@propelauth/nextjs 0.0.112-beta.0 → 0.0.113

Sign up to get free protection for your applications and to get access to all the features.
@@ -83,9 +83,8 @@ var import_server = require("next/server.js");
83
83
 
84
84
  // src/user.ts
85
85
  var UserFromToken = class {
86
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId) {
86
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
87
87
  this.userId = userId;
88
- this.activeOrgId = activeOrgId;
89
88
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
90
89
  this.email = email;
91
90
  this.firstName = firstName;
@@ -95,15 +94,6 @@ var UserFromToken = class {
95
94
  this.impersonatorUserId = impersonatorUserId;
96
95
  this.properties = properties;
97
96
  }
98
- getActiveOrg() {
99
- if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
100
- return void 0;
101
- }
102
- return this.orgIdToOrgMemberInfo[this.activeOrgId];
103
- }
104
- getActiveOrgId() {
105
- return this.activeOrgId;
106
- }
107
97
  getOrg(orgId) {
108
98
  if (!this.orgIdToOrgMemberInfo) {
109
99
  return void 0;
@@ -136,7 +126,9 @@ var UserFromToken = class {
136
126
  const obj = JSON.parse(json);
137
127
  const orgIdToOrgMemberInfo = {};
138
128
  for (const orgId in obj.orgIdToOrgMemberInfo) {
139
- orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
129
+ orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
130
+ JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
131
+ );
140
132
  }
141
133
  return new UserFromToken(
142
134
  obj.userId,
@@ -150,29 +142,6 @@ var UserFromToken = class {
150
142
  obj.properties
151
143
  );
152
144
  }
153
- static fromJwtPayload(payload) {
154
- let activeOrgId;
155
- let orgIdToOrgMemberInfo;
156
- if (payload.org_member_info) {
157
- activeOrgId = payload.org_member_info.org_id;
158
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
159
- } else {
160
- activeOrgId = void 0;
161
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
162
- }
163
- return new UserFromToken(
164
- payload.user_id,
165
- payload.email,
166
- orgIdToOrgMemberInfo,
167
- payload.first_name,
168
- payload.last_name,
169
- payload.username,
170
- payload.legacy_user_id,
171
- payload.impersonatorUserId,
172
- payload.properties,
173
- activeOrgId
174
- );
175
- }
176
145
  };
177
146
  var OrgMemberInfo = class {
178
147
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -221,7 +190,17 @@ var OrgMemberInfo = class {
221
190
  }
222
191
  };
223
192
  function toUser(snake_case) {
224
- return UserFromToken.fromJwtPayload(snake_case);
193
+ return new UserFromToken(
194
+ snake_case.user_id,
195
+ snake_case.email,
196
+ toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
197
+ snake_case.first_name,
198
+ snake_case.last_name,
199
+ snake_case.username,
200
+ snake_case.legacy_user_id,
201
+ snake_case.impersonatorUserId,
202
+ snake_case.properties
203
+ );
225
204
  }
226
205
  function toOrgIdToOrgMemberInfo(snake_case) {
227
206
  if (snake_case === void 0) {
@@ -293,17 +272,12 @@ function getVerifierKey() {
293
272
  }
294
273
  return verifierKey.replace(/\\n/g, "\n");
295
274
  }
296
- function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
275
+ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
297
276
  return __async(this, null, function* () {
298
277
  const body = {
299
278
  refresh_token: refreshToken
300
279
  };
301
- const queryParams = new URLSearchParams();
302
- if (activeOrgId) {
303
- queryParams.set("with_active_org_support", "true");
304
- queryParams.set("active_org_id", activeOrgId);
305
- }
306
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
280
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
307
281
  const response = yield fetch(url, {
308
282
  method: "POST",
309
283
  body: JSON.stringify(body),
@@ -315,7 +289,10 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
315
289
  if (response.ok) {
316
290
  const data = yield response.json();
317
291
  const newRefreshToken = data.refresh_token;
318
- const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
292
+ const {
293
+ access_token: accessToken,
294
+ expires_at_seconds: expiresAtSeconds
295
+ } = data.access_token;
319
296
  return {
320
297
  refreshToken: newRefreshToken,
321
298
  accessToken,
@@ -376,9 +353,6 @@ function validateAccessToken(accessToken) {
376
353
  });
377
354
  }
378
355
 
379
- // src/shared.ts
380
- var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
381
-
382
356
  // src/server/app-router.ts
383
357
  function getUserOrRedirect() {
384
358
  return __async(this, null, function* () {
@@ -393,7 +367,8 @@ function getUserOrRedirect() {
393
367
  }
394
368
  function getUser() {
395
369
  return __async(this, null, function* () {
396
- const accessToken = getAccessToken();
370
+ var _a;
371
+ const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
397
372
  if (accessToken) {
398
373
  const user = yield validateAccessTokenOrUndefined(accessToken);
399
374
  if (user) {
@@ -404,12 +379,14 @@ function getUser() {
404
379
  });
405
380
  }
406
381
  function getAccessToken() {
407
- var _a;
408
- return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
382
+ return __async(this, null, function* () {
383
+ var _a;
384
+ return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
385
+ });
409
386
  }
410
387
  function authMiddleware(req) {
411
388
  return __async(this, null, function* () {
