
303
|
+
queryParams.set("with_active_org_support", "true");
|
|
304
|
+
queryParams.set("active_org_id", activeOrgId);
|
|
305
|
+
}
|
|
306
|
+
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
|
|
281
307
|
const response = yield fetch(url, {
|
|
282
308
|
method: "POST",
|
|
283
309
|
body: JSON.stringify(body),
|
|
@@ -289,10 +315,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
|
|
289
315
|
if (response.ok) {
|
|
290
316
|
const data = yield response.json();
|
|
291
317
|
const newRefreshToken = data.refresh_token;
|
|
292
|
-
const {
|
|
293
|
-
access_token: accessToken,
|
|
294
|
-
expires_at_seconds: expiresAtSeconds
|
|
295
|
-
} = data.access_token;
|
|
318
|
+
const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
|
|
296
319
|
return {
|
|
297
320
|
refreshToken: newRefreshToken,
|
|
298
321
|
accessToken,
|
|
@@ -353,6 +376,9 @@ function validateAccessToken(accessToken) {
|
|
|
353
376
|
});
|
|
354
377
|
}
|
|
355
378
|
|
|
379
|
+
// src/shared.ts
|
|
380
|
+
var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
|
|
381
|
+
|
|
356
382
|
// src/server/app-router.ts
|
|
357
383
|
function getUserOrRedirect() {
|
|
358
384
|
return __async(this, null, function* () {
|
|
@@ -367,8 +393,7 @@ function getUserOrRedirect() {
|
|
|
367
393
|
}
|
|
368
394
|
function getUser() {
|
|
369
395
|
return __async(this, null, function* () {
|
|
370
|
-
|
|
371
|
-
const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
|
396
|
+
const accessToken = getAccessToken();
|
|
372
397
|
if (accessToken) {
|
|
373
398
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
|
374
399
|
if (user) {
|
|
@@ -379,14 +404,12 @@ function getUser() {
|
|
|
379
404
|
});
|
|
380
405
|
}
|
|
381
406
|
function getAccessToken() {
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
|
385
|
-
});
|
|
407
|
+
var _a;
|
|
408
|
+
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
|
386
409
|
}
|
|
387
410
|
function authMiddleware(req) {
|
|
388
411
|
return __async(this, null, function* () {
|
|
389
|
-
var _a, _b;
|
|
412
|
+
var _a, _b, _c;
|
|
390
413
|
if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
|
|
391
414
|
throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
|
|
392
415
|
} else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
|
|
@@ -394,6 +417,7 @@ function authMiddleware(req) {
|
|
|
394
417
|
}
|
|
395
418
|
const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
396
419
|
const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
|
|
420
|
+
const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
|
397
421
|
if (accessToken) {
|
|
398
422
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
|
399
423
|
if (user) {
|
|
@@ -401,7 +425,7 @@ function authMiddleware(req) {
|
|
|
401
425
|
}
|
|
402
426
|
}
|
|
403
427
|
if (refreshToken) {
|
|
404
|
-
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
|
|
428
|
+
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
|
405
429
|
if (response.error === "unexpected") {
|
|
406
430
|
throw new Error("Unexpected error while refreshing access token");
|
|
407
431
|
} else if (response.error === "unauthorized") {
|
|
@@ -426,9 +450,6 @@ function authMiddleware(req) {
|
|
|
426
450
|
});
|
|
427
451
|
}
|
|
428
452
|
function getRouteHandlers(args) {
|
|
429
|
-
const authUrlOrigin = getAuthUrlOrigin();
|
|
430
|
-
const redirectUri = getRedirectUri();
|
|
431
|
-
const integrationApiKey = getIntegrationApiKey();
|
|
432
453
|
function loginGetHandler(req) {
|
|
433
454
|
return signupOrLoginHandler(req, false);
|
|
434
455
|
}
|
|
@@ -438,6 +459,7 @@ function getRouteHandlers(args) {
|
|
|
438
459
|
function signupOrLoginHandler(req, isSignup) {
|
|
439
460
|
const returnToPath = req.nextUrl.searchParams.get("return_to_path");
|
|
440
461
|
const state = randomState();
|
|
462
|
+
const redirectUri = getRedirectUri();
|
|
441
463
|
const authorizeUrlSearchParams = new URLSearchParams({
|
|
442
464
|
redirect_uri: redirectUri,
|
|
443
465
|
state,
|
|
@@ -449,7 +471,10 @@ function getRouteHandlers(args) {
|
|
|
449
471
|
headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=Lax`);
|
|
450
472
|
if (returnToPath) {
|
