@propelauth/nextjs 0.0.110 → 0.0.112-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +40 -2
  2. package/dist/client/index.js +122 -15
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +122 -15
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +34 -2
  7. package/dist/server/app-router/index.js +276 -56
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +276 -56
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +32 -1
  12. package/dist/server/index.js +36 -15
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +36 -15
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +32 -1
  17. package/dist/server/pages/index.js +51 -23
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +51 -23
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +67 -67
package/dist/server/app-router/index.js CHANGED
@@ -83,8 +83,9 @@ var import_server = require("next/server.js");
83
83
 
84
84
  // src/user.ts
85
85
  var UserFromToken = class {
86
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
86
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId) {
87
87
  this.userId = userId;
88
+ this.activeOrgId = activeOrgId;
88
89
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
89
90
  this.email = email;
90
91
  this.firstName = firstName;
@@ -94,6 +95,15 @@ var UserFromToken = class {
94
95
  this.impersonatorUserId = impersonatorUserId;
95
96
  this.properties = properties;
96
97
  }
98
+ getActiveOrg() {
99
+ if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
100
+ return void 0;
101
+ }
102
+ return this.orgIdToOrgMemberInfo[this.activeOrgId];
103
+ }
104
+ getActiveOrgId() {
105
+ return this.activeOrgId;
106
+ }
97
107
  getOrg(orgId) {
98
108
  if (!this.orgIdToOrgMemberInfo) {
99
109
  return void 0;
@@ -126,9 +136,7 @@ var UserFromToken = class {
126
136
  const obj = JSON.parse(json);
127
137
  const orgIdToOrgMemberInfo = {};
128
138
  for (const orgId in obj.orgIdToOrgMemberInfo) {
129
- orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
130
- JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
131
- );
139
+ orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
132
140
  }
133
141
  return new UserFromToken(
134
142
  obj.userId,
@@ -142,6 +150,29 @@ var UserFromToken = class {
142
150
  obj.properties
143
151
  );
144
152
  }
153
+ static fromJwtPayload(payload) {
154
+ let activeOrgId;
155
+ let orgIdToOrgMemberInfo;
156
+ if (payload.org_member_info) {
157
+ activeOrgId = payload.org_member_info.org_id;
158
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
159
+ } else {
160
+ activeOrgId = void 0;
161
+ orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
162
+ }
163
+ return new UserFromToken(
164
+ payload.user_id,
165
+ payload.email,
166
+ orgIdToOrgMemberInfo,
167
+ payload.first_name,
168
+ payload.last_name,
169
+ payload.username,
170
+ payload.legacy_user_id,
171
+ payload.impersonatorUserId,
172
+ payload.properties,
173
+ activeOrgId
174
+ );
175
+ }
145
176
  };
146
177
  var OrgMemberInfo = class {
147
178
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -190,17 +221,7 @@ var OrgMemberInfo = class {
190
221
  }
191
222
  };
192
223
  function toUser(snake_case) {
193
- return new UserFromToken(
194
- snake_case.user_id,
195
- snake_case.email,
196
- toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
197
- snake_case.first_name,
198
- snake_case.last_name,
199
- snake_case.username,
200
- snake_case.legacy_user_id,
201
- snake_case.impersonatorUserId,
202
- snake_case.properties
203
- );
224
+ return UserFromToken.fromJwtPayload(snake_case);
204
225
  }
205
226
  function toOrgIdToOrgMemberInfo(snake_case) {
206
227
  if (snake_case === void 0) {
@@ -272,12 +293,17 @@ function getVerifierKey() {
272
293
  }
273
294
  return verifierKey.replace(/\\n/g, "\n");
274
295
  }
275
- function refreshTokenWithAccessAndRefreshToken(refreshToken) {
296
+ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
276
297
  return __async(this, null, function* () {
277
298
  const body = {
278
299
