@propelauth/nextjs 0.0.112-beta.1 → 0.0.113
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/client/index.d.ts +2 -40
- package/dist/client/index.js +38 -122
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +38 -122
- package/dist/client/index.mjs.map +1 -1
- package/dist/server/app-router/index.d.ts +2 -34
- package/dist/server/app-router/index.js +35 -201
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +35 -201
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.d.ts +1 -32
- package/dist/server/index.js +15 -36
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +15 -36
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.d.ts +1 -32
- package/dist/server/pages/index.js +23 -51
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +23 -51
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +1 -1
|
@@ -83,9 +83,8 @@ var import_server = require("next/server.js");
|
|
|
83
83
|
|
|
84
84
|
// src/user.ts
|
|
85
85
|
var UserFromToken = class {
|
|
86
|
-
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties
|
|
86
|
+
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
|
|
87
87
|
this.userId = userId;
|
|
88
|
-
this.activeOrgId = activeOrgId;
|
|
89
88
|
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
|
|
90
89
|
this.email = email;
|
|
91
90
|
this.firstName = firstName;
|
|
@@ -95,15 +94,6 @@ var UserFromToken = class {
|
|
|
95
94
|
this.impersonatorUserId = impersonatorUserId;
|
|
96
95
|
this.properties = properties;
|
|
97
96
|
}
|
|
98
|
-
getActiveOrg() {
|
|
99
|
-
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
|
|
100
|
-
return void 0;
|
|
101
|
-
}
|
|
102
|
-
return this.orgIdToOrgMemberInfo[this.activeOrgId];
|
|
103
|
-
}
|
|
104
|
-
getActiveOrgId() {
|
|
105
|
-
return this.activeOrgId;
|
|
106
|
-
}
|
|
107
97
|
getOrg(orgId) {
|
|
108
98
|
if (!this.orgIdToOrgMemberInfo) {
|
|
109
99
|
return void 0;
|
|
@@ -136,7 +126,9 @@ var UserFromToken = class {
|
|
|
136
126
|
const obj = JSON.parse(json);
|
|
137
127
|
const orgIdToOrgMemberInfo = {};
|
|
138
128
|
for (const orgId in obj.orgIdToOrgMemberInfo) {
|
|
139
|
-
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
|
|
129
|
+
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
|
|
130
|
+
JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
|
|
131
|
+
);
|
|
140
132
|
}
|
|
141
133
|
return new UserFromToken(
|
|
142
134
|
obj.userId,
|
|
@@ -150,29 +142,6 @@ var UserFromToken = class {
|
|
|
150
142
|
obj.properties
|
|
151
143
|
);
|
|
152
144
|
}
|
|
153
|
-
static fromJwtPayload(payload) {
|
|
154
|
-
let activeOrgId;
|
|
155
|
-
let orgIdToOrgMemberInfo;
|
|
156
|
-
if (payload.org_member_info) {
|
|
157
|
-
activeOrgId = payload.org_member_info.org_id;
|
|
158
|
-
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
|
|
159
|
-
} else {
|
|
160
|
-
activeOrgId = void 0;
|
|
161
|
-
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
|
|
162
|
-
}
|
|
163
|
-
return new UserFromToken(
|
|
164
|
-
payload.user_id,
|
|
165
|
-
payload.email,
|
|
166
|
-
orgIdToOrgMemberInfo,
|
|
167
|
-
payload.first_name,
|
|
168
|
-
payload.last_name,
|
|
169
|
-
payload.username,
|
|
170
|
-
payload.legacy_user_id,
|
|
171
|
-
payload.impersonatorUserId,
|
|
172
|
-
payload.properties,
|
|
173
|
-
activeOrgId
|
|
174
|
-
);
|
|
175
|
-
}
|
|
176
145
|
};
|
|
177
146
|
var OrgMemberInfo = class {
|
|
178
147
|
constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
|
|
@@ -221,7 +190,17 @@ var OrgMemberInfo = class {
|
|
|
221
190
|
}
|
|
222
191
|
};
|
|
223
192
|
function toUser(snake_case) {
|
|
224
|
-
return UserFromToken
|
|
193
|
+
return new UserFromToken(
|
|
194
|
+
snake_case.user_id,
|
|
195
|
+
snake_case.email,
|
|
196
|
+
