@propelauth/nextjs 0.0.112-beta.1 → 0.0.113

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +2 -40
  2. package/dist/client/index.js +38 -122
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +38 -122
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +2 -34
  7. package/dist/server/app-router/index.js +35 -201
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +35 -201
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +1 -32
  12. package/dist/server/index.js +15 -36
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +15 -36
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +1 -32
  17. package/dist/server/pages/index.js +23 -51
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +23 -51
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/app-router/index.mjs CHANGED
@@ -42,9 +42,8 @@ import { NextResponse } from "next/server.js";
42
42
 
43
43
  // src/user.ts
44
44
  var UserFromToken = class {
45
- constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId) {
45
+ constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
46
46
  this.userId = userId;
47
- this.activeOrgId = activeOrgId;
48
47
  this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
49
48
  this.email = email;
50
49
  this.firstName = firstName;
@@ -54,15 +53,6 @@ var UserFromToken = class {
54
53
  this.impersonatorUserId = impersonatorUserId;
55
54
  this.properties = properties;
56
55
  }
57
- getActiveOrg() {
58
- if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
59
- return void 0;
60
- }
61
- return this.orgIdToOrgMemberInfo[this.activeOrgId];
62
- }
63
- getActiveOrgId() {
64
- return this.activeOrgId;
65
- }
66
56
  getOrg(orgId) {
67
57
  if (!this.orgIdToOrgMemberInfo) {
68
58
  return void 0;
@@ -95,7 +85,9 @@ var UserFromToken = class {
95
85
  const obj = JSON.parse(json);
96
86
  const orgIdToOrgMemberInfo = {};
97
87
  for (const orgId in obj.orgIdToOrgMemberInfo) {
98
- orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
88
+ orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
89
+ JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
90
+ );
99
91
  }
100
92
  return new UserFromToken(
101
93
  obj.userId,
@@ -109,29 +101,6 @@ var UserFromToken = class {
109
101
  obj.properties
110
102
  );
111
103
  }
112
- static fromJwtPayload(payload) {
113
- let activeOrgId;
114
- let orgIdToOrgMemberInfo;
115
- if (payload.org_member_info) {
116
- activeOrgId = payload.org_member_info.org_id;
117
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
118
- } else {
119
- activeOrgId = void 0;
120
- orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
121
- }
122
- return new UserFromToken(
123
- payload.user_id,
124
- payload.email,
125
- orgIdToOrgMemberInfo,
126
- payload.first_name,
127
- payload.last_name,
128
- payload.username,
129
- payload.legacy_user_id,
130
- payload.impersonatorUserId,
131
- payload.properties,
132
- activeOrgId
133
- );
134
- }
135
104
  };
136
105
  var OrgMemberInfo = class {
137
106
  constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -180,7 +149,17 @@ var OrgMemberInfo = class {
180
149
  }
181
150
  };
182
151
  function toUser(snake_case) {
183
- return UserFromToken.fromJwtPayload(snake_case);
152
+ return new UserFromToken(
153
+ snake_case.user_id,
154
+ snake_case.email,
155
+ toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
156
+ snake_case.first_name,
157
+ snake_case.last_name,
158
+ snake_case.username,
159
+ snake_case.legacy_user_id,
160
+ snake_case.impersonatorUserId,
161
+ snake_case.properties
162
+ );
184
163
  }
185
164
  function toOrgIdToOrgMemberInfo(snake_case) {
186
165
  if (snake_case === void 0) {
@@ -252,17 +231,12 @@ function getVerifierKey() {
252
231
  }
253
232
  return verifierKey.replace(/\\n/g, "\n");
254
233
  }
255
- function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
234
+ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
256
235
  return __async(this, null, function* () {
257
236
  const body = {
258
237
  refresh_token: refreshToken
259
238
  };
260
- const queryParams = new URLSearchParams();
261
- if (activeOrgId) {
262
- queryParams.set("with_active_org_support", "true");
263
- queryParams.set("active_org_id", activeOrgId);
264
- }
265
- const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
239
+ const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
266
240
  const response = yield fetch(url, {
267
241
  method: "POST",
268
242
  body: JSON.stringify(body),
@@ -274,7 +248,10 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
274
248
  if (response.ok) {
275
249
  const data = yield response.json();
276
250
  const newRefreshToken = data.refresh_token;
277
- const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
251
+ const {
252
+ access_token: accessToken,
253
+ expires_at_seconds: expiresAtSeconds
254
+ } = data.access_token;
278
255
  return {
279
256
  refreshToken: newRefreshToken,
280
257
  accessToken,
@@ -335,9 +312,6 @@ function validateAccessToken(accessToken) {
335
312
  });
336
313
  }
337
314
 
338
- // src/shared.ts
339
- var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
340
-
341
315
  // src/server/app-router.ts
342
316
  function getUserOrRedirect() {
343
317
  return __async(this, null, function* () {
@@ -352,7 +326,8 @@ function getUserOrRedirect() {
352
326
  }
353
327
  function getUser() {
354
328
  return __async(this, null, function* () {
355
- const accessToken = getAccessToken();
329
+ var _a;
330
+ const accessToken = headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
356
331
  if (accessToken) {
357
332
  const user = yield validateAccessTokenOrUndefined(accessToken);