  refresh_token: refreshToken
279
300
  };
280
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
301
+ const queryParams = new URLSearchParams();
302
+ if (activeOrgId) {
303
+ queryParams.set("with_active_org_support", "true");
304
+ queryParams.set("active_org_id", activeOrgId);
305
+ }
306
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
281
307
  const response = yield fetch(url, {
282
308
  method: "POST",
283
309
  body: JSON.stringify(body),
@@ -289,10 +315,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
289
315
  if (response.ok) {
290
316
  const data = yield response.json();
291
317
  const newRefreshToken = data.refresh_token;
292
- const {
293
- access_token: accessToken,
294
- expires_at_seconds: expiresAtSeconds
295
- } = data.access_token;
318
+ const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
296
319
  return {
297
320
  refreshToken: newRefreshToken,
298
321
  accessToken,
@@ -353,6 +376,9 @@ function validateAccessToken(accessToken) {
353
376
  });
354
377
  }
355
378
 
379
+ // src/shared.ts
380
+ var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
381
+
356
382
  // src/server/app-router.ts
357
383
  function getUserOrRedirect() {
358
384
  return __async(this, null, function* () {
@@ -367,8 +393,7 @@ function getUserOrRedirect() {
367
393
  }
368
394
  function getUser() {
369
395
  return __async(this, null, function* () {
370
- var _a;
371
- const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
396
+ const accessToken = getAccessToken();
372
397
  if (accessToken) {
373
398
  const user = yield validateAccessTokenOrUndefined(accessToken);
374
399
  if (user) {
@@ -379,14 +404,12 @@ function getUser() {
379
404
  });
380
405
  }
381
406
  function getAccessToken() {
382
- return __async(this, null, function* () {
383
- var _a;
384
- return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
385
- });
407
+ var _a;
408
+ return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
386
409
  }
387
410
  function authMiddleware(req) {
388
411
  return __async(this, null, function* () {
389
- var _a, _b;
412
+ var _a, _b, _c;
390
413
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
391
414
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
392
415
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
@@ -394,6 +417,7 @@ function authMiddleware(req) {
394
417
  }
395
418
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
396
419
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
420
+ const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
397
421
  if (accessToken) {
398
422
  const user = yield validateAccessTokenOrUndefined(accessToken);
399
423
  if (user) {
@@ -401,7 +425,7 @@ function authMiddleware(req) {
401
425
  }
402
426
  }
403
427
  if (refreshToken) {
404
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
428
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
405
429
  if (response.error === "unexpected") {
406
430
  throw new Error("Unexpected error while refreshing access token");
407
431
  } else if (response.error === "unauthorized") {
@@ -426,9 +450,6 @@ function authMiddleware(req) {
426
450
  });
427
451
  }
428
452
  function getRouteHandlers(args) {
429
- const authUrlOrigin = getAuthUrlOrigin();
430
- const redirectUri = getRedirectUri();
431
- const integrationApiKey = getIntegrationApiKey();
432
453
  function loginGetHandler(req) {
433
454
  return signupOrLoginHandler(req, false);
434
455
  }
@@ -438,6 +459,7 @@ function getRouteHandlers(args) {
438
459
  function signupOrLoginHandler(req, isSignup) {
439
460
  const returnToPath = req.nextUrl.searchParams.get("return_to_path");
440
461
  const state = randomState();
462
+ const redirectUri = getRedirectUri();
441
463
  const authorizeUrlSearchParams = new URLSearchParams({
442
464
  redirect_uri: redirectUri,
443
465
  state,
@@ -449,7 +471,10 @@ function getRouteHandlers(args) {
449
471
  headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=Lax`);
450
472
  if (returnToPath) {
451
473
  if (returnToPath.startsWith("/")) {