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
|
|
197
|
+
snake_case.first_name,
|
|
198
|
+
snake_case.last_name,
|
|
199
|
+
snake_case.username,
|
|
200
|
+
snake_case.legacy_user_id,
|
|
201
|
+
snake_case.impersonatorUserId,
|
|
202
|
+
snake_case.properties
|
|
203
|
+
);
|
|
225
204
|
}
|
|
226
205
|
function toOrgIdToOrgMemberInfo(snake_case) {
|
|
227
206
|
if (snake_case === void 0) {
|
|
@@ -293,17 +272,12 @@ function getVerifierKey() {
|
|
|
293
272
|
}
|
|
294
273
|
return verifierKey.replace(/\\n/g, "\n");
|
|
295
274
|
}
|
|
296
|
-
function refreshTokenWithAccessAndRefreshToken(refreshToken
|
|
275
|
+
function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
|
297
276
|
return __async(this, null, function* () {
|
|
298
277
|
const body = {
|
|
299
278
|
refresh_token: refreshToken
|
|
300
279
|
};
|
|
301
|
-
const
|
|
302
|
-
if (activeOrgId) {
|
|
303
|
-
queryParams.set("with_active_org_support", "true");
|
|
304
|
-
queryParams.set("active_org_id", activeOrgId);
|
|
305
|
-
}
|
|
306
|
-
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
|
|
280
|
+
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
|
|
307
281
|
const response = yield fetch(url, {
|
|
308
282
|
method: "POST",
|
|
309
283
|
body: JSON.stringify(body),
|
|
@@ -315,7 +289,10 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
|
|
315
289
|
if (response.ok) {
|
|
316
290
|
const data = yield response.json();
|
|
317
291
|
const newRefreshToken = data.refresh_token;
|
|
318
|
-
const {
|
|
292
|
+
const {
|
|
293
|
+
access_token: accessToken,
|
|
294
|
+
expires_at_seconds: expiresAtSeconds
|
|
295
|
+
} = data.access_token;
|
|
319
296
|
return {
|
|
320
297
|
refreshToken: newRefreshToken,
|
|
321
298
|
accessToken,
|
|
@@ -376,9 +353,6 @@ function validateAccessToken(accessToken) {
|
|
|
376
353
|
});
|
|
377
354
|
}
|
|
378
355
|
|
|
379
|
-
// src/shared.ts
|
|
380
|
-
var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
|
|
381
|
-
|
|
382
356
|
// src/server/app-router.ts
|
|
383
357
|
function getUserOrRedirect() {
|
|
384
358
|
return __async(this, null, function* () {
|
|
@@ -393,7 +367,8 @@ function getUserOrRedirect() {
|
|
|
393
367
|
}
|
|
394
368
|
function getUser() {
|
|
395
369
|
return __async(this, null, function* () {
|
|
396
|
-
|
|
370
|
+
var _a;
|
|
371
|
+
const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
|
397
372
|
if (accessToken) {
|
|
398
373
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
|
399
374
|
if (user) {
|
|
@@ -404,12 +379,14 @@ function getUser() {
|
|
|
404
379
|
});
|
|
405
380
|
}
|
|
406
381
|
function getAccessToken() {
|
|
407
|
-
|
|
408
|
-
|
|
382
|
+
return __async(this, null, function* () {
|
|
383
|
+
var _a;
|
|
384
|
+
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
|
|
385
|
+
});
|
|
409
386
|
}
|
|
410
387
|
function authMiddleware(req) {
|
|
411
388
|
return __async(this, null, function* () {
|
|
412
|
-
var _a, _b
|
|
389
|
+
var _a, _b;
|
|
413
390
|
if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
|
|
414
391
|
throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
|
|
415
392
|
} else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
|
|
@@ -417,7 +394,6 @@ function authMiddleware(req) {
|
|
|
417
394
|
}
|
|
418
395
|
const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
419
396
|
const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
|
|
420
|
-
const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
|
421
397
|
if (accessToken) {
|
|
422
398
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
|
423
399
|
if (user) {
|
|
@@ -425,7 +401,7 @@ function authMiddleware(req) {
|
|
|
425
401
|
}
|
|
426
402
|
}
|
|
427
403
|
if (refreshToken) {
|
|
428
|
-