358
333
  if (user) {
@@ -363,12 +338,14 @@ function getUser() {
363
338
  });
364
339
  }
365
340
  function getAccessToken() {
366
- var _a;
367
- return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
341
+ return __async(this, null, function* () {
342
+ var _a;
343
+ return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
344
+ });
368
345
  }
369
346
  function authMiddleware(req) {
370
347
  return __async(this, null, function* () {
371
- var _a, _b, _c;
348
+ var _a, _b;
372
349
  if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
373
350
  throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
374
351
  } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
@@ -376,7 +353,6 @@ function authMiddleware(req) {
376
353
  }
377
354
  const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
378
355
  const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
379
- const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
380
356
  if (accessToken) {
381
357
  const user = yield validateAccessTokenOrUndefined(accessToken);
382
358
  if (user) {
@@ -384,7 +360,7 @@ function authMiddleware(req) {
384
360
  }
385
361
  }
386
362
  if (refreshToken) {
387
- const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
363
+ const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
388
364
  if (response.error === "unexpected") {
389
365
  throw new Error("Unexpected error while refreshing access token");
390
366
  } else if (response.error === "unauthorized") {
@@ -445,7 +421,7 @@ function getRouteHandlers(args) {
445
421
  }
446
422
  function callbackGetHandler(req) {
447
423
  return __async(this, null, function* () {
448
- var _a, _b, _c;
424
+ var _a, _b;
449
425
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
450
426
  if (!oauthState || oauthState.length !== 64) {
451
427
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -481,49 +457,6 @@ function getRouteHandlers(args) {
481
457
  console.error("postLoginRedirectPathFn returned undefined");
482
458
  return new Response("Unexpected error", { status: 500 });
483
459
  }
484
- const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
485
- const user = yield validateAccessToken(accessToken);
486
- const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
487
- let activeOrgId = void 0;
488
- if (isUserInCurrentActiveOrg) {
489
- activeOrgId = currentActiveOrgId;
490
- } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
491
- activeOrgId = args.getDefaultActiveOrgId(req, user);
492
- }
493
- if (activeOrgId) {
494
- const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
495
- if (response2.error === "unexpected") {
496
- throw new Error("Unexpected error while setting active org");
497
- } else if (response2.error === "unauthorized") {
498
- console.error(
499
- "Unauthorized error while setting active org. Your user may not have access to this org"
500
- );
501
- return new Response("Unauthorized", { status: 401 });
502
- } else {
503
- const headers3 = new Headers();
504
- headers3.append("Location", returnToPath);
505
- headers3.append(
506
- "Set-Cookie",
507
- `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
508
- );
509
- headers3.append(
510
- "Set-Cookie",
511
- `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
512
- );
513
- headers3.append(
514
- "Set-Cookie",
515
- `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
516
- );
517
- headers3.append(
518
- "Set-Cookie",
519
- `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
520
- );
521
- return new Response(null, {
522
- status: 302,
523
- headers: headers3
524
- });
525
- }
526
- }
527
460
  const headers2 = new Headers();
528
461
  headers2.append("Location", returnToPath);
529
462
  headers2.append(
@@ -534,10 +467,6 @@ function getRouteHandlers(args) {
534
467
  "Set-Cookie",
535
468
  `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
536
469
  );
537
- headers2.append(
538
- "Set-Cookie",
539
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
540
- );
541
470
  headers2.append(
542
471
  "Set-Cookie",
543
472
  `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -558,11 +487,10 @@ function getRouteHandlers(args) {
558
487
  }
559
488
  function userinfoGetHandler(req) {
560
489
  return __async(this, null, function* () {
561
- var _a, _b;
490
+ var _a;
562
491
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
563
- const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
564
492
  if (oldRefreshToken) {
565
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
493
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
566
494
  if (refreshResponse.error === "unexpected") {
567
495
  throw new Error("Unexpected error while refreshing access token");
568
496
  } else if (refreshResponse.error === "unauthorized") {
@@ -575,10 +503,6 @@ function getRouteHandlers(args) {
575
503
  "Set-Cookie",
576
504
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
577
505
  );
578
- headers3.append(
579
- "Set-Cookie",
580
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
581
- );
582
506
  return new Response("Unauthorized", { status: 401, headers: headers3 });
583
507
  }
584
508
  const refreshToken = refreshResponse.refreshToken;
@@ -597,8 +521,7 @@ function getRouteHandlers(args) {
597
521
  const jsonResponse = {
598
522
  userinfo: data,
599
523
  accessToken,
600
- impersonatorUserId: userFromToken.impersonatorUserId,
601
- activeOrgId
524
+ impersonatorUserId: userFromToken.impersonatorUserId
602
525
  };
603
526
  const headers3 = new Headers();
604
527
  headers3.append(
@@ -624,10 +547,6 @@ function getRouteHandlers(args) {
624
547
  "Set-Cookie",
625