452
- headers2.append("Set-Cookie", `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=600`);
474
+ headers2.append(
475
+ "Set-Cookie",
476
+ `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=600`
477
+ );
453
478
  } else {
454
479
  console.warn("return_to_path must start with /");
455
480
  }
@@ -461,7 +486,7 @@ function getRouteHandlers(args) {
461
486
  }
462
487
  function callbackGetHandler(req) {
463
488
  return __async(this, null, function* () {
464
- var _a, _b;
489
+ var _a, _b, _c;
465
490
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
466
491
  if (!oauthState || oauthState.length !== 64) {
467
492
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -472,6 +497,9 @@ function getRouteHandlers(args) {
472
497
  if (state !== oauthState) {
473
498
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
474
499
  }
500
+ const authUrlOrigin = getAuthUrlOrigin();
501
+ const redirectUri = getRedirectUri();
502
+ const integrationApiKey = getIntegrationApiKey();
475
503
  const oauth_token_body = {
476
504
  redirect_uri: redirectUri,
477
505
  code
@@ -494,17 +522,75 @@ function getRouteHandlers(args) {
494
522
  console.error("postLoginRedirectPathFn returned undefined");
495
523
  return new Response("Unexpected error", { status: 500 });
496
524
  }
525
+ const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
526
+ const user = yield validateAccessToken(accessToken);
527
+ const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
528
+ let activeOrgId = void 0;
529
+ if (isUserInCurrentActiveOrg) {
530
+ activeOrgId = currentActiveOrgId;
531
+ } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
532
+ activeOrgId = args.getDefaultActiveOrgId(user);
533
+ }
534
+ if (activeOrgId) {
535
+ const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
536
+ if (response2.error === "unexpected") {
537
+ throw new Error("Unexpected error while setting active org");
538
+ } else if (response2.error === "unauthorized") {
539
+ console.error(
540
+ "Unauthorized error while setting active org. Your user may not have access to this org"
541
+ );
542
+ return new Response("Unauthorized", { status: 401 });
543
+ } else {
544
+ const headers3 = new Headers();
545
+ headers3.append("Location", returnToPath);
546
+ headers3.append(
547
+ "Set-Cookie",
548
+ `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
549
+ );
550
+ headers3.append(
551
+ "Set-Cookie",
552
+ `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
553
+ );
554
+ headers3.append(
555
+ "Set-Cookie",
556
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
557
+ );
558
+ headers3.append(
559
+ "Set-Cookie",
560
+ `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
561
+ );
562
+ return new Response(null, {
563
+ status: 302,
564
+ headers: headers3
565
+ });
566
+ }
567
+ }
497
568
  const headers2 = new Headers();
498
569
  headers2.append("Location", returnToPath);
499
- headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`);
500
- headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`);
501
- headers2.append("Set-Cookie", `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
570
+ headers2.append(
571
+ "Set-Cookie",
572
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
573
+ );
574
+ headers2.append(
575
+ "Set-Cookie",
576
+ `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
577
+ );
578
+ headers2.append(
579
+ "Set-Cookie",
580
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
581
+ );
582
+ headers2.append(
583
+ "Set-Cookie",
584
+ `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
585
+ );
502
586
  return new Response(null, {
503
587
  status: 302,
504
588
  headers: headers2
505
589
  });
506
590
  } else if (response.status === 401) {
507
- console.error("Couldn't finish the login process for this user. This is most likely caused by an incorrect PROPELAUTH_API_KEY.");
591
+ console.error(
592
+ "Couldn't finish the login process for this user. This is most likely caused by an incorrect PROPELAUTH_API_KEY."