|
451
473
|
if (returnToPath.startsWith("/")) {
|
|
452
|
-
headers2.append(
|
|
474
|
+
headers2.append(
|
|
475
|
+
"Set-Cookie",
|
|
476
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=600`
|
|
477
|
+
);
|
|
453
478
|
} else {
|
|
454
479
|
console.warn("return_to_path must start with /");
|
|
455
480
|
}
|
|
@@ -461,7 +486,7 @@ function getRouteHandlers(args) {
|
|
|
461
486
|
}
|
|
462
487
|
function callbackGetHandler(req) {
|
|
463
488
|
return __async(this, null, function* () {
|
|
464
|
-
var _a, _b;
|
|
489
|
+
var _a, _b, _c;
|
|
465
490
|
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
466
491
|
if (!oauthState || oauthState.length !== 64) {
|
|
467
492
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
|
@@ -472,6 +497,9 @@ function getRouteHandlers(args) {
|
|
|
472
497
|
if (state !== oauthState) {
|
|
473
498
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
|
474
499
|
}
|
|
500
|
+
const authUrlOrigin = getAuthUrlOrigin();
|
|
501
|
+
const redirectUri = getRedirectUri();
|
|
502
|
+
const integrationApiKey = getIntegrationApiKey();
|
|
475
503
|
const oauth_token_body = {
|
|
476
504
|
redirect_uri: redirectUri,
|
|
477
505
|
code
|
|
@@ -494,17 +522,75 @@ function getRouteHandlers(args) {
|
|
|
494
522
|
console.error("postLoginRedirectPathFn returned undefined");
|
|
495
523
|
return new Response("Unexpected error", { status: 500 });
|
|
496
524
|
}
|
|
525
|
+
const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
|
526
|
+
const user = yield validateAccessToken(accessToken);
|
|
527
|
+
const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
|
|
528
|
+
let activeOrgId = void 0;
|
|
529
|
+
if (isUserInCurrentActiveOrg) {
|
|
530
|
+
activeOrgId = currentActiveOrgId;
|
|
531
|
+
} else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
|
|
532
|
+
activeOrgId = args.getDefaultActiveOrgId(user);
|
|
533
|
+
}
|
|
534
|
+
if (activeOrgId) {
|
|
535
|
+
const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
|
|
536
|
+
if (response2.error === "unexpected") {
|
|
537
|
+
throw new Error("Unexpected error while setting active org");
|
|
538
|
+
} else if (response2.error === "unauthorized") {
|
|
539
|
+
console.error(
|
|
540
|
+
"Unauthorized error while setting active org. Your user may not have access to this org"
|
|
541
|
+
);
|
|
542
|
+
return new Response("Unauthorized", { status: 401 });
|
|
543
|
+
} else {
|
|
544
|
+
const headers3 = new Headers();
|
|
545
|
+
headers3.append("Location", returnToPath);
|
|
546
|
+
headers3.append(
|
|
547
|
+
"Set-Cookie",
|
|
548
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
549
|
+
);
|
|
550
|
+
headers3.append(
|
|
551
|
+
"Set-Cookie",
|
|
552
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
553
|
+
);
|
|
554
|
+
headers3.append(
|
|
555
|
+
"Set-Cookie",
|
|
556
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
557
|
+
);
|
|
558
|
+
headers3.append(
|
|
559
|
+
"Set-Cookie",
|
|
560
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
561
|
+
);
|
|
562
|
+
return new Response(null, {
|
|
563
|
+
status: 302,
|
|
564
|
+
headers: headers3
|
|
565
|
+
});
|
|
566
|
+
}
|
|
567
|
+
}
|
|
497
568
|
const headers2 = new Headers();
|
|
498
569
|
headers2.append("Location", returnToPath);
|
|
499
|
-
headers2.append(
|
|
500
|
-
|
|
501
|
-
|
|
570
|
+
headers2.append(
|
|
571
|
+
"Set-Cookie",
|
|
572
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
573
|
+
);
|
|
574
|
+
headers2.append(
|
|
575
|
+
"Set-Cookie",
|
|
576
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
577
|
+
);
|
|
578
|
+
headers2.append(
|
|
579
|
+
"Set-Cookie",
|
|
580
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
581
|
+
);
|
|
582
|
+
headers2.append(
|
|
583
|
+
"Set-Cookie",
|
|
584
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
585
|
+
);
|
|
502
586
|
return new Response(null, {
|
|
503
587
|
status: 302,
|
|
504
588
|
headers: headers2
|
|
505
589
|
});
|
|
506
590
|
} else if (response.status === 401) {
|
|
507
|
-
console.error(
|
|
591
|
+
console.error(
|
|
592
|
+
"Couldn't finish the login process for this user. This is most likely caused by an incorrect PROPELAUTH_API_KEY."