412
- var _a, _b, _c;
389
+ var _a, _b;
413
390
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
414
391
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
415
392
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
@@ -417,7 +394,6 @@ function authMiddleware(req) {
417
394
  }
418
395
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
419
396
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
420
- const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
421
397
  if (accessToken) {
422
398
  const user = yield validateAccessTokenOrUndefined(accessToken);
423
399
  if (user) {
@@ -425,7 +401,7 @@ function authMiddleware(req) {
425
401
  }
426
402
  }
427
403
  if (refreshToken) {
428
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
404
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
429
405
  if (response.error === "unexpected") {
430
406
  throw new Error("Unexpected error while refreshing access token");
431
407
  } else if (response.error === "unauthorized") {
@@ -486,7 +462,7 @@ function getRouteHandlers(args) {
486
462
  }
487
463
  function callbackGetHandler(req) {
488
464
  return __async(this, null, function* () {
489
- var _a, _b, _c;
465
+ var _a, _b;
490
466
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
491
467
  if (!oauthState || oauthState.length !== 64) {
492
468
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -522,49 +498,6 @@ function getRouteHandlers(args) {
522
498
  console.error("postLoginRedirectPathFn returned undefined");
523
499
  return new Response("Unexpected error", { status: 500 });
524
500
  }
525
- const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
526
- const user = yield validateAccessToken(accessToken);
527
- const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
528
- let activeOrgId = void 0;
529
- if (isUserInCurrentActiveOrg) {
530
- activeOrgId = currentActiveOrgId;
531
- } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
532
- activeOrgId = args.getDefaultActiveOrgId(user);
533
- }
534
- if (activeOrgId) {
535
- const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
536
- if (response2.error === "unexpected") {
537
- throw new Error("Unexpected error while setting active org");
538
- } else if (response2.error === "unauthorized") {
539
- console.error(
540
- "Unauthorized error while setting active org. Your user may not have access to this org"
541
- );
542
- return new Response("Unauthorized", { status: 401 });
543
- } else {
544
- const headers3 = new Headers();
545
- headers3.append("Location", returnToPath);
546
- headers3.append(
547
- "Set-Cookie",
548
- `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
549
- );
550
- headers3.append(
551
- "Set-Cookie",
552
- `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
553
- );
554
- headers3.append(
555
- "Set-Cookie",
556
- `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
557
- );
558
- headers3.append(
559
- "Set-Cookie",
560
- `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
561
- );
562
- return new Response(null, {
563
- status: 302,
564
- headers: headers3
565
- });
566
- }
567
- }
568
501
  const headers2 = new Headers();
569
502
  headers2.append("Location", returnToPath);
570
503
  headers2.append(
@@ -575,10 +508,6 @@ function getRouteHandlers(args) {
575
508
  "Set-Cookie",
576
509
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
577
510
  );
578
- headers2.append(
579
- "Set-Cookie",
580
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
581
- );
582
511
  headers2.append(
583
512
  "Set-Cookie",
584
513
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -599,11 +528,10 @@ function getRouteHandlers(args) {
599
528
  }
600
529
  function userinfoGetHandler(req) {
601
530
  return __async(this, null, function* () {
602
- var _a, _b;
531
+ var _a;
603
532
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
604
- const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
605
533
  if (oldRefreshToken) {
606
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
534
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
607
535
  if (refreshResponse.error === "unexpected") {
608
536
  throw new Error("Unexpected error while refreshing access token");
609
537
  } else if (refreshResponse.error === "unauthorized") {
@@ -616,10 +544,6 @@ function getRouteHandlers(args) {
616
544
  "Set-Cookie",
617
545
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
618
546
  );
619
- headers3.append(
620
- "Set-Cookie",
621
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
622
- );
623
547
  return new Response("Unauthorized", { status: 401, headers: headers3 });
624
548
  }
625
549
  const refreshToken = refreshResponse.refreshToken;
@@ -638,8 +562,7 @@ function getRouteHandlers(args) {
638
562
  const jsonResponse = {
639
563
  userinfo: data,
640
564
  accessToken,
641
- impersonatorUserId: userFromToken.impersonatorUserId,
642
- activeOrgId
565
+ impersonatorUserId: userFromToken.impersonatorUserId
643
566
  };
644
567
  const headers3 = new Headers();
645
568
  headers3.append(
@@ -665,10 +588,6 @@ function getRouteHandlers(args) {
665
588
  "Set-Cookie",
666
589
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
667
590
  );
668
- headers3.append(
669
- "Set-Cookie",
670
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
671
- );
672
591
  return new Response(null, {
673
592