593
+ );
508
594
  return new Response("Unexpected error", { status: 500 });
509
595
  } else {
510
596
  return new Response("Unexpected error", { status: 500 });
@@ -513,25 +599,37 @@ function getRouteHandlers(args) {
513
599
  }
514
600
  function userinfoGetHandler(req) {
515
601
  return __async(this, null, function* () {
516
- var _a;
602
+ var _a, _b;
517
603
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
604
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
518
605
  if (oldRefreshToken) {
519
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
606
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
520
607
  if (refreshResponse.error === "unexpected") {
521
608
  throw new Error("Unexpected error while refreshing access token");
522
609
  } else if (refreshResponse.error === "unauthorized") {
523
610
  const headers3 = new Headers();
524
- headers3.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
525
- headers3.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
611
+ headers3.append(
612
+ "Set-Cookie",
613
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
614
+ );
615
+ headers3.append(
616
+ "Set-Cookie",
617
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
618
+ );
619
+ headers3.append(
620
+ "Set-Cookie",
621
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
622
+ );
526
623
  return new Response("Unauthorized", { status: 401, headers: headers3 });
527
624
  }
528
625
  const refreshToken = refreshResponse.refreshToken;
529
626
  const accessToken = refreshResponse.accessToken;
627
+ const authUrlOrigin = getAuthUrlOrigin();
530
628
  const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
531
629
  const response = yield fetch(path, {
532
630
  headers: {
533
631
  "Content-Type": "application/json",
534
- "Authorization": "Bearer " + accessToken
632
+ Authorization: "Bearer " + accessToken
535
633
  }
536
634
  });
537
635
  if (response.ok) {
@@ -540,11 +638,18 @@ function getRouteHandlers(args) {
540
638
  const jsonResponse = {
541
639
  userinfo: data,
542
640
  accessToken,
543
- impersonatorUserId: userFromToken.impersonatorUserId
641
+ impersonatorUserId: userFromToken.impersonatorUserId,
642
+ activeOrgId
544
643
  };
545
644
  const headers3 = new Headers();
546
- headers3.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`);
547
- headers3.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`);
645
+ headers3.append(
646
+ "Set-Cookie",
647
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
648
+ );
649
+ headers3.append(
650
+ "Set-Cookie",
651
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
652
+ );
548
653
  headers3.append("Content-Type", "application/json");
549
654
  return new Response(JSON.stringify(jsonResponse), {
550
655
  status: 200,
@@ -552,8 +657,18 @@ function getRouteHandlers(args) {
552
657
  });
553
658
  } else if (response.status === 401) {
554
659
  const headers3 = new Headers();
555
- headers3.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
556
- headers3.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
660
+ headers3.append(
661
+ "Set-Cookie",
662
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
663
+ );
664
+ headers3.append(
665
+ "Set-Cookie",
666
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
667
+ );
668
+ headers3.append(
669
+ "Set-Cookie",
670
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
671
+ );
557
672
  return new Response(null, {
558
673
  status: 401,
559
674
  headers: headers3
@@ -565,12 +680,13 @@ function getRouteHandlers(args) {
565
680
  const headers2 = new Headers();
566
681
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
567
682
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
683
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
568
684
  return new Response(null, { status: 401 });
569
685
  });
570
686
  }
571
687
  function logoutGetHandler(req) {
572
688
  return __async(this, null, function* () {
573
- var _a;
689
+ var _a, _b;
574
690
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
575
691
  if (!path) {
576
692
  console.error("postLoginPathFn returned undefined");
@@ -580,22 +696,43 @@ function getRouteHandlers(args) {
580
696
  if (!refreshToken) {
581
697
  const headers2 = new Headers();
582
698
  headers2.append("Location", path);
583
- headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
584
- headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
699
+ headers2.append(
700
+ "Set-Cookie",
701
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
702
+ );
703
+ headers2.append(
704
+ "Set-Cookie",
705
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
706
+ );
707
+ headers2.append(
708
+ "Set-Cookie",
709
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
710
+ );
585
711
  return new Response(null, {
586
712
  status: 302,
587
713
  headers: headers2
588
714
  });
589
715
  }
590
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
716
+ const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
717
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
591
718