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken
|
|
404
|
+
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
|
|
429
405
|
if (response.error === "unexpected") {
|
|
430
406
|
throw new Error("Unexpected error while refreshing access token");
|
|
431
407
|
} else if (response.error === "unauthorized") {
|
|
@@ -486,7 +462,7 @@ function getRouteHandlers(args) {
|
|
|
486
462
|
}
|
|
487
463
|
function callbackGetHandler(req) {
|
|
488
464
|
return __async(this, null, function* () {
|
|
489
|
-
var _a, _b
|
|
465
|
+
var _a, _b;
|
|
490
466
|
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
491
467
|
if (!oauthState || oauthState.length !== 64) {
|
|
492
468
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
|
@@ -522,49 +498,6 @@ function getRouteHandlers(args) {
|
|
|
522
498
|
console.error("postLoginRedirectPathFn returned undefined");
|
|
523
499
|
return new Response("Unexpected error", { status: 500 });
|
|
524
500
|
}
|
|
525
|
-
const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
|
|
526
|
-
const user = yield validateAccessToken(accessToken);
|
|
527
|
-
const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
|
|
528
|
-
let activeOrgId = void 0;
|
|
529
|
-
if (isUserInCurrentActiveOrg) {
|
|
530
|
-
activeOrgId = currentActiveOrgId;
|
|
531
|
-
} else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
|
|
532
|
-
activeOrgId = args.getDefaultActiveOrgId(req, user);
|
|
533
|
-
}
|
|
534
|
-
if (activeOrgId) {
|
|
535
|
-
const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
|
|
536
|
-
if (response2.error === "unexpected") {
|
|
537
|
-
throw new Error("Unexpected error while setting active org");
|
|
538
|
-
} else if (response2.error === "unauthorized") {
|
|
539
|
-
console.error(
|
|
540
|
-
"Unauthorized error while setting active org. Your user may not have access to this org"
|
|
541
|
-
);
|
|
542
|
-
return new Response("Unauthorized", { status: 401 });
|
|
543
|
-
} else {
|
|
544
|
-
const headers3 = new Headers();
|
|
545
|
-
headers3.append("Location", returnToPath);
|
|
546
|
-
headers3.append(
|
|
547
|
-
"Set-Cookie",
|
|
548
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
549
|
-
);
|
|
550
|
-
headers3.append(
|
|
551
|
-
"Set-Cookie",
|
|
552
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
553
|
-
);
|
|
554
|
-
headers3.append(
|
|
555
|
-
"Set-Cookie",
|
|
556
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
557
|
-
);
|
|
558
|
-
headers3.append(
|
|
559
|
-
"Set-Cookie",
|
|
560
|
-
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
561
|
-
);
|
|
562
|
-
return new Response(null, {
|
|
563
|
-
status: 302,
|
|
564
|
-
headers: headers3
|
|
565
|
-
});
|
|
566
|
-
}
|
|
567
|
-
}
|
|
568
501
|
const headers2 = new Headers();
|
|
569
502
|
headers2.append("Location", returnToPath);
|
|
570
503
|
headers2.append(
|
|
@@ -575,10 +508,6 @@ function getRouteHandlers(args) {
|
|
|
575
508
|
"Set-Cookie",
|
|
576
509
|
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
577
510
|
);
|
|
578
|
-
headers2.append(
|
|
579
|
-
"Set-Cookie",
|
|
580
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
581
|
-
);
|
|
582
511
|
headers2.append(
|
|
583
512
|
"Set-Cookie",
|
|
584
513
|
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
@@ -599,11 +528,10 @@ function getRouteHandlers(args) {
|
|
|
599
528
|
}
|
|
600
529
|
function userinfoGetHandler(req) {
|
|
601
530
|
return __async(this, null, function* () {
|
|
602
|
-
var _a
|
|
531
|
+
var _a;
|
|
603
532
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
604
|
-
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
|
605
533
|
if (oldRefreshToken) {
|
|
606
|
-
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken
|
|
534
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