  status: 401,
674
593
  headers: headers3
@@ -680,13 +599,12 @@ function getRouteHandlers(args) {
680
599
  const headers2 = new Headers();
681
600
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
682
601
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
683
- headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
684
602
  return new Response(null, { status: 401 });
685
603
  });
686
604
  }
687
605
  function logoutGetHandler(req) {
688
606
  return __async(this, null, function* () {
689
- var _a, _b;
607
+ var _a;
690
608
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
691
609
  if (!path) {
692
610
  console.error("postLoginPathFn returned undefined");
@@ -704,17 +622,12 @@ function getRouteHandlers(args) {
704
622
  "Set-Cookie",
705
623
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
706
624
  );
707
- headers2.append(
708
- "Set-Cookie",
709
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
710
- );
711
625
  return new Response(null, {
712
626
  status: 302,
713
627
  headers: headers2
714
628
  });
715
629
  }
716
- const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
717
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
630
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
718
631
  if (refreshResponse.error === "unexpected") {
719
632
  console.error("Unexpected error while refreshing access token");
720
633
  return new Response("Unexpected error", { status: 500 });
@@ -729,10 +642,6 @@ function getRouteHandlers(args) {
729
642
  "Set-Cookie",
730
643
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
731
644
  );
732
- headers2.append(
733
- "Set-Cookie",
734
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
735
- );
736
645
  return new Response(null, {
737
646
  status: 302,
738
647
  headers: headers2
@@ -761,10 +670,6 @@ function getRouteHandlers(args) {
761
670
  "Set-Cookie",
762
671
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
763
672
  );
764
- headers3.append(
765
- "Set-Cookie",
766
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
767
- );
768
673
  return new Response(null, { status: 200, headers: headers3 });
769
674
  }
770
675
  const authUrlOrigin = getAuthUrlOrigin();
@@ -789,78 +694,9 @@ function getRouteHandlers(args) {
789
694
  const headers2 = new Headers();
790
695
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
791
696
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
792
- headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
793
697
  return new Response(null, { status: 200, headers: headers2 });
794
698
  });
795
699
  }
796
- function setActiveOrgHandler(req) {
797
- return __async(this, null, function* () {
798
- var _a;
799
- const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
800
- const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
801
- if (!oldRefreshToken) {
802
- const headers2 = new Headers();
803
- headers2.append(
804
- "Set-Cookie",
805
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
806
- );
807
- return new Response(null, { status: 401, headers: headers2 });
808
- }
809
- if (!activeOrgId) {
810
- return new Response(null, { status: 400 });
811
- }
812
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
813
- if (refreshResponse.error === "unexpected") {
814
- throw new Error("Unexpected error while setting active org id");
815
- } else if (refreshResponse.error === "unauthorized") {
816
- return new Response("Unauthorized", { status: 401 });
817
- }
818
- const refreshToken = refreshResponse.refreshToken;
819
- const accessToken = refreshResponse.accessToken;
820
- const authUrlOrigin = getAuthUrlOrigin();
821
- const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
822
- const response = yield fetch(path, {
823
- headers: {
824
- "Content-Type": "application/json",
825
- Authorization: "Bearer " + accessToken
826
- }
827
- });
828
- if (response.ok) {
829
- const userFromToken = yield validateAccessToken(accessToken);
830
- const data = yield response.json();
831
- const jsonResponse = {
832
- userinfo: data,
833
- accessToken,
834
- impersonatorUserId: userFromToken.impersonatorUserId,
835
- activeOrgId
836
- };
837
- const headers2 = new Headers();
838
- headers2.append(
839
- "Set-Cookie",
840
- `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
841
- );
842
- headers2.append(
843
- "Set-Cookie",
844
- `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
845
- );
846
- headers2.append(
847
- "Set-Cookie",
848
- `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
849
- );
850
- headers2.append("Content-Type", "application/json");
851
- return new Response(JSON.stringify(jsonResponse), {
852
- status: 200,
853
- headers: headers2
854
- });
855
- } else if (response.status === 401) {
856
- return new Response(null, {
857
- status: 401
858
- });
859
- } else {
860
- return new Response(null, { status: 500 });
861
- }
862
- });
863
- }
864
700
  function getRouteHandler(req, { params }) {
865
701
  if (params.slug === "login") {
866
702
  return loginGetHandler(req);
@@ -879,8 +715,6 @@ function getRouteHandlers(args) {
879
715
  function postRouteHandler(req, { params }) {
880
716
  if (params.slug === "logout") {
881
717
  return logoutPostHandler(req);
882
- } else if (params.slug === "set-active-org") {
883
- return setActiveOrgHandler(req);
884
718
  } else {
885
719
  return new Response("", { status: 404 });
886
720
  }