|
|
593
|
+
);
|
|
508
594
|
return new Response("Unexpected error", { status: 500 });
|
|
509
595
|
} else {
|
|
510
596
|
return new Response("Unexpected error", { status: 500 });
|
|
@@ -513,25 +599,37 @@ function getRouteHandlers(args) {
|
|
|
513
599
|
}
|
|
514
600
|
function userinfoGetHandler(req) {
|
|
515
601
|
return __async(this, null, function* () {
|
|
516
|
-
var _a;
|
|
602
|
+
var _a, _b;
|
|
517
603
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
604
|
+
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
|
518
605
|
if (oldRefreshToken) {
|
|
519
|
-
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
|
|
606
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
|
520
607
|
if (refreshResponse.error === "unexpected") {
|
|
521
608
|
throw new Error("Unexpected error while refreshing access token");
|
|
522
609
|
} else if (refreshResponse.error === "unauthorized") {
|
|
523
610
|
const headers3 = new Headers();
|
|
524
|
-
headers3.append(
|
|
525
|
-
|
|
611
|
+
headers3.append(
|
|
612
|
+
"Set-Cookie",
|
|
613
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
614
|
+
);
|
|
615
|
+
headers3.append(
|
|
616
|
+
"Set-Cookie",
|
|
617
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
618
|
+
);
|
|
619
|
+
headers3.append(
|
|
620
|
+
"Set-Cookie",
|
|
621
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
622
|
+
);
|
|
526
623
|
return new Response("Unauthorized", { status: 401, headers: headers3 });
|
|
527
624
|
}
|
|
528
625
|
const refreshToken = refreshResponse.refreshToken;
|
|
529
626
|
const accessToken = refreshResponse.accessToken;
|
|
627
|
+
const authUrlOrigin = getAuthUrlOrigin();
|
|
530
628
|
const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
|
|
531
629
|
const response = yield fetch(path, {
|
|
532
630
|
headers: {
|
|
533
631
|
"Content-Type": "application/json",
|
|
534
|
-
|
|
632
|
+
Authorization: "Bearer " + accessToken
|
|
535
633
|
}
|
|
536
634
|
});
|
|
537
635
|
if (response.ok) {
|
|
@@ -540,11 +638,18 @@ function getRouteHandlers(args) {
|
|
|
540
638
|
const jsonResponse = {
|
|
541
639
|
userinfo: data,
|
|
542
640
|
accessToken,
|
|
543
|
-
impersonatorUserId: userFromToken.impersonatorUserId
|
|
641
|
+
impersonatorUserId: userFromToken.impersonatorUserId,
|
|
642
|
+
activeOrgId
|
|
544
643
|
};
|
|
545
644
|
const headers3 = new Headers();
|
|
546
|
-
headers3.append(
|
|
547
|
-
|
|
645
|
+
headers3.append(
|
|
646
|
+
"Set-Cookie",
|
|
647
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
648
|
+
);
|
|
649
|
+
headers3.append(
|
|
650
|
+
"Set-Cookie",
|
|
651
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
652
|
+
);
|
|
548
653
|
headers3.append("Content-Type", "application/json");
|
|
549
654
|
return new Response(JSON.stringify(jsonResponse), {
|
|
550
655
|
status: 200,
|
|
@@ -552,8 +657,18 @@ function getRouteHandlers(args) {
|
|
|
552
657
|
});
|
|
553
658
|
} else if (response.status === 401) {
|
|
554
659
|
const headers3 = new Headers();
|
|
555
|
-
headers3.append(
|
|
556
|
-
|
|
660
|
+
headers3.append(
|
|
661
|
+
"Set-Cookie",
|
|
662
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
663
|
+
);
|
|
664
|
+
headers3.append(
|
|
665
|
+
"Set-Cookie",
|
|
666
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
667
|
+
);
|
|
668
|
+
headers3.append(
|
|
669
|
+
"Set-Cookie",
|
|
670
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
671
|
+
);
|
|
557
672
|
return new Response(null, {
|
|
558
673
|
status: 401,
|
|
559
674
|
headers: headers3
|
|
@@ -565,12 +680,13 @@ function getRouteHandlers(args) {