|
|
607
535
|
if (refreshResponse.error === "unexpected") {
|
|
608
536
|
throw new Error("Unexpected error while refreshing access token");
|
|
609
537
|
} else if (refreshResponse.error === "unauthorized") {
|
|
@@ -616,10 +544,6 @@ function getRouteHandlers(args) {
|
|
|
616
544
|
"Set-Cookie",
|
|
617
545
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
618
546
|
);
|
|
619
|
-
headers3.append(
|
|
620
|
-
"Set-Cookie",
|
|
621
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
622
|
-
);
|
|
623
547
|
return new Response("Unauthorized", { status: 401, headers: headers3 });
|
|
624
548
|
}
|
|
625
549
|
const refreshToken = refreshResponse.refreshToken;
|
|
@@ -638,8 +562,7 @@ function getRouteHandlers(args) {
|
|
|
638
562
|
const jsonResponse = {
|
|
639
563
|
userinfo: data,
|
|
640
564
|
accessToken,
|
|
641
|
-
impersonatorUserId: userFromToken.impersonatorUserId
|
|
642
|
-
activeOrgId
|
|
565
|
+
impersonatorUserId: userFromToken.impersonatorUserId
|
|
643
566
|
};
|
|
644
567
|
const headers3 = new Headers();
|
|
645
568
|
headers3.append(
|
|
@@ -665,10 +588,6 @@ function getRouteHandlers(args) {
|
|
|
665
588
|
"Set-Cookie",
|
|
666
589
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
667
590
|
);
|
|
668
|
-
headers3.append(
|
|
669
|
-
"Set-Cookie",
|
|
670
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
671
|
-
);
|
|
672
591
|
return new Response(null, {
|
|
673
592
|
status: 401,
|
|
674
593
|
headers: headers3
|
|
@@ -680,13 +599,12 @@ function getRouteHandlers(args) {
|
|
|
680
599
|
const headers2 = new Headers();
|
|
681
600
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
682
601
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
683
|
-
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
684
602
|
return new Response(null, { status: 401 });
|
|
685
603
|
});
|
|
686
604
|
}
|
|
687
605
|
function logoutGetHandler(req) {
|
|
688
606
|
return __async(this, null, function* () {
|
|
689
|
-
var _a
|
|
607
|
+
var _a;
|
|
690
608
|
const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
|
|
691
609
|
if (!path) {
|
|
692
610
|
console.error("postLoginPathFn returned undefined");
|
|
@@ -704,17 +622,12 @@ function getRouteHandlers(args) {
|
|
|
704
622
|
"Set-Cookie",
|
|
705
623
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
706
624
|
);
|
|
707
|
-
headers2.append(
|
|
708
|
-
"Set-Cookie",
|
|
709
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
710
|
-
);
|
|
711
625
|
return new Response(null, {
|
|
712
626
|
status: 302,
|
|
713
627
|
headers: headers2
|
|
714
628
|
});
|
|
715
629
|
}
|
|
716
|
-
const
|
|
717
|
-
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
|
630
|
+
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
|
|
718
631
|
if (refreshResponse.error === "unexpected") {
|
|
719
632
|
console.error("Unexpected error while refreshing access token");
|
|
720
633
|
return new Response("Unexpected error", { status: 500 });
|
|
@@ -729,10 +642,6 @@ function getRouteHandlers(args) {
|
|
|
729
642
|
"Set-Cookie",
|
|
730
643
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
731
644
|
);
|
|
732
|
-
headers2.append(
|
|
733
|
-
"Set-Cookie",
|
|
734
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
735
|
-
);
|
|
736
645
|
return new Response(null, {
|
|
737
646
|
status: 302,
|
|
738
647
|
headers: headers2
|
|
@@ -761,10 +670,6 @@ function getRouteHandlers(args) {
|
|
|
761
670
|
"Set-Cookie",
|
|
762
671
|
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
763
672
|
);
|
|
764
|
-
headers3.append(
|
|
765
|
-
"Set-Cookie",
|
|
766
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
767
|
-
);
|
|
768
673
|
return new Response(null, { status: 200, headers: headers3 });