548
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
626
549
  );
627
- headers3.append(
628
- "Set-Cookie",
629
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
630
- );
631
550
  return new Response(null, {
632
551
  status: 401,
633
552
  headers: headers3
@@ -639,13 +558,12 @@ function getRouteHandlers(args) {
639
558
  const headers2 = new Headers();
640
559
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
641
560
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
642
- headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
643
561
  return new Response(null, { status: 401 });
644
562
  });
645
563
  }
646
564
  function logoutGetHandler(req) {
647
565
  return __async(this, null, function* () {
648
- var _a, _b;
566
+ var _a;
649
567
  const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
650
568
  if (!path) {
651
569
  console.error("postLoginPathFn returned undefined");
@@ -663,17 +581,12 @@ function getRouteHandlers(args) {
663
581
  "Set-Cookie",
664
582
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
665
583
  );
666
- headers2.append(
667
- "Set-Cookie",
668
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
669
- );
670
584
  return new Response(null, {
671
585
  status: 302,
672
586
  headers: headers2
673
587
  });
674
588
  }
675
- const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
676
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
589
+ const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
677
590
  if (refreshResponse.error === "unexpected") {
678
591
  console.error("Unexpected error while refreshing access token");
679
592
  return new Response("Unexpected error", { status: 500 });
@@ -688,10 +601,6 @@ function getRouteHandlers(args) {
688
601
  "Set-Cookie",
689
602
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
690
603
  );
691
- headers2.append(
692
- "Set-Cookie",
693
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
694
- );
695
604
  return new Response(null, {
696
605
  status: 302,
697
606
  headers: headers2
@@ -720,10 +629,6 @@ function getRouteHandlers(args) {
720
629
  "Set-Cookie",
721
630
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
722
631
  );
723
- headers3.append(
724
- "Set-Cookie",
725
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
726
- );
727
632
  return new Response(null, { status: 200, headers: headers3 });
728
633
  }
729
634
  const authUrlOrigin = getAuthUrlOrigin();
@@ -748,78 +653,9 @@ function getRouteHandlers(args) {
748
653
  const headers2 = new Headers();
749
654
  headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
750
655
  headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
751
- headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
752
656
  return new Response(null, { status: 200, headers: headers2 });
753
657
  });
754
658
  }
755
- function setActiveOrgHandler(req) {
756
- return __async(this, null, function* () {
757
- var _a;
758
- const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
759
- const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
760
- if (!oldRefreshToken) {
761
- const headers2 = new Headers();
762
- headers2.append(
763
- "Set-Cookie",
764
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
765
- );
766
- return new Response(null, { status: 401, headers: headers2 });
767
- }
768
- if (!activeOrgId) {
769
- return new Response(null, { status: 400 });
770
- }
771
- const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
772
- if (refreshResponse.error === "unexpected") {
773
- throw new Error("Unexpected error while setting active org id");
774
- } else if (refreshResponse.error === "unauthorized") {
775
- return new Response("Unauthorized", { status: 401 });
776
- }
777
- const refreshToken = refreshResponse.refreshToken;
778
- const accessToken = refreshResponse.accessToken;
779
- const authUrlOrigin = getAuthUrlOrigin();
780
- const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
781
- const response = yield fetch(path, {
782
- headers: {
783
- "Content-Type": "application/json",
784
- Authorization: "Bearer " + accessToken
785
- }
786
- });
787
- if (response.ok) {
788
- const userFromToken = yield validateAccessToken(accessToken);
789
- const data = yield response.json();
790
- const jsonResponse = {
791
- userinfo: data,
792
- accessToken,
793
- impersonatorUserId: userFromToken.impersonatorUserId,
794
- activeOrgId
795
- };
796
- const headers2 = new Headers();
797
- headers2.append(
798
- "Set-Cookie",
799
- `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
800
- );
801
- headers2.append(
802
- "Set-Cookie",
803
- `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
804
- );
805
- headers2.append(
806
- "Set-Cookie",
807
- `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
808
- );
809
- headers2.append("Content-Type", "application/json");
810
- return new Response(JSON.stringify(jsonResponse), {
811
- status: 200,
812
- headers: headers2
813
- });
814
- } else if (response.status === 401) {
815
- return new Response(null, {
816
- status: 401
817
- });
818
- } else {
819
- return new Response(null, { status: 500 });
820
- }
821
- });
822
- }
823
659
  function getRouteHandler(req, { params }) {
824
660
  if (params.slug === "login") {
825
661
  return loginGetHandler(req);
@@ -838,8 +674,6 @@ function getRouteHandlers(args) {
838
674
  function postRouteHandler(req, { params }) {
839
675
  if (params.slug === "logout") {
840
676
  return logoutPostHandler(req);
841
- } else if (params.slug === "set-active-org") {
842
- return setActiveOrgHandler(req);
843
677
  } else {
844
678
  return new Response("", { status: 404 });
845
679
  }