|
|
|
565
680
|
const headers2 = new Headers();
|
|
566
681
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
567
682
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
683
|
+
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
568
684
|
return new Response(null, { status: 401 });
|
|
569
685
|
});
|
|
570
686
|
}
|
|
571
687
|
function logoutGetHandler(req) {
|
|
572
688
|
return __async(this, null, function* () {
|
|
573
|
-
var _a;
|
|
689
|
+
var _a, _b;
|
|
574
690
|
const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
|
|
575
691
|
if (!path) {
|
|
576
692
|
console.error("postLoginPathFn returned undefined");
|
|
@@ -580,22 +696,43 @@ function getRouteHandlers(args) {
|
|
|
580
696
|
if (!refreshToken) {
|
|
581
697
|
const headers2 = new Headers();
|
|
582
698
|
headers2.append("Location", path);
|
|
583
|
-
headers2.append(
|
|
584
|
-
|
|
699
|
+
headers2.append(
|
|
700
|
+
"Set-Cookie",
|
|
701
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
702
|
+
);
|
|
703
|
+
headers2.append(
|
|
704
|
+
"Set-Cookie",
|
|
705
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
706
|
+
);
|
|
707
|
+
headers2.append(
|
|
708
|
+
"Set-Cookie",
|
|
709
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
710
|
+
);
|
|
585
711
|
return new Response(null, {
|
|
586
712
|
status: 302,
|
|
587
713
|
headers: headers2
|
|
588
714
|
});
|
|
589
715
|
}
|
|
590
|
-
const
|
|
716
|
+
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
|
717
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
|
591
718
|
if (refreshResponse.error === "unexpected") {
|
|
592
719
|
console.error("Unexpected error while refreshing access token");
|
|
593
720
|
return new Response("Unexpected error", { status: 500 });
|
|
594
721
|
} else if (refreshResponse.error === "unauthorized") {
|
|
595
722
|
const headers2 = new Headers();
|
|
596
723
|
headers2.append("Location", path);
|
|
597
|
-
headers2.append(
|
|
598
|
-
|
|
724
|
+
headers2.append(
|
|
725
|
+
"Set-Cookie",
|
|
726
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
727
|
+
);
|
|
728
|
+
headers2.append(
|
|
729
|
+
"Set-Cookie",
|
|
730
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
731
|
+
);
|
|
732
|
+
headers2.append(
|
|
733
|
+
"Set-Cookie",
|
|
734
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
735
|
+
);
|
|
599
736
|
return new Response(null, {
|
|
600
737
|
status: 302,
|
|
601
738
|
headers: headers2
|
|
@@ -616,10 +753,22 @@ function getRouteHandlers(args) {
|
|
|
616
753
|
const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
617
754
|
if (!refreshToken) {
|
|
618
755
|
const headers3 = new Headers();
|
|
619
|
-
headers3.append(
|
|
620
|
-
|
|
756
|
+
headers3.append(
|
|
757
|
+
"Set-Cookie",
|
|
758
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
759
|
+
);
|
|
760
|
+
headers3.append(
|
|
761
|
+
"Set-Cookie",
|
|
762
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
763
|
+
);
|
|
764
|
+
headers3.append(
|
|
765
|
+
"Set-Cookie",
|
|
766
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
767
|
+
);
|
|
621
768
|
return new Response(null, { status: 200, headers: headers3 });
|
|
622
769
|
}
|
|
770
|
+
const authUrlOrigin = getAuthUrlOrigin();
|
|
771
|
+
const integrationApiKey = getIntegrationApiKey();
|
|
623
772
|
const logoutBody = { refresh_token: refreshToken };
|
|
624
773
|
const url = `${authUrlOrigin}/api/backend/v1/logout`;
|
|
625
774
|
const response = yield fetch(url, {
|
|
@@ -640,9 +789,78 @@ function getRouteHandlers(args) {
|
|
|
640