  if (refreshResponse.error === "unexpected") {
592
719
  console.error("Unexpected error while refreshing access token");
593
720
  return new Response("Unexpected error", { status: 500 });
594
721
  } else if (refreshResponse.error === "unauthorized") {
595
722
  const headers2 = new Headers();
596
723
  headers2.append("Location", path);
597
- headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
598
- headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
724
+ headers2.append(
725
+ "Set-Cookie",
726
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
727
+ );
728
+ headers2.append(
729
+ "Set-Cookie",
730
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
731
+ );
732
+ headers2.append(
733
+ "Set-Cookie",
734
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
735
+ );
599
736
  return new Response(null, {
600
737
  status: 302,
601
738
  headers: headers2
@@ -616,10 +753,22 @@ function getRouteHandlers(args) {
616
753
  const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
617
754
  if (!refreshToken) {
618
755
  const headers3 = new Headers();
619
- headers3.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
620
- headers3.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
756
+ headers3.append(
757
+ "Set-Cookie",
758
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
759
+ );
760
+ headers3.append(
761
+ "Set-Cookie",
762
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
763
+ );
764
+ headers3.append(
765
+ "Set-Cookie",
766
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
767
+ );
621
768
  return new Response(null, { status: 200, headers: headers3 });
622
769
  }
770
+ const authUrlOrigin = getAuthUrlOrigin();
771
+ const integrationApiKey = getIntegrationApiKey();
623
772
  const logoutBody = { refresh_token: refreshToken };
624
773
  const url = `${authUrlOrigin}/api/backend/v1/logout`;
625
774
  const response = yield fetch(url, {
@@ -640,9 +789,78 @@ function getRouteHandlers(args) {
640
789
  const headers2 = new Headers();
641
790
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
642
791
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
792
+ headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
643
793
  return new Response(null, { status: 200, headers: headers2 });
644
794
  });
645
795
  }
796
+ function setActiveOrgHandler(req) {
797
+ return __async(this, null, function* () {
798
+ var _a;
799
+ const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
800
+ const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
801
+ if (!oldRefreshToken) {
802
+ const headers2 = new Headers();
803
+ headers2.append(
804
+ "Set-Cookie",
805
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
806
+ );
807
+ return new Response(null, { status: 401, headers: headers2 });
808
+ }
809
+ if (!activeOrgId) {
810
+ return new Response(null, { status: 400 });
811
+ }
812
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
813
+ if (refreshResponse.error === "unexpected") {
814
+ throw new Error("Unexpected error while setting active org id");
815
+ } else if (refreshResponse.error === "unauthorized") {
816
+ return new Response("Unauthorized", { status: 401 });
817
+ }
818
+ const refreshToken = refreshResponse.refreshToken;
819
+ const accessToken = refreshResponse.accessToken;
820
+ const authUrlOrigin = getAuthUrlOrigin();
821
+ const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
822
+ const response = yield fetch(path, {
823
+ headers: {
824
+ "Content-Type": "application/json",
825
+ Authorization: "Bearer " + accessToken
826
+ }
827
+ });
828
+ if (response.ok) {
829
+ const userFromToken = yield validateAccessToken(accessToken);
830
+ const data = yield response.json();
831
+ const jsonResponse = {
832
+ userinfo: data,
833
+ accessToken,
834
+ impersonatorUserId: userFromToken.impersonatorUserId,
835
+ activeOrgId
836
+ };
837
+ const headers2 = new Headers();
838
+ headers2.append(
839
+ "Set-Cookie",
840
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
841
+ );
842
+ headers2.append(
843
+ "Set-Cookie",
844
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
845
+ );
846
+ headers2.append(
847
+ "Set-Cookie",
848
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
849
+ );
850
+ headers2.append("Content-Type", "application/json");
851
+ return new Response(JSON.stringify(jsonResponse), {
852
+ status: 200,
853
+ headers: headers2
854
+ });
855
+ } else if (response.status === 401) {
856
+ return new Response(null, {
857
+ status: 401
858
+ });
859
+ } else {
860
+ return new Response(null, { status: 500 });
861
+ }
862
+ });
863
+ }
646
864
  function getRouteHandler(req, { params }) {
647
865
  if (params.slug === "login") {
648
866
  return loginGetHandler(req);
@@ -661,6 +879,8 @@ function getRouteHandlers(args) {
661
879
  function postRouteHandler(req, { params }) {
662
880
  if (params.slug === "logout") {
663
881
  return logoutPostHandler(req);
882
+ } else if (params.slug === "set-active-org") {
883
+ return setActiveOrgHandler(req);
664
884
  } else {
665
885
  return new Response("", { status: 404 });
666
886
  }