|
|
769
674
|
}
|
|
770
675
|
const authUrlOrigin = getAuthUrlOrigin();
|
|
@@ -789,78 +694,9 @@ function getRouteHandlers(args) {
|
|
|
789
694
|
const headers2 = new Headers();
|
|
790
695
|
headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
791
696
|
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
792
|
-
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
|
|
793
697
|
return new Response(null, { status: 200, headers: headers2 });
|
|
794
698
|
});
|
|
795
699
|
}
|
|
796
|
-
function setActiveOrgHandler(req) {
|
|
797
|
-
return __async(this, null, function* () {
|
|
798
|
-
var _a;
|
|
799
|
-
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
800
|
-
const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
|
|
801
|
-
if (!oldRefreshToken) {
|
|
802
|
-
const headers2 = new Headers();
|
|
803
|
-
headers2.append(
|
|
804
|
-
"Set-Cookie",
|
|
805
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
|
|
806
|
-
);
|
|
807
|
-
return new Response(null, { status: 401, headers: headers2 });
|
|
808
|
-
}
|
|
809
|
-
if (!activeOrgId) {
|
|
810
|
-
return new Response(null, { status: 400 });
|
|
811
|
-
}
|
|
812
|
-
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
|
813
|
-
if (refreshResponse.error === "unexpected") {
|
|
814
|
-
throw new Error("Unexpected error while setting active org id");
|
|
815
|
-
} else if (refreshResponse.error === "unauthorized") {
|
|
816
|
-
return new Response("Unauthorized", { status: 401 });
|
|
817
|
-
}
|
|
818
|
-
const refreshToken = refreshResponse.refreshToken;
|
|
819
|
-
const accessToken = refreshResponse.accessToken;
|
|
820
|
-
const authUrlOrigin = getAuthUrlOrigin();
|
|
821
|
-
const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
|
|
822
|
-
const response = yield fetch(path, {
|
|
823
|
-
headers: {
|
|
824
|
-
"Content-Type": "application/json",
|
|
825
|
-
Authorization: "Bearer " + accessToken
|
|
826
|
-
}
|
|
827
|
-
});
|
|
828
|
-
if (response.ok) {
|
|
829
|
-
const userFromToken = yield validateAccessToken(accessToken);
|
|
830
|
-
const data = yield response.json();
|
|
831
|
-
const jsonResponse = {
|
|
832
|
-
userinfo: data,
|
|
833
|
-
accessToken,
|
|
834
|
-
impersonatorUserId: userFromToken.impersonatorUserId,
|
|
835
|
-
activeOrgId
|
|
836
|
-
};
|
|
837
|
-
const headers2 = new Headers();
|
|
838
|
-
headers2.append(
|
|
839
|
-
"Set-Cookie",
|
|
840
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
841
|
-
);
|
|
842
|
-
headers2.append(
|
|
843
|
-
"Set-Cookie",
|
|
844
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
845
|
-
);
|
|
846
|
-
headers2.append(
|
|
847
|
-
"Set-Cookie",
|
|
848
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
|
|
849
|
-
);
|
|
850
|
-
headers2.append("Content-Type", "application/json");
|
|
851
|
-
return new Response(JSON.stringify(jsonResponse), {
|
|
852
|
-
status: 200,
|
|
853
|
-
headers: headers2
|
|
854
|
-
});
|
|
855
|
-
} else if (response.status === 401) {
|
|
856
|
-
return new Response(null, {
|
|
857
|
-
status: 401
|
|
858
|
-
});
|
|
859
|
-
} else {
|
|
860
|
-
return new Response(null, { status: 500 });
|
|
861
|
-
}
|
|
862
|
-
});
|
|
863
|
-
}
|
|
864
700
|
function getRouteHandler(req, { params }) {
|
|
865
701
|
if (params.slug === "login") {
|
|
866
702
|
return loginGetHandler(req);
|
|
@@ -879,8 +715,6 @@ function getRouteHandlers(args) {
|
|
|
879
715
|
function postRouteHandler(req, { params }) {
|
|
880
716
|
if (params.slug === "logout") {
|
|
881
717
|
return logoutPostHandler(req);
|
|
882
|
-
} else if (params.slug === "set-active-org") {
|
|
883
|
-
return setActiveOrgHandler(req);
|
|
884
718
|
} else {
|
|
885
719
|
return new Response("", { status: 404 });
|
|
886
720
|
}
|