789
|
const headers2 = new Headers();
|
|
641
790
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
642
791
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
792
|
+
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
643
793
|
return new Response(null, { status: 200, headers: headers2 });
|
|
644
794
|
});
|
|
645
795
|
}
|
|
796
|
+
function setActiveOrgHandler(req) {
|
|
797
|
+
return __async(this, null, function* () {
|
|
798
|
+
var _a;
|
|
799
|
+
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
800
|
+
const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
|
|
801
|
+
if (!oldRefreshToken) {
|
|
802
|
+
const headers2 = new Headers();
|
|
803
|
+
headers2.append(
|
|
804
|
+
"Set-Cookie",
|
|
805
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
806
|
+
);
|
|
807
|
+
return new Response(null, { status: 401, headers: headers2 });
|
|
808
|
+
}
|
|
809
|
+
if (!activeOrgId) {
|
|
810
|
+
return new Response(null, { status: 400 });
|
|
811
|
+
}
|
|
812
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
|
813
|
+
if (refreshResponse.error === "unexpected") {
|
|
814
|
+
throw new Error("Unexpected error while setting active org id");
|
|
815
|
+
} else if (refreshResponse.error === "unauthorized") {
|
|
816
|
+
return new Response("Unauthorized", { status: 401 });
|
|
817
|
+
}
|
|
818
|
+
const refreshToken = refreshResponse.refreshToken;
|
|
819
|
+
const accessToken = refreshResponse.accessToken;
|
|
820
|
+
const authUrlOrigin = getAuthUrlOrigin();
|
|
821
|
+
const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
|
|
822
|
+
const response = yield fetch(path, {
|
|
823
|
+
headers: {
|
|
824
|
+
"Content-Type": "application/json",
|
|
825
|
+
Authorization: "Bearer " + accessToken
|
|
826
|
+
}
|
|
827
|
+
});
|
|
828
|
+
if (response.ok) {
|
|
829
|
+
const userFromToken = yield validateAccessToken(accessToken);
|
|
830
|
+
const data = yield response.json();
|
|
831
|
+
const jsonResponse = {
|
|
832
|
+
userinfo: data,
|
|
833
|
+
accessToken,
|
|
834
|
+
impersonatorUserId: userFromToken.impersonatorUserId,
|
|
835
|
+
activeOrgId
|
|
836
|
+
};
|
|
837
|
+
const headers2 = new Headers();
|
|
838
|
+
headers2.append(
|
|
839
|
+
"Set-Cookie",
|
|
840
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
841
|
+
);
|
|
842
|
+
headers2.append(
|
|
843
|
+
"Set-Cookie",
|
|
844
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
845
|
+
);
|
|
846
|
+
headers2.append(
|
|
847
|
+
"Set-Cookie",
|
|
848
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
849
|
+
);
|
|
850
|
+
headers2.append("Content-Type", "application/json");
|
|
851
|
+
return new Response(JSON.stringify(jsonResponse), {
|
|
852
|
+
status: 200,
|
|
853
|
+
headers: headers2
|
|
854
|
+
});
|
|
855
|
+
} else if (response.status === 401) {
|
|
856
|
+
return new Response(null, {
|
|
857
|
+
status: 401
|
|
858
|
+
});
|
|
859
|
+
} else {
|
|
860
|
+
return new Response(null, { status: 500 });
|
|
861
|
+
}
|
|
862
|
+
});
|
|
863
|
+
}
|
|
646
864
|
function getRouteHandler(req, { params }) {
|
|
647
865
|
if (params.slug === "login") {
|
|
648
866
|
return loginGetHandler(req);
|
|
@@ -661,6 +879,8 @@ function getRouteHandlers(args) {
|
|
|
661
879
|
function postRouteHandler(req, { params }) {
|
|
662
880
|
if (params.slug === "logout") {
|
|
663
881
|
return logoutPostHandler(req);
|
|
882
|
+
} else if (params.slug === "set-active-org") {
|
|
883
|
+
return setActiveOrgHandler(req);
|
|
664
884
|
} else {
|
|
665
885
|
return new Response("", { status: 404 });
|
|
666
886
|
}
|